Re: Replicating base server -> target server (Digital Ocean/Fed/Centos)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Feb 11, 2018 at 1:51 PM, bruce <badouglas@xxxxxxxxx> wrote:
Hi.

Kind of long ,but might be useful/helpful to others.. Feel free to
comment as you see fit!

I'm using this as a step/guide to recreate/replicate a smaller
droplet/vm from a larger vm within Digital Ocean.


The goal:
 Replicate/reproduce the users/processes/directories/files
  from a base server to a target server.
 To be able to then use the target server in place of the base/initial
  server
 The base server acts as a nfsClient server to a nfsServer

 Doing this to create a smaller vm/droplet from Digital Ocean (DO), and need
  to "replicate" a larger droplet/vm.
  DO doesn't provide a way to accomplish this!

::::---
This process doesn't deal/handle any iptable/firewall/selinux/dns
 issues....
 -need to figure out how to deal with these....

Process:
-analyse the base server to get all the existing users
-analyse the base server to get all the existing/running system processes
-analyse the base server to get all the existing/running 3rd party processes
-analyse the base server to get all the existing dirs/files
-analyse the base server to get all the existing sshkey data/files
-analyse the base server to get all the installed rpm/packages


-create process on the target to generate the user/group/passwd
 for the users on the base server
-create process on the target to generate the ssh key for the users
 to replicate the base users/sshkeys
-create process to copy all the dir/files from the base to the target,
 excluding a limited subset of dirs..
-create process to install on the target, all the installed packages from
 the base
-


Steps::
-on the target disable selinux for simplicity
 vi /etc/sysconfig/selinux
  set >>  SELINUX=disabled <<


-Create the list of users
-On the target, generate the users/passwd/groups. It appears this
 could/should be doable by copying the requisite files from the
 base->target with the associated perms..
 Decided to do it manually to ensure it matches..

-the users are/were:
 root/root_tmp/test_user

 -use useradd/passwd to generate the same users/passwd/group as well as
  the same uid/gid for the userID/groupID to match the base server

  --match the user/passwd/uid/gid so the target matches the base
  --if required, mod the uid/gid
    usermod -u xx test_user
    groupmod -g xx test_user

  --at the same time, change/match across the entire dir for any files
    to handle user/group owner (do this for all users)
    find / -group 500 -exec chgrp -h test_user {} \;
    find / -user 500 -exec chown -h test_user {} \;

-change to given user (root/root_tmp/test_user)
 set up the ssh keymkdir ~/.ssh
 chmod 700 ~/.ssh
 echo '' > ~/.ssh/authorized_keys
 chmod 600 ~/.ssh/authorized_keys

 chmod 755 ~ ~/.ssh

 update/cpy in the "authorized_keys" file the pub key from the
 base/user  "authorized_keys" file

at this point, the users are set, and the ssh keys are set..

----------------------------------
Copy the dirs/files....

The process runs on the base, copying/rsync from the base-> target handling
 the entire disk from the "/" top.. on down..

 The excluded list follows as well as as the rsync cmd..

The file "/etc/skipdirs.rsync" contains:

        /proc/*
        /sys/*
        /dev/*
        /media/*
        /var/log/*
        /var/log/journal/*
        **/.cache/google-chrome/***
        **/.ccache/***
        /BACKUPS/*
        /run/media/*
        /var/lib/nfs/*
        /usr/src/kernels/*
        /root/.cache/*
        /swapfile
        /bin/*

rsync --progress  -avAI --exclude-from=/etc/skipdirs.rsync / root@11.22.33.44:/
 (shout out to Rick!!)

I intentionally wanted to see all the files xfered as I ran/run the cmd..
-the cmd is run as "root" on the base, to ensure the process has
 complete access to all dirs/files..
-the "root" user on the target has access to top level as well..

RPM packages..
-To further ensure the target will mtach the base,
 on the base as "root" run
  rpm -qa > rpmlist.dat
  rsync --progress  -avAI /rpmlist.dat root@11.22.33.44:/

and on the target as root
  cat /rpmlist.dat | xargs yum -y install

followed by
 yum update

--end result is that all the packages on the target should match
  the base

::given that this is going to be a "client" to the nfsServer..
-make sure the nfs client utils are available.. they should already
 be but check anyway..

on the target as root

install any/all additional packages on the target::
yum install nfs-utils nfs-utils-lib

as root
sudo cat << EOF > /etc/yum.repos.d/google-chrome.repo
[google-chrome]
name=google-chrome - \$basearch
baseurl=http://dl.google.com/linux/chrome/rpm/stable/\$basearch
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
EOF

yum install -y  gcc xorg-x11-server-Xvfb google-chrome-stable
yum install xvfb x11-xkb-utils
yum install xfonts-100dpi xfonts-75dpi xfonts-scalable xfonts-cyrillic

yum install vi
pip install pyvirtualdisplay
python -m pip install --upgrade pip setuptools wheel

easy_install simplejson
yum install libxml2-python

yum install epel-release
pip install -U selenium
pip install pyvirtualdisplay
yum install Xvfb libXfont Xorg


-finally.. install the "stuff" for the selenium/firefox/chrome testing..

wget https://github.com/mozilla/geckodriver/releases/download/v0.19.1/geckodriver-v0.19.1-linux64.tar.gz
tar -x geckodriver -zf geckodriver-v0.19.1-linux64.tar.gz -O >
/usr/local/bin/geckodriver
chmod +x /usr/local/bin/geckodriver
rm geckodriver-v0.19.1-linux64.tar.gz
ln -s /path/to/file /path/to/symlink
ln -s /usr/local/bin/geckodriver /usr/bin/geckodriver

## Chromedriver
wget https://chromedriver.storage.googleapis.com/2.35/chromedriver_linux64.zip
unzip chromedriver_linux64.zip
sudo chmod +x chromedriver
sudo mv chromedriver /usr/local/bin/
rm chromedriver_linux64.zip
ln -s /usr/local/bin/chromedriver /usr/bin/chromedriver



finally.... on the base....
as root..
 vi /etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin no


ok....


if you can see something else that can be done that I might have
missed.. or that would be better.. shout it out.

At some point.. others on DO will be looking for something like this.

Ideally, it would be cool/good to have this in a kind of chef/puppet cookbook.

But that's above my pay grade for now!

thanks
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@lists.fedoraproject.org

I am keeping this for posterity.. thanks for such a well rounded step-by-step.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux