[rsnapshot-discuss] rsnapshot + rsync daemon via remote-shell

Discussion:

Sylvain Beucler

2007-04-05 09:52:11 UTC

Hi,

I'm doing backups using the feature described in the rsync man page
section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
(no shouting intended :))

Something like:
rsync -a --hard-links --sparse --delete-excluded --numeric-ids \
--link-dest=/mnt/backup/mercure/copy/ \
-e 'ssh -i /root/.ssh/backup' \
***@mercure::root /mnt/backup/mercure/copy.new/

On the remote site, there's a kind of restricted shell (through
authorized_keys "command=") with a specific rsyncd configuration that
offers read-only access to '/' as module 'root'. This offers an
authenticated, encrypted, read-only remote rsync access. I haven't
found a better way to access a remote system via rsync :)

I can't get it to work in rsnapshot for 2 reasons:

- rsnapshot doesn't recognize rsync-***@host::module as an ssh path
(which is logic, it isn't a ssh path in this case unless '-e' is
explicitely specified), so it doesn't use 'ssh_args'.

- If I use +rsync_long_args=--rsh='ssh -i/root/.ssh/backup', rsnapshot
"cuts" the command line:

/usr/bin/rsync -aq --delete --numeric-ids --relative --delete-excluded \
--exclude=/dev/pts/* --exclude=/proc/* --exclude=/sys/* \
--exclude=/mnt/*/* --exclude=/var/cache/apt/archives/* --rsh='ssh \
-i/root/.ssh/backup' ***@mercure::root \
/var/cache/rsnapshot/daily.0/mercure/

which makes rsync complain:

rsync: -i/root/.ssh/backup': unknown option

I guess rsnapshot should take quotes into accounts when cutting the
command line.

How do you see fixing this issue cleanly?
I'd like to see this access method supported :)

Thanks,

--
Sylvain

David Keegel

2007-04-06 02:08:49 UTC

Permalink

Post by Sylvain Beucler
Hi,
I'm doing backups using the feature described in the rsync man page
section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
(no shouting intended :))
rsync -a --hard-links --sparse --delete-excluded --numeric-ids \
--link-dest=/mnt/backup/mercure/copy/ \
-e 'ssh -i /root/.ssh/backup' \
On the remote site, there's a kind of restricted shell (through
authorized_keys "command=") with a specific rsyncd configuration that
offers read-only access to '/' as module 'root'. This offers an
authenticated, encrypted, read-only remote rsync access. I haven't
found a better way to access a remote system via rsync :)
(which is logic, it isn't a ssh path in this case unless '-e' is
explicitely specified), so it doesn't use 'ssh_args'.

Well spotted. Rsnapshot 1.3.0 passes ssh_args only if you use ssh syntax
(***@host:/path), not if you use rsync daemon syntax (rsync://...) or
cwrsync syntax (***@host::sharename).

Should future versions of rsnapshot always pass ssh_args (if set) for
both rsync daemon syntax and cwrsync syntax?

Is there much risk that this might surprise people who have a combination
of ssh syntax and rsyncd or cwrsync, and suddenly see ssh_args passed
to the non-ssh backups? If this concerned a user, I'm not sure if they
could tell rsnapshot not to use ssh_args for rsyncd or cwrsync backups.
Would it make sense to use ssh_args for one of rsyncd and cwrsync but
not the other?

Speaking of rsyncd and cwrsync syntax, rsnapshot has code to add a 'q'
(quiet) option to rsync when using rsyncd and cwrsync, unless you have
verbose level 4. I find this annoying personally, and would rather
remove this code, unless someone thinks it is worthwhile keeping.

(I have rsnapshot configs that have verbose=2 and +rsync_long_args=-v
on some rsyncd backups and having -q auto-added is silly in that case.)

Post by Sylvain Beucler
- If I use +rsync_long_args=--rsh='ssh -i/root/.ssh/backup', rsnapshot
I guess rsnapshot should take quotes into accounts when cutting the
command line.

I think David Cantrell made significant improvements to this after
rsnapshot 1.3.0 was released. I guess I should get my act into gear
about getting a new version of rsnapshot built & released.

___________________________________________________________________________
David Keegel <***@cybersource.com.au> http://www.cyber.com.au/users/djk/
Cybersource P/L: Linux/Unix Systems Administration Consulting/Contracting

Sylvain Beucler

2007-04-06 08:54:33 UTC

Permalink

Post by David Keegel
Well spotted. Rsnapshot 1.3.0 passes ssh_args only if you use ssh syntax
Should future versions of rsnapshot always pass ssh_args (if set) for
both rsync daemon syntax and cwrsync syntax?

I don't think so: ***@host::sharename without '-e' means "use the
rsync protocol" (port 873), while with '-e' it means "ssh and start a
remote daemon" (tunnel).

I got it to work by using
+rsync_long_args=-e 'ssh'
and naming my key "id_dsa" instead of "backup".

I think the best way is to fix the command line builder to it doesn't cut:
+rsync_long_args=-e 'ssh -i/root/.ssh/backup'
The culprit seems to be line 709:
@script_argv = split(/\s+/, $full_script);
which doesn't take quotes into account.

Cheers,

--
Sylvain

David Cantrell

2007-04-12 15:54:14 UTC

Permalink

Post by Sylvain Beucler
+rsync_long_args=-e 'ssh -i/root/.ssh/backup'
@script_argv = split(/\s+/, $full_script);
which doesn't take quotes into account.

You're definitely using an old version of rsnapshot there. Upgrading to
1.3.0 should fix this issue for you.

--
David Cantrell | Hero of the Information Age

Are you feeling bored? depressed? slowed down? Evil Scientists may
be manipulating the speed of light in your vicinity. Buy our patented
instructional video to find out how, and maybe YOU can stop THEM

David Cantrell

2007-04-12 15:45:58 UTC

Permalink

Post by David Keegel

Post by Sylvain Beucler
rsync -a --hard-links --sparse --delete-excluded --numeric-ids \
--link-dest=/mnt/backup/mercure/copy/ \
-e 'ssh -i /root/.ssh/backup' \
(which is logic, it isn't a ssh path in this case unless '-e' is
explicitely specified), so it doesn't use 'ssh_args'.

Well spotted. Rsnapshot 1.3.0 passes ssh_args only if you use ssh syntax
Should future versions of rsnapshot always pass ssh_args (if set) for
both rsync daemon syntax and cwrsync syntax?

I suppose so - it *is* legal, as demonstrated above, to do so.

Post by David Keegel
Is there much risk that this might surprise people who have a combination
of ssh syntax and rsyncd or cwrsync, and suddenly see ssh_args passed
to the non-ssh backups? If this concerned a user, I'm not sure if they
could tell rsnapshot not to use ssh_args for rsyncd or cwrsync backups.
Would it make sense to use ssh_args for one of rsyncd and cwrsync but
not the other?

Hrrm. I think we're going to need another config option here, and then
pass it as an extra parameter to particular backups. The default should
remain as it is (ie, only pass ssh_args for ssh syntax) but have the
ability to selectively turn it on for rsync syntax as well.

I'm a bit busy at the moment, so if anyone else wants to come up with a
patch please do!

Post by David Keegel
Speaking of rsyncd and cwrsync syntax, rsnapshot has code to add a 'q'
(quiet) option to rsync when using rsyncd and cwrsync, unless you have
verbose level 4. I find this annoying personally, and would rather
remove this code, unless someone thinks it is worthwhile keeping.
(I have rsnapshot configs that have verbose=2 and +rsync_long_args=-v
on some rsyncd backups and having -q auto-added is silly in that case.)

Agreed. If people want to force quietness, they can put it in
rsync_short_args.

Post by David Keegel

Post by Sylvain Beucler
- If I use +rsync_long_args=--rsh='ssh -i/root/.ssh/backup', rsnapshot
I guess rsnapshot should take quotes into accounts when cutting the
command line.

I think David Cantrell made significant improvements to this after
rsnapshot 1.3.0 was released.

Nope, it's in 1.3.0.

--
David Cantrell | http://www.cantrell.org.uk/david