|
The technique used is: create a new SSH key for backup automation, and
authorize it to log in as 'root' to instances.
To reduce potential harm if the key somehow gets compromised, it is
limited to logging in from a single IP, and it is limited to running
the 'backup-snapshot' program on the instances.
Inside each instance, the `backup-snapshot` script is used as a wrapper
for the `rsync --server` process. This script pauses running services,
takes a snapshot of the data volume, and then runs the RSync server.
Change-Id: I3c98ffe3dc2fa1373bd0df2388145636e491bf57
|