New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow non-interactive rsync authentication #2011
Allow non-interactive rsync authentication #2011
Conversation
…ion using rsync protocol. Now, one can use RSYNC_OPTIONS to authenticate using the "--password-file=/full/path/to/file" rsync's option. I already fixed the missing username at checking stage. On branch feature/allow_rsync_user_and_options Changes to be committed: modified: usr/share/rear/output/RSYNC/default/200_make_prefix_dir.sh modified: usr/share/rear/output/RSYNC/default/900_copy_result_files.sh modified: usr/share/rear/prep/RSYNC/default/100_check_rsync.sh
@ivarmu Why did you not use the
If the above works then this PR is not required anymore. |
If I remember correctly, the first steps involve a simple ssh/rsync
conection to check connectivity, and as per this step, I think
BACKUP_RSYNC_OPTIONS is not the most convenient variable to be used.
What do you think?
Thanks!
Ivan
El vie., 28 dic. 2018 12:48, gdha <notifications@github.com> escribió:
… @ivarmu <https://github.com/ivarmu> Another remark - why did you not use
the BACKUP_RSYNC_OPTIONS variable to add your additional option
--password-file=/full/path/to/file? You could accomplish this in the
local.conf file:
For example:
BACKUP_RSYNC_OPTIONS=( "${BACKUP_RSYNC_OPTIONS[@]}" --password-file=/full/path/to/file )
If the above works then this PR is not required anymore.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2011 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AZlFm4ENOKSKiOFMYfryX8Rhjzb7z843ks5u9gUKgaJpZM4Zh6-X>
.
|
@ivarmu I believe if we can enhance script |
I am not a In general: When we already have a config variable for a particular But then the config variables must have meaningful separated names In this case it means if two config variables are needed here To me it looks as if RSYNC_OPTIONS specifies generic options But the current changes here do not apply RSYNC_OPTIONS By the way: I wonder how making the backup with A side note FWIW: What even more confuses me is that we have in default.conf (excerpts): BACKUP_OPTIONS= ... # NOTE: The BACKUP_* variables relate to ALL builtin backup methods ! # (NETFS, ISO, TAPE ...) BACKUP_PROG=tar ... BACKUP_PROG_OPTIONS=( "--anchored" ) ... BACKUP_PROG_COMPRESS_OPTIONS=( --gzip ) ... BACKUP_RSYNC_OPTIONS=(--sparse --archive --hard-links --numeric-ids --stats) It seems we got from the past some mess with our |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ivarmu
each config variable that is meant to be specified by the user (if needed)
must be at least described in usr/share/rear/conf/default.conf
and set to a reasonable default value if possible
(i.e. except exceptions like TMPDIR).
…ion using rsync protocol. Now, one can use BACKUP_RSYNC_OPTIONS to authenticate using the "--password-file=/full/path/to/file" rsync's option. I already fixed the missing username at checking stage. I already fixed uefi-funcions.sh (I'm on Fedora29) as described at #1996 I already changed the behaviour of --fake-root on rsync protocol versions < 29, as it may not return an error it the option is not used at all. Changes to be committed: modified: usr/share/rear/lib/uefi-functions.sh modified: usr/share/rear/output/RSYNC/default/200_make_prefix_dir.sh modified: usr/share/rear/output/RSYNC/default/900_copy_result_files.sh modified: usr/share/rear/prep/RSYNC/default/100_check_rsync.sh modified: usr/share/rear/prep/RSYNC/default/150_check_rsync_protocol_version.sh
Hi all, as per I can see, RSYNC_OPTIONS is already defined somewhere at rear code and translated to BACKUP_RSYNC_OPTIONS at /usr/share/rear/prep/default/020_translate_url.sh
Anyway, we are only talking about a variable name and it's related documentation, so I'm changing the PR to use BACKUP_RSYNC_OPTIONS instead RSYNC_OPTIONS, although I think we should make that two concepts differentiated, as commented by @jsmeix . I'm introducing another change to the rsync checkings, concretely I've changed the behaviour of --fake-root on rsync protocol versions < 29, as it may not return an error it the option is not used at all. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not a rsync user so that I cannot review the details here
but from plain looking at the code it looks o.k. to me.
@ivarmu
use
|
@ivarmu |
Nice @jsmeix. I've changed all the needed files (I'm pushing a new commit) and use only the BACKUP_RSYNC_OPTIONS. I'm already loging the obsolescence of RSYNC_OPTIONS at 020_translate_url.sh file. |
added comment about RSYNC_OPTIONS obsolescence Changes to be committed: modified: usr/share/rear/backup/RSYNC/GNU/Linux/610_start_selinux.sh modified: usr/share/rear/backup/RSYNC/GNU/Linux/620_force_autorelabel.sh modified: usr/share/rear/backup/RSYNC/default/700_copy_backup_log.sh modified: usr/share/rear/prep/default/020_translate_url.sh
@ivarmu
I would also tell the user on his terminal about it via
or as you like via LogPrintError (that won't exit as the
see the LogUserOutput and LogPrintError and their |
@gdha
shouldn't that better be something like
so that the BACKUP_RSYNC_OPTIONS from default.conf are kept? |
In
so RSYNC_OPTIONS was an array so that in
or
|
I preffer LogUserOutput option. I'm updating code. |
I don't know what the meaning/usage of RSYNC_OPTIONS was, too, as it existed previously and that is my first PR on ReaR code. I agree with you, but think maybe there's a reason to stay like that... isn't that supposed to let "site.conf" (for example) to override the defaults? That could be an explanation. Doesn't matter if it could be an array or not, as bash interpretes both as well. |
Regarding my last comment, a correct option would be:
but it does'nt matter if one do:
That would work as well. |
@ivarmu
In general using ${VAR[*]} is problematic and using ${VAR[@]} without |
@jsmeix #2011 (comment) I think |
Yes, I Know that, but I can't find any code at ReaR looping through the BACKUP_RSYNC_OPTIONS as would be expected for an array to be managed (you can "grep -R BACKUP_RSYNC_OPTIONS" and see no for/while/do is involved). Anyway... RSYNC_OPTIONS is obsoleted... so I'm happy with the current assignation, as had been working since today... I can change it to the following if you prefer...
|
Perfectly fine with me to remove RSYNC_OPTIONS support. The only place where it appears is in prep/default/020_translate_url.sh But I would not like to let users who may still use RSYNC_OPTIONS Therefore I suggest to replace in prep/default/020_translate_url.sh
with
|
Perfect for me too, pushing another commit 👍 |
Changes to be committed: modified: usr/share/rear/prep/default/020_translate_url.sh
FWIW, I find prefixing the variable with I find it important that |
I've given you more diversion! 😊 |
A a result of this PR there are now some places where Also, I am surprised that
have you tested restoring with rsync and non-interactive authentication? |
Error "rsync --fake-super not possible on system ($RSYNC_HOST) (please upgrade rsync to 3.x)" | ||
else | ||
Log "Warning: rsync --fake-super not possible on system ($RSYNC_HOST) (please upgrade rsync to 3.x)" | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose the intent was to not abort in the case when the rsync daemon is used, where we assume that version is 29. This whole part could never work properly though. There is a typo, the use of [@]
is wrong (you need [*]
with quotes to prevent word splitting) and the intent is wrong: if the protocol is 29, we should abort unconditionally, because we need fake super, even if not specified in BACKUP_RSYNC_OPTIONS
. --rsync-path="rsync --fake-super"
will not work for tthe rsync daemon connection anyway.
Relax-and-Recover (ReaR) Pull Request Template
Please fill in the following items before submitting a new pull request:
Pull Request Details:
Type: Enhancement
Impact: Low
Reference to related issue (URL): No issue existing
How was this pull request tested?: at my installation:
`
Source system: Fedora release 28
ReaR Version: rear-2.4-1.fc28.x86_64
Remote system: QNAP TS-253A (Version QTS 4.3.4 (20180830))
`
I've added the correct variables to allow non-interactive authentication using rsync protocol. Now, one can use RSYNC_OPTIONS to authenticate using the "--password-file=/full/path/to/file" rsync's option.
I already fixed the missing username when rsync protocol at checking stage.