From 3296040c44ebe752223411bf4334403311961c0a Mon Sep 17 00:00:00 2001
From: Romain Courteaud <romain@nexedi.com>
Date: Fri, 10 Nov 2017 17:31:30 +0100
Subject: [PATCH] software/backupserver: allow to directly backup from
 webrunner

Replace dropbear by openssh.
Use same rdiff-backup than provided by PBS.
Allow to directly use an IPV6 address with a custom port.
---
 .../instance-pullrdiffbackup.cfg.in           | 20 +++++++++----------
 software/backupserver/software.cfg            | 14 +++++++++----
 .../backupserver/template-backup-script.sh.in |  2 +-
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/software/backupserver/instance-pullrdiffbackup.cfg.in b/software/backupserver/instance-pullrdiffbackup.cfg.in
index 02fccf21e..e54ebad88 100644
--- a/software/backupserver/instance-pullrdiffbackup.cfg.in
+++ b/software/backupserver/instance-pullrdiffbackup.cfg.in
@@ -49,12 +49,13 @@ logfile = $${directory:log}/crond.log
 {%   set frequency = slave_instance.get('frequency', '') -%}
 {%   set hostname = slave_instance.get('hostname', '') -%}
 {%   set connection = slave_instance.get('connection', '') -%}
+{%   set connection_port = slave_instance.get('connection_port', '22') -%}
 {%   set include = slave_instance.get('include', '') -%}
 {%   set include_string = "' --include='".join(include.split(' ')) -%}
 {%   set exclude = slave_instance.get('exclude', '') -%}
 {%   set exclude_string = '' -%}
 {%   set sudo = slave_instance.get('sudo', 'False') -%}
-{%   set remote_schema = 'rdiff-backup --server --restrict-read-only / -- "$@"' -%}
+{%   set remote_schema = slave_instance.get('remote_rdiff_path', 'rdiff-backup') + ' --server --restrict-read-only / -- "$@"' -%}
 
 {%   if (exclude != '') -%}
 {%     set exclude_string = "' --exclude='".join(exclude.split(' ')) -%}
@@ -73,23 +74,19 @@ directory = $${directory:backup}/$${:_buildout_section_name_}
 
 [{{ slave_reference }}-backup-private_key]
 recipe = plone.recipe.command
-stop-on-error = false
-command = ${dropbear-output:keygen} -t $${:type} -s 2048 -f $${:key} 
+stop-on-error = true
+command = ${coreutils-output:rm} -f $${:key} $${:public_key} && ${openssh-output:keygen} -t $${:type} -b 2048 -f $${:key} -q -N ""
 key = $${directory:ssh}/$${:_buildout_section_name_}
+public_key = $${:key}.pub
+location = $${:public_key}
 type = rsa
 
-[{{ slave_reference }}-backup-public_key]
-recipe = plone.recipe.command
-stop-on-error = true
-command = ${coreutils-output:rm} -f $${:key} && ${dropbear-output:keygen} -y -f {{ '$${' ~ slave_reference }}-backup-private_key:key} | ${grep-output:grep} {{ '$${' ~ slave_reference }}-backup-private_key:type} > $${:key}
-key = {{ '$${' ~ slave_reference }}-backup-private_key:key}.pub
-location = $${:key}
 # Insert as a beginning part, to ensure that all public keys are generated before trying to publish. This will reduce the number of slapgrid-cp run.
-{%   do part_list.insert(0, "%s-backup-public_key" % slave_reference) -%}
+{%   do part_list.insert(0, "%s-backup-private_key" % slave_reference) -%}
 
 [{{ slave_reference }}-backup-read-public_key]
 recipe = slapos.cookbook:readline
-storage-path = {{ '$${' ~ slave_reference }}-backup-public_key:key}
+storage-path = {{ '$${' ~ slave_reference }}-backup-private_key:public_key}
 
 # Publish slave {{ slave_reference }} information
 [{{ slave_reference }}-backup-publish]
@@ -107,6 +104,7 @@ mode = 0700
 datadirectory = {{ '$${' ~ slave_reference }}-backup-directory:directory}
 sshkey = {{ '$${' ~ slave_reference }}-backup-private_key:key}
 connection = {{ connection }}
+connection_port = {{ connection_port }}
 hostname = {{ hostname }}
 include = {{ include_string }}
 exclude_string = {{ exclude_string }}
diff --git a/software/backupserver/software.cfg b/software/backupserver/software.cfg
index 81940443d..4b84de552 100644
--- a/software/backupserver/software.cfg
+++ b/software/backupserver/software.cfg
@@ -10,7 +10,7 @@ extends =
 #   ../../component/git/buildout.cfg
 #   ../../component/subversion/buildout.cfg
   ../../component/rsync/buildout.cfg
-  ../../component/dropbear/buildout.cfg
+  ../../component/openssh/buildout.cfg
   ../../component/grep/buildout.cfg
   ../../component/findutils/buildout.cfg
 #   ../../stack/flask.cfg
@@ -67,7 +67,7 @@ mode = 0644
 [template-backup-script]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/template-backup-script.sh.in
-md5sum = 47b20031db3b575651d8515d5add23e6
+md5sum = fa79e0307e12e2f5b1f2adbd261995fc
 output = ${buildout:directory}/template-backup-script.sh.in
 mode = 0644
 
@@ -105,7 +105,7 @@ mode = 0644
 [template-pullrdiffbackup]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-pullrdiffbackup.cfg.in
-md5sum = 061b98d001b501c9e1beb424e8802d3d
+md5sum = e2a20871288e30ebc299cc29d4c596d2
 output = ${buildout:directory}/template-pullrdiffbackup.cfg
 mode = 0644
 
@@ -116,8 +116,14 @@ md5sum = 42021b325159dff29e4bd4e33b8ff2f3
 output = ${buildout:directory}/template.cfg
 mode = 0644
 
+[rdiff-backup]
+eggs =
+  ${rdiff-backup-build-1.3.4:egg}
+
 [versions]
-rdiff-backup = 1.0.5+SlapOSPatched001
+# 1.3.4nxd2 is invalid version string, thus pached version string is not '1.3.4nxd2+SlapOSPatched001'
+# but '1.3.4nxd2-SlapOSPatched001'.
+rdiff-backup = 1.3.4nxd2-SlapOSPatched001
 gunicorn = 19.1.1
 plone.recipe.command = 1.1
 slapos.recipe.template = 2.4.2
diff --git a/software/backupserver/template-backup-script.sh.in b/software/backupserver/template-backup-script.sh.in
index 4b6dc8202..8d5ce6d90 100644
--- a/software/backupserver/template-backup-script.sh.in
+++ b/software/backupserver/template-backup-script.sh.in
@@ -18,7 +18,7 @@ ${rdiff-backup-output:rdiff-backup} \
   $${:exclude_string} \
   --include='$${:include}' \
   --exclude='**' \
-  --remote-schema '${dropbear-output:ssh} -T -y -i $${:sshkey} %s $${:remote_schema}' \
+  --remote-schema '${openssh-output:ssh} -6 -q -T -y -o "StrictHostKeyChecking no" -i $${:sshkey} -p $${:connection_port} %s $${:remote_schema}' \
   $${:connection}::/ ./
 
 RESULT=$?
-- 
2.30.9