XSIBACKUP - Link servers by SSL key pair
Up until version 4.5.0 XSIBackup would use the ESXi server's key pair to link to a secondary ESXi box. This was not the best way to accomplish this as the ESXi server changes it's key on every reboot thus breaking up the trust relationship, so you had to manually issue the command--link-srv=[Remote ESXi IP]
after every reboot. Since version 4.5.0 XSIBackup uses its own key pair stored in the same directory where XSIBackup is installed, so this key pair is preserved accross reboots and allows also persistence of the trust relationships stablished by means of the SSL key pair.
What do I have to do to upgrade if I have an older version of XSIBackup into production?
Well, it's very easy, simply overwrite xsibackup file and relink to the secondary server by issuing
--link-srv=[Remote ESXi IP]
This will generate a new key pair into XSIBackup installation directory and use it as XSIBackup's key pair instead of using the ESXi server's (that will change on every reboot).
Any other thing that I should change?
If you didn't change XSIBackup's install dir all other functionalities will keep on working the same.
NEW FILES:
These are the new files that will show up in XSIBackup's install dir after linking to a secondary ESXi server for the first time.
-rw------- 1 root root 668 Aug 13 10:41 xsibackup_id_dsa
-rw-r--r-- 1 root root 604 Aug 13 10:41 xsibackup_id_dsa.pub
The .pub key will be copied to the /etc/ssh/keys-root/authorized_keys file on every linked server, thus allowing transparent secure commutication between the two servers. This publick key will be invoked by XSIBackup on every Rsync over TCP/IP backup operation and tunnel data through SSH.
UPDATE (2016-04-18):
Since version 5.0.0 XSIBackup will change from a DSA key pair to RSA. Thus you will need to relink your servers. This has been imposed by a change in VMWare ESXi 6.0.0 update 2, which does not allow to use DSA keys any more.
