fork 0k-charms
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

85 lines
2.6 KiB

  1. #+PROPERTY: Effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d
  2. #+PROPERTY: Max_effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d
  3. #+PROPERTY: header-args:python :var filename=(buffer-file-name)
  4. #+PROPERTY: header-args:sh :var filename=(buffer-file-name)
  5. #+TODO: TODO WIP BLOCKED | DONE CANCELED
  6. #+LATEX_HEADER: \usepackage[margin=0.5in]{geometry}
  7. #+LaTeX_HEADER: \hypersetup{linktoc = all, colorlinks = true, urlcolor = DodgerBlue4, citecolor = PaleGreen1, linkcolor = blue}
  8. #+LaTeX_CLASS: article
  9. #+OPTIONS: H:8 ^:nil prop:("Effort" "Max_effort") tags:not-in-toc
  10. #+COLUMNS: %50ITEM %Effort(Min Effort) %Max_effort(Max Effort)
  11. #+TITLE: rsync-backup-target
  12. #+LATEX: \pagebreak
  13. Usage of this service
  14. #+LATEX: \pagebreak
  15. #+LATEX: \pagebreak
  16. * Configuration example
  17. #+begin_src yaml
  18. rsync-backup-target:
  19. # docker-compose:
  20. # ports:
  21. # - "10023:22"
  22. options:
  23. admin: ## These keys are for the allowed rsync-backup to write stuff with rsync
  24. myadmin:
  25. - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDESdz8bWtVcDQJ68IE/KpuZM9tAq\
  26. ZDXGbvEVnTg16/yWqBGQg0QZdDjISsPn7D3Zr64g2qgD9n7EZghfGP9TkitvfrBYx8p\
  27. 7JkkUyt8nxklwOlKZFD5b3PF2bHloSsmjnP8ZMp5Ar7E+tn1guGrCrTcFIebpVGR3qF\
  28. hRN9AlWNR+ekWo88ZlLJIrqD26jbWRJZm4nPCgqwhJwfHE3aVwfWGOqjSp4ij+jr2ac\
  29. Arg7eD4clBPYIqKlqbfNRD5MFAH9sbB6jkebQCAUwNRwV7pKwCEt79HnCMoMjnZh6Ww\
  30. 6TlHIFw936C2ZiTBuofMx7yoAeqpifyzz/T5wsFLYWwSnX rsync@zen"
  31. #+end_src
  32. ** Adding new keys for backup
  33. This can be done through the admin accounts configured in =compose.yml=.
  34. You can use then =ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key=:
  35. #+begin_example
  36. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls
  37. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key add "ssh-rsa AAA...Jdhwhv rsync@sourcelabel"
  38. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls
  39. ..Jdhwhv sourcelabel
  40. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key rm sourcelabel
  41. $ ssh myadmin@$RSYNC_BACKUP_TARGET ssh-key ls
  42. $
  43. #+end_example
  44. * Troubleshooting
  45. ** Faking access from client
  46. This should work:
  47. #+begin_src sh
  48. RSYNC_BACKUP_TARGET_IP=172.18.0.2
  49. rsync -azvA -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \
  50. /tmp/toto "$RSYNC_BACKUP_TARGET":/var/mirror/client1
  51. #+end_src
  52. ** Direct ssh access should be refused
  53. #+begin_src sh
  54. RSYNC_BACKUP_TARGET_IP=172.18.0.2
  55. ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
  56. "$RSYNC_BACKUP_TARGET"
  57. #+end_src
  58. ** Wrong directory should be refused
  59. #+begin_src sh
  60. RSYNC_BACKUP_TARGET_IP=172.18.0.2
  61. rsync -azvA -e "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \
  62. /tmp/toto "$RSYNC_BACKUP_TARGET":/var/mirror/client2
  63. #+end_src