├── .github └── workflows │ └── build.yml ├── .gitignore ├── Dockerfile ├── Dockerfile.alpine ├── Dockerfile_make ├── Dockerfile_make.alpine ├── LICENSE ├── Makefile ├── README.md ├── e2e_tests ├── .env ├── README.md ├── conf │ ├── backup │ │ ├── backup_pgbackrest-ssh.conf │ │ ├── backup_pgbackrest-tls.conf │ │ ├── backup_prepare-ssh.sh │ │ └── backup_prepare-tls.sh │ ├── nginx │ │ ├── nginx-selfsigned.crt │ │ ├── nginx-selfsigned.key │ │ └── nginx.conf │ ├── pg │ │ ├── Dockerfile │ │ ├── pg_pgbackrest-ssh.conf │ │ ├── pg_pgbackrest-tls.conf │ │ ├── pg_prepare-ssh.sh │ │ ├── pg_prepare-tls.sh │ │ ├── postgresql.auto.conf │ │ └── sshd │ │ │ ├── ssh_host_rsa_key │ │ │ ├── ssh_host_rsa_key.pub │ │ │ └── sshd_config │ ├── pgbackrest │ │ └── cert │ │ │ ├── .gitignore │ │ │ ├── pgbackrest-selfsigned-ca.crt │ │ │ ├── pgbackrest-selfsigned-ca.key │ │ │ ├── pgbackrest-selfsigned-client.cnf │ │ │ ├── pgbackrest-selfsigned-client.crt │ │ │ ├── pgbackrest-selfsigned-client.key │ │ │ ├── pgbackrest-selfsigned-server.cnf │ │ │ ├── pgbackrest-selfsigned-server.crt │ │ │ └── pgbackrest-selfsigned-server.key │ ├── sftp │ │ ├── Dockerfile │ │ ├── sftp_prepare.sh │ │ ├── sshd-ed25519 │ │ │ ├── ssh_host_ed25519_key │ │ │ ├── ssh_host_ed25519_key.pub │ │ │ └── sshd_config │ │ └── sshd-rsa │ │ │ ├── ssh_host_rsa_key │ │ │ ├── ssh_host_rsa_key.pub │ │ │ └── sshd_config │ └── ssh │ │ ├── authorized_keys │ │ ├── id_ed25519_sftp │ │ ├── id_ed25519_sftp.pub │ │ ├── id_rsa │ │ ├── id_rsa.pub │ │ ├── id_rsa_sftp │ │ └── id_rsa_sftp.pub ├── docker-compose.backup-ssh.yml ├── docker-compose.backup-tls.yml ├── docker-compose.pg.yml ├── docker-compose.s3.yml └── docker-compose.sftp.yml └── files └── entrypoint.sh /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: [push, pull_request] 4 | 5 | env: 6 | pgbackrest_completion_version: "v0.10" 7 | build_platforms: "linux/amd64,linux/arm64" 8 | 9 | jobs: 10 | build_image: 11 | # Pin ubuntu-22.04. 12 | # See https://github.com/actions/runner-images/issues/11471 13 | # runs-on: ubuntu-latest 14 | runs-on: ubuntu-22.04 15 | strategy: 16 | matrix: 17 | pgbackrest_version: ["2.54.0", "2.54.1", "2.54.2", "2.55.0", "2.55.1"] 18 | env: 19 | latest_version: "2.55.1" 20 | download_url: "https://github.com/pgbackrest/pgbackrest/archive/release" 21 | steps: 22 | - uses: actions/checkout@v4 23 | 24 | - name: Get repo tag 25 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') 26 | id: vars 27 | run: | 28 | echo ::set-output name=repo_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3) 29 | 30 | - name: Set up QEMU 31 | uses: docker/setup-qemu-action@v3 32 | 33 | - name: Set up Docker Buildx 34 | id: buildx 35 | uses: docker/setup-buildx-action@v3 36 | 37 | - name: Available platforms 38 | run: echo ${BUILDX_PLATFORMS} 39 | env: 40 | BUILDX_PLATFORMS: ${{ steps.buildx.outputs.platforms }} 41 | 42 | - name: Build pgbackrest image 43 | run: | 44 | docker buildx build \ 45 | -f Dockerfile \ 46 | --platform ${BUILD_PLATFORMS} \ 47 | --build-arg BACKREST_VERSION=${TAG} \ 48 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 49 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 50 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 51 | -t pgbackrest:${TAG} . 52 | env: 53 | TAG: ${{ matrix.pgbackrest_version }} 54 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 55 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 56 | BUILD_PLATFORMS: ${{ env.build_platforms }} 57 | DOWNLOAD_URL: ${{ env.download_url }} 58 | 59 | - name: Build pgbackrest alpine image 60 | run: | 61 | docker buildx build \ 62 | -f Dockerfile.alpine \ 63 | --platform ${BUILD_PLATFORMS} \ 64 | --build-arg BACKREST_VERSION=${TAG} \ 65 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 66 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 67 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 68 | -t pgbackrest:${TAG}-alpine . 69 | env: 70 | TAG: ${{ matrix.pgbackrest_version }} 71 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 72 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 73 | BUILD_PLATFORMS: ${{ env.build_platforms }} 74 | DOWNLOAD_URL: ${{ env.download_url }} 75 | 76 | - name: Build image and push tag to ghcr.io and Docker Hub 77 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') 78 | run: | 79 | echo ${GITHUB_PKG} | docker login ghcr.io -u ${GITHUB_USER} --password-stdin 80 | echo ${DOCKERHUB_PKG} | docker login -u ${DOCKERHUB_USER} --password-stdin 81 | docker buildx build --push \ 82 | -f Dockerfile \ 83 | --platform ${BUILD_PLATFORMS} \ 84 | --build-arg BACKREST_VERSION=${TAG} \ 85 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 86 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 87 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 88 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${TAG} \ 89 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${TAG}-${REPO_TAG} \ 90 | -t ${DOCKERHUB_USER}/pgbackrest:${TAG} \ 91 | -t ${DOCKERHUB_USER}/pgbackrest:${TAG}-${REPO_TAG} . 92 | env: 93 | GITHUB_USER: ${{ github.actor }} 94 | GITHUB_PKG: ${{ secrets.GUTHUB_CR_PAT }} 95 | DOCKERHUB_USER: ${{ secrets.DOCKEHUB_USER }} 96 | DOCKERHUB_PKG: ${{ secrets.DOCKEHUB_TOKEN }} 97 | TAG: ${{ matrix.pgbackrest_version }} 98 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 99 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 100 | BUILD_PLATFORMS: ${{ env.build_platforms }} 101 | DOWNLOAD_URL: ${{ env.download_url }} 102 | 103 | - name: Build alpine image and push tag to ghcr.io and Docker Hub 104 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') 105 | run: | 106 | echo ${GITHUB_PKG} | docker login ghcr.io -u ${GITHUB_USER} --password-stdin 107 | echo ${DOCKERHUB_PKG} | docker login -u ${DOCKERHUB_USER} --password-stdin 108 | docker buildx build --push \ 109 | -f Dockerfile.alpine \ 110 | --platform ${BUILD_PLATFORMS} \ 111 | --build-arg BACKREST_VERSION=${TAG} \ 112 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 113 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 114 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 115 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${TAG}-alpine \ 116 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${TAG}-alpine-${REPO_TAG} \ 117 | -t ${DOCKERHUB_USER}/pgbackrest:${TAG}-alpine \ 118 | -t ${DOCKERHUB_USER}/pgbackrest:${TAG}-alpine-${REPO_TAG} . 119 | env: 120 | GITHUB_USER: ${{ github.actor }} 121 | GITHUB_PKG: ${{ secrets.GUTHUB_CR_PAT }} 122 | DOCKERHUB_USER: ${{ secrets.DOCKEHUB_USER }} 123 | DOCKERHUB_PKG: ${{ secrets.DOCKEHUB_TOKEN }} 124 | TAG: ${{ matrix.pgbackrest_version }} 125 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 126 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 127 | BUILD_PLATFORMS: ${{ env.build_platforms }} 128 | DOWNLOAD_URL: ${{ env.download_url }} 129 | 130 | - name: Build image and push tag (latest) to ghcr.io and Docker Hub 131 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && matrix.pgbackrest_version == env.latest_version 132 | run: | 133 | echo ${GITHUB_PKG} | docker login ghcr.io -u ${GITHUB_USER} --password-stdin 134 | echo ${DOCKERHUB_PKG} | docker login -u ${DOCKERHUB_USER} --password-stdin 135 | docker buildx build --push \ 136 | -f Dockerfile \ 137 | --platform ${BUILD_PLATFORMS} \ 138 | --build-arg BACKREST_VERSION=${TAG} \ 139 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 140 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 141 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 142 | -t ghcr.io/${GITHUB_USER}/pgbackrest:latest \ 143 | -t ${DOCKERHUB_USER}/pgbackrest:latest . 144 | env: 145 | GITHUB_USER: ${{ github.actor }} 146 | GITHUB_PKG: ${{ secrets.GUTHUB_CR_PAT }} 147 | DOCKERHUB_USER: ${{ secrets.DOCKEHUB_USER }} 148 | DOCKERHUB_PKG: ${{ secrets.DOCKEHUB_TOKEN }} 149 | TAG: ${{ matrix.pgbackrest_version }} 150 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 151 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 152 | BUILD_PLATFORMS: ${{ env.build_platforms }} 153 | DOWNLOAD_URL: ${{ env.download_url }} 154 | 155 | build_gpdb_image: 156 | # Pin ubuntu-22.04. 157 | # See https://github.com/actions/runner-images/issues/11471 158 | # runs-on: ubuntu-latest 159 | #runs-on: ubuntu-latest 160 | runs-on: ubuntu-22.04 161 | strategy: 162 | matrix: 163 | pgbackrest_version: ["2.47_arenadata4", "2.50_arenadata4", "2.52_arenadata9"] 164 | env: 165 | download_url: "https://github.com/arenadata/pgbackrest/archive" 166 | steps: 167 | - uses: actions/checkout@v4 168 | 169 | - name: Get repo tag 170 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') 171 | id: vars 172 | run: | 173 | echo ::set-output name=repo_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3) 174 | 175 | - name: Set up QEMU 176 | uses: docker/setup-qemu-action@v3 177 | 178 | - name: Set up Docker Buildx 179 | id: buildx 180 | uses: docker/setup-buildx-action@v3 181 | 182 | - name: Available platforms 183 | run: echo ${BUILDX_PLATFORMS} 184 | env: 185 | BUILDX_PLATFORMS: ${{ steps.buildx.outputs.platforms }} 186 | 187 | - name: Build pgbackrest gpdb image 188 | run: | 189 | IMAGE_TAG="$(echo ${TAG} | cut -d_ -f1)-gpdb" 190 | docker buildx build \ 191 | -f Dockerfile_make \ 192 | --platform ${BUILD_PLATFORMS} \ 193 | --build-arg BACKREST_VERSION=${TAG} \ 194 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 195 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 196 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 197 | -t pgbackrest:${IMAGE_TAG} . 198 | env: 199 | TAG: ${{ matrix.pgbackrest_version }} 200 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 201 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 202 | BUILD_PLATFORMS: ${{ env.build_platforms }} 203 | DOWNLOAD_URL: ${{ env.download_url }} 204 | 205 | - name: Build pgbackrest gpdb alpine image 206 | run: | 207 | IMAGE_TAG="$(echo ${TAG} | cut -d_ -f1)-gpdb" 208 | docker buildx build \ 209 | -f Dockerfile_make.alpine \ 210 | --platform ${BUILD_PLATFORMS} \ 211 | --build-arg BACKREST_VERSION=${TAG} \ 212 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 213 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 214 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 215 | -t pgbackrest:${IMAGE_TAG}-alpine . 216 | env: 217 | TAG: ${{ matrix.pgbackrest_version }} 218 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 219 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 220 | BUILD_PLATFORMS: ${{ env.build_platforms }} 221 | DOWNLOAD_URL: ${{ env.download_url }} 222 | 223 | - name: Build gpdb image and push tag to ghcr.io and Docker Hub 224 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') 225 | run: | 226 | echo ${GITHUB_PKG} | docker login ghcr.io -u ${GITHUB_USER} --password-stdin 227 | echo ${DOCKERHUB_PKG} | docker login -u ${DOCKERHUB_USER} --password-stdin 228 | IMAGE_TAG="$(echo ${TAG} | cut -d_ -f1)-gpdb" 229 | docker buildx build --push \ 230 | -f Dockerfile_make \ 231 | --platform ${BUILD_PLATFORMS} \ 232 | --build-arg BACKREST_VERSION=${TAG} \ 233 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 234 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 235 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 236 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${IMAGE_TAG} \ 237 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${IMAGE_TAG}-${REPO_TAG} \ 238 | -t ${DOCKERHUB_USER}/pgbackrest:${IMAGE_TAG} \ 239 | -t ${DOCKERHUB_USER}/pgbackrest:${IMAGE_TAG}-${REPO_TAG} . 240 | env: 241 | GITHUB_USER: ${{ github.actor }} 242 | GITHUB_PKG: ${{ secrets.GUTHUB_CR_PAT }} 243 | DOCKERHUB_USER: ${{ secrets.DOCKEHUB_USER }} 244 | DOCKERHUB_PKG: ${{ secrets.DOCKEHUB_TOKEN }} 245 | TAG: ${{ matrix.pgbackrest_version }} 246 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 247 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 248 | BUILD_PLATFORMS: ${{ env.build_platforms }} 249 | DOWNLOAD_URL: ${{ env.download_url }} 250 | 251 | - name: Build gpdb alpine image and push tag to ghcr.io and Docker Hub 252 | if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') 253 | run: | 254 | echo ${GITHUB_PKG} | docker login ghcr.io -u ${GITHUB_USER} --password-stdin 255 | echo ${DOCKERHUB_PKG} | docker login -u ${DOCKERHUB_USER} --password-stdin 256 | IMAGE_TAG="$(echo ${TAG} | cut -d_ -f1)-gpdb" 257 | docker buildx build --push \ 258 | -f Dockerfile_make.alpine \ 259 | --platform ${BUILD_PLATFORMS} \ 260 | --build-arg BACKREST_VERSION=${TAG} \ 261 | --build-arg REPO_BUILD_TAG=${REPO_TAG} \ 262 | --build-arg BACKREST_COMPLETION_VERSION=${COMPL_TAG} \ 263 | --build-arg BACKREST_DOWNLOAD_URL=${DOWNLOAD_URL} \ 264 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${IMAGE_TAG}-alpine \ 265 | -t ghcr.io/${GITHUB_USER}/pgbackrest:${IMAGE_TAG}-alpine-${REPO_TAG} \ 266 | -t ${DOCKERHUB_USER}/pgbackrest:${IMAGE_TAG}-alpine \ 267 | -t ${DOCKERHUB_USER}/pgbackrest:${IMAGE_TAG}-alpine-${REPO_TAG} . 268 | env: 269 | GITHUB_USER: ${{ github.actor }} 270 | GITHUB_PKG: ${{ secrets.GUTHUB_CR_PAT }} 271 | DOCKERHUB_USER: ${{ secrets.DOCKEHUB_USER }} 272 | DOCKERHUB_PKG: ${{ secrets.DOCKEHUB_TOKEN }} 273 | TAG: ${{ matrix.pgbackrest_version }} 274 | REPO_TAG: ${{ steps.vars.outputs.repo_tag }} 275 | COMPL_TAG: ${{ env.pgbackrest_completion_version }} 276 | BUILD_PLATFORMS: ${{ env.build_platforms }} 277 | DOWNLOAD_URL: ${{ env.download_url }} 278 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.vscode -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 AS builder 2 | 3 | ARG BACKREST_VERSION 4 | ARG BACKREST_DOWNLOAD_URL="https://github.com/pgbackrest/pgbackrest/archive/release" 5 | ARG BACKREST_COMPLETION_VERSION 6 | ARG BACKREST_COMPLETION_VERSION_URL="https://github.com/woblerr/pgbackrest-bash-completion/archive" 7 | 8 | RUN apt-get update \ 9 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 10 | # According to the pgBackRest docs for v2.52, the python3-distutils package is needed for build from sources. 11 | # See PR https://github.com/pgbackrest/pgbackrest/pull/2338. 12 | # The python3-distutils package is deprecated. 13 | # For Meson on Ubuntu 22.04 and higher it makes sense to use the package python3-setuptools. 14 | # See https://ubuntu.pkgs.org/22.04/ubuntu-universe-amd64/meson_0.61.2-1_all.deb.html 15 | # and https://ubuntu.pkgs.org/24.04/ubuntu-universe-amd64/meson_1.3.2-1ubuntu1_all.deb.html 16 | # python3-distutils \ 17 | python3-setuptools \ 18 | gcc \ 19 | meson \ 20 | libpq-dev \ 21 | libssl-dev \ 22 | libxml2-dev \ 23 | pkg-config \ 24 | liblz4-dev \ 25 | libzstd-dev \ 26 | libbz2-dev \ 27 | libz-dev \ 28 | libyaml-dev \ 29 | libssh2-1-dev \ 30 | wget \ 31 | && apt-get autoremove -y \ 32 | && apt-get clean \ 33 | && rm -rf /var/lib/apt/lists/* 34 | 35 | RUN wget ${BACKREST_DOWNLOAD_URL}/${BACKREST_VERSION}.tar.gz -O /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz \ 36 | && mkdir -p /tmp/pgbackrest-release /tmp/pgbackrest-build \ 37 | && tar -xzf /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz --strip-components=1 -C /tmp/pgbackrest-release \ 38 | && meson setup /tmp/pgbackrest-build /tmp/pgbackrest-release \ 39 | && ninja -C /tmp/pgbackrest-build 40 | 41 | RUN wget ${BACKREST_COMPLETION_VERSION_URL}/${BACKREST_COMPLETION_VERSION}.tar.gz -O /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz \ 42 | && tar -xzf /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz -C /tmp \ 43 | && mv /tmp/pgbackrest-bash-completion-$(echo ${BACKREST_COMPLETION_VERSION} | tr -d v) /tmp/pgbackrest-bash-completion 44 | 45 | FROM ubuntu:24.04 46 | 47 | ARG REPO_BUILD_TAG 48 | 49 | ENV TZ="Etc/UTC" \ 50 | BACKREST_USER="pgbackrest" \ 51 | BACKREST_UID=2001 \ 52 | BACKREST_GROUP="pgbackrest" \ 53 | BACKREST_GID=2001 \ 54 | BACKREST_HOST_TYPE="ssh" \ 55 | BACKREST_TLS_WAIT=15 \ 56 | BACKREST_TLS_SERVER="disable" 57 | 58 | RUN apt-get update \ 59 | && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 60 | postgresql-client \ 61 | ca-certificates \ 62 | tzdata \ 63 | libxml2 \ 64 | libssh2-1 \ 65 | gosu \ 66 | openssh-client \ 67 | && apt-get autoremove -y \ 68 | && apt-get clean \ 69 | && rm -rf /var/lib/apt/lists/* 70 | 71 | RUN groupadd --gid ${BACKREST_GID} ${BACKREST_GROUP} \ 72 | && useradd --shell /bin/bash --uid ${BACKREST_UID} --gid ${BACKREST_GID} -m ${BACKREST_USER} \ 73 | && mkdir -p -m 750 \ 74 | /home/${BACKREST_USER}/.bash_completion.d \ 75 | /var/log/pgbackrest \ 76 | /var/lib/pgbackrest \ 77 | /var/spool/pgbackrest \ 78 | /etc/pgbackrest \ 79 | /etc/pgbackrest/conf.d \ 80 | /etc/pgbackrest/cert \ 81 | /tmp/pgbackrest \ 82 | && touch /etc/pgbackrest/pgbackrest.conf \ 83 | && chmod 640 /etc/pgbackrest/pgbackrest.conf \ 84 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 85 | /home/${BACKREST_USER}/.bash_completion.d \ 86 | /var/log/pgbackrest \ 87 | /var/lib/pgbackrest \ 88 | /var/spool/pgbackrest \ 89 | /etc/pgbackrest \ 90 | /tmp/pgbackrest \ 91 | && unlink /etc/localtime \ 92 | && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ 93 | && echo "${TZ}" > /etc/timezone 94 | 95 | COPY --chmod=755 files/entrypoint.sh /entrypoint.sh 96 | COPY --from=builder --chown=${BACKREST_USER}:${BACKREST_GROUP} /tmp/pgbackrest-bash-completion/pgbackrest-completion.sh /home/${BACKREST_USER}/.bash_completion.d/pgbackrest-completion.sh 97 | COPY --from=builder /tmp/pgbackrest-build/src/pgbackrest /usr/bin/pgbackrest 98 | 99 | LABEL \ 100 | org.opencontainers.image.version="${REPO_BUILD_TAG}" \ 101 | org.opencontainers.image.source="https://github.com/woblerr/docker-pgbackrest" 102 | 103 | ENTRYPOINT ["/entrypoint.sh"] 104 | 105 | CMD ["pgbackrest", "version"] -------------------------------------------------------------------------------- /Dockerfile.alpine: -------------------------------------------------------------------------------- 1 | FROM alpine:3.20 2 | 3 | ARG BACKREST_VERSION 4 | ARG BACKREST_DOWNLOAD_URL="https://github.com/pgbackrest/pgbackrest/archive/release" 5 | ARG BACKREST_COMPLETION_VERSION 6 | ARG BACKREST_COMPLETION_VERSION_URL="https://github.com/woblerr/pgbackrest-bash-completion/archive" 7 | ARG REPO_BUILD_TAG 8 | 9 | ENV TZ="Etc/UTC" \ 10 | BACKREST_USER="pgbackrest" \ 11 | BACKREST_UID=2001 \ 12 | BACKREST_GROUP="pgbackrest" \ 13 | BACKREST_GID=2001 \ 14 | BACKREST_HOST_TYPE="ssh" \ 15 | BACKREST_TLS_WAIT=15 \ 16 | BACKREST_TLS_SERVER="disable" 17 | 18 | RUN apk add --no-cache --update \ 19 | bash \ 20 | shadow \ 21 | postgresql-client \ 22 | ca-certificates \ 23 | libxml2 \ 24 | libssh2 \ 25 | su-exec \ 26 | procps \ 27 | tzdata \ 28 | openssh \ 29 | libbz2 \ 30 | lz4-libs \ 31 | zstd-libs \ 32 | && apk --update add --virtual .backrest-build \ 33 | build-base \ 34 | wget \ 35 | py3-setuptools \ 36 | meson \ 37 | gcc \ 38 | libpq-dev \ 39 | openssl-dev \ 40 | libxml2-dev \ 41 | pkgconfig \ 42 | lz4-dev \ 43 | zstd-dev \ 44 | bzip2-dev \ 45 | zlib-dev \ 46 | yaml-dev \ 47 | libssh2-dev \ 48 | && ln -s /sbin/su-exec /usr/local/bin/gosu \ 49 | && wget ${BACKREST_DOWNLOAD_URL}/${BACKREST_VERSION}.tar.gz -O /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz \ 50 | && mkdir -p /tmp/pgbackrest-release /tmp/pgbackrest-build \ 51 | && tar -xzf /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz --strip-components=1 -C /tmp/pgbackrest-release \ 52 | && meson setup /tmp/pgbackrest-build /tmp/pgbackrest-release \ 53 | && ninja -C /tmp/pgbackrest-build \ 54 | && cp /tmp/pgbackrest-build/src/pgbackrest /usr/bin/pgbackrest \ 55 | && groupadd --gid ${BACKREST_GID} ${BACKREST_GROUP} \ 56 | && useradd --shell /bin/bash --uid ${BACKREST_UID} --gid ${BACKREST_GID} -m ${BACKREST_USER} \ 57 | && wget ${BACKREST_COMPLETION_VERSION_URL}/${BACKREST_COMPLETION_VERSION}.tar.gz -O /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz \ 58 | && tar -xzf /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz -C /tmp \ 59 | && mv /tmp/pgbackrest-bash-completion-$(echo ${BACKREST_COMPLETION_VERSION} | tr -d v) /tmp/pgbackrest-bash-completion \ 60 | && mkdir -p -m 750 /var/log/pgbackrest \ 61 | /home/${BACKREST_USER}/.bash_completion.d \ 62 | /var/lib/pgbackrest \ 63 | /var/spool/pgbackrest \ 64 | /etc/pgbackrest \ 65 | /etc/pgbackrest/conf.d \ 66 | /etc/pgbackrest/cert \ 67 | /tmp/pgbackrest \ 68 | && cp /tmp/pgbackrest-bash-completion/pgbackrest-completion.sh /home/${BACKREST_USER}/.bash_completion.d/pgbackrest-completion.sh \ 69 | && touch /etc/pgbackrest/pgbackrest.conf \ 70 | && chmod 640 /etc/pgbackrest/pgbackrest.conf \ 71 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 72 | /home/${BACKREST_USER}/.bash_completion.d \ 73 | /var/log/pgbackrest \ 74 | /var/lib/pgbackrest \ 75 | /var/spool/pgbackrest \ 76 | /etc/pgbackrest \ 77 | /tmp/pgbackrest \ 78 | && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ 79 | && echo "${TZ}" > /etc/timezone \ 80 | && rm -rf \ 81 | /tmp/pgbackrest-release \ 82 | /tmp/pgbackrest-build \ 83 | /tmp/pgbackrest-bash-completion \ 84 | /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz \ 85 | /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz \ 86 | && apk del .backrest-build \ 87 | && rm -rf /var/cache/apk/* 88 | 89 | COPY --chmod=755 files/entrypoint.sh /entrypoint.sh 90 | 91 | LABEL \ 92 | org.opencontainers.image.version="${REPO_BUILD_TAG}" \ 93 | org.opencontainers.image.source="https://github.com/woblerr/docker-pgbackrest" 94 | 95 | ENTRYPOINT ["/entrypoint.sh"] 96 | 97 | CMD ["pgbackrest", "version"] 98 | -------------------------------------------------------------------------------- /Dockerfile_make: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 AS builder 2 | 3 | ARG BACKREST_VERSION 4 | ARG BACKREST_DOWNLOAD_URL="https://github.com/pgbackrest/pgbackrest/archive/release" 5 | ARG BACKREST_COMPLETION_VERSION 6 | ARG BACKREST_COMPLETION_VERSION_URL="https://github.com/woblerr/pgbackrest-bash-completion/archive" 7 | 8 | RUN apt-get update \ 9 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 10 | make \ 11 | gcc \ 12 | libpq-dev \ 13 | libssl-dev \ 14 | libxml2-dev \ 15 | pkg-config \ 16 | liblz4-dev \ 17 | libzstd-dev \ 18 | libbz2-dev \ 19 | libz-dev \ 20 | libyaml-dev \ 21 | libssh2-1-dev \ 22 | wget \ 23 | && apt-get autoremove -y \ 24 | && apt-get clean \ 25 | && rm -rf /var/lib/apt/lists/* 26 | 27 | RUN wget ${BACKREST_DOWNLOAD_URL}/${BACKREST_VERSION}.tar.gz -O /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz \ 28 | && mkdir -p /tmp/pgbackrest-release \ 29 | && tar -xzf /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz --strip-components=1 -C /tmp/pgbackrest-release \ 30 | && cd /tmp/pgbackrest-release/src \ 31 | && ./configure \ 32 | && make 33 | 34 | RUN wget ${BACKREST_COMPLETION_VERSION_URL}/${BACKREST_COMPLETION_VERSION}.tar.gz -O /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz \ 35 | && tar -xzf /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz -C /tmp \ 36 | && mv /tmp/pgbackrest-bash-completion-$(echo ${BACKREST_COMPLETION_VERSION} | tr -d v) /tmp/pgbackrest-bash-completion 37 | 38 | FROM ubuntu:24.04 39 | 40 | ARG REPO_BUILD_TAG 41 | 42 | ENV TZ="Etc/UTC" \ 43 | BACKREST_USER="pgbackrest" \ 44 | BACKREST_UID=2001 \ 45 | BACKREST_GROUP="pgbackrest" \ 46 | BACKREST_GID=2001 \ 47 | BACKREST_HOST_TYPE="ssh" \ 48 | BACKREST_TLS_WAIT=15 \ 49 | BACKREST_TLS_SERVER="disable" 50 | 51 | RUN apt-get update \ 52 | && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 53 | postgresql-client \ 54 | ca-certificates \ 55 | tzdata \ 56 | libxml2 \ 57 | libssh2-1 \ 58 | gosu \ 59 | openssh-client \ 60 | && apt-get autoremove -y \ 61 | && apt-get clean \ 62 | && rm -rf /var/lib/apt/lists/* 63 | 64 | RUN groupadd --gid ${BACKREST_GID} ${BACKREST_GROUP} \ 65 | && useradd --shell /bin/bash --uid ${BACKREST_UID} --gid ${BACKREST_GID} -m ${BACKREST_USER} \ 66 | && mkdir -p -m 750 \ 67 | /home/${BACKREST_USER}/.bash_completion.d \ 68 | /var/log/pgbackrest \ 69 | /var/lib/pgbackrest \ 70 | /var/spool/pgbackrest \ 71 | /etc/pgbackrest \ 72 | /etc/pgbackrest/conf.d \ 73 | /etc/pgbackrest/cert \ 74 | /tmp/pgbackrest \ 75 | && touch /etc/pgbackrest/pgbackrest.conf \ 76 | && chmod 640 /etc/pgbackrest/pgbackrest.conf \ 77 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 78 | /home/${BACKREST_USER}/.bash_completion.d \ 79 | /var/log/pgbackrest \ 80 | /var/lib/pgbackrest \ 81 | /var/spool/pgbackrest \ 82 | /etc/pgbackrest \ 83 | /tmp/pgbackrest \ 84 | && unlink /etc/localtime \ 85 | && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ 86 | && echo "${TZ}" > /etc/timezone 87 | 88 | COPY --chmod=755 files/entrypoint.sh /entrypoint.sh 89 | COPY --from=builder --chown=${BACKREST_USER}:${BACKREST_GROUP} /tmp/pgbackrest-bash-completion/pgbackrest-completion.sh /home/${BACKREST_USER}/.bash_completion.d/pgbackrest-completion.sh 90 | COPY --from=builder /tmp/pgbackrest-release/src/pgbackrest /usr/bin/pgbackrest 91 | 92 | LABEL \ 93 | org.opencontainers.image.version="${REPO_BUILD_TAG}" \ 94 | org.opencontainers.image.source="https://github.com/woblerr/docker-pgbackrest" 95 | 96 | ENTRYPOINT ["/entrypoint.sh"] 97 | 98 | CMD ["pgbackrest", "version"] -------------------------------------------------------------------------------- /Dockerfile_make.alpine: -------------------------------------------------------------------------------- 1 | FROM alpine:3.20 2 | 3 | ARG BACKREST_VERSION 4 | ARG BACKREST_DOWNLOAD_URL="https://github.com/pgbackrest/pgbackrest/archive/release" 5 | ARG BACKREST_COMPLETION_VERSION 6 | ARG BACKREST_COMPLETION_VERSION_URL="https://github.com/woblerr/pgbackrest-bash-completion/archive" 7 | ARG REPO_BUILD_TAG 8 | 9 | ENV TZ="Etc/UTC" \ 10 | BACKREST_USER="pgbackrest" \ 11 | BACKREST_UID=2001 \ 12 | BACKREST_GROUP="pgbackrest" \ 13 | BACKREST_GID=2001 \ 14 | BACKREST_HOST_TYPE="ssh" \ 15 | BACKREST_TLS_WAIT=15 \ 16 | BACKREST_TLS_SERVER="disable" 17 | 18 | RUN apk add --no-cache --update \ 19 | bash \ 20 | shadow \ 21 | postgresql-client \ 22 | ca-certificates \ 23 | libxml2 \ 24 | libssh2 \ 25 | su-exec \ 26 | procps \ 27 | tzdata \ 28 | openssh \ 29 | libbz2 \ 30 | lz4-libs \ 31 | zstd-libs \ 32 | && apk --update add --virtual .backrest-build \ 33 | build-base \ 34 | wget \ 35 | make \ 36 | gcc \ 37 | libpq-dev \ 38 | openssl-dev \ 39 | libxml2-dev \ 40 | pkgconfig \ 41 | lz4-dev \ 42 | zstd-dev \ 43 | bzip2-dev \ 44 | zlib-dev \ 45 | yaml-dev \ 46 | libssh2-dev \ 47 | && ln -s /sbin/su-exec /usr/local/bin/gosu \ 48 | && wget ${BACKREST_DOWNLOAD_URL}/${BACKREST_VERSION}.tar.gz -O /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz \ 49 | && mkdir -p /tmp/pgbackrest-release \ 50 | && tar -xzf /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz --strip-components=1 -C /tmp/pgbackrest-release \ 51 | && cd /tmp/pgbackrest-release/src \ 52 | && ./configure \ 53 | && make \ 54 | && cp /tmp/pgbackrest-release/src/pgbackrest /usr/bin/pgbackrest \ 55 | && groupadd --gid ${BACKREST_GID} ${BACKREST_GROUP} \ 56 | && useradd --shell /bin/bash --uid ${BACKREST_UID} --gid ${BACKREST_GID} -m ${BACKREST_USER} \ 57 | && wget ${BACKREST_COMPLETION_VERSION_URL}/${BACKREST_COMPLETION_VERSION}.tar.gz -O /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz \ 58 | && tar -xzf /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz -C /tmp \ 59 | && mv /tmp/pgbackrest-bash-completion-$(echo ${BACKREST_COMPLETION_VERSION} | tr -d v) /tmp/pgbackrest-bash-completion \ 60 | && mkdir -p -m 750 /var/log/pgbackrest \ 61 | /home/${BACKREST_USER}/.bash_completion.d \ 62 | /var/lib/pgbackrest \ 63 | /var/spool/pgbackrest \ 64 | /etc/pgbackrest \ 65 | /etc/pgbackrest/conf.d \ 66 | /etc/pgbackrest/cert \ 67 | /tmp/pgbackrest \ 68 | && cp /tmp/pgbackrest-bash-completion/pgbackrest-completion.sh /home/${BACKREST_USER}/.bash_completion.d/pgbackrest-completion.sh \ 69 | && touch /etc/pgbackrest/pgbackrest.conf \ 70 | && chmod 640 /etc/pgbackrest/pgbackrest.conf \ 71 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 72 | /home/${BACKREST_USER}/.bash_completion.d \ 73 | /var/log/pgbackrest \ 74 | /var/lib/pgbackrest \ 75 | /var/spool/pgbackrest \ 76 | /etc/pgbackrest \ 77 | /tmp/pgbackrest \ 78 | && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ 79 | && echo "${TZ}" > /etc/timezone \ 80 | && rm -rf \ 81 | /tmp/pgbackrest-release \ 82 | /tmp/pgbackrest-bash-completion \ 83 | /tmp/pgbackrest-${BACKREST_VERSION}.tar.gz \ 84 | /tmp/pgbackrest-bash-completion-${BACKREST_COMPLETION_VERSION}.tar.gz \ 85 | && apk del .backrest-build \ 86 | && rm -rf /var/cache/apk/* 87 | 88 | COPY --chmod=755 files/entrypoint.sh /entrypoint.sh 89 | 90 | LABEL \ 91 | org.opencontainers.image.version="${REPO_BUILD_TAG}" \ 92 | org.opencontainers.image.source="https://github.com/woblerr/docker-pgbackrest" 93 | 94 | ENTRYPOINT ["/entrypoint.sh"] 95 | 96 | CMD ["pgbackrest", "version"] 97 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 - 2025 woblerr 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BACKREST_VERSIONS = 2.54.0 2.54.1 2.54.2 2.55.0 2.55.1 2 | TAG?=2.55.1 3 | TAG_MESON_BUILD=2.51 4 | BACKREST_DOWNLOAD_URL = https://github.com/pgbackrest/pgbackrest/archive/release 5 | BACKREST_GPDB_VERSIONS = 2.47_arenadata4 2.50_arenadata4 2.52_arenadata9 6 | TAG_GPDB?=2.52_arenadata9 7 | BACKREST_GPDB_DOWNLOAD_URL = https://github.com/arenadata/pgbackrest/archive 8 | BACKREST_COMP_VERSION?=v0.10 9 | UID := $(shell id -u) 10 | GID := $(shell id -g) 11 | 12 | all: $(BACKREST_VERSIONS) $(addsuffix -alpine,$(BACKREST_VERSIONS)) $(BACKREST_GPDB_VERSIONS) $(addsuffix -alpine,$(BACKREST_GPDB_VERSIONS)) 13 | 14 | .PHONY: $(BACKREST_VERSIONS) 15 | $(BACKREST_VERSIONS): 16 | @echo "Build pgbackrest:$@ docker image" 17 | docker build --pull -f Dockerfile --build-arg BACKREST_VERSION=$@ --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_DOWNLOAD_URL) -t pgbackrest:$@ . 18 | docker run pgbackrest:$@ 19 | 20 | .PHONY: build_version 21 | build_version: 22 | @echo "Build pgbackrest:$(TAG) docker image" 23 | @if [ "${TAG}" \< "${TAG_MESON_BUILD}" ]; then \ 24 | docker build --pull -f Dockerfile_make --build-arg BACKREST_VERSION=$(TAG) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_DOWNLOAD_URL) -t pgbackrest:$(TAG) . ; \ 25 | else \ 26 | docker build --pull -f Dockerfile --build-arg BACKREST_VERSION=$(TAG) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_DOWNLOAD_URL) -t pgbackrest:$(TAG) . ; \ 27 | fi 28 | docker run pgbackrest:$(TAG) 29 | 30 | .PHONY: $(BACKREST_GPDB_VERSIONS) 31 | $(BACKREST_GPDB_VERSIONS): 32 | $(call gpdb_image_tag,IMAGE_TAG,$@) 33 | @echo "Build pgbackrest:$(IMAGE_TAG) docker image" 34 | docker build --pull -f Dockerfile_make --build-arg BACKREST_VERSION=$@ --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_GPDB_DOWNLOAD_URL) -t pgbackrest:$(IMAGE_TAG) . 35 | docker run pgbackrest:$(IMAGE_TAG) 36 | 37 | .PHONY: build_version_gpdb 38 | build_version_gpdb: 39 | $(call gpdb_image_tag,IMAGE_TAG,$(TAG_GPDB)) 40 | @echo "Build pgbackrest:$(IMAGE_TAG) docker image" 41 | docker build --pull -f Dockerfile_make --build-arg BACKREST_VERSION=$(TAG_GPDB) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_GPDB_DOWNLOAD_URL) -t pgbackrest:$(IMAGE_TAG) . 42 | docker run pgbackrest:$(IMAGE_TAG) 43 | 44 | .PHONY: $(BACKREST_VERSIONS)-alpine 45 | $(addsuffix -alpine,$(BACKREST_VERSIONS)): 46 | @echo "Build pgbackrest:$@ docker image" 47 | docker build --pull -f Dockerfile.alpine --build-arg BACKREST_VERSION=$(subst -alpine,,$@) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_DOWNLOAD_URL) -t pgbackrest:$@ . 48 | docker run pgbackrest:$@ 49 | 50 | .PHONY: build_version_alpine 51 | build_version_alpine: 52 | @echo "Build pgbackrest:$(TAG)-alpine docker image" 53 | @if [ "${TAG}" \< "${TAG_MESON_BUILD}" ]; then \ 54 | docker build --pull -f Dockerfile_make.alpine --build-arg BACKREST_VERSION=$(TAG) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_DOWNLOAD_URL) -t pgbackrest:$(TAG)-alpine . ; \ 55 | else \ 56 | docker build --pull -f Dockerfile.alpine --build-arg BACKREST_VERSION=$(TAG) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_DOWNLOAD_URL) -t pgbackrest:$(TAG)-alpine . ; \ 57 | fi 58 | docker run pgbackrest:$(TAG)-alpine 59 | 60 | .PHONY: $(BACKREST_GPDB_VERSIONS)-alpine 61 | $(addsuffix -alpine,$(BACKREST_GPDB_VERSIONS)): 62 | $(call gpdb_image_tag_alpine,IMAGE_TAG,$@) 63 | @echo "Build pgbackrest:$(IMAGE_TAG) docker image" 64 | docker build --pull -f Dockerfile_make.alpine --build-arg BACKREST_VERSION=$(subst -alpine,,$@) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_GPDB_DOWNLOAD_URL) -t pgbackrest:$(IMAGE_TAG) . 65 | docker run pgbackrest:$(shell echo $@ | cut -d_ -f1)-gpdb-alpine 66 | 67 | .PHONY: build_version_gpdb_alpine 68 | build_version_gpdb_alpine: 69 | $(call gpdb_image_tag_alpine,IMAGE_TAG,$(TAG_GPDB)) 70 | @echo "Build pgbackrest:$(IMAGE_TAG) docker image" 71 | docker build --pull -f Dockerfile_make.alpine --build-arg BACKREST_VERSION=$(TAG_GPDB) --build-arg BACKREST_COMPLETION_VERSION=$(BACKREST_COMP_VERSION) --build-arg BACKREST_DOWNLOAD_URL=$(BACKREST_GPDB_DOWNLOAD_URL) -t pgbackrest:$(IMAGE_TAG) . 72 | docker run pgbackrest:$(IMAGE_TAG) 73 | 74 | .PHONY: test-e2e 75 | test-e2e: 76 | @echo "Run end-to-end tests" 77 | make build_version 78 | make build_version_alpine 79 | make test-e2e-ssh 80 | make test-e2e-tls 81 | 82 | .PHONY: test-e2e-ssh 83 | test-e2e-ssh: 84 | @echo "Run end-to-end tests for SSH communication" 85 | $(call down_docker_compose,ssh) 86 | $(call run_docker_compose,ssh) 87 | $(call down_docker_compose,ssh) 88 | 89 | .PHONY: test-e2e-tls 90 | test-e2e-tls: 91 | @echo "Run end-to-end tests for TLS communication" 92 | $(call down_docker_compose,tls) 93 | $(call run_docker_compose,tls) 94 | $(call down_docker_compose,tls) 95 | 96 | .PHONY: test-e2e-down 97 | test-e2e-down: 98 | @echo "Stop old containers" 99 | $(call down_docker_compose,ssh) 100 | $(call down_docker_compose,tls) 101 | 102 | define run_docker_compose 103 | $(call set_permissions) 104 | TAG=${TAG} BACKREST_UID=$(UID) BACKREST_GID=$(GID) docker compose -f e2e_tests/docker-compose.sftp.yml -f e2e_tests/docker-compose.s3.yml -f e2e_tests/docker-compose.pg.yml up -d --build --force-recreate --always-recreate-deps pg-${1} 105 | @if [ "${1}" == "tls" ]; then \ 106 | TAG=${TAG} BACKREST_UID=$(UID) BACKREST_GID=$(GID) docker compose -f e2e_tests/docker-compose.sftp.yml -f e2e_tests/docker-compose.s3.yml -f e2e_tests/docker-compose.pg.yml -f e2e_tests/docker-compose.backup-${1}.yml up -d --no-deps backup_server-${1}; \ 107 | fi 108 | @sleep 30 109 | TAG=${TAG} BACKREST_UID=$(UID) BACKREST_GID=$(GID) docker compose -f e2e_tests/docker-compose.sftp.yml -f e2e_tests/docker-compose.s3.yml -f e2e_tests/docker-compose.pg.yml -f e2e_tests/docker-compose.backup-${1}.yml run --rm --name backup-${1} --no-deps backup-${1} 110 | TAG=${TAG} BACKREST_UID=$(UID) BACKREST_GID=$(GID) docker compose -f e2e_tests/docker-compose.sftp.yml -f e2e_tests/docker-compose.s3.yml -f e2e_tests/docker-compose.pg.yml -f e2e_tests/docker-compose.backup-${1}.yml run --rm --name backup_alpine-${1} --no-deps backup_alpine-${1} 111 | endef 112 | 113 | define down_docker_compose 114 | TAG=${TAG} BACKREST_UID=$(UID) BACKREST_GID=$(GID) docker compose -f e2e_tests/docker-compose.sftp.yml -f e2e_tests/docker-compose.s3.yml -f e2e_tests/docker-compose.pg.yml -f e2e_tests/docker-compose.backup-${1}.yml down -v 115 | endef 116 | 117 | define set_permissions 118 | @chmod 700 e2e_tests/conf/ssh/ e2e_tests/conf/pg/sshd/ e2e_tests/conf/sftp/sshd-rsa/ e2e_tests/conf/sftp/sshd-ed25519/ e2e_tests/conf/pgbackrest/cert/ 119 | @chmod 600 e2e_tests/conf/ssh/* e2e_tests/conf/pg/sshd/* e2e_tests/conf/sftp/sshd-rsa/* e2e_tests/conf/sftp/sshd-ed25519/* e2e_tests/conf/pgbackrest/cert/* 120 | endef 121 | 122 | define gpdb_image_tag 123 | $(eval $(1) := $(shell echo $(2) | cut -d_ -f1)-gpdb) 124 | endef 125 | 126 | define gpdb_image_tag_alpine 127 | $(eval $(1) := $(shell echo $(2) | cut -d_ -f1)-gpdb-alpine) 128 | endef -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # docker-pgbackrest 2 | 3 | [![Actions Status](https://github.com/woblerr/docker-pgbackrest/workflows/build/badge.svg)](https://github.com/woblerr/docker-pgbackrest/actions) 4 | 5 | [pgBackRest](https://pgbackrest.org/) inside Docker can be useful for refusing to install pgBackRest as a system package (using yum or apt, for example) on your [Dedicated Repository Host](https://pgbackrest.org/user-guide.html#repo-host) or inside CI/CD systems. You can just run pgBackRest in Docker. At the same time, the PostgreSQL server side must be configured according to the pgBackRest documentation. 6 | 7 | The repository contains information for the last 5 releases of pgBackRest. If necessary to use an older version - do a [manual build](#build). 8 | 9 | Supported pgBackRest version tags: 10 | 11 | * `2.55.1`, `latest` 12 | * `2.55.1-alpine` 13 | * `2.55.0` 14 | * `2.55.0-alpine` 15 | * `2.54.2` 16 | * `2.54.2-alpine` 17 | * `2.54.1` 18 | * `2.54.1-alpine` 19 | * `2.54.0` 20 | * `2.54.0-alpine` 21 | 22 | The repository also contains information for releases of pgBackRest fork with Greenplum support (see [pgbackrest/pull/1833](https://github.com/pgbackrest/pgbackrest/pull/1833)). Details - [build with Greenplum support](#build-with-greenplum-support). 23 | 24 | The repository contains information for the last 3 releases of pgBackRest fork with Greenplum support. If necessary to use an older version - do a [manual build](#build). 25 | 26 | Supported pgBackRest version tags with Greenplum support: 27 | * `2.52-gpdb` 28 | * `2.52-gpdb-alpine` 29 | * `2.50-gpdb` 30 | * `2.50-gpdb-alpine` 31 | * `2.47-gpdb` 32 | * `2.47-gpdb-alpine` 33 | 34 | The image is based on the official ubuntu or alpine image. For ubuntu image each version of pgBackRest builds from the source code in a separate `builder` container. For alpine image each version of pgBackRest builds from the source code in container using virtual package `.backrest-build`. 35 | 36 | The image contains [pgbackrest-bash-completion](https://github.com/woblerr/pgbackrest-bash-completion) script. You can complete `pgbackrest` commands by pressing tab key. 37 | 38 | Environment variables supported by this image: 39 | 40 | * `TZ` - container's time zone, default `Etc/UTC`; 41 | * `BACKREST_USER` - non-root user name for execution of the command, default `pgbackrest`; 42 | * `BACKREST_UID` - UID of internal `${BACKREST_USER}` user, default `2001`; 43 | * `BACKREST_GROUP` - group name of internal `${BACKREST_USER}` user, default `pgbackrest`; 44 | * `BACKREST_GID` - GID of internal `${BACKREST_USER}` user, default `2001`; 45 | * `BACKREST_HOST_TYPE` - repository host protocol type, default `ssh`, available values: `ssh`, `tls`; 46 | * `BACKREST_TLS_WAIT` - waiting for TLS server startup in seconds when `BACKREST_HOST_TYPE=tls`, default `15`; 47 | * `BACKREST_TLS_SERVER` - start container as pgBackRest TLS server, default `disable`, available values: `disable`, `enable`. 48 | 49 | ## Pull 50 | 51 | Change `tag` to to the version you need. 52 | 53 | * Docker Hub: 54 | 55 | ```bash 56 | docker pull woblerr/pgbackrest:tag 57 | ``` 58 | 59 | ```bash 60 | docker pull woblerr/pgbackrest:tag-alpine 61 | ``` 62 | 63 | * GitHub Registry: 64 | 65 | ```bash 66 | docker pull ghcr.io/woblerr/pgbackrest:tag 67 | ``` 68 | 69 | ```bash 70 | docker pull ghcr.io/woblerr/pgbackrest:tag-alpine 71 | ``` 72 | 73 | ## Run 74 | 75 | You will need to mount the necessary directories or files inside the container (or use this image to build your own on top of it). 76 | 77 | ### Simple 78 | 79 | ```bash 80 | docker run --rm pgbackrest:51 pgbackrest help 81 | ``` 82 | 83 | ### Injecting inside 84 | 85 | ```bash 86 | docker run --rm -it pgbackrest:2.55.1 bash 87 | 88 | pgbackrest@cac1f58b56f2:/$ pgbackrest version 89 | pgBackRest 2.55.1 90 | ``` 91 | 92 | ### Example for Dedicated Repository Host 93 | 94 | Host `USER:GROUP` - `pgbackrest:pgbackrest`, `UID:GID` - `1001:1001`. Backups are stored locally under the user `pgbackrest`. 95 | 96 | #### Use SSH 97 | 98 | ```bash 99 | docker run --rm \ 100 | -e BACKREST_UID=1001 \ 101 | -e BACKREST_GID=1001 \ 102 | -v ~/.ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa \ 103 | -v /etc/pgbackrest:/etc/pgbackrest \ 104 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 105 | pgbackrest:2.55.1 \ 106 | pgbackrest backup --stanza demo --type full --log-level-console info 107 | ``` 108 | 109 | And and the same time for old pgBackRest version: 110 | 111 | ```bash 112 | docker run --rm \ 113 | -e BACKREST_UID=1001 \ 114 | -e BACKREST_GID=1001 \ 115 | -v ~/.ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa \ 116 | -v /etc/pgbackrest:/etc/pgbackrest \ 117 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 118 | pgbackrest:2.30 \ 119 | pgbackrest backup --stanza demo-old --type full --log-level-console info 120 | ``` 121 | 122 | To exclude simultaneous execution of multiple backup processes for one stanza: 123 | 124 | ```bash 125 | docker run --rm \ 126 | -e BACKREST_UID=1001 \ 127 | -e BACKREST_GID=1001 \ 128 | -v ~/.ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa \ 129 | -v /etc/pgbackrest:/etc/pgbackrest \ 130 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 131 | -v /tmp/pgbackrest:/tmp/pgbackrest \ 132 | pgbackrest:2.55.1 \ 133 | pgbackrest backup --stanza demo --type full --log-level-console info 134 | ``` 135 | 136 | #### Use TLS 137 | 138 | Available only for `pgBackRest version >= 2.37`. 139 | 140 | There are two mode for using TLS for communication. 141 | * Run container as pgBackRest TLS server. 142 | 143 | You need to set `BACKREST_TLS_SERVER=enable`. 144 | 145 | The variables `BACKREST_HOST_TYPE` and `BACKREST_TLS_WAIT` do not affect this startup mode. 146 | 147 | * Run container with TLS server in background for pgBackRest execution over TLS. 148 | 149 | You need to set `BACKREST_HOST_TYPE=tls`. 150 | 151 | Using `BACKREST_TLS_WAIT`, you can change the TLS server startup waiting. By default, checking that the TLS server is running will be performed after `15 seconds`. 152 | 153 | The variable should be `BACKREST_TLS_SERVER=disable`. 154 | 155 | TLS server configuration is described in the [pgBackRest documentation](https://pgbackrest.org/user-guide-rhel.html#repo-host/config). 156 | 157 | ##### Run container as pgBackRest TLS server 158 | 159 | ```bash 160 | docker run -d \ 161 | -e BACKREST_UID=1001 \ 162 | -e BACKREST_GID=1001 \ 163 | -e BACKREST_TLS_SERVER=enable \ 164 | -v /etc/pgbackrest:/etc/pgbackrest \ 165 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 166 | -p 8432:8432 \ 167 | --name backrest_server \ 168 | pgbackrest:2.55.1 169 | ``` 170 | 171 | ##### Run container with TLS server in background for pgBackRest execution over TLS 172 | 173 | ```bash 174 | docker run --rm \ 175 | -e BACKREST_UID=1001 \ 176 | -e BACKREST_GID=1001 \ 177 | -e BACKREST_HOST_TYPE=tls \ 178 | -v /etc/pgbackrest:/etc/pgbackrest \ 179 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 180 | pgbackrest:2.55.1 \ 181 | pgbackrest backup --stanza demo --type full --log-level-console info 182 | ``` 183 | 184 | ### Example for backup to local path for PostgreSQL running locally in Chicago 185 | 186 | PostgreSQL run from user `postgres:postgres` with UID:GID `1001:1001`. PostgreSQL data path - `/var/lib/postgresql/12/main`, pgBackRest backup path - `/var/lib/pgbackrest`. 187 | 188 | ```bash 189 | docker run --rm \ 190 | -e BACKREST_USER=postgres \ 191 | -e BACKREST_UID=1001 \ 192 | -e BACKREST_GROUP=postgres \ 193 | -e BACKREST_GID=1001 \ 194 | -e TZ=America/Chicago \ 195 | -v /etc/pgbackrest/pgbackrest.conf:/etc/pgbackrest/pgbackrest.conf \ 196 | -v /var/lib/postgresql/12/main:/var/lib/postgresql/12/main \ 197 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 198 | -v /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432 \ 199 | pgbackrest:2.55.1 \ 200 | pgbackrest backup --stanza demo --type full --log-level-console info 201 | ``` 202 | 203 | ### Example for backup to local path for PostgreSQL running remote over TLS 204 | 205 | PostgreSQL run on remote host. Сommunication between hosts via TLS. pgBackRest path for backup and WAL files - `/var/lib/pgbackrest`. 206 | 207 | Run the container as a TLS server. After that, remote PostgreSQL will be able to archive WAL files. 208 | 209 | ```bash 210 | docker run -d \ 211 | -e BACKREST_UID=1001 \ 212 | -e BACKREST_GID=1001 \ 213 | -e BACKREST_TLS_SERVER=enable \ 214 | -v /etc/pgbackrest/pgbackrest.conf:/etc/pgbackrest/pgbackrest.conf \ 215 | -v /etc/pgbackrest/cert:/etc/pgbackrest/cert \ 216 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 217 | -p 8432:8432 \ 218 | --name backrest_server \ 219 | pgbackrest:2.55.1 220 | ``` 221 | 222 | Performing a backup: 223 | 224 | ```bash 225 | docker run --rm \ 226 | -e BACKREST_UID=1001 \ 227 | -e BACKREST_GID=1001 \ 228 | -e BACKREST_HOST_TYPE=tls \ 229 | -v /etc/pgbackrest/pgbackrest.conf:/etc/pgbackrest/pgbackrest.conf \ 230 | -v /etc/pgbackrest/cert:/etc/pgbackrest/cert \ 231 | -v /var/lib/pgbackrest:/var/lib/pgbackrest \ 232 | pgbackrest:2.55.1 \ 233 | pgbackrest backup --stanza demo --type full --log-level-console info 234 | ``` 235 | 236 | ## Build 237 | 238 | ```bash 239 | make build_version TAG=2.55.1 240 | ``` 241 | 242 | ```bash 243 | make build_version_alpine TAG=2.55.1 244 | ``` 245 | 246 | or 247 | 248 | ```bash 249 | docker build -f Dockerfile --build-arg BACKREST_VERSION=2.55.1 --build-arg BACKREST_COMPLETION_VERSION=v0.10 -t pgbackrest:2.55.1 . 250 | ``` 251 | 252 | ```bash 253 | docker build -f Dockerfile.alpine --build-arg BACKREST_VERSION=2.55.1 --build-arg BACKREST_COMPLETION_VERSION=v0.10 -t pgbackrest:2.55.1-alpine . 254 | ``` 255 | 256 | ### Build pgBackRest < `v2.51` 257 | 258 | Since version `v2.51`, the build system for pgBackRest is `meson`. The `autoconf/make` build will not receive any new features and will be removed in future. If you need to build pgBackRest lower than `v2.51`, use the files [Dockerfile_make](./Dockerfile) or [Dockerfile_make.alpine](./Dockerfile_make.alpine). 259 | 260 | ```bash 261 | make build_version TAG=2.49 262 | ``` 263 | 264 | ```bash 265 | make build_version_alpine TAG=2.49 266 | ``` 267 | 268 | or 269 | 270 | ```bash 271 | docker build -f Dockerfile_make --build-arg BACKREST_VERSION=2.49 --build-arg BACKREST_COMPLETION_VERSION=v0.10 -t pgbackrest:2.49 . 272 | ``` 273 | 274 | ```bash 275 | docker build -f Dockerfile_make.alpine --build-arg BACKREST_VERSION=2.49 --build-arg BACKREST_COMPLETION_VERSION=v0.10 -t pgbackrest:2.49-alpine . 276 | ``` 277 | 278 | ## Build with Greenplum support 279 | 280 | PR [pgbackrest/pull/1833](https://github.com/pgbackrest/pgbackrest/pull/1833) is still not merged into pgBackRest. The separate tags `*-gpdb` are used for pgBackRest images with Greenplum support. When the PR is accepted, separate tags will no longer be needed. 281 | 282 | The image completely repeats all the possibilities of the image for pgBackRest. 283 | 284 | ### Pull 285 | 286 | Change `tag` to to the version you need. 287 | 288 | * Docker Hub: 289 | 290 | ```bash 291 | docker pull woblerr/pgbackrest:tag-gpdb 292 | ``` 293 | 294 | ```bash 295 | docker pull woblerr/pgbackrest:tag-gpdb-alpine 296 | ``` 297 | 298 | * GitHub Registry: 299 | 300 | ```bash 301 | docker pull ghcr.io/woblerr/pgbackrest:tag-gpdb 302 | ``` 303 | 304 | ```bash 305 | docker pull ghcr.io/woblerr/pgbackrest:tag-gpdb-alpine 306 | ``` 307 | 308 | ### Run 309 | 310 | ```bash 311 | docker run --rm pgbackrest:2.52-gpdb pgbackrest help 312 | ``` 313 | 314 | ## Running tests 315 | 316 | Run the end-to-end tests: 317 | 318 | ```bash 319 | make test-e2e 320 | ``` 321 | 322 | See [tests description](./e2e_tests/README.md). -------------------------------------------------------------------------------- /e2e_tests/.env: -------------------------------------------------------------------------------- 1 | TAG=2.55.1 2 | PG_VERSION=16 3 | IMAGE_TAG_MINIO=RELEASE.2025-04-22T22-12-26Z 4 | IMAGE_TAG_MINIO_MC=RELEASE.2025-04-16T18-13-26Z 5 | IMAGE_TAG_NGINX=1.27.5-alpine 6 | MINIO_ROOT_USER=minio 7 | MINIO_ROOT_PASSWORD=minioPGBackup 8 | MINIO_SITE_REGION=us-west-1 9 | MINIO_DOMAIN=minio.local 10 | S3_MINIO_BUCKET=backup 11 | S3_MINIO_HOSTNAME=myminio 12 | S3_MINIO_KEY=demo 13 | S3_MINIO_KEY_SECRET=demoPGBackup 14 | -------------------------------------------------------------------------------- /e2e_tests/README.md: -------------------------------------------------------------------------------- 1 | # End-to-end tests 2 | 3 | The following architecture is used to run the tests. 4 | * Separate containers for minio ang nginx. Official images [minio/minio](https://hub.docker.com/r/minio/minio/), [minio/mc](https://hub.docker.com/r/minio/mc) and [nginx](https://hub.docker.com/_/nginx) are used. It's necessary for S3 compatible storage for WAL archiving and backups. 5 | * Separate containers for `sftp` servers. It's necessary for sftp compatible storage for WAL archiving and backups. It's custom image, based on `docker-pgbackrest` image. The `rsa` (outdated) and `ed25519` keys are checked. 6 | * Separate container with PostgreSQL instance and pgBackRest for backup. It's custom image, based on `docker-pgbackrest` image. 7 | * Separate container with pgBackRest. This is the `docker-pgbackrest` image. 8 | 9 | S3 compatible storage is described in `e2e_tests/docker-compose.s3.yml`, separate container with `sftp` compatible storage is described in `e2e_tests/docker-compose.sftp.yml`, separate containers with PostgreSQL instances are described in `e2e_tests/docker-compose.pg.yml` and containers with pgBackRest for tests are described in `e2e_tests/docker-compose.backup-ssh.yml` for communication over `SSH` and `e2e_tests/docker-compose.backup-tls.yml` for communication over `TLS`. 10 | 11 | ## Running tests 12 | 13 | By default, tests are performed only for the latest supported version of pgBackRest. To run tests for a different version, you need to change the variable `TAG` in `e2e_tests/.env` file and specify `TAG` variable for `make` command. 14 | 15 | ```bash 16 | make test-e2e 17 | ``` 18 | 19 | Run tests for specific pgBackRest version: 20 | 21 | ```bash 22 | make test-e2e TAG=2.46 23 | ``` 24 | 25 | SFTP support has appeared since pgBackrest `v2.46`. For `pgBackrest versions < v2.46` you need to use tests from `docker-pgbackrest v0.20` or earlier. 26 | 27 | ### Use SSH 28 | 29 | ```bash 30 | make test-e2e-ssh 31 | ``` 32 | 33 | or 34 | 35 | ```bash 36 | cd [docker-pgbackrest-root]/e2e_tests 37 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml up -d --build --force-recreate --always-recreate-deps pg-ssh 38 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-ssh.yml run --rm --name backup-ssh --no-deps backup-ssh 39 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-ssh.yml run --rm --name backup_alpine-ssh --no-deps backup_alpine-ssh 40 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-ssh.yml down 41 | ``` 42 | 43 | ### Use TLS 44 | 45 | ```bash 46 | make test-e2e-tls 47 | ``` 48 | 49 | or 50 | 51 | ```bash 52 | cd [docker-pgbackrest-root]/e2e_tests 53 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml up -d --build --force-recreate --always-recreate-deps pg-tls 54 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-tls.yml up -d --no-deps backup_server-tls 55 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-tls.yml run --rm --name backup-tls --no-deps backup-tls 56 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-tls.yml run --rm --name backup_alpine-tls --no-deps backup_alpine-tls 57 | BACKREST_UID=$(id -u) BACKREST_GID=$(id -g) docker compose -f docker-compose.sftp.yml -f docker-compose.s3.yml -f docker-compose.pg.yml -f docker-compose.backup-tls.yml down 58 | ``` 59 | 60 | ### Generate certificates and keys 61 | 62 | The certificates and keys in `e2e_tests` directory are used only for end-to-end tests and are not used for actual services. 63 | 64 | #### Nginx 65 | 66 | ```bash 67 | cd [docker-pgbackrest-root]/e2e_tests/conf/nginx 68 | 69 | openssl req -new -x509 -nodes -newkey rsa:4096 \ 70 | -days 99999 \ 71 | -subj "/CN=nginx-minio" \ 72 | -keyout nginx-selfsigned.key \ 73 | -out nginx-selfsigned.crt 74 | 75 | openssl x509 -in nginx-selfsigned.crt -text -noout 76 | ``` 77 | #### pgBackRest 78 | 79 | ```bash 80 | cd [docker-pgbackrest-root]/e2e_tests/conf/pgbackrest/cert 81 | 82 | # Test CA 83 | openssl genrsa -out pgbackrest-selfsigned-ca.key 4096 84 | 85 | openssl req -new -x509 -extensions v3_ca \ 86 | -days 99999 \ 87 | -subj "/CN=backrest-ca" \ 88 | -key pgbackrest-selfsigned-ca.key \ 89 | -out pgbackrest-selfsigned-ca.crt 90 | 91 | openssl x509 -in pgbackrest-selfsigned-ca.crt -text -noout 92 | 93 | # Server Test Certificate 94 | openssl genrsa -out pgbackrest-selfsigned-server.key 4096 95 | 96 | openssl req -new -nodes \ 97 | -out pgbackrest-selfsigned-server.csr \ 98 | -key pgbackrest-selfsigned-server.key \ 99 | -config pgbackrest-selfsigned-server.cnf 100 | 101 | openssl x509 -req -extensions v3_req -CAcreateserial \ 102 | -days 99999 \ 103 | -in pgbackrest-selfsigned-server.csr \ 104 | -CA pgbackrest-selfsigned-ca.crt \ 105 | -CAkey pgbackrest-selfsigned-ca.key \ 106 | -out pgbackrest-selfsigned-server.crt \ 107 | -extfile pgbackrest-selfsigned-server.cnf 108 | 109 | openssl x509 -in pgbackrest-selfsigned-server.crt -text -noout 110 | 111 | # Client Test Certificate 112 | openssl genrsa -out pgbackrest-selfsigned-client.key 4096 113 | 114 | openssl req -new -nodes \ 115 | -out pgbackrest-selfsigned-client.csr \ 116 | -key pgbackrest-selfsigned-client.key \ 117 | -config pgbackrest-selfsigned-client.cnf 118 | 119 | openssl x509 -req -extensions v3_req -CAcreateserial \ 120 | -days 99999 \ 121 | -in pgbackrest-selfsigned-client.csr \ 122 | -CA pgbackrest-selfsigned-ca.crt \ 123 | -CAkey pgbackrest-selfsigned-ca.key \ 124 | -out pgbackrest-selfsigned-client.crt \ 125 | -extfile pgbackrest-selfsigned-client.cnf 126 | 127 | openssl x509 -in pgbackrest-selfsigned-client.crt -text -noout 128 | ``` 129 | 130 | #### SSH and SFTP keys 131 | ```bash 132 | cd [docker-pgbackrest-root]/e2e_tests/conf/ssh 133 | 134 | # ssh keys rsa 135 | ssh-keygen -f ./id_rsa -t rsa -b 4096 -N "" -C "" 136 | 137 | # sftp keys rsa (not secure, but still very popular) 138 | ssh-keygen -f ./id_rsa_sftp -t rsa -b 4096 -N "" -C "" -m PEM 139 | 140 | # sftp keys ed25519 141 | ssh-keygen -f ./id_ed25519_sftp -t ed25519 -N "" -C "" 142 | 143 | # authorized_keys 144 | cat ./id_rsa.pub >> ./authorized_keys 145 | cat ./id_rsa_sftp.pub >> ./authorized_keys 146 | cat ./id_ed25519_sftp.pub >> ./authorized_keys 147 | ``` 148 | -------------------------------------------------------------------------------- /e2e_tests/conf/backup/backup_pgbackrest-ssh.conf: -------------------------------------------------------------------------------- 1 | [demo] 2 | pg1-path=/var/lib/postgresql/16/main 3 | pg1-host=pg-ssh 4 | pg1-user=postgres 5 | pg1-host-port=2222 6 | 7 | [global] 8 | # General options. 9 | log-level-console=warn 10 | start-fast=y 11 | # Repo 1 options (s3). 12 | repo1-type=s3 13 | repo1-s3-bucket=backup 14 | repo1-s3-endpoint=minio.local 15 | repo1-s3-key=demo 16 | repo1-s3-key-secret=demoPGBackup 17 | repo1-s3-region=us-west-1 18 | repo1-s3-uri-style=path 19 | repo1-path=/pg 20 | repo1-storage-port=443 21 | repo1-storage-verify-tls=n 22 | repo1-retention-diff=2 23 | repo1-retention-full=2 24 | # Repo 2 options (sftp rsa). 25 | repo2-path=/var/lib/pgbackrest 26 | repo2-sftp-host=sftp-rsa 27 | repo2-sftp-host-port=2222 28 | repo2-sftp-host-key-hash-type=sha1 29 | repo2-sftp-host-user=pgbackrest 30 | repo2-sftp-private-key-file=/home/pgbackrest/.ssh/id_rsa_sftp 31 | repo2-sftp-public-key-file=/home/pgbackrest/.ssh/id_rsa_sftp.pub 32 | repo2-type=sftp 33 | repo2-retention-full=2 34 | repo2-retention-diff=2 35 | # Repo 3 options (sftp ed25519). 36 | # repo3-path should be different than repo2-path in this case. 37 | # See https://github.com/pgbackrest/pgbackrest/issues/2418. 38 | repo3-path=/tmp/demo 39 | repo3-sftp-host=sftp-ed25519 40 | repo3-sftp-host-port=2222 41 | repo3-sftp-host-key-hash-type=sha256 42 | repo3-sftp-host-user=pgbackrest 43 | repo3-sftp-private-key-file=/home/pgbackrest/.ssh/id_ed25519_sftp 44 | repo3-sftp-public-key-file=/home/pgbackrest/.ssh/id_ed25519_sftp.pub 45 | repo3-type=sftp 46 | repo3-retention-full=2 47 | repo3-retention-diff=2 -------------------------------------------------------------------------------- /e2e_tests/conf/backup/backup_pgbackrest-tls.conf: -------------------------------------------------------------------------------- 1 | [demo] 2 | pg1-path=/var/lib/postgresql/16/main 3 | pg1-host=pg-tls 4 | pg1-user=postgres 5 | pg1-host-ca-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-ca.crt 6 | pg1-host-cert-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-client.crt 7 | pg1-host-key-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-client.key 8 | pg1-host-type=tls 9 | 10 | [global] 11 | # General options. 12 | log-level-console=warn 13 | start-fast=y 14 | # TLS server options. 15 | tls-server-address=* 16 | tls-server-cert-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-server.crt 17 | tls-server-key-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-server.key 18 | tls-server-ca-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-ca.crt 19 | tls-server-auth=pgbackrest-client=demo 20 | # Repo 1 options (minio). 21 | repo1-type=s3 22 | repo1-s3-bucket=backup 23 | repo1-s3-endpoint=minio.local 24 | repo1-s3-key=demo 25 | repo1-s3-key-secret=demoPGBackup 26 | repo1-s3-region=us-west-1 27 | repo1-s3-uri-style=path 28 | repo1-path=/pg 29 | repo1-storage-port=443 30 | repo1-storage-verify-tls=n 31 | repo1-retention-diff=2 32 | repo1-retention-full=2 33 | # Repo 2 options (local filesystem). 34 | repo2-path=/var/lib/pgbackrest 35 | repo2-retention-full=2 36 | repo2-retention-diff=2 37 | # Repo 3 options (sftp). 38 | repo3-path=/var/lib/pgbackrest 39 | repo3-sftp-host=sftp-rsa 40 | repo3-sftp-host-port=2222 41 | repo3-sftp-host-key-hash-type=sha1 42 | repo3-sftp-host-user=pgbackrest 43 | repo3-sftp-private-key-file=/home/pgbackrest/.ssh/id_rsa_sftp 44 | repo3-sftp-public-key-file=/home/pgbackrest/.ssh/id_rsa_sftp.pub 45 | repo3-type=sftp 46 | repo3-retention-full=2 47 | repo3-retention-diff=2 48 | -------------------------------------------------------------------------------- /e2e_tests/conf/backup/backup_prepare-ssh.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Exit on errors and on command pipe failures. 4 | set -e 5 | 6 | # Add hosts to known_hosts. 7 | # Necessary for pgBackRest to work correctly over ssh and sftp. 8 | ssh-keyscan -t rsa -p 2222 pg-ssh > ~/.ssh/known_hosts 9 | ssh-keyscan -t rsa -p 2222 sftp-rsa >> ~/.ssh/known_hosts 10 | ssh-keyscan -t ed25519 -p 2222 sftp-ed25519 >> ~/.ssh/known_hosts 11 | 12 | # Run pgBackRest test commands. 13 | pgbackrest stanza-create --stanza demo 14 | pgbackrest backup --stanza demo --type full --repo 1 15 | pgbackrest backup --stanza demo --type full --repo 2 16 | pgbackrest backup --stanza demo --type diff --repo 2 17 | pgbackrest backup --stanza demo --type full --repo 3 18 | 19 | # Get results. 20 | data_repo_1=$(pgbackrest info --stanza demo --repo 1) 21 | data_repo_2=$(pgbackrest info --stanza demo --repo 2) 22 | data_repo_3=$(pgbackrest info --stanza demo --repo 3) 23 | cnt_full_repo_1=$(echo "${data_repo_1}" | grep 'full backup' | wc -l) 24 | cnt_full_repo_2=$(echo "${data_repo_2}" | grep 'full backup' | wc -l) 25 | cnt_diff_repo_2=$(echo "${data_repo_2}" | grep 'diff backup' | wc -l) 26 | cnt_full_repo_3=$(echo "${data_repo_3}" | grep 'full backup' | wc -l) 27 | 28 | # Passed results. 29 | # For repo 1 (minio): 1 or 2 full backups. 30 | # For repo 2 (sftp): 1 or 2 full backups and 1 diff backup. 31 | # For repo 3 (sftp): 1 or 2 full backups. 32 | # In this script only 1 full backup is created, 33 | # but in the general pipeline (during makefile), 34 | # this script is launched in two services (backup-ssh and baclup_alpine-ssh), 35 | # so valid result is 1 or 2 value (for separate and together launch). 36 | # The diff backup will always be 1 (by this script), 37 | # since full are considered differential for the purpose of retention. 38 | # See https://github.com/pgbackrest/pgbackrest/blob/e699402f99f70819bd922eb6150fbe1b837eca0d/src/command/expire/expire.c#L192-L194 39 | if ([ "${cnt_full_repo_1}" -eq "1" ] || [ "${cnt_full_repo_1}" -eq "2" ]) && \ 40 | ([ "${cnt_full_repo_2}" -eq "1" ] || [ "${cnt_full_repo_2}" -eq "2" ]) && \ 41 | [ "${cnt_diff_repo_2}" -eq "1" ] && \ 42 | ([ "${cnt_full_repo_3}" -eq "1" ] || [ "${cnt_full_repo_3}" -eq "2" ]) 43 | then 44 | echo "[INFO] all tests passed" 45 | exit 0 46 | else 47 | echo "[ERROR] some tests failed" 48 | echo "[ERROR] full backup in repo 1: ${cnt_full_repo_1}, valid values: 1 or 2" 49 | echo "${data_repo_1}" 50 | echo "[ERROR] full backup in repo 2: ${cnt_full_repo_2}, valid values: 1 or 2" 51 | echo "[ERROR] diff backup in repo 2: ${cnt_diff_repo_2}, valid value: 1" 52 | echo "${data_repo_2}" 53 | echo "[ERROR] full backup in repo 3: ${cnt_full_repo_3}, valid values: 1 or 2" 54 | echo "${data_repo_3}" 55 | exit 1 56 | fi 57 | -------------------------------------------------------------------------------- /e2e_tests/conf/backup/backup_prepare-tls.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Exit on errors and on command pipe failures. 4 | set -e 5 | 6 | # Add hosts to known_hosts. 7 | # Necessary for pgBackRest to work correctly over sftp. 8 | ssh-keyscan -t rsa -p 2222 sftp-rsa >> ~/.ssh/known_hosts 9 | 10 | # Run pgBackRest test commands. 11 | pgbackrest stanza-create --stanza demo 12 | pgbackrest backup --stanza demo --type full --repo 1 13 | pgbackrest backup --stanza demo --type full --repo 2 14 | pgbackrest backup --stanza demo --type diff --repo 2 15 | pgbackrest backup --stanza demo --type full --repo 3 16 | 17 | # Get results. 18 | data_repo_1=$(pgbackrest info --stanza demo --repo 1) 19 | data_repo_2=$(pgbackrest info --stanza demo --repo 2) 20 | data_repo_3=$(pgbackrest info --stanza demo --repo 3) 21 | cnt_full_repo_1=$(echo "${data_repo_1}" | grep 'full backup' | wc -l) 22 | cnt_full_repo_2=$(echo "${data_repo_2}" | grep 'full backup' | wc -l) 23 | cnt_diff_repo_2=$(echo "${data_repo_2}" | grep 'diff backup' | wc -l) 24 | cnt_full_repo_3=$(echo "${data_repo_3}" | grep 'full backup' | wc -l) 25 | 26 | # Passed results. 27 | # For repo 1 (minio): 1 or 2 full backups. 28 | # For repo 2 (tls server): 1 or 2 full backups and 1 diff backup. 29 | # For repo 3 (sftp): 1 or 2 full backups. 30 | # In this script only 1 full backup is created, 31 | # but in the general pipeline (during makefile), 32 | # this script is launched in two services (backup-tls and baclup_alpine-tls), 33 | # so valid result is 1 or 2 value (for separate and together launch). 34 | # The diff backup will always be 1 (by this script), 35 | # since full are considered differential for the purpose of retention. 36 | # See https://github.com/pgbackrest/pgbackrest/blob/e699402f99f70819bd922eb6150fbe1b837eca0d/src/command/expire/expire.c#L192-L194 37 | if ([ "${cnt_full_repo_1}" -eq "1" ] || [ "${cnt_full_repo_1}" -eq "2" ]) && \ 38 | ([ "${cnt_full_repo_2}" -eq "1" ] || [ "${cnt_full_repo_2}" -eq "2" ]) && \ 39 | [ "${cnt_diff_repo_2}" -eq "1" ] && \ 40 | ([ "${cnt_full_repo_3}" -eq "1" ] || [ "${cnt_full_repo_3}" -eq "2" ]) 41 | then 42 | echo "[INFO] all tests passed" 43 | exit 0 44 | else 45 | echo "[ERROR] some tests failed" 46 | echo "[ERROR] full backup in repo 1: ${cnt_full_repo_1}, valid values: 1 or 2" 47 | echo "${data_repo_1}" 48 | echo "[ERROR] full backup in repo 2: ${cnt_full_repo_2}, valid values: 1 or 2" 49 | echo "[ERROR] diff backup in repo 2: ${cnt_diff_repo_2}, valid value: 1" 50 | echo "${data_repo_2}" 51 | echo "[ERROR] full backup in repo 3: ${cnt_full_repo_3}, valid values: 1 or 2" 52 | echo "${data_repo_3}" 53 | exit 1 54 | fi 55 | -------------------------------------------------------------------------------- /e2e_tests/conf/nginx/nginx-selfsigned.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEqjCCApICCQDw2G6osXeZrTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtu 3 | Z2lueC1taW5pbzAgFw0yMjA0MTExOTI2NDNaGA8yMjk2MDEyNDE5MjY0M1owFjEU 4 | MBIGA1UEAwwLbmdpbngtbWluaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK 5 | AoICAQCuXGXl8K3CTiLD59aO4UEt7TmFWrF+lC06B6XzMYnzPdP/CBSL5H5TWW+v 6 | vm4wtU8BJbCuMB3vwA/9+YQlaJskN5qIZ8NaPe9UYloEULD419e/pIW/OtX59/Kh 7 | 1rrGY237NCcPkioaEfeWUXYRtRZd3Y06KGDzLLRCbEPxdtF/pg6UgmECbitWorOC 8 | UOGY2JpA14pBQlVe7X++u70F2GHNwxE1aYamly/mLsgzSQg9bAA/fmVqQCKG903o 9 | EJbH2671E78sR+NOx0tqoUCPs4Z7StA4DKZiX7TQJ1kpx/xOHGS5ZtnRAw36mI8J 10 | +1tNyTmldoXCmsvB0N9Zqz6XJLC5LfxtKvNm5pm9Td4ZPfKF5blds1ESZHbP9R09 11 | ZT3qPvYqKFx1+QZD1nyIU+zZpLuNaZzzZHIe0AiyDChJXBpSmZ7JjgBU3oFF0OVL 12 | +p7SKpZA2iRYw5jE4wbSZb+SsWpPBM9YHsVH7fsYimOwS9MN5vFJP51sT37fSyoY 13 | wC+/jpTQbn/29dHBAVpPIdnWUgJcu1eAHr6lJcrgyXthoheQKkhTsaUKP29WotKQ 14 | M7oJd9lFqr5of8jrEQtnZoHO4WaXsBGM+vmgHFJe8HjV4GuP9gzUPskPdGuCSKCM 15 | lqN3v+45MqgUehZ2iItKLLJdZxloYZ13Q50bLqaQJZBalwauVwIDAQABMA0GCSqG 16 | SIb3DQEBCwUAA4ICAQBPmwT/IfQKnEk7Y/tsq4ovWFjQyO5Gyx/Qe6VQIXEWAdPb 17 | UgUT3BkD0f50TcMUMHW3RyAdoa94MZvZ881f8UjcXH8X3Q0VB4aoDQwR2dAkydSp 18 | Z2MnpphPiW2pky4BK1yJL7ul7pQKEV8WAAh2XdSuI4VEvmTaIyYOh1QhVK2BWW18 19 | w8nzAkhcDUWMcv8oFzUqxucfxYs3KhM4kIEUp1WXDwXTKwYddtC5Qsso+7gP34Ek 20 | vDtdDVXO+X1XGp7O7Q289V75+oI3Vcya88t0GcAK9ezYTAO2RQJinTJmvrji39fY 21 | hLyWKffKt3kw09q7ap9qu5/Yv0PRmV1LB1/1J0pHiGx6qXPxwv/HMlmlVFdYNjol 22 | TzQpE0vgJ/JeEhg3vV2Ut27DFLps8bsErgSO71RxJf8g16Et3jR/fuCpm8OVxDEJ 23 | 6qUwa0uh0lj1JRnN3ydbMgnmplYHZ9QrtS+11OQ4rBV15VdcQMxYXD/2ZK1UVDYN 24 | qUN7MrkkDGHRN/azzJ8nmnlgOg6IKCG8Hv9X/mZVOM+7SBYAwUQFLC9o3wvpsoMu 25 | iqapulqaHRBiZqZTEvqth6iKwUsqslJhfBquXuIzKhJ1Azq0BGI9fjPMff26ncgM 26 | EZyMzLRDidxDMilZ8+oYZ7xptpk8ltOTTrevasrmn1nCIZOPQLbO+DiFxB1O9A== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /e2e_tests/conf/nginx/nginx-selfsigned.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCuXGXl8K3CTiLD 3 | 59aO4UEt7TmFWrF+lC06B6XzMYnzPdP/CBSL5H5TWW+vvm4wtU8BJbCuMB3vwA/9 4 | +YQlaJskN5qIZ8NaPe9UYloEULD419e/pIW/OtX59/Kh1rrGY237NCcPkioaEfeW 5 | UXYRtRZd3Y06KGDzLLRCbEPxdtF/pg6UgmECbitWorOCUOGY2JpA14pBQlVe7X++ 6 | u70F2GHNwxE1aYamly/mLsgzSQg9bAA/fmVqQCKG903oEJbH2671E78sR+NOx0tq 7 | oUCPs4Z7StA4DKZiX7TQJ1kpx/xOHGS5ZtnRAw36mI8J+1tNyTmldoXCmsvB0N9Z 8 | qz6XJLC5LfxtKvNm5pm9Td4ZPfKF5blds1ESZHbP9R09ZT3qPvYqKFx1+QZD1nyI 9 | U+zZpLuNaZzzZHIe0AiyDChJXBpSmZ7JjgBU3oFF0OVL+p7SKpZA2iRYw5jE4wbS 10 | Zb+SsWpPBM9YHsVH7fsYimOwS9MN5vFJP51sT37fSyoYwC+/jpTQbn/29dHBAVpP 11 | IdnWUgJcu1eAHr6lJcrgyXthoheQKkhTsaUKP29WotKQM7oJd9lFqr5of8jrEQtn 12 | ZoHO4WaXsBGM+vmgHFJe8HjV4GuP9gzUPskPdGuCSKCMlqN3v+45MqgUehZ2iItK 13 | LLJdZxloYZ13Q50bLqaQJZBalwauVwIDAQABAoICAFjftfzPgfIBm8zZlk672FpN 14 | ib1EbiaD5s2malscjCFVCYL8HmTz8cQQWVJuMYJYWE3QZU9ULV4wOraNAWOD/1gl 15 | k3ol0bhky2Hqw9FhQ+ODOXBwrs+7cKf6T01Yw1kuAzhA7AwOx7EEKXwQR6tc72qm 16 | 7D6RqGErDzKwNq2Uj9KN1O6zyjjP6P0+71rkWSlsdqvIcasz4YoCatPQo9ef5LJZ 17 | 1KKyCDVP6NVeUSN6/V05eKLkjVLsH+1FjwtTsVdrzbEUAKTUe7OC+BkA2oSk0E51 18 | 4s4+/Gw2NlbHR7Z5PkyeQmUSXMIh2XU7X+WJno92mxCQ6js4ZdWD3uS42a12wTC7 19 | DZe7tPAO9tGgVDZRwQYM00Nv09eGV2/1TEDnj1cGMn7NjCbCB0A2qq6Z5zPLJScP 20 | AFBuFIn9qgEF0KfUVmucUVz2S4ZxbBcwB9M7uTi6M3YwAyUSg5m59TvJTu6XzQXD 21 | 4OUbCvJIVmowjDu28RnoggPqVRb0KAW2Dvftzt919SeymGoo0o60V/qYtK8zw7ku 22 | LF0NpXTVsoIL4KaMHPPFxx/WDTY05OaqC+EZFYZwJQWUUh1/77dnu3DRVdCP9OMh 23 | 5Y+MYMaOV3z/6s2LkHEkvuJo0b3ynCBnxcHyhY10gt9+w57R/uSoZTRZAQDexv3o 24 | sKGJh6hlNJARbuvlEYgpAoIBAQDbQgQDdgMrCrxmlociDCnuLmCEHk4eG5CL9LJW 25 | 97GXBWpoDsUud6ThTuZ5BLraj6LZjYw55o63yBbFjGF1KCPEdockBz+uWy1OJ6tR 26 | KH9QW2boAO2AXIw7EBd0+1TyGZdaL6pwTB0rOwXNASTW15r1OcRm8fPt86Xaf6mS 27 | CB5XszytT5ALpsqySqLmm/QXEz2VDNod+i40q4Hljywbs86hmDNH4L3pdkEJ8eGS 28 | EOKVkQChEJ+5rj03IVwRRm85HoudOQP0r5QThhp/fLcTwPltaUvaP0skoDZh3UAl 29 | mde4DQ7t4gT2AVVKvvLhWkab2bRBc0yUDlCQv/FH96boG1e1AoIBAQDLlFcLBbfB 30 | mydCG+BDCOpjFS7td1Rc7QFwGZMkZ5lhgjfQtiByiKgnkwqmOLRdHMOP171RBiH5 31 | 29823t9ZhX3Yd9XW+50dzFnpCIlYZtEfADrmr77Abdc9o+98MPL0EPfJt56Rzb07 32 | QvJiehuq9TRSJcdJVMspGDImxsoYKXl+4gY4DKlFdy30Vc9PTXzDACChIjqywavh 33 | XRwnRaWVMw4gEP0k7sKBrV9EXDOjzzZtlhhJsdEQvNQ4E761A3Iwgy+WicYYfNVs 34 | Vs5QDGy8FSTWFg4ndW38sLgiVn55fJQBl8tjrA+7xJTKL/YK6BCKzLcAfLtXWWCV 35 | 2MkrFRvoQx1bAoIBAQDRpxxDWvLIk2l3BvSMH+lwMLRlYLz9mQnsabyl4A7WA32t 36 | poHxXsIwFsvWaClrl/D16Z1uOAG7xf3QQ91ks08QKu4qCyxfQhveIZx07C5g3iVW 37 | LpzrIpOMXmSvnSuqm8HXoMBuxLkXf0aasj9Rl7Q6TFR6w1yl6VZryaqRUmYBIggh 38 | CHUKTyB+v1NpAzKxZdp6zWE7TOAlyOFaaj6Y9qPcbLaMQmAV/tdN9RXmH3Mp5Q8e 39 | 89BnMi6iqqloc1si2QxS+BPKQqFq0c5AnTZKEznt3sODGwZ1LSUTCwatbZ+SBBqE 40 | aJypxriR0mhYB4SAvfjYpLFS2SU8Y+0JDctxIcQJAoIBAQCkeVBpo1D2pjdtfcAN 41 | 6KIVMwQa7pHGEeVbgA4VF24gDWiywrIsVqQkdPPhn2Z448hL6m0VjPLePvl0B1RD 42 | q0olHYwyiE5DyNnLIA520XqapUDxJ4PhS9zd/Bh8Kb/f1+WZnzQJcEM2IbxaO3Un 43 | BbwjsknzwQHyTY4XLfwQ0VFLZajIl9IaQVNrV/iJhX0KvoueI11xFm+bP/KC+A3z 44 | ILCEz7T1pcCXrE6PmD5QVhUPLHiq8XKLJ0P9mlY1QHd9Ij/MS7s0BYcYZHmCysb+ 45 | ncaJAICm+ITH5q6db2v3EuMw9kZoXJbJiOT9BQqvfRYATax8REnHJHqYFfFRUVie 46 | qbqJAoIBAHaF+EjqSnkhlWDESzCXweuacJfhYbe8gSAUSFdY4Ut6ErSvsbrSL39g 47 | Cih8Rz9kIYuLJWwuOdlUt9eRLu/GDQcSmgL1YqBe60n0eZdXMdEh03Mbu8evp6Lo 48 | Oals9aVw/g4pReD8T+PMvF3kUmzb7V9KPLuTS52jAwqD3q6Our8bawlWpSP0s3Ue 49 | eGibHur8e//1pbIwKmD5S5ZBy54WoWcD/X2OMK5S5lK2YbfNdzwUQrAB5rveud5S 50 | eO4Hxxku2fl7jhCSZZdB4AkcHza7kEzjBPXvoXJIsq2zdD6SYGJL5detj4O/HP6Q 51 | hCRn9PoiESsiQcH2kM2/s/8/QR6qS6c= 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /e2e_tests/conf/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 4096; 9 | } 10 | 11 | 12 | http { 13 | include /etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log /var/log/nginx/access.log main; 21 | sendfile on; 22 | keepalive_timeout 65; 23 | 24 | upstream minio { 25 | server minio:9000; 26 | } 27 | 28 | server { 29 | 30 | listen 443 ssl; 31 | 32 | server_name minio.local; 33 | 34 | ssl_certificate /etc/nginx/nginx-selfsigned.crt; 35 | ssl_certificate_key /etc/nginx/nginx-selfsigned.key; 36 | 37 | # To allow special characters in headers 38 | ignore_invalid_headers off; 39 | # Allow any size file to be uploaded. 40 | # Set to a value such as 1000m; to restrict file size to a specific value 41 | client_max_body_size 0; 42 | # To disable buffering 43 | proxy_buffering off; 44 | 45 | location / { 46 | proxy_set_header X-Real-IP $remote_addr; 47 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 48 | proxy_set_header X-Forwarded-Proto $scheme; 49 | proxy_set_header Host $http_host; 50 | 51 | proxy_connect_timeout 300; 52 | # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 53 | proxy_http_version 1.1; 54 | proxy_set_header Connection ""; 55 | chunked_transfer_encoding off; 56 | 57 | proxy_pass http://minio; # If you are using docker-compose this would be the hostname i.e. minio 58 | # Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/ 59 | # /minio/health/live; 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG BACKREST_VERSION="2.55.1" 2 | ARG CONTAINER_TYPE="ssh" 3 | ARG PG_VERSION="16" 4 | 5 | FROM pgbackrest:${BACKREST_VERSION} AS pg_base 6 | ARG PG_VERSION 7 | ARG CONTAINER_TYPE 8 | ENV BACKREST_USER="postgres" \ 9 | BACKREST_GROUP="postgres" \ 10 | PG_VERSION="${PG_VERSION}" 11 | RUN apt-get update -y \ 12 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 13 | curl \ 14 | gnupg \ 15 | lsb-release \ 16 | && curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg \ 17 | && echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" \ 18 | > /etc/apt/sources.list.d/pgdg.list 19 | RUN apt-get update -y \ 20 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 21 | apt-utils \ 22 | postgresql-${PG_VERSION} \ 23 | postgresql-contrib-${PG_VERSION} \ 24 | openssh-server \ 25 | rsyslog \ 26 | && apt-get autoremove -y \ 27 | && apt-get autopurge -y \ 28 | && rm -rf /var/lib/apt/lists/* 29 | COPY --chmod=640 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/pg/postgresql.auto.conf /var/lib/postgresql/${PG_VERSION}/main/postgresql.auto.conf 30 | COPY --chmod=755 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/pg/pg_prepare-${CONTAINER_TYPE}.sh /var/lib/postgresql/pg_prepare.sh 31 | COPY --chmod=640 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/pg/pg_pgbackrest-${CONTAINER_TYPE}.conf /etc/pgbackrest/pgbackrest.conf 32 | 33 | FROM pg_base AS pg-ssh 34 | RUN mkdir -p -m 700 \ 35 | /var/lib/postgresql/.ssh \ 36 | /var/lib/postgresql/sshd \ 37 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 38 | /var/lib/postgresql/.ssh \ 39 | /var/lib/postgresql/sshd 40 | COPY --chmod=600 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/ssh /var/lib/postgresql/.ssh 41 | COPY --chmod=600 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/pg/sshd /var/lib/postgresql/sshd 42 | 43 | FROM pg_base AS pg-tls 44 | RUN mkdir -p -m 700 \ 45 | /var/lib/postgresql/.ssh \ 46 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 47 | /var/lib/postgresql/.ssh 48 | # Copy onle id_rsa_sftp and d_rsa_sftp.pub. 49 | COPY --chmod=600 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/ssh/id_rsa_sftp* /var/lib/postgresql/.ssh/ 50 | COPY --chmod=600 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/pgbackrest/cert /etc/pgbackrest/cert 51 | 52 | FROM pg-${CONTAINER_TYPE} 53 | ENTRYPOINT ["/entrypoint.sh"] 54 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/pg_pgbackrest-ssh.conf: -------------------------------------------------------------------------------- 1 | [demo] 2 | pg1-path=/var/lib/postgresql/16/main 3 | 4 | [global] 5 | # General options. 6 | log-level-console=warn 7 | start-fast=y 8 | # Repo 1 options (s3). 9 | repo1-type=s3 10 | repo1-s3-bucket=backup 11 | repo1-s3-endpoint=minio.local 12 | repo1-s3-key=demo 13 | repo1-s3-key-secret=demoPGBackup 14 | repo1-s3-region=us-west-1 15 | repo1-s3-uri-style=path 16 | repo1-path=/pg 17 | repo1-storage-port=443 18 | repo1-storage-verify-tls=n 19 | repo1-retention-diff=2 20 | repo1-retention-full=2 21 | # Repo 2 options (sftp rsa). 22 | repo2-path=/var/lib/pgbackrest 23 | repo2-sftp-host=sftp-rsa 24 | repo2-sftp-host-port=2222 25 | repo2-sftp-host-key-hash-type=sha1 26 | repo2-sftp-host-user=pgbackrest 27 | repo2-sftp-private-key-file=/var/lib/postgresql/.ssh/id_rsa_sftp 28 | repo2-sftp-public-key-file=/var/lib/postgresql/.ssh/id_rsa_sftp.pub 29 | repo2-type=sftp 30 | repo2-retention-full=2 31 | repo2-retention-diff=2 32 | # Repo 3 options (sftp ed25519). 33 | repo3-path=/tmp/demo 34 | repo3-sftp-host=sftp-ed25519 35 | repo3-sftp-host-port=2222 36 | repo3-sftp-host-key-hash-type=sha256 37 | repo3-sftp-host-user=pgbackrest 38 | repo3-sftp-private-key-file=/var/lib/postgresql/.ssh/id_ed25519_sftp 39 | repo3-sftp-public-key-file=/var/lib/postgresql/.ssh/id_ed25519_sftp.pub 40 | repo3-type=sftp 41 | repo3-retention-full=2 42 | repo3-retention-diff=2 -------------------------------------------------------------------------------- /e2e_tests/conf/pg/pg_pgbackrest-tls.conf: -------------------------------------------------------------------------------- 1 | [demo] 2 | pg1-path=/var/lib/postgresql/16/main 3 | 4 | [global] 5 | # General options. 6 | log-level-console=warn 7 | start-fast=y 8 | # TLS server options. 9 | tls-server-address=* 10 | tls-server-cert-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-server.crt 11 | tls-server-key-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-server.key 12 | tls-server-ca-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-ca.crt 13 | tls-server-auth=pgbackrest-client=demo 14 | # Repo 1 options. 15 | repo1-type=s3 16 | repo1-s3-bucket=backup 17 | repo1-s3-endpoint=minio.local 18 | repo1-s3-key=demo 19 | repo1-s3-key-secret=demoPGBackup 20 | repo1-s3-region=us-west-1 21 | repo1-s3-uri-style=path 22 | repo1-path=/pg 23 | repo1-storage-port=443 24 | repo1-storage-verify-tls=n 25 | repo1-retention-diff=2 26 | repo1-retention-full=2 27 | # Repo 2 options. 28 | repo2-host-type=tls 29 | repo2-host=backup_server-tls 30 | repo2-path=/var/lib/pgbackrest 31 | repo2-host-cert-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-client.crt 32 | repo2-host-key-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-client.key 33 | repo2-host-ca-file=/etc/pgbackrest/cert/pgbackrest-selfsigned-ca.crt 34 | repo2-retention-full=2 35 | repo2-retention-diff=2 36 | # Repo 3 options (sftp). 37 | repo3-path=/var/lib/pgbackrest 38 | repo3-sftp-host=sftp-rsa 39 | repo3-sftp-host-port=2222 40 | repo3-sftp-host-key-hash-type=sha1 41 | repo3-sftp-host-user=pgbackrest 42 | repo3-sftp-private-key-file=/var/lib/postgresql/.ssh/id_rsa_sftp 43 | repo3-sftp-public-key-file=/var/lib/postgresql/.ssh/id_rsa_sftp.pub 44 | repo3-type=sftp 45 | repo3-retention-full=2 46 | repo3-retention-diff=2 -------------------------------------------------------------------------------- /e2e_tests/conf/pg/pg_prepare-ssh.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Exit on errors and on command pipe failures. 4 | set -e 5 | 6 | # PG_VERSION is set in the container's environment variables. 7 | PG_CLUSTER="main" 8 | PG_BIN="/usr/lib/postgresql/${PG_VERSION}/bin" 9 | PG_DATA="/var/lib/postgresql/${PG_VERSION}/${PG_CLUSTER}" 10 | # Start sshd. 11 | /usr/sbin/sshd -f ~/sshd/sshd_config 12 | 13 | # Add host to known_hosts. 14 | # Necessary for pgBackRest to work correctly over sftp. 15 | ssh-keyscan -t rsa -p 2222 sftp-rsa > ~/.ssh/known_hosts 16 | ssh-keyscan -t ed25519 -p 2222 sftp-ed25519 >> ~/.ssh/known_hosts 17 | 18 | # Start postgres. 19 | pg_ctlcluster ${PG_VERSION} ${PG_CLUSTER} start --foreground 20 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/pg_prepare-tls.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Exit on errors and on command pipe failures. 4 | set -e 5 | 6 | # PG_VERSION is set in the container's environment variables. 7 | PG_CLUSTER="main" 8 | PG_BIN="/usr/lib/postgresql/${PG_VERSION}/bin" 9 | PG_DATA="/var/lib/postgresql/${PG_VERSION}/${PG_CLUSTER}" 10 | 11 | # Add host to known_hosts. 12 | # Necessary for pgBackRest to work correctly over sftp. 13 | ssh-keyscan -t rsa -p 2222 sftp-rsa > ~/.ssh/known_hosts 14 | 15 | # Start postgres. 16 | pg_ctlcluster ${PG_VERSION} ${PG_CLUSTER} start --foreground 17 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/postgresql.auto.conf: -------------------------------------------------------------------------------- 1 | archive_command = 'pgbackrest archive-push --stanza=demo %p' 2 | archive_mode = on 3 | listen_addresses = '*' 4 | max_wal_senders = 3 5 | wal_level = replica 6 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/sshd/ssh_host_rsa_key: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAgEAs4M8l2jLmzzyAPsTy+ypouUckCkVmL9wGFQ5BasYPb7auL/JLhs5 4 | Ot0PQ+24lw++sD1GhCxOnuZUTCvViDUmttKSCyX3Ssdsa7Ep+53tTyiaz09R1XTDIugEIx 5 | gLeYF54JdY4zBoL9F4/G5/R/rkDDDJMjXPaqvAa6RE69wfT8QLpleokxmnxSu0m0gbtyMN 6 | Zcb8GPLyeJ/mjmmslFLiyW4ZmKdlkJfpCkIeGnPWsic6+aYmZhMS4AZCEHabtuZvHJYGlJ 7 | d697I59AFEeb9UcVQQzJb/bPBh/wBK7jjh+XSCBHKMDsuXAWIc/h4lg21xjC8S2DG76RMt 8 | DLMq8/KrOheQIvKSkJhis4RDDtawVcg7WBkcdta8/jY5T+kBS2JoxbykKiDfxN5lXHdCby 9 | laeDWs633V7dsr13UkvTlpeX7q4lh+guyCiHYv/DiE6Un16FRTXBGdwnAsZPiV8yC7tZlS 10 | lLKU2afPZ9W4RNC9NfiKbm0qyaKSXkMJuA6069CeOiXRASX7q655gQhIHfhHwNaCkGuqCG 11 | beVkfE+Qyzh9EaGWLOvAiHkMK/GgXU4SZgW7j51Q816ZKitUTKLLdUMQFy8KtPDVXygejZ 12 | m9diSGWl0cnu460LwhrsD20O5ggJEku5yxY9f6guWAsd4n3WHiBLhmW42Ye+Jnv/q4iRV3 13 | UAAAdIvCN9ULwjfVAAAAAHc3NoLXJzYQAAAgEAs4M8l2jLmzzyAPsTy+ypouUckCkVmL9w 14 | GFQ5BasYPb7auL/JLhs5Ot0PQ+24lw++sD1GhCxOnuZUTCvViDUmttKSCyX3Ssdsa7Ep+5 15 | 3tTyiaz09R1XTDIugEIxgLeYF54JdY4zBoL9F4/G5/R/rkDDDJMjXPaqvAa6RE69wfT8QL 16 | pleokxmnxSu0m0gbtyMNZcb8GPLyeJ/mjmmslFLiyW4ZmKdlkJfpCkIeGnPWsic6+aYmZh 17 | MS4AZCEHabtuZvHJYGlJd697I59AFEeb9UcVQQzJb/bPBh/wBK7jjh+XSCBHKMDsuXAWIc 18 | /h4lg21xjC8S2DG76RMtDLMq8/KrOheQIvKSkJhis4RDDtawVcg7WBkcdta8/jY5T+kBS2 19 | JoxbykKiDfxN5lXHdCbylaeDWs633V7dsr13UkvTlpeX7q4lh+guyCiHYv/DiE6Un16FRT 20 | XBGdwnAsZPiV8yC7tZlSlLKU2afPZ9W4RNC9NfiKbm0qyaKSXkMJuA6069CeOiXRASX7q6 21 | 55gQhIHfhHwNaCkGuqCGbeVkfE+Qyzh9EaGWLOvAiHkMK/GgXU4SZgW7j51Q816ZKitUTK 22 | LLdUMQFy8KtPDVXygejZm9diSGWl0cnu460LwhrsD20O5ggJEku5yxY9f6guWAsd4n3WHi 23 | BLhmW42Ye+Jnv/q4iRV3UAAAADAQABAAACAEiPEVy59SKIXeFbm0LgJCk9pm/2y030g2Cy 24 | GmJaJ/A9RrdKfgzu4BEU7Witm+EjchZWjjw6lITR4NzxEtx9b2qSbomnDO/i78YP1EJqMV 25 | O/u+Nz0kYPbhib46Azxd+VIChRxJIALPy3FMoj97qmhKsQxSJQcchSJ/LacSlMzjM1sOfJ 26 | os/inNertNLXMKyztGShK6ECAlQTfeOufx1s61Iz+JCliP4LCR0mYHicvflAtivWpsq3hv 27 | eaT/XLm2Ewf1T0pzBEkmWwWpBwOrdjSMSOEERB/HiSKWojOiZUQ7LLDwqxKj+Itz7N454r 28 | nUokYLMjC+DrKWMqZxktCn2UZvTkGKYUIOaD82KDO8Th02ahIfqcNXCE0m8+Jxq0CqGSCM 29 | wLdaEb5Hm7lJLnvK8cIqEXwrMNK60MLfa5yYlzd9btDxm+OtI/VfD1pD/rYAfNDW2nlkgI 30 | nfFqPAvrh63wlm8CrjjXHKG+rq3dlODdwu30HywY0DerPWNcLARM3IPycJWiPxNVn6Nzbh 31 | 3iA6sHC06kIh9wqmMdRNYb78BZMofkgziSKCK9QU9/0NNYVvmXMikcqnqLx1D/IY0TwnBt 32 | 50stwTrtqT1xkbt7/Z1Uk2IM+4RlYfN9R4eW1pr2XZa+vjBVFRHdSs0gpFIUhhkS3TY2xG 33 | Dso27QiYCeWs2qBWZ5AAABAGh1m60v64RKasiyGTQvBggMVtPRFv2WbaAoPNhZNo+vudN9 34 | BACexY9/JzD3PH0DeImWfGDzuIsGQQK4KcKsaW2fElDdFuGf14guIUeOP9kXlV0pbNJdSW 35 | M3CPm0B9wkwdLr3VDtFhwF3XYNXnJAXstXrVztrRlv2CiczVraFEEAIbm328zhcSkQy6q2 36 | Pd/JHWr5dFoVpZFSVFLDERWjAp366xfYN8a1cV8ssaH7EyQgjYxYZ2/ek3b8BNl5piW4WO 37 | Gej08KvtsSXLBngNHiGgGqSBoo9xQLwNATN39tvAspemoqItPJlVJ+fRlAl0tquZLCZKix 38 | O/xTGXFi6zR+028AAAEBAOwly0jgV34ZXwhtk1GvxXm28u19rzmLIjhbTleOvMXkCnoWnQ 39 | MVu0SkwaOtWfiSGkwCyMV0aD7i9DxkSsLhezLTtN8NQKZWKroCFkST63zmigqmyRMx/o8S 40 | D9vmyo5vxI87JAK63o/z9v8z46DhuC5u9ycyAC9eoT5nmfzolye/mS2lUuZJDssuQNXoQM 41 | wVTyFd96Sk6m/mdrCgoduP5LHbzdJ6+laWeA1ZxLbbPypei5TQ7k28RvBZiDUrEhnGOf6f 42 | 5BCYO2RwFr/VIC9xeZ0nDqaPES48NchMJBh6uzGjVV4csu2YenbUxo/1x5JFPGjsmamlEN 43 | DZAgniC6GQgMsAAAEBAMKalWOfXzqLwYvB6+CdSlp0vfE6ztwKVTYlqo/AyAxFC3gJa1D0 44 | XprU7uaHHqdEIb2jJn2PBJ3SOVSeyPc0dCam37lfyB6Miierks6odhGpqEQH7BZjUYhpYf 45 | gjhLmbNbOCYww5r19d60xGlWLE+hjqi2Ta4bs1TFIMUg2xV0dui3MDSgG97b8AA2im5173 46 | 9eXD00uN2IW5x0Srp0wrr7uxcPNCuE66/XH1Bqu1QDPAZ2n1EjjYs9ThojcJO4IrXK+OI1 47 | 064MKbtXW9PxR/2Txyw/rb/xynLspv9+JdMAiVVSTDKVaA7kZsO3GbXLkPGk8cDXxjTg8V 48 | /hS6ad9bwL8AAAAPd29ibGVyckBtb3ZlQWlyAQIDBA== 49 | -----END OPENSSH PRIVATE KEY----- 50 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/sshd/ssh_host_rsa_key.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzgzyXaMubPPIA+xPL7Kmi5RyQKRWYv3AYVDkFqxg9vtq4v8kuGzk63Q9D7biXD76wPUaELE6e5lRMK9WINSa20pILJfdKx2xrsSn7ne1PKJrPT1HVdMMi6AQjGAt5gXngl1jjMGgv0Xj8bn9H+uQMMMkyNc9qq8BrpETr3B9PxAumV6iTGafFK7SbSBu3Iw1lxvwY8vJ4n+aOaayUUuLJbhmYp2WQl+kKQh4ac9ayJzr5piZmExLgBkIQdpu25m8clgaUl3r3sjn0AUR5v1RxVBDMlv9s8GH/AEruOOH5dIIEcowOy5cBYhz+HiWDbXGMLxLYMbvpEy0Msyrz8qs6F5Ai8pKQmGKzhEMO1rBVyDtYGRx21rz+NjlP6QFLYmjFvKQqIN/E3mVcd0JvKVp4NazrfdXt2yvXdSS9OWl5furiWH6C7IKIdi/8OITpSfXoVFNcEZ3CcCxk+JXzILu1mVKUspTZp89n1bhE0L01+IpubSrJopJeQwm4DrTr0J46JdEBJfurrnmBCEgd+EfA1oKQa6oIZt5WR8T5DLOH0RoZYs68CIeQwr8aBdThJmBbuPnVDzXpkqK1RMost1QxAXLwq08NVfKB6Nmb12JIZaXRye7jrQvCGuwPbQ7mCAkSS7nLFj1/qC5YCx3ifdYeIEuGZbjZh74me/+riJFXdQ== 2 | -------------------------------------------------------------------------------- /e2e_tests/conf/pg/sshd/sshd_config: -------------------------------------------------------------------------------- 1 | # Package generated configuration file 2 | # See the sshd_config(5) manpage for details 3 | 4 | # What ports, IPs and protocols we listen for 5 | Port 2222 6 | # Use these options to restrict which interfaces/protocols sshd will bind to 7 | #ListenAddress :: 8 | #ListenAddress 0.0.0.0 9 | Protocol 2 10 | # HostKeys for protocol version 2 11 | HostKey /var/lib/postgresql/sshd/ssh_host_rsa_key 12 | 13 | 14 | # Logging 15 | SyslogFacility AUTH 16 | LogLevel INFO 17 | 18 | # Authentication: 19 | LoginGraceTime 120 20 | PermitRootLogin no 21 | StrictModes yes 22 | 23 | PubkeyAuthentication yes 24 | AuthorizedKeysFile %h/.ssh/authorized_keys 25 | 26 | # Don't read the user's ~/.rhosts and ~/.shosts files 27 | IgnoreRhosts yes 28 | # similar for protocol version 2 29 | HostbasedAuthentication no 30 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 31 | #IgnoreUserKnownHosts yes 32 | 33 | # To enable empty passwords, change to yes (NOT RECOMMENDED) 34 | PermitEmptyPasswords no 35 | 36 | # Change to yes to enable challenge-response passwords (beware issues with 37 | # some PAM modules and threads) 38 | ChallengeResponseAuthentication no 39 | 40 | # Change to no to disable tunnelled clear text passwords 41 | PasswordAuthentication no 42 | 43 | # Kerberos options 44 | #KerberosAuthentication no 45 | #KerberosGetAFSToken no 46 | #KerberosOrLocalPasswd yes 47 | #KerberosTicketCleanup yes 48 | 49 | # GSSAPI options 50 | #GSSAPIAuthentication no 51 | #GSSAPICleanupCredentials yes 52 | 53 | X11Forwarding no 54 | X11DisplayOffset 10 55 | PrintMotd no 56 | PrintLastLog yes 57 | TCPKeepAlive yes 58 | #UseLogin no 59 | 60 | #MaxStartups 10:30:60 61 | #Banner /etc/issue.net 62 | 63 | # Allow client to pass locale environment variables 64 | AcceptEnv LANG LC_* 65 | 66 | Subsystem sftp internal-sftp 67 | 68 | # Set this to 'yes' to enable PAM authentication, account processing, 69 | # and session processing. If this is enabled, PAM authentication will 70 | # be allowed through the ChallengeResponseAuthentication and 71 | # PasswordAuthentication. Depending on your PAM configuration, 72 | # PAM authentication via ChallengeResponseAuthentication may bypass 73 | # the setting of "PermitRootLogin without-password". 74 | # If you just want the PAM account and session checks to run without 75 | # PAM authentication, then enable this but set PasswordAuthentication 76 | # and ChallengeResponseAuthentication to 'no'. 77 | UsePAM no 78 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/.gitignore: -------------------------------------------------------------------------------- 1 | *.csr 2 | *.srl 3 | index.* -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFDzCCAvegAwIBAgIUNrqazSF9GeLq/b0uF4XJhbF/ce8wDQYJKoZIhvcNAQEL 3 | BQAwFjEUMBIGA1UEAwwLYmFja3Jlc3QtY2EwIBcNMjIwNDE1MTgzMzU5WhgPMjI5 4 | NjAxMjgxODMzNTlaMBYxFDASBgNVBAMMC2JhY2tyZXN0LWNhMIICIjANBgkqhkiG 5 | 9w0BAQEFAAOCAg8AMIICCgKCAgEAxfI7INN3SM0zj9eKZewMwOQcIJk23LqGSw5X 6 | u0MFJ2BKdNJMNIQ+2jnUP+/hMXQI0sjfMkKhvRitgoUXlo+8WuThFANTNBaHURwU 7 | c+C9kaIYxsm9T2VWEElOTiLaxXNb2civ3E+VimjFOJqfEuSRcxbGZlAYLlctacIo 8 | pd689STOIimXnGk9jAy3J0LdxQc7Z3SRJNyojhfU0G012cMUmNkUlw+Lul7ZnaPX 9 | wMu71DCLfUfjvuQroh1Ro/if33VSuGSB660/haGfxWxKK4/X0bl0An5Zg26SUY3m 10 | ds2XnuLhnuRR1jZfmLU6g5Sp2JRPA7i0rUOxXAC4iKleZ0IIoZ3nsmqd6fEjWny5 11 | VcJy7LQ+tO0gZi8+A2SdkQdAxv3V6diAVitCduvPomWbPr6UAh4ZzSp1AleVu4Ya 12 | vnFw/sb65lBkeZFLKJoCr/ZOtOvdkdOMTRUTrZDxGwVJhhOr+hGUElA5Aitafb9u 13 | WLjPwDJxx8B6ZdBqJ1q7zZCAAwajurWdvZJK/bydOEjaBk3ZhcqgJjSLnrAQddR2 14 | 9crTcC1cif7r0lwgIS4rgtnuss3A89nrlqT06Uc0zHdp8S2/S3a3Kr62/z2c8jEx 15 | E0Gxz2gq0a4TsRZnItT83BzF1Nhs+Il7xj5MlVUbebXqpmj0lyb89ae7gx+69Wni 16 | m+Ly0+8CAwEAAaNTMFEwHQYDVR0OBBYEFCYjUdJcy9RmReTg476Bqt6QQ6IwMB8G 17 | A1UdIwQYMBaAFCYjUdJcy9RmReTg476Bqt6QQ6IwMA8GA1UdEwEB/wQFMAMBAf8w 18 | DQYJKoZIhvcNAQELBQADggIBAKLnd/tLNfsOKUXqO4voEp00sgUoWjmZQ/WqrV6C 19 | GXGK7mObc0rQ9jdYQLRfN9Ua4o14pxSi833xLSU8w5Bs8WNJm7HKlHnbmoBU5CUc 20 | LMmTI8njtYKDSCy74tfJ7PkzbAm9xpZsGQ81xmrc+fb+wsAVVMdfhVOSs19tl9wp 21 | A8m64rzORwB2KUUIk8u1Me/AxQA1mvzZE4iSxblDz4Fl92uUpKcfKbOf/gW7t+Cm 22 | MBFhU3iKggQy136JMtiQO+8YLsoszyWLVGvayvmyFeXnWHYk8E54lmj398Q1GPB3 23 | BNGBf3JUTiowJa23A7elM+Htn+czDHywBzx7KRVJNC6rzhUejBPYwL4zbSv0ksDQ 24 | gEYppV34PkMUWgadXAqVbkyrvy7KHfXqnhSXYk3V796Q1AZHR4lXYKv+AlYoJXui 25 | TCBnHe2ayv/zOnSfbOAYIlsLxVmzXEpRdlOS5OR0JIn/xSVlDt/klaTwBKZRF9HJ 26 | EN7/ZV52UPbrbZE9hXEgetjBFrZdjNrwSdPku2kmAQY6+jnYlQ8GcgiMJ09Fx4uv 27 | h5+qdvt4BJvUIR1mOGHdEKqyoQmYBCnb7KWDAI/aMgFvxuuHJR73GmqfYfnLdeSt 28 | V1TrhlHv8fenrKuJt4DLsCmkDJR1K/4hSO7US2hbkDF8SF6EoCzDJfoBroBFxyP4 29 | bzss 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKAIBAAKCAgEAxfI7INN3SM0zj9eKZewMwOQcIJk23LqGSw5Xu0MFJ2BKdNJM 3 | NIQ+2jnUP+/hMXQI0sjfMkKhvRitgoUXlo+8WuThFANTNBaHURwUc+C9kaIYxsm9 4 | T2VWEElOTiLaxXNb2civ3E+VimjFOJqfEuSRcxbGZlAYLlctacIopd689STOIimX 5 | nGk9jAy3J0LdxQc7Z3SRJNyojhfU0G012cMUmNkUlw+Lul7ZnaPXwMu71DCLfUfj 6 | vuQroh1Ro/if33VSuGSB660/haGfxWxKK4/X0bl0An5Zg26SUY3mds2XnuLhnuRR 7 | 1jZfmLU6g5Sp2JRPA7i0rUOxXAC4iKleZ0IIoZ3nsmqd6fEjWny5VcJy7LQ+tO0g 8 | Zi8+A2SdkQdAxv3V6diAVitCduvPomWbPr6UAh4ZzSp1AleVu4YavnFw/sb65lBk 9 | eZFLKJoCr/ZOtOvdkdOMTRUTrZDxGwVJhhOr+hGUElA5Aitafb9uWLjPwDJxx8B6 10 | ZdBqJ1q7zZCAAwajurWdvZJK/bydOEjaBk3ZhcqgJjSLnrAQddR29crTcC1cif7r 11 | 0lwgIS4rgtnuss3A89nrlqT06Uc0zHdp8S2/S3a3Kr62/z2c8jExE0Gxz2gq0a4T 12 | sRZnItT83BzF1Nhs+Il7xj5MlVUbebXqpmj0lyb89ae7gx+69Wnim+Ly0+8CAwEA 13 | AQKCAgEAwvMzervp8iBvFM6iNolJcjv228AqATAPDSK+EucJz2MNUYrAlMReJozn 14 | 1mSJNCxkeDxvXc+z/UmtsSslNRqw1hAvAIfZzSYW9TIjjpCcAy9TGY0cznIuVfHs 15 | lhXLwsU/g/kcAm27CMrw2jOmUXQdL+0RTzi46ALh7hPT9rCtBv7NqWWvNNONUz4+ 16 | sAMx6VebEOQEAvrzYqZj6TZ139c6lOLPXYtpAQ9jYdc4qV+9yFhbOPKxgZK0yn/3 17 | pPc7dVfWNVZ/gj5pnlG0yjpBvi93zczJTZ9kx4YBwyJvBTisiEZJETUqyD9a3Uo3 18 | q9mhgXVncHHcN/zAU60+ERJFsIqfddkKYcDYeuvQF8cjCV6SILAYM6cVBJCUfQux 19 | N+uFw4jETjZKfa2AsTfHkphoZx180Qdsrr5k8dFJQeqO5K3KGnNOxcRiSM+Oi1I+ 20 | +gCAN3Nyy6SLSSnU9LXwnM+63BiK3n85bPHOncVPsaq9mOHpqhLSQJEaVYpPnSAx 21 | LbsytgjVd7daaCfe9oof0hJWz/5+INj3qhCkE9u+AWdSte4lWuMp5j8FqlRdgef+ 22 | 42xqh+jh4z2+3RwNm4km4iqgwS1AcnZTtB5vmK+kvz+Zq6TTefvCXwZLnkj7iuP9 23 | Bu80S2Pfe9oGs7cKeCsMNJ/y11gMHdm2GBXrrlW60RJ9pVs5S2ECggEBAOpb4K+a 24 | xEyaTL9apYjakdN4c2/WVW7feb4lsVfYkDNBYzqIuur3gC6nUJyBNO61wFtye0sB 25 | fWKlgkEMo1D00jDVlMrRD209o3szxwpe9RJ1pQVjN8oQU1yKCjxJuRahZWupgwdN 26 | fFjrcP82CgOyEErg5lSIYYf1FT8bNgVaotAVgYY6VsrvDAymGJMQw6bGPLgkkv2I 27 | 5oNHss8yiL8fUvpVk4GA99cwKMbpxvSc171MwTDSKMIp/BDshY8B6hFyA6ISnzG0 28 | AcpCeLw5Uc/D/Fd1SHAWxU42N2psJTbsx/27po0JjFH5tle36LGmdYawrKL51SEt 29 | uuNzHLUSyH/y6lECggEBANg5k5Ek1ksSuRRp09banyTQwmcKRCGrI44RJmt8mqqt 30 | LxeNktGoUGK3bGERUISwTFVXc4amEWx33CCtedNj85QM/EBUTaLeE5WCHGCmVrfE 31 | de2jAIuULEa2oAQd+v24Pd3iSx3NC0IMqOU8VayTE1cA8NQ701xuPDXNnepv0CJE 32 | LgFJ0j8ZWXuuXd07EeL+G8D0diUsh4ajvIvgZZHoWFuD6MJXwj/1GwK4wjuLsJ68 33 | LzQVWDgADkqTanWEW/rVF9wrhJj0gkVFp/mypazvHkOTFhmYZhH6u8ik/HLaq4fG 34 | dx2rSAxCT60XWlBaQwefEHYTOxFJDvGWjZWzrZPECj8CggEAek1SVzIESRmo/Z93 35 | jZDK0zoju/R1hzPWm7Wd9AMPVcBE4XIjYaWh3jbwqYwALKbq6I44626umYFYFUxc 36 | Gk55NoTvblxlmZO2MgBWWgIuEOEWKlaZ8bhNWJitOMMcdUPq4qGGwJPeVaUgxf7U 37 | gRM2z2zIpsq5YzMyUEmKCoc/OipO+taNHsBbYGp5np38DJedblef4fHEojQTi2+K 38 | z3qwWfW40beVH1aBoTS04EjNiXt5wlmabaFtawOTu4q7NTlzzeu76jtPR9cinM+o 39 | 8y0LDjUlhWFMvEEs8DvZu+0bfT2lcCrQcKNJVkOiirsc0Bp5LWAFqpfr1PDoxVI1 40 | EhiZ0QKCAQBjeSmATpgfdX+b+ouwfmdUgo3M5ZYufxMeWpl4PZzSBFZz2Xe/6FUC 41 | 9StxBIwsXwbfBBpryZ6ebg3hIq23KHZ4l/i8h4wn707HK1JuzFd8t28hYinwDLzJ 42 | 016ORlSfwNEFcQPps9kIC9bvjvBDMm5lSlOA7/zuuvAMOIn7vnDcMs2PXizRRpI6 43 | Kh+YlYJHEWwnOs/XjkLTGCS3nQZdN6zefTLppYIB9nr0p5cD2eHpRN3aci9ho/Tv 44 | Lh597eR64unVKlgYHfSIdeEvKJa7lk4v/EzgfZIHl3goeG6DUEI1doJ6LcA5k5Ag 45 | K2wrJztLGEx0Zah47Ulor0B3rG+gWUH1AoIBAG1/ZWBjiPEQU4UcKb+slYpr4Ziw 46 | pXK4iziP3Jo0XTPXwq5ImW1/3oZhlJCVcJwD47fqwo25YVfdbV0htP+/KIZAEUAO 47 | nVl/KKqLhV5P6FooMrkrAtYCzgo+bUkcnlldg+BEQQUW7ScBbyyV68MVtsoOsEkM 48 | t7RWCV51VZiuKPIKVg90p29vGm8TrafkzYTb5AH5bpuXMe7qQg6wrsEbMaZiC9qh 49 | x1fPafRoiD+EdSMDSQXotbPrpVAQZaMNcB+k5w9uGvoNMj6egRouaZSuAOpMAhwM 50 | u7s4NT4Ca6g5mT+S8Kg+gv0QEmgV8GQX3OPmtz5qBPwBYZ80gNOefqGpasA= 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-client.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | default_bits=4096 3 | prompt=no 4 | default_md=sha256 5 | req_extensions=v3_req 6 | distinguished_name=dn 7 | 8 | [ca] 9 | default_ca=ca_pgbackrest 10 | 11 | [ca_pgbackrest] 12 | database = index.txt 13 | unique_subject = no 14 | default_md = sha256 15 | 16 | [dn] 17 | CN = pgbackrest-client 18 | 19 | [v3_req] 20 | basicConstraints=CA:FALSE 21 | keyUsage=nonRepudiation,digitalSignature,keyEncipherment -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFHDCCAwSgAwIBAgIUG2PxcmixrrvLJhLkHUpww74Vfw8wDQYJKoZIhvcNAQEL 3 | BQAwFjEUMBIGA1UEAwwLYmFja3Jlc3QtY2EwIBcNMjIwNDE1MTgzNTIxWhgPMjI5 4 | NjAxMjgxODM1MjFaMBwxGjAYBgNVBAMMEXBnYmFja3Jlc3QtY2xpZW50MIICIjAN 5 | BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoxTTv2tY3OZqr3udgZARcsPiVCm2 6 | 4rIVNMzOKO4BMPTkl2vqp3xiwmpfINUPOXB/Pe8/svpAOzxGKxKfsSZU7ip/u/lU 7 | xgHra672xBV3+/p2awHUAGXQeg6Dz3IC2S8QG/ABt/VnAWN6YmKjRfwPZcQl8PBx 8 | GbdQKcfohYK3Pr/yijllMjciNBoif2fSjUM72W8VlGe0RYFan3wDG69NO2mR18fw 9 | wNoiNJ5eYQKxiVDgm4Nme2jP1PP7j4k8wT0v/1xXyNWvpFRABEu5ND+f8iPfbany 10 | zVfbjkUhHRi5Zs3jUIIWQo1ShU7jWbya5fGQQ/VXe3HxHpsTWGNc11rHa61tOt3S 11 | Dkx6hJjTLTyk3AU1XMoKaKj7T2OqRM23zNDgQjHvHxwbyJACVWbG+wBj0bwohaxX 12 | x68pd84F+OezClvFVXbS+Qfj1dq9kIgWEOrnLVn9/9U/8mbxhpvmRkZiEVJL08uz 13 | cRyOo+pnZm3Vwar1y5q+OUl8JLqc7DSRaic7F5FYHnD2r2U84gJF860yFtMRKTS/ 14 | ANAS0L3uDjWbElpZbOhiJOMfA+3gfy2ymaoM9LPqBi131nLTArGeB9nohzEP1f1e 15 | W39vYwU2wB0LWmcRvFMVc0F+/pUHKCrYC9pYRcxKgiept6G5cfzXdhmys2MiKlUH 16 | Fpluz1r4aZkHj7kCAwEAAaNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD 17 | VR0OBBYEFCu9EWo6cO6ErVdxT1Z0lORi7r7qMB8GA1UdIwQYMBaAFCYjUdJcy9Rm 18 | ReTg476Bqt6QQ6IwMA0GCSqGSIb3DQEBCwUAA4ICAQA9dmOsXwdX24n80NanIr+n 19 | Y+kXuhfy6zjjszDna/cuxtUJ4tP/MJWKgFG78CGwAJ6RjeRWzlg4q8Mo2qmC1u6j 20 | 4sz94uDXErGO9O3SMoI87uVBFQQlwctUhKSticATlHVnmacLR7PFP8nnOLmIcVbN 21 | XZA7MVQx1zC4l2ovUVecdpjZsr7ZpIS8jt5bi8b9Jb0Jz/KuOe/r+/gOkA85PmNu 22 | tesOuECLvje1iMxMhL1IC0i4jZ2IX1ahNsvQEobANPLnp3w3NCBjU/8i3Uy+Z6Zp 23 | Bo28Ou2kCO/FqIVDIyBQJb0dJIUT5h4YtrjbLX2IPVtkTDDOlXTGmghAKEYNZOg1 24 | CwcQpPgYWT475KMdQxO+knJbyCv8SG4KHw23keYmn83cy3+dFmnJJJw+OuGPKRgN 25 | WhfTMhLSM+pEBO2zzFc6t3i2G628jdB7B4E2wmSrRMvxJgVd/yfnCOvavlTdAjFh 26 | W85u/xEQMYP8sJFkQrA+Ht1koJOCxP5q5Rqdo/WjpHyp8Nt/S0oQlOK6zggXTg/9 27 | C8CvEsniThtBTXi6dQLKmO3VuNCdvGUie8ABzAQZPld80z4LbFFIxvffbveiSV2j 28 | K//YlD1qTBvkbqPgRoejeWd4bmIzfnSv3lnfr+W07pjigIkDkizpznlOgfX5iFz5 29 | zzztvkZM7IWBRKY2BaxgOA== 30 | -----END CERTIFICATE----- 31 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKQIBAAKCAgEAoxTTv2tY3OZqr3udgZARcsPiVCm24rIVNMzOKO4BMPTkl2vq 3 | p3xiwmpfINUPOXB/Pe8/svpAOzxGKxKfsSZU7ip/u/lUxgHra672xBV3+/p2awHU 4 | AGXQeg6Dz3IC2S8QG/ABt/VnAWN6YmKjRfwPZcQl8PBxGbdQKcfohYK3Pr/yijll 5 | MjciNBoif2fSjUM72W8VlGe0RYFan3wDG69NO2mR18fwwNoiNJ5eYQKxiVDgm4Nm 6 | e2jP1PP7j4k8wT0v/1xXyNWvpFRABEu5ND+f8iPfbanyzVfbjkUhHRi5Zs3jUIIW 7 | Qo1ShU7jWbya5fGQQ/VXe3HxHpsTWGNc11rHa61tOt3SDkx6hJjTLTyk3AU1XMoK 8 | aKj7T2OqRM23zNDgQjHvHxwbyJACVWbG+wBj0bwohaxXx68pd84F+OezClvFVXbS 9 | +Qfj1dq9kIgWEOrnLVn9/9U/8mbxhpvmRkZiEVJL08uzcRyOo+pnZm3Vwar1y5q+ 10 | OUl8JLqc7DSRaic7F5FYHnD2r2U84gJF860yFtMRKTS/ANAS0L3uDjWbElpZbOhi 11 | JOMfA+3gfy2ymaoM9LPqBi131nLTArGeB9nohzEP1f1eW39vYwU2wB0LWmcRvFMV 12 | c0F+/pUHKCrYC9pYRcxKgiept6G5cfzXdhmys2MiKlUHFpluz1r4aZkHj7kCAwEA 13 | AQKCAgBR5nbFLlMNdUZk5M7gL4sjuM5keCKZzNerkaODmKvOe16F0TOic2xhuOwX 14 | YAjqTt4IK6ww5U72sLmIjizW2apThdJqg7gYTQR/KvpQ1XtRd6Ka8OsYXAmMEtgN 15 | iXN2wRT1At7KFRtq7hubZ3AaCJFvCUgIragPQymmIfhbfJ8si1dyJYr14gxyYCGt 16 | HGX4faiD9S7APiihs2ngqHYjJDHEQat107rMD4CYLmS1kZW5oX17fE0ucx/VEcbn 17 | egOiBGmjdCu999riy1DvF1xmqgFYqL1fpLcEezgPRhZwN2d9Aq9DUmF9gN3NhyXU 18 | fkzIaD2Mc51AqKNwPG9Ft3j7ymJVmsm6MnJeI8EUVFlP1dOKiCUb4oj37TEgMV8F 19 | HZYSTkIfQxS06uY0GCUphIsyKXej4/5538bISqpeBy4azubFEpPfciCmly7keBbs 20 | I5iv1FAiV/x4UUrYBwRhx+8/8cyyCvVVAV+0g8jrtR2no4ir5toqe92WvqAfspem 21 | 1UdzrDZELKVBlVBLgXE1jRk/3sm8MEq+KFXnEd3Bf5x4q2GES4uMv9AJ/gseSDpl 22 | TC0Tivr6IKRETp9RBz5kHwZwZJnq2tAJWWAgZT9/lw1jkuO/i1UotLQ2IzhLz4/+ 23 | 4r3i94STMt2t5kDJkEqCy+YIUdiQmX7UBizG76KZTMqxT3QfZQKCAQEA2J/Lskcp 24 | 38q1Iuk1yEn9L2bGnTUcX0dajvfzBOkTdwfBHhyo8XHPco8kWQ0bqJFMbPh9hnMq 25 | hbMvfTmNzNZeR7V267hYwPZzEoW+ZkCr9E9BdwyBzHvA0lKoP0XK3wawjjZ/iKhF 26 | j72GeFc2Rj+pazQuDQn0KODGW3IR0hJHv1DRn+HLG+QYLt9qYeeXF1GzHN6msbTz 27 | eF87JczE45ze2YYiT8MA1ok+bVRYhvxgrAcUUHuoHlJi89qpdeDUIZ6yBd4Tlv4t 28 | 3pgzTW9XHpeCG03sfWwEm96tP2ZXCASJDTRM8KUpgBbXH/CfGMvCncWg2a2dxnlF 29 | 28eCePnsu05mYwKCAQEAwLmDw902AAh036zgSlG8d15JVJiMLwAZzdGvR66f7fvW 30 | AzNaaOU7/v0vaC36Z9bFxuOy4fo8iAfWCycMdhAzwatQaB4Q8aEL9Jy/WBRK3Cnv 31 | KvxBPB2zi6wvreBhQt9tfluQxRZvA2nlY334SIAwMZWI0SG95V68aTTISSNKix6D 32 | /Vn+94DUsT7WVnZ7Uvr1qM/Pa8JNzyKjECNmXWLsDaQVfA/qr2cbtjIFsuWrzdlo 33 | i/OtJcaRraie0hPGz5TTTdi48EUE2khT37g09tXUbfukgwM5P0FqxxasupgKwFNn 34 | sTWpo/eWySPXm+HKhhHQBq3WnqX7JMtkIOFDxB1OMwKCAQAp0Pb2TCx2KeA7g/9A 35 | 0Z+RReqzMCxw7Ao8LPr5iLCcOp/52xh1uz2LZLxkgFZFfP7ezj0U9ihQNN3G85Q+ 36 | 5Wa/uvTg3e4sGabu/WhavsMy3xXJEF4CBiWbtB8MT8Gwuc7dNQH7dFgxPim2E0fD 37 | 2cgvjJwTIkfCmFlSD7wG7EZzVPuSPHkDwk00xyX3DkipVLkZqpVNGpwhMWjujA+5 38 | zG9sWCtJcGA6CbZGTpDkRdW3f4pZWvWCHO9DGYO64JKyhrrgzRTFAf4CySimGwcb 39 | Pa387VbogzCEkkCpS20jfBSkuuLbVVakhkQywzVDCRphcGPzgUNCq+hjW6kBB2W+ 40 | Zoz3AoIBAQCeZRpVlO630jt0RlpE2q6iEL0GKSY1zshmb2q26F+LMcqv8Lnisly/ 41 | 8ojO/9LpGwyLrUKtFYRAbOhPXDWSpzhSeSFpoSRd4vW3gkiE9JCeKFzoIFDhPqv9 42 | JHQ/XMWzN3x/OHRgd1KgJJ2iSrsPo0N4zSSYdTnkVRtXAEmIStgORPNH+3phIuIs 43 | FrAEefZbueTDbKBWOWjHz/ji36VXJWFKyMvbnh1NMdoFwVELulWcpo2VUJ3DCVNb 44 | vdViZVyl6PRN68v7tU4KtR0yJuxo3k9sYUDRaInZYkOHAyzNYv6bGTGE5Mza9TdZ 45 | cvrWpBlWXTdy9dcJpvMlR4CwwVN30HofAoIBAQCMffdeNe0jH3fOhkFfVKFuMMzh 46 | LcRol1iomNbiMbkbqp8LzZfi0+g23TNcSb5DYHWiTHpu9y1Ffp5KsGNPcEd2vYbP 47 | Y1jCxfuXt8jA/RfLfRHdyCwvcsmjzcQgxsO6hzrgzWkqdMrAcOacn5SzyoZMhooA 48 | vj7GTN36e8bLij+FIz63NsRYArewUhOfYNp5JIr9PpT02xy/FkMpBDKfcKpofEfP 49 | 03kCfX7K4PJibCTI/EatySsUHePF+zTlqV5ymb1NrHrW5R3LMpenN6/q69/LzxuX 50 | nVNZfTEZGYhIoyAS0dBzvkMxoBGfHBE8NRXjscwBPKCn7fzcJ52jyerY79nF 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-server.cnf: -------------------------------------------------------------------------------- 1 | [req] 2 | default_bits = 4096 3 | prompt = no 4 | default_md = sha256 5 | req_extensions = v3_req 6 | distinguished_name = dn 7 | 8 | [ca] 9 | default_ca=ca_pgbackrest 10 | 11 | [ca_pgbackrest] 12 | database=index.txt 13 | unique_subject=no 14 | default_md=sha256 15 | 16 | [ dn ] 17 | CN = backup_server-tls 18 | 19 | [ v3_req ] 20 | basicConstraints = CA:FALSE 21 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 22 | subjectAltName = @alt_names 23 | 24 | [ alt_names ] 25 | DNS.1 = backup_server-tls 26 | DNS.2 = pg-tls 27 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFQzCCAyugAwIBAgIUO80fzwgJK+KmdXZH0jSqEZqxam0wDQYJKoZIhvcNAQEL 3 | BQAwFjEUMBIGA1UEAwwLYmFja3Jlc3QtY2EwIBcNMjIwNDE1MTgzNDM4WhgPMjI5 4 | NjAxMjgxODM0MzhaMBwxGjAYBgNVBAMMEWJhY2t1cF9zZXJ2ZXItdGxzMIICIjAN 5 | BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyqTYmBDObKGeUxigIXpbkqZNnekZ 6 | 0cE+C6YDRgcn2Y4bVOySBP8FJWKXaHZcLhok4PuIgD9glrPDWKKNGru+tIORPkgb 7 | 3oNcCr9n6TTf4KKiHLPlZ7AVmO/8r1oN5wjqeX5ug/EJT53vwnTeIqJDK2GoQIkG 8 | 0BxgRyEYWGj03fwMDysCO0q9oX66hmw6x2Lj3VI4F6+eM3M74SzCpAeQ8e4LU4pf 9 | +vTRXF2lgr9wMw6NTItWlqO0IY6mNWEhjUG9Zf5uZkmsjMS78+ga2EJUmu6fU1jA 10 | 7CfApFNqsGOZtY5N3Dlj+afq3K7e01zVOFU+VA4/p04lbcgIQA6Zn+MTAJcIOCFC 11 | j8PtR3gqSFVjSp3qm3dMGZ6bjLRf4pSDJGvZdO9lT5oXkM7zTw5gav3+kTtNI4c3 12 | hiMOPC747Gh5MOkD+3uIBAAKkfNuMTbAjbULvP13UT0dkekevhcI6mcPQEvGOS4T 13 | lI2p5dA3BYAbjBWtR9uy462piM01PaXknzNlXiwZ4djKUWAws92ibL8hAYh0bWW5 14 | GKoriM/9ACW0LfDxgarMsKfF0ivzjkSZeVw6SygduLRReH1K11rvdGDbI4dZQ3SI 15 | vaQVBrabXhz2QCAFZaePIjywz/rzWOzdvbc/2JS/z/rKRg2sJ1DGgMtO7V1Junek 16 | ZBkWgQdTyFecym0CAwEAAaOBgDB+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCQG 17 | A1UdEQQdMBuCEWJhY2t1cF9zZXJ2ZXItdGxzggZwZy10bHMwHQYDVR0OBBYEFLtQ 18 | pbSrfUc8WzVzZLkv3N32GjKdMB8GA1UdIwQYMBaAFCYjUdJcy9RmReTg476Bqt6Q 19 | Q6IwMA0GCSqGSIb3DQEBCwUAA4ICAQAGbCqtPkHzMdQquHh6hwYxbA4mEOExnQmo 20 | ydLK8RlokGamgwLZKODoulDQr6muCmpBo5zm8WEGWATLcHheRrJuSXBwCkUtd/8n 21 | yBwriNgiASM+ByQ0iYFIDJ4/05hSBEQZcOzBk5GpjFq4fKQv3kfKsA6jh+fvaEu4 22 | 2rc8tseAxTuhK80+eabagqJ3bXwQ2VaqN4prZQgOOhKcmIOwbyKxdM887xG62jik 23 | mipSGSbDqWicsl++gcFnqcgwbn+9zANwZ6xW39Aw7DGTvB5XaFU5Mf90C/qF1K7M 24 | 2c9tPxm0aHScV3BwLIvLpm11ETydxnc7TtsPVDMlx2ITlq4avnUvYJpggZIOjPPe 25 | U9ju/opDobZ6pzkjUgZr/2l3RwXEjdY+gNBr8zTu3KmFzh7Qcd9r5RE5raSUCWZr 26 | S4+pwJq5L6o3b2VS5puFI2Gfg9S5tkeo2XqtRQCKC8kfowy7J7B8+qsOfD2vxSMO 27 | 74Wierpb/gVYBkIDPDqOiycdLFVCIIXUNJMdWxaiZkQRmjLGgPGENO9vaJ6P2mJm 28 | 1tp/L4SskNeHfJwEfI9YImRD1i4AkrKd/89BDQ4xybXH2Ef0wveUPDz+kS9JUjke 29 | dXZRcpz+euhCdtWdn78UtyMX+MTgDV3ctOL9veDvy5wxLNUP6mrIUKI4McpkvLvR 30 | bnUJ0B2uGA== 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /e2e_tests/conf/pgbackrest/cert/pgbackrest-selfsigned-server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKwIBAAKCAgEAyqTYmBDObKGeUxigIXpbkqZNnekZ0cE+C6YDRgcn2Y4bVOyS 3 | BP8FJWKXaHZcLhok4PuIgD9glrPDWKKNGru+tIORPkgb3oNcCr9n6TTf4KKiHLPl 4 | Z7AVmO/8r1oN5wjqeX5ug/EJT53vwnTeIqJDK2GoQIkG0BxgRyEYWGj03fwMDysC 5 | O0q9oX66hmw6x2Lj3VI4F6+eM3M74SzCpAeQ8e4LU4pf+vTRXF2lgr9wMw6NTItW 6 | lqO0IY6mNWEhjUG9Zf5uZkmsjMS78+ga2EJUmu6fU1jA7CfApFNqsGOZtY5N3Dlj 7 | +afq3K7e01zVOFU+VA4/p04lbcgIQA6Zn+MTAJcIOCFCj8PtR3gqSFVjSp3qm3dM 8 | GZ6bjLRf4pSDJGvZdO9lT5oXkM7zTw5gav3+kTtNI4c3hiMOPC747Gh5MOkD+3uI 9 | BAAKkfNuMTbAjbULvP13UT0dkekevhcI6mcPQEvGOS4TlI2p5dA3BYAbjBWtR9uy 10 | 462piM01PaXknzNlXiwZ4djKUWAws92ibL8hAYh0bWW5GKoriM/9ACW0LfDxgarM 11 | sKfF0ivzjkSZeVw6SygduLRReH1K11rvdGDbI4dZQ3SIvaQVBrabXhz2QCAFZaeP 12 | Ijywz/rzWOzdvbc/2JS/z/rKRg2sJ1DGgMtO7V1JunekZBkWgQdTyFecym0CAwEA 13 | AQKCAgEAykg7nbBJHs9GSBSw5DpL5tvzZsolZ+jKkr4pTmIeOWFNjzyHlk0rSeJc 14 | 2X4tDigy4BK2c67QMB9JxNSeni0DdRZQiidZCol9+4yNoZGSWZ5+zMAXI6X2KTCG 15 | wFPYxON1i8nVcAfQD5XMnAQlKdVnz4owdhtSnbN1uAslTjuXE3BiaVG5bI5zNR5X 16 | +49WLWpdo7RLIfnApgNFpsUTlsGmwpmo3L+oh86Snu0sJpQK4CyKh/ofeUf4q/bF 17 | m0tWPrd85K9SbPDmOa65IAR1p6Ku6emBSaWzDwmvl1ldiq4h5cYjms3/KlugaqJ0 18 | 8/AbN5yAF1AR4mRzoF6pPahVWfFGKO00+1kanwUIqa5zJCn3QPjfzL22KvvRQpbY 19 | oSbvRmkh7/4ySpv4j1JG5/W2pG2Q0jUlD0nxONYGY0JHzH0t6yos09cBvgCjM8Da 20 | QtPeh5HtlPo0B0no0dQwKhynKyXQvQmsXlgVeJFUdAhcrZMRt5gEz2x24fbuokNP 21 | a8ZUa0L5qq6jDt5gbOf5IIMt3BVjDr9Q77vQmVN9m6P/0NEAhcLyq8lB8jE/TDZx 22 | RDNzmpJ35ulOb1EIv/0hqjx7wr3zpjytdnP/gi6bRTzSqJuXbelKBDw1+9/xbMux 23 | qjl4OBRWO+ZBZmgMobnCHWTBzRltm1XsZHnQWNx7W1KlEfApCwECggEBAPCDOJMe 24 | aOI4luJwSs529BGxWmMzDq5fIgu5Iis7HPMio/UfDOS6x5VAKsvctkqiuyH+V0qY 25 | um2VcOcM3VlYmJDN9eF7vRd1GoYSmIxGXZVKyUXgjd2UIL8nObRWKiOiggL8+SD7 26 | 6BJONkepcw2gk4E5XFSdaXkfoHglR3UjpHJkwdAQ+393IhrK5NDKVnTVrP3fJjh2 27 | QnAuoakkHvosAS1qQMQYHdUam5EDYyTAq55mOsYY/lCAvfrcmPb+T3ra273gQj9D 28 | JVdkQMhu+ulXhgF/CgSjOIEq5r+ZDHUj0jGG8IQ0qMJc8WIOJEU98ynGL+kibiNE 29 | ldoWGhEeX+lxGr0CggEBANexXxtaKzwF7q7Agd3IR0UsSZZxMjAJFP26FSwf4/A0 30 | nNqFlpkc0PJcls3MN2phhOaMh8aYzjdcbSSY/qa24BihOCkfhp8S8+W0HRhanmFB 31 | ew0ghE0E8WMPZOedsuxlbB0kES9nZ/WCA4nNbXH3clHhWau3xVDCGJj9DooJPegJ 32 | XqvHSx2Mzhj3pKVSzqKUMWxL3t0+PwFgURE7oRmuv3qJv0wMw1V0/JLnDFku+sQo 33 | dT6DSx3s/ktDl7JCopk/HBFV3iftlj2kgIahkt74VTgWAzSftx6piKJ2j1rmaiKJ 34 | pmpOhxZq4ckrkAiMAVa8I/sUtYHTlAfLKwkNjcneQXECggEBAN5U/2yIlP5iv6Bt 35 | m8mGjxL39w1yumSZDtj1eE+sYpOj9xr2bC3ZN/yRh75StrUB/6lp+/m6e8QnfGoq 36 | K0iXrNlXe6/IekGAAFfmQtyRg5spuiv9bEdj0m3CbgZ2DJhKdpMalZZXJ+4cHPNc 37 | Aj6brR+tDdwuc70Dbo0CMS9pFnClEcEsocDwOTe5TZJxKUDx8evxZ9yT/dDEWq8H 38 | 9BbhrOj1qw9bF+DSqvJ/xhvIfB1+dWCA5D848+Y+HK1e48w3GyFIeRUQFinWREjE 39 | xvAD953UeUdWNzq4lPyTF8AFsB4WlqowH70kvAMf/YmAvhNk4Q9Lw7KYiUpEWi5u 40 | /MzIwKUCggEBALbSG7f2ZKD6skWi3DCc+nPSRwliJtT6TbWGDT4aRbyrC6xZAL4E 41 | 48IZ4qTLDMl5oQk9YjRd/qSEDeqwV1/9r9KQjCanFxcsHFi9os+qt4Xd16vXvOv/ 42 | XY7GVJPRYf/nM407relNL5uzuMYLvlGUGGz4omXfXTrHWcwK6lDr5nIPxxO4151T 43 | ZLla5k5O8uBw1bdiU6OZiBPljLEbpsA7EweNS/zs8IA1qYPmnNvW6yxq0n3LEVdr 44 | MlufDixFOMbF7EdxTdzwD6FuFpaGyxN8z9a7KbpoCfHOZwa1kWrN1HYz0D9ZEj1Z 45 | GMnHx8zGxre6vpCqC/Lf4B//ABorR9wsK7ECggEBAJSZbo9HZYnLb9WGTinaS4KI 46 | J9e6Z++w9nS/QZZfiQjI3bVRAl+gB3JUbYaeZeA0ATxqztkYKfcq+UdtI+l0cIxV 47 | RH9z1bZpyGJaeetQMCvEjlJYBUsuDQ9e61FvPqsYKFkIQr2j9xU/EED8Etn9+E2+ 48 | +zf1NgOPc1v4DXE3KjMnfDIDB74Yo+sW+ecqa/ox1K34N2KHaoeeGIAsWGctfyWq 49 | 1CnYjzaq60RXvHcqk65fZvLgxLemSAQKZBX3cgU8kUyCdC5gGI8tX4JhiwY5D6MC 50 | LRU7gTv+0Cu61UHiHVdzutMK4A7rrWVWiNIINmcsQmV9SRm9J2W8YxPNS29s7Jo= 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG BACKREST_VERSION="2.55.1" 2 | 3 | FROM pgbackrest:${BACKREST_VERSION} 4 | ARG CONTAINER_TYPE="rsa" 5 | RUN apt-get update -y \ 6 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 7 | apt-utils \ 8 | openssh-server \ 9 | rsyslog \ 10 | && mkdir -p -m 700 \ 11 | /home/${BACKREST_USER}/.ssh \ 12 | /home/${BACKREST_USER}/sshd \ 13 | && chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 14 | /home/${BACKREST_USER}/.ssh \ 15 | /home/${BACKREST_USER}/sshd \ 16 | && apt-get autoremove -y \ 17 | && apt-get autopurge -y \ 18 | && rm -rf /var/lib/apt/lists/* 19 | COPY --chmod=755 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/sftp/sftp_prepare.sh /home/${BACKREST_USER}/sftp_prepare.sh 20 | COPY --chmod=600 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/ssh/authorized_keys /home/${BACKREST_USER}/.ssh/authorized_keys 21 | COPY --chmod=700 --chown=${BACKREST_USER}:${BACKREST_GROUP} ./conf/sftp/sshd-${CONTAINER_TYPE} /home/${BACKREST_USER}/sshd 22 | ENTRYPOINT ["/entrypoint.sh"] 23 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sftp_prepare.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Exit on errors and on command pipe failures. 4 | set -e 5 | 6 | # Start sshd. 7 | /usr/sbin/sshd -f ~/sshd/sshd_config -D -e 8 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 3 | QyNTUxOQAAACBv8IOsxtMkAHv4mR7W2VY7wPsQNQjJU/sJBBkZ6ISHOQAAAIj45BIb+OQS 4 | GwAAAAtzc2gtZWQyNTUxOQAAACBv8IOsxtMkAHv4mR7W2VY7wPsQNQjJU/sJBBkZ6ISHOQ 5 | AAAEAmcuVKGB4JJYMqjvk4Vbngg7JysCpxrna8BPb6sXuIqm/wg6zG0yQAe/iZHtbZVjvA 6 | +xA1CMlT+wkEGRnohIc5AAAAAAECAwQF 7 | -----END OPENSSH PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sshd-ed25519/ssh_host_ed25519_key.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/wg6zG0yQAe/iZHtbZVjvA+xA1CMlT+wkEGRnohIc5 2 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sshd-ed25519/sshd_config: -------------------------------------------------------------------------------- 1 | # Package generated configuration file 2 | # See the sshd_config(5) manpage for details 3 | 4 | # What ports, IPs and protocols we listen for 5 | Port 2222 6 | # Use these options to restrict which interfaces/protocols sshd will bind to 7 | #ListenAddress :: 8 | #ListenAddress 0.0.0.0 9 | Protocol 2 10 | # HostKeys for protocol version 2 11 | HostKey /home/pgbackrest/sshd/ssh_host_ed25519_key 12 | 13 | HostKeyAlgorithms ssh-ed25519 14 | PubkeyAcceptedKeyTypes ssh-ed25519 15 | 16 | # Logging 17 | SyslogFacility AUTH 18 | LogLevel INFO 19 | 20 | # Authentication: 21 | LoginGraceTime 120 22 | PermitRootLogin no 23 | StrictModes yes 24 | 25 | PubkeyAuthentication yes 26 | AuthorizedKeysFile %h/.ssh/authorized_keys 27 | 28 | # Don't read the user's ~/.rhosts and ~/.shosts files 29 | IgnoreRhosts yes 30 | # similar for protocol version 2 31 | HostbasedAuthentication no 32 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 33 | #IgnoreUserKnownHosts yes 34 | 35 | # To enable empty passwords, change to yes (NOT RECOMMENDED) 36 | PermitEmptyPasswords no 37 | 38 | # Change to yes to enable challenge-response passwords (beware issues with 39 | # some PAM modules and threads) 40 | ChallengeResponseAuthentication no 41 | 42 | # Change to no to disable tunnelled clear text passwords 43 | PasswordAuthentication no 44 | 45 | # Kerberos options 46 | #KerberosAuthentication no 47 | #KerberosGetAFSToken no 48 | #KerberosOrLocalPasswd yes 49 | #KerberosTicketCleanup yes 50 | 51 | # GSSAPI options 52 | #GSSAPIAuthentication no 53 | #GSSAPICleanupCredentials yes 54 | 55 | X11Forwarding no 56 | X11DisplayOffset 10 57 | PrintMotd no 58 | PrintLastLog yes 59 | TCPKeepAlive yes 60 | #UseLogin no 61 | 62 | #MaxStartups 10:30:60 63 | #Banner /etc/issue.net 64 | 65 | # Allow client to pass locale environment variables 66 | AcceptEnv LANG LC_* 67 | 68 | Subsystem sftp internal-sftp 69 | 70 | # Set this to 'yes' to enable PAM authentication, account processing, 71 | # and session processing. If this is enabled, PAM authentication will 72 | # be allowed through the ChallengeResponseAuthentication and 73 | # PasswordAuthentication. Depending on your PAM configuration, 74 | # PAM authentication via ChallengeResponseAuthentication may bypass 75 | # the setting of "PermitRootLogin without-password". 76 | # If you just want the PAM account and session checks to run without 77 | # PAM authentication, then enable this but set PasswordAuthentication 78 | # and ChallengeResponseAuthentication to 'no'. 79 | UsePAM no 80 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sshd-rsa/ssh_host_rsa_key: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAYEAuKor6I4xT5hM/0pK0f7G0MdVbE7l00GcsDCs3tU2B0kSKIh2PN/s 4 | /SPNTAMbq1f0TIAzwq0CETnKCF2pgh8wqUeASYfekMQPPOUwQl/6HJBwXvDJXgvICM/iRz 5 | +6uCTqGP6uXo7MzV3b+9n7XSCiTxwjnHklUd/Yjw75laqy23mR/58am8qbV+f8p33yxDhe 6 | XcO7ktYYQrjY61G5fBubpixaM/Dm6eg8rVIvcyB9jLPgM1PDHsD7usGFD1JQZ3NGy+/Nlr 7 | rj/NumS6Mr6W0DGKiiU3bX7kwlSFWY9eTnD7p7ZkvgjTXCj9KaNbsftXv/Lx8id/3HACdR 8 | 53OpZDCEuy/UONPHlaNWhS8LpRnVmZSbJJfKD9RZPFHpzMk6rfU/tOPgoBC6Gaj5KUsA34 9 | LYzOFOdT9DzsYELq8GR+VJDAkg9U8ehuKsuuilXQC0Ifj/8t5RdhA4gyLgI5q33ufI/8p+ 10 | QLDQ3qxIjApWRaSnGG9WHXBQnmS/zT6jnYYzwtYJAAAFkPC7L+vwuy/rAAAAB3NzaC1yc2 11 | EAAAGBALiqK+iOMU+YTP9KStH+xtDHVWxO5dNBnLAwrN7VNgdJEiiIdjzf7P0jzUwDG6tX 12 | 9EyAM8KtAhE5yghdqYIfMKlHgEmH3pDEDzzlMEJf+hyQcF7wyV4LyAjP4kc/urgk6hj+rl 13 | 6OzM1d2/vZ+10gok8cI5x5JVHf2I8O+ZWqstt5kf+fGpvKm1fn/Kd98sQ4Xl3Du5LWGEK4 14 | 2OtRuXwbm6YsWjPw5unoPK1SL3MgfYyz4DNTwx7A+7rBhQ9SUGdzRsvvzZa64/zbpkujK+ 15 | ltAxioolN21+5MJUhVmPXk5w+6e2ZL4I01wo/SmjW7H7V7/y8fInf9xwAnUedzqWQwhLsv 16 | 1DjTx5WjVoUvC6UZ1ZmUmySXyg/UWTxR6czJOq31P7Tj4KAQuhmo+SlLAN+C2MzhTnU/Q8 17 | 7GBC6vBkflSQwJIPVPHobirLropV0AtCH4//LeUXYQOIMi4COat97nyP/KfkCw0N6sSIwK 18 | VkWkpxhvVh1wUJ5kv80+o52GM8LWCQAAAAMBAAEAAAGAOP2741/O9COqz7cb9EdPEKwUPw 19 | Lyhwpe0zmSgIsIy6LPidbjttHdEBr2hxkGdxEEAoAmeVRvqOVO5toRMGlz2SqJ+yeFluQL 20 | V93b0QBR7nLdW0+wteeo6p9N1HNkquQpo2Ema2Ri7JalB8s0en9R2Fx02RvCWsxcx3n1qS 21 | 0vWfDhECUIT0BuROkB3qdOPySuav23bA/LGPx3ZdipCBZ1KQnTJOiaO2JDJ7KPllZWqQ/y 22 | h6S4OUuR5QdIi3v5+JNopc7Ov7i3QfeeITjdIVWRQ6/SsD9jg4YxGywAWU1Sd8W5foUCkQ 23 | xbQ1T2Yy/rTS3jIiASKSqqeRc/F5BVpo6vRYlyvEU9m9wWiKj3FiOR3lPbU5YyQJj83XeD 24 | kgIKKjpdjw2II+RVazjMlhittJO8CmI5X+E146uXkNJHyS43qIx96ZXhTy4S6rA5PwKbeV 25 | lL1jOLFQsEfi0sbKitXcdfXgbfKRtSDd/vC03aiGBbTGPwfl2F+/3IgYbrnLe3DdgBAAAA 26 | wQDeEqlbdUSig447+YKdJo1AiDfKo7AelNEIruIiYydHP7VXwpOdj59CDD+SYDxlJUDgnS 27 | qSIx2fU3M+yNHYBYRs+Ps4uviFM6cwws8A9hilngyai0dWkA9MG5eQGxYr+E0HOCQ/yqpI 28 | xe0o4B2UnoLc3MEwFqIKFxMIie9XorN3Mie0hsuwqCamyKB6LUCfzHvQ/MZaQKc0ZJvL0a 29 | XgyYAX2NCqfyQK6X44NFrjenYeWpmHyms6FWhs6mJCVsXftIMAAADBAOA/fU5ccODaF4qf 30 | fBgFeqAeLVFaw798JH7cJbzkll8Uzqf6icq4hpTaDcZsb5U2TZ/1fyrTp6p7mhXMBPPyOC 31 | hWdLupvHbx99bbh1y9aFMRKrK0I4A5Btk/IREZ4IpwHNeiEZey9CJ974m5K9vHandkJ1Ju 32 | I3qp5nAe4Er3wXmPZab6DMryaxHSqBUUIyaM9OqGJ69ks6xZP5PjZfYYgfKWcR/JZ/YGPZ 33 | QboPjuQJ/YVVcHDfKsTYFrG+tvLGiVgQAAAMEA0s/fgJkW9T1Fovq/GuhFs7yF97rgVA2V 34 | fT12S2Ihl5v2qDZXKfx7zP92fFcWBrCqmQUUt7NUHgjFEr6JPW8bSNjp9bWmwu8BHHLB4g 35 | IoPt9B3874nmZSOrfX4H8TgmpU12VPIOoy0jT9B+xOgXLFqmN2V5BTUzSA0WYLKXr5K+bH 36 | QNE5DwBa3RD6YSn4y5GlBhLwR9iIcZypeVmVAsw5sYNexCw/wivqrXKLmst3MbHzgbV57/ 37 | HNNROI3Vwp/NSJAAAAFHJvb3RAYnVpbGRraXRzYW5kYm94AQIDBAUG 38 | -----END OPENSSH PRIVATE KEY----- 39 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sshd-rsa/ssh_host_rsa_key.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4qivojjFPmEz/SkrR/sbQx1VsTuXTQZywMKze1TYHSRIoiHY83+z9I81MAxurV/RMgDPCrQIROcoIXamCHzCpR4BJh96QxA885TBCX/ockHBe8MleC8gIz+JHP7q4JOoY/q5ejszNXdv72ftdIKJPHCOceSVR39iPDvmVqrLbeZH/nxqbyptX5/ynffLEOF5dw7uS1hhCuNjrUbl8G5umLFoz8Obp6DytUi9zIH2Ms+AzU8MewPu6wYUPUlBnc0bL782WuuP826ZLoyvpbQMYqKJTdtfuTCVIVZj15OcPuntmS+CNNcKP0po1ux+1e/8vHyJ3/ccAJ1Hnc6lkMIS7L9Q408eVo1aFLwulGdWZlJskl8oP1Fk8UenMyTqt9T+04+CgELoZqPkpSwDfgtjM4U51P0POxgQurwZH5UkMCSD1Tx6G4qy66KVdALQh+P/y3lF2EDiDIuAjmrfe58j/yn5AsNDerEiMClZFpKcYb1YdcFCeZL/NPqOdhjPC1gk= 2 | -------------------------------------------------------------------------------- /e2e_tests/conf/sftp/sshd-rsa/sshd_config: -------------------------------------------------------------------------------- 1 | # Package generated configuration file 2 | # See the sshd_config(5) manpage for details 3 | 4 | # What ports, IPs and protocols we listen for 5 | Port 2222 6 | # Use these options to restrict which interfaces/protocols sshd will bind to 7 | #ListenAddress :: 8 | #ListenAddress 0.0.0.0 9 | Protocol 2 10 | # HostKeys for protocol version 2 11 | HostKey /home/pgbackrest/sshd/ssh_host_rsa_key 12 | 13 | HostKeyAlgorithms +ssh-rsa 14 | PubkeyAcceptedKeyTypes +ssh-rsa 15 | 16 | # Logging 17 | SyslogFacility AUTH 18 | LogLevel INFO 19 | 20 | # Authentication: 21 | LoginGraceTime 120 22 | PermitRootLogin no 23 | StrictModes yes 24 | 25 | PubkeyAuthentication yes 26 | AuthorizedKeysFile %h/.ssh/authorized_keys 27 | 28 | # Don't read the user's ~/.rhosts and ~/.shosts files 29 | IgnoreRhosts yes 30 | # similar for protocol version 2 31 | HostbasedAuthentication no 32 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 33 | #IgnoreUserKnownHosts yes 34 | 35 | # To enable empty passwords, change to yes (NOT RECOMMENDED) 36 | PermitEmptyPasswords no 37 | 38 | # Change to yes to enable challenge-response passwords (beware issues with 39 | # some PAM modules and threads) 40 | ChallengeResponseAuthentication no 41 | 42 | # Change to no to disable tunnelled clear text passwords 43 | PasswordAuthentication no 44 | 45 | # Kerberos options 46 | #KerberosAuthentication no 47 | #KerberosGetAFSToken no 48 | #KerberosOrLocalPasswd yes 49 | #KerberosTicketCleanup yes 50 | 51 | # GSSAPI options 52 | #GSSAPIAuthentication no 53 | #GSSAPICleanupCredentials yes 54 | 55 | X11Forwarding no 56 | X11DisplayOffset 10 57 | PrintMotd no 58 | PrintLastLog yes 59 | TCPKeepAlive yes 60 | #UseLogin no 61 | 62 | #MaxStartups 10:30:60 63 | #Banner /etc/issue.net 64 | 65 | # Allow client to pass locale environment variables 66 | AcceptEnv LANG LC_* 67 | 68 | Subsystem sftp internal-sftp 69 | 70 | # Set this to 'yes' to enable PAM authentication, account processing, 71 | # and session processing. If this is enabled, PAM authentication will 72 | # be allowed through the ChallengeResponseAuthentication and 73 | # PasswordAuthentication. Depending on your PAM configuration, 74 | # PAM authentication via ChallengeResponseAuthentication may bypass 75 | # the setting of "PermitRootLogin without-password". 76 | # If you just want the PAM account and session checks to run without 77 | # PAM authentication, then enable this but set PasswordAuthentication 78 | # and ChallengeResponseAuthentication to 'no'. 79 | UsePAM no 80 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/authorized_keys: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjABaUr0CGkCEX7gSrlQZzRz1dOSPv4MQrQXXk7esmiNJpWnKHCzJiGO/wJfO53lHA9WvYJkTcNK2WqRBnYS0pOysUVX9UyBEmi00ZxHaSP1mgFJII0oYx8JzgzajbYNPoP52lzB1Y3uqMBCBkJsQZImI4t0l0K0FPW1DybCLx5My73rAahP5gpfX6UgqiscE/M13gRIsLoFN0bBjktH3xu2wZnpakPc2+IdqfICKs2fjYZhmMnTnz7kM8pGUh0cwvrwt4cfdgcHye9KDujszBDdhYpIW2/EuiS0eJBsNWrG+P+zO032j5YbcbxX/yHLxQJ+/M/XoigCgGrXujMvF/O2YTLI424fnVEYoQuyPu6sUhyd5gffIV/zQ/+PP5UaRPMdGschOdxdHMX/lxkKuJTYncdO+uekbVfql6BjS5SZ7vtTFfAwvQSyxo0yY9fFi6PFQonr2lAalpjT9w4ukMgIsiJlhC+XPJ+IUEcJHpRt+Nt2ur4P/XDSFv7YHpJLFm4fpueYfJ6L8phU5OV9WloPm8W5yUIP1UuwcIIhMx64RuJja1/QjQjJTftt3aLh1ew1JAAF21x5sI47pSqlD8fah6DUvFk1G7g1dazw4xAoXi0R5rXH4oOOoPZgAWzwiAUcrt1DGBjpAnopN7rtU3/dAW3PMUA5vjDfvLYzNJUw== 2 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCu5h9AmauyyK3xTEw4TeyzIHt2t02hzecFhD9wsQUMLhJAklzTR8+YHh7FNjvJo+LFJBrO8js+f4UKkPUjhdjb27JMsRHioYK36cWYwux/GCx2EcRIrFc5JIY4HYUesWW5viFY3QTjn7R3Ds67I1HaCexHnAFX9ztZa2EuneU0B80T8fVyMPFBb1jog8VPdK/YthAx4coJV12fS0hqUSWJr2s2PG6di2yasTfZma8CP9vikZa0w1kJ92ZBYm0V8RaRfXhURt77JuT81iOVh3dWOthIzUaDBq2lJWZJ0itxnq4Ku2M6o3EASdcH/jtFvk2+1mHtRpilxi6bAaklLofmpEZJ4NmB0spKiAdTGMlMsc2Cb42bMjxcz3SQOvUYEtNUBPY1Esaj6TgS6Aa5f5THv1+MebOG1CJUdPFbVUKJIXKGhc1Ue71ty342mKpuqeksz1v/jRcxEvJKcc1INK1twkZH35E8r7zRKD1RXGBU7B9xBhFjQ+BNi9eesSvzT4bNCpgwaMwACMIOon4UEyZ5L05quhqF10kJO0OurclObj8AW6wTbLyCQttseM9V63jyyAulkkt/fVLzQzUMfOxNilzsIO076nNU4dYmvO24+iE1/CyR6/HZNXEBDfaC0Js3jxHDrQH0F42I1OPvVuQv4l/ycgjBtRokVHFGDaoQVQ== 3 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUrrxkSfjHbXgcQkgG0OhHHnaRYt90/nSC9qoiJ6yNC 4 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/id_ed25519_sftp: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 3 | QyNTUxOQAAACClK68ZEn4x214HEJIBtDoRx52kWLfdP50gvaqIiesjQgAAAIiVoSirlaEo 4 | qwAAAAtzc2gtZWQyNTUxOQAAACClK68ZEn4x214HEJIBtDoRx52kWLfdP50gvaqIiesjQg 5 | AAAEA4uARuoGBAdx7o1kN3UyG3AlBuqyAqIm09pZK9jGZTmqUrrxkSfjHbXgcQkgG0OhHH 6 | naRYt90/nSC9qoiJ6yNCAAAAAAECAwQF 7 | -----END OPENSSH PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/id_ed25519_sftp.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUrrxkSfjHbXgcQkgG0OhHHnaRYt90/nSC9qoiJ6yNC 2 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/id_rsa: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAgEAowAWlK9AhpAhF+4Eq5UGc0c9XTkj7+DEK0F15O3rJojSaVpyhwsy 4 | Yhjv8CXzud5RwPVr2CZE3DStlqkQZ2EtKTsrFFV/VMgRJotNGcR2kj9ZoBSSCNKGMfCc4M 5 | 2o22DT6D+dpcwdWN7qjAQgZCbEGSJiOLdJdCtBT1tQ8mwi8eTMu96wGoT+YKX1+lIKorHB 6 | PzNd4ESLC6BTdGwY5LR98btsGZ6WpD3NviHanyAirNn42GYZjJ058+5DPKRlIdHML68LeH 7 | H3YHB8nvSg7o7MwQ3YWKSFtvxLoktHiQbDVqxvj/sztN9o+WG3G8V/8hy8UCfvzP16IoAo 8 | Bq17ozLxfztmEyyONuH51RGKELsj7urFIcneYH3yFf80P/jz+VGkTzHRrHITncXRzF/5cZ 9 | CriU2J3HTvrnpG1X6pegY0uUme77UxXwML0EssaNMmPXxYujxUKJ69pQGpaY0/cOLpDICL 10 | IiZYQvlzyfiFBHCR6Ubfjbdrq+D/1w0hb+2B6SSxZuH6bnmHyei/KYVOTlfVpaD5vFuclC 11 | D9VLsHCCITMeuEbiY2tf0I0IyU37bd2i4dXsNSQABdtcebCOO6UqpQ/H2oeg1LxZNRu4NX 12 | Ws8OMQKF4tEea1x+KDjqD2YAFs8IgFHK7dQxgY6QJ6KTe67VN/3QFtzzFAOb4w37y2MzSV 13 | MAAAc4RPv6fET7+nwAAAAHc3NoLXJzYQAAAgEAowAWlK9AhpAhF+4Eq5UGc0c9XTkj7+DE 14 | K0F15O3rJojSaVpyhwsyYhjv8CXzud5RwPVr2CZE3DStlqkQZ2EtKTsrFFV/VMgRJotNGc 15 | R2kj9ZoBSSCNKGMfCc4M2o22DT6D+dpcwdWN7qjAQgZCbEGSJiOLdJdCtBT1tQ8mwi8eTM 16 | u96wGoT+YKX1+lIKorHBPzNd4ESLC6BTdGwY5LR98btsGZ6WpD3NviHanyAirNn42GYZjJ 17 | 058+5DPKRlIdHML68LeHH3YHB8nvSg7o7MwQ3YWKSFtvxLoktHiQbDVqxvj/sztN9o+WG3 18 | G8V/8hy8UCfvzP16IoAoBq17ozLxfztmEyyONuH51RGKELsj7urFIcneYH3yFf80P/jz+V 19 | GkTzHRrHITncXRzF/5cZCriU2J3HTvrnpG1X6pegY0uUme77UxXwML0EssaNMmPXxYujxU 20 | KJ69pQGpaY0/cOLpDICLIiZYQvlzyfiFBHCR6Ubfjbdrq+D/1w0hb+2B6SSxZuH6bnmHye 21 | i/KYVOTlfVpaD5vFuclCD9VLsHCCITMeuEbiY2tf0I0IyU37bd2i4dXsNSQABdtcebCOO6 22 | UqpQ/H2oeg1LxZNRu4NXWs8OMQKF4tEea1x+KDjqD2YAFs8IgFHK7dQxgY6QJ6KTe67VN/ 23 | 3QFtzzFAOb4w37y2MzSVMAAAADAQABAAACADpWCr7V5fMC3EUzM0qxQCi7w1N84sa0G6Eb 24 | gXUYTUNyTlPUQg7gy/xdzmmVO6A21+2GKD2onJZu5/12rl9BYSdTfLx/SN3v6GtyCXsCXC 25 | lFMO9gzU8JAWwYIB04nYk+IzkIo4Q2A/7NcQYBaBJP6XjRXHPN7ST9YhdjqBnK58rIxxkp 26 | vr8O//dZDiqzeAj4MyBKYvujrFvR2mxdT59ylWyRVkPpBSLs15iHhzXSC3bvX+cay2QO1T 27 | HfAQNQFr2+1yPtst49c3p5Z7B//qTCSLeDG/3Fi/GMZAlGheidmgWIGzldfwjpuCkgdqci 28 | zQK6lA7f7CviP/bfBPQ23Hvw/IqpVvdpnnH6yHv3lHbyVzsQQDXzI4cdwR0nZGdPZ+Ui65 29 | NW4auCYCYBaN3Vk8ISJk5uSIIJGcAwpe50C3tbbmBuz+pn1auIRv3vue7onTItUbyyGWWn 30 | /5s2GpN5kz79A/ZAtRcnp84Ik/y9B1HcbPqh3Jg2Ec3X3hqglaUZSrcwkDv4epBlHdLO+J 31 | d3gtuhdsUgTxcttrWbYQzX7j5k2veahrhU8ZfRvpSzvPjHWoASqqPrgA1HF8q4iNGb/H6h 32 | wRDPWgodGmhNJX5jAiCBx+qJ5en/QkZb4K1Pr4nwxLqJI5akfQw54kL3r7K7Kj/j1ZdV7E 33 | xx04jvMOSTqD/6wFlBAAABABmxH6DtxeR0c14zSlhOd3Hy1ljjCrqrfR0BHH7YVcnHGOr0 34 | whe1a5i/04mvaS4TbSpeA7nA/38FPprfM5BuGw/8zjxh5gt1Fk6dlfdto5wXOQ/cDFqVWO 35 | eoQSEzFjCuMxOt3lIkI1NMyVc4tNbjmwhu62ECXZYK7MXGqe22+kEGO1Pt7r+IszNM1hLy 36 | L6CNNupKzLJOYB133PqZphnOrbm5Lvak6j7pBB61okszVPk50RGLwf4K8Tp62oNgSuow5z 37 | /AL1y1vtdYhSES15Vn5m5bBcwpH96f6cmbdbmYpPMjnZtoAdvaNv8TIePm9DKTjOVGN6+f 38 | cVPwXovApNJSA/8AAAEBANEC3b5DYhZApn0VvEhyu77PYD7J4eYRN2Hv99PF53JlLIyUKW 39 | S4R/2DaaJgnWPbIGFn9Kqequl6veFAuG2IJCLvmf+eXZE4mpfX2SXwxT3B/MQmPfWIO2+G 40 | pxc4BdAeF8D0u3Ywznq/06MjyZqy650CyXcAw+uL7ABHt2M4tvIozQZmg/HMRdr6AZi50L 41 | w417z4iSaEGEaEqVN1AEher+2QxhVMYYnSdBoIUXiadIPg0ph4I/wdli//P26E5okSuYb6 42 | H1dn1gGUD/u+wSXI5X2tQOpvbT0FYYrLFS3e5qhBM2jKMRYI658oqBHXidxDoggLEOgSoU 43 | 0TUs792iwJNmEAAAEBAMelLcMv3afoY9TE2fepbKGjJxwmjiS0teA11ZEUIYlR3J+03mrH 44 | IjSL/tianJluZu30satjFc9x+xs+TieMT1Qx045vF8a7+G3yujy7ztAUjTUN12+qGOILFG 45 | fVDXIhs6LQJr4i1KiXuRH1z3NFY+bLr0F55IY5ObQflpBg1Ohw9E844Sh6ptRmKYFwiWRb 46 | 3gsTh/X01V+RFTiVHa2pPS52mXofBxspGyR1kGPLlXU0vLxG/r4GlYfrIkhFwTHkIl5Ihx 47 | kpwzIcMeHEJ4o/O+QwxK8Mnx8Of9dKzaQZgwmrC42ed1D5rTz9Av/dsROiw2yfLbpJsECH 48 | D06O1iAp9DMAAAAAAQID 49 | -----END OPENSSH PRIVATE KEY----- 50 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/id_rsa.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjABaUr0CGkCEX7gSrlQZzRz1dOSPv4MQrQXXk7esmiNJpWnKHCzJiGO/wJfO53lHA9WvYJkTcNK2WqRBnYS0pOysUVX9UyBEmi00ZxHaSP1mgFJII0oYx8JzgzajbYNPoP52lzB1Y3uqMBCBkJsQZImI4t0l0K0FPW1DybCLx5My73rAahP5gpfX6UgqiscE/M13gRIsLoFN0bBjktH3xu2wZnpakPc2+IdqfICKs2fjYZhmMnTnz7kM8pGUh0cwvrwt4cfdgcHye9KDujszBDdhYpIW2/EuiS0eJBsNWrG+P+zO032j5YbcbxX/yHLxQJ+/M/XoigCgGrXujMvF/O2YTLI424fnVEYoQuyPu6sUhyd5gffIV/zQ/+PP5UaRPMdGschOdxdHMX/lxkKuJTYncdO+uekbVfql6BjS5SZ7vtTFfAwvQSyxo0yY9fFi6PFQonr2lAalpjT9w4ukMgIsiJlhC+XPJ+IUEcJHpRt+Nt2ur4P/XDSFv7YHpJLFm4fpueYfJ6L8phU5OV9WloPm8W5yUIP1UuwcIIhMx64RuJja1/QjQjJTftt3aLh1ew1JAAF21x5sI47pSqlD8fah6DUvFk1G7g1dazw4xAoXi0R5rXH4oOOoPZgAWzwiAUcrt1DGBjpAnopN7rtU3/dAW3PMUA5vjDfvLYzNJUw== 2 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/id_rsa_sftp: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKAIBAAKCAgEAruYfQJmrssit8UxMOE3ssyB7drdNoc3nBYQ/cLEFDC4SQJJc 3 | 00fPmB4exTY7yaPixSQazvI7Pn+FCpD1I4XY29uyTLER4qGCt+nFmMLsfxgsdhHE 4 | SKxXOSSGOB2FHrFlub4hWN0E45+0dw7OuyNR2gnsR5wBV/c7WWthLp3lNAfNE/H1 5 | cjDxQW9Y6IPFT3Sv2LYQMeHKCVddn0tIalElia9rNjxunYtsmrE32ZmvAj/b4pGW 6 | tMNZCfdmQWJtFfEWkX14VEbe+ybk/NYjlYd3VjrYSM1GgwatpSVmSdIrcZ6uCrtj 7 | OqNxAEnXB/47Rb5NvtZh7UaYpcYumwGpJS6H5qRGSeDZgdLKSogHUxjJTLHNgm+N 8 | mzI8XM90kDr1GBLTVAT2NRLGo+k4EugGuX+Ux79fjHmzhtQiVHTxW1VCiSFyhoXN 9 | VHu9bct+NpiqbqnpLM9b/40XMRLySnHNSDStbcJGR9+RPK+80Sg9UVxgVOwfcQYR 10 | Y0PgTYvXnrEr80+GzQqYMGjMAAjCDqJ+FBMmeS9OaroahddJCTtDrq3JTm4/AFus 11 | E2y8gkLbbHjPVet48sgLpZJLf31S80M1DHzsTYpc7CDtO+pzVOHWJrztuPohNfws 12 | kevx2TVxAQ32gtCbN48Rw60B9BeNiNTj71bkL+Jf8nIIwbUaJFRxRg2qEFUCAwEA 13 | AQKCAgAIPw1mLFiuG0woPmKxnOr2HyfzFv1wDZdA6VVcaNxGEL4HkV8TDyW4lGL7 14 | BW2YOkPs66Df9QfaEIUjVGZagGsTIq6rcwXW26qgJUONylMAQxGFl5zbmFScex5g 15 | 8vNd2RtkwJQt7m3WlacanfYdWLL5RtJ/JdniXePMeYWhfwxZgaynrhbWhXw6i5dz 16 | jxL0hhnsa9kjoPO3sQjXA+OsL5tHfJ/fdMX6Y6KBQK3Tcq2Pu5cQfbDPYQ6Hq8SE 17 | fLGMAUwBHBtaTeUhjlnpmecfm72CsU+VTyht8Riq2rKR9Hjb6JFoLCGnmCEx1Elx 18 | NQlyZmCgCNehKlz0I/36jP9+o00A/OsGSi22yuiuz5GByCNdHcLfSg+lnjlrhZ9O 19 | ic8Er/b8Cx2zC5EO6BlKcKuNmKR44h1wLX9bvClmLSuSqJo9/Ad9ww6gJ2GVeUpK 20 | ww7ENiXR7pKOOvyY6VFB64auxrHKJcaoEpi26HvlIbtA9omj7xnqU6c+lH5EF4dd 21 | ZO57bFjFvtixcalOPrmYSKnu2fiIKbfBtbzjpLK5znXcRmSJT0R3XccRWm+g+99Z 22 | 6lG/7voLznLnjH6bo1dae5tZSZNtVik7qE7zwAeaB4pLynNfH0xDW1fiEa3CCFJj 23 | MqNvvlFOzQgQPcHio2XBBfvhJf20SaFq2V7o5WOS32nghOUNQQKCAQEA4b8MPx2v 24 | 1+ZobsGB4syYVOYH1maYMRjw2r6g9+JhApL/ylPcaSugr4qtJ4v3p1CquS45pLrt 25 | xUbMTya7WIrULdOhzym04+dZyfhtN+3y8N1kh3rZuyoA1w68gJKX/lDzpdgUKLgM 26 | HkfQ/ZpI/pWUYvZKLcYMn3YuFeEy2SQwZIuNGvaw+uHYXbJFAGltcKRXpBP7xLFB 27 | z3bZltFyut/N4JKD0KavZaefdMaUTBW9ti/l3pUm4IXIVNzO5KsZsc3VOASqOXXs 28 | j9tHEZSWn1gpc3zwym5gOPY70vYNUE1fyUWaxiUMYAmbRVD4U07yoH6dtLcyxH7y 29 | ylLnL+XyGhJC2QKCAQEAxlaXgUHJpMWVhsV08p6mrsJGqHwKTkRAIDhS6yAYaUHR 30 | 0XBK+HfYi64uaafN7KQXLRrDwkkwizN8/7PF6r9yJ1x3eXcd2k1O69X6pLXqf2Gb 31 | LdMpq0A13+nqARYLZYmkZkOhd3zFwsSRA/9u8wiu6Rxwx+0Jx/gTYcruuA+vdnso 32 | xS0nvzWN5mTfJvNi34kURHuZayvYB/TGU8esGpyk22dWvoQ4UzhklgxpWfzYmob0 33 | retPhVpVZti+4kftaiC20rY41DHg60zSuy+OumberE44TXokUGiANzLqC6aeqHgm 34 | czA25rmuYTMVv0/MVw0Q/aG/8ajFcpwi4YqBScpT3QKCAQEAwdX6nQNPpvG3gEp1 35 | zZlhv5xY5HbpfVbuENWYf+CI7d3s9vz1B/UnHzPTJF7hwm/Yd/NCGblMSpVU/y3B 36 | tfBW6haLHMeyA/L1vR+sIFcXwExJcq9A353cZMzJfRjim8NEwoV8Ic6O0T1XLTra 37 | LIehhyv1W8JvukiOn8jjkWGqj9rnyVxDcNiVoTZeW1ErYIosmr1x9F1DpfFmOkMT 38 | 4XQkYg1MU8+cUYwRtgKA+ae9Yv9TwMCPRkB5WKzUlbJ4+JxF1bjjtT0VaByftG/C 39 | uYXI6dpBI4CM7Lw5eBZALlCRy9ARaswLCTeWdHlnEJl8aeTuY2rek6xxqtpumkk2 40 | jb5aWQKCAQBfMB3ERiudbcpmhQusiWHby5eXsvhLOcxA6mc5Ow0cLx+g0bDZcMM3 41 | vl++C2/0G4iX+BltfCzVEd/y5HefQ0RpCaK5Y+aq56Fx5B9Hv5sMiW6tXoPIEagJ 42 | j7zjyo2rrJR/FARBUVukLyyd65B3CXrQm/qwqN2h4DiFHZzWL4j5ZwBZKWPDC9PP 43 | eCf1DKguOh7FA0DNQ5yJrPsmKFU77GPefMkP5GsX3Z/At7I0Ivpdp1l0wtNGX+VO 44 | 18U82mJiJdM4a4X4qPuWUids+NUaNta1gVDaNj2Jba3jUActkkjg99EURVaEAydi 45 | tN7CE20xdi7qWx/AvkwMxkyjTBLitDztAoIBAGUpmmgw9So9B7+/WHqpNehfiWB3 46 | UUrQeZ7OqSrOyOq86LOCtOP8ebY81wJ4m2elPCFTNs2t0tDLf/zn8qZHDrYMDFf4 47 | vYyII0tdtl8jTI0scTsvUA67siqE6kcOPGLae9N33YPJWdaEXMFZeV9V6Wxsajz9 48 | M/8DmmsZ9fGy2JheGbWtU9gqJ6oNKEPiTrcWPrh3BntMLjkN9ERMpJTXo4/Zb9BR 49 | KW1DzeepOI4PN+Mhr45QGYten97IdTpoIwsPLhXw1yj/rxvQxx30I1ZYH9ph03Ne 50 | yOfnyAi19oFqWUNBarMazM+OVWCEw7mrgN/eGf8e6KFXO5T+jZivOGo8KKk= 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /e2e_tests/conf/ssh/id_rsa_sftp.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCu5h9AmauyyK3xTEw4TeyzIHt2t02hzecFhD9wsQUMLhJAklzTR8+YHh7FNjvJo+LFJBrO8js+f4UKkPUjhdjb27JMsRHioYK36cWYwux/GCx2EcRIrFc5JIY4HYUesWW5viFY3QTjn7R3Ds67I1HaCexHnAFX9ztZa2EuneU0B80T8fVyMPFBb1jog8VPdK/YthAx4coJV12fS0hqUSWJr2s2PG6di2yasTfZma8CP9vikZa0w1kJ92ZBYm0V8RaRfXhURt77JuT81iOVh3dWOthIzUaDBq2lJWZJ0itxnq4Ku2M6o3EASdcH/jtFvk2+1mHtRpilxi6bAaklLofmpEZJ4NmB0spKiAdTGMlMsc2Cb42bMjxcz3SQOvUYEtNUBPY1Esaj6TgS6Aa5f5THv1+MebOG1CJUdPFbVUKJIXKGhc1Ue71ty342mKpuqeksz1v/jRcxEvJKcc1INK1twkZH35E8r7zRKD1RXGBU7B9xBhFjQ+BNi9eesSvzT4bNCpgwaMwACMIOon4UEyZ5L05quhqF10kJO0OurclObj8AW6wTbLyCQttseM9V63jyyAulkkt/fVLzQzUMfOxNilzsIO076nNU4dYmvO24+iE1/CyR6/HZNXEBDfaC0Js3jxHDrQH0F42I1OPvVuQv4l/ycgjBtRokVHFGDaoQVQ== 2 | -------------------------------------------------------------------------------- /e2e_tests/docker-compose.backup-ssh.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | backup-ssh: 5 | image: pgbackrest:${TAG} 6 | container_name: backup-ssh 7 | hostname: backup-ssh 8 | volumes: 9 | - "./conf/ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa" 10 | - "./conf/ssh/id_rsa_sftp:/home/pgbackrest/.ssh/id_rsa_sftp" 11 | - "./conf/ssh/id_rsa_sftp.pub:/home/pgbackrest/.ssh/id_rsa_sftp.pub" 12 | - "./conf/ssh/id_ed25519_sftp:/home/pgbackrest/.ssh/id_ed25519_sftp" 13 | - "./conf/ssh/id_ed25519_sftp.pub:/home/pgbackrest/.ssh/id_ed25519_sftp.pub" 14 | - "./conf/backup/backup_prepare-ssh.sh:/home/pgbackrest/backup_prepare.sh" 15 | - "./conf/backup/backup_pgbackrest-ssh.conf:/etc/pgbackrest/pgbackrest.conf" 16 | command: /home/pgbackrest/backup_prepare.sh 17 | environment: 18 | - "BACKREST_UID" 19 | - "BACKREST_GID" 20 | depends_on: 21 | minio: 22 | condition: service_healthy 23 | nginx: 24 | condition: service_started 25 | createbucket: 26 | condition: service_completed_successfully 27 | pg-ssh: 28 | condition: service_started 29 | sftp-rsa: 30 | condition: service_started 31 | sftp-ed25519: 32 | condition: service_started 33 | networks: 34 | - ssh 35 | 36 | backup_alpine-ssh: 37 | image: pgbackrest:${TAG}-alpine 38 | container_name: backup_alpine-ssh 39 | hostname: backup_alpine-ssh 40 | volumes: 41 | - "./conf/ssh/id_rsa:/home/pgbackrest/.ssh/id_rsa" 42 | - "./conf/ssh/id_rsa_sftp:/home/pgbackrest/.ssh/id_rsa_sftp" 43 | - "./conf/ssh/id_rsa_sftp.pub:/home/pgbackrest/.ssh/id_rsa_sftp.pub" 44 | - "./conf/ssh/id_ed25519_sftp:/home/pgbackrest/.ssh/id_ed25519_sftp" 45 | - "./conf/ssh/id_ed25519_sftp.pub:/home/pgbackrest/.ssh/id_ed25519_sftp.pub" 46 | - "./conf/backup/backup_prepare-ssh.sh:/home/pgbackrest/backup_prepare.sh" 47 | - "./conf/backup/backup_pgbackrest-ssh.conf:/etc/pgbackrest/pgbackrest.conf" 48 | command: /home/pgbackrest/backup_prepare.sh 49 | environment: 50 | - "BACKREST_UID" 51 | - "BACKREST_GID" 52 | depends_on: 53 | minio: 54 | condition: service_healthy 55 | nginx: 56 | condition: service_started 57 | createbucket: 58 | condition: service_completed_successfully 59 | pg-ssh: 60 | condition: service_started 61 | sftp-rsa: 62 | condition: service_started 63 | sftp-ed25519: 64 | condition: service_started 65 | networks: 66 | - ssh 67 | 68 | networks: 69 | ssh: 70 | -------------------------------------------------------------------------------- /e2e_tests/docker-compose.backup-tls.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | backup_server-tls: 5 | image: pgbackrest:${TAG} 6 | container_name: backup_server-tls 7 | hostname: backup_server-tls 8 | volumes: 9 | - "./conf/pgbackrest/cert/:/etc/pgbackrest/cert" 10 | - "./conf/backup/backup_pgbackrest-tls.conf:/etc/pgbackrest/pgbackrest.conf" 11 | - "backrest_data:/var/lib/pgbackrest" 12 | environment: 13 | - "BACKREST_UID" 14 | - "BACKREST_GID" 15 | - "BACKREST_TLS_SERVER=enable" 16 | expose: 17 | - "8432" 18 | depends_on: 19 | minio: 20 | condition: service_healthy 21 | nginx: 22 | condition: service_started 23 | createbucket: 24 | condition: service_completed_successfully 25 | pg-tls: 26 | condition: service_started 27 | networks: 28 | - tls 29 | 30 | backup-tls: 31 | image: pgbackrest:${TAG} 32 | container_name: backup-tls 33 | hostname: backup-tls 34 | volumes: 35 | - "./conf/ssh/id_rsa_sftp:/home/pgbackrest/.ssh/id_rsa_sftp" 36 | - "./conf/ssh/id_rsa_sftp.pub:/home/pgbackrest/.ssh/id_rsa_sftp.pub" 37 | - "./conf/backup/backup_prepare-tls.sh:/home/pgbackrest/backup_prepare.sh" 38 | - "./conf/pgbackrest/cert/:/etc/pgbackrest/cert" 39 | - "./conf/backup/backup_pgbackrest-tls.conf:/etc/pgbackrest/pgbackrest.conf" 40 | - "backrest_data:/var/lib/pgbackrest" 41 | command: /home/pgbackrest/backup_prepare.sh 42 | environment: 43 | - "BACKREST_UID" 44 | - "BACKREST_GID" 45 | depends_on: 46 | minio: 47 | condition: service_healthy 48 | nginx: 49 | condition: service_started 50 | createbucket: 51 | condition: service_completed_successfully 52 | pg-tls: 53 | condition: service_started 54 | backup_server-tls: 55 | condition: service_started 56 | sftp-rsa: 57 | condition: service_started 58 | networks: 59 | - tls 60 | 61 | backup_alpine-tls: 62 | image: pgbackrest:${TAG}-alpine 63 | container_name: backup_alpine-tls 64 | hostname: backup_alpine-tls 65 | volumes: 66 | - "./conf/ssh/id_rsa_sftp:/home/pgbackrest/.ssh/id_rsa_sftp" 67 | - "./conf/ssh/id_rsa_sftp.pub:/home/pgbackrest/.ssh/id_rsa_sftp.pub" 68 | - "./conf/backup/backup_prepare-tls.sh:/home/pgbackrest/backup_prepare.sh" 69 | - "./conf/pgbackrest/cert/:/etc/pgbackrest/cert" 70 | - "./conf/backup/backup_pgbackrest-tls.conf:/etc/pgbackrest/pgbackrest.conf" 71 | - "backrest_data:/var/lib/pgbackrest" 72 | command: /home/pgbackrest/backup_prepare.sh 73 | environment: 74 | - "BACKREST_UID" 75 | - "BACKREST_GID" 76 | depends_on: 77 | minio: 78 | condition: service_healthy 79 | nginx: 80 | condition: service_started 81 | createbucket: 82 | condition: service_completed_successfully 83 | pg-tls: 84 | condition: service_started 85 | backup_server-tls: 86 | condition: service_started 87 | sftp-rsa: 88 | condition: service_started 89 | networks: 90 | - tls 91 | 92 | networks: 93 | tls: 94 | 95 | volumes: 96 | backrest_data: 97 | -------------------------------------------------------------------------------- /e2e_tests/docker-compose.pg.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | pg-ssh: 5 | build: 6 | context: . 7 | dockerfile: ./conf/pg/Dockerfile 8 | args: 9 | CONTAINER_TYPE: ssh 10 | BACKREST_VERSION: ${TAG} 11 | image: pg-pgbackrest:${TAG} 12 | container_name: pg-ssh 13 | hostname: pg-ssh 14 | command: /var/lib/postgresql/pg_prepare.sh 15 | environment: 16 | - "BACKREST_UID" 17 | - "BACKREST_GID" 18 | expose: 19 | - "2222" 20 | depends_on: 21 | minio: 22 | condition: service_healthy 23 | nginx: 24 | condition: service_started 25 | createbucket: 26 | condition: service_completed_successfully 27 | sftp-rsa: 28 | condition: service_started 29 | sftp-ed25519: 30 | condition: service_started 31 | networks: 32 | - ssh 33 | 34 | pg-tls: 35 | build: 36 | context: . 37 | dockerfile: ./conf/pg/Dockerfile 38 | args: 39 | CONTAINER_TYPE: tls 40 | BACKREST_VERSION: ${TAG} 41 | image: pg-pgbackrest:${TAG} 42 | container_name: pg-tls 43 | hostname: pg-tls 44 | command: /var/lib/postgresql/pg_prepare.sh 45 | environment: 46 | - "BACKREST_UID" 47 | - "BACKREST_GID" 48 | - "BACKREST_HOST_TYPE=tls" 49 | expose: 50 | - "8432" 51 | depends_on: 52 | minio: 53 | condition: service_healthy 54 | nginx: 55 | condition: service_started 56 | createbucket: 57 | condition: service_completed_successfully 58 | sftp-rsa: 59 | condition: service_started 60 | networks: 61 | - tls 62 | 63 | networks: 64 | ssh: 65 | tls: 66 | -------------------------------------------------------------------------------- /e2e_tests/docker-compose.s3.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | minio: 5 | image: minio/minio:${IMAGE_TAG_MINIO} 6 | container_name: minio 7 | hostname: minio 8 | environment: 9 | - "MINIO_ROOT_USER" 10 | - "MINIO_ROOT_PASSWORD" 11 | - "MINIO_SITE_REGION" 12 | - "MINIO_DOMAIN" 13 | command: server /data --console-address ":9001" --address ":9000" 14 | ports: 15 | - "9000:9000" 16 | - "9001:9001" 17 | networks: 18 | - ssh 19 | - tls 20 | healthcheck: 21 | test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] 22 | interval: 10s 23 | timeout: 5s 24 | retries: 3 25 | start_period: 5s 26 | 27 | createbucket: 28 | image: minio/mc:${IMAGE_TAG_MINIO_MC} 29 | container_name: createbucket 30 | environment: 31 | - "MINIO_ROOT_USER" 32 | - "MINIO_ROOT_PASSWORD" 33 | - "S3_MINIO_KEY" 34 | - "S3_MINIO_KEY_SECRET" 35 | - "S3_MINIO_HOSTNAME" 36 | - "S3_MINIO_BUCKET" 37 | depends_on: 38 | minio: 39 | condition: service_healthy 40 | nginx: 41 | condition: service_started 42 | entrypoint: > 43 | /bin/sh -c ' 44 | mc alias set \ 45 | "${S3_MINIO_HOSTNAME}" \ 46 | http://minio:9000 \ 47 | "${MINIO_ROOT_USER}" \ 48 | "${MINIO_ROOT_PASSWORD}"; 49 | mc mb "${S3_MINIO_HOSTNAME}"/"${S3_MINIO_BUCKET}"; 50 | mc admin user add "${S3_MINIO_HOSTNAME}" "${S3_MINIO_KEY}" "${S3_MINIO_KEY_SECRET}"; 51 | mc admin policy attach "${S3_MINIO_HOSTNAME}" readwrite --user="${S3_MINIO_KEY}" 52 | ' 53 | networks: 54 | - ssh 55 | - tls 56 | 57 | nginx: 58 | image: nginx:${IMAGE_TAG_NGINX} 59 | hostname: nginx 60 | container_name: nginx 61 | volumes: 62 | - ./conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro 63 | - ./conf/nginx/nginx-selfsigned.crt:/etc/nginx/nginx-selfsigned.crt:ro 64 | - ./conf/nginx/nginx-selfsigned.key:/etc/nginx/nginx-selfsigned.key:ro 65 | ports: 66 | - "443:443" 67 | depends_on: 68 | - minio 69 | networks: 70 | ssh: 71 | aliases: 72 | - minio.local 73 | tls: 74 | aliases: 75 | - minio.local 76 | 77 | networks: 78 | ssh: 79 | tls: 80 | -------------------------------------------------------------------------------- /e2e_tests/docker-compose.sftp.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | sftp-rsa: 5 | build: 6 | context: . 7 | dockerfile: ./conf/sftp/Dockerfile 8 | args: 9 | BACKREST_VERSION: ${TAG} 10 | CONTAINER_TYPE: "rsa" 11 | image: sftp-rsa-pgbackrest:${TAG} 12 | container_name: sftp-rsa 13 | hostname: sftp-rsa 14 | command: /home/pgbackrest/sftp_prepare.sh 15 | volumes: 16 | - "backrest_data_sftp_rsa:/var/lib/pgbackrest" 17 | environment: 18 | - "BACKREST_UID" 19 | - "BACKREST_GID" 20 | - "BACKREST_TLS_SERVER=disable" 21 | expose: 22 | - "2222" 23 | networks: 24 | - ssh 25 | - tls 26 | 27 | sftp-ed25519: 28 | build: 29 | context: . 30 | dockerfile: ./conf/sftp/Dockerfile 31 | args: 32 | BACKREST_VERSION: ${TAG} 33 | CONTAINER_TYPE: "ed25519" 34 | image: sftp-ed25519-pgbacrest:${TAG} 35 | container_name: sftp-ed25519 36 | hostname: sftp-ed25519 37 | command: /home/pgbackrest/sftp_prepare.sh 38 | volumes: 39 | - "backrest_data_sftp_ed25519:/var/lib/demo" 40 | environment: 41 | - "BACKREST_UID" 42 | - "BACKREST_GID" 43 | - "BACKREST_TLS_SERVER=disable" 44 | expose: 45 | - "2222" 46 | networks: 47 | - ssh 48 | - tls 49 | 50 | networks: 51 | ssh: 52 | tls: 53 | 54 | volumes: 55 | backrest_data_sftp_rsa: 56 | backrest_data_sftp_ed25519: 57 | -------------------------------------------------------------------------------- /files/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | uid=$(id -u) 4 | # Execution command. 5 | backrest_command="pgbackrest" 6 | 7 | if [ "${uid}" = "0" ]; then 8 | # Exec pgBackRest from specific user. 9 | backrest_command="gosu ${BACKREST_USER} pgbackrest" 10 | # Custom time zone. 11 | if [ "${TZ}" != "Etc/UTC" ]; then 12 | cp /usr/share/zoneinfo/${TZ} /etc/localtime 13 | echo "${TZ}" > /etc/timezone 14 | fi 15 | # Custom user group. 16 | if [ "${BACKREST_GROUP}" != "pgbackrest" ] || [ "${BACKREST_GID}" != "2001" ]; then 17 | groupmod -g ${BACKREST_GID} -n ${BACKREST_GROUP} pgbackrest 18 | fi 19 | # Custom user. 20 | if [ "${BACKREST_USER}" != "pgbackrest" ] || [ "${BACKREST_UID}" != "2001" ]; then 21 | usermod -g ${BACKREST_GID} -l ${BACKREST_USER} -u ${BACKREST_UID} -m -d /home/${BACKREST_USER} pgbackrest 22 | fi 23 | # pgBackRest completion. 24 | echo "source /home/${BACKREST_USER}/.bash_completion.d/pgbackrest-completion.sh" >> /home/${BACKREST_USER}/.bashrc 25 | # Correct user:group. 26 | chown -R ${BACKREST_USER}:${BACKREST_GROUP} \ 27 | /home/${BACKREST_USER} \ 28 | /var/log/pgbackrest \ 29 | /var/lib/pgbackrest \ 30 | /var/spool/pgbackrest \ 31 | /etc/pgbackrest \ 32 | /tmp/pgbackrest 33 | fi 34 | 35 | # Start docker container as pgBackRest TLS server. 36 | if [ "${BACKREST_TLS_SERVER}" == "enable" ]; then 37 | exec ${backrest_command} server 38 | fi 39 | 40 | # Start TLS server in background for pgBackRest execution over TLS. 41 | if [ "${BACKREST_HOST_TYPE}" == "tls" ] && [ "${BACKREST_TLS_SERVER}" == "disable" ]; then 42 | ${backrest_command} server & 43 | backrest_server_pid=$! 44 | # Wait TLS server start, by default - 15 sec. 45 | sleep ${BACKREST_TLS_WAIT} 46 | # Check process is running. 47 | ps -p ${backrest_server_pid} > /dev/null 48 | if [ "$?" != "0" ]; then 49 | echo "Error on TLS server startup, exit..." 50 | exit 1 51 | fi 52 | fi 53 | 54 | if [ "${uid}" = "0" ]; then 55 | exec gosu ${BACKREST_USER} "$@" 56 | else 57 | exec "$@" 58 | fi 59 | --------------------------------------------------------------------------------