Tag Archives: Linux

Simpana 10 – PostgreSQL 8.4 backup on CentOS Linux 5.10 x64 – example

I am going to assume that this is a test deployment and as such will expect that you have installed your CentOS 5.10 x64 Linux the way you want it, and I will follow on from that point on what I needed to perform to get the distribution release of PostgreSQL to work with Simpana 10 PostgreSQL iDA to perform a backup. Of course some assumed knowledge present.

  1. Install the postgresql packages onto your  CentOS client.
    $ sudo yum install postgresql84 postgresql-server postgresql-devel
  2. Startup postgresql server for the first time, you need to run initdb switch instead of start for the first time only.
  3. $ sudo service postgresql initdb
  4. We should also enable the service to run at boot moving forward
    $ sudo chkconfig postgresql on
  5. Before we change the authentication method below, we need to set a password that we know for the postgres user in the postgresql database. To perform this we need to change to the postgres user and connect to postgresql database and update the password for the user to something we know.
    $ sudo su –
    # su – postgres
    $ psql
  6. Now at the postgres prompt update the password for the postgres user, unless you want to make your own. Won’t discuss how, just going to show how to set postgresql user password. Be sure to remember what you set the password too, it will be required later on.
    postgres=# ALTER USER postgres WITH PASSWORD ‘password';
    ALTER ROLE
    postgres=#q
  7. Postgresql packages distributed with CentOS don’t use md5 password authentication, it defaults to peer/ident based authentication. In this example we will flip this to md5 based authentication, and we will touch on a peer/ident based authentication example in a later post. Perform the changes below to enable md5 authentication.
    $ cd /var/lib/pgsql/data
    $ sudo vi pg_hba.conf
    Find the line at the bottom of the file that looks like the one below;
    local     all     all                ident
    You need to change this to have md5 on the end, i.e. replace ident to be md5 instead. Save the changes.
  8. Now restart postgresql for the changes to take effect. (required)
    $ sudo service postgresql stop
    $ sudo service postgresql start
  9. Now you can test that this has worked by execution as root the command below, and when prompted for the postgres user password authenticate using the password set in step 6.
    # psql -U postgres
    If it worked, you will get the famous postgres=# prompt, in which you can enter q [enter] to quit it.
  10. Next up we now need to enable archive logs. We need to edit the postgres.conf file which on CentOS rpm based install is /var/lib/pgsql/data and the lines we need to add in the Archiving section is below;
    archive_mode = on
    archive_command = ‘cp %p /var/postgresql/archive/%f’
    Save those additions and move on below.
  11. Make sure to create the folders/destination used in the archive_command above and ensure postgres user can write to it etc.
  12. Now restart postgresql for the changes to take effect. (required)
    $ sudo service postgresql stop
    $ sudo service postgresql start
  13. Install the Simpana PostgreSQL iDA.
  14. Once installed refresh the Simpana Console and attempt to create your PostgreSQL instance. See the dialog below for the values I used in this configuration. Of course the username is the postgres user and password we configured in step 6. Note the archive log directory is the one we used in the archive_command string at step 10 too.
    simpana_10-centos-5.10_x64-postgresql_instance_creation
  15. If everything goes to plan you should have your instance created and now you can do configuration against the DumpBaseBackupSet subclient and/or FSBasedBackupSet subclient. For the difference between what each does, I recommend you review the documentation. As each backupset has its own unique capabilities. See the bottom of the Backup documentation page for explanations.
  16. Assign a Storage Policy to each subclient and run a backup of each to confirm it works.

CommVault Documentation references:

Simpana 10 – Linux client prepost command execution failure

Came across an interesting condition today, which took me a bit of testing to identify why the job would go into a pending state. This one relates to Simpana 10 on a Linux client where you have a File System iDA with a PrePost command being executed. In my test below the script is doing nothing special, it’s merely to have something to execute to show the behavior. I’ve provided it below purely for reference.

[root@jldb1 bin]# cat pre-scan.sh
#!/bin/sh
# test
#

echo $1 $2 $3 $4 $5 $6 $7 $8 $9 >> /root/pre-scan.log
exit 0

Job goes pending and produced the following errors and output below;

JPR (Job Pending Record)
Error Code: [7:75]
Description: Unable to run [/usr/local/bin/pre-scan.sh] on client.
Source: jwcs, Process: startPrePostCmd

simpana_10-linux-prepost-command-execution-failure

[JobManager.log – commserve]

3024  d88   03/27 18:16:26 21  Scheduler  Set pending cause [Unable to run [/usr/local/bin/pre-scan.sh] on the client.                 ]::Client [jwcs] Application [startPrePostCmd] Message Id [117440587] RCID [0] ReservationId [0].  Level [0] flags [0] id [0] overwrite [0] append [0] CustId[0].
3024  118c  03/27 18:16:26 21  Scheduler  Phase [Failed] message received from jwcs.lab.heimic.net] Module [startPrePostCmd] Token [21:3:1] restartPhase [0]
3024  118c  03/27 18:16:26 21  JobSvr Obj Phase [3-Pre Scan] for Backup Job Failed. Backup will continue with phase [Pre Scan].

[startPrePostCmd.log – commserve]

4940  e4c   03/27 20:21:46 ### Init() - Initializing job control [token=21:3:7,cn=jwcs], serverName [jwcs.lab.heimic.net], ControlFlag [1], Job Id [21]
4940  e4c   03/27 20:21:47 ### Cvcl::init() - CVCL: Running in FIPS Mode
4940  e4c   03/27 20:21:48 ### CVJobCtrlLog::registerProcess(): successfully created file [C:Program FilesCommVaultSimpanaBaseJobControl4.940]
4940  e4c   03/27 20:21:48 ### ::main() - jobId 21 - restoreTaskId = 0
4940  e4c   03/27 20:21:48 ### ::main() - jobId 21 - adminTaskId = 0
4940  e4c   03/27 20:21:48 ### ::getBackupCmdAndMachine() - jobId 21 - before construct application id
4940  e4c   03/27 20:21:49 ### ::getBackupCmdAndMachine() - appTypeId = 29
4940  e4c   03/27 20:21:49 ### ::getBackupCmdAndMachine() - jobId 21 - symbolic AppId = 2:20
4940  e4c   03/27 20:21:49 ### ::getBackupCmdAndMachine() - jobId 21 - prePostId = 1
4940  e4c   03/27 20:21:49 ### ::getBackupCmdAndMachine() - jobId 21 - preifind cmd = /usr/local/bin/pre-scan.sh
4940  e4c   03/27 20:21:49 ### ::main() - jobId 21 - commandPath = /usr/local/bin/pre-scan.sh
4940  e4c   03/27 20:21:49 21  ::main() - jobId 21 - before execute cmd
4940  e4c   03/27 20:21:49 21  ::main() - jobId 21 - Use Local System Acct.
4940  e4c   03/27 20:21:49 21  ::main() - jobId 21 - remoteexename = [/usr/local/bin/pre-scan.sh]
4940  e4c   03/27 20:21:49 21  ::main() - jobId 21 - args = [ -bkplevel 1 -attempt 7 -job 21]
4940  e4c   03/27 20:21:49 21  executePrePostCmd() -  Attempting to execute remote command on client [jldb1]..
4940  e4c   03/27 20:21:49 21  executePrePostCmd() - jobId 21 - Received error text from server cvsession [Unknown Error]
4940  e4c   03/27 20:21:49 21  executePrePostCmd() - jobId 21 - Error [0] returned from executeRemoteCommand /usr/local/bin/pre-scan.sh
4940  e4c   03/27 20:21:49 21  EvEvent::setMsgEventArguments() - MsgId[0x0700004b], Arg[1] = [117440623]
4940  e4c   03/27 20:21:49 21  EvEvent::setMsgEventArguments() - MsgId[0x0700004b], Arg[2] = [/usr/local/bin/pre-scan.sh]
4940  e4c   03/27 20:21:49 21  EvEvent::setMsgEventArguments() - MsgId[0x0700004b], Arg[3] = []
4940  e4c   03/27 20:21:49 21  EvEvent::setMsgEventArguments() - [MsgId[0x0700004b][]: [3] Args Pushed, [1] Args expected.
4940  e4c   03/27 20:21:49 21  ::exitHere() - jobId 21 - Exiting due to failure.
4940  e4c   03/27 20:21:49 21  BKP CALLED COMPLETE (PHASE Status::FAIL), 21. Token [21:3:7]
4940  e4c   03/27 20:21:53 21  ::exitHere() - jobId 21 - startPrePostCmd Terminating Event.
4940  238c  03/27 20:21:53 21  CVJobCtrlLog::unregisterProcess(): successfully removed file [C:Program FilesCommVaultSimpanaBaseJobControl4.940]

[cvd.log – client]

30846 427e0940 03/27 20:21:50 ### [CVipcD] Requests from non-CS with hostname [jwcs.lab.heimic.net] and clientname [jwcs] to execute in user entered path are not allowed

I worked out this problem is caused by lack of value in regkey sCSGUID as found in the location below;

/etc/CommVaultRegistry/Galaxy/Instance001/CommServe/.properties

Sample below;

[root@jldb1 ]# cat /etc/CommVaultRegistry/Galaxy/Instance001/CommServe/.properties | more
bCSConnectivityAvailable 1
sCSCLIENTNAME jwcs
sCSGUID
sCSHOSTNAME jwcs.lab.heimic.net
sCSHOSTNAMEinCSDB jwcs.lab.heimic.net

sCSGUID should be populated and its lack of value causes this condition with pre-scan script execution.

Fix:

Easiest method to recreate this regkey value is to do a local uninstall of the simpana services on the client. Revoke the client certificate in Simpana Console via Control Panel – Certificate Administration for the client in question. Followed by a reinstall.

Observation:

Subclients that have no scripts being executed as part of the backup will run fine if this regkey value is missing. You will never see a problem until you add a script. In addition, clients that have a simpana firewall configuration will be broken and subclients without scripts will break too. As the regkey value is used for simpana firewall configuration exchange I believe based on my testing.

Hope you enjoy my post… drop me a comment if you like the content and/or it helps you.

System security and sudo

Was reading twitter, as I would typically do when in transit. Came across a really good post on sudo[1] and security. Highly recommend having a read.

Check it out here.

Some excellent information contained in the post.

[1] – Sudo (su “do”) allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

Linux installation on SSD

I am going to be installing a Linux desktop onto an SSD drive soon, and I have started to research. If you have done this already and found something you needed to do that was not documented, please drop me a line.

My aim is to setup my Intel i3 Mini-ITX system with a Linux Desktop install (Ubuntu probably) and eventually drop in some more storage, since the case and motherboard could handle 4 more SATA devices, not including the optical and SSD boot drive.

Figured I could end up running for additional storage, services and desktop environment for doing other tasks like maybe get VMware Workstation going so I can run my existing virtual machines.

The current duties it does that requires Windows will move onto a laptop I will purchase at the end of this month, or early next month.

Linux system hardening

I really need to sit down and do some research on Linux System Hardening, as I really want to take a look at any kernel hardening that can be done on the system. i.e. I don’t want users to be able to see who else is on the machine via the output of commands like ‘w’ and ‘who’. I remember grsecurity use to be available to do this, so I should look around to see if this is still valid or do we do it another one.

I did find the following web post about SSH hardening which I enjoyed reading here.

If you’ve done Linux System Hardening recently, chime in on the comments with your experience.

New PC laptop purchase

I was going to build up another mini-ITX desktop, however the more I look at it I am better off buying one of those Dell Outlet Inspirion laptops. As  I end up getting a PC that can be used as a desktop replacement and doesn’t need any more hardware purchased. i.e. keyboard/mouse/monitor. So I am monitoring the outlet site the past week watching what Intel i3 Third generation systems come up and the prices.

The PC laptop will probably run Windows 7 x64 Home (or Windows 8.1 if my work VPN finally ends up supporting it). While my existing mini-ITX desktop (i3/16gb ram) will probably be converted to a Ubuntu desktop, so I can implement lxc containers again and some other workload on it. Really want to get tvheadend setup on it and plug in the USB tuner I was using with my Raspberry Pi. Remember the post here, about that?

If I get some time this weekend one evening going to install a temporary hard disk into my desktop and do a Ubuntu 12.04.4 install and do some messing about to ensure the hardware all detects fine and resolution of monitors works fine. The system uses an Intel HD 4000 onboard, so I hope accelerated video works or that could be a problem.

Looking to purchase the laptop the end of this month or early next month.

Confluence 5.4.2 installation problem – Confluence not starting post install

This is not something I’ve hit before, however this is my first time installing Confluence 5.4.2 x32 on a Exigent VPS account. Post the installation, I got the message indicating that the service has started and you should connect to it to finish the configuration.

However, nothing was found to be running on the default port of 8090, so I checked the catalina.out file in the logs folder to determine what was written. It was showing the lines below;

Error occurred during initialization of VM
Could not reserve enough space for object heap
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.

At this point I figured I needed to change the amount of memory being allocated to java during startup so I went looking to see where this was being set from. Turns out its in the setenv.sh file in the bin folder.

On the first line of the file, change the -Xmx512m to something a little smaller, if your running on a VPS that doesn’t have enough available memory to let it have 512Mb of ram. Save the change and fire it up via “start-confluence.sh” and it should load up fine.

EDIT: It’s safe to say that my low end VPS account cannot really run the Confluence install, as it failed to create the database in MySQL and put the box under serious load due to all memory being consumed, which subsequently pushed out the load average. See below;

top – 09:56:16 up 45 days, 16:50, 3 users, load average: 70.49, 37.55, 15.18
Tasks: 70 total, 3 running, 67 sleeping, 0 stopped, 0 zombie
Cpu(s): 12.1%us, 87.9%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1048576k total, 1048576k used, 0k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached

I gave it a go nonetheless :)

Confluence 5.4.2 x64 installation error

I was attempting an installation of Confluence 5.4.2 x64 from the binary file that can be executed and it failed like below;

root@hostname:/home/username# ./atlassian-confluence-5.4.2-x64.bin
Unpacking JRE …
Starting Installer …
./atlassian-confluence-5.4.2-x64.bin: 466: /home/username/atlassian-confluence-5.4.2-x64.bin.17671.dir/jre/bin/java: not found

I’ve seen this problem before with another product, so I knew immediately what the problem is. It’s due to executing the x64 version on a 32bit Linux.

Go download the 32bit version of the file and execute it. It will work.

Wifidog and Authpuppy

I’ve been trying to get Wifidog and Authpuppy going, however failed to get the end to end solution working.

I was able to get Wifidog installed and compiled. In addition to getting Authpuppy going, but getting them to work together is not working  for me.

I want to use a small pc with dual nics to connect to the local network (which gets out to internet) and the other nic connected to 1 or more Access Points.

The network with the Access Point doesn’t appear to have its traffic intercepted by Wifidog at all, and that’s the bit that I am stuck with currently.