Changeset 152353b


Ignore:
Timestamp:
03/31/15 11:12:01 (4 months ago)
Author:
Kris Moore <kris@…>
Branches:
master, enter/10, releng/10.1.2
Children:
f884a68
Parents:
384e0508
Message:

Add some new abilities to LP iscsi support.

  1. New saveiscsi sub-command, allows exporting iSCSI + GELI data to a password-protected file, for saving offsite in secure location
  1. Add ability to import this new .lpiscsi file on another host, will be adding support for it to PC-BSD installer as well
Location:
src-sh/lpreserver
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • src-sh/lpreserver/backend/functions.sh

    r384e0508 r152353b  
    291291} 
    292292 
     293add_rep_from_iscsi_file() { 
     294  LPFILE="$1" 
     295  LDATA="$2" 
     296  TIME="$3" 
     297  PASSFILE="$4" 
     298 
     299  MD=`mdconfig -t vnode -f ${LPFILE}` 
     300  if [ -n "$PASSFILE" ] ; then 
     301    echo "Creating GELI provider..." 
     302    cat ${PASSFILE} | geli attach -j - ${MD} >/dev/null 2>/dev/null 
     303    if [ $? -ne 0 ] ; then 
     304       mdconfig -d -u $MD 
     305       exit_err "Failed GELI attach" 
     306    fi 
     307    rm ${PASSFILE} 
     308  else 
     309    echo "Please enter the password for this backup iscsi file:" 
     310    echo -e ">\c" 
     311    stty -echo 
     312    read PASSWORD 
     313    stty echo 
     314    printf "\n" 
     315    echo "$PASSWORD" | geli attach -j - ${MD} >/dev/null 2>/dev/null 
     316    if [ $? -ne 0 ] ; then 
     317       mdconfig -d -u $MD 
     318       exit_err "Failed GELI attach" 
     319    fi 
     320  fi 
     321 
     322  MNTDIR=`mktemp -d /tmp/XXXXXXXXXXXXXXXXXXX` 
     323  mount /dev/${MD}.eli ${MNTDIR} 
     324  if [ $? -ne 0 ] ; then 
     325    geli stop /dev/${MD}.eli 
     326    mdconfig -d -u $MD 
     327    exit_err "Failed mounting" 
     328  fi 
     329  GELIKEY="${MNTDIR}/GELIKEY" 
     330 
     331  # Read in the settings 
     332  REPHOST=`cat ${MNTDIR}/REPHOST` 
     333  REPUSER=`cat ${MNTDIR}/REPUSER` 
     334  REPPORT=`cat ${MNTDIR}/REPPORT` 
     335  REPRDATA=`cat ${MNTDIR}/REPRDATA` 
     336  REPTARGET=`cat ${MNTDIR}/REPTARGET` 
     337  REPPOOL=`cat ${MNTDIR}/REPPOOL` 
     338  REPINAME=`cat ${MNTDIR}/REPINAME` 
     339  REPPAS=`cat ${MNTDIR}/REPPASS` 
     340 
     341  if [ ! -e "$GELIKEY" ] ; then 
     342     exit_err "Missing GELI key: $GELIKEY" 
     343  fi 
     344  LGELIKEY="${DBDIR}/keys/`echo ${HOST}${USER}${LDATA} | sha256 -q`.key" 
     345  cp $GELIKEY $LGELIKEY 
     346  chmod 600 ${LGELIKEY} 
     347 
     348  rem_rep_task "$LDATA" "$REPHOST" 
     349  echo "${LDATA}:${TIME}:${REPHOST}:${REPUSER}:${REPPORT}:ISCSI:${REPTARGET}:${LGELIKEY}:${REPPOOL}:${REPINAME}:${REPPASS}" >> ${REPCONF} 
     350 
     351  umount -f ${MNTDIR} 
     352  rmdir ${MNTDIR} 
     353  geli stop /dev/${MD}.eli 
     354  mdconfig -d -u ${MD} 
     355 
     356  if [ -e ${CMDLOG} ] ; then rm ${CMDLOG}; fi 
     357 
     358  # Lets test connecting to the iscsi target 
     359  repLine=`cat ${REPCONF} | grep "^${LDATA}:.*:${HOST}:"` 
     360  load_iscsi_rep_data 
     361  echo "Running test iscsi / zpool connection... Please wait..." 
     362  connect_iscsi 
     363  if [ $? -ne 0 ] ; then 
     364    cleanup_iscsi 
     365    rm ${LGELIKEY} 
     366    rem_rep_task "$LDATA" "$HOST" 
     367    exit_err "Failed connecting to / importing of remote iscsi target!" 
     368  fi 
     369  cleanup_iscsi 
     370 
     371  finish_add_iscsi_target 
     372} 
     373 
    293374add_rep_iscsi_task() { 
    294375  LPS="$1" 
     
    302383  esac 
    303384 
     385  # Make the GELI key dir 
     386  if [ ! -d "${DBDIR}/keys" ] ; then 
     387    mkdir -p ${DBDIR}/keys 
     388  fi 
     389 
     390  # See if this file is a LPS or LPISCSI file 
     391  file ${LPS} | grep -q data 
     392  if [ $? -eq 0 ] ; then 
     393     add_rep_from_iscsi_file "$LPS" "$2" "$3" "$4" 
     394     exit 0 
     395  fi 
     396 
    304397  # Read data from the LPS file 
    305398  read_lps_file "$LPS" 
    306399  RZPOOL="lp-$USER-backup" 
    307   
    308   # Make the GELI key dir 
    309   if [ ! -d "${DBDIR}/keys" ] ; then 
    310     mkdir -p ${DBDIR}/keys 
    311   fi 
    312400 
    313401  # Setup the GELI key 
     
    340428  cleanup_iscsi 
    341429 
    342   # If doing manual backups, stop here 
    343   if [ "$TIME" = "manual" ] ; then return ; fi 
    344  
    345   if [ "$TIME" != "sync" ] ; then 
     430  finish_add_iscsi_target 
     431} 
     432 
     433finish_add_iscsi_target() 
     434{ 
     435 
     436  if [ "$TIME" != "sync" -a "$TIME" != "manual" ] ; then 
    346437    case $TIME in 
    347438        hour) cTime="0     *" ;; 
     
    13951486  exit 0 
    13961487} 
     1488 
     1489save_iscsi_zpool_data() { 
     1490  LDATA="$1" 
     1491  if [ -z "$1" -o -z "$2" ] ; then 
     1492     exit_err "Usage: lpreserver replicate saveiscsi <zpool> <target host> [password file]" 
     1493  fi 
     1494  PASSFILE="$3" 
     1495 
     1496  repLine=`cat ${REPCONF} | grep "^${LDATA}:.*:${2}:"` 
     1497  if [ -z "$repLine" ] ; then exit_err "No such replication task: ${LDATA}";fi 
     1498 
     1499  # We have a replication task for this set, get some vars 
     1500  hName=`hostname` 
     1501  REPHOST=`echo $repLine | cut -d ':' -f 3` 
     1502  REPUSER=`echo $repLine | cut -d ':' -f 4` 
     1503  REPPORT=`echo $repLine | cut -d ':' -f 5` 
     1504  REPRDATA=`echo $repLine | cut -d ':' -f 6` 
     1505 
     1506  if [ "$REPRDATA" != "ISCSI" ] ; then 
     1507    exit_err "This replication is not an iSCSI volume" 
     1508  fi 
     1509 
     1510  load_iscsi_rep_data 
     1511 
     1512  # Make sure we have values to save 
     1513  if [ -z "$REPHOST" -o -z "$REPUSER" -o -z "$REPPORT" -o -z "$REPRDATA" -o -z "$REPTARGET" -o -z "$REPPOOL" -o -z "$REPINAME" -o -z "$REPPASS" ] ; then 
     1514    exit_err "Failed sanity-check of replication meta-data!" 
     1515  fi 
     1516 
     1517  SANELDATA="`echo $LDATA | sed 's|/|-|g'`" 
     1518  LPFILE="lp-`hostname`-${SANELDATA}-${REPHOST}.lpiscsi" 
     1519 
     1520  truncate -s 5M ${LPFILE} 
     1521  MD=`mdconfig -t vnode -f ${LPFILE}` 
     1522  if [ -n "$PASSFILE" ] ; then 
     1523    echo "Creating GELI provider..." 
     1524    cat ${PASSFILE} | geli init -J - ${MD} >/dev/null 2>/dev/null 
     1525    if [ $? -ne 0 ] ; then 
     1526       mdconfig -d -u $MD 
     1527       rm ${LPFILE} 
     1528       exit_err "Failed GELI init" 
     1529    fi 
     1530    cat ${PASSFILE} | geli attach -j - ${MD} >/dev/null 2>/dev/null 
     1531    if [ $? -ne 0 ] ; then 
     1532       mdconfig -d -u $MD 
     1533       rm ${LPFILE} 
     1534       exit_err "Failed GELI attach" 
     1535    fi 
     1536    rm ${PASSFILE} 
     1537  else 
     1538    echo "Please enter the password for this backup iscsi file:" 
     1539    echo -e ">\c" 
     1540    stty -echo 
     1541    read PASSWORD 
     1542    stty echo 
     1543    printf "\n" 
     1544    echo "Repeat Password" 
     1545    echo -e ">\c" 
     1546    stty -echo 
     1547    read PASSWORD2 
     1548    stty echo 
     1549    printf "\n" 
     1550    if [ -z "$PASSWORD" -o "$PASSWORD" != "$PASSWORD2" ] ; then 
     1551       mdconfig -d -u $MD 
     1552       rm ${LPFILE} 
     1553       exit_err "Password mismatch!" 
     1554    fi 
     1555    echo "Creating GELI provider..." 
     1556    echo "$PASSWORD" | geli init -J - ${MD} >/dev/null 2>/dev/null 
     1557    if [ $? -ne 0 ] ; then 
     1558       mdconfig -d -u $MD 
     1559       rm ${LPFILE} 
     1560       exit_err "Failed GELI init" 
     1561    fi 
     1562    echo "$PASSWORD" | geli attach -j - ${MD} >/dev/null 2>/dev/null 
     1563    if [ $? -ne 0 ] ; then 
     1564       mdconfig -d -u $MD 
     1565       rm ${LPFILE} 
     1566       exit_err "Failed GELI attach" 
     1567    fi 
     1568  fi 
     1569 
     1570  # Setup FS 
     1571  echo "Creating file-system..." 
     1572  newfs /dev/${MD}.eli >/dev/null 2>/dev/null 
     1573  if [ $? -ne 0 ] ; then 
     1574    geli stop /dev/${MD}.eli 
     1575    mdconfig -d -u $MD 
     1576    rm ${LPFILE} 
     1577    exit_err "Failed newfs" 
     1578  fi 
     1579 
     1580  MNTDIR=`mktemp -d /tmp/XXXXXXXXXXXXXXXXXXX` 
     1581  mount /dev/${MD}.eli ${MNTDIR} 
     1582  if [ $? -ne 0 ] ; then 
     1583    geli stop /dev/${MD}.eli 
     1584    mdconfig -d -u $MD 
     1585    rm ${LPFILE} 
     1586    exit_err "Failed mounting" 
     1587  fi 
     1588 
     1589  # Save the meta-data 
     1590  echo "$REPHOST" > ${MNTDIR}/REPHOST 
     1591  echo "$REPUSER" > ${MNTDIR}/REPUSER 
     1592  echo "$REPPORT" > ${MNTDIR}/REPPORT 
     1593  echo "$REPRDATA" > ${MNTDIR}/REPRDATA 
     1594  echo "$REPTARGET" > ${MNTDIR}/REPTARGET 
     1595  echo "$REPPOOL" > ${MNTDIR}/REPPOOL 
     1596  echo "$REPINAME" > ${MNTDIR}/REPINAME 
     1597  echo "$REPPASS" > ${MNTDIR}/REPPASS 
     1598  cp ${REPGELIKEY} ${MNTDIR}/GELIKEY 
     1599 
     1600  # Now lets read the data back 
     1601  if [ "$REPHOST" != "`cat ${MNTDIR}/REPHOST`" ] ; then 
     1602    geli stop /dev/${MD}.eli 
     1603    mdconfig -d -u $MD 
     1604    rm ${LPFILE} 
     1605    exit_err "Failed sanity-check of copied replication meta-data!" 
     1606  fi 
     1607  if [ "$REPUSER" != "`cat ${MNTDIR}/REPUSER`" ] ; then 
     1608    geli stop /dev/${MD}.eli 
     1609    mdconfig -d -u $MD 
     1610    rm ${LPFILE} 
     1611    exit_err "Failed sanity-check of copied replication meta-data!" 
     1612  fi 
     1613  if [ "$REPPORT" != "`cat ${MNTDIR}/REPPORT`" ] ; then 
     1614    geli stop /dev/${MD}.eli 
     1615    mdconfig -d -u $MD 
     1616    rm ${LPFILE} 
     1617    exit_err "Failed sanity-check of copied replication meta-data!" 
     1618  fi 
     1619  if [ "$REPRDATA" != "`cat ${MNTDIR}/REPRDATA`" ] ; then 
     1620    geli stop /dev/${MD}.eli 
     1621    mdconfig -d -u $MD 
     1622    rm ${LPFILE} 
     1623    exit_err "Failed sanity-check of copied replication meta-data!" 
     1624  fi 
     1625  if [ "$REPTARGET" != "`cat ${MNTDIR}/REPTARGET`" ] ; then 
     1626    geli stop /dev/${MD}.eli 
     1627    mdconfig -d -u $MD 
     1628    rm ${LPFILE} 
     1629    exit_err "Failed sanity-check of copied replication meta-data!" 
     1630  fi 
     1631  if [ "$REPPOOL" != "`cat ${MNTDIR}/REPPOOL`" ] ; then 
     1632    geli stop /dev/${MD}.eli 
     1633    mdconfig -d -u $MD 
     1634    rm ${LPFILE} 
     1635    exit_err "Failed sanity-check of copied replication meta-data!" 
     1636  fi 
     1637  if [ "$REPINAME" != "`cat ${MNTDIR}/REPINAME`" ] ; then 
     1638    geli stop /dev/${MD}.eli 
     1639    mdconfig -d -u $MD 
     1640    rm ${LPFILE} 
     1641    exit_err "Failed sanity-check of copied replication meta-data!" 
     1642  fi 
     1643  if [ "$REPPASS" != "`cat ${MNTDIR}/REPPASS`" ] ; then 
     1644    geli stop /dev/${MD}.eli 
     1645    mdconfig -d -u $MD 
     1646    rm ${LPFILE} 
     1647    exit_err "Failed sanity-check of copied replication meta-data!" 
     1648  fi 
     1649 
     1650  # Make sure GELI key is good 
     1651  diff -q ${REPGELIKEY} ${MNTDIR}/GELIKEY >/dev/null 2>/dev/null 
     1652  if [ $? -ne 0 ] ; then 
     1653    geli stop /dev/${MD}.eli 
     1654    mdconfig -d -u $MD 
     1655    rm ${LPFILE} 
     1656    exit_err "Failed sanity-check of copied replication GELI key!" 
     1657  fi 
     1658 
     1659  umount -f ${MNTDIR} 
     1660  rmdir ${MNTDIR} 
     1661  geli stop /dev/${MD}.eli 
     1662  mdconfig -d -u ${MD} 
     1663 
     1664  echo "iSCSI config and GELI key saved to: $LPFILE" 
     1665  echo "" 
     1666  echo "!! -- PLEASE KEEP THIS IN A SAFE LOCATION -- !!" 
     1667  echo "" 
     1668  echo "If you lose the password of this file you will be unable" 
     1669  echo "to restore your data!" 
     1670 
     1671  exit 0 
     1672} 
  • src-sh/lpreserver/lpreserver

    r384e0508 r152353b  
    5151   listsnap - List snapshots of a zpool/dataset 
    5252     mksnap - Create a ZFS snapshot of a zpool/dataset 
    53   replicate - Enable / Disable ZFS replication to a remote system 
     53  replicate - Sub-command of replication tasks 
    5454 revertsnap - Revert zpool/dataset to a snapshot 
    5555     rmsnap - Remove a snapshot 
     
    166166      remove - Remove a replication target 
    167167         run - Start a replication manually 
    168  
    169  
    170 Add Options: 
     168   saveiscsi - Save the iSCSI config data / GELI key 
     169 
     170 
     171add Options: 
    171172 
    172173        add <remotehost> <user> <port> <hostdataset> <remotedataset> <time> 
    173174         
    174         or 
    175  
    176         add iscsi <path-to-lpsfile> <hostdataset> <time> [geli key] 
     175        add iscsi <*.lps file> <hostdataset> <time> [geli key] 
     176 
     177        add iscsi <*.lpiscsi file> <hostdataset> <time> [password file] 
    177178 
    178179        <time> = XX/sync/hour/30min/10min/manual 
     
    198199        notated in 24hour time 
    199200 
    200 Expand Options: 
     201expand Options: 
    201202 
    202203        expand <localdataset/zpool> <target host> 
     
    208209        NOTE: This can only be used to grow a zpool, shrinking is not permitted. 
    209210 
    210 Export Options: 
     211export Options: 
    211212 
    212213        export <localdataset/zpool> <target host> 
     
    215216        zpool replication specified for <target host> 
    216217 
    217 Import Options: 
     218import Options: 
    218219 
    219220        import <localdataset/zpool> <target host> 
     
    223224 
    224225 
    225 Init Options: 
     226init Options: 
    226227 
    227228        init <localdataset/zpool> <target host> 
     
    231232        all the data on the remote side, and require a full re-sync again. 
    232233 
    233 Remove Options: 
     234remove Options: 
    234235 
    235236        remove <dataset> <target host> 
     
    238239        Use 'replicate list' for a list of IDs.  
    239240 
    240 Run Options: 
     241run Options: 
    241242 
    242243        run <dataset> <target host> 
     
    244245        Starts a manual replication for <dataset> streaming to <target host> 
    245246 
     247saveiscsi options: 
     248 
     249        saveiscsi <localdataset/zpool> <target host> [password file] 
     250 
     251        Creates a GELI encrypted file, which contains all the iSCSI connection 
     252        information and GELI key for the replication target. Will prompt for 
     253        the password to set on this GELI encrypted file. 
     254 
     255        This file can then be used with the "replicate add" command to import 
     256        the backup zpool on another system or from the PC-BSD install media. 
    246257 
    247258Examples: 
     
    691702                      exit $? 
    692703                      ;; 
     704                saveiscsi) require_root ; save_iscsi_zpool_data "$2" "$3" "$4" ;; 
    693705                *) help_replicate ;; 
    694706            esac 
Note: See TracChangeset for help on using the changeset viewer.