June 17, 2018

LVM backup script

The script snapshots the volume, exports point in time snapshot to the encrypted file, archives it to save space and applies the retention on backup destination folder. Also CPU usage of gzip or dd process can be controlled by cpulimit tool.

#!/bin/bash

## Fill in the variables below.
## Volume Group Name
VG="/dev/VG-NAME/"
## Logical Volumes within VG
lvstobackup="LV1 LV2 ... LV3"
## Prefix for snapshots.
snapshotprefix="_TempSnapshot"
## Backup key file.
backupkey="/etc/backupkey"
## Backup destination.
backuppath="/backup/"

# Backup script start.
log="$(date +"%F_%H-%M") - Backup script started.\n"
log+="$(date +"%F_%H-%M") - Checking if cpulimit process is running.\n"
## Below "if fi" can be uncommented if you need to limit cpu usage of gzip process. cpulimit tool must be installed.
#log+="$(date +"%F_%H-%M") - Checking if cpulimit process is running.\n"
#if pgrep cpulimit > /dev/null
#then
#log+="$(date +"%F_%H-%M") - cpulimit process is running - PID $(pgrep cpulimit).\n"
#else
#log+="$(date +"%F_%H-%M") - cpulimit process is not running. Starting.\n"
#cpulimit --exe /bin/gzip --limit 50 -b
#log+="$(date +"%F_%H-%M") - cpulimit process started - PID $(pgrep cpulimit).\n"
#fi
## Sets variable to track total amount of backup data.
totaltransferred=0
## Sets variable to track script warnings.
warning="0"
## Starting firs loop to create snapshots for specified Logical Volumes.
## It checks if the same snapshot exists (from previous backup). Removes it and re-creates the new one.
for lvbackup in $lvstobackup
do
lvfull=$VG$lvbackup
snapshot=$lvbackup$snapshotprefix
snapfull=$VG$snapshot
log+="$(date +"%F_%H-%M") - Checking '$lvbackup' snapshots - '$snapshot'.\n"
check=$(lvs | grep -q $snapshot && echo "Found")
if [ ! -z "$check" ]
then
log+="$(date +"%F_%H-%M") - '$snapshot' snapshot exists. Removing.\n"
lvremove $snapfull -f
log+="$(date +"%F_%H-%M") - '$snapshot' removed.\n"
fi
log+="$(date +"%F_%H-%M") - Creating '$snapshot' for '$lvfull'.\n"
lvcreate -L10G -s -n $snapshot $lvfull
log+="$(date +"%F_%H-%M") - '$VG$snapshot' created. Checking.\n"
check=$(lvs | grep -q $snapshot && echo "Found")
if [ ! -z "$check" ]
then
log+="$(date +"%F_%H-%M") - '$VG$snapshot' snapshot found.\n"
lvstosnapshot+="$lvbackup "
else
log+="$(date +"%F_%H-%M") - '$snapshot' hasn't been created. Check host. Skipping. "WARNING"\n"
warning="1"
fi
done
log+="\n"
## Starting new look to actually backup the volumes. "cat" can be used instead of "dd".
## Also gzip can be changed to --best or --fast depending on performance. 
for lvtosnapshot in $lvstosnapshot
do
snapshot=$lvtosnapshot$snapshotprefix
snapfull=$VG$lvtosnapshot$snapshotprefix
log+="$(date +"%F_%H-%M") - '$VG$snapshot' - exporting, archiving and encrypting the snapshot.\n"
backupfile=$backuppath$lvtosnapshot"_"$(date +"%F_%H-%M")".gz.enc"
dd if=$snapfull | gzip | openssl enc -aes-256-cbc -pass file:$backupkey > $backupfile
filesize=$(du -m $backupfile | cut -f1)
log+="$(date +"%F_%H-%M") - Export job has been completed. Size (MB) = $filesize.\n" 
(( totaltransferred += $filesize ))
## Removes the snapshot. Below one can be commented if you need to keep the snapshot until next script run.
## Make sure "-L10G" is enough for your LV's.
lvremove $snapfull -f
done
## Apply a retention to the backup destination.
## In example below it removes all data in destination folder older than 7 days.
log+="$(date +"%F_%H-%M") - Removing all files in '$backuppath' older than 7 days.\n"
find $backuppath -mtime +7 -type f -delete
## Uncomment if you are using cpulimit in the script.
#log+="$(date +"%F_%H-%M") - Killing CPU limit process.\n"
#pkill cpulimit
## Below lines will create a log file in a destination folder.
## It will include the information about total size transferred as well as warning value.
log+="$(date +"%F_%H-%M") - Backup script ended. Warning code = $warning. Total transfered (MB) = $totaltransferred.\n"
logfile=$backuppath"$(date +"%F_%H-%M").log"
echo -e $log > $logfile

June 10, 2018

Debian 9 - Docker Guacamole MySQL

# Install Docker and dependencies.
apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common zip -y
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce -y

# Download guacamole and mysql containers.
docker pull guacamole/guacd
docker pull guacamole/guacamole
docker pull mysql

# Start MySQL container. Change rootpassword to your own.
docker run --name mysql -e MYSQL_ROOT_PASSWORD=rootpassword -d mysql

# Prepare database initialization script.
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql
docker cp initdb.sql mysql:/

# Connect to mysql container and create a database. Change userpassword to your own.
docker exec -it mysql bash
mysql -u root -p
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user' IDENTIFIED BY 'userpassword';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user';
FLUSH PRIVILEGES;
quit;
cat initdb.sql | mysql -u root -p guacamole_db
exit

# Start guacd and guacamole containers.
docker run --name guacd -d guacamole/guacd
docker run --name guacamole --link guacd:guacd --link mysql:mysql -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=userpassword -d -p 8080:8080 guacamole/guacamole

# Fix blank start page.
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.46.zip
unzip mysql-connector-java-5.1.46.zip
cd mysql-connector-java-5.1.46/
docker cp mysql-connector-java-5.1.46.jar guacamole:/root/.guacamole/lib/
docker cp mysql-connector-java-5.1.46.jar guacamole:/opt/guacamole/mysql/
docker restart guacamole

# Now you are ready to connect to your Guacamole instance at http://SERVERIP:8080/guacamole/ with guacadmin/guacadmin credentials.