-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deployment process incomplete #46
Comments
Hello @sitemapxml, Thank you for your excellent report and for describing us all your problems with the deployment function. It is really piece of very good job. Thank you. Your steps to deploy Bacularis are correct. I did re-test on my side and I am seeing that you found a bug in the deployment function. It happens if there is used SSH key without passphrase together with SUDO option. I prepared a fix for that. The patch you can find here. It is for version bugfix_bacularis_issue_46_deploy_with_ssh_key_and_sudo.patch.txt If you want you can try it. To apply it, you need to do the following steps on the host with Bacularis Web:
Here you can find my answers on your questions: For 1) For your idea about adding connectin test command, I think it is really good idea. I will add to task to do. Thank you. For 2) For 3) If you try this patch, please let us know if it helped. This change will be added to repository soon, after performing more detailed tests. Best regards, |
…h sudo option This bug has been reported by @sitemapxml in bacularis-app repository. bacularis/bacularis-app#46
Hello @sitemapxml I am letting know that I added to the troubleshooting chapter in Bacularis docs information about how to use the deployment SSH keys to other purposes than Bacularis. https://bacularis.app/doc/brief/troubleshooting.html#how-to-use-deployment-ssh-key-to-other-purposes I also created a feature request for your idea about the connection test function: At the end I am glad to let know that the fix for this current issue has been tested with success and the patch (in unmodified form) has been added to the Thank you again. Best regards, |
Hello @ganiuszka |
This issue should cover a few possible problems related to the deployment process.
Since they are closely interconnected, I will put them in one single issue.
The description will be quite a long, but I didn't manage to shorten it, and I think it is better to be more detailed, especially given that the main issue it really strange.
The main problem is that Bacularis is unable to create additional repository lists on a remote machine, despite the fact that it can access the remote machine.
The Bacularis version is latest
3.0.1
and both server and client are using Debian 12 Bookworm. The OS profile was created with appropriate Bookworm repository links and paths were corrected for deploy from bacula.org, along with package names.These are the steps I used to reproduce the issue:
ssh-keygen
utilityDeployment
>SSH keys
>Add new SSH key
option/etc/bacularis/Web/
directoryDeployment
>SSH configs
>Add new SSH config
option, select the key previously created, username of remote user with sudo privileges and remote hostDeploy API host
option and select authentication methodUse username and SSH key from SSH config for host
, after entering necessary details about username, hostname, password, and checkUse sudo
boxAfter those steps, Bacularis shows that the first four steps are complete, although, they are not:
![image](https://private-user-images.githubusercontent.com/33502827/332292738-6bf9138e-8eed-4795-b88a-b7d8c437fc1a.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjEzMDU0NzEsIm5iZiI6MTcyMTMwNTE3MSwicGF0aCI6Ii8zMzUwMjgyNy8zMzIyOTI3MzgtNmJmOTEzOGUtOGVlZC00Nzk1LWI4OGEtYjdkOGM0MzdmYzFhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE4VDEyMTkzMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTdjNjE5MTc3YTk3MDQyNjliNzU4OTMyMzhkOGY5N2U5YWU2Y2I4OGZkMDdkODZmYzY3MGE1YWQyNzFiN2Q2YzImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.vvqh6Yn01uxHKFkgzej6_fhjtc6h5x1XYEubYK9irt0)
After logging in to the client machine, there are no additional repository files inside
/etc/apt/sources.list.d/
where they should be, but surprisingly, the/tmp/bacularis-deploy/
folder is created, along with two files:bacularis-api
with 2.7K bytes of text. It seems that these are some sudo settings forwww-data
userbacularis.pub.gpg
with 1.3K byte GPG keyAt the step 4 from the image, the deployment obviously fail, because there are no repository files added on client machine.
Looking at the Bacularis log from
Raw output
tab, everything seems to be normal (full log is in the attachment).Along with the main issue described, there are three additional things that might need to be fixed or modified:
Use username and password
auth method is selected, thessh.conf
file is still provided to the SSH command that Bacularis execute, which is probably not what user want, along with theUse username and SSH key from SSH config for host
option that should be the only one to addssh.conf
to the command.www-data
user and group, and if the user, for an example, try to use that private key to be executed by some bash script defined insideRunScript
block, theJob
will fail, because it is executed asBacula
user, which is not able to access that file. For some users, addingbacula
user towww-data
group might solve the issue, but for me, the Jobs I configured in this manner would not work, until the permissions on file (the private key) were set to bewww-data
user andbacula
group. Just to be clear, I am not saying that there is a problem here, because this might be very specific to the server environment; I am, however, saying that this should be at least mentioned in the troubleshooting section in documentation, because there are probably many users that would simply try to use one key as "backup server key" and try to use it for everything, just to find out that with the default settings the key can not be used by the Bacularis and the Bacula Jobs the same time.The Highlight
To make sure the main issue is not buried in the already long description, I will point it out once again:
The main problem is that Bacularis obviously succeed in making connection and uploading two files to remote host with
scp
, but fail to create the repository lists.Furthermore, by inspecting the executed commands and the client machine, I found out the following:
The Bacularis create a file
/tmp/bacularis-deploy/bacularis.pub.gpg
at client machine, but fail to move it to/usr/share/keyrings/bacularis-archive-keyring.gpg
. The same thing is withbacularis-api
.I didn't manage to find out why simple
mv
command fail, but the state of the files is as described.Also, by looking at the log, there is not anything related to the repositories like with the archive keyring and the bacularis-api file.
At this point, I have no idea why deployment process it not executing the important step and why the
scp
command succeed and simplemv
fail.The workaround for the problem is manually adding keys and repositories and let the deployment process complete installing and configuring Bacularis API host and bacula file daemon, but it certainly is not intended to be done this way, and the errors encountered might be the sign of possible flaws in deployment process, so I am certain it would be beneficial for the project to have this mentioned.
As a small side note, I have replaced the real domain from the log in attachment with "redacted.domain" string to be as a placeholder, but on its place was actually the real FQDN, it was just replaced in the log file after downloading.
bacularis-fail.txt
The text was updated successfully, but these errors were encountered: