11
This commit is contained in:
parent
cfb8471e93
commit
74a7ea8be9
135
11.html
135
11.html
@ -42,7 +42,7 @@
|
|||||||
<section data-transition="slide" data-background="#4d7e65" data-background-transition="zoom">
|
<section data-transition="slide" data-background="#4d7e65" data-background-transition="zoom">
|
||||||
<h1>LINUX</h1>
|
<h1>LINUX</h1>
|
||||||
<h3>Das universelle Betriebssystem</h3>
|
<h3>Das universelle Betriebssystem</h3>
|
||||||
<p>Eine Einführung - Teil 10
|
<p>Eine Einführung - Teil 11
|
||||||
<p> <small>Deutsche Angestellten Akademie</small> </p>
|
<p> <small>Deutsche Angestellten Akademie</small> </p>
|
||||||
<aside class="notes">
|
<aside class="notes">
|
||||||
Frage: Fragen zur letzten Stunde?
|
Frage: Fragen zur letzten Stunde?
|
||||||
@ -112,18 +112,17 @@
|
|||||||
|
|
||||||
<section>
|
<section>
|
||||||
<h4>Verwendung mit ssh-Keys</h4>
|
<h4>Verwendung mit ssh-Keys</h4>
|
||||||
<ol>
|
<ol style="font-size: .8em">
|
||||||
<li class="fragment ">Schlüsselpaar generieren:<br> <code>ssh-keygen -b 4096</code></li>
|
<li class="fragment ">Schlüsselpaar generieren:<br> <pre><code>ssh-keygen -b 4096</code></pre></li>
|
||||||
<li class="fragment ">öffentlichen Schlüssel zum Server kopieren:<br> <code>scp neuer-super-key.pub user@server.de</code></li>
|
<li class="fragment ">öffentlichen Schlüssel zum Server kopieren:<br> <pre><code>scp neuer-super-key.pub user@server.de</code></pre></li>
|
||||||
<li class="fragment ">Beim Server anmelden: <code>ssh user@server.de</code></li>
|
<li class="fragment ">Beim Server anmelden: <code>ssh user@server.de</code></li>
|
||||||
<li class="fragment "><pre><code class="bash">
|
<li class="fragment "><pre><code class="bash">$ mkdir ~/.ssh
|
||||||
$ mkdir ~/.ssh
|
|
||||||
$ cat ~/neuer-super-key.pub >> ~/.ssh/authorized_keys
|
$ cat ~/neuer-super-key.pub >> ~/.ssh/authorized_keys
|
||||||
$ rm ~/neuer-super-key.pub
|
$ rm ~/neuer-super-key.pub
|
||||||
$ chmod 600 ~/.ssh/authorized_keys</code></pre></li>
|
$ chmod 600 ~/.ssh/authorized_keys</code></pre><p class="fragment">Oder mit <code>ssh-copy-id</code></li>
|
||||||
|
<li class="fragment">nun ist Anmeldung mit Key möglich.
|
||||||
</ol>
|
</ol>
|
||||||
|
|
||||||
<p>nun ist Anmeldung mit Key möglich.
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
@ -154,25 +153,119 @@ $ chmod 600 ~/.ssh/authorized_keys</code></pre></li>
|
|||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
|
<h4>ssh_config</h4>
|
||||||
|
<pre><code class="bash">Host gitlab.com
|
||||||
|
HostName gitlab.com
|
||||||
|
PreferredAuthentications=publickey
|
||||||
|
#PreferredAuthentications=password
|
||||||
|
IdentityFile ~/.ssh/gitlab-com
|
||||||
|
IdentitiesOnly yes
|
||||||
|
User git
|
||||||
|
|
||||||
|
Host *
|
||||||
|
user root
|
||||||
|
|
||||||
|
ServerAliveInterval 120
|
||||||
|
ServerAliveCountMax 15
|
||||||
|
</code></pre>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<span style="color: orange">Aufgabe:</span>
|
<h4>Nutzungsbeispiele</h4>
|
||||||
|
<pre class="fragment "><code class="bash">~$ ssh root@server 'cd /etc; \
|
||||||
<ul>
|
tar czvf - network/' | cat > etc_network_backup.tar.gz </code></pre>
|
||||||
<li> erstellt ein script, welches Serverseitig ein Datenbank und File Backup erstellt</li>
|
<pre class="fragment "><code>~$ scp -r root@server:/etc/apache2 . </code></pre>
|
||||||
<li> erstellt ein script, welches Serverseitig ein Datenbank und File Backup erstellt</li>
|
<pre class="fragment "><code>~$ scp omikron-net.conf \
|
||||||
|
root@server:/etc/apache2/sites-available/ . </code></pre>
|
||||||
<li>Erstellt ein script, welches diese Backups mit rsync herunterlädt</li>
|
<pre class="fragment "><code class="bash">~$ rsync -e ssh lk.schubertdaniel.de:/home/dany/backups/* \
|
||||||
<li>Erstellt einen Cron-Job der das wöchentlich macht</li>
|
/local/backup/dir/ >> backup.log 2>&1
|
||||||
</ul>
|
</code></pre>
|
||||||
|
|
||||||
<p>Hinweise:
|
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<h3>rsync vs. scp</h3>
|
||||||
|
<ul>
|
||||||
|
<li class="fragment ">scp -> funktioniert wie cp; geeignet um schnell mal einzelne Dateien zu kopieren</li>
|
||||||
|
<li class="fragment ">rsync -> für „richtige“ Backups; vergleicht lokales u. remote Verz., kopiert nur Unterschiede</li>
|
||||||
|
</ul>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section style="font-size: .8em">
|
||||||
|
<span style="color: orange">Aufgabe:</span>
|
||||||
|
<div>
|
||||||
|
<ul>
|
||||||
|
<li>erstellt einen ssh-key ohne Passwort; verwendet diesen key für Folgendes.</li>
|
||||||
|
<li>Erstellt ein script, welches Serverseitig alle Ordner in /usr/share/nginx/html ausser denen die„mich-*” heissen, in ein tar.gz Archiv verpacken. ( zb per Array im script, oder mit einer text-datei als input</li>
|
||||||
|
<li>Erstellt ein script, welches diese Backups mit <strong>rsync</strong> herunterlädt.</li>
|
||||||
|
<li>Das Backup soll die Datei Attribute unverändert belassen<br> ( Datum, Rechte etc ).</li>
|
||||||
|
<li>Erstellt einen Cron-Job, der das wöchentlich macht.</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<p>Hinweise:
|
||||||
|
<ul>
|
||||||
|
<li>cron muss vollständige Pfade angegeben bekommen.<br>
|
||||||
|
<li><code>rsync</code> mit spezifischem key:
|
||||||
|
<pre><code class="bash">/usr/bin/rsync -e 'ssh -i /home/$USERNAME/.ssh/key-ohne-pw' </code></pre>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<h4>Lösungs Vorschlag</h4>
|
||||||
|
<p><a href="https://git.scytec.de/danthefan/linuxkurs/blob/master/beispiele/11/file-backup.sh">remote backup script</a>
|
||||||
|
<p><a href="https://git.scytec.de/danthefan/linuxkurs/blob/master/beispiele/11/rsync-backup.sh">local rsync script</a>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<h4>Beschränkung von ssh auf best. Komandos</h4>
|
||||||
|
<pre><code class="bash"># Datei ~/.ssh/authorized_keys
|
||||||
|
# führt bei Anmeldung ls aus; lässt keine anderen Kommandos zu
|
||||||
|
command="/bin/ls -la ~" ssh-rsa AAAAB3.......
|
||||||
|
# oder
|
||||||
|
command="/bin/echo You invoked: $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB..</code></pre>
|
||||||
|
<div class="fragment">
|
||||||
|
<p>Um rsync zu verwenden ist ein wrapper script nötig:
|
||||||
|
|
||||||
|
<pre><code class="bash"># Datei ~/.ssh/authorized_keys
|
||||||
|
command="/absoluter/pfad/rsync-check.sh" ssh-rsa AAAAB3.......</code></pre>
|
||||||
|
|
||||||
|
<pre><code class="bash">#!/bin/bash
|
||||||
|
#
|
||||||
|
# rsync-check.sh
|
||||||
|
|
||||||
|
set -- $SSH_ORIGINAL_COMMAND
|
||||||
|
cmd="$1"; shift
|
||||||
|
case "$cmd" in
|
||||||
|
scp|rsync) exec "$cmd" "$@" ;;
|
||||||
|
*) echo "ERROR: request not permitted" ;;
|
||||||
|
esac</code></pre>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section><h4>Windows Programme für ssh</h4>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li class="fragment ">winscp</li>
|
||||||
|
<li class="fragment ">putty</li>
|
||||||
|
<li class="fragment ">swish</li>
|
||||||
|
</ul></section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<h4>Linux Helferlein</h4>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>screen</li>
|
||||||
|
<li>byobu</li>
|
||||||
|
<li>tmux</li>
|
||||||
|
<li>terimator</li>
|
||||||
|
<li>tmate</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<aside class="notes">
|
||||||
|
screen isntallieren
|
||||||
|
</aside>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section><h4>screen</h4></section>
|
||||||
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
@ -8,14 +8,15 @@ WEBSITESDIR="."
|
|||||||
# local backup folder
|
# local backup folder
|
||||||
BACKUPDIR="./backups"
|
BACKUPDIR="./backups"
|
||||||
|
|
||||||
|
# Erstelle backupdir falls nicht vorhanden
|
||||||
if [ ! -d $BACKUPDIR ]; then
|
if [ ! -d $BACKUPDIR ]; then
|
||||||
mkdir $BACKUPDIR
|
mkdir $BACKUPDIR
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Unterverzeichnisse von html die gebackuppt werden sollen
|
||||||
# Array
|
# Array
|
||||||
declare -a liste
|
declare -a liste
|
||||||
# Unterverzeichnisse von html die gebackuppt werden sollen
|
|
||||||
liste=(
|
liste=(
|
||||||
"omikron"
|
"omikron"
|
||||||
"amazon.de"
|
"amazon.de"
|
||||||
@ -25,11 +26,11 @@ liste=(
|
|||||||
"omikron/swiss"
|
"omikron/swiss"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
# websites
|
|
||||||
function create_websites_backup {
|
function create_websites_backup {
|
||||||
|
|
||||||
cd $WEBSITESDIR
|
cd $WEBSITESDIR
|
||||||
|
|
||||||
|
# Unter Verwendung des Array $liste
|
||||||
for i in "${liste[@]}"; do
|
for i in "${liste[@]}"; do
|
||||||
if [ -d $i ]; then
|
if [ -d $i ]; then
|
||||||
tag=$(echo $i | sed 's/\//-/')
|
tag=$(echo $i | sed 's/\//-/')
|
||||||
@ -38,9 +39,15 @@ function create_websites_backup {
|
|||||||
echo "File or Directory $i not found!\n"
|
echo "File or Directory $i not found!\n"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# oder unter Verwendung einer Datei mit der Verz. Liste
|
||||||
|
# while read i; do
|
||||||
|
# tar -zcf $BACKUPDIR/$tag-$NOW.tar.gz $WEBSITESDIR/$i
|
||||||
|
# done < 'backup-list.txt'
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# mysql backup
|
||||||
function do_sql_backup {
|
function do_sql_backup {
|
||||||
cd $BACKUPDIR
|
cd $BACKUPDIR
|
||||||
tag=db-$4-$NOW
|
tag=db-$4-$NOW
|
||||||
|
@ -6,7 +6,7 @@ REMOTE_HOST=XXX
|
|||||||
|
|
||||||
# rsync options
|
# rsync options
|
||||||
# -a = Archive Mode
|
# -a = Archive Mode
|
||||||
# -v = Verbode - für das log file
|
# -v = Verbose - für das log file
|
||||||
# -z = Compress
|
# -z = Compress
|
||||||
# -e = specify the remote shell to use
|
# -e = specify the remote shell to use
|
||||||
/usr/bin/rsync -avze 'ssh -i /home/$USERNAME/.ssh/rsync-key' $REMOTE_HOST:/home/$USERNAME/backups/* /local/backup/dir/ >> backup.log 2>&1
|
/usr/bin/rsync -avze 'ssh -i /home/$USERNAME/.ssh/rsync-key' $REMOTE_HOST:/home/$USERNAME/backups/* /local/backup/dir/ >> backup.log 2>&1
|
||||||
|
10
beispiele/11/rsync-check.sh
Normal file
10
beispiele/11/rsync-check.sh
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# rsync-check.sh
|
||||||
|
|
||||||
|
set -- $SSH_ORIGINAL_COMMAND
|
||||||
|
cmd="$1"; shift
|
||||||
|
case "$cmd" in
|
||||||
|
scp|rsync) exec "$cmd" "$@" ;;
|
||||||
|
*) echo "ERROR: request not permitted" ;;
|
||||||
|
esac
|
Loading…
Reference in New Issue
Block a user