martedì 26 agosto 2014

FreeBSD: configurazione servizio Subversion - esempio di base

INSTALLAZIONE

root@fbsd1:~ # pkg install subversion
Updating repository catalogue
FreeBSD repository is up-to-date
All repositories are up-to-date
The following 7 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        subversion: 1.8.10
        serf: 1.3.7
        apr: 1.5.1.1.5.3_3
        expat: 2.1.0_1
        sqlite3: 3.8.5_1
        gdbm: 1.11_2
        db48: 4.8.30.0_2

The process will require 32 MB more space
5 MB to be downloaded

Proceed with this action [y/N]: y
Fetching subversion-1.8.10.txz: 100% of 2 MB
Fetching serf-1.3.7.txz: 100% of 76 KB
Fetching apr-1.5.1.1.5.3_3.txz: 100% of 393 KB
Fetching expat-2.1.0_1.txz: 100% of 99 KB
Fetching sqlite3-3.8.5_1.txz: 100% of 654 KB
Fetching gdbm-1.11_2.txz: 100% of 143 KB
Fetching db48-4.8.30.0_2.txz: 100% of 915 KB
Checking integrity... done (0 conflicting)
[1/7] Installing expat-2.1.0_1: 100%
[2/7] Installing gdbm-1.11_2: 100%
[3/7] Installing db48-4.8.30.0_2: 100%
[4/7] Installing apr-1.5.1.1.5.3_3: 100%
[5/7] Installing serf-1.3.7: 100%
[6/7] Installing sqlite3-3.8.5_1: 100%
[7/7] Installing subversion-1.8.10: 100%
root@fbsd1:~ #

CREAZIONE DEL REPOSITORY

root@fbsd1:/m1pool/m1fs # svnadmin create /m1pool/m1fs/repos
root@fbsd1:/m1pool/m1fs #

root@fbsd1:/m1pool/m1fs # grep svn /etc/services
svn             3690/tcp   #Subversion
svn             3690/udp   #Subversion
root@fbsd1:/m1pool/m1fs #

root@fbsd1:/m1pool/m1fs # cd repos
root@fbsd1:/m1pool/m1fs/repos # find .
.
./hooks
./hooks/pre-commit.tmpl
./hooks/pre-revprop-change.tmpl
./hooks/post-lock.tmpl
./hooks/start-commit.tmpl
./hooks/post-unlock.tmpl
./hooks/pre-lock.tmpl
./hooks/pre-unlock.tmpl
./hooks/post-revprop-change.tmpl
./hooks/post-commit.tmpl
./format
./README.txt
./locks
./locks/db-logs.lock
./locks/db.lock
./conf
./conf/hooks-env.tmpl
./conf/svnserve.conf
./conf/authz
./conf/passwd
./db
./db/txn-current
./db/txn-protorevs
./db/write-lock
./db/transactions
./db/uuid
./db/format
./db/txn-current-lock
./db/revs
./db/revs/0
./db/revs/0/0
./db/fsfs.conf
./db/min-unpacked-rev
./db/revprops
./db/revprops/0
./db/revprops/0/0
./db/fs-type
./db/current
root@fbsd1:/m1pool/m1fs/repos #

CONFIGURAZIONE BASE

root@fbsd1:/m1pool/m1fs/repos/conf # mv svnserve.conf svnserve.conf~; cp svnserve.conf~ svnserve.conf
root@fbsd1:/m1pool/m1fs/repos/conf # vi svnserve.conf
root@fbsd1:/m1pool/m1fs/repos/conf # diff svnserve.conf~ svnserve.conf
19,20c19,20
< # anon-access = read
< # auth-access = write
---
> anon-access = none
> auth-access = write
27c27
< # password-db = passwd
---
> password-db = passwd
42c42
< # groups-db = groups
---
> groups-db = groups
47c47
< # realm = My First Repository
---
> realm = Marco Repository
54c54
< # force-username-case = none
---
> force-username-case = none
61c61
< # hooks-env = hooks-env
---
> hooks-env = hooks-env
root@fbsd1:/m1pool/m1fs/repos/conf # ed passwd
309
a
marco = MIAPASSWORD
.
w
326
q
root@fbsd1:/m1pool/m1fs/repos/conf # ed /etc/rc.conf
251
a
svnserve_enable="YES"
svnserve_data="/m1pool/m1fs/repos"
svnserve_flags="-d --listen-port=3690 --listen-host 192.168.0.11"
.
w
374
q
root@fbsd1:/m1pool/m1fs/repos/conf # pw groupadd -n svn -g 90
root@fbsd1:/m1pool/m1fs/repos/conf # pw useradd -n svn -u 90 -g svn -d /nonexistent -s /nonexistent
root@fbsd1:/m1pool/m1fs/repos/conf # chown -R svn:svn /m1pool/m1fs/repos
root@fbsd1:/m1pool/m1fs/repos/conf # service svnserve start
Starting svnserve.
root@fbsd1:/m1pool/m1fs/repos/conf # service svnserve status
svnserve is running as pid 3714.
root@fbsd1:/m1pool/m1fs/repos/conf #

IMPORT DEI DATI

root@fbsd1:/m1pool/m1fs/repos/conf # cd ~marco
root@fbsd1:~marco # svn import src file:///m1pool/m1fs/repos/marco/src -m "import iniziale"
...
Committed revision 1.
root@fbsd1:~marco #


[marco@othersystem ~]$ svn import src/ svn://192.168.0.11/othersys/src -m "initial import"
Authentication realm:  Marco Repository
Password for 'marco': 
Adding         ...

Committed revision 5.
[marco@othersystem ~]$ 

$ svn co svn://192.168.0.11/othersys
Authentication realm:  Marco Repository
Password for 'marco': ********

A    othersys/src
...

Checked out revision 5.
$

RIFERIMENTI

giovedì 14 agosto 2014

FreeBSD: gpg 2.x termina con errore perché non è stato installato pinentry

PROBLEMA

$ gpg ciphered.tar.gpg
gpg: 3DES encrypted data
gpg-agent[1264]: can't connect to the PIN entry module: IPC connect call failed
gpg-agent[1264]: command get_passphrase failed: No pinentry
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
$

SOLUZIONE

root@fbsd1:/home/marco # pkg install pinentry
Updating repository catalogue
FreeBSD repository is up-to-date
All repositories are up-to-date
The following 85 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        pinentry: 0.8.3_1
[...]
        xprop: 1.2.2

The process will require 669 MB more space
128 MB to be downloaded

Proceed with this action [y/N]: n
root@fbsd1:/home/marco # pkg
pkg: not enough arguments
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c ] [-C ] [-R ] [-o var=value]  []


For more information on available commands and options see 'pkg help'.
root@fbsd1:/home/marco # pkg help
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c ] [-C ] [-R ] [-o var=value]  []
[...]

Commands supported:
[...]
        search         Performs a search of package repository catalogues
[...]
root@fbsd1:/home/marco # pkg search pinentry
pinentry-0.8.3_1
pinentry-curses-0.8.3
pinentry-gtk-0.8.3
pinentry-gtk2-0.8.3
pinentry-qt4-0.8.3
root@fbsd1:/home/marco # pkg install pinentry-curses
Updating repository catalogue
FreeBSD repository is up-to-date
All repositories are up-to-date
The following 1 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        pinentry-curses: 0.8.3

The process will require 78 KB more space
30 KB to be downloaded

Proceed with this action [y/N]: y
Fetching pinentry-curses-0.8.3.txz: 100% of 30 KB
Checking integrity... done (0 conflicting)
[1/1] Installing pinentry-curses-0.8.3: 100%
root@fbsd1:/home/marco #

$ gpg ciphered.tar.gpg
gpg: 3DES encrypted data

  lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
  x Enter passphrase                                    x
  x                                                     x
  x                                                     x
  x Passphrase **************************************__ x
  x                                                     x
  x       [OK]                             [Cancel]     x
  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
$ ls
ciphered.tar            ciphered.tar.gpg        prova
$

mercoledì 13 agosto 2014

File server SMB (SAMBA) su filesystem ZFS gestito da FreeBSD su macchina virtuale HyperV

Oggetto dell'articolo

Questo articolo mostra la configurazione di un file server con queste caratteristiche:

  • servizio: SMB,
  • filesystem: ZFS,
  • sistema operativo: FreeBSD 10.0-RELEASE,
  • hardware: virtualizzato Hyper-V (Windows 8 Pro).

Scopo

Lo scopo è quello di archiviare i dati più importanti su un filesystem che prevenga il più possibile la corruzione dei dati, ovvero quanto trattato in questo articolo: arstechnica.com/information-technology/2014/01/bitrot-and-atomic-cows-inside-next-gen-filesystems.

Si tratta di un'istrallazione casalinga. Per me tutta questa infrastruttura serve solo ed esclusivamente per tutelarmi dalla possibilità di corruzione del dato, che verrà quindi replicato più volte e verificato con checksum dal filesystem zfs, ma sullo stesso disco fisico, invece per tutelarmi dall'eventuale rottura del disco fisico farò manualmente ogni tanto una copia di backup del disco virtuale dei dati su dei dischi fisici esterni.

Creazione della macchina virtuale

Ho creato dalla console di gestione di Hyper-V una macchina virtuale con:

  • RAM: 1GB,
  • rete: collegamento a un commutatore virtuale,
  • disco rigido virtuale: a espansione dinamica di 32GB,
  • opzioni di gestione: "Avvia sempre automaticamente questa macchina virtuale".

Installazione e configurazione del sistema operativo

Ho installato FreeBSD sulla macchina virtuale.

Ho creato un utente diverso da root e l'ho aggiunto nel gruppo wheel, in modo poi da poterlo usare per collegarmi alla macchina in SSH e quindi poterla gestire diventando root con il comando su.

Ho modificato la configurazione della scheda di rete come da coreboarder.com/blog/?p=15.

After installing FreeBSD on a Hyper-V machine I had no network connection.
The solution is to modify rc.conf that DHCP will always work on boot
Edit /etc/rc.conf:
Comment the following with a “#”:
ifconfig_YOURNICID
Add the following:
ifconfig_YOURNICID=”SYNCDHCP media 100baseTX mediaopt full-duplex”
Save
Done

Ho riavviato il sistema operativo e una volta risalita la macchina mi ci sono collegato e ho testato la connettività di rete.

Quindi, prendendo spunto da 20.2.1.3. Loader Tunables - The Z File System (ZFS) - FreeBSD Handbook, prendendo però in cosiderazione questo warning:

ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
Consider tuning vm.kmem_size and vm.kmem_size_max in /boot/loader.conf.

Ho impostato queste configurazioni:

root@fbsd1:~ # ed  /boot/loader.conf
a
vm.kmem_size="512M"
vm.kmem_size_max="512M"
vfs.zfs.arc_max="40M"
vfs.zfs.vdev.cache.size="5M"
.
w
q
root@fbsd1:~ #

Quindi ho spento il sistema dalla shell del sistema operativo con il comando poweroff.

Aggiunta disco virtuale per ospitare i dati

Dalla console di gestione di Hyper-V ho aggiunto un disco rigido virtuale, che servirà per ospitare il filesystem ZFS e quindi i dati. L'ho aggiunto sul controller IDE 1, ho scelto di crearlo come VHDX ad espansione dinamica, di 300 GB.

Quindi ho riacceso la macchina virtuale e ho dato il comando "dmesg" per capire il nome del dispositivo aggiunto (il disco rigido virtuale):

dmesg
...
da1 at blkvsc1 bus 0 scbus2 target 1 lun 0
da1:  Fixed Direct Access SCSI-4 device
da1: 300.000MB/s transfers
da1: Command Queueing enabled
da1: 307200MB (629145600 512 byte sectors: 255H 63S/T 39162C)
...

Preparazione dell'area per i dati

Ho creato il pool e il filesystem ZFS, sempre prendendo spunto da 20.2.2.1. Single Disk Pool - The Z File System (ZFS) - FreeBSD Handbook.

root@fbsd1:~ # cd /
root@fbsd1:/ # zpool create m1pool /dev/da1
root@fbsd1:/ # zfs create m1pool/m1fs
root@fbsd1:/ # zfs set copies=3 m1pool/m1fs
root@fbsd1:/ # df -g
Filesystem  1G-blocks Used Avail Capacity  Mounted on
/dev/da0p2         36    2    31     7%    /
devfs               0    0     0   100%    /dev
m1pool            293    0   293     0%    /m1pool
m1pool/m1fs       293    0   293     0%    /m1pool/m1fs
root@fbsd1:/ #

D'ora in avanti per verificare i dati manualmente potrò fare:

root@fbsd1:/ # zpool status m1pool
  pool: m1pool
 state: ONLINE
  scan: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        m1pool      ONLINE       0     0     0
          da1       ONLINE       0     0     0

errors: No known data errors
root@fbsd1:/ # zpool scrub m1pool
root@fbsd1:/ # echo $?
0
root@fbsd1:/ #

Ho creato l'utente da utilizzare con il servizio SMB posizionando la sua home directory nel filesystem ZFS.

root@fbsd1:/m1pool/m1fs # adduser -d /m1pool/m1fs -s nologin -u 1000 -w random
Username: m1user
Full name: Marco SMB Access
Uid [1000]:
Login group [m1user]:
Login group is m1user. Invite m1user into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [nologin]:
Home directory [/m1pool/m1fs/m1user]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [yes]:
Lock out the account after creation? [no]:
Username   : m1user
Password   : 
Full Name  : Marco SMB Access
Uid        : 1000
Class      :
Groups     : m1user
Home       : /m1pool/m1fs/m1user
Home Mode  :
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (m1user) to the user database.
adduser: INFO: Password for (m1user) is: RANDOMPASSWORDISHERE
Add another user? (yes/no): no
Goodbye!
root@fbsd1:/m1pool/m1fs #

Configurazione del servizio SMB (SAMBA)

Prendendo spunto da 28.10. File and Print Services for Microsoft® Windows® Clients (Samba) - FreeBSD Handbook

root@fbsd1:/ # pkg
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.3.6: 100%
Message for pkg-1.3.6:
 If you are upgrading from the old package format, first run:

  # pkg2ng
pkg: not enough arguments
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c ] [-C ] [-R ] [-o var=value]  []


For more information on available commands and options see 'pkg help'.
root@fbsd1:/ # pkg install net/samba36
Updating repository catalogue
Fetching meta.txz: 100% of 940 B
Fetching digests.txz: 100% of 2 MB
Fetching packagesite.txz: 100% of 5 MB

Adding new entries: 100%
Incremental update completed, 23314 packages processed:
0 packages updated, 0 removed and 23314 added.
Updating database digests format: 100%
The following 13 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        samba36: 3.6.24_2
        libsunacl: 1.0
        cups-client: 1.7.3_2
        openldap-client: 2.4.39_1
        tevent: 0.9.21
        python27: 2.7.8_2
        gettext: 0.18.3.1_1
        indexinfo: 0.2
        python2: 2_3
        talloc: 2.1.0
        tdb: 1.2.13,1
        pkgconf: 0.9.6_1
        popt: 1.16

The process will require 194 MB more space
34 MB to be downloaded

Proceed with this action [y/N]: y
Fetching samba36-3.6.24_2.txz: 100% of 21 MB
Fetching libsunacl-1.0.txz: 100% of 8 KB
Fetching cups-client-1.7.3_2.txz: 100% of 760 KB
Fetching openldap-client-2.4.39_1.txz: 100% of 995 KB
Fetching tevent-0.9.21.txz: 100% of 43 KB
Fetching python27-2.7.8_2.txz: 100% of 8 MB
Fetching gettext-0.18.3.1_1.txz: 100% of 2 MB
Fetching indexinfo-0.2.txz: 100% of 6 KB
Fetching python2-2_3.txz: 100% of 2 KB
Fetching talloc-2.1.0.txz: 100% of 48 KB
Fetching tdb-1.2.13,1.txz: 100% of 77 KB
Fetching pkgconf-0.9.6_1.txz: 100% of 23 KB
Fetching popt-1.16.txz: 100% of 62 KB
Checking integrity... done (0 conflicting)
[1/13] Installing indexinfo-0.2: 100%
[2/13] Installing gettext-0.18.3.1_1: 100%
[3/13] Installing python27-2.7.8_2: 100%
[4/13] Installing python2-2_3: 100%
[5/13] Installing talloc-2.1.0: 100%
[6/13] Installing pkgconf-0.9.6_1: 100%
[7/13] Installing libsunacl-1.0: 100%
===> Creating users and/or groups.
Creating group 'cups' with gid '193'.
Creating user 'cups' with uid '193'.
[8/13] Installing cups-client-1.7.3_2: 100%
[9/13] Installing openldap-client-2.4.39_1: 100%
[10/13] Installing tevent-0.9.21: 100%
[11/13] Installing tdb-1.2.13,1: 100%
[12/13] Installing popt-1.16: 100%
[13/13] Installing samba36-3.6.24_2: 100%
root@fbsd1:/ # cp /usr/local/share/examples/samba36/smb.conf.default /usr/local/etc/smb.conf
root@fbsd1:/ # vi /usr/local/etc/smb.conf
(esempio delle modifiche effettuate)
root@fbsd1:/m1pool/m1fs # diff /usr/local/share/examples/samba36/smb.conf.default /usr/local/etc/smb.conf
26c26
<    workgroup = MYGROUP
---
>    workgroup = WORKGROUP
41c41
< ;   hosts allow = 192.168.1. 192.168.2. 127.
---
>    hosts allow = 192.168.0.4 192.168.0.11  127.
45c45
<    load printers = yes
---
>    load printers = no
root@fbsd1:/m1pool/m1fs # echo 'samba_enable="YES"' >> /etc/rc.conf
root@fbsd1:/m1pool/m1fs # service samba start
Removing stale Samba tdb files:  done
Starting nmbd.
Starting smbd.
root@fbsd1:/m1pool/m1fs # smbpasswd -a m1user
New SMB password:
Retype new SMB password:
Added user m1user.
root@fbsd1:/m1pool/m1fs #