Client/Server mode: sending configuration profile to a remote server

[creativeprojects]

Work in progress

Proof of concept on how to send a configuration profile to a remote server (along necessary files like exclude list, restic password, etc.)

Suggestion of connection type:

• SSH: secure connection (would be the default)
• HTTP: basic http connection to be used within a VPN (do we want to provide that?)
• mTLS: secure connection with client/server certificates

SSH connection doesn't need to have a resticprofile server waiting for connections. The two other types would need to.

New commands:

• send: connects to a remote via SSH and push the specified configuration
• serve: serves configuration files (⚠️ no authentication, no encryption)

New flag:

• -r / --remote: download configuration files from the endpoint then run using the downloaded configuration (only). can be used with -w / --wait to inspect the mounted FS.

Other security consideration

Ideally we want the remote clients to never save the configuration that was pushed to them. They run the backup and forget everything about it.

• We could send a tar/zip file and the remote resticprofile opens a FUSE filesystem for restic to read all the configuration files from.
• The files are in memory only
• We should investigate how to ask the kernel not to swap the file contents <- doesn't seem to be possible in Go

Configuration

New entries in the configuration could look like:

# we don't need to specify a version as it could be a separate configuration file

remotes:
  remote-server:
    connection: ssh
    host: remote.example.com
    username: backup
    private-key: /home/user/.ssh/id_rsa
    known-hosts: /home/user/.ssh/known_hosts
    binary-path: /home/user/.bin/resticprofile
    configuration-file: ./dev.yaml
    profile-name: backup-root
    send-files:
      - ./key
      - ./excludes

  local:
    connection: http
    host: localhost:10001
    pre-shared-key: "super-secret-shhhhtt" # we could provide AES encryption?
    configuration-file: ./dev.yaml
    send-files:
      - ./key
      - ./excludes

  other:
    connection: mtls
    host: other-client.example.com:10003
    certificate: client.pem
    private-key: private.pem
    configuration-file: ./dev.yaml
    send-files:
      - ./key
      - ./excludes

Implementation details:

• I've chosen to open a redirected port inside the SSH connection to transfer the files. I suppose it could also be done using the unix pipes.
• in order to avoid saving the remotely loaded files to disk, I'm using afero to create a virtual disk in memory. I also looked at os/fs but it forbids using any rooted path, which sounds like it would be a massive refactoring.
• use go-fuse library to create a filesystem in memory from a tar stream (not sure how it's going to work on Windows yet)
• I was thinking about using this package to protect the backup configuration from a memory dump but as it is sent to restic, restic would need to implement the same protection

Demo of working SSH mode (logs from both the initiator and the remote)

% go run . -v -c examples/private/remotes.yml send vps01 backup
2024/07/04 21:16:44 resticprofile 0.28.0-dev compiled with go1.22.4 darwin/amd64
2024/07/04 21:16:44 loading: examples/private/remotes.yml
2024/07/04 21:16:44 files in configuration are relative to "examples/private"
2024/07/04 21:16:44 memory available: 6362MB
2024/07/04 21:16:44 using restic 0.16.4
2024/07/04 21:16:44 send: this command is experimental and its behaviour may change in the future
2024/07/04 21:16:44 file examples/key: written 25 bytes
2024/07/04 21:16:44 file examples/excludes: written 9 bytes
2024/07/04 21:16:44 file examples/root-excludes: written 5 bytes
2024/07/04 21:16:44 file examples/private/linux.yaml: written 3271 bytes
2024/07/04 21:16:44 manifest written 117 bytes
2024/07/04 21:16:44 resticprofile 0.28.0-dev compiled with go1.22.4 linux/amd64
2024/07/04 21:16:44 downloading file key (25 bytes)
2024/07/04 21:16:44 downloading file excludes (9 bytes)
2024/07/04 21:16:44 downloading file root-excludes (5 bytes)
2024/07/04 21:16:44 downloading file linux.yaml (3271 bytes)
2024/07/04 21:16:44 downloading manifest (117 bytes)
2024/07/04 21:16:44 mounting filesystem at /tmp/resticprofile-a02db72c
2024/07/04 21:16:44 loading: linux.yaml
2024/07/04 21:16:45 memory available: 2177MB
2024/07/04 21:16:45 setting process group priority to 10
2024/07/04 21:16:45 using restic 0.16.4
2024/07/04 21:16:45 the configuration contains relative "path" items which may lead to unstable results in restic commands that select snapshots. Consider using absolute paths in "path" (and "source"), set "base-dir" or "source-base" in the profile or use "tag" instead of "path" (path = false) to select snapshots for restic commands.
Affected paths are:
> path (from source) "~/go/src/github.com/creativeprojects/resticprofile" changes to "/home/user/go/src/github.com/creativeprojects/resticprofile"
2024/07/04 21:16:45 profile 'src': initializing repository (if not existing)
2024/07/04 21:16:45 command environment: reusing previous
2024/07/04 21:16:45 starting command: /usr/local/bin/restic init --password-file=key --repo=/tmp/backup/src --verbose=1
2024/07/04 21:16:45 profile 'src': checking repository consistency
2024/07/04 21:16:45 command environment: reusing previous
2024/07/04 21:16:45 starting command: /usr/local/bin/restic check --password-file=key --repo=/tmp/backup/src --verbose=1
using temporary cache in /tmp/restic-check-cache-4062915075
repository bdb1baa2 opened (version 2, compression level auto)
created new cache in /tmp/restic-check-cache-4062915075
create exclusive lock for repository
load indexes
[0:00] 100.00%  2 / 2 index files loaded
check all packs
check snapshots, trees and blobs
[0:00] 100.00%  5 / 5 snapshots
no errors were found
2024/07/04 21:16:45 profile 'src': starting 'backup'
2024/07/04 21:16:45 command environment: reusing previous
2024/07/04 21:16:45 starting command: /usr/local/bin/restic backup --exclude="/**/.git" --exclude-caches --password-file=key --repo=/tmp/backup/src --tag=test --tag=dev --verbose=1 /home/user/go/src/github.com/creativeprojects/resticprofile
open repository
repository bdb1baa2 opened (version 2, compression level auto)
lock repository
using parent snapshot 0a330d22
load index files

start scan on [/home/user/go/src/github.com/creativeprojects/resticprofile]
start backup on [/home/user/go/src/github.com/creativeprojects/resticprofile]
scan finished in 4.191s: 2359 files, 1.234 GiB

Files:           0 new,     0 changed,  2359 unmodified
Dirs:            0 new,     0 changed,   475 unmodified
Data Blobs:      0 new
Tree Blobs:      0 new
Added to the repository: 0 B   (0 B   stored)

processed 2359 files, 1.234 GiB in 0:04
snapshot 48c1f687 saved
2024/07/04 21:16:50 profile 'src': finished 'backup'
2024/07/04 21:16:50 profile 'src': cleaning up repository using retention information
2024/07/04 21:16:50 command environment: reusing previous
2024/07/04 21:16:50 starting command: /usr/local/bin/restic forget --keep-within=30d --password-file=key --path=/home/user/go/src/github.com/creativeprojects/resticprofile --prune --repo=/tmp/backup/src --verbose=1
repository bdb1baa2 opened (version 2, compression level auto)
Applying Policy: keep all snapshots within 30d of the newest
snapshots for (host [vps01], paths [/home/user/go/src/github.com/creativeprojects/resticprofile]):
keep 2 snapshots:
ID        Time                 Host        Tags        Reasons     Paths
----------------------------------------------------------------------------------------------------------------------------------
37789b1e  2024-07-04 21:01:15  vps01       test,dev    within 30d  /home/user/go/src/github.com/creativeprojects/resticprofile
48c1f687  2024-07-04 21:16:45  vps01       test,dev    within 30d  /home/user/go/src/github.com/creativeprojects/resticprofile
----------------------------------------------------------------------------------------------------------------------------------
2 snapshots

2024/07/04 21:16:51 unmounting filesystem
%

More information

Discussion here: #69

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

Attention: Patch coverage is 21.92817% with 413 lines in your changes missing coverage. Please review.

Project coverage is 70.24%. Comparing base (ccccfa2) to head (5d698ec).
Report is 1 commits behind head on master.

Files	Patch %	Lines
ssh/ssh.go	0.00%	97 Missing ⚠️
remote.go	0.00%	79 Missing ⚠️
remote/tar.go	0.00%	57 Missing ⚠️
serve.go	0.00%	53 Missing ⚠️
send.go	0.00%	49 Missing ⚠️
ssh/config.go	0.00%	23 Missing ⚠️
fuse/memfs.go	75.41%	14 Missing and 1 partial ⚠️
config/remote.go	0.00%	14 Missing ⚠️
config/config.go	21.43%	11 Missing ⚠️
fuse/file.go	33.33%	8 Missing ⚠️
... and 5 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #377      +/-   ##
==========================================
- Coverage   72.24%   70.24%   -2.00%     
==========================================
  Files         127      139      +12     
  Lines       12925    13432     +507     
==========================================
+ Hits         9337     9434      +97     
- Misses       3160     3567     +407     
- Partials      428      431       +3     

Flag	Coverage Δ
unittests	70.24% <21.93%> (-2.00%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[creativeprojects]

I got a fully working proof of concept for the SSH mode 🎉

What do you think @jkellerer ?

SSH mode should be secure enough:

• we transfer the configuration files inside a SSH tunnel
• we never save the configuration files on the other end

Obviously it still needs more work and also unit tests.

We'll see for the other modes later (with the security concerns)

[jkellerer]

will check it. Was a bit busy these days :)