Simple RSYNC/SSH/ZFS Backup

Hi there,

It has been a while, busy building clouds and stuff. In the Christmas spirit of sharing, today I wanted to share this bash script for ZFS backups, it will basically snapshot the ZFS share, RSYNC new files over and the delete the old ZFS snaps.

Simple, yes, but somehow a wheel that keeps being reinvented over and over again, so here’s my version of it. Hope it helps someone save some time.

For this script, the backup server is one of our own TerraNas servers (basically, Ubuntu 14 with Native ZFS and NFS/4) the client is a Ubuntu14 LTS server, the SSH keys have been imported to the client so we can SSH across without passwords and such.

On the ZFS/NFS server side, we disable ID mapping to have usernames cross the wire instead of ID’s

echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping

share the ZFS drive with:

zfs set sharenfs=rw=@,insecure,no_root_squash pool1/backup

Where is your subnet or host of course.

Then we share it our with zfs share -a and service nfs-kernel-server restart.

We do have one export to the localhost in the /etc/exports file, because NFS will complain if this file is empty, but the rest of the exports come from ZFS

On the client we have this little script:

Continue reading

Using Drush to move stuff from dev to prd

Revision 2.0

If you’re hosting Drupal sites you might have searched for scripts to make publishing of development to production easier. And you must have stumbled upon things like aliases, rsync and sqldump to help you get along.

To save you some time, a short little script that we use for propagation to our prod servers.

First you need your aliases.drushrc.php (we have it in the ~/.drush folder)

<?php $aliases['tbs-dev'] = array (
 'root' => '/sites/tbs/www',
 'uri' => 'http://www.travelbysuitcases.local',
 'path-aliases' => array (
 '%drush' => '/usr/bin',
 '%site' => 'sites/default/',
 'command-specific' => array (
 'rsync'=> array(
 'mode' =>'avz',
 'exclude-paths' =>'files'
$aliases['tbs-prd'] = array (
 'root' => '/sites/tbs/www',
 'uri' => '',
 'remote-host' => '',
 'path-aliases' => array (
 '%drush' => '/usr/bin',
 '%site' => 'sites/default/',
 'command-specific' => array (
 'sql-sync' => array (
 'sanitize' => FALSE,
 'no-ordered-dump' => TRUE,
 'structure-tables' => array(
 'common' => array(
 'rsync'=> array(
 'mode' =>'avz',
 'exclude-paths' =>'files'

there might be a few things that you notice. We use 3 letter shortnames (CMS, INT, TBS and so on) for our websites, followed by either -prd or -dev, further we do not sanitize data on when we push to the prd database as we develop with the full dataset, you might want to have a different approach there.

Also, as we found it makes no sense to push our entire media library across on every update, we exclude this from our RSYNC. Instead we have the /sites/default/files folder mounted as an NFS share from our Prod and Dev servers

Adjust where necessary.

Now our little bash script that moves stuff around

# PRD 2 DEV Drush by
# Revision 2.0

STARTTIME=$(date +%s)
if [ -z "$1" ] ; then 
 echo "Usage : prd2dev 'shortname'"
 exit 1

cd /sites

# Check if shortname is a valid alias (~/.drush/aliases.drushrc.php)
drush sa > shortnames.txt
if grep -Fxq "@$1-prd" shortnames.txt; then
 # Get the DEV and PRD paths
 dpath=$(drush @$1-dev dd)
 ppath=$(drush @$1-prd dd)
 # Get DEV and PRD URL for later (uuid)
 devurl=$(drush sa --table |grep "@$1-dev" |awk '{print $3}')
 prdurl=$(drush sa --table |grep "@$1-prd" |awk '{print $3}')
 date=`date +%Y-%m-%d.%H-%M-%S`
 # Clean cache / set maintenance and backup the DEV site
 drush @$1-prd vset maintenance_mode 1 &
 drush @$1-dev vset maintenance_mode 1 &
 echo @$1-prd and @$1-dev in maintenance mode
 drush @$1-prd cc all &
 drush @$1-dev cc all &
 echo @$1-prd and @$1-dev cache cleared
 rm /sites/backup/$1-prd-*.tar.gz 
 drush @$1-dev ard --destination=/sites/backup/$1-prd-$date.tar.gz --tar-options="--exclude=files"
 # Save the dPath and pPath and Build.txt
 echo $dpath > $dpath/dev-path.txt
 echo $ppath > $dpath/prd-path.txt
 echo $date > $dpath/build-$date.txt
 echo Local backup made of @$1-dev to /sites/backup/$1-prd-$date.tar.gz 
 #RSYNC and SQL Sync the PRD to DEV (remove all obsolete files)
 drush --yes -v rsync @$1-prd @$1-dev &
 drush --yes sql-sync @$1-prd @$1-dev &
 echo SQL and RSYNC completed
 # Set css and js compression to 0
 drush @$1-dev vset preprocess_css 0 &
 drush @$1-dev vset preprocess_js 0 &
 # Disable googleanalythics and mollum - set UUID base
 if [ -d $dpath/sites/all/modules/mollom ]; then
 drush @$1-dev --yes dis mollom &
 if [ -d $dpath/sites/all/modules/google_analytics ]; then
 drush @$1-dev --yes dis googleanalytics &
 if [ -d $dpath/sites/all/modules/uuid ]; then
 drush @$1-dev vset uuid_redirect_external_base_url $devurl &
 echo Module maintenance completed
 drush @$1-prd vset maintenance_mode 0 &
 drush @$1-dev vset maintenance_mode 0 &
 echo @$1-prd and @$1-dev Back ON-LINE
 echo "$1 not found as Shortname in alias list"
 exit 1
ENDTIME=$(date +%s)
echo "$1-prd deployed to $1-dev in $(($ENDTIME - $STARTTIME)) seconds... COPY Backup in background"
scp -c arcfour128 /sites/backup/$1-prd-$date.tar.gz netbackup@$1-prd-$date.tar.gz &

It’s no rocket science, we first check if the shortname is available on the server, then push the url’s and paths in some variables as we might need these later, we also take a backup of the prod side, Rsync and SQLsync all over, do some maintenance on disabled modules (thinks like mollom and GA), finally disable the maintenance mode and ce’st ca.

As per revision 2.0 I push some jobs in parralel on dev and prd to speed everything up a bit (the & and wait combinations). Also we move our backups to an NFS share.

The script above is PRD2DEV (DEV2PRD) is basically the reverse of this.

I could go in to detail of each little piece of bash code, but it’s pretty self explanatory i think

Hope it saves someone some time


Mass Update Ubuntu (debian) servers without puppets or chefs

Ok, you do not want in invest the exorbitant fee for management and scripting though some fancy web based script engines like Puppet or Chef, but like us you so have this farm of a couple of dozen (or hundreds) of VM’s that at some point need their updates and patches, especially when these VM’s have been neglected for a couple of weeks during the summer vacations :).

Now how to go about this?

Firstly from your admin server or PC, copy your SSH cert to the target so that you can log in without password challenge, for this to work under root you need to give root a password, (log in as root on the target server sudo, and set a password with passwd) of course not advised, but very practical in most cases. 

Now to copy your ssh cert, simple issue the ssh-copy-id command followed by uid@ip (e.g. root@ and authenticate.

Now make a file with IP’s (or hostnames) of the servers you want to manage, i call it servers.lst 

Then this little (very simple) script does the trick

while read name

echo “Processing : ” $name
ssh -n $name “DEBIAN_FRONTEND=noninteractive $1″
done < servers.lst

the -n after ssh makes ssh wait before it returns to shell, the DEBIAN_FRONTEND=noninteractive in the command suppresses some debconf warnings (as explained here)

Simply make executable (chmod +x) and run as ./ ‘apt-get update && apt-get upgrade –yes’ (for example)

Sometimes, less is more..

Graph ZFS details with Cacti (Nexenta)

Today, as promised a long time ago, and therefore seriously overdue, a short writeup on how to graph ZFS details from Nexenta on Cacti.

On the Nexenta host

Firstly, add some extends to you SNMPD.CONF (here is some background on how to do this ). To do this log in (ssh) as admin to your Nexenta box, then obtain root privileges (su).

Now start  the nmc and run the command setup network service snmp-agent edit-settings . this allows you to edit the snmpd.conf file on a Nexenta host. Do not go about editing these files directly in /etc/snmp because it will not work that way

Now add your extends to the snmpd.conf file, i googled a bit to get some commands to return ZFS details, for our servers we added the following. The snmp-agent edit-settings  will open the snmpd.conf file in VI, so remember: a is to append, :x is to save, dd is to delete a line.

We added the following extends to our Nexenta server

extend . zpool_name /bin/bash -c “zpool list -H -o name”
extend . zpool_snap /bin/bash -c “zpool list -Ho name|for zpool in `xargs`;do zfs get -rHp -o value usedbysnapshots $zpool|awk -F: ‘{sum+=$1} END{print sum}';done”
extend . zpool_used /bin/bash -c “zpool list -Ho name|xargs zfs get -Hp -o value used”
extend . zpool_data_used /bin/bash -c “zpool list -Ho name|for zpool in `xargs`;do snap=`zfs get -rHp -o value usedbysnapshots $zpool|awk -F: ‘{sum+=$1} END{print sum}’`;pool=`zfs get -Hp -o value used $zpool`; echo $pool $snap|awk ‘{print (\$1-\$2);}';done”
extend . zpool_available /bin/bash -c “zpool list -Ho name|xargs zfs get -Hp -o value available”
extend . zpool_capacity /bin/bash -c “zpool list -H -o capacity”
extend . arc_meta_max /bin/bash -c “echo ::arc | mdb -k| grep arc_meta_max|tr -cd ‘[:digit:]'”
extend . arc_meta_used /bin/bash -c “echo ::arc | mdb -k| grep arc_meta_used|tr -cd ‘[:digit:]'”
extend . arc_size /bin/bash -c “echo ::arc | mdb -k| grep -w size|tr -cd ‘[:digit:]'”
extend . arc_meta_limit /bin/bash -c “echo ::arc | mdb -k| grep arc_meta_limit|tr -cd ‘[:digit:]'”
extend . arc_meta_c_max /bin/bash -c “echo ::arc | mdb -k| grep c_max|tr -cd ‘[:digit:]'”
extend . arc_hits /bin/bash -c “kstat -p ::arcstats:hits| cut -s -f 2″
extend . arc_misses /bin/bash -c “kstat -p ::arcstats:misses| cut -s -f 2″
extend . arc_l2_hits /bin/bash -c “kstat -p ::arcstats:l2_hits| cut -s -f 2″
extend . arc_l2_misses /bin/bash -c “kstat -p ::arcstats:l2_misses| cut -s -f 2″
extend . vopstats_zfs_nread /bin/bash -c “kstat -p ::vopstats_zfs:nread | cut -s -f 2″
extend . vopstats_zfs_nwrite /bin/bash -c “kstat -p ::vopstats_zfs:nwrite | cut -s -f 2″
extend . vopstats_zfs_read_bytes /bin/bash -c “kstat -p ::vopstats_zfs:read_bytes | cut -s -f 2″
extend . vopstats_zfs_write_bytes /bin/bash -c “kstat -p ::vopstats_zfs:write_bytes | cut -s -f 2″

I know on Extends you normally would not have to provide an OID, but I like to provide them anyway so I know where to look for the SNMP OID.

After adding these, save the file and say yes to the question to reload the file after the save. Now check the configuration with:

setup network service snmp-agent confcheck

and then restart the snmpd with:

setup network service snmp-agent restart

Your work is now done on the Nexenta host, you can check the settings with an snmpwalk command to see if it actually works


I assume you have an SNMP enabled device set up to point to your Nexenta server, if not this would be a good time to do so. SNMP V2c works for me.

Now import the following XML graph templates on the end of this post to your Cacti server (I’ve got these from this forum but had to modify them quite a bit for them to see get the data form the correct SNMP OID’s.

Now add these templates to your device, and create the graphs. If you are lucky you will get some pretty pictures with some usefull information, especially the one on L2ARC cache turned out to be quite useful to us.

Good luck, and if you have any questions, post  them.



Continue reading

VMware tools on Ubuntu 12.04 LTS from Repository

Task for today, equip a couple of dozen VM’s with VMware Tools. I hate manual labor so I hacked up this little script.

Make sure current VMware tools or open-vm tools are uninstalled and purged otherwise this will crap out.

# Fetch the key

apt-get install python-software-properties –yes
apt-key add

# Add the Repo to APT, and remove sources (we remove all sources, but you can specify to remove only
# VMware sources (since they are not published and will end up in an error)

apt-add-repository ‘deb precise main’ && wait
# We dont want any sources by default
sed -i ‘s/deb-src/#deb-src/g’ /etc/apt/sources.list


# Install the tools

apt-get update &&
# Check Kernel version, we use 12.04 LTS ONLY, esx-nox is NO GFX support, as it should be
apt-get install vmware-tools-esx-kmods-3.2.0-23-generic vmware-tools-esx-nox –yes &&
apt-get upgrade –yes && wait


Ce’st ca, all done.

How to install ESXi on those darn cheap-ass SanDisk Cruzer fit sticks

It took me some time to figure out, but for my next batch of ESXi hosts for our cloud platform I simply refused to go to the WanChai computer center again to buy new USB sticks, as I still had a batch of those SanDisk Cruzer Fit sticks lying around from my previous attempt. Last time, because of time constraints, I had to take the easy route and go and buy HP branded stuff for our army of BL495. But today we received another 16 or so 495’ers to fill up another enclosure, and as said, I refused to go out to the computer-center to buy sticks again, it bloody pouring out there :)

So I dug in to this and with a little help from google and the syslog logs, I figured it out, It seems that ESXi wan’t to format the USB stick with a GPT partition, which some sticks like these SanDisk Cruzers, won’t take. Now to force the installed to use classic MBR, upon install, on the boot screen press SHIFT-O for the boot options of runweasel.

Remove whatever you see there and just replace it with runweasel formatwithmbr press enter, and voila, your install will proceed, format the stick, install the binaries, and most important, boot from it on next reboot.



Cisco 7961 headaches

Man, I never liked Cisco stuff, and after today my esteem for the SF router and switch giant has dropped another notch.  Why?. well try to get a Cisco 7961 (or 7960 for that matter) work in Asterisk, then you’ll understand. So to ease the burden of some of you out there that try to do the same, here is the Asterisk  / FreePBX template that finally made it work for me.

We used the freely available SIP41.8-4-3S fimware, just create yourself an account on Cisco support and fetch it, we tried some of the 9 versions without any luck, so stick to the 8 versions i’d say, works just fine.

Also as other blogs outline in great detail, <natEnabled>false</natEnabled> seem to be quite important :),

well good luck…

<?xml version="1.0" ?>
 <timeZone>China Standard/Daylight Time</timeZone>
 <member priority="0">
 <line button="{$line}">

No more Nexenta CPU overload

We have all seen it, NexentaStor eating away the CPU in an ESXi environment. It’s actually not consuming the CPU cycles, but since Illuminos reserves cycles (basically telling the CPU to go through a zillion NOOPS) the CPU get trashed, eating up to 15% for each core. Not a pretty sight, and certainly something you would want to get rid off since this seriously screws up your ESXi resource scheduler.

How to go about this is actually quite easy, just disable the nmdtrace service. One small down side to that though, removing / disabling this service will kill all performance stats in the NMS, not that they are of any use anyways, they are nothing short of pathetic (sorry Nexenta), to get around that I will describe how to extend SNMP to get proper statistics into something like Cacti in a later post.

First, lets free up those NOOP cycles and kill nmdtrace. Before doing so you would like to remove the dependency of it with the NVM, so here goes (all as SU on the console of your Nexenta box of course)

svccfg -s nmv delpg nmdtrace

check the NVM service for state

svcs nmv

And if necessary, remove failure state by

svcadm clear nmv

svcadm refresh  nmv

Now we are good to go to kill the nmdtrace process by issuing

svcadm disable -s nmdtrace

If you would like to enable it (god knows why) just issue

svcadm enable s nmdtrace

See the pretty graph :)







Local Ubuntu Mirror

We were getting tired of our Ubuntu server reaching out to the internet every day/week to fetch updates and patches. Man if you though Windoze was bad, these Ubuntu servers know their way around consuming bandwidth as well. So in the Windoze world we had something called WSUS (if it is still called that?) so i wanted something similar to keep roughly 150+ servers from going out to fetch their bits.

The APT-MIRROR package to the rescue. Setup is quite easy, but i did not find any ‘cook book’ that fitted all my needs.

First off I need to store these mirrors on a nice de-duplicated NFS server (Nexenta/ZFS) to keep it from consuming to many GB’s. So what we did is create a NFS export on one of our SAN’s with root access for the Mirror server, simple enough.

On the server side

On the server we install APT-MIRROR with a simple apt-get command;

apt-get install apt-mirror

This installs the package and creates the structure in /var/spool/apt-mirror

Now we mount our NFS mount-point to the /var/spool/apt-mirror/mirror from the FSTAB in the usual way

<hostname>:/volumes/pool1/mirror /var/spool/apt-mirror/mirror nfs auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 0 0

(yes, our NFS is still V3, since it serves some ESXI hosts as well)

Now it is time to configure our /etc/apt/mirror.list, we ended up with

############# config ##################
set base_path /var/spool/apt-mirror
set mirror_path $base_path/mirror
set skel_path $base_path/skel
set var_path $base_path/var
set cleanscript $var_path/
set postmirror_script $var_path/
set run_postmirror 1
set nthreads 10
set _tilde 5
set defaultarch amd64

############## end config ##############

deb precise main restricted universe multiverse
deb precise-security main restricted universe multiverse
deb precise-updates main restricted universe multiverse
deb precise-proposed main restricted universe multiverse
deb precise-backports main restricted universe multiverse
deb precise main main/debian-installer restricted restricted/debian-installer universe universe/debian-installer multiverse multiverse/debian-installer


Now how did we decide to go for to fetch our mirror, for us this was the best performing (not necessarily closest) mirror that is up-to-date. A way to determine your fastest mirror is with the handy netselect tool. how to install and use;

First fetch the latest binary (at time of writing 0.3.ds1-25


Then throw it against the mirror lists from launchpad, and add some grep magic to make the output readable

netselect -v -s10 -t20 `wget -q -O- | grep -P -B8 “statusUP|statusSIX” | grep -o -P “(f|ht)tp.*\”” | tr ‘”\n’ ‘ ‘`

For us it came back with the Hong Kong Chinese University and some others, the Taiwan repo was at the 3rd place, We decided to use the Taiwan one since the Hong Kong archives tend not up to date, maybe we should open up ours to have an up-to-date repo down one here :) . Anyway, you should verify your results against the mirror list on to get your close and up to date repo.

It is now time to do a first time population of the repository by manually executing

apt-mirror -c apt-mirror

This can take some time as we will pull down

Now the newly downloaded repo can be made available through a web server of choice (Apache for us). We just linked the ubuntu folder to the /vat/www, we could also share the folder out as an RSYNC repo on the Nexenta storage server, maybe at a later time, not today.

ln -s /var/spool/apt-mirror/mirror/ /var/www/ubuntu

Now all that is left to do on the server side is to add the update script to your cron tab for scheduled execution, this is made easy as the package provides this schedule file in /etc/cron.d/apt-mirror, the only thing you need to do there is to uncomment the line

On the Client Side

On the client side we need to edit the /etc/apt/sources.list. Here we commented every deb repo and left the deb-src pointing to the us repositories. Then on the top of the file we added the deb repe’s for our own mirror.

deb http://<domain>/ubuntu precise main restricted universe multiverse
deb http://<domain>/ubuntu precise-security main restricted universe multiverse
deb http://<domain>/ubuntu precise-updates main restricted universe multiverse
deb http://<domain>/ubuntu precise-proposed main restricted universe multiverse
deb http://<domain>/ubuntu precise-backports main restricted universe multiverse

#deb precise main restricted
deb-src precise main restricted
#deb precise-updates main restricted
deb-src precise-updates main restricted
#deb precise universe
deb-src precise universe
#deb precise-updates universe
deb-src precise-updates universe
#deb precise multiverse
deb-src precise multiverse
#deb precise-updates multiverse
deb-src precise-updates multiverse
deb-src precise-backports main restricted universe multiverse
#deb precise-backports main restricted universe multiverse
#deb precise-security main restricted
deb-src precise-security main restricted
#deb precise-security universe
deb-src precise-security universe
#deb precise-security multiverse
deb-src precise-security multiverse

now run an apt-get update / apt-get upgrade, and all should be coming from your own repo

As always, hope this helps someone save time, if it does not work out for you, pleaee  leave a comment and we’ll try to help where possible

- Fault