postgres.dk

User Tools

Site Tools

Trace: barman
barman

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
barman [2025/10/27 13:06] jbibarman [2025/10/27 13:38] (current) jbi
Line 9: Line 9:
 date +%s | sha256sum | base64 | head -c 32 ;echo date +%s | sha256sum | base64 | head -c 32 ;echo
  
-# save the output and use it for input in the next step and i in the barman server.conf+# 
 +# 1 save the output in /etc/barman.d/secret  
 +# 2 make sure that permissions for the secret is root.barman-owner and 440 
 +# 3 and use it for input in the next step and i in the barman server.conf 
 +#
 # create pgp entry # create pgp entry
 +
 gpg --full-generate-key gpg --full-generate-key
  
-# give a name like: barman and the password from previous command+When asked: give a name like: barman and the password from previous command
  
  
 </code> </code>
 +
 +In the /etc/barman.d/server.conf insert
 +
 +<code>
 +backup_compression_format = tar
 +backup_compression = gzip
 +encryption = gpg 
 +encryption_key_id = barman <-- the name you gave previous
 +encryption_passphrase_command = "cat /etc/barman.d/secret"
 +</code>
 +
 +**Done**
 +
 +You will have to re-initiate the backup, ie (be careful and not just c&p, but think, you can loose the existing backup):
 +
 +<code>
 +sudo barman cron
 +sudo -u barman  barman receive-wal --create-slot SERVER-NAME
 +sudo -u barman  barman switch-xlog SERVER-NAME
 +sudo -u barman  barman backup SERVER-NAME
 +
 +</code>
 +If create-slot fails, you will have to --drop-slot or drop the slot from the database.
 +
 +
 +You can check if the encryption is on:
 +
 +<code>
 +sudo -u barman  barman check SERVER-NAME | grep encryption
 + 
 +# This should do it
 +
 +# but you can also see it:
 +# and in your barman-backup-dir/SERVER-NAME/base/BACKUP-SET/ will have a basebackup ending on .gpg
 +# and in your barman-backup-dir/SERVER-NAME/wals/WAL-SET/ the wal file will respond to
 +# file wal-file 
 +# wal-file: PGP RSA encrypted session key - keyid: 43F52AD6 99DF306B RSA (Encrypt or Sign) 3072b
 +
 +</code>
 +
 +===== Warnings =====
 +
 +
 +If you - like us - have a monitor system that counts the numbers of "OK" from the output
 +
 +<code>
 +sudo -u barman  barman check SERVER-NAME
 +</code>
 +
 +It will fail because there are now 23 OK's (hopefully) and not the 22 OK's :-)
 +
  
  
barman.1761566793.txt.gz · Last modified: 2025/10/27 13:06 by jbi