Moving install to root for privileged scripts rather than the user; hooks cleanup; changing test strategey to helptext for now
This commit is contained in:
parent
cf5cdb8f4f
commit
e01ad632b2
GPG Key ID:
1CC1E3F4ED06F296
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,4 +6,5 @@ nodeslist
|
||||
pkg/
|
||||
src/
|
||||
venv/
|
||||
wiki/
|
||||
**/__pycache__
|
||||
|
||||
41
Makefile
41
Makefile
@ -1,25 +1,21 @@
|
||||
SHELL := /bin/bash
|
||||
BACKUPDIR := /usr/local/backup
|
||||
LIST := aether.bash aether-gen.bash remote-backup
|
||||
SYSDLIST := aether-gen.service aether-gen.timer aether.service aether.timer
|
||||
|
||||
compile:
|
||||
@echo Nothing to do
|
||||
|
||||
install: compile
|
||||
install: compile ${LIST} ${SYSDLIST}
|
||||
# Scripts
|
||||
mkdir -p ${pkgdir}/usr/local/sbin
|
||||
mkdir -p ${pkgdir}/usr/local/etc
|
||||
install -m 0700 -o aether aether.bash ${pkgdir}/usr/local/sbin
|
||||
install -m 0700 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin
|
||||
install -m 0700 -o root -g root remote-backup ${pkgdir}/usr/local/sbin
|
||||
install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
|
||||
install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries
|
||||
for i in ${LIST}; do install -m 700 -o root -g root ${pkgdir}/usr/local/sbin; done
|
||||
# systemd
|
||||
mkdir -p ${pkgdir}/usr/lib/systemd/system
|
||||
for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done
|
||||
|
||||
checkperm:
|
||||
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done
|
||||
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
|
||||
chown aether: ${pkgdir}/usr/local/sbin/aether.bash
|
||||
for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done
|
||||
for i in ${SYSDLIST}; do install -m 0664 -o root -g root ${pkgdir}/usr/lib/systemd/system; done
|
||||
# Config
|
||||
mkdir -p ${pkgdir}/usr/local/etc
|
||||
install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
|
||||
|
||||
clean:
|
||||
@bash -c 'printf "This will irreversibly destroy all backups. Confirm? [YES/no] " ; read answer; [ "$$answer" == "YES" ] && exit 0; exit 1'
|
||||
@ -29,5 +25,22 @@ clean:
|
||||
find /usr/local/backup -type f -exec shred {} \;
|
||||
rm -Rf /usr/local/backup; fi
|
||||
|
||||
uninstall:
|
||||
rm -Rf ${pkgdir}/usr/local/sbin/aether*.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether ${pkgdir}/usr/lib/systemd/system/aether*.service ${pkgdir}/usr/lib/systemd/system/aether*.timer
|
||||
|
||||
test:
|
||||
python3 -m pytest
|
||||
|
||||
checkperm:
|
||||
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done
|
||||
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
|
||||
chown aether: ${pkgdir}/usr/local/sbin/aether.bash
|
||||
for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done
|
||||
|
||||
diff:
|
||||
for i in ${LIST}; do diff ./$$i ${pkgdir}/usr/local/sbin/$$i; done
|
||||
for i in ${SYSDLIST}; do diff ./$$i ${pkgdir}/usr/lib/systemd/system/$$i; done
|
||||
|
||||
reverse:
|
||||
for i in ${LIST}; do cp ${pkgdir}/usr/local/sbin/$$i . ; done
|
||||
for i in ${SYSDLIST}; do cp ${pkgdir}/usr/lib/systemd/system/$$i . ; done
|
||||
|
||||
14
README.md
14
README.md
@ -7,7 +7,7 @@ Dictionary.com translates Aether as the Greek personification of the clear sky,
|
||||
|
||||
# Installing
|
||||
You have two options to install this project:
|
||||
* Arch Linux and related distros: Run `makepkg -sri`
|
||||
* Arch Linux and related distributions: Install with `makepkg` or from AniNIX/Maat
|
||||
* Other operating systems: Run `make install`
|
||||
|
||||
## Initial setup
|
||||
@ -20,11 +20,17 @@ Individual projects wanting to be backed up by the Aether system should add a fi
|
||||
A SIEM filter should be set up to search for successful logins of the `aether` user.
|
||||
|
||||
# Relevant Files and Software
|
||||
Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hotswap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target,
|
||||
Aether installs a script for rsync-based remote backups. We implement this policy through the two 8TB hard-drives, at least one of which is always off-site, that can be plugged into a hot-swap bay of a hypervisor along with a virtual machine that mounts the ArchLinux iso and the drive. Admins use the included ssh daemon in the iso to present the drive as a backup target, or the backup drive can be mounted directly onto Core via a SATA cage
|
||||
|
||||
An additional backup is the generated `/home/aether/aether.enc` file. This is a more targeted backup of databases and file indexes.
|
||||
|
||||
Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives.
|
||||
Keep in mind that all of [AniNIX/Foundation](https://foundation.aninix.net) is naturally a backup solution -- so long as anyone has a clone of the repo, the data survives. Aether should only be used to back up databases, such as the following:
|
||||
|
||||
* Anope DB
|
||||
* PostgreSQL
|
||||
* Elasticsearch
|
||||
|
||||
One should have significant care before using the aether.enc solution for tools like AniNIX/Yggdrasil or AniNIX/Foundation.
|
||||
|
||||
# Available Clients
|
||||
The only client is direct server access on one of the client nodes.
|
||||
@ -33,4 +39,4 @@ The only client is direct server access on one of the client nodes.
|
||||
Equivalent services are DropBox, Google Drive, iCloud, or OneDrive.
|
||||
|
||||
# Notes
|
||||
Those deploying Aether should maintain a nodeslist file that only root can read.
|
||||
Those deploying Aether should track the `/home/aether/.ssh/authorized_keys` file strongly on the generating server, so that all keys are specifically tracked for their origin & who handles them.
|
||||
|
||||
@ -5,7 +5,14 @@ import subprocess
|
||||
# TODO Still need to devise a testing strategy (https://foundation.aninix.net/AniNIX/Aether/issues/1)
|
||||
def test_aether():
|
||||
print(os.getcwd())
|
||||
fh = os.popen("echo bye | timeout 3 sudo sftp -o IdentityFile=/home/aether/.ssh/aether aether@aninix.net", mode='r', buffering=-1)
|
||||
fh = os.popen("./aether.bash -h", mode='r', buffering=-1)
|
||||
output = fh.read()
|
||||
retcode = fh.close()
|
||||
assert retcode == None
|
||||
assert retcode == None and 'Usage' in output
|
||||
|
||||
def test_aether_gen():
|
||||
print(os.getcwd())
|
||||
fh = os.popen("./aether-gen.bash -h", mode='r', buffering=-1)
|
||||
output = fh.read()
|
||||
retcode = fh.close()
|
||||
assert retcode == None and 'Usage' in output
|
||||
|
||||
Loading…
Reference in New Issue
Block a user