BORG_RSH n'est pas transmis au binaire BORG

What app is this about, and its version: Borg backup 1.4.4
What YunoHost version are you running: 12.1.39
What type of hardware are you using: Old laptop or computer

Describe your issue

(en français en dessous)
It was a headhache for me with this backup settings.

Context :
I’ve got an old laptop that I use with Yunohost.
I wanna set up a backup process, by using another computer, that I will use as a backup server. This server is running Ubuntu.

First issue :
While defining my repository in the webadmin page, I has just followed the description for the entry :
(ssh://USER@DOMAIN.TLD:PORT/~/backup)

But instead of using a domain.tld, I’ve used an IP.
The problem is that the IP followed by the port (example : 192.168.10.10:22) is not recognized.

=> First fix : Remove the port in the repository.
Now, it is : ssh://USER@DOMAIN.TLD/~/backup or ssh://USER@xxx.yyy.zzz.aaa/~/backup

====
Second issue :
not concerning Borg app in Yunohost, but the version of Borg available through apt in
Ubuntu is a 1.2.8 …

=> Second fix : installation through PPA.

====
Third issue :
The known hosts in SSH are stored in a manner that the script didn’t recognize.
The script is testing like that :
ssh-keygen -F "[192.168.10.10]:22"
but the known hosts (thanks to the first issue) are stored like
192.168.10.10 keyVeryLong

=> Third fix : remove the ip from known_hosts, and add the same, with a sed, in order to add the port in the control.

# 1. Remove the entry for the IP
ssh-keygen -R 192.168.10.10
ssh-keygen -R "[192.168.10.10]:22"

# 2. Recreate those with the correct format  :
ssh-keyscan -p 22 192.168.10.10 | sed 's/^192.168.10.10/[192.168.10.10]:22/' >> /root/.ssh/known_hosts

# 3. Control :
ssh-keygen -F "[192.168.10.10]:22" 

=====
Fourth and final issue :
When BORG_RSH is loaded through the script, it’s value is not well transmitted to the borg binary.

I could create a repository on the Ubuntu server, using the BORG_RSH value explicitely in the command line, but the web admin page still says “repository uncreated”.

This BORG_RSH variable contains the key to be used for the credentials on the Borg server.
BORG_RSH="ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=no"

**=> Fourth fix :
On the line 8 of the script 05-borg_app I’ve added the BORG_RSH value, with an export. **

Share relevant logs or error messages

The logs are quite small, not updated frequently, especially when you’ve got an error.
And there is no timestamp on each line : quite difficult to identify what was wrong or not.

La configuration de cette sauvegarde a été épuisante !

Contexte :
Mon serveur Yunohost à sauvegardé tourne sur un vieil ordinateur.
J’ai un autre ordinateur, qui tourne sous Ubuntu, sur lequel je veux déposer les sauvegardes.

Mon premier problème a été que l’adresse ip du serveur, suivie du port de connexion n’était pas reconnue comme un service …
J’ai donc modifié mon repository pour ne pas inclure le port.

Mon second problème (qui ne concerne pas Yunohost, mais qui pourrait peut-être, faire l’objet d’une vérification) : la version distribuée dans Ubuntu (1.2.8) n’est pas la même version que celle disponible dans Yunohost (1.4.4) .
J’ai donc installé le PPA de BorgBackup et installé la version la plus récente (1.4.3)

Le troisième problème découle directement du premier : dans le script, il vérifie que l’adresse est déjà connue, en vérifiant que le serveur qui est bien enregistré contient le port.
ssh-keygen -F "[192.168.10.10]:22"

La correction a consisté en :

# 1. Supprimer les entrées existantes pour cette IP :
ssh-keygen -R 192.168.1.155
ssh-keygen -R "[192.168.1.155]:22"

# 2. Recréer avec le bon format explicitement :
ssh-keyscan -p 22 192.168.1.155 | sed 's/^192.168.1.155/[192.168.1.155]:22/' >> /root/.ssh/known_hosts

# 3. Vérifier :
ssh-keygen -F "[192.168.1.155]:22"
# → doit retourner des lignes cette fois 

Et le dernier, le plus embêtant :
La variable BORG_RSH n’est pas correctement transmise au binaire borg.
J’ai donc modifié le script 05-borg_app pour ajouter un export à la ligne 8 de la variable BORG_RSH

La solution n’est pas encore parfaite, car je n’ai pu lancer une sauvegarde que depuis le CLI.
Mais au moins, elle est bien listée dans les sauvegardes disponibles.

Hi @MariusBaguepi,

It’s surprising as I don’t see anywhere in the installation script what could block:

Do you have logs or an error?

Can you be more specific, have you reinstalled borg or changed the repository by another way?

We encourage Yunohost users to use the borgserver app: GitHub - YunoHost-Apps/borgserver_ynh: Borg server package for YunoHost · GitHub

It’s Ubuntu choice to offer borg 1.2.8, we won’t indeed not fix anything here, sorry .

Again, that’s surprising:

Need an answer of this question:

Can you be more specific, have you reinstalled borg or changed the repository by another way?

BORG_RSH is already exported using set -a + source

Quoting set --help:

set: set [-abefhkmnptuvxBCEHPT] [-o option-name] [--] [-] [arg ...]
    Set or unset values of shell options and positional parameters.

    Change the value of shell attributes and positional parameters, or
    display the names and values of shell variables.
    
    Options:
-a  Mark variables which are modified or created for export.

Instead of starting from the technical point, can you explain:

1. What exactly you do (do you run, say, yunohost backup create MY_APP --method=borg, or something else?)
2. what error you obtain

I suspect the issue you have is something I have fixed in this PR (not merged yet):

But I need more information of what exactly you did to be sure.

When I’v tried to make a SSH connexion from my Yunohost computer to my Ubuntu server, I’ve used this command :
ssh user@192.168.10.10:22

So I get “Name or service unkown”

The same try, but without the port, I got a connexion and a request for the password (not the borg server responding, but just SSH)
ssh user@192.168.10.10

In the repository definition on the web admin page.
No reinstallation, just changed the configuration.

Yes, of course
But I wanna be clear for everyone.

A nice fix would be to add a check of the version on the first try, no ?

As explained above, with the command ssh done after a source, I’ve got a password request, and not a response from borg server.

#source /var/www/borg/.env
#/var/www/borg/venv/bin/borg init --encryption=repokey ssh://user@192.168.10.10/~/backup

The same with an explicit rsh call asked me for the passphrase.

#source /var/www/borg/.env
#/var/www/borg/venv/bin/borg init --encryption=repokey --rsh "ssh -i /root/.ssh/id_borg_ed25519 -oStrictHostKeyChecking=yes" ssh://user@192.168.10.10/~/backup

In order to make ssh work with another port than 22, you must pass its value to the --port / -p option. So it should have been ssh -p 22``user@192.168.10.10. But as you noticed, this is the default port for ssh, so it can be omitted.

But borg use another syntax, so ssh://user@192.168.10.10:22 should have been fine.

What should be fixed exactly? Did you have an error specifically on that matter (if so, can you share the logs please)?

Right, so I think you actually encountered this issue:

Which is not fixed with this patch (merged and available in the new 1.4.4~ynh2 version):

Especially since the backup script would fail taking into account the new repository. The consequence is that if no backup have been created before, then it would fail disabling the strict checking and thus will never allow to join the backup server.

My guess is that it solves most of your problems.

The recent update 1.4.4-ynh2, and the uninstallation of funkwhale (a file was missing) let me have a successful backup, yes !

Just to notify you about one thing :
On the web admin page of Borg backup, after the upgrade, I’ve got a news with the title : " New features in 1.4.1~ynh3"

Cool!

You can dismiss this message by clicking “Understood” or “J’ai compris”. Otherwise it will remain, even after newer upgrade.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.