0

I have written a service that triggers a shell script to backup a postgres database, on a CentOS7 server. It dumps the backup file into the /tmp/ folder and then it is supposed to copy the file across to another server, but something is amiss, I suspect it is my bash. The service does the backup fine, but fails when it comes to copying it to the other server.

I am able to manually scp the backup file from /tmp/ folder in server1 to the /tmp/ folder in server2 using public key authentication, so passwordless between the two, but I'm not sure why the systemd trips up with the following error:

Aug 17 14:29:34 pcc-home-page-one.novalocal systemd[1]: Started backup service for production.
Aug 17 14:29:35 pcc-home-page-one.novalocal backup.sh[1467]: Permission denied, please try again.
Aug 17 14:29:35 pcc-home-page-one.novalocal backup.sh[1467]: Permission denied, please try again.
Aug 17 14:29:35 pcc-home-page-one.novalocal backup.sh[1467]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Aug 17 14:29:35 pcc-home-page-one.novalocal backup.sh[1467]: lost connection
Aug 17 14:29:35 pcc-home-page-one.novalocal systemd[1]: backup.service: main process exited, code=exited, status=1/FAILURE
Aug 17 14:29:35 pcc-home-page-one.novalocal systemd[1]: Unit backup.service entered failed state.
Aug 17 14:29:35 pcc-home-page-one.novalocal systemd[1]: backup.service failed.

Here is my bash script:

#!/usr/bin/env bash

today=$(date +"%d-%m-%Y")

pg_dump -U db_backup -h localhost pcc_db >/tmp/backup-${today}.bak

scp /tmp/backup-${today}.bak ifunk@10.88.59.200:/tmp/

and here is the service file:

[Unit]
Description=backup service for production

[Service]
Type=simple
ExecStart=/home/ifunk/backup.sh

What can I do to get get the scp line in the script to work please?

EDIT: Looking at the journalctl logs I get the following error:

Unregistered Authentication Agent for unix-process:3757:6223410 (system bus name :1.42, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8) (disconnected from bus)

I've set SELinux to Permissive, and run daemon-reload, but the service still fails with this same error.

iFunction
  • 111
  • 1
  • 1
  • 5
  • 1
    Check the logs on the server to find out why scp failed. – Michael Hampton Aug 17 '20 at 17:40
  • I've updated my original post with the error in the logs. I've also tried setting selinux to permissive. In my experience rebooting sets selinux back to enforce so not sure if a reboot is the right course of action. I've run my bash script manually and that works fine, so it is definitely navigation of systemd that is the issue. – iFunction Aug 18 '20 at 08:18
  • Wouldn't this be rather a job for cron than for systemd? – Gerald Schneider Aug 18 '20 at 13:41
  • I can't comment, it seems like quite a heated discussion online, the seasoned devs like crontab, others seem to like the systemd timers, I wanted to learn both, this is me learning systemd. – iFunction Aug 18 '20 at 14:17

1 Answers1

0

This has now been solved thanks to a reddit user u/Skaarj. In his words:

systemd default assumtion is that you are running services as system users (non-human users that don't have a home directory). That's why $HOME is not set.

You can

start your systemd unit as a secific user

or give scp the path to the ssh key using the -i flag

All that was required was to edit the bash script and add the key file to the scp command, the bash script now looks like this:

#!/usr/bin/env bash

today=$(date +"%d-%m-%Y")

pg_dump -U db_backup -h localhost pcc_db >/tmp/backup-${today}.bak

scp -i /home/ifunk/.ssh/id_rsa /tmp/backup-${today}.bak

It now does what it is supposed to and exits cleanly.

iFunction
  • 111
  • 1
  • 1
  • 5