forked from 0k/0k-charms
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Valentin Lab
a0a5679117
|
4 years ago | |
---|---|---|
.. | ||
build | 4 years ago | |
hooks | 4 years ago | |
resources/bin | 4 years ago | |
README.org | 4 years ago | |
metadata.yml | 4 years ago |
README.org
rsync-backup-target
Usage of this service
Configuration example
rsync-backup-target: # docker-compose: # ports: # - "10023:22" options: admin: ## These keys are for the allowed rsync-backup to write stuff with rsync myadmin: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDESdz8bWtVcDQJ68IE/KpuZM9tAq\ ZDXGbvEVnTg16/yWqBGQg0QZdDjISsPn7D3Zr64g2qgD9n7EZghfGP9TkitvfrBYx8p\ 7JkkUyt8nxklwOlKZFD5b3PF2bHloSsmjnP8ZMp5Ar7E+tn1guGrCrTcFIebpVGR3qF\ hRN9AlWNR+ekWo88ZlLJIrqD26jbWRJZm4nPCgqwhJwfHE3aVwfWGOqjSp4ij+jr2ac\ Arg7eD4clBPYIqKlqbfNRD5MFAH9sbB6jkebQCAUwNRwV7pKwCEt79HnCMoMjnZh6Ww\ 6TlHIFw936C2ZiTBuofMx7yoAeqpifyzz/T5wsFLYWwSnX rsync@zen"
Adding new keys for backup
This can be done through the admin accounts configured in compose.yml
.
You can use then ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key
:
$ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key add "ssh-rsa AAA...Jdhwhv rsync@sourcelabel" $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls ..Jdhwhv sourcelabel $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key rm sourcelabel $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls $
Troubleshooting
Faking access from client
This should work:
RSYNC_BACKUP_TARGET_IP=172.18.0.2 rsync -azvA -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ /tmp/toto "$RSYNC_BACKUP_TARGET":/var/mirror/client1
Direct ssh access should be refused
RSYNC_BACKUP_TARGET_IP=172.18.0.2 ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \ "$RSYNC_BACKUP_TARGET"
Wrong directory should be refused
RSYNC_BACKUP_TARGET_IP=172.18.0.2 rsync -azvA -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ /tmp/toto "$RSYNC_BACKUP_TARGET":/var/mirror/client2