Skip to main content

BareOS deployment in systemd-nspawn (P2V migration)

Attention: this is NOT ready-to-use script! You need some basic knowledge about systemd, systemd-nspawn, apache, php and so on.

In short, post became too long ;)

Content:
Create filesystem(s)
Install (Arch)Linux and some addititional pkgs
Install Bareos packages / other payload pkgs
Clean package cache
Set locale
Remove root access, add user, create sudoers entry
Enable autologin (insecure)
Configure network (systemd-networkd)
Configure PostgreSQL
Configure Apache+PHP
Restore data (out of scope)
Set permission
Enable services
Start VM
Results

# Create FS:

sudo zfs create storarray/local/vms/container/backup-vms
sudo zfs create storarray/local/vms/container/backup-vms/backup
sudo zfs create \
	-o recordsize=8k -o primarycache=all -o logbias=latency \
	storarray/local/vms/container/backup-vms/pgdata

# Install archbase + additional packages:

cd /storarray/local/vms/container
sudo pacstrap backup-vms base postgresql bash-completion \
	lsscsi apache php7-apache php7-pgsql php7-fpm db \
	inetutils jansson lzo perl sudo expect

# Install payload:

sudo systemd-nspawn --directory $(pwd)/backup-vms --hostname whale --quiet \
	--network-bridge=home-br0 \
	--bind-ro /storarray_ext/nas/software/bareos \
	--bind-ro /storarray/sync/source/bareos \
	pacman -U \
	/storarray_ext/nas/software/bareos/bareos-bconsole-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-common-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-database-common-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-database-postgresql-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-database-tools-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-director-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-filedaemon-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-storage-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-storage-tape-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-tools-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray_ext/nas/software/bareos/bareos-webui-21.1.3-100-x86_64.pkg.tar.zst \
        /storarray/sync/source/bareos/build/mt-st-git/mt-st-git-1.4.r10.gfbfd923-1-x86_64.pkg.tar.zst \
        /storarray/sync/source/bareos/backup_config/packages_19.2.10/mtx-git-20191126-1-x86_64.pkg.tar.zst

# Cleanup package cache:

sudo rm $(pwd)/backup-vms/var/cache/pacman/pkg/*

# Set locale:

echo "LANG=en_US.UTF-8" | sudo tee $(pwd)/backup-vms/etc/locale.conf
cat << EOF | sudo tee $(pwd)/backup-vms/etc/locale.gen
en_US.UTF-8 UTF-8
ru_RU.UTF-8 UTF-8
EOF
sudo systemd-nspawn --directory $(pwd)/backup-vms locale-gen

# Add user:

sudo systemd-nspawn --directory $(pwd)/backup-vms passwd -l root &&
sudo systemd-nspawn --directory $(pwd)/backup-vms useradd -m ilyxa &&
#~ sudo systemd-nspawn --directory $(pwd)/backup-vms passwd ilyxa &&
sudo systemd-nspawn --directory $(pwd)/backup-vms gpasswd --add ilyxa sgx &&
sudo systemd-nspawn --directory $(pwd)/backup-vms gpasswd --add bareos sgx
echo ilyxa:$(openssl rand -hex 16) | sudo chpasswd -R $(pwd)/backup-vms
echo "ilyxa ALL=(ALL) NOPASSWD: ALL" | sudo tee $(pwd)/backup-vms/etc/sudoers.d/00-ilyxa

# F.ck security Autologin:

sudo mkdir -p $(pwd)/backup-vms/etc/systemd/system/console-getty.service.d/
cat << EOF | sudo tee $(pwd)/backup-vms/etc/systemd/system/console-getty.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --keep-baud --autologin ilyxa - 115200,38400,9600 $TERM
EOF

# … and for machinectl shell:

sudo mkdir -p $(pwd)/backup-vms/etc/systemd/system/container-getty@.service.d
cat << EOF | sudo tee $(pwd)/backup-vms/etc/systemd/system/container-getty@.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --keep-baud --autologin ilyxa - 115200,38400,9600 $TERM
EOF

# Configure whole network stuff (bridge in use, manual address):

cat << EOF | sudo tee $(pwd)/backup-vms/etc/systemd/network/00-host.network
[Match]
Name=host*

[Network]
Address=192.168.171.23/24
Gateway=192.168.171.1
DNS=192.168.171.1
EOF

# Configure Postgresql:

sudo mkdir -p $(pwd)/backup-vms/etc/systemd/system/postgresql.service.d
cat << EOF | sudo tee $(pwd)/backup-vms/etc/systemd/system/postgresql.service.d/override.conf
[Service]
Environment=PGROOT=/pgdata
PIDFile=/pgdata/data/postmaster.pid
EOF

# Configure Apache:

sudo sed -i 's/LoadModule mpm_event_module modules\/mod_mpm_event.so/#LoadModule mpm_event_module modules\/mod_mpm_event.so/g' $(pwd)/backup-vms/etc/httpd/conf/httpd.conf
# echo "Include conf.d/extra/bareos-webui.conf" | sudo tee -a $(pwd)/backup-vms/etc/httpd/conf/httpd.conf
sudo sed -i 's/;extension=gettext/extension=gettext/g' $(pwd)/backup-vms/etc/php7/php.ini
sudo sed -i 's/;extension=pdo_pgsql/extension=pdo_pgsql/g' $(pwd)/backup-vms/etc/php7/php.ini
sudo sed -i 's/;extension=pgsql/extension=pgsql/g' $(pwd)/backup-vms/etc/php7/php.ini
# sudo sed -i 's/;open_basedir =/open_basedir = \/usr\/share\/webapps\/bareos-webui\/:\/etc\/bareos-webui\/:\/tmp\//g' $(pwd)/backup-vms/etc/php7/php.ini

cat << EOF | sudo tee -a $(pwd)/backup-vms/etc/httpd/conf/httpd.conf
AddHandler php-script .php
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule php7_module modules/libphp7.so
Include conf/extra/php7_module.conf
Include conf.d/extra/bareos-webui.conf
EOF

# Restore files (out of scope):

# Personally I’m using zrepl, simple mount.zfs @snapshot /mountpoint both for bareos files and PG was my solution.

# Permission:

sudo systemd-nspawn --directory $(pwd)/backup-vms chown -R postgres:postgres /pgdata &&
sudo systemd-nspawn --directory $(pwd)/backup-vms chown -R bareos:bareos /etc/bareos* /var/lib/bareos &&
sudo systemd-nspawn --directory $(pwd)/backup-vms chown -R ilyxa:ilyxa /home/ilyxa

# Enable services:

sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable systemd-networkd &&
sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable systemd-resolved &&
sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable postgresql.service &&
sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable httpd.service && 
sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable bareos-dir.service &&
sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable bareos-sd.service &&
sudo systemd-nspawn --directory $(pwd)/backup-vms systemctl enable bareos-fd.service

# Start VM:

# I don't create slice/serivce to run this service
sudo systemd-nspawn --directory $(pwd)/backup-vms --hostname whale --quiet \
	--network-bridge=home-br0 --boot  \
	--capability CAP_SYS_RAWIO \
	--bind /dev/tape/by-id/scsi-HUJ5445169-nst \
	--bind $(readlink -e /dev/tape/by-id/scsi-HUJ5445169-nst) \
	--bind /dev/tape/by-id/scsi-DEC54501EV \
	--bind $(readlink -e /dev/tape/by-id/scsi-DEC54501EV)

# Results:

LC_ALL=en_US.UTF-8 surf whale.home.nest.org.ru/bareos-webui
Bareos Screenshot
Bareos Screenshot