[root@lxc] lxc-create -nwebserver -t fedora
[root@lxc] lxc-start -nwebserver -d
[root@lxc] lxc-attach -nwebserver -- yum update
[root@lxc] lxc-attach -nwebserver -- yum install tomcat maven git -y
[root@lxc] lxc-attach -nwebserver -- systemctl start tomcat
[root@lxc] lxc-attach -nwebserver -- systemctl enable tomcat
[root@lxc] lxc-attach -nwebserver -- git clone https://git.epfl.ch/repo/lxc-python.git /root/mybackup-repo
[root@lxc] lxc-attach -nwebserver -- mvn package -f=/root/mybackup-repo/webapp/mybackup/pom.xml
[root@lxc] lxc-attach -nwebserver -- cp /root/mybackup-repo/webapp/mybackup/target/myBackup.war /usr/share/tomcat/webapps
[root@lxc] ./lxcworker/lxctests.py addRedirectToContainer 8080 10.0.0.92 webserver tcp

Done ! You cann acces the server on the private IP (10.0.0.92) or public IP (128.178.209.165)

128.178.209.165 => quatrava.mybackup.epfl.ch

We need this in order to manipulate /etc/hosts file and other..

wget https://github.com/hercules-team/python-augeas/archive/master.zip
python3 setup.py build
python3 setup.py install
yum install augeas-libs

Clone the container, start it and link the public ip samba ports to the container ip samba ports

[root@lxc]# ./lxctests.py cloneAndStartContainer mybackup.golden.10_10_2014 mybackup-2
[root@lxc]# ./lxctests.py addRedirectToContainer 137 10.0.0.92 mybackup-2 tcp
[root@lxc]# ./lxctests.py addRedirectToContainer 137 10.0.0.92 mybackub-2 udp
[root@lxc]# ./lxctests.py addRedirectToContainer 138 10.0.0.92 mybackup-2 tcp
[root@lxc]# ./lxctests.py addRedirectToContainer 138 10.0.0.92 mybackup-2 udp
[root@lxc]# ./lxctests.py addRedirectToContainer 139 10.0.0.92 mybackup-2 tcp
[root@lxc]# ./lxctests.py addRedirectToContainer 139 10.0.0.92 mybackup-2 udp
[root@lxc]# lxc-attach -n mybackup-2
[root@mybackup /]#

• /etc/samba/smb.conf (add or modify)

  security = user
  #passdb backend = tdbsam
  passdb backend = ldapsam:ldap://scoldap.epfl.ch
  ldap suffix = o=epfl,c=ch
  ldap admin dn = cn=samba-mybackup,ou=services,o=epfl,c=ch
  ldap ssl = no
      

Add the ldap password to samba:

[root@mybackup]# smbpasswd -w <password>
Setting stored password for "cn=samba-mybackup,ou=services,o=epfl,c=ch" in secrets.tdb

[root@mybackup]# systemctl restart smb nmb
oct. 10 09:55:45 mybackup-2 systemd[1]: Starting Samba SMB Daemon...
oct. 10 09:55:45 mybackup-2 systemd[1]: smb.service: Supervising process 720 which is not our child. We'll most likely not notice when it exits.
oct. 10 09:55:45 mybackup-2 smbd[720]: [2014/10/10 09:55:45.274373,  0] ../source3/passdb/pdb_ldap.c:6529(pdb_ldapsam_init_common)
oct. 10 09:55:45 mybackup-2 smbd[720]: pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
oct. 10 09:55:45 mybackup-2 smbd[720]: [2014/10/10 09:55:45.274525,  0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name)
oct. 10 09:55:45 mybackup-2 smbd[720]: pdb backend ldapsam:ldap://scoldap.epfl.ch did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
oct. 10 09:55:45 mybackup-2 systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
oct. 10 09:55:45 mybackup-2 systemd[1]: Failed to start Samba SMB Daemon.
oct. 10 09:55:45 mybackup-2 systemd[1]: Unit smb.service entered failed state.

It’s a fail. Apparently, Samba cannot hook to the traditional LDAP authentication mecanism and needs an LDAP with the samba schema:

• wiki.samba.org
• Ubuntu on creating samba ldap schema

I should talk to Claude..

Added worker and producer scripts which allows to communicate with the servers containing the containers. Only one command implemented..more to come !

Scripts:

• lxcworker.py - runs on server and waits for commands
  • Launch with

    nohup python3 lxcworker.py &
            

• lxcproducer.py - allows to send the command to thje servers and wait for response
  • Launch with:

    python3 lxcproducer.py lxc.server.* getcontainers
            

Predrag has added some python scripts for:

• manipulation of iptables (DNAT routing from public IP to private container IP)
• clone and start the container
• add users
• etc..

This is my first python code, so forgive my camel-case ..

In order to use the scripts you should install python3-iptables from here:

yum install python3-devel -y
unzip  python3.zip
cd python-iptables-python3
python3 setup.py build
python3 setup.py install

You need also:

yum install python3-lxc

You should also install pika for python3. Don’t remember from where I have got it, probably from here.

Scripts:

• lxcproc.py - contains all the procedures
• lxctests.py - contains the frontend to the procedures

[root@lxc]# ./lxctests.py 
please specify a command from :
   listRulesOnDPort [port]
   deleteRulesOnDPort [port]
   addRedirect [port sourceIP destinationIP]
   addRedirectToContainer [port sourceIP containerName]
   deleteRulesForSourceIP [ip]
   deleteRulesForDestIP [ip]
   cloneAndStartContainer [source_name new_name]
   getContainerIP [container_name]
   printContainers
   addUserToContainer [username container_name]
   listRealUsersInContainer [container_name]
   deleteRedirectToContainer [containerName]

Example:

[root@lxc]# ./lxctests.py listRulesOnDPort 548
DNAT from: 10.0.0.92/255.255.255.255:548 redirect to 192.168.58.38:548

[root@lxc lxcworker]# ./lxctests.py printContainers
{
   "containers": [
       {
           "centos-1": {
               "name": "centos-1",
               "state": "STOPPED"
           }
       },
       {
           "fedora-1": {
               "name": "fedora-1",
               "state": "STOPPED"
           }
       },
       {
           "mybackup-1": {
               "IPv4": "192.168.58.38",
               "IpForwards": [
                   {
                       "dest": "192.168.58.38",
                       "port": "548",
                       "source": "10.0.0.92"
                   }
               ],
               "MAC": "00:16:3e:9f:a3:09",
               "name": "mybackup-1",
               "state": "RUNNING"
           }
       },
       {
           "mybackup.golden.24_09_2014": {
               "name": "mybackup.golden.24_09_2014",
               "state": "STOPPED"
           }
       },
       {
           "titi": {
               "name": "titi",
               "state": "STOPPED"
           }
       },
       {
           "titi2": {
               "name": "titi2",
               "state": "STOPPED"
           }
       }
   ],
   "hostIP": "10.0.0.92",
   "hostname": "lxc.novalocal"
}

Predrag has installed dnsmasq as the DNS resolver:

• /etc/dnsmasq-dns.conf

  port=53
  resolv-file=/etc/resolv.dnsmasq.conf
  interface=eth0
  no-dhcp-interface=eth0
  domain=mybackup.epfl.ch
  bind-interfaces
  addn-hosts=/etc/hosts
      

• /etc/resolv.dnsmasq.conf

  search epfl.ch novalocal
  nameserver 128.178.15.7
  nameserver 128.178.15.8
      

• /etc/hosts

  128.178.209.165 quatrava.mybackup.epfl.ch
  128.178.209.165 pviceic.mybackup.epfl.ch
      

[root@dns]#  dnsmasq --conf-file=/etc/dnsmasq-dns.conf

Predrag has configured pam_ldap for netatalk + gaspar authentication. It works with this build for fc20. I have built this RPM with the instructions from here. Don’t forget to

sudo yum install nss-pam-ldapd -y

You shoud also edit the following files:

• /etc/nsswitch.conf - add or modify the following lines

  passwd:     files ldap
  shadow:     files ldap
  group:      files ldap
      

• /etc/pam.d/netatalk

  auth    required        pam_ldap.so     try_first_pass
  account required        pam_ldap.so     try_first_pass
  session required        pam_permit.so
      

• /etc/afp.conf

  ;
  ; Netatalk 3.x configuration file
  ;
  
  [Global]
  ; Global server settings
  admin auth user =  root
  uam list = uams_dhx_pam.so uams_dhx2_pam.so
  
  ; LDAP config
  
  ldap server = scoldap.epfl.ch
  ldap auth method = none
  ldap userbase = ou=users,o=epfl,c=ch
  ldap userscope = one
  ldap groupbase = ou=groups,o=epfl,c=ch
  ldap groupscope = one
  ldap uuid attr = uniqueIdentifier
  ldap uuid string = xxxxxx
  ldap name attr = uid
  ldap group attr = cn
  
  [Homes]
  basedir regex = /home
  time machine = yes
      

Predrag has configured a simple Linux container ( fedora 20) with samba and netatalk runing:

• The home directory is mounted directly in the container (/home) from a virtual machine over the NFSv3
• Home directory samba-user is used for samba and afp-user is used for afp
  • Samba access : smb://samba-user@128.178.209.165
  • Samba pwd: JGHRlVgXcdg
  • AFP acces: afp://afp-user@128.178.209.165
  • AFP pwd: predrag

Predrag set up Samba and BURP servers in a LXC container, ready to be copied cookie-cutter style.

Samba access: 128.178.1.235, user samba-user, password predrag BURP access: 128.178.1.235, user dominique, password abcdefgh

Dominique configured his Mac (OSX 10.9.4, French) to back up to the sample Docker container. Reference documentation: on InsanelyMac, on LifeHacker (since getting the script is a pain on both, I attached it below)

• Need to create a “sparse bundle” first:

  NAME=`scutil --get ComputerName`;
  hdiutil create -size ${SIZE}G -fs HFS+J -type SPARSEBUNDLE -volname 'Time Machine Backups' "${NAME}.sparsebundle"
      

  • This only succeeds on the local disk; doing that directly on the Samba share fails with “operation not supported” (and hdutil deletes the directory it created before exiting).
  • Setting up the UUID in a plist file as per the script seems to have no effect whatsoever (doesn’t change the fact that sudo tmutil setdestination is required, see below)
• Then, copy the sparse bundle to Samba:

  mv "$NAME".sparsebundle /Volumes/samba-user/
      

• Setting TMShowUnsupportedNetworkVolumes as per the LifeHacker article, seems to no longer have any effect. What does work is to mount the newly created sparsebundle (double-click it in the Finder), then:

  sudo tmutil setdestination /Volumes/Time\ Machine\ Backups/
      

• Once this is done, Time Machine remembers all it needs to know and is smart enough to mount the SMB share, then the sparsebundle, upon attempting to start a backup. (You can even see the spinning arrows next to the mounted sparsebundle in the Finder).

Notes for later:

• Despite Predrag’s fear on the topic it looks like netatalk does support Time Machine. We should give that a try.

#!/bin/bash
# A bash script to create a time machine disk image suitable for
# backups with OS X 10.6 (Snow Leopard)
# This script probably only works for me, so try it at your own peril!
# Use, distribute, and modify as you see fit but leave this header intact.
# (R) sunkid - September 5, 2009

usage ()
{
     echo ${errmsg}"\n"
     echo "makeImage.sh"
     echo "	usage: makeImage.sh size [directory]"
     echo "	Create a disk image with a max storage size of <size> and copy it"
     echo "	to your backup volume (if specified)"
}

# test if we have two arguments on the command line
if [ $# -lt 1 ]
then
    usage
    exit
fi

# see if there are two arguments and we can write to the directory
if [ $# == 2 ]
then
	if [ ! -d $2 ]
	then
 		errmsg=${2}": No such directory"
    	usage
    	exit
	fi
	if [ ! -w $2 ]
	then
		errmsg="Cannot write to "${2}
		usage
    	exit
	fi
fi

SIZE=$1
DIR=$2
NAME=`scutil --get ComputerName`;
UUID=`system_profiler | grep 'Hardware UUID' | awk '{print $3}'`

# get busy
echo -n "Generating disk image ${NAME}.sparsebundle with size ${SIZE}GB ... "
hdiutil create -size ${SIZE}G -fs HFS+J -type SPARSEBUNDLE \
	-volname 'Time Machine Backups' "${NAME}.sparsebundle" >> /dev/null 2>&1

echo "done!"

echo -n "Generating property list file with uuid $UUID ... "

PLIST=$(cat <<EOFPLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.backupd.HostUUID</key>
        <string>$UUID</string>
</dict>
</plist>
EOFPLIST)

echo $PLIST > "${NAME}.sparsebundle"/com.apple.TimeMachine.MachineID.plist
echo "done!"

if [ $# == 2 ]
then
	echo -n "Copying ${NAME}.sparsebundle to $DIR ... "
	cp -pfr "${NAME}.sparsebundle" $DIR/"${NAME}.sparsebundle"
	echo "done"
fi

echo "Finished! Happy backups!"