python
Docs: Add section on managing/adding backups
What
When adding new backup files/directories, we will need to add related keys for this. This and other things (like SSH key changes when hosts upgrade/change) should be documented
Keys are not being made for the two new entries :(
root@hg:~# ls /etc/backup/.ssh
id_rsa_python-hg
from
{{ backup }}-ssh-key:
file.managed:
- name: /etc/backup/.ssh/id_rsa_{{ backup }}
- contents_pillar: backup-secret:directories:{{ backup }}:ssh_key
- user: {{ config['user'] }}
- mode: "0600"
- show_diff: False
probably due to missing pillar data in the secrets file for backup
Originally posted by @JacobCoffee in https://github.com/python/psf-salt/issues/474#issuecomment-2297259859
I wonder if we should re-evaluate this and refactor our backup setup to a "key per host" rather than a "key per backup".
It was some time ago, but I think I initially set it up as "key per backup" so that we could have non-root users running backups. In practice that has never occurred.
These are out of sync because we store the private keys in the secret pillar data. I think we could also just have salt generate them though which would avoid the issue we're running into here (creating a backup doesn't create the key).