David Dyer-Bennet
Patron
- Joined
- Jul 13, 2013
- Messages
- 286
My replication tasks are failing. auth.log on "pull" (using the terminology from the manual) shows authorization failing.
But the "ssh -vv -i /data/ssh/replication <pull-host-or-ip>" (executed on "push") from the manual succeeds.
There are snapshots for this pool on "push".
First -- that ssh -vv test command? I think I've figured it out; the manual says "open Shell"; which I think means open the shell tool in the GUI, which means you're running as root. However, "open Shell" is confusingly close to "open a shell". I think my failure last year was because of not figuring that out. When I opened "a" shell, running as me, and performed that test, it succeeded, but when I ran it as root it failed, until I gave up on using a "dedicated user" remotely (not sure that's even a thing, see "Second" below) and just put the public key for replication on root, at which point it worked. (Submitted as bug #15108.)
Second -- the "Dedicated user enabled" and "Dedicated user" fields in the edit screen for replication tasks; which system, "push" or "pull", is that user used on? Or both? I notice that the drop-down is based on the current system (which is "push"); that should mean that it must be a user which exists on "push", which should mean it's the user used on push. As a general rule, doing as little as possible as root is the right plan of course. With zfs delegated admin privs it may well be possible to do a backup without using root on either side, maybe; but the config instructions say nothing about using delegated admin and there doesn't seem to be any way to configure it using the GUI, which presumably means that's not what is expected.
Anyway -- disabling "dedicated user", it looks like a replication has started (first one is big and hence slow, but disk and network traffic indicate something on that scale is happening). Assuming that finishes successfully, that's darned useful.
But -- how do I use a "dedicated user" to make as little as possible of the process run as root? I don't have any clue from the existing GUI and doc what to do -- I can't even really tell which system that user needs to be on. Is it feasible to replicate (which I want to use for backing up) to another system without using root at least on the receiving end?
Also, and perhaps finally for now -- what's the process for recovering from a backup created this way, particularly if the "pull" user isn't root? How will the dataset look on "pull", particularly with regard to directory/file ownership?
But the "ssh -vv -i /data/ssh/replication <pull-host-or-ip>" (executed on "push") from the manual succeeds.
There are snapshots for this pool on "push".
First -- that ssh -vv test command? I think I've figured it out; the manual says "open Shell"; which I think means open the shell tool in the GUI, which means you're running as root. However, "open Shell" is confusingly close to "open a shell". I think my failure last year was because of not figuring that out. When I opened "a" shell, running as me, and performed that test, it succeeded, but when I ran it as root it failed, until I gave up on using a "dedicated user" remotely (not sure that's even a thing, see "Second" below) and just put the public key for replication on root, at which point it worked. (Submitted as bug #15108.)
Second -- the "Dedicated user enabled" and "Dedicated user" fields in the edit screen for replication tasks; which system, "push" or "pull", is that user used on? Or both? I notice that the drop-down is based on the current system (which is "push"); that should mean that it must be a user which exists on "push", which should mean it's the user used on push. As a general rule, doing as little as possible as root is the right plan of course. With zfs delegated admin privs it may well be possible to do a backup without using root on either side, maybe; but the config instructions say nothing about using delegated admin and there doesn't seem to be any way to configure it using the GUI, which presumably means that's not what is expected.
Anyway -- disabling "dedicated user", it looks like a replication has started (first one is big and hence slow, but disk and network traffic indicate something on that scale is happening). Assuming that finishes successfully, that's darned useful.
But -- how do I use a "dedicated user" to make as little as possible of the process run as root? I don't have any clue from the existing GUI and doc what to do -- I can't even really tell which system that user needs to be on. Is it feasible to replicate (which I want to use for backing up) to another system without using root at least on the receiving end?
Also, and perhaps finally for now -- what's the process for recovering from a backup created this way, particularly if the "pull" user isn't root? How will the dataset look on "pull", particularly with regard to directory/file ownership?
