OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: Patrick M. Hausen on February 20, 2021, 07:14:43 pm
-
Hi all,
I installed and configured os-git-backup, the first push went well. The plugin seems to work.
Now according to the documentation https://docs.opnsense.org/manual/git-backup.html (https://docs.opnsense.org/manual/git-backup.html):
When config.xml changes happen due to user or api interaction, an event is triggered to which handlers can subscribe (using syshook). Our git-backup plugin subscribes to these events in order to add the received backups and commits these with information extracted from the received xml file.
[...]
On periodic intervals (the standard ones from the backup scheduler), the collected commits are pushed to the configured upstream repository.
So - how often does this "backup scheduler" run? I changed things 2 hours ago, nothing in git, yet ...
Thanks,
Patrick
-
So when I create a "Remote Backup" cron job, everything works. So far so good and my technical mind can put 1 and 1 together ...
But I could not find a single mention of that cron job anywhere in the docs! Seriously? The documentation even suggests there are "standard intervals" in the "backup scheduler". WT...?
-
I haven't set up the plugin on my end yet, but plan to do so. Up until now my expectation was that
- Any changes are pushed to git as soon as they are applied
- The plugin also regularly (daily) checks whether the config.xml in git is the same as the local one, and will commit if something differs
Ultimately the goal would be to have an accurate changelog and an always-up-to-date backup using this method. If that doesn't work, it's worrying, as backups are something you really want to be reliable.
Does somebody have experience with the plugin so we could maybe pinpoint if it stopped working only recently, and if so, which version was still working?
-
Sooo, i went and browsed through the source a bit. A couple of observations:
- Changes
are should be committed locally (https://github.com/opnsense/plugins/blob/master/sysutils/git-backup/src/etc/rc.syshook.d/config/10-git-backup) as soon as they are applied - However pushing to the remote server is only handled here (https://github.com/opnsense/plugins/blob/master/sysutils/git-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Git.php#L131). I'm going to assume that's called once per day
And after having done that i now realize that this information is also in the docs ::)
I haven't found anything that sets up a cronjob within the plugin or the code it inherits from though. Maybe i just overlooked that?
Could you check your local repo whether the changes are commited, and check your log for errors from git-backup?
I see that the plugin would also throw an error e.g. when the remote SSH host key changes. That's good since it transfers sensitive data such as VPN keys, wouldn't want to have that MITM-ed. It does accept new ones on first run (https://github.com/opnsense/plugins/blob/master/sysutils/git-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Git.php#L153) though. So maybe that's happening? But then again, why would it work if you run it manually or set up your own cronjob...
-
Yes, local commit worked instantly. Push to remote did not happen until I set up a cron job 4 hours later.
You are right about the documentation, I only did not assume anyone would consider "once a day" a reasonable interval for remote push. So after 4 hours of waiting I concluded it wasn't working and set up a cron job. Which worked instantly and all the past commits ended up in the remote repo with their correct timestamps.
But I'm still puzzled. Once a day? I'd consider every 5 minutes to be good interval to push changes. That's the frequency at which I run Rancid in our data centre to pick up all the Cisco IOS configs ...
Thanks and best regards,
Patrick
-
agree, daily pushes are way too infrequent in a busy environment.
it seems like this magic interval is shared across all backup mechanisms though. it should probably be configurable in order to balance requirements and external limitations (such as some sort of rate limiting between backup source and sink) for each individual setup. default to 1d to be backward compatible.
the Q is, how and where is that scheduled? i can't find it in the docs. the system and root crontabs are empty. i guess this (https://github.com/opnsense/core/blob/master/src/opnsense/scripts/remote_backup.php) is the script that's responsible for actually taking the backups. can't figure out from where it's called, though :(
/e: instead of adding code to configure the interval it may be easier to update the docs and recommend configuring a cronjob.
i'll happily submit a PR, however i'd still like to understand how/where the scheduled job every 24h is coming from. *scratches head*
-
anyway, it's an easy fix to add a short hint to the docs.
https://github.com/opnsense/docs/pull/315
-
Yeah good note to add to the docs.
If you look at the logs on your OPNsense without any extra crons added, you will notice the remote backup happens at 1am, atleast in my timezone, I would guess its the same for all.
2021-02-24T01:00:00 configd.py[4643] [2cadc370-55c0-4654-b009-8a0b2474e66b] Performing remote backup
If you can confirm its the case for other timezones, add it to the doc :-)
My time zone is Europe/London.
Edit
Quick look in the code and this line sets the Cron for the backup, but little unsure on syntax but I'm guessing it means 0 minute and 1st hour. Which lines up with my log time. I'm on my phone otherwise I would confirm the values of that array.
$jobs[]['autocron'] = array('configctl system remote backup', 0, 1);https://github.com/opnsense/core/blob/51489f83de93840f2771fd65938658cd25f5a01c/src/etc/inc/plugins.inc.d/core.inc#L199
-
I've created a PR to add the information about the default 01:00 backup time (git push).
https://github.com/opnsense/docs/pull/316