martedì 26 agosto 2014

FreeBSD: Subversion service configuration - basic example

SOFTWARE INSTALLATION

root@fbsd1:~ # pkg install subversion
Updating repository catalogue
FreeBSD repository is up-to-date
All repositories are up-to-date
The following 7 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        subversion: 1.8.10
        serf: 1.3.7
        apr: 1.5.1.1.5.3_3
        expat: 2.1.0_1
        sqlite3: 3.8.5_1
        gdbm: 1.11_2
        db48: 4.8.30.0_2

The process will require 32 MB more space
5 MB to be downloaded

Proceed with this action [y/N]: y
Fetching subversion-1.8.10.txz: 100% of 2 MB
Fetching serf-1.3.7.txz: 100% of 76 KB
Fetching apr-1.5.1.1.5.3_3.txz: 100% of 393 KB
Fetching expat-2.1.0_1.txz: 100% of 99 KB
Fetching sqlite3-3.8.5_1.txz: 100% of 654 KB
Fetching gdbm-1.11_2.txz: 100% of 143 KB
Fetching db48-4.8.30.0_2.txz: 100% of 915 KB
Checking integrity... done (0 conflicting)
[1/7] Installing expat-2.1.0_1: 100%
[2/7] Installing gdbm-1.11_2: 100%
[3/7] Installing db48-4.8.30.0_2: 100%
[4/7] Installing apr-1.5.1.1.5.3_3: 100%
[5/7] Installing serf-1.3.7: 100%
[6/7] Installing sqlite3-3.8.5_1: 100%
[7/7] Installing subversion-1.8.10: 100%
root@fbsd1:~ #

REPOSITORY CREATION

root@fbsd1:/m1pool/m1fs # svnadmin create /m1pool/m1fs/repos
root@fbsd1:/m1pool/m1fs #

root@fbsd1:/m1pool/m1fs # grep svn /etc/services
svn             3690/tcp   #Subversion
svn             3690/udp   #Subversion
root@fbsd1:/m1pool/m1fs #

root@fbsd1:/m1pool/m1fs # cd repos
root@fbsd1:/m1pool/m1fs/repos # find .
.
./hooks
./hooks/pre-commit.tmpl
./hooks/pre-revprop-change.tmpl
./hooks/post-lock.tmpl
./hooks/start-commit.tmpl
./hooks/post-unlock.tmpl
./hooks/pre-lock.tmpl
./hooks/pre-unlock.tmpl
./hooks/post-revprop-change.tmpl
./hooks/post-commit.tmpl
./format
./README.txt
./locks
./locks/db-logs.lock
./locks/db.lock
./conf
./conf/hooks-env.tmpl
./conf/svnserve.conf
./conf/authz
./conf/passwd
./db
./db/txn-current
./db/txn-protorevs
./db/write-lock
./db/transactions
./db/uuid
./db/format
./db/txn-current-lock
./db/revs
./db/revs/0
./db/revs/0/0
./db/fsfs.conf
./db/min-unpacked-rev
./db/revprops
./db/revprops/0
./db/revprops/0/0
./db/fs-type
./db/current
root@fbsd1:/m1pool/m1fs/repos #

BASIC CONFIGURATION

root@fbsd1:/m1pool/m1fs/repos/conf # mv svnserve.conf svnserve.conf~; cp svnserve.conf~ svnserve.conf
root@fbsd1:/m1pool/m1fs/repos/conf # vi svnserve.conf
root@fbsd1:/m1pool/m1fs/repos/conf # diff svnserve.conf~ svnserve.conf
19,20c19,20
< # anon-access = read
< # auth-access = write
---
> anon-access = none
> auth-access = write
27c27
< # password-db = passwd
---
> password-db = passwd
42c42
< # groups-db = groups
---
> groups-db = groups
47c47
< # realm = My First Repository
---
> realm = Marco Repository
54c54
< # force-username-case = none
---
> force-username-case = none
61c61
< # hooks-env = hooks-env
---
> hooks-env = hooks-env
root@fbsd1:/m1pool/m1fs/repos/conf # ed passwd
309
a
marco = MYPASSWORD
.
w
326
q
root@fbsd1:/m1pool/m1fs/repos/conf # ed /etc/rc.conf
251
a
svnserve_enable="YES"
svnserve_data="/m1pool/m1fs/repos"
svnserve_flags="-d --listen-port=3690 --listen-host 192.168.0.11"
.
w
374
q
root@fbsd1:/m1pool/m1fs/repos/conf # pw groupadd -n svn -g 90
root@fbsd1:/m1pool/m1fs/repos/conf # pw useradd -n svn -u 90 -g svn -d /nonexistent -s /nonexistent
root@fbsd1:/m1pool/m1fs/repos/conf # chown -R svn:svn /m1pool/m1fs/repos
root@fbsd1:/m1pool/m1fs/repos/conf # service svnserve start
Starting svnserve.
root@fbsd1:/m1pool/m1fs/repos/conf # service svnserve status
svnserve is running as pid 3714.
root@fbsd1:/m1pool/m1fs/repos/conf #

IMPORTING THE DATA

root@fbsd1:/m1pool/m1fs/repos/conf # cd ~marco
root@fbsd1:~marco # svn import src file:///m1pool/m1fs/repos/marco/src -m "initial import"
...
Committed revision 1.
root@fbsd1:~marco #


[marco@othersystem ~]$ svn import src/ svn://192.168.0.11/othersys/src -m "initial import"
Authentication realm:  Marco Repository
Password for 'marco': 
Adding         ...

Committed revision 5.
[marco@othersystem ~]$ 

$ svn co svn://192.168.0.11/othersys
Authentication realm:  Marco Repository
Password for 'marco': ********

A    othersys/src
...

Checked out revision 5.
$

LINKS

giovedì 14 agosto 2014

FreeBSD: gpg 2.x ends with error because pinentry is not installed

PROBLEM

$ gpg ciphered.tar.gpg
gpg: 3DES encrypted data
gpg-agent[1264]: can't connect to the PIN entry module: IPC connect call failed
gpg-agent[1264]: command get_passphrase failed: No pinentry
gpg: problem with the agent: No pinentry
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
$

SOLUTION

root@fbsd1:/home/marco # pkg install pinentry
Updating repository catalogue
FreeBSD repository is up-to-date
All repositories are up-to-date
The following 85 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        pinentry: 0.8.3_1
[...]
        xprop: 1.2.2

The process will require 669 MB more space
128 MB to be downloaded

Proceed with this action [y/N]: n
root@fbsd1:/home/marco # pkg
pkg: not enough arguments
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c ] [-C ] [-R ] [-o var=value]  []


For more information on available commands and options see 'pkg help'.
root@fbsd1:/home/marco # pkg help
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c ] [-C ] [-R ] [-o var=value]  []
[...]

Commands supported:
[...]
        search         Performs a search of package repository catalogues
[...]
root@fbsd1:/home/marco # pkg search pinentry
pinentry-0.8.3_1
pinentry-curses-0.8.3
pinentry-gtk-0.8.3
pinentry-gtk2-0.8.3
pinentry-qt4-0.8.3
root@fbsd1:/home/marco # pkg install pinentry-curses
Updating repository catalogue
FreeBSD repository is up-to-date
All repositories are up-to-date
The following 1 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        pinentry-curses: 0.8.3

The process will require 78 KB more space
30 KB to be downloaded

Proceed with this action [y/N]: y
Fetching pinentry-curses-0.8.3.txz: 100% of 30 KB
Checking integrity... done (0 conflicting)
[1/1] Installing pinentry-curses-0.8.3: 100%
root@fbsd1:/home/marco #

$ gpg ciphered.tar.gpg
gpg: 3DES encrypted data

  lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
  x Enter passphrase                                    x
  x                                                     x
  x                                                     x
  x Passphrase **************************************__ x
  x                                                     x
  x       [OK]                             [Cancel]     x
  mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
$ ls
ciphered.tar            ciphered.tar.gpg        prova
$

SMB (SAMBA) file server on ZFS filesystem managed by FreeBSD on HyperV guest host

Subject

This article shows the configuration of a file server with these characteristics:

  • service: SMB,
  • filesystem: ZFS,
  • operating system: FreeBSD 10.0-RELEASE,
  • hardware: virtualized with Hyper-V (Windows 8 Pro).

Objective

The purpose is to archive the most important data on a filesystem that can minimize the risk of data corruption, as discussed in this article: arstechnica.com/information-technology/2014/01/bitrot-and-atomic-cows-inside-next-gen-filesystems.

This is a home setup, for me all this infrastructure has the only purpose to prevent data corruption, data will be duplicated and checksummed by the ZFS filesystem, but on just one physical drive. For helping against data loss caused by hardware failure, I will do a backup copy of the virtual drive with the data on external physical hard drives.

Creating the virtual machine

I created the virtual machine using the Hyper-V management console:

  • RAM: 1GB,
  • network: connected to a virtual switch,
  • virtual hard drive: 32GB - dynamic expansion,
  • management options: always start at boot time.

Installing and configuring the operating system

I installed FreeBSD on the virtual machine.

I created a non-root user and I added it to the wheel group, so it is possible for me to connect to the system by ssh and to manage it by becoming root using the "su" command.

I modified the network interface card configuration as it is explained there: coreboarder.com/blog/?p=15.

After installing FreeBSD on a Hyper-V machine I had no network connection.
The solution is to modify rc.conf that DHCP will always work on boot
Edit /etc/rc.conf:
Comment the following with a “#”:
ifconfig_YOURNICID
Add the following:
ifconfig_YOURNICID=”SYNCDHCP media 100baseTX mediaopt full-duplex”
Save
Done

I restarted the operating system and when it was up again, I connected to it and I tested the network connectivity.

See 20.2.1.3. Loader Tunables - The Z File System (ZFS) - FreeBSD Handbook.

The settings suggested in the above document gave me this warning:

ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
Consider tuning vm.kmem_size and vm.kmem_size_max in /boot/loader.conf.

So I configured these settings:

root@fbsd1:~ # ed  /boot/loader.conf
a
vm.kmem_size="512M"
vm.kmem_size_max="512M"
vfs.zfs.arc_max="40M"
vfs.zfs.vdev.cache.size="5M"
.
w
q
root@fbsd1:~ #

I powered off the system with the "poweroff" commmand of the operating system.

Adding a virtual hard disk for the data

From the Hyper-V management console I added a virtual hard disk, which will contain the ZFS filesystem where the data will be stored. I added it on the IDE controller 1, I created it as a VHDX with dynamic expasion, of 300GB.

I powered on the virtual machine and I used the command "dmesg" to understand the name of the newly added device (the virtual hard disk):

dmesg
...
da1 at blkvsc1 bus 0 scbus2 target 1 lun 0
da1:  Fixed Direct Access SCSI-4 device
da1: 300.000MB/s transfers
da1: Command Queueing enabled
da1: 307200MB (629145600 512 byte sectors: 255H 63S/T 39162C)
...

Preparing the aread for the data

I created the ZFS pool and filesystem, see also 20.2.2.1. Single Disk Pool - The Z File System (ZFS) - FreeBSD Handbook.

root@fbsd1:~ # cd /
root@fbsd1:/ # zpool create m1pool /dev/da1
root@fbsd1:/ # zfs create m1pool/m1fs
root@fbsd1:/ # zfs set copies=3 m1pool/m1fs
root@fbsd1:/ # df -g
Filesystem  1G-blocks Used Avail Capacity  Mounted on
/dev/da0p2         36    2    31     7%    /
devfs               0    0     0   100%    /dev
m1pool            293    0   293     0%    /m1pool
m1pool/m1fs       293    0   293     0%    /m1pool/m1fs
root@fbsd1:/ #

Starting from now I can verify the data manually:

root@fbsd1:/ # zpool status m1pool
  pool: m1pool
 state: ONLINE
  scan: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        m1pool      ONLINE       0     0     0
          da1       ONLINE       0     0     0

errors: No known data errors
root@fbsd1:/ # zpool scrub m1pool
root@fbsd1:/ # echo $?
0
root@fbsd1:/ #

I created an user just for being used with the SMB service, I created it with its home directory inside the ZFS filesystem.

root@fbsd1:/m1pool/m1fs # adduser -d /m1pool/m1fs -s nologin -u 1000 -w random
Username: m1user
Full name: Marco SMB Access
Uid [1000]:
Login group [m1user]:
Login group is m1user. Invite m1user into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [nologin]:
Home directory [/m1pool/m1fs/m1user]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [yes]:
Lock out the account after creation? [no]:
Username   : m1user
Password   : 
Full Name  : Marco SMB Access
Uid        : 1000
Class      :
Groups     : m1user
Home       : /m1pool/m1fs/m1user
Home Mode  :
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (m1user) to the user database.
adduser: INFO: Password for (m1user) is: RANDOMPASSWORDISHERE
Add another user? (yes/no): no
Goodbye!
root@fbsd1:/m1pool/m1fs #

Coonfiguring the SMB service (SAMBA)

See 28.10. File and Print Services for Microsoft® Windows® Clients (Samba) - FreeBSD Handbook

root@fbsd1:/ # pkg
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.3.6: 100%
Message for pkg-1.3.6:
 If you are upgrading from the old package format, first run:

  # pkg2ng
pkg: not enough arguments
Usage: pkg [-v] [-d] [-l] [-N] [-j |-c ] [-C ] [-R ] [-o var=value]  []


For more information on available commands and options see 'pkg help'.
root@fbsd1:/ # pkg install net/samba36
Updating repository catalogue
Fetching meta.txz: 100% of 940 B
Fetching digests.txz: 100% of 2 MB
Fetching packagesite.txz: 100% of 5 MB

Adding new entries: 100%
Incremental update completed, 23314 packages processed:
0 packages updated, 0 removed and 23314 added.
Updating database digests format: 100%
The following 13 packages will be affected (of 0 checked):

New packages to be INSTALLED:
        samba36: 3.6.24_2
        libsunacl: 1.0
        cups-client: 1.7.3_2
        openldap-client: 2.4.39_1
        tevent: 0.9.21
        python27: 2.7.8_2
        gettext: 0.18.3.1_1
        indexinfo: 0.2
        python2: 2_3
        talloc: 2.1.0
        tdb: 1.2.13,1
        pkgconf: 0.9.6_1
        popt: 1.16

The process will require 194 MB more space
34 MB to be downloaded

Proceed with this action [y/N]: y
Fetching samba36-3.6.24_2.txz: 100% of 21 MB
Fetching libsunacl-1.0.txz: 100% of 8 KB
Fetching cups-client-1.7.3_2.txz: 100% of 760 KB
Fetching openldap-client-2.4.39_1.txz: 100% of 995 KB
Fetching tevent-0.9.21.txz: 100% of 43 KB
Fetching python27-2.7.8_2.txz: 100% of 8 MB
Fetching gettext-0.18.3.1_1.txz: 100% of 2 MB
Fetching indexinfo-0.2.txz: 100% of 6 KB
Fetching python2-2_3.txz: 100% of 2 KB
Fetching talloc-2.1.0.txz: 100% of 48 KB
Fetching tdb-1.2.13,1.txz: 100% of 77 KB
Fetching pkgconf-0.9.6_1.txz: 100% of 23 KB
Fetching popt-1.16.txz: 100% of 62 KB
Checking integrity... done (0 conflicting)
[1/13] Installing indexinfo-0.2: 100%
[2/13] Installing gettext-0.18.3.1_1: 100%
[3/13] Installing python27-2.7.8_2: 100%
[4/13] Installing python2-2_3: 100%
[5/13] Installing talloc-2.1.0: 100%
[6/13] Installing pkgconf-0.9.6_1: 100%
[7/13] Installing libsunacl-1.0: 100%
===> Creating users and/or groups.
Creating group 'cups' with gid '193'.
Creating user 'cups' with uid '193'.
[8/13] Installing cups-client-1.7.3_2: 100%
[9/13] Installing openldap-client-2.4.39_1: 100%
[10/13] Installing tevent-0.9.21: 100%
[11/13] Installing tdb-1.2.13,1: 100%
[12/13] Installing popt-1.16: 100%
[13/13] Installing samba36-3.6.24_2: 100%
root@fbsd1:/ # cp /usr/local/share/examples/samba36/smb.conf.default /usr/local/etc/smb.conf
root@fbsd1:/ # vi /usr/local/etc/smb.conf
(esempio delle modifiche effettuate)
root@fbsd1:/m1pool/m1fs # diff /usr/local/share/examples/samba36/smb.conf.default /usr/local/etc/smb.conf
26c26
<    workgroup = MYGROUP
---
>    workgroup = WORKGROUP
41c41
< ;   hosts allow = 192.168.1. 192.168.2. 127.
---
>    hosts allow = 192.168.0.4 192.168.0.11  127.
45c45
<    load printers = yes
---
>    load printers = no
root@fbsd1:/m1pool/m1fs # echo 'samba_enable="YES"' >> /etc/rc.conf
root@fbsd1:/m1pool/m1fs # service samba start
Removing stale Samba tdb files:  done
Starting nmbd.
Starting smbd.
root@fbsd1:/m1pool/m1fs # smbpasswd -a m1user
New SMB password:
Retype new SMB password:
Added user m1user.
root@fbsd1:/m1pool/m1fs #