Improve Backup/Restore/Migration docs, add v3 instructions #133
Conversation
rocodes
changed the title
rocodes
force-pushed
the
docs-v3-restore
branch
from
16c9515
to
b7cfbf6
Compare
|
(Taking a first pass.) |
|
Thanks @rocodes for filling in some very important detail for these instructions! Left some comments based on my initial review; the structural question may be easier to talk through synchronously esp. with @zenmonkeykstop to figure out what we want to address in the docs revision now, vs. defer to later. |
|
@eloquence these comments are great, thank you. It was a little challenging figuring out how to clarify the steps here. First round of revisions coming later today. |
rocodes
force-pushed
the
docs-v3-restore
branch
2 times, most recently
from
0de9f22
to
151175d
Compare
docs/backup_and_restore.rst
Outdated
| - Restoring the backup to the new installation; | ||
| - Repairing Tor credentials for the new installation. | ||
|
|
||
| Detailed Migration Instructions |
There was a problem hiding this comment.
These instructions are a bit complex and branching - it might make sense to split them into 3 sections as follows:
- v3-only - this should be simple:
- copy
tor_v3_keys.jsonto the fresh clone of securedrop, - then proceed with a fresh install
- and then restore from the backup
- v2+v3 - actually, this will be the same as v3-only, as who cares about the v2 ssh setup, it's not used. You can copy app's
*thsfiles as below if you want thessh app-legacyandssh mon-legacycommands to work - v2-only - this one is probably the most complex - you will need to
- copy app's
*thsfiles from old install, do a fresh install, - restore from backup (which will fail with an error that says to run tailsconfig)
- copy app's
*thsfiles into place, - run tailsconfig,
- then run restore again.
The trick here is that you don't have to rebuild mon's config for v2, you can just set up a new ssh config. Also for the configs with a v3 element, all you should need is the tor_v3_keys.json file.
(Also I may be missing steps here, it's been a while!)
There was a problem hiding this comment.
Ooh also you'll need to copy keys from securedrop.old and you might as well copy site-specific while you're in there.
There was a problem hiding this comment.
Or you could skip the new clone and just move files you don't want out of the way....
There was a problem hiding this comment.
So, what's the scenario in which we want to support them preserving v2 as part of a migration/reinstall? Should we just make it explicit that they should migrate to v3 while they're there? These docs didn't use to exist at all, if we add them now, it feels like we might as well make them v3-only.
There was a problem hiding this comment.
Hypothetically? Someone may have a downed v2 instance with an old backup available, and they may want to restore it before migrating. Or they have some other reason unique to them for going right up to the wire on v2. But adding a "Data-only migration to v3" option might not be a bad idea. something like...
If you want to restore the data from a backup on a fresh instance with new onion service addresses:
- complete the fresh install first
- copy the backup file FILENAME to install_files/ansible base
- run
./securedrop-admin restore --preserve-tor-config FILENAME
...would do the trick. (this is v2/v3 only but if we disable new v2 installs next release that's a strong hint.)
There was a problem hiding this comment.
So the "data-only migration to v3" section is in here, more opaquely referred to as "Restoring Data Without Restoring Tor Configuration", and is for the case of instances with a v2 backup file who want to recover data (ahem, if certain deadlines are missed).
I think there's an argument for skipping the v2-only hardware migration instructions, and telling users to contact Support. As soon as we stop allowing v2 onion services on fresh installs, the v2 migration instructions won't work. However, since they are written up I'm including them for now anyone says otherwise, and we can remove them in a few weeks' time.
There was a problem hiding this comment.
However, since they are written up I'm including them for now
Sounds reasonable; perhaps we can just add a blurb at the top of the section, e.g.:
If you are migrating or restoring an installation using v2 onion services, please be aware that support for them will be removed from SecureDrop starting in March 2021. We encourage you to migrate to v3 onion services as part of any migration. To do so, reinstall SecureDrop with v3 onion services enabled and restore your data without overwriting the generated Tor configuration [link to section]. The instructions for users of v2 onion services below will be removed in a future release.
There was a problem hiding this comment.
Added in note on depreciation in 254b0d9, and also split out migration instructions by onion services version.
|
I've addressed @zenmonkeykstop's minor edits (for typos etc) in 254b0d9, and also taken a stab at the restructuring/splitting into sections via onion service. His workflow is slightly different than the one I used (and I think his is better), but I haven't tested each path yet so I still consider this WIP. |
rocodes
force-pushed
the
docs-v3-restore
branch
from
d913113
to
254b0d9
Compare
|
Thanks @rocodes. I've taken another visual spin through, and it looks great to me. @rocodes and @zenmonkeykstop: What level of additional technical review would you recommend for these changes? My main concern is that stepping through a full migration, let alone all 3, will take significant time. Perhaps we should decouple this specific docs update from the 1.7.0 release timetable? |
|
I would like to step through all the migration paths on Monday before asking for anyone else's review, and I think that's doable. I think it's reasonable to decouple this from 1.7.0 and land it even a day or two after release day. |
|
@zenmonkeykstop: on the v3 scenario, I'm not having success with the workflow you suggested. Specifically, after the |
|
Here are the v3 steps that worked for me @zenmonkeykstop, could use your eye before I write it up.
|
Add hardware migration instructions
docs/backup_and_restore.rst
Outdated
|
|
||
| .. tip:: Although it varies, the average throughput of an onion service is | ||
| about 300 kB/s, or roughly 2 hours for 2GB. Plan your backup and | ||
| about 3 Mbps, or roughly 90 minutes for 2GB. Plan your backup and | ||
| restore accordingly. | ||
|
|
||
| You can use the following command to determine the volume of submissions | ||
| currently on the *Application Server*: log in over SSH and run | ||
| ``sudo du -sh /var/lib/securedrop/store``. |
There was a problem hiding this comment.
This could be made a one-liner from the Admin WS terminal, eg:
...
To check the disk space occupied by your submissions, open a Terminal on the Admin Workstation via Applications > System Tools > Terminal and run the command:
ssh app sudo du -sh /var/lib/securedrop/store
...
(Also might be good to put in its own code block for readability/copypastiness.)
There was a problem hiding this comment.
fixed in 5c29677 (& all such code-blocks also)
docs/backup_and_restore.rst
Outdated
| approximate size of the backup file (since the majority of the backup | ||
| archive is the stored submissions), and Tails' **Disks** utility to | ||
| see how much free space you have on your persistent volume. | ||
| Run ``git describe --exact-match`` to verify that you have a tagged SecureDrop |
There was a problem hiding this comment.
This step may no longer be necessary, as there's a change on develop securedrop to enforce a version check (thanks @eloquence ).
There was a problem hiding this comment.
I would suggest conservatism until after April 30, given that out-of-date workstations will not have this change when it's needed, and so the check should still be performed manually during migrations. Agree that the 0.12.0 reference should go though.
docs/backup_and_restore.rst
Outdated
| archive is the stored submissions), and Tails' **Disks** utility to | ||
| see how much free space you have on your persistent volume. | ||
| Run ``git describe --exact-match`` to verify that you have a tagged SecureDrop | ||
| release, 0.12.0 or newer, checked out. |
There was a problem hiding this comment.
And IMO this should just say "the latest version" regardless. No reason not to recommend to people to keep their sticks updated.
docs/backup_and_restore.rst
Outdated
| The instructions differ depending on which onion services version | ||
| your instance is using. | ||
|
|
||
| * :ref:`Instances using v3 onion services <migrate_v3>` |
There was a problem hiding this comment.
Unclear whether this refers to the instance that was backed up, or the target instance.
There was a problem hiding this comment.
fixed in 5c29677, and addressed all other comments in same commit
docs/backup_and_restore.rst
Outdated
| '''''''''''''''''''''''''''''''''''''''''''''''''''''''''' | ||
| #. :ref:`Back up the existing installation <backing_up>`. | ||
|
|
||
| #. **Preserve files and credentials**: Create a folder to |
There was a problem hiding this comment.
You could simplify this by just renaming the existing securedrop to securedrop.old without copying anything. Then you can reference it directly in the instructions below.
docs/backup_and_restore.rst
Outdated
|
|
||
| #. **Reinstall SecureDrop on new hardware:** Re-clone the SecureDrop repository. | ||
|
|
||
| Copy the ``.asc`` files and the ``tor_v3_keys.json`` file into |
There was a problem hiding this comment.
To reduce the chance of user error, the commands should be explicit and preferably code-blocked.
docs/backup_and_restore.rst
Outdated
|
|
||
| ./securedrop-admin restore sd-backup-<your_backup_file>.tar.gz | ||
|
|
||
| #. **Delete temporary files**: Remove any temporary files or directories |
There was a problem hiding this comment.
Could be an optional step as they may wanna keep securedrop.old around for safety's sake.
docs/backup_and_restore.rst
Outdated
| The ``app_ssh_url`` portion is your SSH service .onion address for the | ||
| *Application Server*. | ||
|
|
||
| #. **Fix Tor Credentials:** |
There was a problem hiding this comment.
This doesn't affect tor credentials, but SSH host keys.
docs/backup_and_restore.rst
Outdated
| - ``tor_v3_keys.json`` | ||
| - All ``.asc`` files (these correspond to your *Submission Public Key*, your OSSEC alerts public key, and (if configured) your journalist alerts public key | ||
| - The file ``~/Persistent/securedrop/install_files/ansible-base/group-vars/all/site-specific`` | ||
| - (optional) ``app-ssh-aths`` and ``mon-ssh-aths``, if you wish to reinstate the ``app-ssh-legacy`` and ``mon-ssh-legacy`` commands |
There was a problem hiding this comment.
mon isn't affected by the restore, so the monitor server after the restore will still have its address from the fresh install. This means there's some divergence between how to handle v2 and v3 in this case. You can just retain the fresh install mon-ssh-aths in the v2 case, but you would need to update the original tor_v3_keys.json, adding in the mon-ssh keypair from the fresh install's tor_v3_keys.json, before running either tailsconfig (which will update the auth_private file) or install (which will update the client auth files on the server).
| #. **Delete temporary files**: Remove any temporary files or directories | ||
| you created as you performed this migration, including the | ||
| ``securedrop.old`` directory. | ||
|
|
There was a problem hiding this comment.
There's one other restore/migrate case to consider based on changes in freedomofpress/securedrop#5677 - namely the v2+v3 -> v3 one (previously didn't work but now unblocked)
There was a problem hiding this comment.
See my comment- I have addressed this in a note in front of the v2+v3 instructions, indicating that migrating to Ubuntu 20.04 --> follow the v3-only instructions.
- write up v3 steps - pull shared instructions into `includes` file - rebase onto latest main
rocodes
force-pushed
the
docs-v3-restore
branch
from
254b0d9
to
5c29677
Compare
|
@zenmonkeykstop: I think I've addressed all your comments. I also stepped through the v3 instructions again last night.
|
|
^^ one thing to note about patched-in changes below - the migration instructions include a tag verification/checkout step, which currently refers to 1.7.1. It should be 1.8.0, this is updated by update_version.sh which will be run prior to pushing to stable. |
|
Closing in favour of #168 |
Include backup and restore instructions for v3 onion services. Add hardware migration instructions for v3 onion services and for cases where onion credentials may not be restored.
Status
Work in progress
Description of Changes
Description: Update Restore/Migration docs to include steps for v3 services. Slight edits to condense existing Backup/Restore copy. WIP: would appreciate review.
Fixes Issue Add docs on v3 onion service restore-from-backup story #36
Testing
manual review
Release
none
Checklist (Optional)
make docs-lint) passed locallymake docs-linkcheck) passedmake docs) docs at http://localhost:8000