Total Disaster recovery Hi, I had an recent experience that my RAID 10 set-up on an DELL server [4years old] crashed 2/4 hard drives simultainious due to heat. I recovered fully except for the smtp auth login. I did however upgraded from Mandriva 2006->2007 and this sample is on the non-working server. Code: 220 hera.domain.tld ESMTP Postfix (2.3.3) (Mandriva Linux) ehlo localhost 250-hera.domain.tld 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-AUTH GSSAPI CRAM-MD5 LOGIN DIGEST-MD5 PLAIN 250-AUTH=GSSAPI CRAM-MD5 LOGIN DIGEST-MD5 PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 anBi 334 UGFzc3dvcmQ6 Ymo3NzYtb3Jn 535 5.7.0 Error: authentication failed: authentication failure On the other serve it works ! My question is the diffeence is in the lines 250-AUTH GSSAPI CRAM-MD5 LOGIN DIGEST-MD5 PLAIN vs 250-AUTH LOGIN PLAIN Code: telnet localhost 25 Trying 127.0.0.1... Connected to beta.domain.tld (127.0.0.1). Escape character is '^]'. 220 beta.domain.tld ESMTP Postfix (2.3.3) (Mandriva Linux) ehlo localhost 250-beta.domain.tld 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 anBi 334 UGFzc3dvcmQ6 Ymo3NzYtb3Jn 235 2.0.0 Authentication successful The beta server is an plain newly setup box same as above but it works! Can Someone tell me were to look and what files to be edited / compared?
The backup script I used I make backup and overwrite the file-set once an week - thus having a file-set for monday thuesday etc this is my script, I stole some mysql bits from people on this server - Thankx. HOWTO setup the ssh to login using keys and not pawsswords. WARNING: It does mean that once an hacker get into one of your servers he can get to another witout passwords - therefore we will limit the auto auth to regular users and not root! On server1.domain.tld Code: cd /root/.ssh ssh-keygen -q -b 1024 -t rsa -f id_rsa # create the files id_rsa and id_rsa.pub the .pub is the public key and can be distributed the other myst stay put and be kept safe! on the server2 Code: adduser backup passwd backup su backup ssh server1.domain.tld # this will create the .ssh folder with correct permissions and save the known_hosts information exit # back to root cd /home/backup/.ssh vi authorized_keys # now copy the content of server1 authorized_keys in here. One line per server. # -rw------- 1 backup root 234 Nov 13 11:22 authorized_keys The backup script for ISPConfig on server1 I called it /root/make-backup and chmod +x /root/make-backup wil make it work! Code: #!/bin/bash find /root/ispconfig > /root/root-backup-files find /home/admispconfig > /root/home-backup-files find /etc/passwd > /root/etc-backup-files find /etc/shadow >> /root/etc-backup-files find /etc/group >> /root/etc-backup-files find /etc/gshadow >> /root/etc-backup-files find /etc/proftpd.conf >> /root/etc-backup-files find /etc/proftpd_ispconfig.conf >> /root/etc-backup-files find /etc/ssh >> /root/etc-backup-files find /etc/postfix >> /root/etc-backup-files find /var/www/ > /root/var-backup-files DATE=`date +%Y-%A` # For your own sanity replace "hera-" with your host name. Or even replace it with $HOSTNAME"-" BACKUPNAME="hera-"$DATE # echo $date # echo $BACKUPNAME USER=root PASSWORD=yourmysqlrootpassword HOST=localhost DESTINATION=server2.domain.tld for i in $(echo 'SHOW DATABASES;' | mysql -u$USER -p$PASSWORD -h$HOST|grep -v '^Database$'); do mysqldump \ -u$USER -p$PASSWORD -h$HOST \ -Q -c -C --add-drop-table --add-locks --quick --lock-tables \ $i > /home/backup/$BACKUPNAME-$i.sql; done; tar cvzf /home/backup/$BACKUPNAME"-root-backup.tar.gz" --files-from=/root/root-backup-files --no-recursion tar cvzf /home/backup/$BACKUPNAME"-home-backup.tar.gz" --files-from=/root/home-backup-files --no-recursion tar cvzf /home/backup/$BACKUPNAME"-etc-backup.tar.gz" --files-from=/root/etc-backup-files --no-recursion tar cvzf /home/backup/$BACKUPNAME"-var-backup.tar.gz" --files-from=/root/var-backup-files --no-recursion /usr/bin/scp /home/backup/$BACKUPNAME* $DESTINATION:/home/backup/ rm /root/root-backup-files rm /root/home-backup-files rm /root/etc-backup-files rm /root/var-backup-files I would like comments if I left out something here, In my original backup I left out the group files and had to manually create some parts, ISPConfig actually fixed it for me after a while! Add this to your crontab to run early morning so that the bandwidth is available to traqnsfer large files - WARNING this BACKUP is LARGE ! Code: crontab -e 45 04 * * * /root/make-backup ----------------------------------------------- This part was added by means of post editing! ----------------------------------------------- Restore Basically extract the needed user data files - carefull not to overwrite system config files IF you upgraded packages. [You are on your own here] I restored the mysql database and the db_ispconfig, the latter might have a different name if you made that choice during the install. Code: mysql -u root -p -e "source /home/backup/hera-2007-Friday-mysql.sql" mysql mysql -u root -p -e "source /home/backup/hera-2007-Friday-db_ispconfig.sql" db_ispconfig NOTE: my script above makes these files and care should be taken around the "hera" read the comments in the script of how to customise this server name.
Thanks Thanks for this script. Hopefully it works out. I am only going to run it and have it transfer the contents off the server once a week. Don't want to kill bandwidth. Thanks, Fred
My backups are run using Dirvish. This is a very handy backup tool that uses rsync and ssh to transport the data. You can choose what to backup and how long a backup should be kept at the other server. The great thing about dirvish, is that it is incremental. You don't need to copy all of the information every time, just the changed things!
Restore prod to virtual env I ran the restore and it all looks good - but when I try to log in to webmail, it falls apart. Has any one successfully done a restore? Actually, all I'm trying to do is to move my production environment onto a virtual server.
While what you have looks great, I've decided to use system imager and backup my servers (yes plural, only one web right now, but multiple stream servers). SI makes a fairly complete backup, and I provided the live disk to my colo operator. For remote it makes it easy, since if there were a need to reload, the system will contact my office and pull the server back up. The nice part about it, I do a backup every 4 hours once the initial image is made, and we're considering doing it every hour. Not to mention, that if I should hose part of a system, I can use FTP and restore the old files in a heartbeat. Big thanks to Falko for the idea, although I didn't use his howto (I really didn't need to, it's really well documented already) as I stubbornly refuse to use a deb system.
Thanks Falko, Yes webmail exits after my restore in my virtual environment. When I try to authenticate - to get emails, I get the following error messages: Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/admispconfig/ispconfig/web/webmail/inc/class.uebimiau_mail.php on line 66 Warning: fsockopen() [function.fsockopen]: unable to connect to localhost:110 (Unknown error) in /home/admispconfig/ispconfig/web/webmail/inc/class.uebimiau_mail.php on line 66 Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/web/webmail/inc/class.uebimiau_mail.php:66) in /home/admispconfig/ispconfig/web/webmail/msglist.php on line 64
I get a lot of security warnings when installing systemimager. Also, systemimager has a number of quirks so I'd rather not go there. If I'm able to get my production environment into a virtual environment, I have a script that would shutdown the virtual server, copy all related files & start server up again. For me, this is as good as it gets.
Hi Falko, These are the outputs: netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:1001 *:* LISTEN 1667/rpc.statd tcp 0 0 *:mysql *:* LISTEN 2011/mysqld tcp 0 0 *:sunrpc *:* LISTEN 1630/portmap tcp 0 0 *:hosts2-ns *:* LISTEN 2457/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 2643/proftpd: (acce tcp 0 0 res-rig05.mydomain.com:domain *:* LISTEN 2616/named tcp 0 0 localhost.UU.NET:domain *:* LISTEN 2616/named tcp 0 0 localhost.UU.NET:ipp *:* LISTEN 1872/cupsd tcp 0 0 localhost.UU.NET:rndc *:* LISTEN 2616/named tcp 0 0 *:smtp *:* LISTEN 2572/master tcp 0 0 localhost.UU.NET:rndc localhost.UU.NET:4732 TIME_WAIT - tcp 0 0 *:imaps *:* LISTEN 2045/dovecot tcp 0 0 *: pop3s *:* LISTEN 2045/dovecot tcp 0 0 *: pop3 *:* LISTEN 2045/dovecot tcp 0 0 *:imap *:* LISTEN 2045/dovecot tcp 0 0 *:http *:* LISTEN 2488/httpd tcp 0 0 *:ssh *:* LISTEN 1890/sshd tcp 0 0 localhost6.localdomain6:ipp *:* LISTEN 1872/cupsd tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 2616/named tcp 0 0 *:https *:* LISTEN 2488/httpd [root@res-rig05 ~]# more /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 192.168.13.27 res-rig05.mydomain.com res-rig05 ::1 localhost6.localdomain6 localhost6
