#2845 Issue closed: Password-less Borg backup via ssh (without BORGBACKUP_USERNAME) not (yet) supported¶
Labels: enhancement, needs sponsorship, external tool,
no-issue-activity
ZENAdmin-Ops opened issue at 2022-07-31 05:34:¶
Relax-and-Recover (ReaR) Issue Template¶
Fill in the following items before submitting a new issue
(quick response is not guaranteed with free support):
-
ReaR version ("/usr/sbin/rear -V"): 2.6
-
OS version ("cat /etc/os-release" or "lsb_release -a" or "cat /etc/rear/os.conf"): Ubuntu 22.04 LTS
-
ReaR configuration files ("cat /etc/rear/site.conf" and/or "cat /etc/rear/local.conf"):
sudo cat /etc/rear/off-site_borg_backup.conf
this_file_name=$( basename ${BASH_SOURCE[0]} )
LOGFILE="$LOG_DIR/rear-$HOSTNAME-$WORKFLOW-${this_file_name%.*}.log"
BACKUP=BORG
BORGBACKUP_HOST="bbox3.zeb.net.au"
# BORGBACKUP_PORT=3333
# BORGBACKUP_USERNAME="zen"
BORGBACKUP_REPO="/media/ZEN/REAR-000/Borg_Off-site"
BORGBACKUP_ARCHIVE_PREFIX="BorgOffsite"
# BORGBACKUP_UMASK="0002"
BACKUP_ONLY_INCLUDE="yes"
BACKUP_PROG_INCLUDE=( '/home/' )
BORGBACKUP_PRUNE_KEEP_DAILY=7
BORGBACKUP_PRUNE_KEEP_WEEKLY=5
BORGBACKUP_PRUNE_KEEP_MONTHLY=13
BORGBACKUP_PRUNE_KEEP_HOURLY=24
BORGBACKUP_PRUNE_KEEP_YEARLY=2
BORGBACKUP_COMPRESSION="zlib,9"
BORGBACKUP_ENC_TYPE="keyfile"
COPY_AS_IS_BORG=( "$ROOT_HOME_DIR/.config/borg/keys/" )
export BORG_KEYS_DIR=( "$ROOT_HOME_DIR/.config/borg/keys/" )
export BORG_PASSPHRASE='some_secret_text'
export BORG_RELOCATED_REPO_ACCESS_IS_OK="yes"
export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK="yes"
export BORG_REMOTE_PATH="/media/zen/REAR-000/Borg_Off-site"
-
Hardware vendor/product (PC or PowerNV BareMetal or ARM) or VM (KVM guest or PowerVM LPAR): Hyper-V VM
-
System architecture (x86 compatible or PPC64/PPC64LE or what exact ARM device):
-
Firmware (BIOS or UEFI or Open Firmware) and bootloader (GRUB or ELILO or Petitboot):
-
Storage (local disk or SSD) and/or SAN (FC or iSCSI or FCoE) and/or multipath (DM or NVMe):
-
Storage layout ("lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,LABEL,SIZE,MOUNTPOINT"):
-
Description of the issue (ideally so that others can reproduce it):
I'm unable to perform off-site Borg backup via ssh using ReaR.
I can perform an off-site Borg backup via ssh using Borg.
Using the same remote host, I can perform an off-site ReaR backup (NETFS) via sshfs. So the remote access via ssh is generally working and Borg is working on the remote host.
-
Workaround, if any:
None at this stage -
Attachments, as applicable ("rear -D mkrescue/mkbackup/recover" debug log files):
To paste verbatim text like command output or file content,
include it between a leading and a closing line of three backticks like
So I create the Borg repo and first archive manually to confirm that it works via Borg
sudo borg init --encryption=repokey-blake2 bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site
sudo borg create --verbose --filter AME --list --stats --show-rc --compression zlib,9 --exclude-caches --progress bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site::BorgOffsite_1 /home/
Repository: ssh://bbox3.zeb.net.au/media/zen/REAR-000/Borg_Off-site
Archive name: BorgOffsite_1
Archive fingerprint: 155187878f962fe45282fe38e654d5c6f86910a578e81ef633723af1aa5888db
Time (start): Sun, 2022-07-31 14:47:16
Time (end): Sun, 2022-07-31 15:01:02
Duration: 13 minutes 45.20 seconds
Number of files: 4257
Utilization of max. archive size: 0%
------------------------------------------------------------------------------
Original size Compressed size Deduplicated size
This archive: 1.37 GB 1.11 GB 1.11 GB
All archives: 1.37 GB 1.11 GB 1.11 GB
Unique chunks Total chunks
Chunk index: 4567 4658
------------------------------------------------------------------------------
terminating with success status, rc 0
I then try creating the next Borg archive via rear, which fails
sudo rear -v -C off-site_borg_backup mkbackuponly
Relax-and-Recover 2.6 / Git
Running rear mkbackuponly (PID 198860)
Using log file: /var/log/rear/rear-Ubuntu-DR6.198860.log
Sourcing additional configuration file '/etc/rear/off-site_borg_backup.conf'
Running workflow mkbackuponly on the normal/original system
Couldn't list Borg repository '/media/ZEN/REAR-000/Borg_Off-site' on bbox3.zeb.net.au
Borg: Remote: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
Remote: [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
Remote: [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
Remote: [-i identity_file] [-J [user@]host[:port]] [-L address]
Remote: [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
Remote: [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
Remote: [-w local_tun[:remote_tun]] destination [command [argument ...]]
Connection closed by remote host. Is borg working on the server?
ERROR: Failed to initialize Borg repository, borg rc 2!
Some latest log messages since the last called script 300_init_archive.sh:
2022-07-31 15:07:36.738841968 Borg: Remote: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
Remote: [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
Remote: [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
Remote: [-i identity_file] [-J [user@]host[:port]] [-L address]
Remote: [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
Remote: [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
Remote: [-w local_tun[:remote_tun]] destination [command [argument ...]]
Connection closed by remote host. Is borg working on the server?
Aborting due to an error, check /var/log/rear/rear-Ubuntu-DR6.198860.log for details
Exiting rear mkbackuponly (PID 198860) and its descendant processes ...
Running exit tasks
Terminated
But I can list the Borg repo via Borg
sudo borg list bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site
Enter passphrase for key ssh://bbox3.zeb.net.au/media/zen/REAR-000/Borg_Off-site:
BorgOffsite_1 Sun, 2022-07-31 14:47:16 [155187878f962fe45282fe38e654d5c6f86910a578e81ef633723af1aa5888db]
Here is the full log from the failed ReaR attempt
cat /var/log/rear/rear-Ubuntu-DR6.198860.log
2022-07-31 15:07:32.974293649 Relax-and-Recover 2.6 / Git
2022-07-31 15:07:32.976798187 Running rear mkbackuponly (PID 198860)
2022-07-31 15:07:32.978603214 Command line options: /usr/sbin/rear -v -C off-site_borg_backup mkbackuponly
2022-07-31 15:07:32.980571744 Using log file: /var/log/rear/rear-Ubuntu-DR6.198860.log
2022-07-31 15:07:32.982983081 Including /etc/rear/os.conf
2022-07-31 15:07:32.988604166 Including conf/Linux-i386.conf
2022-07-31 15:07:32.991126905 Including conf/GNU/Linux.conf
2022-07-31 15:07:33.009852289 Including conf/Ubuntu.conf
2022-07-31 15:07:33.016248187 Sourcing additional configuration file '/etc/rear/off-site_borg_backup.conf'
2022-07-31 15:07:33.019417535 Including /etc/rear/off-site_borg_backup.conf
2022-07-31 15:07:33.027867863 ======================
2022-07-31 15:07:33.029733492 Running 'init' stage
2022-07-31 15:07:33.032076627 ======================
2022-07-31 15:07:33.067792770 Including init/default/005_verify_os_conf.sh
2022-07-31 15:07:33.093190756 Including init/default/010_EFISTUB_check.sh
2022-07-31 15:07:33.116963718 Including init/default/010_set_drlm_env.sh
2022-07-31 15:07:33.132186649 Including init/default/030_update_recovery_system.sh
2022-07-31 15:07:33.139124655 Including init/default/050_check_rear_recover_mode.sh
2022-07-31 15:07:33.140879781 Running workflow mkbackuponly on the normal/original system
2022-07-31 15:07:33.146828172 Including init/default/950_check_missing_programs.sh
2022-07-31 15:07:33.157367532 Finished running 'init' stage in 0 seconds
2022-07-31 15:07:33.166862576 Using build area '/tmp/rear.7gJhVHcFiURDUNK'
mkdir: created directory '/tmp/rear.7gJhVHcFiURDUNK/rootfs'
mkdir: created directory '/tmp/rear.7gJhVHcFiURDUNK/tmp'
2022-07-31 15:07:33.180162179 Running mkbackuponly workflow
2022-07-31 15:07:33.186447874 ======================
2022-07-31 15:07:33.188195101 Running 'prep' stage
2022-07-31 15:07:33.189939727 ======================
2022-07-31 15:07:33.208780614 Including prep/default/005_remove_workflow_conf.sh
mkdir: created directory '/tmp/rear.7gJhVHcFiURDUNK/rootfs/etc'
mkdir: created directory '/tmp/rear.7gJhVHcFiURDUNK/rootfs/etc/rear'
2022-07-31 15:07:33.220963299 Including prep/default/020_translate_url.sh
2022-07-31 15:07:33.228786218 Including prep/default/030_translate_tape.sh
2022-07-31 15:07:33.241765415 Including prep/default/035_valid_backup_methods.sh
2022-07-31 15:07:33.249255329 Including prep/default/040_check_backup_and_output_scheme.sh
2022-07-31 15:07:33.254335306 Including prep/default/050_check_keep_old_output_copy_var.sh
2022-07-31 15:07:33.259868390 Including prep/default/100_init_workflow_conf.sh
2022-07-31 15:07:33.267652309 Including prep/BORG/default/100_set_vars.sh
2022-07-31 15:07:33.272834187 Including prep/GNU/Linux/200_include_getty.sh
2022-07-31 15:07:33.333185205 Including prep/GNU/Linux/200_include_serial_console.sh
2022-07-31 15:07:33.388748050 Including prep/BORG/default/200_prep_borg.sh
2022-07-31 15:07:35.900902635 Including prep/GNU/Linux/210_include_dhclient.sh
2022-07-31 15:07:35.970392091 Detected an active Network Manager connection 'Wired connection 1' set up via DHCPv4
2022-07-31 15:07:35.972137917 Auto-enabling DHCP on the rescue system
/usr/share/rear/lib/_input-output-functions.sh: line 476: type: dhcpcd: not found
2022-07-31 15:07:35.978784318 Including prep/GNU/Linux/220_include_lvm_tools.sh
2022-07-31 15:07:35.985035913 Including prep/GNU/Linux/230_include_md_tools.sh
2022-07-31 15:07:35.997846408 Including prep/GNU/Linux/240_include_multipath_tools.sh
2022-07-31 15:07:36.002921685 Including prep/BORG/default/250_mount_usb.sh
2022-07-31 15:07:36.009575986 Including prep/GNU/Linux/280_include_systemd.sh
2022-07-31 15:07:36.030260300 Including systemd (init replacement) tool-set to bootstrap Relax-and-Recover
2022-07-31 15:07:36.035374778 Including prep/GNU/Linux/280_include_virtualbox.sh
2022-07-31 15:07:36.045837437 Including prep/GNU/Linux/280_include_vmware_tools.sh
2022-07-31 15:07:36.056967606 Including prep/GNU/Linux/290_include_drbd.sh
2022-07-31 15:07:36.067887072 Including prep/GNU/Linux/300_check_backup_and_output_url.sh
2022-07-31 15:07:36.072841347 Including prep/ISO/default/300_check_iso_dir.sh
2022-07-31 15:07:36.077828323 Including prep/GNU/Linux/300_include_grub_tools.sh
2022-07-31 15:07:36.087926977 Including prep/BORG/default/300_init_archive.sh
2022-07-31 15:07:36.732324569 Couldn't list Borg repository '/media/ZEN/REAR-000/Borg_Off-site' on bbox3.zeb.net.au
2022-07-31 15:07:36.738841968 Borg: Remote: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
Remote: [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
Remote: [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
Remote: [-i identity_file] [-J [user@]host[:port]] [-L address]
Remote: [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
Remote: [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
Remote: [-w local_tun[:remote_tun]] destination [command [argument ...]]
Connection closed by remote host. Is borg working on the server?
2022-07-31 15:07:36.755291718 ERROR: Failed to initialize Borg repository, borg rc 2!
===== Stack trace =====
Trace 0: /usr/sbin/rear:541 main
Trace 1: /usr/share/rear/lib/mkbackuponly-workflow.sh:10 WORKFLOW_mkbackuponly
Trace 2: /usr/share/rear/lib/framework-functions.sh:116 SourceStage
Trace 3: /usr/share/rear/lib/framework-functions.sh:56 Source
Trace 4: /usr/share/rear/prep/BORG/default/300_init_archive.sh:67 source
=== End stack trace ===
2022-07-31 15:07:36.769687036 Exiting rear mkbackuponly (PID 198860) and its descendant processes ...
2022-07-31 15:07:39.824776146 rear,198860 /usr/sbin/rear -v -C off-site_borg_backup mkbackuponly
`-rear,199197 /usr/sbin/rear -v -C off-site_borg_backup mkbackuponly
`-pstree,199198 -Aplau 198860
/usr/share/rear/lib/_input-output-functions.sh: line 151: kill: (199201) - No such process
2022-07-31 15:07:39.860069782 Running exit tasks
2022-07-31 15:07:39.862190514 Finished in 7 seconds
2022-07-31 15:07:39.864155244 Removing build area /tmp/rear.7gJhVHcFiURDUNK
removed directory '/tmp/rear.7gJhVHcFiURDUNK'
2022-07-31 15:07:39.874435000 End of program reached
I am using a non-standard SSH port on the remote host. But I have updated ssh_config accordingly, and as a result I don't need to specify the non-standard port when using Borg directly.
I have also tried using: BORGBACKUP_PORT=3333 in the conf file, but it has made no difference
ZENAdmin-Ops commented at 2022-08-01 03:37:¶
The reason this is failing is not due to the non-standard SSH port as I changed the config to use port 22 and the behaviour is identical.
Is there a way to configure ReaR to show the Borg command that is being used?
I think it would be helpful to see the Borg command that ReaR is trying to execute.
jsmeix commented at 2022-08-01 09:35:¶
@ZENAdmin-Ops
I am not a Borg backup user so I cannot actually help with
Borg backup specific issues.
In general regarding issues with third-party backup tools:
Usually we at ReaR upstream do not use third-party backup tools
so usually we cannot reproduce issues with third-party backup tools.
Nevertheless we try to help as good as we can from plain looking at the
code.
The Borg error message
Borg: Remote: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] ...
seems to indicate that the executed Borg command
fails because of a syntax error - in particular because
the -46AaCfGgKkMNnqsTtVvXxYy therein looks strange
(but I don't know about Borg command details).
Regarding "show the Borg command that is being used":
Run ReaR in debugscript mode with the '-D' option like
rear -D mkbackup
See "man rear" - currently online at
https://github.com/rear/rear/blob/master/doc/rear.8.adoc
GLOBAL OPTIONS
...
-d
debug mode (run many commands verbosely
with debug messages in log file - also sets -v)
-D
debugscript mode (log executed commands
via 'set -x' - also sets -v and -d)
...
-v
verbose mode
(show messages what ReaR is doing on the terminal)
After rear -D mkbackup failed
check the ReaR log file what is shown after the line
Including prep/BORG/default/300_init_archive.sh
ZENAdmin-Ops commented at 2022-08-02 00:25:¶
@jsmeix
Thanks for your advice.
I have been able to identify the issue after obtaining the debug logs.
There were two errors.
If you were to closely compare the following logs, with the previous logs, you would note a difference in case in part of the path to the Borg repository. Very annoying. I have fixed that.
However there also appears to be an issue with the ReaR Borg syntax.
Here is the extract from the ReaR logs
+ source /usr/share/rear/prep/BORG/default/300_init_archive.sh
++ has_binary borg
++ for bin in $@
++ type borg
++ return 0
++ StopIfError 'Could not find Borg binary'
++ (( 0 != 0 ))
++ borg_additional_options=()
++ local borg_additional_options
++ is_true no
++ case "$1" in
++ return 1
++ borg_archive_cache_create
++ borg_list
++ borg list ssh://@bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site
++ rc=2
++ '[' 2 -ne 0 ']'
++ LogPrint 'Couldn'\''t list Borg repository '\''/media/ZEN/REAR-000/Borg_Off-site'\'' on bbox3.zeb.net.au'
++ Log 'Couldn'\''t list Borg repository '\''/media/ZEN/REAR-000/Borg_Off-site'\'' on bbox3.zeb.net.au'
++ echo '2022-08-02 09:50:40.190933430 Couldn'\''t list Borg repository '\''/media/ZEN/REAR-000/Borg_Off-site'\'' on bbox3.zeb.net.au'
2022-08-02 09:50:40.190933430 Couldn't list Borg repository '/media/ZEN/REAR-000/Borg_Off-site' on bbox3.zeb.net.au
++ Print 'Couldn'\''t list Borg repository '\''/media/ZEN/REAR-000/Borg_Off-site'\'' on bbox3.zeb.net.au'
++ '[' -e /tmp/rear.FMB6BKCw8EN8lzI/tmp/borg_stderr ']'
++ grep --quiet 'Failed to create/acquire the lock' /tmp/rear.FMB6BKCw8EN8lzI/tmp/borg_stderr
++ grep --quiet Repository /tmp/rear.FMB6BKCw8EN8lzI/tmp/borg_stderr
++ '[' 2 -ne 0 ']'
+++ cat /tmp/rear.FMB6BKCw8EN8lzI/tmp/borg_stderr
++ LogPrint 'Borg: Remote: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
Remote: [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
Remote: [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
Remote: [-i identity_file] [-J [user@]host[:port]] [-L address]
Remote: [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
Remote: [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
Remote: [-w local_tun[:remote_tun]] destination [command [argument ...]]
Connection closed by remote host. Is borg working on the server?'
Yet I can perform a borg list using the following syntax
sudo borg list ssh://bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site
Enter passphrase for key ssh://bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site:
Enter passphrase for key ssh://bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site:
Warning: The repository at location ssh://bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site was previously located at ssh://bbox3.zeb.net.au/media/zen/REAR-000/Borg_Off-site
Do you want to continue? [yN] y
BorgOffsite_1 Sun, 2022-07-31 14:47:16 [155187878f962fe45282fe38e654d5c6f86910a578e81ef633723af1aa5888db]
I can also perform a borg list using the following syntax, because the port details are obtained from the ssh_config file
sudo borg list bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site
Enter passphrase for key ssh://bbox3.zeb.net.au/media/zen/REAR-000/Borg_Off-site:
Warning: The repository at location ssh://bbox3.zeb.net.au/media/zen/REAR-000/Borg_Off-site was previously located at ssh://bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site
Do you want to continue? [yN] y
BorgOffsite_1 Sun, 2022-07-31 14:47:16 [155187878f962fe45282fe38e654d5c6f86910a578e81ef633723af1aa5888db]
This is the command that produces the error that we see in the ReaR logs
sudo borg list ssh://@bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site
[sudo] password for zen:
Remote: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
Remote: [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
Remote: [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
Remote: [-i identity_file] [-J [user@]host[:port]] [-L address]
Remote: [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
Remote: [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
Remote: [-w local_tun[:remote_tun]] destination [command [argument ...]]
Connection closed by remote host. Is borg working on the server?
The leading "@" in front of the fqdn is the issue.
@bbox3.zeb.net.au rather than bbox3.zeb.net.au
jsmeix commented at 2022-08-02 07:53:¶
It seems having a valid BORGBACKUP_USERNAME set is mandatory.
@ZENAdmin-Ops
why do you have
# BORGBACKUP_USERNAME="zen"
i.e. no BORGBACKUP_USERNAME set?
The 'Borg -> SSH' section in
https://github.com/rear/rear/blob/master/doc/user-guide/04-scenarios.adoc
shows in its 'Example local.conf' (excerpt)
BACKUP=BORG
BORGBACKUP_HOST="foo.bar.xy"
BORGBACKUP_USERNAME="borg_user"
BORGBACKUP_REPO="/mnt/backup/client"
BORGBACKUP_REMOTE_PATH="/usr/local/bin/borg"
Regardless that it does not explicitly tell
what settings are mandatory, but when deviating
from the syntax in the example and then things
do no longer work, it becomes clear in practice
that having a valid BORGBACKUP_USERNAME set is required.
ZENAdmin-Ops commented at 2022-08-02 10:18:¶
@jsmeix
I think in this case the example conf file is wrong.
In the section that you refer to you will also notice the following
statement
Setup ssh key infrastructure for user that will be running backup.
Issuing following command must work without any password prompts or
remote host identity confirmation
If you want to make a password-less connection, you don't include a user in the connection string. And you also need to configure the ssh key, which I have done. Because Borg is working, password-less, it's just not working via ReaR
jsmeix commented at 2022-08-02 11:09:¶
@ZENAdmin-Ops
the section you refer to reads
Borg -> SSH
Setup ssh key infrastructure for user
that will be running backup. Issuing following
command must work without any password prompts
or remote host identity confirmation:
ssh <BORGBACKUP_USERNAME>@<BORGBACKUP_HOST>
so the documented example is with BORGBACKUP_USERNAME
not without it so the documented and implemented functionality
is using Borg with BORGBACKUP_USERNAME.
Again:
I am not a Borg backup user so I cannot actually help
with Borg backup specific issues.
So if you could contribute to ReaR with a GitHub pull request that
enhances ReaR to make Borg in ReaR working also password-less
I would have a look at your pull request and review it
as good as I can from plain looking at the code
and if it looks OK I would merge it.
See also the section
"How to contribute to Relax-and-Recover" in
https://en.opensuse.org/SDB:Disaster_Recovery
jsmeix commented at 2022-08-02 11:31:¶
The only code place where BORGBACKUP_USERNAME is evaluated is in
usr/share/rear/prep/BORG/default/100_set_vars.sh
if [[ -n $BORGBACKUP_HOST ]]; then
borg_dst_dev=ssh://$BORGBACKUP_USERNAME@$BORGBACKUP_HOST:$BORGBACKUP_PORT
else
so perhaps things might already work for
password-less Borg backup with something like
if [[ -n $BORGBACKUP_HOST ]]; then
if [[ -n $BORGBACKUP_USERNAME ]]; then
borg_dst_dev=ssh://$BORGBACKUP_USERNAME@$BORGBACKUP_HOST:$BORGBACKUP_PORT
else
# To make a password-less ssh connection, you don't include a username
# in the connection string (i.e. BORGBACKUP_USERNAME is empty)
# see https://github.com/rear/rear/issues/2845
borg_dst_dev=ssh://$BORGBACKUP_HOST:$BORGBACKUP_PORT
fi
else
(this is only a totally untested offhanded idea).
ZENAdmin-Ops commented at 2022-08-02 11:38:¶
@jsmeix
I'm willing to look into trying to get this working and then sharing the necessary updates.
However I'm new to Linux and I still consider myself a newbie.
So I would like to be sure "of the facts" before embarking on this exercise.
I added the BORGBACKUP_USERNAME to the conf file as a test, and as I expected I was then prompted for the user's credentials during the execution of the script.
However what concerns me is that the ReaR generated Borg list command still didn't work.
The command that was created was
borg list ssh://zen@bbox3.zeb.net.au:3333/media/zen/REAR-000/Borg_Off-site
And on my system that statement still generates an error
On my system, the syntax needs to be
borg list bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site
It concerns me that the required Borg syntax is substantially different to the syntax that is currently being generated, and I'm wondering why?
Because I'm thinking that the Borg code must have been tested by someone in the past.
Was the existing ReaR Borg code developed/tested with an earlier version of Borg?
If that is the case, then the issues that I'm observing now could well make sense. But if ReaR has been developed/tested with Borg 1.2.0, then I'd like to try and understand why I'm observing all of these issues.
I guess what I'm asking, is it possible to review this issue with one of the other dev's, to at least sanity check this issue, before I start look at trying to essentially patch the current release to get it working with Borg the way that the documentation implies that it should.
jsmeix commented at 2022-08-02 12:20:¶
@ZENAdmin-Ops
I think you should experiment with the 'borg_dst_dev' setting in
usr/share/rear/prep/BORG/default/100_set_vars.sh
For example as a test you may use a selfmade
usr/share/rear/prep/BORG/default/100_set_vars.sh
script that contains only (this is the full script):
borg_set_vars
borg_dst_dev='bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site'
i.e. with a hardcoded 'borg_dst_dev' setting
as you need it in your specific case
only for a test to see how far then
password-less Borg backup via ssh
works or still fails for you.
ZENAdmin-Ops commented at 2022-08-02 13:05:¶
@jsmeix
Tried hard-coding borg_dst_dev as suggested
Also removed the following from the conf file
BORGBACKUP_PORT
BORGBACKUP_USERNAME
Quick test produced the following
+ source /usr/share/rear/prep/BORG/default/300_init_archive.sh
++ has_binary borg
++ for bin in $@
++ type borg
++ return 0
++ StopIfError 'Could not find Borg binary'
++ (( 0 != 0 ))
++ borg_additional_options=()
++ local borg_additional_options
++ is_true no
++ case "$1" in
++ return 1
++ borg_archive_cache_create
++ borg_list
++ borg list ssh://@bbox3.zeb.net.au:22/media/zen/REAR-000/Borg_Off-site
++ rc=2
So it looks like at least in my case I'll need to identify where borg_dst_dev is being altered.
I'll have a go at that tomorrow
Thanks for your help
jsmeix commented at 2022-08-02 13:35:¶
As far as I see borg_dst_dev is nowhere altered:
rear.github.master # find usr/sbin/rear usr/share/rear -type f | xargs egrep 'borg_dst_dev=|borg_dst_dev+='
usr/share/rear/prep/BORG/default/100_set_vars.sh:
borg_dst_dev=ssh://$BORGBACKUP_USERNAME@$BORGBACKUP_HOST:$BORGBACKUP_PORT
usr/share/rear/prep/BORG/default/100_set_vars.sh:
borg_dst_dev=$BUILD_DIR/borg_backup
accordingly borg_dst_dev is only set in
usr/share/rear/prep/BORG/default/100_set_vars.sh
With some hackery in ReaR
return 0 at the beginning of prep/BORG/default/200_prep_borg.sh
and in particular with
# ln -s /usr/bin/true /usr/bin/borg
I can somewat run ReaR with
BACKUP=BORG
BORGBACKUP_HOST="foo.bar.xy"
BORGBACKUP_USERNAME="borg_user"
BORGBACKUP_REPO="/mnt/backup/client"
and with a
usr/share/rear/prep/BORG/default/100_set_vars.sh
(complete script)
borg_set_vars
borg_dst_dev='bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site'
return 0
I get
# usr/sbin/rear -D mkrescue
...
Exiting rear mkrescue (PID 7757) and its descendant processes ...
# grep 'borg list ' var/log/rear/rear-linux-h9wr.log
++ borg list bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site/mnt/backup/client
ZENAdmin-Ops commented at 2022-08-02 13:49:¶
@jsmeix
I've got it working by making a few changes as suggested plus some changes in the conf file.
It's late here now, I'll document tomorrow.
ZENAdmin-Ops commented at 2022-08-03 00:20:¶
@jsmeix
Here are the changes that I made to: 100_set_vars.sh
if [ "$BORGBACKUP_HOST" == "bbox3.zeb.net.au" ]; then
borg_dst_dev='bbox3.zeb.net.au:/media/zen/REAR-000/Borg_Off-site'
fi
I need to make the setting of borg_dst_dev conditional, as I'm also performing a local Borg backup to a USB device and hardcoding borg_dst_dev broke that configuration
I also needed to change below statement to stop borg_dst_dev from being modified
if [[ -n $BORGBACKUP_HOST ]]; then
# borg_dst_dev=ssh://$BORGBACKUP_USERNAME@$BORGBACKUP_HOST:$BORGBACKUP_PORT
sleep 1 # do something
else
# shellcheck disable=SC2034
borg_dst_dev=$BUILD_DIR/borg_backup
fi
The conf file looks like this
this_file_name=$( basename ${BASH_SOURCE[0]} )
LOGFILE="$LOG_DIR/rear-$HOSTNAME-$WORKFLOW-${this_file_name%.*}.log"
BACKUP=BORG
BORGBACKUP_HOST="bbox3.zeb.net.au"
# BORGBACKUP_PORT=3333
# BORGBACKUP_USERNAME="zen"
# BORGBACKUP_REPO="/media/zen/REAR-000/Borg_Off-site"
BORGBACKUP_ARCHIVE_PREFIX="BorgOffsite"
# BORGBACKUP_UMASK="0002"
BACKUP_ONLY_INCLUDE="yes"
BACKUP_PROG_INCLUDE=( '/home/' )
BORGBACKUP_PRUNE_KEEP_DAILY=7
BORGBACKUP_PRUNE_KEEP_WEEKLY=5
BORGBACKUP_PRUNE_KEEP_MONTHLY=13
BORGBACKUP_PRUNE_KEEP_HOURLY=24
BORGBACKUP_PRUNE_KEEP_YEARLY=2
BORGBACKUP_COMPRESSION="zlib,9"
BORGBACKUP_ENC_TYPE="keyfile"
COPY_AS_IS_BORG=( "$ROOT_HOME_DIR/.config/borg/keys/" )
export BORG_KEYS_DIR=( "$ROOT_HOME_DIR/.config/borg/keys/" )
export BORG_PASSPHRASE='some secret string'
export BORG_RELOCATED_REPO_ACCESS_IS_OK="yes"
export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK="yes"
# export BORG_REMOTE_PATH="/media/zen/REAR-000/Borg_Off-site"
The key changes are
# BORGBACKUP_PORT=3333
# BORGBACKUP_USERNAME="zen"
# BORGBACKUP_REPO="/media/zen/REAR-000/Borg_Off-site"
# export BORG_REMOTE_PATH="/media/zen/REAR-000/Borg_Off-site"
The BORGBACKUP_PORT is not specified here, because borg 1.2.0 doesn't like the ssh port being included in the command string. So to set the ssh port we use the ssh_config file which I have shown below.
The BORGBACKUP_USERNAME is not specified, because we don't want to be prompted for a password when connecting to the remote borg host.
The BORGBACKUP_REPO is not specified, because we're now specifying that in borg_dst_dev
We don't export BORG_REMOTE_PATH because this was somehow interfering with borg_dst_dev in later ReaR script processing.
ssh keys need to be configured for password-less connection. As part of that exercise you need to configure: ssh_config
Here is my ssh_config file
Host bbox3.zeb.net.au
Port 3333
ServerAliveInterval 15
IdentityFile /home/zen/.ssh/rear_private_key
IdentitiesOnly yes
I am using a non-standard SSH port, so here it is set to 3333. By default, it would be 22.
github-actions commented at 2022-10-02 04:02:¶
Stale issue message
[Export of Github issue for rear/rear.]