-
-
Notifications
You must be signed in to change notification settings - Fork 50
Design
Fred edited this page Oct 16, 2021
·
4 revisions
The idea is to allow a resticprofile instance (the server) sending a request to a client to backup some data to some location
The client
- should have SSH installed, with the SFTP subsystem available
- should have private key authentication configured (no password authentication)
- doesn't need to have anything else installed (no restic, no resticprofile, no rsync)
- doesn't even need to have any configuration profile, or repository keys installed either
The resticprofile server will need this configuration for each SSH connection (client):
- IP address
- SSH port
- Username
- SSH Private key (no password authentication)
- name of the profile and commands to run
Optional:
- Client SSH signature
- Working directory
- TCP port to forward (in case the client doesn't have direct access to the repository). It could be dynamically generated
- Option to leave the configuration profile and repository key on the client machine (which allow restoring files without the need of the server) Default is to leave or to delete?
- Option to send logs to the standard output (back to the server) or store them locally and send them at the end (SFTP)
The server
- initiates a SSH connection with a client
- checks if restic and resticprofile binaries are available (and which version)
- sends the restic and/or resticprofile binaries (if needed) using SFTP
- sends the configuration profile along with the repository key (also via SFTP)
- runs the resticprofile profile command(s)
- deletes the configuration profile and repository key (but leaves the binaries behind)
- closes the SSH connection when it's finished
The output logs can be sent through the SSH output pipe back to the instance who initiated the connection (server), or they can be stored locally and copied back to the server using SFTP once finished (to be confirmed)