Blog roll
R-bloggers, Debian Weekly![[Valid RSS]](valid-rss-rogers.png "Validate my RSS feed")
Last modified:
oktober 17, 2019
Problem: move all services (VPN, DHCP, DNS, SMTP, IMAP, LDAP, HTTP, and some cron jobs) from my server to a brand new raspberry pi. Thanks to Fredrik Lindblad for giving my the raspberry pi!
If you can read this, then at least the HTTP server runs OK on my raspberry pi.
apt-get install mc rsync
I also added a ssh-key so I could log in to the old-server.
--gid and --uid as on the old server/etc/ssh/sshd_config.GatewayPorts yes
apt-get install dnsmasq
Edit /etc/network/interfaces to hold a static stanza for eth0.
# The primary network interface auto eth0 iface eth0 inet static address 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.254 dns-nameservers 8.8.8.8 8.8.4.4
Going from dhcp to a static address is slightly problematic when you do not have local access, since you cannot properly release the current dhcp-lease (if you did, then your session would be dead). And when you put down the old server, you will still have its IP in /etc/resolv.conf.
Use the /etc/dnsmasq.conf from the old server, but search and replace all instances if the old servers IP, and put you own IP there.
My first login to the new server after rebooting looked ok, until I noticed that I was logged in to localhost.
This happens because the server, which is dns-server, resolves its own hostname to 127.0.0.1, and returns that to the client. To fix that, use the no-hosts and the address directive in /etc/dnsmasq.conf.
# If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. no-hosts # Add domains which you want to force to an IP address here. # The example below send any host in doubleclick.net to a local # webserver. #address=/doubleclick.net/127.0.0.1 address=/server/192.168.0.2
Firstly, I tried to copy everything from the old server, but it turned out that only the configuration of exim is worthwile to copy.
I already have given concise instructions for installing exim with spamassassin here, and it is faster do follow them than to figure out what to copy.
Here I only list the problems I met.
This is bug 610918 in combination with raspberry pi having not enabled IPv6 by default.
Solution: enable IPv6, which raspberry pi should have had enabled by default.
echo "ipv6" >> /etc/modules
The old server had a FQDN that was in dc_primary_hostname /etc/exim/update-exim4.conf.conf. The new server has another hostname, so I had to add the hostname that senders use to reach me by mail to the list dc_other_hostnames in /etc/exim/update-exim4.conf.conf. To debug, I used swaks. This feels great, since I no longer need any special lines in /etc/hosts.
dc_other_hostnames='sociologi.cjb.net : code.cjb.net'
dpkg -l | grep ^ii | grep dovecot | mawk {'print $2'} > install.these
apt-get install `ssh code.cjb.net cat install.these`
That actually installed unecessary packages. Remove
apt-get --purge remove dovecot-sieve dovecot-pgsql dovecot-mysql dovecot-gssapi dovecot-sqlite dovecot-ldap
Dovecot has changed its configuration so much, that it was easier to start with a fresh configuration. Two steps needed to get it working:
Pam-authentication
cp /etc/dovecot/conf.d/auth-system.conf.ext /etc/dovecot/conf.d/auth-system.conf
Set a namespace by creating a new file /etc/dovecot/local.conf, with the following contents:
namespace inbox {
inbox = yes
}
apt-get install slapd dpkg-reconfigure slapd
Fill in the same dc as you have in the database you will migrate to the new server.
Since raspberry pi runs debian Wheezy, and the old server ran debian Squeeze, I could not simply backup /var/lib/ldap with tar and use that on the new server.
But this was a good thing, because now I learned a more portable way of migrating ldap-data.
## On the old server /etc/init.d/slapd stop slapcat -v -b "cn=admin,dc=hans-vita,dc=net" -l backup.ldif
## On the new server ## Not shown: make the backup.ldif available first, I use =scp=. /etc/init.d/slapd stop cd /var/lib/ldap rm -rf * slapadd -l /root/backup.ldif chown openldap:openldap * /etc/init.d/slapd start
Again, when I initially set up this server, "hans-vita" was the hostname of the server, now I know that ldap works with any dc, so, just as in the exim case, I now run a server which can have any name (as long as clients use this name in their URI line in their /etc/ldap/ldap.conf.
URI ldap://code.cjb.net
This works both inside and outside of my LAN, since dnsmasq running on the server returns 192.168.0.2 for queries about code.cjb.net. I have extended dnsmasq.conf for this purpose.
# Add domains which you want to force to an IP address here. # The example below send any host in doubleclick.net to a local # webserver. #address=/doubleclick.net/127.0.0.1 address=/raspberrypi/192.168.0.2 address=/code/192.168.0.2 address=/code.cjb.net/192.168.0.2 address=/sociologi/192.168.0.2 address=/sociologi.cjb.net/192.168.0.2
## Get a list of installed packages relating to apache ## Run this at the old server dpkg -l | grep ^ii | grep apache | mawk {'print $2'} > install.these
## Install (run this at the new server) apt-get install `ssh code.cjb.net cat install.these`
Problems
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
Which I have written about here.
However, this time I will copy all configuration from the old server, so I will not need to fiddle with this manually.
Turns out that javascript-common is required, but not included in the packages in install.these, nor definied as a dependency in any of them. So a manual install is warranted.
## Syncing of /etc/apache2 not shown apt-get install javascript-common
archivemailmy.fetchmail (now moved to $HOME/annex/bin)$HOME/annex on my new server is a already registred repo (it's an external USB-drive that I now use as $HOME). Solution: manually edit ~/annex/.git/config so that this repo looks just like other ssh repos.$HOME/annex.The raspberry pi has 256 MB RAM, which is quite sufficient for my purposes. Here is the output of my previously mentioned Dæmon RAM usage overview.
35400 spamd child 33948 /usr/sbin/spamd --create-prefs --max-children 5 32000 spamd child 10768 /usr/sbin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --hush 2560 dovecot/config 1924 /usr/sbin/console-kit-daemon --no-daemon 1660 /usr/bin/python /usr/sbin/greylistd 1596 /usr/sbin/apache2 -k start 1220 /usr/sbin/apache2 -k start 1216 /usr/lib/policykit-1/polkitd --no-debug 1028 /usr/sbin/rsyslogd -c5 860 /usr/sbin/slapd -h ldap:/// ldapi:/// 704 /usr/sbin/ntpd -p /var/run/ntpd.pid -g 636 /usr/sbin/apache2 -k start 628 /usr/sbin/sshd 564 dovecot/log 536 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf 476 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u 380 /usr/sbin/exim4 -bd -q30m 276 /usr/sbin/cron 208 /sbin/getty 38400 tty6 196 /sbin/getty -L ttyAMA0 115200 168 /sbin/getty 38400 tty3 128 /sbin/getty 38400 tty5 120 /sbin/getty 38400 tty4 116 /usr/sbin/ifplugd -i lo -q 116 /usr/sbin/ifplugd -i eth0 -q 104 /sbin/getty --noclear 38400 tty1 104 /sbin/getty 38400 tty2 88 udevd --daemon 80 udevd --daemon 76 udevd --daemon