Why SSH fails?

[PitoneMaledetto]

Hi,
Thank you for the plugin. I have Barman 2.5 installed and I can successfully:
ssh [email protected] to mine postgresql 11 instance.

However I can't explain why the plugin fails to do the same:
barman@dev-gb-mgt-pg-01:/usr/lib/nagios/plugins/./check-barman.rb -a ssh -s dev-gb-gal-pg11-01
SSH connection failed!

I can however connect using action pg:
barman@dev-gb-mgt-pg-01:/usr/lib/nagios/plugins/./check-barman.rb -a pg -s dev-gb-gal-pg11-01
PG connection ok
Thank you.

[hamann]

The SSH check tests if the barman user is allowed to ssh into postgres instance. That's different to postgres connection.

Could you try to run ssh barman@dev-gb-gal-pg11-01 as barman user?

[PitoneMaledetto]

Hi hamann,
Following the barman installation instructions I have shared rsa keys between the 2 servers.
So from the barman server I can connect without password to the postgresql instance using postgres user.
I can also connect from the postgresql instance to the barman server using the barman user.

There are not instructions (maybe it is not needed) to connect barman to the postgresql server using the barman user (as the check is expecting in order to be successful).

Or am I missing something?
Thank you for your help.

[hamann]

Yes, you're right!. Some time has passed since I last setup a backup server.

If your ssh_command in the barman.conf looks something like this

ssh_command = ssh [email protected]

and you have a unix barman user which runs all the commands, then barman user should be allowed to login to postgres server as postgres user without password authentication, as you described.

What do you get if you run barman check dev-gb-gal-pg11-01?

[PitoneMaledetto]

barman@dev-gb-mgt-pg-01:~$ barman check dev-gb-gal-pg11-01

Server dev-gb-gal-pg11-01:
PostgreSQL: OK
is_superuser: OK
PostgreSQL streaming: OK
wal_level: OK
replication slot: OK
directories: OK
retention policy settings: OK
backup maximum age: OK (no last_backup_maximum_age provided)
compression settings: OK
failed backups: OK (there are 0 failed backups)
minimum redundancy requirements: OK (have 1 backups, expected at least 0)
pg_basebackup: OK
pg_basebackup compatible: OK
pg_basebackup supports tablespaces mapping: OK
pg_receivexlog: OK
pg_receivexlog compatible: OK
receive-wal running: OK
archiver errors: OK

Configuration file entry:
ssh_command = ssh [email protected]

[PitoneMaledetto]

Yes, you're right!. Some time has passed since I last setup a backup server.

Should we consider the -a ssh obsolete?
Thanks

[hamann]

I see! There's no line anymore like ssh: OK which is parsed here

https://github.com/sauspiel/rbarman/blob/89723b5e051bafb1c30848e4f431b9d058871e3f/lib/rbarman/cli_command.rb#L181-L182

This is what my check command reports:

$ barman -v
1.3.3
$ barman check foo
Server foo:
        ssh: OK
        PostgreSQL: OK
        archive_mode: OK
        archive_command: OK
        directories: OK
        retention policy settings: OK
        backup maximum age: OK (no last_backup_maximum_age provided)
        compression settings: OK
        minimum redundancy requirements: OK (have 2 backups, expected at least 0)

So until that's fixed, just leave the ssh check out

[PitoneMaledetto]

So until that's fixed, just leave the ssh check out

Thank you hamann!