Koozali.org: home of the SME Server

Affa is broken - while I fix it, how do you use it?

Offline ReetP

  • *
  • 3,376
  • +5/-0
Affa is broken - while I fix it, how do you use it?
« on: September 16, 2022, 02:53:14 PM »
So following on from the thread opened by Gary:

https://forums.koozali.org/index.php/topic,54879.0.html

A recent update to rsync that fixed a number of security holes in it broke Affa backup.

If you have recently updated your Affa server your backups of remote servers are now failing - only your logs will tell you.

I have rewritten some of Affa - which is a great big sprawling monolithic perl script - to cope with the changes, and whilst there I found a few other bugs too. The scripts have been added to the bug.

https://bugs.koozali.org/show_bug.cgi?id=12165

PLEASE help test.

Onwards.

One thing Affa can do is back up generic linux servers - SME was an add-on originally.

In rewriting the script I have essentially left out generic linux servers and just focused on SME.

By question was whether anyone still uses it to back up generic linux boxes?

If so I need to go back and think about how to manage that.

A bit more explanation.

Before you affa could run rsync in this format:

Code: [Select]
rsync ip.address.of.target: /etc/templates /etc/templates-custom /home/e-smith
You can no longer do that and have to make each directory of file specific like this:

Code: [Select]
"rsync ip.address.of.target:/etc/templates" "ip.address.of.target:/etc/templates-custom" "ip.address.of.target:/home/e-smith"
Now, SME has some backup routines which were used by Affa, but they used the LOCAL directories on the Affa server as a reference for directories to back up on the REMOTE server. Not great and a bit of a bug really, but it got away with things.

However, a recent change to the SME Backup routines means that it now includes directories for contribs as well, and they may not be the same on the remote server as the local server.

So part of the rewrite was to run the Backup routine on the remote sever, find the directories it wanted backed up, and then made a note of that with the backup so it would correctly restore them as well - you have to specify each directory to restore.

So I have done all that.

However, I have have modified the usage of the Included/Excluded directories as well. rsync uses them for pattern matching but for SME I just use them as literal include/exclude on top of directories that the Backup routine automatically suggests. (I still need to add the exclude part but that is trivial).

And this brings me to the main point. Standard Linux boxes.

It has no backup routines.

Do I drop the old Include/Exclude meaning like SME and say use / as default and then Include/Exclude as per the configuration file?

Or something else? Does anyone even care?

Any suggestions appreciated before I go out and break all your installs.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • *
  • 705
  • +0/-0
    • Security Warehouse, trade security equipment
Re: Affa is broken - while I fix it, how do you use it?
« Reply #1 on: September 23, 2022, 12:46:22 AM »
Quote
And this brings me to the main point. Standard Linux boxes.
It has no backup routines.
Do I drop the old Include/Exclude meaning like SME and say use / as default and then Include/Exclude as per the configuration file?
Or something else? Does anyone even care?
Any suggestions appreciated before I go out and break all your installs.

I care
I only use affa to backup sme boxes, so i personally dont use the non sme options

Id be quite happy for it to be sme only in this case

Offline JohnG

  • ***
  • 81
  • +0/-0
Re: Affa is broken - while I fix it, how do you use it?
« Reply #2 on: September 23, 2022, 10:19:33 PM »
Thanks so much for your efforts!

And I care. At the moment I'm only using Affa with SME boxes.

At one point Affa was backing up a standard centos box and it worked well but it got retired. And I've always wanted to try Affa with a windows machine but never got further than installing rsync on windows then I got sidetracked.

So yeah, if it's easier to modify the sprawling perl to only do SME boxes then I'm OK with that, but it would be nice in the future to be able to Affa other generic operating systems as well.

Offline ReetP

  • *
  • 3,376
  • +5/-0
Re: Affa is broken - while I fix it, how do you use it?
« Reply #3 on: September 24, 2022, 02:53:12 AM »
Ok.

I'll try and make sure some generic linux works.

Windows - theoretically should but I believe the original notes sad it needed cygwin.

Needs a tester....

Talk to me on Rocket if you want to help test the latest.

Remember, if your affa server is a v10, and you have installed the latest rsync update on that affa server, you have no backup....

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • *
  • 705
  • +0/-0
    • Security Warehouse, trade security equipment
Re: Affa is broken - while I fix it, how do you use it?
« Reply #4 on: September 24, 2022, 11:13:05 PM »
Quote
Remember, if your affa server is a v10, and you have installed the latest rsync update on that affa server, you have no backup....
That is the concern!

Thanks for all you do Reet and sme team

Offline ReetP

  • *
  • 3,376
  • +5/-0
Re: Affa is broken - while I fix it, how do you use it?
« Reply #5 on: September 24, 2022, 11:52:44 PM »
That is the concern!

It is. Check your logs. You can force a downgrade of rsync as a temporary fix.

Quote
Thanks for all you do Reet and sme team

Thanks. We try. Please jump in on Rocket and help test.

New version is close to working - it basically does - but needs a lot of testing.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation