Add backupninja meta for dogtag formula

Related: PROD-32863

Change-Id: I47c740a38455b469d8dc4c641998a1a55b03f5a6
diff --git a/dogtag/meta/backupninja.yml b/dogtag/meta/backupninja.yml
new file mode 100644
index 0000000..c894906
--- /dev/null
+++ b/dogtag/meta/backupninja.yml
@@ -0,0 +1,26 @@
+backup:
+  dogtag-prepare:
+    handler: sh
+    actions:
+    - cmd: |
+        grep internal= /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > /etc/dogtag/internal.txt
+        grep internaldb= /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > /etc/dogtag/pass.txt
+        PKCS12Export -debug -d /var/lib/pki/pki-tomcat/alias -p /etc/dogtag/internal.txt -o /etc/dogtag/ca-certs.p12 -w /etc/dogtag/pass.txt
+        echo '-----BEGIN NEW CERTIFICATE REQUEST-----' > /etc/dogtag/ca_signing.csr
+        sed -n '/^ca.signing.certreq=/ s/^[^=]*=// p' < /var/lib/pki/pki-tomcat/ca/conf/CS.cfg >> /etc/dogtag/ca_signing.csr
+        echo '-----END NEW CERTIFICATE REQUEST-----' >> /etc/dogtag/ca_signing.csr
+        /usr/sbin/db2bak-online -Z pki-tomcat -j /etc/dogtag/pass.txt -A /var/lib/dirsrv/slapd-pki-tomcat/bak
+        rm -f /etc/dogtag/internal.txt /etc/dogtag/pass.txt
+  dogtag:
+    fs_includes:
+    - /etc/pki/pki-tomcat
+    - /etc/sysconfig/pki-tomcat
+    - /etc/sysconfig/pki/tomcat/pki-tomcat
+    - /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@$pki-tomcat.service
+    - /var/lib/pki/pki-tomcat
+    - /var/log/pki/pki-tomcat
+    - /usr/share/pki/server/conf/database.conf
+    - /usr/share/pki/server/conf/schema.conf
+    - /etc/dogtag/ca-certs.p12
+    - /var/lib/dirsrv/slapd-pki-tomcat/bak
+    fs_excludes: []
diff --git a/metadata/support.yml b/metadata/support.yml
new file mode 100644
index 0000000..7ff1b7d
--- /dev/null
+++ b/metadata/support.yml
@@ -0,0 +1,5 @@
+parameters:
+  dogtag:
+    _support:
+      backupninja:
+        enabled: true
\ No newline at end of file