X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=bak-git-server.pl;h=dd849db1d2590da412823a8a6f7bf573cd49b931;hb=3ce3f1f9005ad990e8a7bc258d53b02e77b64fbb;hp=b3925bae34e76c94e63f2564cac1ea6301c8d395;hpb=8d1a7c94cc28535f9854ed5f882e15e8ad04d97c;p=bak-git.git diff --git a/bak-git-server.pl b/bak-git-server.pl index b3925ba..dd849db 100755 --- a/bak-git-server.pl +++ b/bak-git-server.pl @@ -11,9 +11,32 @@ Start server, install on remote-host or upgrade with: [--install remote-host] [--upgrade] -You will want to add following to C<~/.ssh/config> +C traffic is always transfered over ssh, but C or C can +still leak sensitive information if C shell client connects directly +to server host. - RemoteForward 9001 localhost:9001 +Add following line to C<~/.ssh/config> under C for which you want encrypted +controll channel (or to pass through server ssh hops using C) + + RemoteForward 9001 192.168.42.42:9001 + +bak command overview: + + bak add /path + bak commit [/path [message]] + bak diff [host:][/path] + bak status [/path] + bak log [/path] + + bak show + bak ch[anges] + bak revert [host:]/path + + bak cat [host:]/path + + bak - push all changed files to server + +See L for more information =cut @@ -33,22 +56,45 @@ GetOptions( ) || die "$!\n"; my ( $dir, $server_ip ) = @ARGV; -die "usage: $0 /backup/directory\n" unless $dir; +die "usage: $0 /backup/directory 127.0.0.1\n" unless $dir; $server_ip ||= '127.0.0.1'; -my $shell_client = <<__SHELL_CLIENT__; -#!/bin/sh -echo `hostname -s` `pwd` \$* | nc $server_ip 9001 -__SHELL_CLIENT__ +# parse ssh config +my $ssh_tunnel; +open(my $ssh_fd, '<', "$ENV{HOME}/.ssh/config"); +my $host; +while(<$ssh_fd>) { + chomp; + next unless length($_) > 0; + next if m/^\s*#/; + + if ( /^Host\s+(.+)/i ) { + $host = $1; + } elsif ( /^\s+(\S+)\s+(.+)/ ) { + $ssh_tunnel->{$host}++ if lc($1) eq 'remoteforward' && $2 =~ m/9001/; + } else { + die "can't parse $_"; + } +} + +sub shell_client { + my ( $hostname ) = @_; + my $path = '/tmp/bak'; + my $server = $server_ip; + $server = '127.0.0.1' if $ssh_tunnel->{$hostname}; +warn "# ssh_client $hostname $server"; + open(my $fh, '>', $path); + print $fh "#!/bin/sh\n"; + print $fh "echo \$USER/\$SUDO_USER $hostname `pwd` \$* | nc $server 9001\n"; + close($fh); + chmod 0755, $path; + return $path; +} chdir $dir; system 'git init' unless -e '.git'; if ( $upgrade || $install ) { - open(my $fh, '>', '/tmp/bak'); - print $fh $shell_client; - close($fh); - chmod 0755, '/tmp/bak'; my @hosts = grep { -d $_ } glob '*'; @hosts = ( $install ) if $install; @@ -56,8 +102,15 @@ if ( $upgrade || $install ) { foreach my $hostname ( @hosts ) { warn "install on $hostname\n"; system 'ssh-copy-id', "root\@$hostname" if ! -d $hostname; - system "scp /tmp/bak root\@$hostname:/usr/local/bin/"; - system "ssh root\@$hostname apt-get install rsync"; + my $path = shell_client( $hostname ); + system "scp $path root\@$hostname:/usr/local/bin/"; + system "ssh root\@$hostname apt-get install -y rsync"; + } +} else { + warn "# start ssh tunnels..."; + foreach my $host ( keys %$ssh_tunnel ) { + warn "## $host\n"; + open( $ssh_tunnel->{$host}, '-|', "ssh -N root\@$host &" ) or die $!; } } @@ -70,46 +123,117 @@ my $server = IO::Socket::INET->new( ) || die $!; -warn "dir: $dir listen: $server_ip:9001\n" - , $shell_client -; +warn "dir: $dir listen: $server_ip:9001\n"; + +sub rsync { + warn "# rsync ",join(' ', @_), "\n"; + system 'rsync', @_; +} sub pull_changes { my $hostname = shift; system "find $hostname -type f | sed 's,$hostname,,' > /tmp/$hostname.list"; - system "rsync -avv --files-from /tmp/$hostname.list root\@$hostname:/ $hostname/" + if ( @_ ) { + open(my $files, '>>', "/tmp/$hostname.list"); + print $files "$_\n" foreach @_; + close($files); + } + rsync split / /, "-avv --files-from /tmp/$hostname.list root\@$hostname:/ $hostname/"; } while (my $client = $server->accept()) { - my ($hostname,$pwd,$command,$path,$message) = split(/\s+/,<$client>,5); + my $line = <$client>; + chomp($line); + warn "<<< $line\n"; + my ($user,$hostname,$pwd,$command,$rel_path,$message) = split(/\s+/,$line,6); + $hostname =~ s/\..+$//; + + my $on_host = ''; + if ( $rel_path =~ s/^([^:]+):(.+)$/$2/ ) { + if ( -e $1 ) { + $on_host = $1; + } else { + print $client "host $1 doesn't exist in backup\n"; + next; + } + } + my $path = $rel_path =~ m{^/} ? $rel_path : "$pwd/$rel_path"; - $message ||= ''; - $path = "$pwd/$path" unless $path =~ m{^/}; + warn "$hostname [$command] $on_host:$path | $message\n"; - warn "$hostname [$command] $path | $message\n"; + my $args_message = $message; + $message ||= "$path [$command]"; + $message = "$hostname: $message"; my $dir = $path; $dir =~ s{/[^/]+$}{}; - mkpath "$hostname/$dir" unless -e "$hostname/$dir"; + my $backup_path = -e "$hostname/$path" ? "$hostname/$path" : $hostname; + + sub git { + my $args = join(' ',@_); + warn "# git $args\n"; + my $out = `git $args`; + warn "$out\n# [", length($out), " bytes]\n" if defined $out; + return $out; + } if ( ! $command ) { pull_changes $hostname; } elsif ( $command eq 'add' ) { - system 'rsync', '-avv', "root\@$hostname:$path", "$hostname/$path"; - system 'git', 'add', "$hostname/$path"; + mkpath "$hostname/$dir" unless -e "$hostname/$dir"; + while ( $path ) { + rsync( '-avv', "root\@$hostname:$path", "$hostname/$path" ); + print $client git 'add', "$hostname/$path"; + + $args_message =~ s/^(.+)\b// || last; + $path = $1; + warn "? $path"; + } } elsif ( $command eq 'commit' ) { - system 'rsync', '-avv', "root\@$hostname:$path", "$hostname/$path" if $path; - $message ||= "$command $hostname $path"; - system 'git', 'commit', '-m', $message, "$hostname/$path"; - } elsif ( $command =~ m{(diff|status|log)} ) { - my $opt = '--summary' if $command eq 'log'; - pull_changes $hostname if $command eq 'diff'; - print $client `git $command $opt $hostname`; + pull_changes $hostname; + $message =~ s/'/\\'/g; + $user =~ s/\/$//; + print $client git( "commit -m '$message' --author '$user <$hostname>' $backup_path" ); + } elsif ( $command =~ m{(diff|status|log|ch)} ) { + $command .= ' --stat' if $command eq 'log'; + $command = 'log --patch-with-stat' if $command =~ m/^ch/; + pull_changes( $hostname ) if $command eq 'diff'; + if ( $on_host ) { + mkpath $_ foreach grep { ! -e $_ } ( "$hostname/$dir", "$on_host/$dir" ); + rsync( '-avv', "root\@$hostname:$path", "$hostname/$path" ); + rsync( '-avv', "root\@$on_host:$path", "$on_host/$path" ); + open(my $diff, '-|', "diff -Nuw $hostname$path $on_host$path"); + while(<$diff>) { + print $client $_; + } + } else { + # commands without path will show host-wide status/changes + my $backup_path = $path ? "$hostname/$path" : "$hostname/"; + # hostname must end with / to prevent error from git: + # ambiguous argument 'arh-hw': both revision and filename + # to support branches named as hosts + print $client git($command, $backup_path); + } } elsif ( $command eq 'revert' ) { - print $client `git checkout -- $hostname/$path`; - system 'rsync', '-avv', "$hostname/$path", "root\@$hostname:$path"; + if ( $on_host ) { + rsync( '-avv', "$on_host/$path", "root\@$hostname:$path" ); + } else { + print $client git "checkout -- $hostname/$path"; + rsync( '-avv', "$hostname/$path", "root\@$hostname:$path" ); + } + } elsif ( $command eq 'cat' ) { + my $file_path = ( $on_host ? $on_host : $hostname ) . "/$path"; + open(my $file, '<', $file_path) || warn "ERROR $file_path: $!"; + while(<$file>) { + print $client $_; + } + close($file); + } elsif ( $command eq 'ls' ) { + print $client `ls $backup_path`; + } elsif ( $command eq 'show' ) { + print $client `git show`; } else { print $client "Unknown command: $command\n"; }