Apache 2.4 mod ldap authnz_ldap debian squeeze closed (connection lost)

It does not work out of the box.

You need to open and edit

/etc/ldap/ldap.conf

and add:

# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt

Let me know if this helped.

Docker cheat-sheet

Docker is great for development, but also, it gives you the superpower of extremely small images to easily move around docker containers.

I need this for personal stuff, but I think it can be useful to others, so let’s share it.

It’s a living list so I’m gonna add here stuff as soon as I need it.

Foreplay (Composer) – a.k.a. Install fest
#Install composer:
sudo apt-get -y install python-pip
sudo pip install docker-compose
Images
#Build an image from a dockerfile in pwd:
docker build --rm=true -t tagname .
#--rm=true -> Remove intermediate containers after a successful build
#-t, --tag=[] -> Name and optionally a tag in the 'name:tag' format
#-f, --file -> Name of the Dockerfile (Default is 'PATH/Dockerfile')
Docker Composer
#Start a container with:
docker-compose up -d
#up -> Create and start containers
#-d -> Detached mode: Run containers in the background,
       print new container names.
       Incompatible with --abort-on-container-exit.
Containers
#Check what's running:
docker ps

#Stop container:
docker stop {containerid}

 

 

Generate, check, debug and convert with OpenSSL

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

  • Generate a new private key and Certificate Signing Request
    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
  • Generate a self-signed certificate
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
  • Generate a certificate signing request (CSR) for an existing private key
    openssl req -out CSR.csr -key privateKey.key -new
  • Generate a CSR and key for a SAN sertificateCreate a config file called req.cnf to use it with openssl like the following:
  • [req] 
    distinguished_name = req_distinguished_name 
    req_extensions = v3_req 
    prompt = no 
    [req_distinguished_name] 
    C = NL 
    ST = NL 
    L = Amsterdam 
    O = Red Light District B.V. 
    OU = IT 
    CN = amsterdamredlights.nl 
    [v3_req] 
    keyUsage = keyEncipherment, dataEncipherment 
    extendedKeyUsage = serverAuth 
    subjectAltName = @alt_names 
    [alt_names] 
    DNS.1 = www.amsterdamredlights.nl 
    DNS.2 = amsterdamredlights.nl 
    DNS.3 = intranet.redlightdistrict.nl

With this file use the following command:

openssl req -new -out redlightsdistrict.nl.csr -newkey rsa:2048 -nodes -sha256 -keyout redlightsdistrict.nlkey.temp -config req.cnf
  • Generate a certificate signing request based on an existing certificate
    openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
  • Remove a passphrase from a private key
    openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands.

  • Check a Certificate Signing Request (CSR)
    openssl req -text -noout -verify -in CSR.csr
  • Check a private key
    openssl rsa -in privateKey.key -check
  • Check a certificate
    openssl x509 -in certificate.crt -text -noout
  • Check a PKCS#12 file (.pfx or .p12)
    openssl pkcs12 -info -in keyStore.p12
  • Check a CA bundle against a certificate
    openssl verify -verbose -purpose sslserver -CAfile <chain file> <cert>
    • Check certificate issuer
openssl x509 -noout -in cert.pem -issuer
    • Check the subject for whom the cert has been issued
openssl x509 -noout -in cert.pem -subject
    • Check validity (dates)
openssl x509 -noout -in cert.pem -dates
    • Check the above 3, all at once
openssl x509 -noout -in cert.pem -issuer -subject -dates
    • Check hash value
 openssl x509 -noout -in cert.pem -hash
    • Check certificate MD5 fingerprint
openssl x509 -noout -in cert.pem -fingerprint

Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

 

Debugging Using OpenSSL

If you are receiving an error that the private doesn’t match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands.

  • Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
    openssl x509 -noout -modulus -in certificate.crt | openssl md5
    openssl rsa -noout -modulus -in privateKey.key | openssl md5
    openssl req -noout -modulus -in CSR.csr | openssl md5
  • Check an SSL connection. All the certificates (including Intermediates) should be displayed
    openssl s_client -connect www.paypal.com:443
  • If the dns hasn’t propagated yet you can use an ip address and a hostname like the following example
$ openssl s_client -connect 127.0.0.1:443 -servername giuseppeurso.net

Converting Using OpenSSL

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS.

  • Convert a DER file (.crt .cer .der) to PEM
    openssl x509 -inform der -in certificate.cer -out certificate.pem
  • Convert a PEM file to DER
    openssl x509 -outform der -in certificate.pem -out certificate.der
  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
    openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
  • Convert a p7b (non binary) certificate to Pem
    openssl pkcs7 -in certificate_file.p7b -print_certs -out cert.pem

    If this throws an error, just open the p7b fiel and replace:

    -----BEGIN PKCS #7 SIGNED DATA-----
    -----END PKCS #7 SIGNED DATA-----
    

    with

    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    • Convert a p7b (binary) certificate to Pem

      You can easily guess whether a certificate is in a binary form by looking at it with for instance the cat command, If it looks garbled it’s binary
      In these cases you should first convert it from binary tand then you can convert it to pem with the previous example. This is how you convert it if binary:

      openssl pkcs7 -inform der -in a.p7b -out a.cer
    • SSL bundle concatenation order for haproxy:
-----BEGIN MY CERTIFICATE-----
-----END MY CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
-----END ROOT CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

 

Originally posted on Sun Jan 13, 2008 at https://www.sslshopper.com/article-most-common-openssl-commands.html expanded, enriched and improved with personal experiences since then.

Incoming search terms:

  • pengertian instalasi perangkat lunak server (53)
  • Apa yang dimaksud instalasi perangkat lunak server (30)
  • كلمة مرور key p12 (16)
  • instalasi perangkat lunak server (15)
  • apa yang dimaksud dengan instalasi perangkat lunak server (6)
  • Apa yang di maksud perangkat lunak server (5)
  • instalasi perangkat lunak server adalah (4)
  • apa yang di maksud instalasi perangkat lunak server (4)
  • apa yang dimaksud instalasi perangkat lunak server? (4)
  • apa yang di maksud dengan instalasi perangkat lunak server (2)

WordPress Moodle integration

A.K.A. WordPress and moodle SSO (Single Sign On).

There are these two very good open source content management and e-learning products:

WordPress

Moodle

I find this a very interesting argument, for this reason i started writing a guide about how to make users authenticate on both systems with a single sign on.

My post is about getting things running smoothly after wordpress updates.

That could be tricky because any updat on wordpress side or on moodle side will overwrite all modification made in order to make the SSO working.

You can take a look at my post about Moodle and WordPress integration.

Let me know if this works for you and what can goes wrong so I can update information there.

Giuseppe

Incoming search terms:

  • perangkat lunak server (45)
  • integraçao wordpress e moodle (1)
  • moodle per wordpress (1)

Installing and configuring Bareos (Bacula fork) with web front-end on Debian Wheezy.

And taking nice backups easy to be restored.

The story is quiet simple: some times ago I would have liked to have a kind of 8 months old backup for a friend of mine, but it was too late. So now, I want backups with a decent retention. So I can go “back in time” and recover files. Another choice could have been Subversion, but I’m going to backup images as well so, for this reason I’ll not take Subversion into consideration.

I’ll proceed with Bareos as it seems to be a Free Software fork of Bacula (so I hope it will be stable and robust as Bacula)  but with features that normally are sold as commercial by the Bacula project team.

I’ll use the Bareos official repository, where to download and install Bareos from.

Components

Bareos is made out of three main components and console:

  • Director
  • Storage Service
  • File Daemon
  • – Console

Not all of these components are needed for a client machine, let’s see what do we need in order to run the each component efficiently and start taking backups.

Before starting I’ll use this fantastic feature offered by Transip: the Snapshot. So if something goes wrong it will be very easy to rollback to the pre-screw-up image.

Some pre-requirements

These are required packages, if you already have them the following command doesn’t hurt.

apt-get -y install mysql-server apache2 php5 php5-mysql sudo

Then I will install their repositories and install Bareos from them like this:

URL=http://download.bareos.org/bareos/release/latest/Debian_7.0/
printf "deb $URL /\n" > /etc/apt/sources.list.d/bareos.list

# add package key
wget -q $URL/Release.key -O- | apt-key add -

apt-get update
apt-get install bareos bareos-database-mysql

If you are going to use the instructions on the Bareos website, please watch out the debian version which now is 6.0. So if you use Wheezy, just change the 6 into 7, as I did. Oh yes and in their example PostgreSQL is used in place of Mysql.

Some configuration to do.

For completing the Bareos configuration, we should setup the database and the tables and so there are some sql files to be executed, but for these files to work we need passwordless access to mysql for root. For some minutes only. If this was mysql5.6+ we could use the special variable –login-path=local, but we are on 5.5 so we can either create a .my_cnf in the root home directory or restarting mysql using the –skip-grant-tables option which will make mysql go with no passwords.

I’ll chose the second one. By the other things, this procedure is very useful in order to reset the mysql password without having a valid mysql account. So what to do is:

  • Stop mysql
  • Restart mysql with the –skip-grant-tables option
  • Run scripts below
  • Kill mysqld_safe
  • Restart Mysql in normal mode using the usual init.d script.
/etc/init.d/mysql stop
/usr/bin/mysqld_safe --skip-grant-tables

At this point you should HIT CTRL+Z so you can continue using your terminal.
When finished you can get back to the mysqld_safe process by typing ‘fg‘ as requested later in this post. (CTRL+Z sends the process in background, ‘fg‘ instead brings it back to ForeGround).

/usr/lib/bareos/scripts/create_bareos_database
/usr/lib/bareos/scripts/make_bareos_tables
/usr/lib/bareos/scripts/grant_bareos_privileges

This last command gives some problems because you started mysql with the skip-grant-tables option so it cannot use those tables for executing queries.

Kill the mysql with –skip-grant-tables, as we don’t need it any more with:

fg
CTRL + C

Open the file /usr/lib/bareos/scripts/grant_mysql_privileges and change the line

if $bindir/mysql $* -uroot  -f <<END-OF-DATA

into

if $bindir/mysql $* -uroot -p -f <<END-OF-DATA

So the password will be requested as user input.

The Director

The file in /etc/bareos-dir.conf contains the main part of the configuration.  The main important sections and some very small explanations of them are:

  • JobDefs
    This defines element in common for two or more job so there is less configuration to write. They can contain almost all is contained in a Job
  • Job
    This define the client to backup, the fileset, the storage to use etc
  • Schedule
    This controls the timing of the jobs, define a schedule with a name here, and then use it by name in Job or JobDefs
  • FileSet
    This define a fileset to be used for a job, then the name of this fileset is used in Job or JobDefs
  • Client
    This define the client by name to be used in Job or JobDefs
  • Storage
    This Defines a storage by name to be used in Job or JobDefs
  • Catalog
    This defines the database where to store information about for example owner and file permissions.
  • Messages
    The Notification configuration
  • Pool
    The way storage devices (tapes or files) are managed.
  • Console
    This configures credentials for using the console and interacting with the director.

What to configure

After a fresh install, there is some basic configuration for Bareos in /etc/bareos. This configuration wants to illustrate how to set up various component but it is also working for making a backup of Bareos itself and the MySQL catalog.

Precisely there are 5 files and each of them has a sample configuration for the director itself in  order to backup both catalog and files.

I want to add pretty much the same thing : mysql database dumps and files coming from web dirs. But before doing this I want to know how much disk space a full backup is going to take so I can configure the storage and so.

1.3G web sites folder/

320M mysql dump of all dbs

So I’m going to need some space too have a long retention. Let’s just start with a ‘normal’ retention then we will always be able to increase  it. But meanwhile we can keep an eye on the backup files created on this side, monitoring their growth and being able so to have an estimation about the initial disk space needed.

I’m not going to use tapes for my backups, but a second machine will store the backups  (as data files) and those backup are nightly transferred on the NAS in my house through a cron job which runs on a NAS running Linux.

Speaking about the web folders and MySQL  here, means speaking about WordPress blogs, like this one, so what they do is basically adding new contents into the database, and new images and media on the disk. So the only part which could be neglected is WordPress itself, but since the disk space taken for those files is infinitely small compared to the images, we are going to backup those files as well, thus, by the way, we will backup plug-ins and themes instead of  having to remember their names. So yes, it is definitely worth to save those file as well.

There are some configuration keys referenced in other configuration files. I’ll keep it consistent so do the same. These are for example, the storage.storage name, the storage.device name the fileset.name and so. The Device is defined in /etc/bareos/bareos-sd.conf, we’ll see later.

This is the Mysql part.

/etc/bareos/bareos-dir.conf

JobDefs {
    Name = MySqlDefs
    Type = Backup
    Level = Incremental
    Accurate = Yes
    Write Bootstrap = "/var/lib/bareos/%c-%n.bsr"
    Fileset = MysqlDumps
    Pool = MysqlPool
    Schedule = "WeeklyCycle"
    Storage = MysqlBackupStorage
    Messages = Standard
    Priority = 10
    Write Bootstrap = "/var/lib/bareos/%c.bsr"
    Write Bootstrap = "|/usr/sbin/bsmtp -h localhost -f \"\(Bareos\) \" -s \"Bootstrap for Job %j\" giuseppe@giuseppeurso.net"
}

Job {
  Name = "BackupMysql"
  Client = "Mysql"
  JobDefs = "MySqlDefs"
}

Client {
  Name = Mysql
  Address = 192.168.0.1
  Password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  File Retention = 30 days            # 30 days
  Job Retention = 6 months            # six months
  AutoPrune = yes                      # Prune expired Jobs/Files
}

Storage {
    Name = MysqlBackupStorage
    # N.B. Use a fully qualified name here
    Address = backupper.mylan.com 
    Password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Device = FileStorageMysql
    Media Type = File
}

FileSet {
   Name = "MysqlDumps"
   Include {
     Options {
       signature = MD5
     }
     File = "/var/backups/server/mysql"
     File = "/etc/mysql/"
   }
}

Pool {
    Name = MysqlPool
    Pool Type = Backup
    Recycle = yes # Bareos can automatically recycle Volumes
    AutoPrune = yes # Prune expired volumes
    Volume Retention = 365 days
    Maximum Volume Bytes = 2G
    Maximum Volumes = 100
}

This is the web folders part with php scripts, images and so.

JobDefs {
 Name = WebDefs
 Type = Backup
 Level = Incremental
 Accurate = Yes
 Write Bootstrap = "/var/lib/bareos/%c-%n.bsr"
 Fileset = Webcopy
 Pool = WebPool
 Schedule = "WeeklyCycle"
 Storage = Web1BackupStorage
 Messages = Standard
 Priority = 10
 Write Bootstrap = "/var/lib/bareos/%c.bsr"
 Write Bootstrap = "|/usr/sbin/bsmtp -h localhost -f \"\(Bareos\) \" -s \"Bootstrap for Job %j\" giuseppe@giuseppeurso.net"
 }

Job {
 Name = "BackupWeb1"
 Client = "Web1"
 JobDefs = "WebDefs"
 }

Client {
 Name = Web1
 Address = 192.168.0.1
 Password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 File Retention = 30 days # 30 days
 Job Retention = 6 months # six months
 AutoPrune = yes # Prune expired Jobs/Files
 }

Storage { 
  Name = Web1BackupStorage
  # N.B. Use a fully qualified name here
  Address = backupper.mylan.com
  Password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  Device = FileStorageWeb
  Media Type = File
 }

FileSet {
 Name = "Webcopy"
    Include {
       Options {
           signature = MD5
        }
        File = "/var/www"
        File = "/etc/apache2/sites-available"
     }
 }

Pool {
 Name = WebPool
 Pool Type = Backup
 Recycle = yes # Bareos can automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 365 days
 Maximum Volume Bytes = 2G
 Maximum Volumes = 100
 }

 

For the storage part we need to edit:

nano /etc/bareos/bareos-0sd.conf

and add one device for mysql backups and one for web backups:

Device {
 Name = FileStorageMysql
 Media Type = File
 Archive Device = /backups/bareos/storage
 LabelMedia = yes; # lets Bareos label unlabeled media
 Random Access = Yes;
 AutomaticMount = yes; # when device opened, read it
 RemovableMedia = no;
 AlwaysOpen = no;
}
Device {
 Name = FileStorageWeb
 Media Type = File
 Archive Device = /backups/bareos/storage
 LabelMedia = yes; # lets Bareos label unlabeled media
 Random Access = Yes;
 AutomaticMount = yes; # when device opened, read it
 RemovableMedia = no;
 AlwaysOpen = no;
}

Installing the client part

The following part is about installing the bareos client on the machine to be backed up. It will expose one service on a tcp port. We will make sure also that the two machines will talk each other using a private network.

We will call this machine, the one to be backed up, “Client”. As we already did for the server, let’s add the Bareos repository to our software package manager:

URL=http://download.bareos.org/bareos/release/latest/Debian_7.0/
printf "deb $URL /\n" > /etc/apt/sources.list.d/bareos.list

# add package key
wget -q $URL/Release.key -O- | apt-key add -

apt-get update
apt-get install bareos-client

At this point we need to configure roles and authentication between components to make it work and for this purpose the following image stolen from the bareos project website is very useful:

bareos-components-autentication

This image made very easy understanding who is who. In the case of the client we should take into consideration just the bareos-fd part.

At this point i restart the services on the server machine and on the client machine.

On server:

/etc/init.d/bareos-fd restart
/etc/init.d/bareos-sd restart
/etc/init.d/bareos-dir restart

And on Client

/etc/init.d/bareos-fd restart

Then I can use the bconsole to check what’s going on, it’s very easy, just enter into bconsole typing ‘bconsole’ and then ‘help’

bconsole
Connecting to Director eventhorizon:9101
Enter a period to cancel a command.
*help
 Command Description
 ======= ===========
 add Add media to a pool
 autodisplay Autodisplay console messages
 automount Automount after label
 cancel Cancel a job
 create Create DB Pool from resource
 delete Delete volume, pool or job
 disable Disable a job
 enable Enable a job
 estimate Performs FileSet estimate, listing gives full listing
 exit Terminate Bconsole session
 export Export volumes from normal slots to import/export slots
 gui Non-interactive gui mode
 help Print help on specific command
 import Import volumes from import/export slots to normal slots
 label Label a tape
 list List objects from catalog
 llist Full or long list like list command
 messages Display pending messages
 memory Print current memory usage
 mount Mount storage
 move Move slots in an autochanger
 prune Prune records from catalog
 purge Purge records from catalog
 quit Terminate Bconsole session
 query Query catalog
 restore Restore files
 relabel Relabel a tape
 release Release storage
 reload Reload conf file
 rerun Rerun a job
 run Run a job
 status Report status
 setbandwidth Sets bandwidth
 setdebug Sets debug level
 setip Sets new client address -- if authorized
 show Show resource records
 sqlquery Use SQL to query catalog
 time Print current time
 trace Turn on/off trace to file
 unmount Unmount storage
 umount Umount - for old-time Unix guys, see unmount
 update Update volume, pool or stats
 use Use specific catalog
 var Does variable expansion
 version Print Director version
 wait Wait until no jobs are running
When at a prompt, entering a period cancels the command.
You have messages.
*

The web front-end

Let’s find a convenient location where to download webacula and download it.

cd /var/tmp
svn co https://github.com/tim4dev/webacula webacula

This last command will download the entire svn of webacula. So we will use the latest version contained. First thing: make a folder for webacula under /var/www and then copy some folders into this folder

mkdir -p /var/www/webacula
cp -pr /var/tmp/webacula/trunk/html /var/www/webacula/
cp -pr /var/tmp/webacula/trunk/application /var/www/webacula/
cp -pr /var/tmp/webacula/trunk/data /var/www/webacula/
cp -pr /var/tmp/webacula/trunk/docs /var/www/webacula/
cp -pr /var/tmp/webacula/trunk/install /var/www/webacula/
cp -pr /var/tmp/webacula/trunk/languages /var/www/webacula/
cp -pr /var/tmp/webacula/trunk/library /var/www/webacula/
chown -R www-data.www-data /var/www/webacula
usermod -aG bareos www-data
chown root:bareos /usr/sbin/bconsole
chmod u=rw,g=r,o= /etc/bareos/bconsole.conf
cp /var/tmp/webacula/trunk/install/apache/webacula.conf /etc/apache2/sites-available/webacula.conf
sed -i 's/\/usr\/share/\/var\/www/' /etc/apache2/sites-available/webacula.conf
a2ensite webacula.conf
a2enmod rewrite
service apache2 restart
[Sat Dec 28 03:56:51 2013] [warn] module rewrite_module is already loaded, skipping
apache2: Syntax error on line 268 of /etc/apache2/apache2.conf: Syntax error on line 18 of /etc/apache2/sites-enabled/webacula.conf: /etc/apache2/sites-enabled/webacula.conf:18: <Directory> was not closed.
Action 'configtest' failed.
The Apache error log may have more information.
failed!

Don’t worry about the last error, I reported it here because probably a lot of people will have this problem with the tag 5.5.1 of Webacula. There is an easy fix which is adding a ‘<‘ to the /etc/apache2/sites-enabled/webacula.conf file. Quiet easy. this is where to add it:

There is one line starting by

/Directory>

Note the missing opening ‘<‘ , Instead of

</Directory>

This is what we need to change in order to fix the problem. Once done, save and reload Apache2 configuration with:

/etc/init.d/apache2 reload

Now we need to make the user www-data capable to run the bconsole, in order to be able to read and write data. For this reason we need Sudo, so let’s install it and then we can add www-data to the sudoers file with a specific command.

apt-get install sudo
visudo

Add this line under the root one

www-data ALL=NOPASSWD: /usr/sbin/bconsole

At this point we need to download and install the Zend PHP framework minimal edition to make Webacula work. So download ZendFramework-1.12.3-minimal.tar.gz (check for the version number)  from http://www.zend.com/en/company/community/downloads. You will need a login (I know it sucks). Put it on /var/tmp

cd /var/tmp
tar -xzf ZendFramework-1.12.3-minimal.tar.gz
cp -pr /var/tmp/ZendFramework-1.12.3-minimal/library/Zend /var/www/webacula/library/Zend/

edit and configure the following file:

nano /var/www/webacula/application/config.ini

Remember to change

bacula.bconsole = "/sbin/bconsole"

into

bacula.bconsole = "/usr/sbin/bconsole"

And

bacula.bconsolecmd = "-n -c /etc/bacula/bconsole.conf"

into

bacula.bconsolecmd = "-n -c /etc/bareos/bconsole.conf"

Now it’s time to configure a database access for webacula. For this the developers provide us with some scripts. There is a configuration to be edited with database name, database password for root, before running the scripts:

nano /usr/src/webacula/trunk/install/db.conf
cd usr/src/webacula/trunk/install/MySql/
./10_make_tables.sh
./20_acl_make_tables.sh

There is one more thing to be fixed in order to make webacula run. Theoretically we have done now and we “should” be able to run our webapp at the address http://server/webacula. But, depending on your error reporting configuration for php, our result here will vary from a white page and an error page. I had a white one so i had to take a look at the error loga to see what was going on. The error log reported:

[Sat Dec 28 12:48:23 2013] [error] [client 10.0.0.1] PHP Fatal error:  Uncaught exception 'Zend_Exception' with message 'Bacula version mismatch for the Catalog database. Wanted 12, got 2001. ' in /var/www/webacula/html/index.php:186\nStack trace:\n#0 {main}\n  thrown in /var/www/webacula/html/index.php on line 186

This is probably due to the different versioning numbers going on between Bacula and Bareos. You will be tempted to  fix this from the database table “Version” which seems to be there exactly for this reason, but don’t because remember also bareos components use the database and they probably check that field as well (i did it actually, this is why I’m so damn sure). The solution is here https://github.com/bareos/contrib-webacula/blob/bareos-master/application/config.ini and I shouldn’t have used a tag… anyway, just open index.php and look for this line

define('BACULA_VERSION', 12); // Bacula Catalog version

And replace it with this one

define('BACULA_VERSION', 2001); // Bacula Catalog version

Before you start using bareos you have to lable the Volumes using the bconsole. The following is an example made with the configuration explained here:

bconsole 
Connecting to Director eventhorizon:9101
Enter a period to cancel a command.
*label
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
The defined Storage resources are:
 1: File
 2: MysqlBackupStorage
 3: Web1BackupStorage
Select Storage resource (1-3): 1
FileStorage
Defined Pools:
 1: Default
 2: File
 3: Scratch
 4: MysqlPool
 5: WebPool
Select the Pool (1-5): 1
Connecting to Storage daemon File at eventhorizon.giuseppeurso.net:9103 ...
Sending label command for Volume "FileStorage" Slot 0 ...
3000 OK label. VolBytes=211 Volume="FileStorage" Device="FileStorage" (/backups/bareos)
Catalog record for Volume "FileStorage", Slot 0 successfully created.
Requesting to mount FileStorage ...
3906 File device ""FileStorage" (/backups/bareos)" is always mounted.
You have messages.
*label
The defined Storage resources are:
 1: File
 2: MysqlBackupStorage
 3: Web1BackupStorage
Select Storage resource (1-3): 2
Enter new Volume name: MysqlStorage
Defined Pools:
 1: Default
 2: File
 3: Scratch
 4: MysqlPool
 5: WebPool
Select the Pool (1-5): 4
Connecting to Storage daemon MysqlBackupStorage at 192.168.0.2:9103 ...
Sending label command for Volume "MysqlStorage" Slot 0 ...
3000 OK label. VolBytes=214 Volume="MysqlStorage" Device="FileStorageMysql" (/var/lib/bareos/storage)
Catalog record for Volume "MysqlStorage", Slot 0 successfully created.
Requesting to mount FileStorageMysql ...
3906 File device ""FileStorageMysql" (/var/lib/bareos/storage)" is always mounted.
*label
The defined Storage resources are:
 1: File
 2: MysqlBackupStorage
 3: Web1BackupStorage
Select Storage resource (1-3): 1
Enter new Volume name: Web1Storage
Defined Pools:
 1: Default
 2: File
 3: Scratch
 4: MysqlPool
 5: WebPool
Select the Pool (1-5): 5
Connecting to Storage daemon File at eventhorizon.giuseppeurso.net:9103 ...
Sending label command for Volume "Web1Storage" Slot 0 ...
3000 OK label. VolBytes=211 Volume="Web1Storage" Device="FileStorage" (/backups/bareos)
Catalog record for Volume "Web1Storage", Slot 0 successfully created.
Requesting to mount FileStorage ...
3906 File device ""FileStorage" (/backups/bareos)" is always mounted.
*label
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
The defined Storage resources are:
     1: File
     2: MysqlBackupStorage
     3: Web1BackupStorage
Select Storage resource (1-3): 1
Enter new Volume name: FileSTorage
Defined Pools:
     1: Default
     2: File
     3: Scratch
     4: MysqlPool
     5: WebPool
Select the Pool (1-5): 2
Connecting to Storage daemon File at eventhorizon.giuseppeurso.net:9103 ...
Sending label command for Volume "FileSTorage" Slot 0 ...
3000 OK label. VolBytes=208 Volume="FileSTorage" Device="FileStorage" (/backups/bareos)
Catalog record for Volume "FileSTorage", Slot 0  successfully created.
Requesting to mount FileStorage ...
3001 OK mount requested. Device="FileStorage" (/backups/bareos)
*quit

You will get also this error:

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'Media.VolParts' in 'field list'

I honestly don’t know what that field is supposed to contain but I want my app to work so I just create that field as a varchar 255 like this:

 mysql -uroot -p -e "use bareos; alter table Media add VolParts varchar (255);"

This should be all. Now point yur browser to the address where webacula is supposed to answer and check if you see the login prompt like this:

webacula_login_form

 

Username is root, the password is the one you choose while configuring the sql install script

That’s it. If you have comments or questions, please just use the form below this article.

Ciao

 

P.S.

I want to add this information: In this post I used fictional names for machines and for machines addresses. So I had some trouble once put this configuration working and I spotted a couple of typos and I had to fix the various passwords in various configuration files.

This image illustrates better:

webacula-after-tuning

This was Installing and configuring Bareos on Debian squeeze/wheezy with web front-end

Incoming search terms:

  • bareos (19)
  • bareos raspberry pi (3)
  • install bareos server (2)
  • url bareos webgui apache2 (2)
  • bareos win client (2)
  • bareos ubuntu (2)
  • bareos repository ubuntu (2)
  • bareos test configuration (1)
  • raspbian bareos (1)
  • postgresql tuning bareos (1)

Raspberry pi Raspbian checking for SSL libraries… configure: error: Cannot find ssl libraries

Compile error? ./configure on raspberry gives following eror.

This will solve:

 --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/arm-linux-gnueabihf/

Incoming search terms:

  • Cannot find ssl libraries raspi (1)

How to install VBox Guest Additions to a Debian Vm

Screenshot-VirtualBox - AboutHere is how i installed Virtual Box guest additions to my Debian Virtual Machine. This is in a bigger project so i can produce my own Vagrant boxes with any operating system i want. Also this is a good practice when a new Virtual Machine is installed.

First of all start you Vm from the Virtualbox GUI.

Once the Vm has sarted, click on the menu “devices” present on the running Vm window, and select “Install Guest Additions…”. Continue reading “How to install VBox Guest Additions to a Debian Vm”

Incoming search terms:

  • debian virtualbox guest additions (1)
  • https://blog giuseppeurso net/language/pt/how-to-install-vbox-guest-addition-to-a-debian-vm/ (1)
  • virtualbox debian vboxlinuxadditions установка (1)
  • дополнение гостевой ос virtualbox debian (1)
  • дополнение гостивой os debian (1)

[personal log] Tomcat 6 with apache2 as reverse proxy on one or more Virtual Hosts

Tomcat-logo.svg
As reported on the my other article about Hippo Open Source CMS i will start a fresh install of tomcat 6.

If you need to do the same as me, read on this article until the end.

First thing to do is to remove the tomcat6 installation made by using aptitude.
Continue reading “[personal log] Tomcat 6 with apache2 as reverse proxy on one or more Virtual Hosts”

Incoming search terms:

  • localhost8080/sitetest2 (1)

Exploring Open Source CMS: Hippo

Hippo-cms-logoI’m going to test out some relevant Content Management System from the Open Source planet. This time i will try to install and configure Hippo Cms. Since I already tried almost all famous CMS written in php, this time we will take a look to this one, written in Java.

About Java: first time i came to speak about Java, a tremendous miskate was made. In fact while my interlocutor was speaking about Java as a Server-sided tech, i was speaking about the client part, the one i don’t like at all, and actually all considered, is slow, subject of contiuous updates, quiet bothering i mean. And my recentest memory about this is the callcenter dudes who had to manage oracle forms through a java web GUI: a nightmare!.

Anyway, as we all know, “the good is oft(en) interred with their bones“… so let it be with java for clients and let’s start seeing what do I need in order to start serving jsp from my machine. Continue reading “Exploring Open Source CMS: Hippo”