louise

How I backup my VyOS machines using FreeNAS

2017/02/26 edgeos, FreeNAS, vyatta, vyos , , , , , , , , , ,

Seed VyOS / EdgeOS

We start by seeding the routers with a script to insert a ssh-key used by FreeNAS to access to box. We make add the backup cronjob and make sure it runs on a daily-basis. We also move the apt daily-cronjob to the root-homedirectory as it seems to unnecessarily slow things down. Make sure to replace your key in the script by your own. I’m using the backup user on VyOS (native user).

#!/bin/sh
mkdir /home/backup
mkdir /home/backup/.ssh/
mv /etc/cron.daily/apt /root/
chown backup:backup /home/backup -R
chmod 750 /home/backup/.ssh/
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNoBYvmqNw6lU7XzpS25dzO9D3H0+Ou1OqW94i1FYEUe6nFJfKnSxCPsxXgwBvT7xZMx1EWW8A8kxrSiiEcaiGiI9PXvL7Kr6CFr+WmDqudDpcx7SVV2+n7ifaXjpxySKMKnGh/uCLR5P4ElLp0n5qRpG2lkEbXsRwqsnr4csnovmw5P8ZCEghAYK51hMBrTVsj6rKnjNVtQWPLPryPn6koDLcPZnGF9gaN5Azm42p7QLTE9bfzow4ZfGm5+ljiqiCINjGfkEyoEmNciyEmd8aVtcfcFAFxC3nwZXZ2KJgGag1tsPZNp5sqLmuSJKzxgM8tqyzU8XFLH3ClINWdd7R backup@abed.abcdef.lan" > /home/backup/.ssh/authorized_keys
sed -i 's/backup.*/backup:x:34:34:backup:\/home\/backup:\/bin\/sh/' /etc/passwd
cat > /etc/cron.daily/backup << EOL #!/bin/sh rm -f /home/backup/backup-* date="$(date +%Y-%m-%d_%H%M)" tar czf /home/backup/backup-\$date.tar.gz /config/ &> /dev/null
chmod 700 /home/backup/backup-\$date.tar.gz
chown backup:backup /home/backup/backup-\$date.tar.gz
EOL

chmod 775 /etc/cron.daily/backup
run-parts --verbose /etc/cron.daily

Enable SSH access on the box accessible from FreeNAS. To generate a key SSH as root into your FreeNAS and do su – backup to identify as backup user; then generate a ssh-key with ssh-keygen -t rsa. You can view your ssh-key with cat ~/.ssh/id_rsa.pub. Copy that in the script.

EdgeOS needs rsync

Don’t forget to install rsync on Ubiquiti EdgeOS devices

configure
set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy url http://http.us.debian.org/debian
commit
save
sudo su -
apt-get update
apt-get install rsync

Configure FreeNAS

It’s best to test SSH connectivity towards each target on the command-line before attempting to configure an Rsync Task. You can do so by SSH’ing into your FreeNAS as root. Test the target by SSHing as backup user: su – backup, ssh target-ip, you should be logged-in without a hitch (accept the host-key if asked).

µpdate: asymmetric routing with VRRP and OSPF

2014/07/02 edgeos, vyatta, µpdate , ,

I was playing with my network today when I noticed an interesting side-effect of my current network architecture. Simply put there are two layers of routers; the first do intranet routing, the second layer takes care of everything else (ie. the internets). The image depicts my beautifully inspiring wallpaper on Windows 7 where we call for louise. I printed the the default gateway and it looks like we’re taking 1.65 towards shirley first. 1.65 is actually a VRRP address and 1.67 does the actual lifting as confirmed in the tracert below. From there we egress out of 0.33 and meet up with louise, ‘sup. louise stubborn as she is decides to take 0.34 home, jeff answers the call of duty, but couldn’t care less about the whole ordeal and sends them over 0.66 towards me.

(more…)

VRRP: IP high-availability (CARP/HSRP)

2014/05/06 debian, network, vyatta , , ,

Je hebt een netwerk met twee routers met beide toegang tot het internet. Je clients krijgen typisch maar één default route toegekend via DHCP, ze gebruiken dus maar één van de twee routers.
Vereiste voorkennis voor maximaal genot: basis netwerken.

Abstract

Bovenstaande situatie kan je op meerdere manieren oplossen maar met VRRP wordt er een virtueel IP adres gedeeld door de routers. Het virtuele IP adres wordt doorgegeven zoals een estafette stokje en wordt ook altijd beantwoord door dezelfde machine zolang de situatie niet veranderd. De routers houden elkaar in de gaten om te zien of het tijd is om actie te ondernemen en zichzelf te promoveren tot nieuwe eigenaar van het virtuele adres.
(more…)

Acer Aspire 721 meets Vyatta router

2013/02/24 vyatta , ,

Enkele dagen geleden overleed het scherm finaal op de Acer Aspire 721 van Tom (mijn buurman). Tom heeft inmiddels een iPad gekocht, ik bood aan om het wrak over te kopen en hij zou het laptop schijfje van 500GB (7200 rpm) houden.
Vereiste voorkennis voor maximaal genot: basis netwerken, NAT, PPPoE en VLANs

Acer Aspire 721

http://tweakers.net/ext/f/RNmddVSH3A9lyxQG1WPhQaLp/full.jpg http://tweakers.net/ext/f/TWXAEo6ppGbWvkXX3sogbt58/full.jpg
http://tweakers.net/ext/f/lJgar7aF11XVipk7O2m9mrbX/full.jpg http://tweakers.net/ext/f/sKMWsJDKpH88lTNOFh0Ca9IR/full.jpg

http://tweakers.net/ext/f/EhrbzYWKAJPfmiBdpWscc8N4/full.jpg

(more…)