Friday, September 3, 2021

Migrating TrueNAS / FreeNAS Virtual Machines to Proxmox

Purpose : I'm migrating from TrueNAS Core to TrueNAS Scale and underlying OS has change from FreeBSD to Debian. This means they've changed from using the FreeBSD Bhyve Hypervisor to Debian with KVM. 

I want to migrate to the new system with as little downtime as possible, I host a couple of things locally which I don't want to be down to long.

Pre-Req

We use a program called qemu-img to conver the raw VM disk images to qcow2. On my TrueNAS install the external sources were disable and local were enabled. To install the program I enabled the external and disable local temporarily 
  1. SSH to TrueNAS server
    1. nano /usr/local/etc/pkg/repos/local.conf 
      1. change enabled: no
    2. nano nano /usr/local/etc/pkg/repos/FreeBSD.conf
      1. change enabled: yes
    3. pkg install qemu-utils
    4. If it asks you to update your pkg package say no
    5. Remember to change back the sources to the original when qemu-utils have been installed.

Exporting VM from TrueNAS 12

  • SSH to your TrueNAS Server
  • change to /dev/zvol
  • change to your folder where the VMs are stored. As an example mine is /dev/zvol/SSD-Data
  • ls the directory to get the vm names, as an example i have openproject
  • run qemu-img convert -f raw -O qcow2 openproject /mnt/SSD-Data/openproject.qcow2
NOTE: you will need to output your qcow2 file to the /mnt/<folder> or else it'll fail if you try to store in /dev/zvol/<folder>

Importing VM to Proxmox


Copy file to Proxmox

  • SSH into proxmox 
  • create folder /root/vm.import
  • Copy the exported qcow2 file to the proxmox server /root/vm.import directory
For the copying I used WINSCP program to copy the file locally and then uploaded to the proxmox server

Build destination VM 

There needs to be a Virtual Machine created before importing so you can get the VM ID number.
Create a VM with the required specs
NOTE: For my TrueNAS VM's I need to create a VM with BIOS of OVMF (UEFI) since that's how they were built on the TrueNAS Server.

Once the server is build you can remove the hard disk which was created with it. 

Importing VM Disk

  • SSH to proxmox
  • change to /root/vm.import
    • run qm importdisk <vm id> <diskname> <proxmox storage>
    • example qm importdisk 104 openproject.qcow2 QNAP
      • QNAP is the storage name on proxmox
      • 104 is the VM ID of the new VM i created
  • When the transfer is 100% and successful you can continue.
  • remember the name of the file: i.e. QNAP:104/vm-104-disk-0.raw

Attaching the VM Disk

  • SSH into proxmox
  • type qm set <vm id> --scsi0 <vm image name>
    • example : qm set 104 --scsi0 QNAP:104/vm-104-disk-0.raw
NOTE:If you get an error with booting the machine you may need to change the boot device like I did.

Changing Boot Order

  • SSH to proxmox
  • cd etc/pve/qemu-server
  • nano <server id>.conf
    • example nano 104.conf
  • change boot: order=ide2;net0 to boot: order=scsi0
  • save file
  • start virtual machine

Updating Network

Depending on your virtual machine you may need to change the network.
Im using ubuntu 18 and 20 and the network adapter has changed from enp0s4 to ens18
  • ssh into virtual machine
  • find new network name
    • type dmesg | grep eth
    • this will show what the network has changed to. 
      • example virtio_net virtio2 ens18: renamed from eth0
  • nano /etc/netplan/<filename>.yaml
    • example : sudo nano /etc/netplan/50-cloud-init.yaml
  • change the ethernet name from the old to the new 
    • example change enp0s4 to ens18
    • save and exit
  • Make sure the old system is powered off then....
  • type sudo netplan apply

REFERENCES : 

Friday, August 27, 2021

How to Install bareos in a TrueNAS/FreeBSD Jail with bareos-webui

*NOTE: These are quick notes for when I've been installing the software - they're not extensive, its more for record and to help anyway else.

Software : bareos

Planform : TrueNAS CORE 12.0-U5

Jail : Release 12.2

Purpose : Backup local virtual machines and remote computers/files/sql

Login to Jail

  1. SSH to TrueNAS 
  2. type iocage list
  3. find the jail and type iocage console <name> i.e. iocage console bareos

Install pre-reqs

  1. pkg install -y wget postgresql12-server libxml2 nano php74 curl ZendFramework-php74 mod_php74
  2. Setup postgresql
    1. sysrc postgresql_enable=yes
    2. /usr/local/etc/rc.d/postgresql initdb
    3. service postgresql start
  3. Setup php
    1. ln -s /usr/local/etc/php.ini-production /usr/local/etc/php.ini
    2. sysrc php_fpm_enable=yes
    3. service php-fpm start
  4. Edit /usr/local/etc/php.ini
    1. nano /usr/local/etc/php.ini
    2. Under the section ;Paths and Directories add
      1. include_path = ".:/usr/local/share/ZendFramework/library"
    3. service php-fpm restart

Install bareos

  1. Install bareos using script below
    1. nano install_bareos.sh (copy paste script below)
    2. chmod +x install_bareos.sh
    3. ./install_bareos.sh

<<SCRIPT>> - start

#!/bin/sh

# See https://download.bareos.org/bareos/release/
# for applicable releases and distributions

DIST=FreeBSD_12.2
# or
# DIST=FreeBSD_12.1
# DIST=FreeBSD_11.4

RELEASE=release/20
# or
# RELEASE=experimental/nightly

URL=https://download.bareos.org/bareos/$RELEASE/$DIST

# add the Bareos repository
cd /etc/pkg
wget -q $URL/bareos.conf

# install Bareos packages
pkg install --yes bareos.com-director bareos.com-storage bareos.com-filedaemon bareos.com-database-postgresql bareos.com-bconsole

# setup the Bareos database
su postgres -c /usr/lib/bareos/scripts/create_bareos_database
su postgres -c /usr/lib/bareos/scripts/make_bareos_tables
su postgres -c /usr/lib/bareos/scripts/grant_bareos_privileges

# enable services
sysrc bareosdir_enable=YES
sysrc bareossd_enable=YES
sysrc bareosfd_enable=YES

# start services
service bareos-dir start
service bareos-sd start
service bareos-fd start

<<SCRIPT>> - end

 

Post Install Tasks

  1. Update bconsole password
  2. Copy password cat /usr/local/etc/bareos/bareos-dir.d/director/bareos-dir.conf
  3. Insert into /usr/local/etc/bareos/bconsole.conf
  4. test by typing bconsole should show successful connection
Installing bareos web-ui (apache24)
  1. pkg install -y apache24
  2. sysrc apache24_enable=yes
  3. service apache24 start
    1. NOTE * If you get an error talking about "Could not reliably determine the servers's fully qualified domain name" you'll need to edit /usr/local/etc/apache24/httpd.conf and search for ServerName and update as directed. i.e. i didn't have a FQDN so put my local ip address.
  4. pkg install -y bareos-webui
  5. edit /usr/local/etc/apache24/httpd.conf
    1. backup defeault httpd.conf mv /usr/local/etc/apache24/httpd.conf /usr/local/etc/apache24/httpd.conf.bck
    2. Create new httpd.conf file nano httpd.conf
      1. add the below test and edit the ServerName to reflect the servers IP
    3. restart the service service apache24 restart
    4. open a broswers and go to http://<serverip>/bareos-webui
    5. Login with
      1. username : admin
      2. password : admin
      3. NOTE* if you get a login error 
        1. run bconsole
        2. run reload
      4. try logging back in
  6. Update BackupCatalog job to refresh bvfs cache - this is to show the files within the webui there is an issue if you don't run this after the job that no files show up.
    1. nano /usr/local/etc/bareos/bareos-dir.d/job/BackupCatalog.conf
    2. under RunAfterJob input the following.
  Run Script {
    Console = ".bvfs_update"
    RunsWhen = After
    RunsOnClient = No
  }

NOTE : Changing the ALIAS within the httpd.conf file from bareos-webui breaks the rewrite you'll also need to update the RewriteBase value in httpd.conf to.

FILE httpd.conf

ServerRoot "/usr/local"
Listen 80


LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
LoadModule filter_module libexec/apache24/mod_filter.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
LoadModule headers_module libexec/apache24/mod_headers.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
<IfModule !mpm_prefork_module>
        #LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
        #LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
LoadModule dir_module libexec/apache24/mod_dir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule php7_module        libexec/apache24/libphp7.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so

 


# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf

User www
Group www

ServerAdmin you@example.com
ServerName 192.168.1.210

# Bareos WebUI Apache configuration file
#

# Environment Variable for Application Debugging
# Set to "development" to turn on debugging mode or
# "production" to turn off debugging mode.
<IfModule env_module>
        SetEnv "APPLICATION_ENV" "production"
</IfModule>

Alias /bareos-webui  /usr/local/www/bareos/public

<Directory /usr/local/www/bareos/public>

        Options FollowSymLinks
        AllowOverride None

        # Following module checks are only done to support
        # Apache 2.2,
        # Apache 2.4 with mod_access_compat and
        # Apache 2.4 without mod_access_compat
        # in the same configuration file.
        # Feel free to adapt it to your needs.

        # Apache 2.4
        <IfModule mod_authz_core.c>
                <IfModule mod_access_compat.c>
                    Order deny,allow
                </IfModule>
                Require all granted
        </IfModule>

        <IfModule mod_rewrite.c>
                RewriteEngine on
                RewriteBase /bareos-webui
                RewriteCond %{REQUEST_FILENAME} -s [OR]
                RewriteCond %{REQUEST_FILENAME} -l [OR]
                RewriteCond %{REQUEST_FILENAME} -d
                RewriteRule ^.*$ - [NC,L]
                RewriteRule ^.*$ index.php [NC,L]
        </IfModule>

        <IfModule mod_php5.c>
                php_flag magic_quotes_gpc off
                php_flag register_globals off
        </IfModule>

<IfModule dir_module>
    DirectoryIndex index.php
</IfModule>



</Directory>

<Files ".ht*">
    Require all denied
</Files>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd-error.log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "/var/log/httpd-access.log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "/var/log/httpd-access.log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock cgisock
</IfModule>

#
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/www/apache24/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA
    #
    RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig etc/apache24/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile etc/apache24/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited

#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on

# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.

# Server-pool management (MPM specific)
#Include etc/apache24/extra/httpd-mpm.conf

# Multi-language error messages
#Include etc/apache24/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
#Include etc/apache24/extra/httpd-autoindex.conf

# Language settings
#Include etc/apache24/extra/httpd-languages.conf

# User home directories
#Include etc/apache24/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include etc/apache24/extra/httpd-info.conf

# Virtual hosts
#Include etc/apache24/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include etc/apache24/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include etc/apache24/extra/httpd-dav.conf

# Various default settings
#Include etc/apache24/extra/httpd-default.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include etc/apache24/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections
#Include etc/apache24/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

Include etc/apache24/Includes/*.conf

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>