postgres.dk

User Tools

Site Tools

Trace:
barman

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
barman [2025/10/27 13:05] jbibarman [2025/10/27 13:38] (current) jbi
Line 9: Line 9:
 date +%s | sha256sum | base64 | head -c 32 ;echo date +%s | sha256sum | base64 | head -c 32 ;echo
  
-# save the output and use it for input in the next step and i in the barman server.conf+# 
 +# 1 save the output in /etc/barman.d/secret  
 +# 2 make sure that permissions for the secret is root.barman-owner and 440 
 +# 3 and use it for input in the next step and i in the barman server.conf 
 +#
 # create pgp entry # create pgp entry
 +
 gpg --full-generate-key gpg --full-generate-key
  
-# give a name like: barman and the password from previous command+When asked: give a name like: barman and the password from previous command 
 + 
 + 
 +</code> 
 + 
 +In the /etc/barman.d/server.conf insert 
 + 
 +<code> 
 +backup_compression_format = tar 
 +backup_compression = gzip 
 +encryption = gpg  
 +encryption_key_id = barman <-- the name you gave previous 
 +encryption_passphrase_command = "cat /etc/barman.d/secret" 
 +</code> 
 + 
 +**Done** 
 + 
 +You will have to re-initiate the backup, ie (be careful and not just c&p, but think, you can loose the existing backup): 
 + 
 +<code> 
 +sudo barman cron 
 +sudo -u barman  barman receive-wal --create-slot SERVER-NAME 
 +sudo -u barman  barman switch-xlog SERVER-NAME 
 +sudo -u barman  barman backup SERVER-NAME 
 + 
 +</code> 
 +If create-slot fails, you will have to --drop-slot or drop the slot from the database. 
 + 
 + 
 +You can check if the encryption is on: 
 + 
 +<code> 
 +sudo -u barman  barman check SERVER-NAME | grep encryption 
 +  
 +# This should do it 
 +#  
 +# but you can also see it: 
 +# and in your barman-backup-dir/SERVER-NAME/base/BACKUP-SET/ will have a basebackup ending on .gpg 
 +# and in your barman-backup-dir/SERVER-NAME/wals/WAL-SET/ the wal file will respond to 
 +# file wal-file  
 +# wal-file: PGP RSA encrypted session key - keyid: 43F52AD6 99DF306B RSA (Encrypt or Sign) 3072b 
 + 
 +</code> 
 + 
 +===== Warnings ===== 
 + 
 + 
 +If you - like us - have a monitor system that counts the numbers of "OK" from the output 
 + 
 +<code> 
 +sudo -u barman  barman check SERVER-NAME 
 +</code>
  
 +It will fail because there are now 23 OK's (hopefully) and not the 22 OK's :-)
  
  
barman.1761566724.txt.gz · Last modified: 2025/10/27 13:05 by jbi