Create Task
Maniphest T7645

Setup ssh keys for Gohma backups in ansible
Closed, ResolvedPublic
Actions

Description

In order to do backups via rsync/ssh into Gohma, the source server needs to have a ssh key for the root user, and Gohma needs to have a user account for that source server containing that key in authorized_keys.

Currently that's done by running a one-time script in gohma's ~/bin. It should be handled in the Ansible playbook to configure backups.

Details

Commits
R897:45b8d6755bc7: Use the correct module to install authorized_keys in gohma.
R897:227e990cd8d0: Backups: add necessary configuration to backup into Gohma over rsync.

Related Objects

nalvarez created this task.Dec 25 2017, 6:24 AM
Restricted Application added a subscriber: sysadmin. · View Herald TranscriptDec 25 2017, 6:24 AM
nalvarez added a comment.Dec 25 2017, 6:28 AM

Additionally Gohma's host key should be added to the source server's known_hosts, to avoid getting an interactive prompt the first time the backup runs.

nalvarez added commits: R897:227e990cd8d0: Backups: add necessary configuration to backup into Gohma over rsync., R897:45b8d6755bc7: Use the correct module to install authorized_keys in gohma..Jan 5 2018, 3:17 AM
nalvarez closed this task as Resolved.

This is done in 227e990cd. The only missing piece is adding gohma's host key to known_hosts. There is a task ensuring it's already present, to avoid backups silently failing, but adding it automatically to the known hosts turned out to be harder than I expected, so we'll have to continue doing this manually for new servers.