bgallet
/
0k-charms
forked from 0k/0k-charms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
fork 0k-charms
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
433 Commits
35 Branches
0 Tags
41 MiB
Tree: 1ee8e434cb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1ee8e434cb'
${ noResults }
0k-charms/rsync-backup-target/README.org

85 lines
2.6 KiB
Raw Normal View History

new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
  1. #+PROPERTY: Effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d
  2. #+PROPERTY: Max_effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d
  3. #+PROPERTY: header-args:python :var filename=(buffer-file-name)
  4. #+PROPERTY: header-args:sh :var filename=(buffer-file-name)
  5. #+TODO: TODO WIP BLOCKED | DONE CANCELED
  6. #+LATEX_HEADER: \usepackage[margin=0.5in]{geometry}
  7. #+LaTeX_HEADER: \hypersetup{linktoc = all, colorlinks = true, urlcolor = DodgerBlue4, citecolor = PaleGreen1, linkcolor = blue}
  8. #+LaTeX_CLASS: article
  9. #+OPTIONS: H:8 ^:nil prop:("Effort" "Max_effort") tags:not-in-toc
  10. #+COLUMNS: %50ITEM %Effort(Min Effort) %Max_effort(Max Effort)
  12. #+TITLE: rsync-backup-target
  14. #+LATEX: \pagebreak
  16. Usage of this service
  18. #+LATEX: \pagebreak
  20. #+LATEX: \pagebreak
  23. * Configuration example
  26. #+begin_src yaml
  27. rsync-backup-target:
  28. # docker-compose:
  29. # ports:
  30. # - "10023:22"
  31. options:
  32. admin: ## These keys are for the allowed rsync-backup to write stuff with rsync
  33. myadmin:
  34. - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDESdz8bWtVcDQJ68IE/KpuZM9tAq\
  35. ZDXGbvEVnTg16/yWqBGQg0QZdDjISsPn7D3Zr64g2qgD9n7EZghfGP9TkitvfrBYx8p\
  36. 7JkkUyt8nxklwOlKZFD5b3PF2bHloSsmjnP8ZMp5Ar7E+tn1guGrCrTcFIebpVGR3qF\
  37. hRN9AlWNR+ekWo88ZlLJIrqD26jbWRJZm4nPCgqwhJwfHE3aVwfWGOqjSp4ij+jr2ac\
  38. Arg7eD4clBPYIqKlqbfNRD5MFAH9sbB6jkebQCAUwNRwV7pKwCEt79HnCMoMjnZh6Ww\
  39. 6TlHIFw936C2ZiTBuofMx7yoAeqpifyzz/T5wsFLYWwSnX rsync@zen"
  40. #+end_src
  42. ** Adding new keys for backup
  44. This can be done through the admin accounts configured in =compose.yml=.
  46. You can use then =ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key=:
  48. #+begin_example
  49. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls
  50. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key add "ssh-rsa AAA...Jdhwhv rsync@sourcelabel"
  51. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls
  52. ..Jdhwhv sourcelabel
  53. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key rm sourcelabel
  54. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls
  55. $
  56. #+end_example
  59. * Troubleshooting
  61. ** Faking access from client
  63. This should work:
  65. #+begin_src sh
  66. RSYNC_BACKUP_TARGET_IP=172.18.0.2
  67. rsync -azvA -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \
  68. /tmp/toto "$RSYNC_BACKUP_TARGET":/var/mirror/client1
  69. #+end_src
  71. ** Direct ssh access should be refused
  73. #+begin_src sh
  74. RSYNC_BACKUP_TARGET_IP=172.18.0.2
  75. ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
  76. "$RSYNC_BACKUP_TARGET"
  77. #+end_src
  79. ** Wrong directory should be refused
  81. #+begin_src sh
  82. RSYNC_BACKUP_TARGET_IP=172.18.0.2
  83. rsync -azvA -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \
  84. /tmp/toto "$RSYNC_BACKUP_TARGET":/var/mirror/client2
  85. #+end_src