Tag Archives: systemd

Crashplan PROe on CentOS 7

SELINUX

First thing we are going to do is set selinux to allow the two ports in use by CrashPlan (4280 and 4282)

semanage port -a -t http_port_t -p tcp 4280
semanage port -a -t http_port_t -p tcp 4282

FIREWALL

Next we want to edit the rules for firewalld to allow the CrashPlan ports. To do so we create a new service for CrashPlan and add that service to the public zone.

Create a new file:
/etc/firewall/services/crashplan.xml

Add the following lines:

<?xml version="1.0" encoding="utf-8"?>
<service>
<short>CrashPlan</short>
<description>CrashPlan Service</description>
<port protocol="tcp" port="4280"/>
<port protocol="tcp" port="4282"/>
</service>

Next edit the file:
/etc/firewalld/zones/public.xml

Append the following line:
<service name="crashplan"/>

We need to restart the firewall after changing the rules.

systemctl restart firewalld

SYSTEMD

CentOS 7 has moved to systemd, so instead of using init scripts we are going to create a systemd service. This will allow us to use systemd to stop and start the CrashPlan service.

First remove the legacy scripts from init.d created during installation

rm /etc/rc3.d/S99proserver
rm /etc/init.d/proserver

Create a systemd service file:
/etc/systemd/system/proserver.service

Add the following lines:
[Unit]
Description=CrashPlanEngine
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/opt/proserver/bin/proserver start
ExecStop=/opt/proserver/bin/proserver stop

[Install]
wantedBy=multi-user.target

Enable the service to start on boot

systemctl enable proserver

Sysdig as a systemd service

Ran into an issue with a firewall on my CentOS7 system. In an attempt to diagnose the problem I wanted to gather as much info as possible.

A great tool to do so is sysdig https://github.com/draios/sysdig Sysdig can be considered the tcpdump for linux systems, providing a data capture of all low level system operations. In the past I had only run sysdig as a process, capturing events as I replicate an issue.

In this current case, my issue was occurring on reboot and was related to the firewall service. In order for sysdig to capture the event data for that slice of time, I had to enable it to run and capture at boot. To do so I created the following systemd service located in /etc/systemd/system/sysdig.service


[Unit]
Description=sysdig Service
After=network-pre.target

[Service]
Type=simple
User=root
ExecStart=/usr/bin/sysdig -w /var/log/sysdig.dump
Restart=on-abort

[Install]
WantedBy=multi-user.target

Resource: http://www.freedesktop.org/software/systemd/man/

The advantages to having a sysdig service

To troubleshoot on boot I can run:
sudo systemctl enable sysdig

After reboot I can stop sysdig and disable it from running on my next boot

systemctl stop sysdig
systemctl disable sysdig

The dump file is saved to /var/log

sysdig -r /var/log/sysdig.dump

This is just a starting point and can be taken much further; such as:

1. reading in a sysdig.conf file to allow for setting up a capture filter
2. versioning dump files
3. scheduling to prevent enormous captures on reboot

Code added to github: https://github.com/mdevans1/scripts/blob/master/sysdig.service