Nov 06

Howto restore DFS-R Conflict data

A simple vbscript to allow recovery of DFS Replicated files that have been pushed into the ConflictAndDeleted or PreExisting folders due to misadventure.

Remember, this script must be run from a CMD prompt using cscript.exe. Don't just double-click the script.

DO NOT JUST COPY THE TEXT ON THIS SCREEN - DOWNLOAD THE SCRIPT FROM THE DOWNLOADS PAGE. OTHERWISE YOU WILL RECEIVE ERROR:

"VBSCript error: Object required: 'objXMLDoc'

Sample snippet...

CSCRIPT.EXE RESTOREDFSR.VBS

The script also requires to edit three paths (your source files, a new destination path, and the XML manifest you are calling). If you fail to edit those the script will exit with an error:

'=======================================================================
' Section must be operator-edited to provide valid paths
'=======================================================================

' Change path to specify location of XML Manifest
' Example 1: "C:\Data\DfsrPrivate\ConflictAndDeletedManifest.xml"
' Example 2: "C:\Data\DfsrPrivate\preexistingManifest.xml"

objXMLDoc.load("C:\your_replicated_folder\DfsrPrivate\ConflictAndDeletedManifest.xml") 

' Change path to specify location of source files

' Example 1: "C:\data\DfsrPrivate\ConflictAndDeleted"
' Example 2: "C:\data\DfsrPrivate\preexisting"

SourceFolder = ("C:\your_replicated_folder\DfsrPrivate\ConflictAndDeleted")

' Change path to specify output folder

OutputFolder = ("c:\your_dfsr_repair_tree")

'========================================================================

This script is an unsupported, as-is, no-warranty, last gasp, solution. If you are using it, you don’t have any backups, you are not using Previous Versions, and you are praying that you have not hit the conflictanddeleted quota (which is only 660MB by default).

This new version now properly detects all file and folder types, runs a bit faster, and no longer requires weird trailing backslashes. It does not support command-line arguments as the very idea bores me to tears.

Make sure you destroy all previous versions of this script you have lying around.

Link and script here: RestoreDFSR (recover conflicted or pre-existing files)

2
comments

Posted in DFS

Nov 06

Bacula Cheatsheet

Just a few useful commands. Note that bconsole commands can be scripted by echoing commands through a pipe to bconsole.  This is very helpful as you can see.

Check bacula job progress:

root@bcla001:~# echo "status client=dracula-fd" | bconsole | grep -i file
    Files=31,011 Bytes=507,017,314,659 Bytes/sec=13,158,002 Errors=0
    Files Examined=31,011
    Processing file: /raidvol/home/bob/o_Data/770/9V904G8FMDW6X4473B3J8Q8H1B.vxml
 JobId  Level    Files      Bytes   Status   Finished        Name

Check bacula running jobs:

root@bcla001:~# echo "list jobs" | bconsole | grep "|"
| JobId | Name | StartTime           | Type | Level | JobFiles | JobBytes | JobStatus |
| 6     | Test | 2012-09-07 17:58:29 | B    | F     | 0        | 0        | R         |

Check bacula volumes for specific Pool:

root@bcla001:~# echo "list volumes Pool=FullTest" | bconsole | grep "|"
| MediaId | VolumeName   | VolStatus | Enabled | VolBytes      | VolFiles | VolRetention | Recycle | Slot | InChanger | MediaType     | LastWritten         |
| 1       | FullTest0001 | Full      | 1       | 1862750776320 | 1863     | 15552000     | 1       | 0    | 0         | Ultrium5-SCSI | 2012-09-08 08:17:19 |
| 2       | FullTest0002 | Used      | 1       | 112992768000  | 113      | 15552000     | 1       | 0    | 0         | Ultrium5-SCSI | 2012-09-08 11:02:22 |

Flag volume full:

*update volume > Volume Status > Default > VOL034 > Full > Done

A better cheat sheet at this link: http://workaround.org/bacula-cheatsheet

Comments Off on Bacula Cheatsheet
comments

Posted in Backups

Nov 06

Bacula Relabel Tape

Some notes on what I did to erase a tape in Bacula.

unmount using bconsole

*unmount
The defined Storage resources are:
     1: File
     2: Scalar
Select Storage resource (1-2): 2
3307 Issuing autochanger "unload slot 2, drive 0" command.
3001 Device ""Drive-1" (/dev/nst0)" unmounted.

I used the library web front-end to move the tape into this drive then erased the label using operating system command mt:

root@bcla001:~# mt -f /dev/st0 rewind && mt -f /dev/st0 weof && mt -f /dev/st0 rewind

Manually label tape using bconsole. You probably want to use barcode labeling though. Look further down in this post.

*label
The defined Storage resources are:
     1: File
     2: Scalar
Select Storage resource (1-2): 2
Enter new Volume name: FullTest0002
Enter slot (0 or Enter for none): 
Defined Pools:
     1: Default
     2: File
     3: Scratch
     4: FullTest
     5: AllIncrementals
     6: AllDifferentials
     7: DiffTest
     8: IncrTest
Select the Pool (1-8): 4
Connecting to Storage daemon Scalar at bcla001:9103 ...
Sending label command for Volume "FullTest0002" Slot 0 ...
No slot defined in catalog (slot=0) for Volume "" on "Drive-1" (/dev/nst0).
Cartridge change or "update slots" may be required.
3301 Issuing autochanger "loaded? drive 0" command.
3302 Autochanger "loaded? drive 0", result is Slot 2.
3000 OK label. VolBytes=64512 DVD=0 Volume="FullTest0002" Device="Drive-1" (/dev/nst0)
Requesting to mount Drive-1 ...
3001 Device ""Drive-1" (/dev/nst0)" is mounted with Volume "FullTest0002"

check status using bconsole:

*status jobid=6
Connecting to Storage daemon Scalar at bcla001:9103

bcla001-sd Version: 5.2.6 (21 February 2012) x86_64-pc-linux-gnu debian wheezy/sid
Daemon started 07-Sep-12 17:37. Jobs: run=2, running=0.
 Heap: heap=589,824 smbytes=296,475 max_bytes=460,222 bufs=128 max_bufs=142
 Sizes: boffset_t=8 size_t=8 int32_t=4 int64_t=8 mode=0,0

Running Jobs:
Writing: Full Backup job Test JobId=6 Volume="FullTest0002"
    pool="FullTest" device="Drive-1" (/dev/nst0)
    spooling=0 despooling=0 despool_wait=0
    Files=1,047,529 Bytes=1,862,098,892,915 Bytes/sec=36,129,899
    FDReadSeqNo=36,562,344 in_msg=33718333 out_msg=5 fd=4
====
...snip
====

Device status:
Autochanger "Autochanger" with devices:
   "Drive-1" (/dev/nst0)
Device "FileStorage" is not open or does not exist.
Device "Drive-1" (/dev/nst0) is mounted with:
    Volume:      FullTest0002
    Pool:        FullTest
    Media type:  Ultrium5-SCSI
    Slot 2 is loaded in drive 0.
    Total Bytes=758,596,608 Blocks=11,758 Bytes/block=64,517
    Positioned at File=0 Block=11,759
====

Used Volume status:
FullTest0002 on device "Drive-1" (/dev/nst0)
    Reader=0 writers=1 devres=0 volinuse=1
====

====

Label using the barcode on the tape.

*label barcodes slot=11
The defined Storage resources are:
     1: File
     2: Scalar
Select Storage resource (1-2): 2
Connecting to Storage daemon Scalar at bcla001:9103 ...
3306 Issuing autochanger "slots" command.
Device "Drive-1" has 30 slots.
Connecting to Storage daemon Scalar at bcla001:9103 ...
3306 Issuing autochanger "list" command.
The following Volumes will be labeled:
Slot  Volume
==============
  11  VOL021
Do you want to label these Volumes? (yes|no): yes
Defined Pools:
     1: Default
     2: File
     3: Scratch
     4: FullTest
     5: AllIncrementals
     6: AllDifferentials
     7: DiffTest
     8: IncrTest
Select the Pool (1-8): 1
Connecting to Storage daemon Scalar at bcla001:9103 ...
Sending label command for Volume "VOL021" Slot 11 ...
3301 Issuing autochanger "loaded? drive 0" command.
3302 Autochanger "loaded? drive 0", result: nothing loaded.
3304 Issuing autochanger "load slot 11, drive 0" command.

Comments Off on Bacula Relabel Tape
comments

Posted in Backups

Nov 06

Using IMAP “Shared Folders”

Or one could also call it a poor man's MS Exchange Public Folders solution. There are several solutions that might work for this but none will probably be as easy to administer as Exchange Public Folders. However this solution does work with Outlook 2007 and 2010 clients.

Operating System
Vanilla Debian Wheezy 64bit
** Pick SSH Server, Standard system utilities

Delete my user since we will use winbind users.

# deluser rrosso

Install Dovecot server.

# apt-get install dovecot-imapd

Setup Active Directory Authentication.

# apt-get install krb5-config krb5-user libkrb5-3 libpam-krb5 samba-common samba winbind smbclient 

# cat /etc/krb5.conf 
[libdefaults] 
	default_realm = DOMAIN.COM 
	dns_lookup_realm = true 
	dns_lookup_kdc = true 

[realms] 
	DOMAIN.COM = { 
		kdc = ad1.domain.com 
		admin_server = ad1.domain.com 
	} 

# kinit administrator 
Password for administrator@DOMAIN.COM: 
# klist 
Ticket cache: FILE:/tmp/krb5cc_0 
Default principal: administrator@DOMAIN.COM 

Valid starting    Expires           Service principal 
30/04/2012 10:39  30/04/2012 20:40  krbtgt/DOMAIN.COM@DOMAIN.COM 
	renew until 01/05/2012 10:39 

In /etc/samba dir:
# cat smb.conf 
[global] 
	workgroup = DOMAIN
	realm = DOMAIN.COM 
	security = ADS 
	server string = MAIL ARCHIVE SERVER 
	load printers = no 
	password server = ad1 
	password level = 8 
	username level = 8 
	local master = no 
	domain master = no 
	preferred master = no 
	encrypt passwords = yes 
	netbios name = usmailarchserver 
	client signing = yes 
	dns proxy = no 
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY 
	wins support = No 
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/ 
	idmap uid = 10000-20000 
	idmap gid = 10000-20000 
	template shell = /bin/bash 
	template homedir = /home/%D/%U 
	winbind separator = + 
	winbind enum users = Yes 
	winbind enum groups = Yes 
	winbind use default domain = Yes 
	auth methods = winbind 
[IPC$] 
        hosts allow = 127.0.0.1,172.20.0.0/16 
        hosts deny = 0.0.0.0/0 

# /etc/init.d/winbind restart 
Stopping the Winbind daemon: winbind. 
Starting the Winbind daemon: winbind. 

# net ads join -U administrator 
Enter administrator's password: 
Using short domain name -- DOMAIN 
Joined 'USMAILARCHSERVER' to realm 'domain.com' 

# /etc/init.d/winbind restart 
Stopping the Winbind daemon: winbind. 
Starting the Winbind daemon: winbind. 

# wbinfo -u | grep -i rrosso 
rrosso 

# wbinfo -g | grep -i Infrastructure 
it infrastructure 
...snip

# grep winbind /etc/nsswitch.conf 
passwd:         compat winbind	 
group:          compat winbind 

rrosso@jamaica:~$ ssh usmailarchserver

Creating directory '/home/DOMAIN/rrosso'. 
Linux usmailarchserver 3.2.0-2-amd64 #1 SMP Sun Apr 15 16:47:38 UTC 2012 x86_64

Dovecot Setup

In /etc/dovecot/conf.d folder:
# grep location * 
10-mail.conf:mail_location = maildir:~/Maildir 

# grep winbind * 
10-auth.conf:auth_winbind_helper_path = /usr/bin/ntlm_auth 

# vi 10-mail.conf 
# When creating any namespaces, you must also have a private namespace: 
namespace { 
  type = private 
  separator = / 
  prefix = 
  #location defaults to mail_location. 
  inbox = yes 
} 
namespace { 
  type = public 
  separator = / 
  prefix = Public/ 
  location = maildir:/PublicFolders 
  subscriptions = no 
} 

# /etc/init.d/dovecot restart 
Restarting IMAP/POP3 mail server: dovecot.

Exim4 Setup

dpkg-reconfigure exim4-config 
** Pick mail sent by smarthost; received via SMTP or fetchmail 
** Accept from all hosts by deleting 127.0.0.1 entry
** Maildir format in home directory 

In /etc/exim4 folder:
# vi exim4.conf.template 
begin routers 

# This router handles special mail addresses to be 
...snip
shared_folders: 
  debug_print = "R: shared_folders for $local_part@$domain" 
  local_parts = "hostmaster:ITAlerts" 
  driver = accept 
  transport = maildir_shared_folder 

begin transports 
...snip 
maildir_shared_folder: 
  driver = appendfile 
  maildir_format = true 
  directory = /PublicFolders/.IT.${local_part}/ 
  create_directory = false 
  check_string = "" 
  escape_string = "" 
  delivery_date_add 
  envelope_to_add 
  return_path_add 
  mode = 0777 
  no_mode_fail_narrower 
  user = mail 
  group = 10000 

# ps -ef | grep exim 
101      14450     1  0 14:29 ?        00:00:00 /usr/sbin/exim4 -bd -q30m 

** We are trying to accept hostmaster@ email straight into Maildir so disable system alias for this user. 
# grep hostmaster /etc/aliases 
#hostmaster: root 

# newaliases 

# exim4 -bt hostmaster@usmailarchserver.domain.com 
R: system_aliases for hostmaster@usmailarchserver.domain.com 
R: shared_folders for hostmaster@usmailarchserver.domain.com 
hostmaster@usmailarchserver.domain.com 
  router = shared_folders, transport = maildir_shared_folder 

# exim4 -bt ITAlerts@usmailarchserver.domain.com 
R: system_aliases for italerts@usmailarchserver.domain.com 
R: shared_folders for italerts@usmailarchserver.domain.com 
ITAlerts@usmailarchserver.domain.com 
  router = shared_folders, transport = maildir_shared_folder 

# tail -f /var/log/exim4/mainlog 
2012-05-04 15:06:21 End queue run: pid=16475 
2012-05-04 15:14:31 1SQQl9-0004IN-J6  italerts  R=shared_folders T=maildir_shared_folder 
2012-05-04 15:14:31 1SQQl9-0004IN-J6 Completed 
2012-05-04 15:17:51 1SQQou-0004JG-IE  hostmaster  R=shared_folders T=maildir_shared_folder 
2012-05-04 15:17:51 1SQQou-0004JG-IE Completed 
...snip

Add a new e-mail address to drop e-mail into Maildir Folder.

In /etc/exim4 folder:
# grep hostmaster exim4.conf.template 
  local_parts = "hostmaster:ITAlerts:backupnotifications:busapps" 

# grep hostmaster /PublicFolders/mailEnabledList 
hostmaster:.IT.hostmaster 

# /etc/init.d/exim4 reload

TODO: Documentation that I have collected and need to publish here.

  • Permissions for the mailer to drop mail into the Public Folders.
  • Change to exim lookup rules for dropping off mail.
  • Provisioning a new user to access the folders still need a home dir to be created. Document how to create and setup MailDir for a new user.
  • SSL Certificate for Outlook prompts http://paulschreiber.com/blog/2008/08/01/how-to-create-a-self-signed-ssl-certificate-for-dovecot-on-debian/
  • Ensure enough Inodes for archive disk
  • Careful of where Outlook cache folders. I had to move my Data File in outlook for this account to a large enough disk.
  • Disable Outlook IMAP Attachment Downloads
  • How to troubleshoot auth_userdb_permission issues
  • Enable Dovecot debugging
  • Howto rsync folders for backups

Some useful links I encountered:
http://www.debian-administration.org/articles/275
http://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm
http://www.flatmtn.com/article/setting-exim#Exim4-6.1

Comments Off on Using IMAP “Shared Folders”
comments

Posted in IMAP

Nov 06

Recover Bacula Catalog Database After Accidental Purge of Jobs

I accidentally purged jobs from the Bacula catalog.  I recovered by using the ASCII sql export from the previous day. I am using sqlite for the DB but mysql should work similar. Read through /etc/bacula/scripts/make_catalog_backup near the end for some breadcrumbs around database recovery.

I had the following jobs in the catalog before I screwed up.

root@bcla001:~# echo "list jobs" | bconsole | grep -i dracula
| 10    | job_dracula    | 2012-09-09 11:57:11 | B    | F     | 288319   | 2234447730266 | T         |
| 13    | job_dracula    | 2012-09-14 23:58:05 | B    | F     | 288563   | 2260608426041 | T         |
| 45    | job_dracula    | 2012-10-14 00:56:53 | B    | F     | 0        | 0             | f         |
| 46    | job_dracula    | 2012-10-14 01:07:35 | B    | F     | 0        | 0             | R         |

For some reason I thought I will cleanup a bunch of failed jobs in the catalog using purge. Hindsight is 20 / 20 as they say....

*purge 

This command can be DANGEROUS!!!

It purges (deletes) all Files from a Job,
JobId, Client or Volume; or it purges (deletes)
all Jobs from a Client or Volume without regard
to retention periods. Normally you should use the
PRUNE command, which respects retention periods.
You have the following choices:
     1: files
     2: jobs
     3: volume
Choose item to purge (1-3): 2
The defined Client resources are:
     1: bcla001-fd
     2: server002-fd
     3: dracula-fd
Select Client (File daemon) resource (1-3): 3
Begin purging jobs from Client "dracula-fd"
No Files found for client dracula-fd to purge from MyCatalog catalog.

Rebuild the DB as follow. Stopping bacula services first.

root@bcla001:/var/lib# /etc/init.d/bacula-director stop
[ ok ] Stopping Bacula Director...: bacula-dir.
root@bcla001:/var/lib# /etc/init.d/bacula-fd stop
[ ok ] Stopping Bacula File daemon...: bacula-fd.
root@bcla001:/var/lib# /etc/init.d/bacula-sd stop
[ ok ] Stopping Bacula Storage daemon...: bacula-sd.

root@bcla001:/var/lib# ps -ef | grep bacula

root@bcla001:/var/lib/bacula# mv bacula.db bacula.db.101312

root@bcla001:/var/lib/bacula# sqlite3 bacula.db < bacula.sql

root@bcla001:/var/lib/bacula# chown bacula.bacula bacula.db

root@bcla001:/var/lib/bacula# ls -lh bacula.db
-rw-r--r-- 1 bacula bacula 1.1G Oct 14 00:43 bacula.db

root@bcla001:/var/lib/bacula# /etc/init.d/bacula-sd start
[ ok ] Starting Bacula Storage daemon...: bacula-sd.
root@bcla001:/var/lib/bacula# /etc/init.d/bacula-fd start
[ ok ] Starting Bacula File daemon...: bacula-fd.
root@bcla001:/var/lib/bacula# /etc/init.d/bacula-director start
[ ok ] Starting Bacula Director...: bacula-dir.

root@bcla001:/var/lib/bacula# ps -ef | grep bacula
bacula    8961     1  0 00:46 ?        00:00:00 /usr/sbin/bacula-sd -c /etc/bacula/bacula-sd.conf -u bacula -g tape
root      9006     1  0 00:46 ?        00:00:00 /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
bacula    9036     1  0 00:46 ?        00:00:00 /usr/sbin/bacula-dir -c /etc/bacula/bacula-dir.conf -u bacula -g bacula

Comments Off on Recover Bacula Catalog Database After Accidental Purge of Jobs
comments

Posted in Backups

Nov 06

Find and Remove Old Files on Linux 

bash-3.00# find FOO/*bar* -mtime +30 -exec ls -lh {} \;
-rwxrwxrwx   1 143      staff        16G Jul 13 04:08 FOO/bar_backup_201207130403.bak
...snip
-rwxrwxrwx   1 143      staff        16G Sep 12 18:34 FOO/bar_backup_201209121827.bak

bash-3.00# find FOO/*bar* -mtime +30 -exec rm -f {} \;

bash-3.00# find FOO/*bar* -mtime +30 -exec ls -lh {} \;

Comments Off on Find and Remove Old Files on Linux
comments

Posted in Bash, Linux

Nov 06

KVM VM Rename and Logical Volume Rename

I recently provisioned a Virtual Machine in a KVM Hypervisor with a typo in the name. Even worse I also created the storage LV with a typo. Here is how I fixed it. Off course shut the VM down first.

LV Rename

# lvrename VolumeGroup oldLVname newLVname
  Renamed "oldLVname" to "newLVname" in volume group "VolumeGroup"

Change reference to storage in VM XML

# virsh edit oldVMname
Domain oldVMname XML configuration edited.

# grep newLVname oldVMname.xml

Recreate VM

# virsh dumpxml oldVMname > /tmp/newVMname.xml

# virsh undefine oldVMname
Domain newVMname has been undefined

# grep newVMname /tmp/newVMname.xml 
  newVMname
      

# virsh define /tmp/newVMname.xml 
Domain newVMname defined from /tmp/newVMname.xml

# virsh list --all
 Id Name                 State
----------------------------------
  7 aVMname            running
  - newVMname         shut off

# virsh start newVMname
Domain newVMname started

Comments Off on KVM VM Rename and Logical Volume Rename
comments

Posted in KVM, LVM

Nov 06

How to Rename your Logical Volume Group

Boot a Linux live CD. I used Fedora which I know has LVM enabled in the kernel at boot time.

# vgchange -a y
  5 logical volume(s) in volume group "locallvm" now active

# mkdir /mnt/a

# mount /dev/locallvm/root /mnt/a

** Figure out where your /boot physical partition lives. This one was sda2 but it could easily be /dev/sda1 also.

# mount /dev/sda2 /mnt/a/boot

# ls /mnt/a/boot/
abi-3.0.0-12-server         memtest86+.bin
config-3.0.0-12-server      memtest86+_multiboot.bin
grub                        System.map-3.0.0-12-server
initrd.img-3.0.0-12-server  vmcoreinfo-3.0.0-12-server
lost+found                  vmlinuz-3.0.0-12-server

# mount -o bind /sys /mnt/a/sys
** Note:  if –o dev and –o proc don’t work, use –o bind for the next two
# mount -o dev /dev /mnt/a/dev
# mount -o proc /proc /mnt/a/proc

# chroot /mnt/a /bin/bash

Run update-grub
** If /run/lock does not exist, create the directory or else update-grub will fail since /var/lock is linked to /run/lock.

Use ls /boot to find the most current kernel and then run mkinitramfs on it.

mkinitramfs -k -o /boot/initrd.img-3.2.0-29-generic -v 3.2.0-29-generic

This next step is important and you need to do it before you reboot. If necessary change /etc/fstab references to point to new VG name.

Type exit. Choose reboot system from menu. Eject the CD so we don’t boot off CD by default.

Comments Off on How to Rename your Logical Volume Group
comments

Posted in LVM

Nov 06

Windows Update for Microsoft .NET Framework 4 Fails

For quite a while I have not been able to get the Microsoft .NET Framework 4 update to work on a WIndows 7 64bit box. So if you experience the same issue with clients this might be helpful.

In short the fix is:
go to control panel click uninstall programs, find >Net framework 4 client profile file , then click right and do repair file ,install part worked fine right after

Full detail here:
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-7-error-code-66a-cant-install-kb2160841/11b6b2c5-e780-4343-9de5-ffa4619f45c4

Comments Off on Windows Update for Microsoft .NET Framework 4 Fails
comments

Posted in Windows

Nov 06

Windows 7 Samba and Squid Authentication Issue

With advances in Samba authentication, the squid proxy can use Active Directory authentication.

In addition MS Internet Explorer can use the “Integrated Security” feature which means no password box popping up when accessing the Internet.  In my case Windows 7 authentication was not working through a squid proxy.  Meaning samba authentication was not working.

Below it the fix for Windows 7 clients.

Root cause as shown in /var/log/samba/log.wb-YOUR_DOMAIN:

[2009/05/29 10:18:11, 0] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1763)
winbindd_pam_auth_crap: invalid password length 24/300

 

Fix on Windows 7 client:

  1. Control Panel > System and Security  > Administrative Tools
  2. Open, Local Security Policy Computer Management
  3. Local Policies > Security Options > Network Security: LAN Manager Authentication level Properties
  4. Set to "Send LM & NTLM - use NTLMv2 session security if negotiated
    *** Might be set to Not Defined at first

Comments Off on Windows 7 Samba and Squid Authentication Issue
comments

Posted in LDAP

Newer Entries »