[oi-dev] Barman packaging

Alexander Pyhalov alp at rsu.ru
Thu Nov 7 16:44:10 UTC 2013 

Hello, people

I'd like someone to review barman component:

https://github.com/pyhalov/oi-userland/commit/b801c9fdbe23664458f97f0021983a45aec374c5


The most interesting part for me is RBAC. I hope I made it correctly.

Briefly, barman is supposed to run under postgres. postgres user from PG 
server should access backup server via ssh (barman account is used for 
this) to store WAL files. And postgres user from Backup server should 
access backup via ssh (using barman account) to rsync data directory. 
barman uses rsync, so it should be able to read $PGDATA (so we have 
exec_attr).

If someone interested in testing, don't forget to
a) mkdir -p /var/barman/backup/main/incoming/  (as postgres) - this is 
default incoming directory for WALs in [main] config
It seems it should be created on first backup, but it is not.

b) add the following to postgresql.conf:
wal_level = archive
archive_mode = on
archive_command = 'rsync -a %p 
barman at localhost:/var/barman/backup/main/incoming/%f'

/var/barman/backup/incoming  comes from output of "barman show-server 
main" - incoming_wals_directory .

To test you can try
"barman backup main"
"barman list-backup main"
-- remember backup id - something like 20131107T200805

"barman recover --remote-ssh-command="ssh barman at localhost"  main 
20131107T200805 /tmp/data"

or just

"barman recover main 20131107T200805 /tmp/data"


On 11/07/2013 12:03, Nikola M. wrote:
> On 11/ 7/13 08:39 AM, Alexander Pyhalov wrote:
>>
>> The most interesting part is that barman has to run rsync with
>> postgres euid on remote site (to access DB files ) and with barman
>> euid on local (to access backup files). I think that converting
>> postgres from role to user is more straightforward than trying to
>> create necessary RBAC policy.
>
> I think that local implementations and needs should not dictate what
> will be changed in OS distribution itself.
> If people don't know how to use RBAC they should learn it (me included)
> if programs needed to run on OI don't support platform, they shoud be
> patched to work right.
>
> I don't understand why I should loose PostgreSQL role on all systems I
> would probably install in the future, because someone personally had a
> problem with one program not made for the platform.
> And what it has to do with that particular implementation of external
> program
> and what rsync have to do with Solaris roles.



-- 
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University

More information about the oi-dev mailing list