Category Archives: System

How to install Haproxy

Let’s talk about Haproxy which is quite a good reverse proxy, I assume if you are here you know what it is ^^

Let’s walk trough installing it on Raspbian (would work on any *nux), if you are on Debian/Ubunt you can use a cool link that will give you the sources.list.

I wanted to install haproxy using the package manager on my system, but it’s always old versions:

# apt-cache policy haproxy
haproxy:
  Installé : (aucun)
  Candidat : 1.5.8-3+deb8u2
 Table de version :
     1.5.8-3+deb8u2 0
        500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages
        100 /var/lib/dpkg/status
Old package version

If the version shown in your package manager if what you want, just install it and you go to the configuration.

I needed the version 1.6, so let’s compile ! If you need an other version, keep reading it’s not that hard.

# replace the version by yours
_HAPROXY_VERSION="1.6.11"
cd /usr/src
wget http://www.haproxy.org/download/${_HAPROXY_VERSION%.*}/src/haproxy-${_HAPROXY_VERSION}.tar.gz &&
cd haproxy-${_HAPROXY_VERSION}/
Download haproxy's sources

Now a few dependencies that you might need too:

apt-get install libpcre3-dev libssl-dev
haproxy dependencies

Finally let’s do it:

make TARGET=custom CPU=native USE_PCRE=1 USE_LIBCRYPT=1 USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1
Compile haproxy

As you might notice I require PCRE, LIBCRYPT and most important for me OPENSSL.

If you have a few errors try to google them, don’t forget to do what’s below before you try to compile again:

make clean
Clean the previous try

Now we got the binary that we can move:

cp -a haproxy /usr/sbin/haproxy
Move the binary

Last but not least, you need an init script, there you go (I kindly copied it from a package installed version, all the credit goes to the author)

#!/bin/sh
### BEGIN INIT INFO
# Provides:          haproxy
# Required-Start:    $local_fs $network $remote_fs $syslog
# Required-Stop:     $local_fs $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: fast and reliable load balancing reverse proxy
# Description:       This file should be used to start and stop haproxy.
### END INIT INFO

# Author: Arnaud Cornet <acornet@debian.org>

PATH=/sbin:/usr/sbin:/bin:/usr/bin
PIDFILE=/var/run/haproxy.pid
CONFIG=/etc/haproxy/haproxy.cfg
HAPROXY=/usr/sbin/haproxy
RUNDIR=/run/haproxy
EXTRAOPTS=

test -x $HAPROXY || exit 0

if [ -e /etc/default/haproxy ]; then
	. /etc/default/haproxy
fi

test -f "$CONFIG" || exit 0

[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions


check_haproxy_config()
{
	$HAPROXY -c -f "$CONFIG" >/dev/null
	if [ $? -eq 1 ]; then
		log_end_msg 1
		exit 1
	fi
}

haproxy_start()
{
	[ -d "$RUNDIR" ] || mkdir "$RUNDIR"
	chown haproxy:haproxy "$RUNDIR"
	chmod 2775 "$RUNDIR"

	check_haproxy_config

	start-stop-daemon --quiet --oknodo --start --pidfile "$PIDFILE" \
		--exec $HAPROXY -- -f "$CONFIG" -D -p "$PIDFILE" \
		$EXTRAOPTS || return 2
	return 0
}

haproxy_stop()
{
	if [ ! -f $PIDFILE ] ; then
		# This is a success according to LSB
		return 0
	fi

	ret=0
	for pid in $(cat $PIDFILE); do
		start-stop-daemon --quiet --oknodo --stop \
			--retry 5 --pid $pid --exec $HAPROXY || ret=$?
	done

	[ $ret -eq 0 ] && rm -f $PIDFILE

	return $ret
}

haproxy_reload()
{
	check_haproxy_config

	$HAPROXY -f "$CONFIG" -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \
		|| return 2
	return 0
}

haproxy_status()
{
	if [ ! -f $PIDFILE ] ; then
		# program not running
		return 3
	fi

	for pid in $(cat $PIDFILE) ; do
		if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then
			# program running, bogus pidfile
			return 1
		fi
	done

	return 0
}


case "$1" in
start)
	log_daemon_msg "Starting haproxy" "haproxy"
	haproxy_start
	ret=$?
	case "$ret" in
	0)
		log_end_msg 0
		;;
	1)
		log_end_msg 1
		echo "pid file '$PIDFILE' found, haproxy not started."
		;;
	2)
		log_end_msg 1
		;;
	esac
	exit $ret
	;;
stop)
	log_daemon_msg "Stopping haproxy" "haproxy"
	haproxy_stop
	ret=$?
	case "$ret" in
	0|1)
		log_end_msg 0
		;;
	2)
		log_end_msg 1
		;;
	esac
	exit $ret
	;;
reload|force-reload)
	log_daemon_msg "Reloading haproxy" "haproxy"
	haproxy_reload
	ret=$?
	case "$ret" in
	0|1)
		log_end_msg 0
		;;
	2)
		log_end_msg 1
		;;
	esac
	exit $ret
	;;
restart)
	log_daemon_msg "Restarting haproxy" "haproxy"
	haproxy_stop
	haproxy_start
	ret=$?
	case "$ret" in
	0)
		log_end_msg 0
		;;
	1)
		log_end_msg 1
		;;
	2)
		log_end_msg 1
		;;
	esac
	exit $ret
	;;
status)
	haproxy_status
	ret=$?
	case "$ret" in
	0)
		echo "haproxy is running."
		;;
	1)
		echo "haproxy dead, but $PIDFILE exists."
		;;
	*)
		echo "haproxy not running."
		;;
	esac
	exit $ret
	;;
*)
	echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}"
	exit 2
	;;
esac

:
/etc/init.d/haproxy

If needed, make some changes ! In my case, everything ran smoothly.

The installation is done, next step is the configuration.

 

 

How to make SSHFS mount with SSH key and password

Let’s talk today about SSHFS mount, sometimes you just can’t do NFS or CIFS mount just because ^^

So one solution could be to use SSHFS. I won’t argue about speed, security or benchmarking the thing, I just had no other choice than doing SSHFS so here’s a way to do it with an SSH key and with only a password. (yea that’s a terrible idea but again, sometimes you have no choice)

Obviously if you have things to say about that method, drop a comment I’ll be glad.

I decided to show up only the fstab mount, if you need to do it on the fly then just adapt it 🙂

Prelude

Both example will be self explanatory for the most, you just have to change the words that I put uppercase.

uid/gid fields are set for the local server’s user (check /etc/passwd), set it to the proper user.

idmap=user is THE trick to keep the correct uid/gid mapping on both servers !

Before to get started, we will be mounting /home/REMOTE_USER/data/ from the remote server in /mnt/data/ on the local server therefore make sure to mkdir the local directory /mnt/data as your mount point.

SSHFS mount in /etc/fstab with a SSH key

Here it’s the IdentifyFile parameter that’s the most important, it must be the SSH private key, don’t forget to put the SSH pub key on the other server.

sshfs#REMOTE_USER@REMOTE_HOST:/home/REMOTE_USER/data/ /mnt/data/ fuse            IdentityFile=/home/LOCAL_USER/.ssh/THEKEY,uid=LOCAL_UID,gid=LOCAL_GID,users,idmap=user,noatime,allow_other,_netdev,auto_cache,reconnect     0 0
sshfs fstab mount with SSH key

Just do:

# mount -a
Time to mount !

SSHFS mount in /etc/fstab with a password using sshpass

First install sshpass, on debian (for other OS do a research, it shouldn’t be hard):

apt-get update && apt-get install sshpass
Install sshpass on debian

This time the important parameter is ssh_command=/home/LOCAL_USER/passwd.sh it’s just a simple script that will do the trick.

sshfs#REMOTE_USER@REMOTE_HOST:/home/REMOTE_USER/data/ /mnt/data/ fuse            ssh_command=/home/LOCAL_USER/passwd.sh,uid=LOCAL_UID,gid=LOCAL_GID,users,idmap=user,noatime,allow_other,_netdev,auto_cache,reconnect     0 0
sshfs fstab mount with only a password

Make sure now to edit the file for the ssh_command, here /home/LOCAL_USER/passwd.sh, simply change REMOTE_PASSWORD to the right password.

#!/bin/bash

sshpass -p REMOTE_PASSWORD ssh $*
Content of /home/LOCAL_USER/passwd.sh

Make it safer !

# chown LOCAL_USER:LOCAL_USER /home/LOCAL_USER/passwd.sh && chmod 700 /home/LOCAL_USER/passwd.sh
Make it safer !

And now it’s time to mount:

# mount -a
Time to mount !

Debugging

Probably it won’t all go well, wether you set the wrong password, the wrong key or whatever, if so just add the following options debug,sshfs_debug into your fstab:

sshfs#REMOTE_USER@REMOTE_HOST:/home/REMOTE_USER/data/ /mnt/data/ fuse            debug,sshfs_debug,ssh_command=/home/user/passwd.sh,uid=LOCAL_UID,gid=LOCAL_GID,users,idmap=user,noatime,allow_other,_netdev,auto_cache,reconnect     0 0
sshfs example with debug options

Conclusion

Well, not much to add, it’s pretty much useful to use SSHFS but it can be tricky, obviously, do prefer the SSH key method.

How to mount via autofs

Hey,

here’s how to use autofs, it’s quite a good soft to be sure you mount filesystems anytime, it’s also useful to unmount them when you don’t need them (less uptime for the disk and you can save the planet this way).
First install the correct package:

# aptitude install autofs
Install autofs

Then create the few directories:

# mkdir /etc/auto.map.d /etc/auto.master.d /mnt/autofs
Create directories

Now it’s time to do some configuration, so edit /etc/auto.master.d/master.autofs:

/mnt/autofs /etc/auto.map.d/master.autofs
Content of /etc/auto.master.d/master.autofs

Finally, simply set the mount(s) you want in /etc/auto.map.d/master.autofs (one per line) :

# <directory name (will be in /mnt/autofs)> <options such as filesystem, uid/gid ...> <what you mount>
boxshare -fstype=cifs,defaults,_netdev,uid=1000,gid=1000,user=nobody,password= ://192.168.1.1/myshare
Content of /etc/auto.map.d/master.autofs

There you can notice I just have one mount, a cifs one, the mount directory will be /mnt/autofs/boxshare.

Now restart autofs and check if it’s mounted!

# service autofs restart
# ls /mnt/autofs/boxshare
Start it up !

If when you “ls” the directory it fails, then stop autofs and troubleshoot it this way:

# service autofs stop
# automount -f -v
Troubleshooting

You’ll probably get this error:

Starting automounter version 5.0.7, master map /etc/auto.master
using kernel protocol version 5.02
lookup(file): failed to read included master map auto.master
mounted indirect on /mnt/autofs with timeout 300, freq 75 seconds
Error

To fix it, simply open /etc/auto.master an comment the last line, so it should look like that:

#
# Sample auto.master file
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# For details of the format look at autofs(5).
#
#/misc /etc/auto.misc
#
# NOTE: mounts done from a hosts map will be mounted with the
# "nosuid" and "nodev" options unless the "suid" and "dev"
# options are explicitly given.
#
#/net -hosts
#
# Include /etc/auto.master.d/*.autofs
#
+dir:/etc/auto.master.d
#
# Include central master map if it can be found using
# nsswitch sources.
#
# Note that if there are entries for /net or /misc (as
# above) in the included master map any keys that are the
# same will not be seen as the first read key seen takes
# precedence.
#
#+auto.master
Fixing it

Now you restart autofs and it should work !

If not, do the troubleshooting again 🙂
Cheers !