barman
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| barman [2025/10/27 13:00] – created jbi | barman [2025/10/27 13:38] (current) – jbi | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Barman encryption ===== | ===== Barman encryption ===== | ||
| - | wip | + | ==== Generate pgp keys for the encryption ==== |
| + | |||
| + | < | ||
| + | # create 32 char password for pgp | ||
| + | date +%s | sha256sum | base64 | head -c 32 ;echo | ||
| + | |||
| + | # | ||
| + | # 1 save the output in / | ||
| + | # 2 make sure that permissions for the secret is root.barman-owner and 440 | ||
| + | # 3 and use it for input in the next step and i in the barman server.conf | ||
| + | # | ||
| + | # create pgp entry | ||
| + | |||
| + | gpg --full-generate-key | ||
| + | |||
| + | # When asked: give a name like: barman and the password from previous command | ||
| + | |||
| + | |||
| + | </ | ||
| + | |||
| + | In the / | ||
| + | |||
| + | < | ||
| + | backup_compression_format = tar | ||
| + | backup_compression = gzip | ||
| + | encryption = gpg | ||
| + | encryption_key_id = barman <-- the name you gave previous | ||
| + | encryption_passphrase_command = "cat / | ||
| + | </ | ||
| + | |||
| + | **Done** | ||
| + | |||
| + | You will have to re-initiate the backup, ie (be careful and not just c&p, but think, you can loose the existing backup): | ||
| + | |||
| + | < | ||
| + | sudo barman cron | ||
| + | sudo -u barman | ||
| + | sudo -u barman | ||
| + | sudo -u barman | ||
| + | |||
| + | </ | ||
| + | If create-slot fails, you will have to --drop-slot or drop the slot from the database. | ||
| + | |||
| + | |||
| + | You can check if the encryption is on: | ||
| + | |||
| + | < | ||
| + | sudo -u barman | ||
| + | |||
| + | # This should do it | ||
| + | # | ||
| + | # but you can also see it: | ||
| + | # and in your barman-backup-dir/ | ||
| + | # and in your barman-backup-dir/ | ||
| + | # file wal-file | ||
| + | # wal-file: PGP RSA encrypted session key - keyid: 43F52AD6 99DF306B RSA (Encrypt or Sign) 3072b | ||
| + | |||
| + | </ | ||
| + | |||
| + | ===== Warnings ===== | ||
| + | |||
| + | |||
| + | If you - like us - have a monitor system that counts the numbers of " | ||
| + | |||
| + | < | ||
| + | sudo -u barman | ||
| + | </ | ||
| + | |||
| + | It will fail because there are now 23 OK's (hopefully) and not the 22 OK's :-) | ||
| + | |||
barman.1761566432.txt.gz · Last modified: 2025/10/27 13:00 by jbi