... | ... | @@ -950,7 +950,7 @@ information on how to pick a restore procedure. |
|
|
3. On that new PostgreSQL server, show the `postgres` server public
|
|
|
key, creating it if missing:
|
|
|
|
|
|
[ -f ~postgres/.ssh/id_rsa.pub ] || sudo -u postgres ssh-keygen
|
|
|
( [ -f ~postgres/.ssh/id_rsa.pub ] || sudo -u postgres ssh-keygen )&&
|
|
|
cat ~postgres/.ssh/*.pub
|
|
|
|
|
|
4. Then on the backup server, allow the user to access backups of the
|
... | ... | @@ -960,7 +960,8 @@ information on how to pick a restore procedure. |
|
|
|
|
|
This assumes we connect to a *previous* server's backups, named
|
|
|
`$OLDSERVER` (e.g. `dictyotum`). The `$HOSTKEY` is the public key
|
|
|
found on the postgres server above.
|
|
|
found on the postgres server above. `$CLIENT` is the hostname of
|
|
|
the server we are restoring to.
|
|
|
|
|
|
Warning: the above will fail if the key is already present in
|
|
|
`/etc/ssh/userkeys/torbackup`, edit the key in there instead in
|
... | ... | @@ -1006,6 +1007,21 @@ information on how to pick a restore procedure. |
|
|
|
|
|
[#31786]: https://bugs.torproject.org/31786
|
|
|
|
|
|
If the above fails with:
|
|
|
|
|
|
ssh: connect to host bungei.torproject.org port 22: Connection refused
|
|
|
|
|
|
It's likely because the host you are restoring to is not
|
|
|
configured to backup to this backup host, and therefore the backup
|
|
|
host does not have firewall rules to allow it to connect. You can
|
|
|
fix this with something like:
|
|
|
|
|
|
iptables-legacy -I INPUT -s 78.47.61.104 -j ACCEPT
|
|
|
|
|
|
or:
|
|
|
|
|
|
nft insert rule ip filter INPUT ip saddr 78.47.61.104 counter accept
|
|
|
|
|
|
6. Make sure the `pg_xlog` directory doesn't contain any files.
|
|
|
|
|
|
rm -rf -- /var/lib/postgresql/9.6/main/pg_xlog/*
|
... | ... | |