|
@ -39,6 +39,7 @@ rsync-backup-target: |
|
|
6TlHIFw936C2ZiTBuofMx7yoAeqpifyzz/T5wsFLYWwSnX rsync@zen" |
|
|
6TlHIFw936C2ZiTBuofMx7yoAeqpifyzz/T5wsFLYWwSnX rsync@zen" |
|
|
#+end_src |
|
|
#+end_src |
|
|
|
|
|
|
|
|
|
|
|
* ssh API |
|
|
** Adding new keys for backup |
|
|
** Adding new keys for backup |
|
|
|
|
|
|
|
|
This can be done through the admin accounts configured in =compose.yml=. |
|
|
This can be done through the admin accounts configured in =compose.yml=. |
|
@ -57,6 +58,8 @@ $ |
|
|
|
|
|
|
|
|
** Requesting a recover only key |
|
|
** Requesting a recover only key |
|
|
|
|
|
|
|
|
|
|
|
*** as an admin |
|
|
|
|
|
|
|
|
As an admin, by requesting a recover-only key on an ident that you |
|
|
As an admin, by requesting a recover-only key on an ident that you |
|
|
own, you are allowed to read (and only read) the content of the given |
|
|
own, you are allowed to read (and only read) the content of the given |
|
|
ident. This will allow you to give the credentials to any new host to |
|
|
ident. This will allow you to give the credentials to any new host to |
|
@ -73,6 +76,25 @@ $ rsync -e "ssh -p 22 -i /tmp/private_key -l rsync" \ |
|
|
|
|
|
|
|
|
This key will expire after 15 mn of the last recovery. |
|
|
This key will expire after 15 mn of the last recovery. |
|
|
|
|
|
|
|
|
|
|
|
*** as a standard backup account |
|
|
|
|
|
|
|
|
|
|
|
With a standard backup account, you can log on as =rsync= user and |
|
|
|
|
|
request without any arguments a recovery key. Indeed, every standard |
|
|
|
|
|
backup account is tied to one backup identifier only. So the recover |
|
|
|
|
|
key received will be for this backup identifier only. |
|
|
|
|
|
|
|
|
|
|
|
You'll probably want to use the received key from another computer to |
|
|
|
|
|
restore the backup for instance. |
|
|
|
|
|
|
|
|
|
|
|
#+begin_example |
|
|
|
|
|
$ ssh rsync@$RSYNC_BACKUP_TARGET request-recovery-key > /tmp/private_key |
|
|
|
|
|
$ chmod 500 /tmp/private_key |
|
|
|
|
|
$ rsync -e "ssh -p 22 -i /tmp/private_key -l rsync" \ |
|
|
|
|
|
-azvArH --delete --delete-excluded \ |
|
|
|
|
|
--partial --partial-dir .rsync-partial \ |
|
|
|
|
|
--numeric-ids $RSYNC_BACKUP_TARGET:/var/mirror/myident/etc/ /tmp/etc |
|
|
|
|
|
#+end_example |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Troubleshooting |
|
|
* Troubleshooting |
|
|
|
|
|
|
|
|