Hello, people
I'd like someone to review barman component:
https://github.com/pyhalov/oi-userland/commit/b801c9fdbe23664458f97f0021983a45aec374c5
The most interesting part for me is RBAC. I hope I made it correctly.
Briefly, barman is supposed to run under postgres. postgres user from PG
server should access backup server via ssh (barman account is used for
this) to store WAL files. And postgres user from Backup server should
access backup via ssh (using barman account) to rsync data directory.
barman uses rsync, so it should be able to read $PGDATA (so we have
exec_attr).
If someone interested in testing, don't forget to
a) mkdir -p /var/barman/backup/main/incoming/ (as postgres) - this is
default incoming directory for WALs in [main] config
It seems it should be created on first backup, but it is not.
b) add the following to postgresql.conf:
wal_level = archive
archive_mode = on
archive_command = 'rsync -a %p
barman@localhost:/var/barman/backup/main/incoming/%f'
/var/barman/backup/incoming comes from output of "barman show-server
main" - incoming_wals_directory .
To test you can try
"barman backup main"
"barman list-backup main"
-- remember backup id - something like 20131107T200805
"barman recover --remote-ssh-command="ssh barman@localhost" main
20131107T200805 /tmp/data"
or just
"barman recover main 20131107T200805 /tmp/data"
On 11/07/2013 12:03, Nikola M. wrote:
On 11/ 7/13 08:39 AM, Alexander Pyhalov wrote:
The most interesting part is that barman has to run rsync with
postgres euid on remote site (to access DB files ) and with barman
euid on local (to access backup files). I think that converting
postgres from role to user is more straightforward than trying to
create necessary RBAC policy.
I think that local implementations and needs should not dictate what
will be changed in OS distribution itself.
If people don't know how to use RBAC they should learn it (me included)
if programs needed to run on OI don't support platform, they shoud be
patched to work right.
I don't understand why I should loose PostgreSQL role on all systems I
would probably install in the future, because someone personally had a
problem with one program not made for the platform.
And what it has to do with that particular implementation of external
program
and what rsync have to do with Solaris roles.
--
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University
_______________________________________________
oi-dev mailing list
[email protected]
http://openindiana.org/mailman/listinfo/oi-dev
