I do something similar in cfengine. In essence (I can post the files here if there is interest), insure the backuppc user is created, make sure it has keys. I also use the backuppc user to perform backups (backuppc -> root was just had too many security implications), so I make sure that the necessary lines are in /etc/sudoers.
--b On Sun, May 23, 2010 at 10:14 PM, higuita <[email protected]> wrote: > Hi all > > On Sat, 22 May 2010 03:01:40 +0100, Lluis <[email protected]> wrote: > > Any idea about this. The objective is to achive an almost automatic > > configuration for my backup system. > > there is no silver bullet, as each setup might be different, > but i use a couple of scripts: > > script to install the ssh keys for root user, run by > "install-root.sh backup_machine_name" > > #!/bin/bash > if [ -z $1 ] ; then > echo install-root.sh [hostname] > exit 1 > fi > > scp ~/.ssh/id_rsa.pub ~/Scripts/fix-key.sh r...@$1:/tmp/ > ssh r...@$1 '/tmp/fix-key.sh > cp ~/.ssh/known_hosts ~backuppc/.ssh/known_hosts > echo "add to backuppc?" > read a > if [ "$a" == "y" ] ; then > ~/Scripts/new-pc.sh $1 > fi > > This script copies the fix-key.sh to the machine and run > it (if the remote machine dont have root active, just use the > "sudo /tmp/fix-key.sh"). In the fix-key.sh i have: > > #!/bin/bash > test -d ~root/.ssh/ || mkdir ~root/.ssh/ > cat /tmp/id_rsa.pub >> ~root/.ssh/authorized_keys > # fix owner > chown -R root:root ~root/.ssh || chown -R root:wheel ~root/.ssh > # only root and admin can use ssh > echo AllowUsers root admin >> /etc/sshd_config > rm /tmp/id_rsa.pub /tmp/fix-key.sh >/dev/null 2>&1 > > > Its not perfect, running several times will add several AllowUsers > lines and the chown may give error output, but i can live with it :) > > after the remote install, i add the new machine to the backuppc, > the new-pc.sh is this: > > #!/bin/bash > set -x > if [ -z $1 ] ; then > echo new-pc.sh [hostname] > exit 1 > fi > > i=$1 > cd /root/Scripts || exit 2 > > test -f /etc/backuppc/$i.pl && echo $i already there && exit 3 > echo "$i 0 admin unix" >> /etc/backuppc/hosts > cp -i /etc/backuppc/+template+.pl /etc/backuppc/$i.pl > chown backuppc:www-data /etc/backuppc/$i.pl > > # edit any special requirement for the new host > nano /etc/backuppc/$i.pl > /etc/init.d/backuppc reload > > I have the +template+.pl the normal config for my hosts and > edit that file to fine tune any special requirement for a host > > this is the generic unix script, macosx is almost the same, the > initial script is the install-admin.sh, that just change the > remote user to admin and uses the sudo to execute the remote script. > > For windows its almost the same, and i already publish it in this > comment (next with a ready to use zip client package) > > http://www.goodjobsucking.com/?p=62&cpage=2#comment-3777 > > > so, to finish, this isnt totally automatic, but requires > little input (mostly the passwords, specially if you comment > the nano entry) > > If you do a list of machines to install, doing a for cycle > to install then all isnt hard. if the password is the same, > perfect, copy it to the clipboard and you just have to paste > it. > > Good luck > -- > Naturally the common people don't want war... but after all it is the > leaders of a country who determine the policy, and it is always a > simple matter to drag the people along, whether it is a democracy, or > a fascist dictatorship, or a parliament, or a communist dictatorship. > Voice or no voice, the people can always be brought to the bidding of > the leaders. That is easy. All you have to do is tell them they are > being attacked, and denounce the pacifists for lack of patriotism and > exposing the country to danger. It works the same in every country. > -- Hermann Goering, Nazi and war criminal, 1883-1946 > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > BackupPC-users mailing list > [email protected] > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > >
------------------------------------------------------------------------------
_______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
