RHEL6 Linux Family Server

Inhalt

Setting up a „Family Server“ on RHEL 6.x:

These are personal notes for myself to remember things, but they might serve others as well. This document is licensed under Creative Commons Licence 3.0 BY-SA.

Sientific Linux (SL) is a free clone of RHEL6, just like CentOS. It will be used for the scope of this document, but you can use either one.

The following document covers installation of

MythTV: Server for watching and recording TV
Mythweb with apache webserver for remote administation of MythTV
BackupPC: a serverside Backup Demon that can backup Win and Linux Clients
VitualBox:  virtual PC emulator for running a virtual WinXP
Realcrypt: free Truecypt for encrypting some Backups
ZFS-on-Linux: the perfect filesystem for large-scale data storage (e.g. media files)

 

 

1. Misc

Install the base system and basics apps of your choice, e.g. your favourite editor

1.1 Configure Users and Groups

As you would normaly do. Configure sudoers.

1.2 Configure Storage

1.2.1 Import Raid5

#My Raid is already set up

add to /etc/mdadm.conf (without quotes):

“ARRAY /dev/md0 level=raid5 num-devices=5 metadata=00.90 UUID=5af33dbb:4984653a:73c58c98:29ed513f”
sudo mdadm --assemble /dev/md0
sudo vgchange -ay vg1
sudo vgchange -a n vg1
reboot
  • Devices of Vg1 should now automatically show up after reboot
  • mkdir /store and /media/Mediathek and change permissions
  • add to /etc/fstab:
“/dev/mapper/vg1-store    /store    ext4    nofail,relatime,user,acl    0    0”

-> nofail option causes boot not to hang in case raid has problems

/store/Mediathek    /media/Mediathek    none    bind,nofail    0 0

(for future reference: ext4 on raid5 was made using: mkfs.ext4 -b 4096 -E stride=16,stripe-width=64 -L label /dev/vg1/blalba)

1.2.2 create a partion for /media/mythstore

(primary MythTV storage for raw data & live tv), xfs recommended by mythtv, not available per default in RHEL6, using ext4 instead

1.2.3 ZFS Storage

see topic 6 for ZFS Installation

1.3 add repositories

  • Remember to use sudo yum update after adding a repository
  • use yum-priorites to prevent package conflicts
  • Install package yum-plugin-kmdl, it will take care of updating your kmdls automatically.

1.3.1 EPEL

For information see: http://fedoraproject.org/wiki/EPEL

sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

1.3.2 ELREPO

sudo rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org
sudo rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm

1.3.3 ATRPMS und ATRPMS TESTING

go atrpms website:  and download repositrory-rpm. install. enable testing repo in yumex. yumex can be installed from epel and works better over nx than the default package manager

Alternative terminal based way:

# Import the GPG key for ATrpms
sudo rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms

# Open an editor and paste the following into the atrpms-stable.repo file

sudo nano /etc/yum.repos.d/atrpms-stable.repo
[atrpms-stable]
name=RHEL 6 - atrpms-stable - $releasever - $basearch
baseurl=http://dl.atrpms.net/el6-$basearch/atrpms/stable/
gpgcheck=1
enabled=1
priority=20
exclude=*release

1.3.4 Linuxtech.net

The Linuxtechnet-repo contains various mutimedia related progs. Like fglrx (ATI driver), handbrake, CrystalHD driver, etc

See: http://pkgrepo.linuxtech.net/el6/release/!!_README-FIRST_!!
wget http://pkgrepo.linuxtech.net/el6/release/linuxtech.repo
wget http://pkgrepo.linuxtech.net/el6/release/RPM-GPG-KEY-LinuxTECH.NET
sudo cp RPM-GPG-KEY-LinuxTECH.NET /etc/pki/rpm-gpg/
sudo cp linuxtech.repo /etc/yum.repos.d/
  • repository will now show up e.g. in YumEx
  • better disable repo after installing to prevent  package conflicts

1.3.5 RPMforge

CARE: might conflict with atrpms, not tested

sudo rpm -ivh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

 

1.4 add sth like dyndns

to be able to reach your Mythweb installation while on the road. You get a domain name that maps to the ever changing IP adress of your home internet connection.

I use both DynDNS and No-IP to have a backup, as these solutions are only 95% reliable.

[ UPDATE: DynDNS canceled their service. ]

1.4.1. DynDNS

via FritzBox

1.4.2. No-IP: Backup

Get Account at: http://www.no-ip.com/

Install package noip form ATRPMS and run

sudo /usr/bin/noip2 -C

for configuring your account.

1.5 Configure cron / anacron

1.5.1  /etc/crontab

RHEL6 does not use /etc/crontab but anacron. to get cron jobs at specified time edit /etc/cron.d/sysstat (same syntax as /etc/crontab)

1.5.2 RHEL behaviour

to get cron jobs at specified time edit /etc/cron.d/sysstat (same syntax as /etc/crontab)
create (if not already present) the file /etc/environment and add the following line: LANG=de_DE.UTF-8 for german locale settings in cron jobs

1.6 Automatic Updates

If you’re using Sientific Linux, you already have the package yum-autoupdate installed. For Centos users, you can download the package from the SL-repos and install manually. In my experience it does a good job and with the right exclude items doesn’t srew up.

Configuration via /etc/sysconfig/yum-autoupdate:

sudo nano /etc/sysconfig/yum-autoupdate
...
MAILLIST="root,your@email.com"
EXCLUDE="kernel* openafs* *-kmdl-* kmod-* *firmware* icewm* VirtualBox* *myth*"
...

2. MythTV

Media Center, Watch / Record TV, Movies, Listen to Music, etc

2.1 Preparation

You need to have the EPEL and ATRPMs (inkl. ATRPMs testing) Repositories enabled, see above 1.3

2.2 install mythtv and dependencies

install qt47 and qt47-x11. installing qt47-x11 requires removing qt-x11.

Attention: this causes a little trouble with hp printer drivers,  but nothing  major: unfortunately qt47-x11 is incompatible with PyQt4 (python bindings for qt4, which needs plain qt-x11). pyqt is in turn requiered for hplib’s graphical setup interfaces. you can still configure hp printers from the command line via “sudo hp-setup -i” or via http://localhost:631 in firefox
If you happen to know any better solution feel free to comment.

update perl-manib-sth and install qt47-webkit as well as qt47-mysql. install mythtv-backend and mythtv-docs. install mythweb, httpd.
if you are running KDE also update phonon-backend-gstreamer to 4.7 (available in atrpms-testing), otherwise you will get the error “shared library not available”
a litte of topic: for kde4 integration of gtk (gnome) apps install kcm-gtk and oxygen-gtk. then go system-settings ->  look and feel -> theme ? (german: erscheinungsbild) -> gtk settings. there set theme as oxygen-gtk.

2.3 disable selinux

(dunno if necessary for mythtv, at least permissive seems necessary, but no need for selinux)

sudo gedit /etc/selinux/config
change SELINUX=enforcing to =disabled
reboot

2.4 open firewall ports

sudo system-config-firewall
  • for LAN only:
    • 3306 for tcp/udp for mysql network access
    • 6543, 6544 tcp/udp for mythtv frontend net access
  • global:
    • 80 tcp for Webfrontend
    • 22tcp or whatever you use for ssh

2.5 install mysqld

(via yumex or whatever)

sudo /sbin/chkconfig mysqld on
sudo /sbin/service mysqld start
mysql_secure_installation

(mysql_secure_installation sets default parameter to secure settings)

mysql -u root -p < /usr/share/doc/mythtv-docs-0.24/database/mc.sql

(this imports the basic database structure)

These adjustments to /etc/my.cnf under the [mysqld] section improve performance with both MythTV (especially in the GUI) and MythWeb:

key_buffer = 16M
table_cache = 128
sort_buffer_size = 2M
myisam_sort_buffer_size = 8M
query_cache_size = 16M
bind-address = “Server IP Address”

(needed for net access to mysql, change IP Adress to match yours)

secure mysql with user and password:

$ mysql -u root mythconverg -p
mysql> grant all on mythconverg.* to mythtv@"xxx.xxx.xxx.%" identified by "password";
mysql> flush privileges;

-> xxx.xxx.xxx.%  (IP Address, last collum=%)

2.6. install driver for hdtv card

I used the following card:

http://linuxtv.org/wiki/index.php/Linux4Media_cineS2_DVB-S2_Twin_Tuner

http://www.amazon.de/DigitalDevices-PCI-Express-TWIN-DVB-S2-Karte-MediaCenter-PC/dp/B0030KGEY8/ref=cm_cr_pr_product_top

(If you are shopping for a linux compatible DVB-S2 card, see: http://linuxtv.org/wiki/index.php/DVB-S2_PCIe_Cards)

lspci -vvvnn
03:00.0 Multimedia video controller [0400]: Micronas Semiconductor Holding AG Device [18c3:0720] (rev 01)
Subsystem: Micronas Semiconductor Holding AG Device [18c3:dd00]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 32 bytes
Interrupt: pin A routed to IRQ 10
Region 0: Memory at fddf0000 (32-bit, non-prefetchable) [size=64K]
Region 1: Memory at fdde0000 (64-bit, non-prefetchable) [size=64K]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000  Data: 0000
Capabilities: [58] Express (v1) Endpoint, MSI 00
DevCap:    MaxPayload 128 bytes, PhantFunc 0, Latency L0s <64ns, L1 <1us
ExtTag- AttnBtn- AttnInd- PwrInd- RBE- FLReset-
DevCtl:    Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+
MaxPayload 128 bytes, MaxReadReq 512 bytes
DevSta:    CorrErr- UncorrErr+ FatalErr- UnsuppReq+ AuxPwr- TransPend-
LnkCap:    Port #0, Speed 2.5GT/s, Width x1, ASPM L0s, Latency L0 unlimited, L1 unlimited
ClockPM- Surprise- LLActRep- BwNot-
LnkCtl:    ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta:    Speed 2.5GT/s, Width x1, TrErr- rain- SlotClk+ DLActive- BWMgmt- ABWMgmt- Capabilities: [100] Device Serial Number 00-00-00-00-00-00-00-00
Capabilities: [400] Virtual Channel <?>

2.6.1 install v4l rmps

from atrpms repo: libv4l, video4linux, video4linux-kmdl-….

Care: Upon Kernel-Updates, the corresponding video4linux-kmdl-…. package has to be installed manually
Solution: Install package yum-plugin-kmdl, it will take care of updating your kmdls automatically.

2.6.2 set dual tuner as two adapters

sudo gedit /etc/modprobe.d/dvb.conf

add:

options ngene one_adapter=0

2.6.3 get firmware

(you might look at http://www.digitaldevices.de/downloads.html)

wget http://l4m-daten.de/downloads/firmware/dvb-s2/linux/all/ngene_18.fw
sudo cp ngene_18.fw /lib/firmware

2.6.4 reload ngene

sudo rmmod ngene
sudo modprobe ngene

or reboot (reboot better, adapter nr may change after reboot due to different driver load times at boot up)

dmesg | grep adapter
i2c i2c-2: nForce2 SMBus adapter at 0x1c00
DVB: registering new adapter (nGene)
DVB: registering adapter 0 frontend 0 (STV090x Multistandard)...
DVB: registering new adapter (nGene)
DVB: registering adapter 1 frontend 0 (STV090x Multistandard)...
DVB: registering new adapter (TT-Budget/WinTV-NOVA-S  PCI)
adapter has MAC addr = 00:d0:5c:20:98:5f
DVB: registering adapter 2 frontend 0 (ST STV0299 DVB-S)...

2.7 change mythtv uid / gid to 1500 for consistency accross home network

id mythtv
uid=495(mythtv) gid=487(mythtv) groups=487(mythtv)
sudo usermod -u 1500 mythtv
sudo groupmod -g 1500 mythtv
sudo find / -user 495  -exec chown -h 1500:1500 {} \;

2.8 basic mythtv config

run

su -c mythtv-setup

and set basics on tab general, set ip accordingly to my.conf and storage groups / directories

Then restart mythbackend:

sudo /etc/init.d/mythtv-backend start
sudo /etc/init.d/mythtv-backend status

should keep running, else debug via var/log/mythtv…

sudo chkconfig mythtvbackend on

2.9 basic configuration for mythweb

add user apache to group mythtv so that you can access music, videos, recordings via mythweb (can be done with default user setting application or via usermod)

sudo gedit /etc/httpd/conf.d/mythweb.conf

and change mysql password accordingly and ip according to my.conf

sudo chkconfig httpd on
sudo /etc/init.d/httpd reload

mythweb should come up in a webbrowser at http://localhost/mythweb

2.10 getting channel data

Install package linux-dvb-apps (now renamed dvb-utils) from atrpms-repositroy:

sudo yum install linux-dvb-apps

Do an initial scan for channels:

scan -v /usr/share/dvb/dvb-s/Astra-19.2E > /home/username/channel.conf

and run

su -c mythtv-setup

where you set up TV Tuner Cards, Video Source to „EIT Only“ and add channels by importing your channel-conf. You might need to rescan afterwards.

Also mythtv is buggy and sometimes does not properly set channel to dvb. It can be fixed from command line with:

mysql --user root --password mythconverg
mysql> select mplexid,transportid,sistandard,networkid from dtv_multiplex;
 +---------+-------------+------------+-----------+
 | mplexid | transportid | sistandard | networkid |
 +---------+-------------+------------+-----------+
 |       1 |        1011 | dvb        |      NULL |
 |       2 |        1107 | dvb        |      NULL |
 |       3 |        1201 | dvb        |      NULL |
 |       4 |        1101 | dvb        |      NULL |
 |       5 |        1079 | dvb        |      NULL |
 |       6 |        1089 | dvb        |      NULL |
 |       7 |        1018 | dvb        |         1 |
 |       8 |        1020 | dvb        |         1 |
 |       9 |        1022 | dvb        |         1 |
 |      10 |        1026 | dvb        |         1 |
 |      11 |        1028 | dvb        |         1 |
 |      12 |        1034 | dvb        |         1 |
 |      13 |        1037 | dvb        |         1 |
 |      14 |        1042 | dvb        |         1 |
 |      15 |        1051 | dvb        |         1 |
 |      16 |        1054 | dvb        |         1 |
 |      17 |        1059 | dvb        |         1 |
 |      18 |        1068 | dvb        |         1 |
 |      19 |        1070 | dvb        |         1 |
 |      20 |        1072 | dvb        |         1 |
 |      21 |        1073 | dvb        |         1 |
 |      22 |        1074 | dvb        |         1 |
 |      23 |        1076 | dvb        |         1 |
 |      24 |        1078 | dvb        |         1 |
 |      25 |        1108 |            |      NULL |
 |      26 |        1117 |            |      NULL |
 |      27 |        1034 |            |      NULL |
 |      28 |        1072 |            |      NULL |
 |      29 |        1042 |            |      NULL |
 |      30 |        1054 |            |      NULL |
 |      31 |        1020 |            |      NULL |
 |      32 |        1058 |            |      NULL |
 |      33 |        1115 |            |      NULL |
 |      34 |        1018 |            |      NULL |
 |      35 |        1093 |            |      NULL |
 |      36 |        1106 |            |      NULL |
 |      37 |        1022 |            |      NULL |
 |      38 |        1088 |            |      NULL |
 |      39 |        1073 |            |      NULL |
 |      40 |        1051 |            |      NULL |
 |      41 |        1011 |            |      NULL |
 |      42 |        1007 |            |      NULL |
 |      43 |        1028 |            |      NULL |
 |      44 |           4 |            |      NULL |
 |      45 |          17 |            |      NULL |
 |      46 |          12 |            |      NULL |
 |      47 |          11 |            |      NULL |
 |      48 |           7 |            |      NULL |
 |      49 |           5 |            |      NULL |
 |      50 |          33 |            |      NULL |
 |      51 |        1107 |            |      NULL |
 |      52 |        1082 |            |      NULL |
 |      53 |        1057 |            |      NULL |
 |      54 |        1053 |            |      NULL |
 |      55 |        1092 |            |      NULL |
 |      56 |        1024 |            |      NULL |
 |      57 |        1068 |            |      NULL |
 |      58 |        1070 |            |      NULL |
 |      59 |        1113 |            |      NULL |
 |      60 |        1074 |            |      NULL |
 |      61 |        1076 |            |      NULL |
 |      62 |        1078 |            |      NULL |
 |      63 |        1079 |            |      NULL |
 |      64 |        1086 |            |      NULL |
 |      65 |        1089 |            |      NULL |
 |      66 |        1059 |            |      NULL |
 |      67 |        1091 |            |      NULL |
 |      68 |        1096 |            |      NULL |
 |      69 |        1097 |            |      NULL |
 |      70 |        1098 |            |      NULL |
 |      71 |        1101 |            |      NULL |
 |      72 |        1201 |            |      NULL |
 |      73 |        1105 |            |      NULL |
 |      74 |        1111 |            |      NULL |
 |      75 |        1026 |            |      NULL |
 +---------+-------------+------------+-----------+
 75 rows in set (0.00 sec)
 mysql>
 mysql> update dtv_multiplex set networkid = 1, sistandard = 'dvb';
 Query OK, 57 rows affected (0.00 sec)
 Rows matched: 75  Changed: 57  Warnings: 0
 mysql> select mplexid,transportid,sistandard,networkid from dtv_multiplex;
 +---------+-------------+------------+-----------+
 | mplexid | transportid | sistandard | networkid |
 +---------+-------------+------------+-----------+
 |       1 |        1011 | dvb        |         1 |
 |       2 |        1107 | dvb        |         1 |
 |       3 |        1201 | dvb        |         1 |
 |       4 |        1101 | dvb        |         1 |
 |       5 |        1079 | dvb        |         1 |
 |       6 |        1089 | dvb        |         1 |
 |       7 |        1018 | dvb        |         1 |
 |       8 |        1020 | dvb        |         1 |
 |       9 |        1022 | dvb        |         1 |
 |      10 |        1026 | dvb        |         1 |
 |      11 |        1028 | dvb        |         1 |
 |      12 |        1034 | dvb        |         1 |
 |      13 |        1037 | dvb        |         1 |
 |      14 |        1042 | dvb        |         1 |
 |      15 |        1051 | dvb        |         1 |
 |      16 |        1054 | dvb        |         1 |
 |      17 |        1059 | dvb        |         1 |
 |      18 |        1068 | dvb        |         1 |
 |      19 |        1070 | dvb        |         1 |
 |      20 |        1072 | dvb        |         1 |
 |      21 |        1073 | dvb        |         1 |
 |      22 |        1074 | dvb        |         1 |
 |      23 |        1076 | dvb        |         1 |
 |      24 |        1078 | dvb        |         1 |
 |      25 |        1108 | dvb        |         1 |
 |      26 |        1117 | dvb        |         1 |
 |      27 |        1034 | dvb        |         1 |
 |      28 |        1072 | dvb        |         1 |
 |      29 |        1042 | dvb        |         1 |
 |      30 |        1054 | dvb        |         1 |
 |      31 |        1020 | dvb        |         1 |
 |      32 |        1058 | dvb        |         1 |
 |      33 |        1115 | dvb        |         1 |
 |      34 |        1018 | dvb        |         1 |
 |      35 |        1093 | dvb        |         1 |
 |      36 |        1106 | dvb        |         1 |
 |      37 |        1022 | dvb        |         1 |
 |      38 |        1088 | dvb        |         1 |
 |      39 |        1073 | dvb        |         1 |
 |      40 |        1051 | dvb        |         1 |
 |      41 |        1011 | dvb        |         1 |
 |      42 |        1007 | dvb        |         1 |
 |      43 |        1028 | dvb        |         1 |
 |      44 |           4 | dvb        |         1 |
 |      45 |          17 | dvb        |         1 |
 |      46 |          12 | dvb        |         1 |
 |      47 |          11 | dvb        |         1 |
 |      48 |           7 | dvb        |         1 |
 |      49 |           5 | dvb        |         1 |
 |      50 |          33 | dvb        |         1 |
 |      51 |        1107 | dvb        |         1 |
 |      52 |        1082 | dvb        |         1 |
 |      53 |        1057 | dvb        |         1 |
 |      54 |        1053 | dvb        |         1 |
 |      55 |        1092 | dvb        |         1 |
 |      56 |        1024 | dvb        |         1 |
 |      57 |        1068 | dvb        |         1 |
 |      58 |        1070 | dvb        |         1 |
 |      59 |        1113 | dvb        |         1 |
 |      60 |        1074 | dvb        |         1 |
 |      61 |        1076 | dvb        |         1 |
 |      62 |        1078 | dvb        |         1 |
 |      63 |        1079 | dvb        |         1 |
 |      64 |        1086 | dvb        |         1 |
 |      65 |        1089 | dvb        |         1 |
 |      66 |        1059 | dvb        |         1 |
 |      67 |        1091 | dvb        |         1 |
 |      68 |        1096 | dvb        |         1 |
 |      69 |        1097 | dvb        |         1 |
 |      70 |        1098 | dvb        |         1 |
 |      71 |        1101 | dvb        |         1 |
 |      72 |        1201 | dvb        |         1 |
 |      73 |        1105 | dvb        |         1 |
 |      74 |        1111 | dvb        |         1 |
 |      75 |        1026 | dvb        |         1 |
 +---------+-------------+------------+-----------+
 75 rows in set (0.00 sec)
 mysql> quit
 Bye

Channel Sorting, etc can be done within Mythweb.

2.11 Postprocessing of Recordings

At first I was considering:

Unfortunaley nuvexport seems broken, it errors with problems not finding the files mentioned in mythtv mysql database.

With mythnuv2mkv  I have several problems:

  • It forces to resize the video because it cannot cope with anamorphic source files
  • As a result it is dog slow
  • Without modifications to the script as mentioned in the commentaries on the url above, it produces filenames with invalid encoding with movies with german umlauts in the title.
  • It cannot preserve multichannel (dolby surround / dolby digital) audio in recordings but produces video files with only stereo sound

As a result, I know maintain my own scipt: Mythbrake

3 BackupPC

Carefull: Ubuntu und Centos 5 say backuppc, RHEL6 says BackupPC and Linux is case-sensitive

3.1 Install BackupPC from EPEL Repo

nothing to explain

3.2 Configuration of BackupPC

by editing /etc/BackupPC/config.pl, change at least:

## Path to where actual backup data is stored.
$Conf{TopDir} = '/var/lib/backuppc';
## Allowed user that you created using htpasswd.
$Conf{CgiAdminUsers} = 'your_user';

3.3 Configuration for BackupPC Web Interface

by editing /etc/httpd/conf.d/BackupPC.conf:

 <Directory /usr/share/BackupPC/sbin/>
 order deny,allow
 #deny from all
 #allow from 127.0.0.1
 #allow from ::1
 allow from all
 #might also consider allow from 192.168.0.0/24 for home network access
 Options ExecCGI FollowSymlinks
 AddHandler cgi-script .cgi
 AuthType Basic
 AuthName "BackupPC admin"
 AuthUserFile /etc/BackupPC/htpasswd
 # RHEL6 default is /etc/BackupPC/apache.users
 # ”htpasswd  /etc/BackupPC/htpasswd yourusername” sets password
 require valid-user
 </Directory>
 Alias               /BackupPC/images            /usr/share/BackupPC/html/
 ScriptAlias         /BackupPC                   /usr/share/BackupPC/sbin/BackupPC_Admin
 ScriptAlias         /backuppc                   /usr/share/BackupPC/sbin/BackupPC_Admin

3.4 Setup Users

sudo htpasswd  /etc/BackupPC/htpasswd yourusername

# RHEL6 default is /etc/BackupPC/apache.users

3.5 Edit /etc/hosts

BackupPC doesn’t accept IP addresses but only hostnames

cat /etc/hosts/
#IP Address                        Hostname
 xxx.xxx.xxx.xxx                Edenscar
 xxx.xxx.xxx.yyy                Christiane

3.6 Edit /etc/BackupPC/hosts

Add your hosts and users set up under 3.4, can also be done in webinterface

3.7 Edit /etc/BackupPC/ “hostname”.pl

can also be done in webinterface

 #HOSTNAME.pl
 $Conf{RsyncShareName} = [
 '/home'
 ];
 $Conf{BackupFilesExclude} = {
 '/home' => [
 '/”username”/.gvfs',
 ]
 };

3.8 Setup BackupPC SSH Keys

Reminder: I have backed up my ssh keys and can just restore them to /var/lib/BackupPC/.ssh

Since concentrating on rsync backups, you’ll want to create passwordless keys used for the backuppc process to connect remotely to your hosts being backed up.

3.8.1 Generate Key on Host

As root create the hidden SSH directory under /var/lib/BackupPC and change the permissions accordingly.

 cd /var/lib/BackupPC
 mkdir .ssh
 chown backuppc.backuppc .ssh
 chmod 700 .ssh

Next, drop in as the backuppc user. You’ll have to specify a shell because by default the backuppc user has no shell assigned to it. Then create the passwordless SSH keys using ssh-keygen.

su -s /bin/bash backuppc
bash-3.2$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/backuppc/.ssh/id_dsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_dsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx backuppc@host.domain.name

3.8.2 Server Key to Client

For each client you’re going to configure backups for, you’ll need to copy the key you created from the server over to the client. To do so, continue from the last step, and run the ssh-copy-id command while still logged in as the backuppc user on the server.

bash-3.2$ ssh-copy-id -i /var/lib/BackupPC/.ssh/id_dsa.pub root@host_to_backup

It should have copied the key over to the host, and then also logged you into the host with SSH.

3.8.3 Alternate possiblity to copy the key to the clients

This is more hassle, use only if the previous method does not work. Then copy the key over via

scp -P sshportnr id_dsa_pub username@client:/home/username

change to the client and do there

sudo cat /home/username/id_dsa_pub >> /root/.ssh/authorizedkeys
sudo chmod 600 /root/.ssh/authorizedkeys

3.8.4 Prevent root ssh login with password

Usually you don’t need a root login via ssh and want to avoid it for security reasons. A good way to do this is to allow root logins only via the key we made above, but not with username and password. Set permitrootlogin to without-password in /etc/ssh/sshd_conf:

sudo nano /etc/ssh/sshd_conf
...
permitrootlogin without-password
...

Excursus: If you furthermore dont want root to be able to login locally via password, you can disable via:

sudo passwd -l root

(the option is a small L like „lock“)

Care: Be double sure that sudo works, before you lock the root account, or else you lock yourself out from all the administrative work.

3.8.5 Troubleshooting error  „Unable to read 4 bytes“

The following might help:

ssh -l root clientHostName

3.9 Further Configuration

can be done via WebFrontend at localhost/BackupPC

4 Virtualbox

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | rpm --import -
cd /etc/yum.repos.d
wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo
yum install kernel-devel kernel-headers dkms VirtualBox-4.0

You might want to add webmin module: http://sourceforge.net/projects/webmin/files/VboxCtrl/V4.0.4/vboxctrl.wbm.gz

5 Realcrypt

Install rpm from rpmfusion

sudo yum install realcrypt

Allow users in group realcrypt to use the program:

sudo groupadd realcrypt
sudo usermod -a -G realcrypt *username*

add the following to /etc/sudoers:

sudo nano /etc/sudoers
## RealCrypt Cmd Alias
Cmnd_Alias REALCRYPT = /usr/bin/realcrypt, /usr/sbin/realcrypt
#RealCrypt execute without passwd for group realcrypt
%realcrypt ALL = NOPASSWD: REALCRYPT
add to ~/.bashrc:
alias realcrypt='sudo realcrypt'

6 ZFS  on Linux

With the default 2.6.32.xx kernel the ZFS packages unfortunately don’t work well, I have seen kernel panics under high IO-Load.

6.1 Kernel Update

Thus we will install the kernel-lt from elrepo. See http://elrepo.org/tiki/kernel-lt for details.

sudo yum --enablerepo=elrepo-kernel install kernel-lt
sudo reboot

After reboot

uname -ar

should show you are using a 3.x kernel. If not check /boot/grub/menu.lst

6.2 Install RHEL / CentOS / Scientific Linux Packages

DKMS style packages for RHEL, CentOS, and Scientific Linux are available from the zfsonlinux.org repository. These packages track the latest official upstream tag and are refreshed as new releases are made available. Packages are provided for RHEL6 (only 64bit)

To add the repository to your system install the zfs-release package as shown below. This will add the /etc/yum.repo.d/zfs.repo and required signing keys to your system. You can then install zfs like any other EPEL package using yum. As new updated packages are made available they will be detected and installed as part of the standard update process.

sudo yum localinstall --nogpgcheck http://archive.zfsonlinux.org/epel/zfs-release-1-2.el6.noarch.rpm
sudo yum install zfs