Xi6.org

Openfiler – Rsync over SSH setup & How-to

by on Jan.12, 2011, under linux/ubuntu

Introduction

Openfiler is a nice little NAS box, but when it comes to setup and configuration you’re pretty much left on your own. There’s no good documentation (even the paid user manual is garbage – it only describes the various checkboxes and fields). The openfiler forums are littered with people asking the same questions you are… and getting no answers.

After hours of searching and messing around, I have rsync over ssh working on openfiler! (Yes, SSH is a requirement in order to secure the data transfer – we don’t want anyone sniffing the traffic and picking up… well, anything).

rsync over SSH on openfiler

LDAP Users & Groups

I’m going to go ahead and make the assumption you’ve successfully setup LDAP and have created a few users and groups. If not, I may write another article pertaining to LDAP as I know it may not be the easiest thing to understand and setup.

On my openfiler system I’ve setup various groups and users as follows:

example: (user-name.group-name)
user.local
backup.remote
external.untrusted

For this article we’ll be focusing in the user “backup” as part of the “remote” usergroup.

File Shares & Permissions

I’ve setup a share called “BACKUPS” which is located at /mnt/volume-group/volume/BACKUPS

I’ve set the remote group as the primary group (PG) and has read/write (RW) access. And have granted the local user read only  (RO) access, so that I’m able to access the share on my local network. (I don’t want to accidentally write things that could possibly screw up rsync at a later date).

Under the host access configuration (Which again I’m assuming you’ve setup “trusted” networks or the ip’s of your external servers/machines that you wish to have connect to your openfiler box). I’ve set my “Remote-servers” network to have Read/Write access to rsync. (Ignore the rsync options for now unless you have specific needs or issues later)

rsync daemon

You may have trouble enabling the rsync service/daemon from the web gui, no problem – login to the openfiler server and start it manually.

#/etc/init.d/rsync start

You may or may not get any errors, should be fairly easy to read the error output and fix as necessary. Below is what my /etc/rsyncd.conf file looks like:

port = 873

motd file = /opt/openfiler/etc/rsync.motd

[ volume-group.volume.BACKUPS ]
path = /mnt/volume-group/volume/BACKUPS
comment = rsync-comment
hosts allow =  192.168.1.1/27 192.168.2.1/29
hosts readonly allow =
auth use pam = yes
read only = no
write only = no
use chroot = no
max connections = 0
list = yes

modifying LDAP user for SSH

In order to properly use our LDAP user “backup” over SSH, we’ll first need to give him a proper home directory (as it’s currently set to /dev/null).

Searching for the user gives us some information:

ldapsearch -x uid=backup

Now in order to modify this user we’ll need to make an ldif file using your fav editor (Keep in mind you’ll need to use the options you’ve set on your openfiler LDAP – hint – accounts tab on openfiler shows the DN info):

#nano backup.ldif

dn: uid=backup,ou=People,dc=openfiler,dc=nas
changetype: modify
replace: homeDirectory
homeDirectory: /tmp

replace: loginShell
loginShell: /bin/bash

Enable SSH for LDAP user “backup”:

[[email protected] ~]# ldapmodify -W -x -D ‘cn=Manager,dc=openfiler,dc=nas’ < ./backup.ldif
Enter LDAP Password: ************
modifying entry “uid=backup,ou=People,dc=openfiler,dc=nas”

Router/Firewall setup – Port forwarding

On my router (wrt54g with tomato firmware), I’ve created a rule that matches the remote client ip (source) and forwards port 22 and 873 to my openfiler box (which iptables also allow those ports).

Remote Client Configuration (files sent from here)

Now onto the good stuff – we’re done with our setup, time to transfer some files from a remote machine to the rsync server.
rsync -avz -e ssh /home [email protected]:/mnt/volume-group/volume/BACKUPS/myserver1
This will prompt you for a password for the user backup. This is fine. We can add SSH keys to remove this prompt and add the command to cron. (I’ll cover this in a later article).
In the above command we’re telling rsync to use -a (archive mode) -v (increase verbosity) -z (compress file data) -e ssh (use the ssh protocol).
There is a difference in using trailing slashes at the end of the directory. I’m backing up my entire /home directory to a directory called /myserver1 (without the trailing slash it creates the directory /home under /myserver1) So we get /myserver1/home. If you add a trailing slash to /myserver1/, the contents of home are written directly into /myserver1/*.

Possible Errors

I’ve written this article after the fact – so I don’t have the countless errors I’ve encountered. Most of the time there’s no associated log output to help you figure out what’s going on. You’ll need to sorta understand how things work in order to better trouble shoot.
You can try running the rsync command without SSH on a few individual test files to make sure that rsync in itself is actually working properly. Then troubleshoot why it won’t work over SSH. (That’s why we modified the LDAP to give the remote user “backup” the ability to have a home directory on SSH) Otherwise we get errors about /dev/null not being a directory.
:, , , ,
1 comment for this entry:
  1. CT

    Using the rsync -avz will the over write all the files at each backup or only the ones that have changed.

    Great job and WONDERFUL information. Thanks.

Leave a Reply

You must be logged in to post a comment.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...