Inhalt
Setting up a „Family Server“ on RHEL 6.x:
These are personal notes for myself to remember things, but they might serve others as well. This document is licensed under Creative Commons Licence 3.0 BY-SA.
Sientific Linux (SL) is a free clone of RHEL6, just like CentOS. It will be used for the scope of this document, but you can use either one.
The following document covers installation of
MythTV: Server for watching and recording TV
Mythweb with apache webserver for remote administation of MythTV
BackupPC: a serverside Backup Demon that can backup Win and Linux Clients
VitualBox: virtual PC emulator for running a virtual WinXP
Realcrypt: free Truecypt for encrypting some Backups
ZFS-on-Linux: the perfect filesystem for large-scale data storage (e.g. media files)
1. Misc
Install the base system and basics apps of your choice, e.g. your favourite editor
1.1 Configure Users and Groups
As you would normaly do. Configure sudoers.
1.2 Configure Storage
1.2.1 Import Raid5
#My Raid is already set up
add to /etc/mdadm.conf (without quotes):
“ARRAY /dev/md0 level=raid5 num-devices=5 metadata=00.90 UUID=5af33dbb:4984653a:73c58c98:29ed513f”
sudo mdadm --assemble /dev/md0 sudo vgchange -ay vg1 sudo vgchange -a n vg1 reboot
- Devices of Vg1 should now automatically show up after reboot
- mkdir /store and /media/Mediathek and change permissions
- add to /etc/fstab:
“/dev/mapper/vg1-store /store ext4 nofail,relatime,user,acl 0 0”
-> nofail option causes boot not to hang in case raid has problems
/store/Mediathek /media/Mediathek none bind,nofail 0 0
(for future reference: ext4 on raid5 was made using: mkfs.ext4 -b 4096 -E stride=16,stripe-width=64 -L label /dev/vg1/blalba)
1.2.2 create a partion for /media/mythstore
(primary MythTV storage for raw data & live tv), xfs recommended by mythtv, not available per default in RHEL6, using ext4 instead
1.2.3 ZFS Storage
see topic 6 for ZFS Installation
1.3 add repositories
- Remember to use sudo yum update after adding a repository
- use yum-priorites to prevent package conflicts
- Install package yum-plugin-kmdl, it will take care of updating your kmdls automatically.
1.3.1 EPEL
For information see: http://fedoraproject.org/wiki/EPEL
sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
1.3.2 ELREPO
sudo rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org sudo rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm
1.3.3 ATRPMS und ATRPMS TESTING
go atrpms website: and download repositrory-rpm. install. enable testing repo in yumex. yumex can be installed from epel and works better over nx than the default package manager
Alternative terminal based way:
# Import the GPG key for ATrpms sudo rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms
# Open an editor and paste the following into the atrpms-stable.repo file
sudo nano /etc/yum.repos.d/atrpms-stable.repo [atrpms-stable] name=RHEL 6 - atrpms-stable - $releasever - $basearch baseurl=http://dl.atrpms.net/el6-$basearch/atrpms/stable/ gpgcheck=1 enabled=1 priority=20 exclude=*release
1.3.4 Linuxtech.net
The Linuxtechnet-repo contains various mutimedia related progs. Like fglrx (ATI driver), handbrake, CrystalHD driver, etc
See: http://pkgrepo.linuxtech.net/el6/release/!!_README-FIRST_!!
wget http://pkgrepo.linuxtech.net/el6/release/linuxtech.repo wget http://pkgrepo.linuxtech.net/el6/release/RPM-GPG-KEY-LinuxTECH.NET sudo cp RPM-GPG-KEY-LinuxTECH.NET /etc/pki/rpm-gpg/ sudo cp linuxtech.repo /etc/yum.repos.d/
- repository will now show up e.g. in YumEx
- better disable repo after installing to prevent package conflicts
1.3.5 RPMforge
CARE: might conflict with atrpms, not tested
sudo rpm -ivh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
1.4 add sth like dyndns
to be able to reach your Mythweb installation while on the road. You get a domain name that maps to the ever changing IP adress of your home internet connection.
I use both DynDNS and No-IP to have a backup, as these solutions are only 95% reliable.
[ UPDATE: DynDNS canceled their service. ]
1.4.1. DynDNS
via FritzBox
1.4.2. No-IP: Backup
Get Account at: http://www.no-ip.com/
Install package noip form ATRPMS and run
sudo /usr/bin/noip2 -C
for configuring your account.
1.5 Configure cron / anacron
1.5.1 /etc/crontab
RHEL6 does not use /etc/crontab but anacron. to get cron jobs at specified time edit /etc/cron.d/sysstat (same syntax as /etc/crontab)
1.5.2 RHEL behaviour
to get cron jobs at specified time edit /etc/cron.d/sysstat (same syntax as /etc/crontab)
create (if not already present) the file /etc/environment and add the following line: LANG=de_DE.UTF-8 for german locale settings in cron jobs
1.6 Automatic Updates
If you’re using Sientific Linux, you already have the package yum-autoupdate installed. For Centos users, you can download the package from the SL-repos and install manually. In my experience it does a good job and with the right exclude items doesn’t srew up.
Configuration via /etc/sysconfig/yum-autoupdate:
sudo nano /etc/sysconfig/yum-autoupdate ... MAILLIST="root,your@email.com" EXCLUDE="kernel* openafs* *-kmdl-* kmod-* *firmware* icewm* VirtualBox* *myth*" ...
2. MythTV
Media Center, Watch / Record TV, Movies, Listen to Music, etc
2.1 Preparation
You need to have the EPEL and ATRPMs (inkl. ATRPMs testing) Repositories enabled, see above 1.3
2.2 install mythtv and dependencies
install qt47 and qt47-x11. installing qt47-x11 requires removing qt-x11.
Attention: this causes a little trouble with hp printer drivers, but nothing major: unfortunately qt47-x11 is incompatible with PyQt4 (python bindings for qt4, which needs plain qt-x11). pyqt is in turn requiered for hplib’s graphical setup interfaces. you can still configure hp printers from the command line via “sudo hp-setup -i” or via http://localhost:631 in firefox
If you happen to know any better solution feel free to comment.
update perl-manib-sth and install qt47-webkit as well as qt47-mysql. install mythtv-backend and mythtv-docs. install mythweb, httpd.
if you are running KDE also update phonon-backend-gstreamer to 4.7 (available in atrpms-testing), otherwise you will get the error “shared library not available”
a litte of topic: for kde4 integration of gtk (gnome) apps install kcm-gtk and oxygen-gtk. then go system-settings -> look and feel -> theme ? (german: erscheinungsbild) -> gtk settings. there set theme as oxygen-gtk.
2.3 disable selinux
(dunno if necessary for mythtv, at least permissive seems necessary, but no need for selinux)
sudo gedit /etc/selinux/config change SELINUX=enforcing to =disabled reboot
2.4 open firewall ports
sudo system-config-firewall
- for LAN only:
- 3306 for tcp/udp for mysql network access
- 6543, 6544 tcp/udp for mythtv frontend net access
- global:
- 80 tcp for Webfrontend
- 22tcp or whatever you use for ssh
2.5 install mysqld
(via yumex or whatever)
sudo /sbin/chkconfig mysqld on sudo /sbin/service mysqld start mysql_secure_installation
(mysql_secure_installation sets default parameter to secure settings)
mysql -u root -p < /usr/share/doc/mythtv-docs-0.24/database/mc.sql
(this imports the basic database structure)
These adjustments to /etc/my.cnf under the [mysqld] section improve performance with both MythTV (especially in the GUI) and MythWeb:
key_buffer = 16M table_cache = 128 sort_buffer_size = 2M myisam_sort_buffer_size = 8M query_cache_size = 16M bind-address = “Server IP Address”
(needed for net access to mysql, change IP Adress to match yours)
secure mysql with user and password:
$ mysql -u root mythconverg -p mysql> grant all on mythconverg.* to mythtv@"xxx.xxx.xxx.%" identified by "password"; mysql> flush privileges;
-> xxx.xxx.xxx.% (IP Address, last collum=%)
2.6. install driver for hdtv card
I used the following card:
http://linuxtv.org/wiki/index.php/Linux4Media_cineS2_DVB-S2_Twin_Tuner
(If you are shopping for a linux compatible DVB-S2 card, see: http://linuxtv.org/wiki/index.php/DVB-S2_PCIe_Cards)
lspci -vvvnn 03:00.0 Multimedia video controller [0400]: Micronas Semiconductor Holding AG Device [18c3:0720] (rev 01) Subsystem: Micronas Semiconductor Holding AG Device [18c3:dd00] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 32 bytes Interrupt: pin A routed to IRQ 10 Region 0: Memory at fddf0000 (32-bit, non-prefetchable) [size=64K] Region 1: Memory at fdde0000 (64-bit, non-prefetchable) [size=64K] Capabilities: [40] Power Management version 2 Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-) Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME- Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+ Address: 0000000000000000 Data: 0000 Capabilities: [58] Express (v1) Endpoint, MSI 00 DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <64ns, L1 <1us ExtTag- AttnBtn- AttnInd- PwrInd- RBE- FLReset- DevCtl: Report errors: Correctable- Non-Fatal- Fatal- Unsupported- RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+ MaxPayload 128 bytes, MaxReadReq 512 bytes DevSta: CorrErr- UncorrErr+ FatalErr- UnsuppReq+ AuxPwr- TransPend- LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s, Latency L0 unlimited, L1 unlimited ClockPM- Surprise- LLActRep- BwNot- LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+ ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt- LnkSta: Speed 2.5GT/s, Width x1, TrErr- rain- SlotClk+ DLActive- BWMgmt- ABWMgmt- Capabilities: [100] Device Serial Number 00-00-00-00-00-00-00-00 Capabilities: [400] Virtual Channel <?>
2.6.1 install v4l rmps
from atrpms repo: libv4l, video4linux, video4linux-kmdl-….
Care: Upon Kernel-Updates, the corresponding video4linux-kmdl-…. package has to be installed manually
Solution: Install package yum-plugin-kmdl, it will take care of updating your kmdls automatically.
2.6.2 set dual tuner as two adapters
sudo gedit /etc/modprobe.d/dvb.conf
add:
options ngene one_adapter=0
2.6.3 get firmware
(you might look at http://www.digitaldevices.de/downloads.html)
wget http://l4m-daten.de/downloads/firmware/dvb-s2/linux/all/ngene_18.fw sudo cp ngene_18.fw /lib/firmware
2.6.4 reload ngene
sudo rmmod ngene sudo modprobe ngene
or reboot (reboot better, adapter nr may change after reboot due to different driver load times at boot up)
dmesg | grep adapter i2c i2c-2: nForce2 SMBus adapter at 0x1c00 DVB: registering new adapter (nGene) DVB: registering adapter 0 frontend 0 (STV090x Multistandard)... DVB: registering new adapter (nGene) DVB: registering adapter 1 frontend 0 (STV090x Multistandard)... DVB: registering new adapter (TT-Budget/WinTV-NOVA-S PCI) adapter has MAC addr = 00:d0:5c:20:98:5f DVB: registering adapter 2 frontend 0 (ST STV0299 DVB-S)...
2.7 change mythtv uid / gid to 1500 for consistency accross home network
id mythtv uid=495(mythtv) gid=487(mythtv) groups=487(mythtv) sudo usermod -u 1500 mythtv sudo groupmod -g 1500 mythtv sudo find / -user 495 -exec chown -h 1500:1500 {} \;
2.8 basic mythtv config
run
su -c mythtv-setup
and set basics on tab general, set ip accordingly to my.conf and storage groups / directories
Then restart mythbackend:
sudo /etc/init.d/mythtv-backend start sudo /etc/init.d/mythtv-backend status
should keep running, else debug via var/log/mythtv…
sudo chkconfig mythtvbackend on
2.9 basic configuration for mythweb
add user apache to group mythtv so that you can access music, videos, recordings via mythweb (can be done with default user setting application or via usermod)
sudo gedit /etc/httpd/conf.d/mythweb.conf
and change mysql password accordingly and ip according to my.conf
sudo chkconfig httpd on sudo /etc/init.d/httpd reload
mythweb should come up in a webbrowser at http://localhost/mythweb
2.10 getting channel data
Install package linux-dvb-apps (now renamed dvb-utils) from atrpms-repositroy:
sudo yum install linux-dvb-apps
Do an initial scan for channels:
scan -v /usr/share/dvb/dvb-s/Astra-19.2E > /home/username/channel.conf
and run
su -c mythtv-setup
where you set up TV Tuner Cards, Video Source to „EIT Only“ and add channels by importing your channel-conf. You might need to rescan afterwards.
Also mythtv is buggy and sometimes does not properly set channel to dvb. It can be fixed from command line with:
mysql --user root --password mythconverg mysql> select mplexid,transportid,sistandard,networkid from dtv_multiplex; +---------+-------------+------------+-----------+ | mplexid | transportid | sistandard | networkid | +---------+-------------+------------+-----------+ | 1 | 1011 | dvb | NULL | | 2 | 1107 | dvb | NULL | | 3 | 1201 | dvb | NULL | | 4 | 1101 | dvb | NULL | | 5 | 1079 | dvb | NULL | | 6 | 1089 | dvb | NULL | | 7 | 1018 | dvb | 1 | | 8 | 1020 | dvb | 1 | | 9 | 1022 | dvb | 1 | | 10 | 1026 | dvb | 1 | | 11 | 1028 | dvb | 1 | | 12 | 1034 | dvb | 1 | | 13 | 1037 | dvb | 1 | | 14 | 1042 | dvb | 1 | | 15 | 1051 | dvb | 1 | | 16 | 1054 | dvb | 1 | | 17 | 1059 | dvb | 1 | | 18 | 1068 | dvb | 1 | | 19 | 1070 | dvb | 1 | | 20 | 1072 | dvb | 1 | | 21 | 1073 | dvb | 1 | | 22 | 1074 | dvb | 1 | | 23 | 1076 | dvb | 1 | | 24 | 1078 | dvb | 1 | | 25 | 1108 | | NULL | | 26 | 1117 | | NULL | | 27 | 1034 | | NULL | | 28 | 1072 | | NULL | | 29 | 1042 | | NULL | | 30 | 1054 | | NULL | | 31 | 1020 | | NULL | | 32 | 1058 | | NULL | | 33 | 1115 | | NULL | | 34 | 1018 | | NULL | | 35 | 1093 | | NULL | | 36 | 1106 | | NULL | | 37 | 1022 | | NULL | | 38 | 1088 | | NULL | | 39 | 1073 | | NULL | | 40 | 1051 | | NULL | | 41 | 1011 | | NULL | | 42 | 1007 | | NULL | | 43 | 1028 | | NULL | | 44 | 4 | | NULL | | 45 | 17 | | NULL | | 46 | 12 | | NULL | | 47 | 11 | | NULL | | 48 | 7 | | NULL | | 49 | 5 | | NULL | | 50 | 33 | | NULL | | 51 | 1107 | | NULL | | 52 | 1082 | | NULL | | 53 | 1057 | | NULL | | 54 | 1053 | | NULL | | 55 | 1092 | | NULL | | 56 | 1024 | | NULL | | 57 | 1068 | | NULL | | 58 | 1070 | | NULL | | 59 | 1113 | | NULL | | 60 | 1074 | | NULL | | 61 | 1076 | | NULL | | 62 | 1078 | | NULL | | 63 | 1079 | | NULL | | 64 | 1086 | | NULL | | 65 | 1089 | | NULL | | 66 | 1059 | | NULL | | 67 | 1091 | | NULL | | 68 | 1096 | | NULL | | 69 | 1097 | | NULL | | 70 | 1098 | | NULL | | 71 | 1101 | | NULL | | 72 | 1201 | | NULL | | 73 | 1105 | | NULL | | 74 | 1111 | | NULL | | 75 | 1026 | | NULL | +---------+-------------+------------+-----------+ 75 rows in set (0.00 sec) mysql> mysql> update dtv_multiplex set networkid = 1, sistandard = 'dvb'; Query OK, 57 rows affected (0.00 sec) Rows matched: 75 Changed: 57 Warnings: 0 mysql> select mplexid,transportid,sistandard,networkid from dtv_multiplex; +---------+-------------+------------+-----------+ | mplexid | transportid | sistandard | networkid | +---------+-------------+------------+-----------+ | 1 | 1011 | dvb | 1 | | 2 | 1107 | dvb | 1 | | 3 | 1201 | dvb | 1 | | 4 | 1101 | dvb | 1 | | 5 | 1079 | dvb | 1 | | 6 | 1089 | dvb | 1 | | 7 | 1018 | dvb | 1 | | 8 | 1020 | dvb | 1 | | 9 | 1022 | dvb | 1 | | 10 | 1026 | dvb | 1 | | 11 | 1028 | dvb | 1 | | 12 | 1034 | dvb | 1 | | 13 | 1037 | dvb | 1 | | 14 | 1042 | dvb | 1 | | 15 | 1051 | dvb | 1 | | 16 | 1054 | dvb | 1 | | 17 | 1059 | dvb | 1 | | 18 | 1068 | dvb | 1 | | 19 | 1070 | dvb | 1 | | 20 | 1072 | dvb | 1 | | 21 | 1073 | dvb | 1 | | 22 | 1074 | dvb | 1 | | 23 | 1076 | dvb | 1 | | 24 | 1078 | dvb | 1 | | 25 | 1108 | dvb | 1 | | 26 | 1117 | dvb | 1 | | 27 | 1034 | dvb | 1 | | 28 | 1072 | dvb | 1 | | 29 | 1042 | dvb | 1 | | 30 | 1054 | dvb | 1 | | 31 | 1020 | dvb | 1 | | 32 | 1058 | dvb | 1 | | 33 | 1115 | dvb | 1 | | 34 | 1018 | dvb | 1 | | 35 | 1093 | dvb | 1 | | 36 | 1106 | dvb | 1 | | 37 | 1022 | dvb | 1 | | 38 | 1088 | dvb | 1 | | 39 | 1073 | dvb | 1 | | 40 | 1051 | dvb | 1 | | 41 | 1011 | dvb | 1 | | 42 | 1007 | dvb | 1 | | 43 | 1028 | dvb | 1 | | 44 | 4 | dvb | 1 | | 45 | 17 | dvb | 1 | | 46 | 12 | dvb | 1 | | 47 | 11 | dvb | 1 | | 48 | 7 | dvb | 1 | | 49 | 5 | dvb | 1 | | 50 | 33 | dvb | 1 | | 51 | 1107 | dvb | 1 | | 52 | 1082 | dvb | 1 | | 53 | 1057 | dvb | 1 | | 54 | 1053 | dvb | 1 | | 55 | 1092 | dvb | 1 | | 56 | 1024 | dvb | 1 | | 57 | 1068 | dvb | 1 | | 58 | 1070 | dvb | 1 | | 59 | 1113 | dvb | 1 | | 60 | 1074 | dvb | 1 | | 61 | 1076 | dvb | 1 | | 62 | 1078 | dvb | 1 | | 63 | 1079 | dvb | 1 | | 64 | 1086 | dvb | 1 | | 65 | 1089 | dvb | 1 | | 66 | 1059 | dvb | 1 | | 67 | 1091 | dvb | 1 | | 68 | 1096 | dvb | 1 | | 69 | 1097 | dvb | 1 | | 70 | 1098 | dvb | 1 | | 71 | 1101 | dvb | 1 | | 72 | 1201 | dvb | 1 | | 73 | 1105 | dvb | 1 | | 74 | 1111 | dvb | 1 | | 75 | 1026 | dvb | 1 | +---------+-------------+------------+-----------+ 75 rows in set (0.00 sec) mysql> quit Bye
Channel Sorting, etc can be done within Mythweb.
2.11 Postprocessing of Recordings
At first I was considering:
- http://web.aanet.com.au/~auric/?q=node/6 (Update: Site seems down, a modified version is available here: http://pastebin.com/ENMjrLKr)
- http://www.mythtv.org/wiki/Nuvexport
Unfortunaley nuvexport seems broken, it errors with problems not finding the files mentioned in mythtv mysql database.
With mythnuv2mkv I have several problems:
- It forces to resize the video because it cannot cope with anamorphic source files
- As a result it is dog slow
- Without modifications to the script as mentioned in the commentaries on the url above, it produces filenames with invalid encoding with movies with german umlauts in the title.
- It cannot preserve multichannel (dolby surround / dolby digital) audio in recordings but produces video files with only stereo sound
As a result, I know maintain my own scipt: Mythbrake
3 BackupPC
Carefull: Ubuntu und Centos 5 say backuppc, RHEL6 says BackupPC and Linux is case-sensitive
3.1 Install BackupPC from EPEL Repo
nothing to explain
3.2 Configuration of BackupPC
by editing /etc/BackupPC/config.pl, change at least:
## Path to where actual backup data is stored. $Conf{TopDir} = '/var/lib/backuppc'; ## Allowed user that you created using htpasswd. $Conf{CgiAdminUsers} = 'your_user';
3.3 Configuration for BackupPC Web Interface
by editing /etc/httpd/conf.d/BackupPC.conf:
<Directory /usr/share/BackupPC/sbin/> order deny,allow #deny from all #allow from 127.0.0.1 #allow from ::1 allow from all #might also consider allow from 192.168.0.0/24 for home network access Options ExecCGI FollowSymlinks AddHandler cgi-script .cgi AuthType Basic AuthName "BackupPC admin" AuthUserFile /etc/BackupPC/htpasswd # RHEL6 default is /etc/BackupPC/apache.users # ”htpasswd /etc/BackupPC/htpasswd yourusername” sets password require valid-user </Directory> Alias /BackupPC/images /usr/share/BackupPC/html/ ScriptAlias /BackupPC /usr/share/BackupPC/sbin/BackupPC_Admin ScriptAlias /backuppc /usr/share/BackupPC/sbin/BackupPC_Admin
3.4 Setup Users
sudo htpasswd /etc/BackupPC/htpasswd yourusername
# RHEL6 default is /etc/BackupPC/apache.users
3.5 Edit /etc/hosts
BackupPC doesn’t accept IP addresses but only hostnames
cat /etc/hosts/ #IP Address Hostname xxx.xxx.xxx.xxx Edenscar xxx.xxx.xxx.yyy Christiane
3.6 Edit /etc/BackupPC/hosts
Add your hosts and users set up under 3.4, can also be done in webinterface
3.7 Edit /etc/BackupPC/ “hostname”.pl
can also be done in webinterface
#HOSTNAME.pl $Conf{RsyncShareName} = [ '/home' ]; $Conf{BackupFilesExclude} = { '/home' => [ '/”username”/.gvfs', ] };
3.8 Setup BackupPC SSH Keys
Reminder: I have backed up my ssh keys and can just restore them to /var/lib/BackupPC/.ssh
Since concentrating on rsync backups, you’ll want to create passwordless keys used for the backuppc process to connect remotely to your hosts being backed up.
3.8.1 Generate Key on Host
As root create the hidden SSH directory under /var/lib/BackupPC and change the permissions accordingly.
cd /var/lib/BackupPC mkdir .ssh chown backuppc.backuppc .ssh chmod 700 .ssh
Next, drop in as the backuppc user. You’ll have to specify a shell because by default the backuppc user has no shell assigned to it. Then create the passwordless SSH keys using ssh-keygen.
su -s /bin/bash backuppc bash-3.2$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/var/lib/backuppc/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/backuppc/.ssh/id_dsa. Your public key has been saved in /var/lib/backuppc/.ssh/id_dsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx backuppc@host.domain.name
3.8.2 Server Key to Client
For each client you’re going to configure backups for, you’ll need to copy the key you created from the server over to the client. To do so, continue from the last step, and run the ssh-copy-id command while still logged in as the backuppc user on the server.
bash-3.2$ ssh-copy-id -i /var/lib/BackupPC/.ssh/id_dsa.pub root@host_to_backup
It should have copied the key over to the host, and then also logged you into the host with SSH.
3.8.3 Alternate possiblity to copy the key to the clients
This is more hassle, use only if the previous method does not work. Then copy the key over via
scp -P sshportnr id_dsa_pub username@client:/home/username
change to the client and do there
sudo cat /home/username/id_dsa_pub >> /root/.ssh/authorizedkeys sudo chmod 600 /root/.ssh/authorizedkeys
3.8.4 Prevent root ssh login with password
Usually you don’t need a root login via ssh and want to avoid it for security reasons. A good way to do this is to allow root logins only via the key we made above, but not with username and password. Set permitrootlogin to without-password in /etc/ssh/sshd_conf:
sudo nano /etc/ssh/sshd_conf ... permitrootlogin without-password ...
Excursus: If you furthermore dont want root to be able to login locally via password, you can disable via:
sudo passwd -l root
(the option is a small L like „lock“)
Care: Be double sure that sudo works, before you lock the root account, or else you lock yourself out from all the administrative work.
3.8.5 Troubleshooting error „Unable to read 4 bytes“
The following might help:
ssh -l root clientHostName
3.9 Further Configuration
can be done via WebFrontend at localhost/BackupPC
4 Virtualbox
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | rpm --import - cd /etc/yum.repos.d wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo yum install kernel-devel kernel-headers dkms VirtualBox-4.0
You might want to add webmin module: http://sourceforge.net/projects/webmin/files/VboxCtrl/V4.0.4/vboxctrl.wbm.gz
5 Realcrypt
Install rpm from rpmfusion
sudo yum install realcrypt
Allow users in group realcrypt to use the program:
sudo groupadd realcrypt sudo usermod -a -G realcrypt *username*
add the following to /etc/sudoers:
sudo nano /etc/sudoers ## RealCrypt Cmd Alias Cmnd_Alias REALCRYPT = /usr/bin/realcrypt, /usr/sbin/realcrypt #RealCrypt execute without passwd for group realcrypt %realcrypt ALL = NOPASSWD: REALCRYPT add to ~/.bashrc: alias realcrypt='sudo realcrypt'
6 ZFS on Linux
With the default 2.6.32.xx kernel the ZFS packages unfortunately don’t work well, I have seen kernel panics under high IO-Load.
6.1 Kernel Update
Thus we will install the kernel-lt from elrepo. See http://elrepo.org/tiki/kernel-lt for details.
sudo yum --enablerepo=elrepo-kernel install kernel-lt sudo reboot
After reboot
uname -ar
should show you are using a 3.x kernel. If not check /boot/grub/menu.lst
6.2 Install RHEL / CentOS / Scientific Linux Packages
DKMS style packages for RHEL, CentOS, and Scientific Linux are available from the zfsonlinux.org repository. These packages track the latest official upstream tag and are refreshed as new releases are made available. Packages are provided for RHEL6 (only 64bit)
To add the repository to your system install the zfs-release package as shown below. This will add the /etc/yum.repo.d/zfs.repo and required signing keys to your system. You can then install zfs like any other EPEL package using yum. As new updated packages are made available they will be detected and installed as part of the standard update process.
sudo yum localinstall --nogpgcheck http://archive.zfsonlinux.org/epel/zfs-release-1-2.el6.noarch.rpm sudo yum install zfs