From c5311c4f387ea6a0100ee965007208fbc872135b Mon Sep 17 00:00:00 2001 From: woblerr Date: Sat, 3 Aug 2024 02:17:47 +0300 Subject: [PATCH 1/2] Add e2e tests for sftp repo with ed25519 keys. This increases the number of covered cases. Not only outdated rsa keys are checked, but also ed25519 modern protocol. For ssh communications there is no point in adding tests for different protocol, because configuring ssh is a prerequisite for pgBackRest and is performed at the operating system level. --- Makefile | 4 +- e2e_tests/README.md | 10 ++- .../conf/backup/backup_pgbackrest-ssh.conf | 19 ++++- .../conf/backup/backup_pgbackrest-tls.conf | 2 +- e2e_tests/conf/backup/backup_prepare-ssh.sh | 12 ++- e2e_tests/conf/backup/backup_prepare-tls.sh | 2 +- e2e_tests/conf/pg/pg_pgbackrest-ssh.conf | 17 +++- e2e_tests/conf/pg/pg_pgbackrest-tls.conf | 2 +- e2e_tests/conf/pg/pg_prepare-ssh.sh | 3 +- e2e_tests/conf/pg/pg_prepare-tls.sh | 2 +- e2e_tests/conf/sftp/Dockerfile | 3 +- e2e_tests/conf/sftp/sftp_prepare.sh | 2 +- .../sftp/sshd-ed25519/ssh_host_ed25519_key | 7 ++ .../sshd-ed25519/ssh_host_ed25519_key.pub | 1 + e2e_tests/conf/sftp/sshd-ed25519/sshd_config | 79 +++++++++++++++++++ .../sftp/{sshd => sshd-rsa}/ssh_host_rsa_key | 0 .../{sshd => sshd-rsa}/ssh_host_rsa_key.pub | 0 .../conf/sftp/{sshd => sshd-rsa}/sshd_config | 0 e2e_tests/conf/ssh/authorized_keys | 1 + e2e_tests/conf/ssh/id_ed25519_sftp | 7 ++ e2e_tests/conf/ssh/id_ed25519_sftp.pub | 1 + e2e_tests/docker-compose.backup-ssh.yml | 10 ++- e2e_tests/docker-compose.backup-tls.yml | 4 +- e2e_tests/docker-compose.pg.yml | 5 +- e2e_tests/docker-compose.sftp.yml | 37 +++++++-- 25 files changed, 198 insertions(+), 32 deletions(-) create mode 100644 e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key create mode 100644 e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key.pub create mode 100644 e2e_tests/conf/sftp/sshd-ed25519/sshd_config rename e2e_tests/conf/sftp/{sshd => sshd-rsa}/ssh_host_rsa_key (100%) rename e2e_tests/conf/sftp/{sshd => sshd-rsa}/ssh_host_rsa_key.pub (100%) rename e2e_tests/conf/sftp/{sshd => sshd-rsa}/sshd_config (100%) create mode 100644 e2e_tests/conf/ssh/id_ed25519_sftp create mode 100644 e2e_tests/conf/ssh/id_ed25519_sftp.pub diff --git a/Makefile b/Makefile index 874aa7b..92ae846 100644 --- a/Makefile +++ b/Makefile @@ -106,8 +106,8 @@ define down_docker_compose endef define set_permissions - @chmod 700 e2e_tests/conf/ssh/ e2e_tests/conf/pg/sshd/ e2e_tests/conf/sftp/sshd/ e2e_tests/conf/pgbackrest/cert/ - @chmod 600 e2e_tests/conf/ssh/* e2e_tests/conf/pg/sshd/* e2e_tests/conf/sftp/sshd/* e2e_tests/conf/pgbackrest/cert/* + @chmod 700 e2e_tests/conf/ssh/ e2e_tests/conf/pg/sshd/ e2e_tests/conf/sftp/sshd-rsa/ e2e_tests/conf/sftp/sshd-ed25519/ e2e_tests/conf/pgbackrest/cert/ + @chmod 600 e2e_tests/conf/ssh/* e2e_tests/conf/pg/sshd/* e2e_tests/conf/sftp/sshd-rsa/* e2e_tests/conf/sftp/sshd-ed25519/* e2e_tests/conf/pgbackrest/cert/* endef define gpdb_image_tag diff --git a/e2e_tests/README.md b/e2e_tests/README.md index 25515f0..8f295f1 100644 --- a/e2e_tests/README.md +++ b/e2e_tests/README.md @@ -2,7 +2,7 @@ The following architecture is used to run the tests. * Separate containers for minio ang nginx. Official images [minio/minio](https://hub.docker.com/r/minio/minio/), [minio/mc](https://hub.docker.com/r/minio/mc) and [nginx](https://hub.docker.com/_/nginx) are used. It's necessary for S3 compatible storage for WAL archiving and backups. -* Separate container for `sftp` server. It's necessary for sftp compatible storage for WAL archiving and backups. It's custom image, based on `docker-pgbackrest` image. +* Separate containers for `sftp` servers. It's necessary for sftp compatible storage for WAL archiving and backups. It's custom image, based on `docker-pgbackrest` image. The `rsa` (outdated) and `ed25519` keys are checked. * Separate container with PostgreSQL instance and pgBackRest for backup. It's custom image, based on `docker-pgbackrest` image. * Separate container with pgBackRest. This is the `docker-pgbackrest` image. @@ -131,13 +131,17 @@ openssl x509 -in pgbackrest-selfsigned-client.crt -text -noout ```bash cd [docker-pgbackrest-root]/e2e_tests/conf/ssh -# ssh keys +# ssh keys rsa ssh-keygen -f ./id_rsa -t rsa -b 4096 -N "" -C "" -# sftp keys +# sftp keys rsa (not secure, but still very popular) ssh-keygen -f ./id_rsa_sftp -t rsa -b 4096 -N "" -C "" -m PEM +# sftp keys ed25519 +ssh-keygen -f ./id_ed25519_sftp -t ed25519 -N "" -C "" + # authorized_keys cat ./id_rsa.pub >> ./authorized_keys cat ./id_rsa_sftp.pub >> ./authorized_keys +cat ./id_ed25519_sftp.pub >> ./authorized_keys ``` diff --git a/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf b/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf index 62b470d..6a56b9e 100644 --- a/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf +++ b/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf @@ -21,9 +21,9 @@ repo1-storage-port=443 repo1-storage-verify-tls=n repo1-retention-diff=2 repo1-retention-full=2 -# Repo 2 options (sftp). +# Repo 2 options (sftp rsa). repo2-path=/var/lib/pgbackrest -repo2-sftp-host=sftp +repo2-sftp-host=sftp-rsa repo2-sftp-host-port=2222 repo2-sftp-host-key-hash-type=sha1 repo2-sftp-host-user=pgbackrest @@ -31,4 +31,17 @@ repo2-sftp-private-key-file=/home/pgbackrest/.ssh/id_rsa_sftp repo2-sftp-public-key-file=/home/pgbackrest/.ssh/id_rsa_sftp.pub repo2-type=sftp repo2-retention-full=2 -repo2-retention-diff=2 \ No newline at end of file +repo2-retention-diff=2 +# Repo 3 options (sftp ed25519). +# repo3-path shoul be different than repo2-path in this case. +# See https://github.com/pgbackrest/pgbackrest/issues/2418. +repo3-path=/tmp/demo +repo3-sftp-host=sftp-ed25519 +repo3-sftp-host-port=2222 +repo3-sftp-host-key-hash-type=sha256 +repo3-sftp-host-user=pgbackrest +repo3-sftp-private-key-file=/home/pgbackrest/.ssh/id_ed25519_sftp +repo3-sftp-public-key-file=/home/pgbackrest/.ssh/id_ed25519_sftp.pub +repo3-type=sftp +repo3-retention-full=2 +repo3-retention-diff=2 \ No newline at end of file diff --git a/e2e_tests/conf/backup/backup_pgbackrest-tls.conf b/e2e_tests/conf/backup/backup_pgbackrest-tls.conf index 6234263..38f2cb5 100644 --- a/e2e_tests/conf/backup/backup_pgbackrest-tls.conf +++ b/e2e_tests/conf/backup/backup_pgbackrest-tls.conf @@ -36,7 +36,7 @@ repo2-retention-full=2 repo2-retention-diff=2 # Repo 3 options (sftp). repo3-path=/var/lib/pgbackrest -repo3-sftp-host=sftp +repo3-sftp-host=sftp-rsa repo3-sftp-host-port=2222 repo3-sftp-host-key-hash-type=sha1 repo3-sftp-host-user=pgbackrest diff --git a/e2e_tests/conf/backup/backup_prepare-ssh.sh b/e2e_tests/conf/backup/backup_prepare-ssh.sh index 136a300..19f003c 100755 --- a/e2e_tests/conf/backup/backup_prepare-ssh.sh +++ b/e2e_tests/conf/backup/backup_prepare-ssh.sh @@ -6,24 +6,29 @@ set -e # Add hosts to known_hosts. # Necessary for pgBackRest to work correctly over ssh and sftp. ssh-keyscan -t rsa -p 2222 pg-ssh > ~/.ssh/known_hosts -ssh-keyscan -t rsa -p 2222 sftp >> ~/.ssh/known_hosts +ssh-keyscan -t rsa -p 2222 sftp-rsa >> ~/.ssh/known_hosts +ssh-keyscan -t ed25519 -p 2222 sftp-ed25519 >> ~/.ssh/known_hosts # Run pgBackRest test commands. pgbackrest stanza-create --stanza demo pgbackrest backup --stanza demo --type full --repo 1 pgbackrest backup --stanza demo --type full --repo 2 pgbackrest backup --stanza demo --type diff --repo 2 +pgbackrest backup --stanza demo --type full --repo 3 # Get results. data_repo_1=$(pgbackrest info --stanza demo --repo 1) data_repo_2=$(pgbackrest info --stanza demo --repo 2) +data_repo_3=$(pgbackrest info --stanza demo --repo 3) cnt_full_repo_1=$(echo "${data_repo_1}" | grep 'full backup' | wc -l) cnt_full_repo_2=$(echo "${data_repo_2}" | grep 'full backup' | wc -l) cnt_diff_repo_2=$(echo "${data_repo_2}" | grep 'diff backup' | wc -l) +cnt_full_repo_3=$(echo "${data_repo_3}" | grep 'full backup' | wc -l) # Passed results. # For repo 1 (minio): 1 or 2 full backups. # For repo 2 (sftp): 1 or 2 full backups and 1 diff backup. +# For repo 3 (sftp): 1 or 2 full backups. # In this script only 1 full backup is created, # but in the general pipeline (during makefile), # this script is launched in two services (backup-ssh and baclup_alpine-ssh), @@ -33,7 +38,8 @@ cnt_diff_repo_2=$(echo "${data_repo_2}" | grep 'diff backup' | wc -l) # See https://github.com/pgbackrest/pgbackrest/blob/e699402f99f70819bd922eb6150fbe1b837eca0d/src/command/expire/expire.c#L192-L194 if ([ "${cnt_full_repo_1}" -eq "1" ] || [ "${cnt_full_repo_1}" -eq "2" ]) && \ ([ "${cnt_full_repo_2}" -eq "1" ] || [ "${cnt_full_repo_2}" -eq "2" ]) && \ - [ "${cnt_diff_repo_2}" -eq "1" ] + [ "${cnt_diff_repo_2}" -eq "1" ] && \ + ([ "${cnt_full_repo_3}" -eq "1" ] || [ "${cnt_full_repo_3}" -eq "2" ]) then echo "[INFO] all tests passed" exit 0 @@ -44,5 +50,7 @@ else echo "[ERROR] full backup in repo 2: ${cnt_full_repo_2}, valid values: 1 or 2" echo "[ERROR] diff backup in repo 2: ${cnt_diff_repo_2}, valid value: 1" echo "${data_repo_2}" + echo "[ERROR] full backup in repo 3: ${cnt_full_repo_3}, valid values: 1 or 2" + echo "${data_repo_3}" exit 1 fi diff --git a/e2e_tests/conf/backup/backup_prepare-tls.sh b/e2e_tests/conf/backup/backup_prepare-tls.sh index ead25fb..02fc299 100755 --- a/e2e_tests/conf/backup/backup_prepare-tls.sh +++ b/e2e_tests/conf/backup/backup_prepare-tls.sh @@ -5,7 +5,7 @@ set -e # Add hosts to known_hosts. # Necessary for pgBackRest to work correctly over sftp. -ssh-keyscan -t rsa -p 2222 sftp >> ~/.ssh/known_hosts +ssh-keyscan -t rsa -p 2222 sftp-rsa >> ~/.ssh/known_hosts # Run pgBackRest test commands. pgbackrest stanza-create --stanza demo diff --git a/e2e_tests/conf/pg/pg_pgbackrest-ssh.conf b/e2e_tests/conf/pg/pg_pgbackrest-ssh.conf index 1ceb4b5..e8e9738 100644 --- a/e2e_tests/conf/pg/pg_pgbackrest-ssh.conf +++ b/e2e_tests/conf/pg/pg_pgbackrest-ssh.conf @@ -18,9 +18,9 @@ repo1-storage-port=443 repo1-storage-verify-tls=n repo1-retention-diff=2 repo1-retention-full=2 -# Repo 2 options (sftp). +# Repo 2 options (sftp rsa). repo2-path=/var/lib/pgbackrest -repo2-sftp-host=sftp +repo2-sftp-host=sftp-rsa repo2-sftp-host-port=2222 repo2-sftp-host-key-hash-type=sha1 repo2-sftp-host-user=pgbackrest @@ -28,4 +28,15 @@ repo2-sftp-private-key-file=/var/lib/postgresql/.ssh/id_rsa_sftp repo2-sftp-public-key-file=/var/lib/postgresql/.ssh/id_rsa_sftp.pub repo2-type=sftp repo2-retention-full=2 -repo2-retention-diff=2 \ No newline at end of file +repo2-retention-diff=2 +# Repo 3 options (sftp ed25519). +repo3-path=/tmp/demo +repo3-sftp-host=sftp-ed25519 +repo3-sftp-host-port=2222 +repo3-sftp-host-key-hash-type=sha256 +repo3-sftp-host-user=pgbackrest +repo3-sftp-private-key-file=/var/lib/postgresql/.ssh/id_ed25519_sftp +repo3-sftp-public-key-file=/var/lib/postgresql/.ssh/id_ed25519_sftp.pub +repo3-type=sftp +repo3-retention-full=2 +repo3-retention-diff=2 \ No newline at end of file diff --git a/e2e_tests/conf/pg/pg_pgbackrest-tls.conf b/e2e_tests/conf/pg/pg_pgbackrest-tls.conf index 7d6444f..5ac2d36 100644 --- a/e2e_tests/conf/pg/pg_pgbackrest-tls.conf +++ b/e2e_tests/conf/pg/pg_pgbackrest-tls.conf @@ -35,7 +35,7 @@ repo2-retention-full=2 repo2-retention-diff=2 # Repo 3 options (sftp). repo3-path=/var/lib/pgbackrest -repo3-sftp-host=sftp +repo3-sftp-host=sftp-rsa repo3-sftp-host-port=2222 repo3-sftp-host-key-hash-type=sha1 repo3-sftp-host-user=pgbackrest diff --git a/e2e_tests/conf/pg/pg_prepare-ssh.sh b/e2e_tests/conf/pg/pg_prepare-ssh.sh index e6572b0..3aaca8e 100755 --- a/e2e_tests/conf/pg/pg_prepare-ssh.sh +++ b/e2e_tests/conf/pg/pg_prepare-ssh.sh @@ -12,7 +12,8 @@ PG_DATA="/var/lib/postgresql/${PG_VERSION}/${PG_CLUSTER}" # Add host to known_hosts. # Necessary for pgBackRest to work correctly over sftp. -ssh-keyscan -t rsa -p 2222 sftp > ~/.ssh/known_hosts +ssh-keyscan -t rsa -p 2222 sftp-rsa > ~/.ssh/known_hosts +ssh-keyscan -t ed25519 -p 2222 sftp-ed25519 >> ~/.ssh/known_hosts # Start postgres. pg_ctlcluster ${PG_VERSION} ${PG_CLUSTER} start --foreground diff --git a/e2e_tests/conf/pg/pg_prepare-tls.sh b/e2e_tests/conf/pg/pg_prepare-tls.sh index 47e4d1f..5530796 100755 --- a/e2e_tests/conf/pg/pg_prepare-tls.sh +++ b/e2e_tests/conf/pg/pg_prepare-tls.sh @@ -10,7 +10,7 @@ PG_DATA="/var/lib/postgresql/${PG_VERSION}/${PG_CLUSTER}" # Add host to known_hosts. # Necessary for pgBackRest to work correctly over sftp. -ssh-keyscan -t rsa -p 2222 sftp > ~/.ssh/known_hosts +ssh-keyscan -t rsa -p 2222 sftp-rsa > ~/.ssh/known_hosts # Start postgres. pg_ctlcluster ${PG_VERSION} ${PG_CLUSTER} start --foreground diff --git a/e2e_tests/conf/sftp/Dockerfile b/e2e_tests/conf/sftp/Dockerfile index 73798ee..e8d03a2 100644 --- a/e2e_tests/conf/sftp/Dockerfile +++ b/e2e_tests/conf/sftp/Dockerfile @@ -1,6 +1,7 @@ ARG BACKREST_VERSION="2.53" FROM pgbackrest:${BACKREST_VERSION} +ARG CONTAINER_TYPE="rsa" RUN apt-get update -y \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ apt-utils \ @@ -17,5 +18,5 @@ RUN apt-get update -y \ && rm -rf /var/lib/apt/lists/* COPY --chmod=755 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/sftp/sftp_prepare.sh /home/${BACKREST_USER}/sftp_prepare.sh COPY --chmod=600 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/ssh/authorized_keys /home/${BACKREST_USER}/.ssh/authorized_keys -COPY --chmod=700 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/sftp/sshd /home/${BACKREST_USER}/sshd +COPY --chmod=700 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/sftp/sshd-${CONTAINER_TYPE} /home/${BACKREST_USER}/sshd ENTRYPOINT ["/entrypoint.sh"] diff --git a/e2e_tests/conf/sftp/sftp_prepare.sh b/e2e_tests/conf/sftp/sftp_prepare.sh index 6dac43b..adfdf1d 100755 --- a/e2e_tests/conf/sftp/sftp_prepare.sh +++ b/e2e_tests/conf/sftp/sftp_prepare.sh @@ -4,4 +4,4 @@ set -e # Start sshd. -/usr/sbin/sshd -f ~/sshd/sshd_config -D +/usr/sbin/sshd -f ~/sshd/sshd_config -D -e diff --git a/e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key b/e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key new file mode 100644 index 0000000..70338d5 --- /dev/null +++ b/e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACBv8IOsxtMkAHv4mR7W2VY7wPsQNQjJU/sJBBkZ6ISHOQAAAIj45BIb+OQS +GwAAAAtzc2gtZWQyNTUxOQAAACBv8IOsxtMkAHv4mR7W2VY7wPsQNQjJU/sJBBkZ6ISHOQ +AAAEAmcuVKGB4JJYMqjvk4Vbngg7JysCpxrna8BPb6sXuIqm/wg6zG0yQAe/iZHtbZVjvA ++xA1CMlT+wkEGRnohIc5AAAAAAECAwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key.pub b/e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..f76c7be --- /dev/null +++ b/e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/wg6zG0yQAe/iZHtbZVjvA+xA1CMlT+wkEGRnohIc5 diff --git a/e2e_tests/conf/sftp/sshd-ed25519/sshd_config b/e2e_tests/conf/sftp/sshd-ed25519/sshd_config new file mode 100644 index 0000000..82d77f3 --- /dev/null +++ b/e2e_tests/conf/sftp/sshd-ed25519/sshd_config @@ -0,0 +1,79 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 2222 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /home/pgbackrest/sshd/ssh_host_ed25519_key + +HostKeyAlgorithms ssh-ed25519 +PubkeyAcceptedKeyTypes ssh-ed25519 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin no +StrictModes yes + +PubkeyAuthentication yes +AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +PasswordAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding no +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp internal-sftp + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM no diff --git a/e2e_tests/conf/sftp/sshd/ssh_host_rsa_key b/e2e_tests/conf/sftp/sshd-rsa/ssh_host_rsa_key similarity index 100% rename from e2e_tests/conf/sftp/sshd/ssh_host_rsa_key rename to e2e_tests/conf/sftp/sshd-rsa/ssh_host_rsa_key diff --git a/e2e_tests/conf/sftp/sshd/ssh_host_rsa_key.pub b/e2e_tests/conf/sftp/sshd-rsa/ssh_host_rsa_key.pub similarity index 100% rename from e2e_tests/conf/sftp/sshd/ssh_host_rsa_key.pub rename to e2e_tests/conf/sftp/sshd-rsa/ssh_host_rsa_key.pub diff --git a/e2e_tests/conf/sftp/sshd/sshd_config b/e2e_tests/conf/sftp/sshd-rsa/sshd_config similarity index 100% rename from e2e_tests/conf/sftp/sshd/sshd_config rename to e2e_tests/conf/sftp/sshd-rsa/sshd_config diff --git a/e2e_tests/conf/ssh/authorized_keys b/e2e_tests/conf/ssh/authorized_keys index b9b40c5..ae5177d 100644 --- a/e2e_tests/conf/ssh/authorized_keys +++ b/e2e_tests/conf/ssh/authorized_keys @@ -1,2 +1,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjABaUr0CGkCEX7gSrlQZzRz1dOSPv4MQrQXXk7esmiNJpWnKHCzJiGO/wJfO53lHA9WvYJkTcNK2WqRBnYS0pOysUVX9UyBEmi00ZxHaSP1mgFJII0oYx8JzgzajbYNPoP52lzB1Y3uqMBCBkJsQZImI4t0l0K0FPW1DybCLx5My73rAahP5gpfX6UgqiscE/M13gRIsLoFN0bBjktH3xu2wZnpakPc2+IdqfICKs2fjYZhmMnTnz7kM8pGUh0cwvrwt4cfdgcHye9KDujszBDdhYpIW2/EuiS0eJBsNWrG+P+zO032j5YbcbxX/yHLxQJ+/M/XoigCgGrXujMvF/O2YTLI424fnVEYoQuyPu6sUhyd5gffIV/zQ/+PP5UaRPMdGschOdxdHMX/lxkKuJTYncdO+uekbVfql6BjS5SZ7vtTFfAwvQSyxo0yY9fFi6PFQonr2lAalpjT9w4ukMgIsiJlhC+XPJ+IUEcJHpRt+Nt2ur4P/XDSFv7YHpJLFm4fpueYfJ6L8phU5OV9WloPm8W5yUIP1UuwcIIhMx64RuJja1/QjQjJTftt3aLh1ew1JAAF21x5sI47pSqlD8fah6DUvFk1G7g1dazw4xAoXi0R5rXH4oOOoPZgAWzwiAUcrt1DGBjpAnopN7rtU3/dAW3PMUA5vjDfvLYzNJUw== ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCu5h9AmauyyK3xTEw4TeyzIHt2t02hzecFhD9wsQUMLhJAklzTR8+YHh7FNjvJo+LFJBrO8js+f4UKkPUjhdjb27JMsRHioYK36cWYwux/GCx2EcRIrFc5JIY4HYUesWW5viFY3QTjn7R3Ds67I1HaCexHnAFX9ztZa2EuneU0B80T8fVyMPFBb1jog8VPdK/YthAx4coJV12fS0hqUSWJr2s2PG6di2yasTfZma8CP9vikZa0w1kJ92ZBYm0V8RaRfXhURt77JuT81iOVh3dWOthIzUaDBq2lJWZJ0itxnq4Ku2M6o3EASdcH/jtFvk2+1mHtRpilxi6bAaklLofmpEZJ4NmB0spKiAdTGMlMsc2Cb42bMjxcz3SQOvUYEtNUBPY1Esaj6TgS6Aa5f5THv1+MebOG1CJUdPFbVUKJIXKGhc1Ue71ty342mKpuqeksz1v/jRcxEvJKcc1INK1twkZH35E8r7zRKD1RXGBU7B9xBhFjQ+BNi9eesSvzT4bNCpgwaMwACMIOon4UEyZ5L05quhqF10kJO0OurclObj8AW6wTbLyCQttseM9V63jyyAulkkt/fVLzQzUMfOxNilzsIO076nNU4dYmvO24+iE1/CyR6/HZNXEBDfaC0Js3jxHDrQH0F42I1OPvVuQv4l/ycgjBtRokVHFGDaoQVQ== +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUrrxkSfjHbXgcQkgG0OhHHnaRYt90/nSC9qoiJ6yNC diff --git a/e2e_tests/conf/ssh/id_ed25519_sftp b/e2e_tests/conf/ssh/id_ed25519_sftp new file mode 100644 index 0000000..a57297c --- /dev/null +++ b/e2e_tests/conf/ssh/id_ed25519_sftp @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACClK68ZEn4x214HEJIBtDoRx52kWLfdP50gvaqIiesjQgAAAIiVoSirlaEo +qwAAAAtzc2gtZWQyNTUxOQAAACClK68ZEn4x214HEJIBtDoRx52kWLfdP50gvaqIiesjQg +AAAEA4uARuoGBAdx7o1kN3UyG3AlBuqyAqIm09pZK9jGZTmqUrrxkSfjHbXgcQkgG0OhHH +naRYt90/nSC9qoiJ6yNCAAAAAAECAwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/e2e_tests/conf/ssh/id_ed25519_sftp.pub b/e2e_tests/conf/ssh/id_ed25519_sftp.pub new file mode 100644 index 0000000..ba529ea --- /dev/null +++ b/e2e_tests/conf/ssh/id_ed25519_sftp.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUrrxkSfjHbXgcQkgG0OhHHnaRYt90/nSC9qoiJ6yNC diff --git a/e2e_tests/docker-compose.backup-ssh.yml b/e2e_tests/docker-compose.backup-ssh.yml index 57e7677..499f922 100644 --- a/e2e_tests/docker-compose.backup-ssh.yml +++ b/e2e_tests/docker-compose.backup-ssh.yml @@ -9,6 +9,8 @@ services: - "./conf/ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa" - "./conf/ssh/id_rsa_sftp:/home/pgbackrest/.ssh/id_rsa_sftp" - "./conf/ssh/id_rsa_sftp.pub:/home/pgbackrest/.ssh/id_rsa_sftp.pub" + - "./conf/ssh/id_ed25519_sftp:/home/pgbackrest/.ssh/id_ed25519_sftp" + - "./conf/ssh/id_ed25519_sftp.pub:/home/pgbackrest/.ssh/id_ed25519_sftp.pub" - "./conf/backup/backup_prepare-ssh.sh:/home/pgbackrest/backup_prepare.sh" - "./conf/backup/backup_pgbackrest-ssh.conf:/etc/pgbackrest/pgbackrest.conf" command: /home/pgbackrest/backup_prepare.sh @@ -20,7 +22,8 @@ services: - nginx - createbucket - pg-ssh - - sftp + - sftp-rsa + - sftp-ed25519 networks: - ssh @@ -32,6 +35,8 @@ services: - "./conf/ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa" - "./conf/ssh/id_rsa_sftp:/home/pgbackrest/.ssh/id_rsa_sftp" - "./conf/ssh/id_rsa_sftp.pub:/home/pgbackrest/.ssh/id_rsa_sftp.pub" + - "./conf/ssh/id_ed25519_sftp:/home/pgbackrest/.ssh/id_ed25519_sftp" + - "./conf/ssh/id_ed25519_sftp.pub:/home/pgbackrest/.ssh/id_ed25519_sftp.pub" - "./conf/backup/backup_prepare-ssh.sh:/home/pgbackrest/backup_prepare.sh" - "./conf/backup/backup_pgbackrest-ssh.conf:/etc/pgbackrest/pgbackrest.conf" command: /home/pgbackrest/backup_prepare.sh @@ -43,7 +48,8 @@ services: - nginx - createbucket - pg-ssh - - sftp + - sftp-rsa + - sftp-ed25519 networks: - ssh diff --git a/e2e_tests/docker-compose.backup-tls.yml b/e2e_tests/docker-compose.backup-tls.yml index b89c60d..11b5abb 100644 --- a/e2e_tests/docker-compose.backup-tls.yml +++ b/e2e_tests/docker-compose.backup-tls.yml @@ -44,7 +44,7 @@ services: - createbucket - pg-tls - backup_server-tls - - sftp + - sftp-rsa networks: - tls @@ -69,7 +69,7 @@ services: - createbucket - pg-tls - backup_server-tls - - sftp + - sftp-rsa networks: - tls diff --git a/e2e_tests/docker-compose.pg.yml b/e2e_tests/docker-compose.pg.yml index 7f23ad1..bd7fa70 100644 --- a/e2e_tests/docker-compose.pg.yml +++ b/e2e_tests/docker-compose.pg.yml @@ -21,7 +21,8 @@ services: - minio - nginx - createbucket - - sftp + - sftp-rsa + - sftp-ed25519 networks: - ssh @@ -46,7 +47,7 @@ services: - minio - nginx - createbucket - - sftp + - sftp-rsa networks: - tls diff --git a/e2e_tests/docker-compose.sftp.yml b/e2e_tests/docker-compose.sftp.yml index f8e3f22..6a00ac8 100644 --- a/e2e_tests/docker-compose.sftp.yml +++ b/e2e_tests/docker-compose.sftp.yml @@ -1,18 +1,42 @@ version: '3' services: - sftp: + sftp-rsa: build: context: . dockerfile: ./conf/sftp/Dockerfile args: BACKREST_VERSION: ${TAG} - image: sftp-pgbackrest:${TAG} - container_name: sftp - hostname: sftp + CONTAINER_TYPE: "rsa" + image: sftp-rsa-pgbackrest:${TAG} + container_name: sftp-rsa + hostname: sftp-rsa command: /home/pgbackrest/sftp_prepare.sh volumes: - - "backrest_data_sftp:/var/lib/pgbackrest" + - "backrest_data_sftp_rsa:/var/lib/pgbackrest" + environment: + - "BACKREST_UID" + - "BACKREST_GID" + - "BACKREST_TLS_SERVER=disable" + expose: + - "2222" + networks: + - ssh + - tls + + sftp-ed25519: + build: + context: . + dockerfile: ./conf/sftp/Dockerfile + args: + BACKREST_VERSION: ${TAG} + CONTAINER_TYPE: "ed25519" + image: sftp-ed25519-pgbacrest:${TAG} + container_name: sftp-ed25519 + hostname: sftp-ed25519 + command: /home/pgbackrest/sftp_prepare.sh + volumes: + - "backrest_data_sftp_ed25519:/var/lib/demo" environment: - "BACKREST_UID" - "BACKREST_GID" @@ -28,4 +52,5 @@ networks: tls: volumes: - backrest_data_sftp: + backrest_data_sftp_rsa: + backrest_data_sftp_ed25519: From 3791afb4f8fcc835c7d66752dbf20f2b717cd380 Mon Sep 17 00:00:00 2001 From: woblerr Date: Sat, 3 Aug 2024 02:22:43 +0300 Subject: [PATCH 2/2] Fix typo. --- e2e_tests/conf/backup/backup_pgbackrest-ssh.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf b/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf index 6a56b9e..10694f9 100644 --- a/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf +++ b/e2e_tests/conf/backup/backup_pgbackrest-ssh.conf @@ -33,7 +33,7 @@ repo2-type=sftp repo2-retention-full=2 repo2-retention-diff=2 # Repo 3 options (sftp ed25519). -# repo3-path shoul be different than repo2-path in this case. +# repo3-path should be different than repo2-path in this case. # See https://github.com/pgbackrest/pgbackrest/issues/2418. repo3-path=/tmp/demo repo3-sftp-host=sftp-ed25519