check-barman icon indicating copy to clipboard operation
check-barman copied to clipboard

Published 20 hours ago verified publisher icon hamann

Why SSH fails?

Open PitoneMaledetto opened this issue 6 years ago • 7 comments

Hi, Thank you for the plugin. I have Barman 2.5 installed and I can successfully: ssh [email protected] to mine postgresql 11 instance.

However I can't explain why the plugin fails to do the same: barman@dev-gb-mgt-pg-01:/usr/lib/nagios/plugins/./check-barman.rb -a ssh -s dev-gb-gal-pg11-01 SSH connection failed!

I can however connect using action pg: barman@dev-gb-mgt-pg-01:/usr/lib/nagios/plugins/./check-barman.rb -a pg -s dev-gb-gal-pg11-01 PG connection ok Thank you.

PitoneMaledetto avatar Dec 07 '18 10:12 PitoneMaledetto

The SSH check tests if the barman user is allowed to ssh into postgres instance. That's different to postgres connection.

Could you try to run ssh barman@dev-gb-gal-pg11-01 as barman user?

hamann avatar Dec 07 '18 10:12 hamann

Hi hamann, Following the barman installation instructions I have shared rsa keys between the 2 servers. So from the barman server I can connect without password to the postgresql instance using postgres user. I can also connect from the postgresql instance to the barman server using the barman user.

There are not instructions (maybe it is not needed) to connect barman to the postgresql server using the barman user (as the check is expecting in order to be successful).

Or am I missing something? Thank you for your help.

PitoneMaledetto avatar Dec 07 '18 10:12 PitoneMaledetto

Yes, you're right!. Some time has passed since I last setup a backup server.

If your ssh_command in the barman.conf looks something like this

ssh_command = ssh [email protected]

and you have a unix barman user which runs all the commands, then barman user should be allowed to login to postgres server as postgres user without password authentication, as you described.

What do you get if you run barman check dev-gb-gal-pg11-01?

hamann avatar Dec 07 '18 10:12 hamann

barman@dev-gb-mgt-pg-01:~$ barman check dev-gb-gal-pg11-01

Server dev-gb-gal-pg11-01: PostgreSQL: OK is_superuser: OK PostgreSQL streaming: OK wal_level: OK replication slot: OK directories: OK retention policy settings: OK backup maximum age: OK (no last_backup_maximum_age provided) compression settings: OK failed backups: OK (there are 0 failed backups) minimum redundancy requirements: OK (have 1 backups, expected at least 0) pg_basebackup: OK pg_basebackup compatible: OK pg_basebackup supports tablespaces mapping: OK pg_receivexlog: OK pg_receivexlog compatible: OK receive-wal running: OK archiver errors: OK

Configuration file entry: ssh_command = ssh [email protected]

PitoneMaledetto avatar Dec 07 '18 11:12 PitoneMaledetto

Yes, you're right!. Some time has passed since I last setup a backup server.

Should we consider the -a ssh obsolete? Thanks

PitoneMaledetto avatar Dec 07 '18 11:12 PitoneMaledetto

I see! There's no line anymore like ssh: OK which is parsed here

https://github.com/sauspiel/rbarman/blob/89723b5e051bafb1c30848e4f431b9d058871e3f/lib/rbarman/cli_command.rb#L181-L182

This is what my check command reports:

$ barman -v
1.3.3
$ barman check foo
Server foo:
        ssh: OK
        PostgreSQL: OK
        archive_mode: OK
        archive_command: OK
        directories: OK
        retention policy settings: OK
        backup maximum age: OK (no last_backup_maximum_age provided)
        compression settings: OK
        minimum redundancy requirements: OK (have 2 backups, expected at least 0)

So until that's fixed, just leave the ssh check out

hamann avatar Dec 07 '18 11:12 hamann

So until that's fixed, just leave the ssh check out

Thank you hamann!

PitoneMaledetto avatar Dec 07 '18 11:12 PitoneMaledetto