Fix dogtag restore script
* fix permissions issue;
* fix rsync copy path from <dir>/<dir>.0 to <dir>;
* fix typos;
Change-Id: I22554ea9eedb1646fb8d0ab0d2864c50ad96eb34
Related-Prod: PROD-33911
diff --git a/dogtag/files/dogtag-restore.sh b/dogtag/files/dogtag-restore.sh
index b6ad5b1..3b366c8 100644
--- a/dogtag/files/dogtag-restore.sh
+++ b/dogtag/files/dogtag-restore.sh
@@ -15,7 +15,7 @@
SERVER_BACKUP_DIR="{{ server.initial_data.get('home_dir', '/srv/volumes/backup/backupninja') }}"
SERVER_BACKUP_NAME="{{ server.initial_data.host }}"
SERVER_BACKUP_PATH="$SERVER_BACKUP_HOST:$SERVER_BACKUP_DIR/$SERVER_BACKUP_NAME"
-FILES_TO_RESTORE="{{ config_file.backup.dogtag.fs_includes }}"
+FILES_TO_RESTORE="{{ config_file.backup.dogtag.fs_includes|join(' ') }}"
LOG_DIR="/var/log/backups"
RESTORE_LOG="$LOG_DIR/dogtag-restore.log"
RSYNC_USER="{{ server.initial_data.get('rsync_user', 'backupninja') }}"
@@ -32,12 +32,12 @@
echo "Example: dogtag-restore.sh 5"
}
-error(){
+errorMsg(){
echo "$1" 1>&2
exit 1
}
-info(){
+infoMsg(){
echo "-------------------------------------"
echo "$1"
echo "-------------------------------------"
@@ -53,24 +53,24 @@
## Check for log dir
if [ ! -d "$LOG_DIR" ]; then
- info "Creating directory: $LOG_DIR"
+ infoMsg "Creating directory: $LOG_DIR"
mkdir -p $LOG_DIR
fi
{%- if restore_engine == 'rsync' %}
## Get files from remote host
-info "Transfering backup files from remote server..."
+infoMsg "Transfering backup files from remote server..."
for FILE in $FILES_TO_RESTORE
do
FILE_BASENAME=$(basename $FILE)
- rsync $RSYNC_OPTIONS $RSYNC_USER@$SERVER_BACKUP_PATH/$FILE/$FILE_BASENAME.$BACKUP_NUMBER $FILE 2>&1 | tee $RESTORE_LOG
+ rsync $RSYNC_OPTIONS $RSYNC_USER@$SERVER_BACKUP_PATH/$FILE/$FILE_BASENAME.$BACKUP_NUMBER/* $FILE/ 2>&1 | tee $RESTORE_LOG
done
# Check if the scp succeeded or failed
if ! grep -q "No such file or directory" $RESTORE_LOG; then
- info "RSYNC from remote host completed OK"
+ infoMsg "RSYNC from remote host completed OK"
else
- error "RSYNC from remote host FAILED"
+ errorMsg "RSYNC from remote host FAILED"
fi
{%- endif %}
@@ -80,11 +80,20 @@
cp -rf {{ server.initial_data.local_data }} /
{%- endif %}
+infoMsg "Setting permissions..."
+for FILE in $FILES_TO_RESTORE; do
+ if [ -e $FILE/permissions.txt ]; then
+ setfacl --restore=$FILE/permissions.txt
+ else
+ infoMsg "[WARNING] ACL permissions missed for ${FILE}"
+ fi
+done
+
## Restore the DB
-info "Running restoration of the DB..."
+infoMsg "Running restoration of the DB..."
INTERNALDB_PASS=$(awk -Finternaldb= '{print $2}' /var/lib/pki/pki-tomcat/conf/password.conf)
-LATEST_BACKUP=$(ls -td /var/lib/dirsrv/slapd-pki-tomcat/bak -- */ | head -n 1)
-/usr/sbin/bak2db-online -Z pki-tomcat -w $INTERNALDB_PASS -a /var/lib/dirsrv/slapd-pki-tomcat/bak/$LATEST_BACKUP
+LATEST_BACKUP=$(ls -td /var/lib/dirsrv/slapd-pki-tomcat/bak/*/ | head -n 1)
+/usr/sbin/bak2db-online -Z pki-tomcat -w $INTERNALDB_PASS -a $LATEST_BACKUP
touch /etc/salt/.dogtag_restored
{%- endif %}
\ No newline at end of file
diff --git a/dogtag/map.jinja b/dogtag/map.jinja
index 8c58531..6667042 100644
--- a/dogtag/map.jinja
+++ b/dogtag/map.jinja
@@ -1,5 +1,12 @@
{%- load_yaml as server_defaults %}
default:
+ backup_dirs:
+ - /etc/pki/pki-tomcat
+ - /var/lib/pki/pki-tomcat
+ - /var/log/pki/pki-tomcat
+ - /usr/share/pki/server/conf
+ - /etc/dogtag
+ - /var/lib/dirsrv/slapd-pki-tomcat/bak
subsystems:
KRA:
pkgs: [pki-ca, pki-kra]
diff --git a/dogtag/meta/backupninja.yml b/dogtag/meta/backupninja.yml
index 0969f8e..fed75fc 100644
--- a/dogtag/meta/backupninja.yml
+++ b/dogtag/meta/backupninja.yml
@@ -1,3 +1,4 @@
+{%- from "dogtag/map.jinja" import server with context %}
backup:
dogtag-prepare:
handler: sh
@@ -11,14 +12,16 @@
echo '-----END NEW CERTIFICATE REQUEST-----' >> /etc/dogtag/ca_signing.csr
/usr/sbin/db2bak-online -Z pki-tomcat -j /etc/dogtag/pass.txt -A /var/lib/dirsrv/slapd-pki-tomcat/bak
rm -f /etc/dogtag/internal.txt /etc/dogtag/pass.txt
+ {%- for dir in server.backup_dirs %}
+ {%- if dir != '/etc/dogtag' %}
+ getfacl -p {{ dir }} > {{ dir }}/permissions.txt
+ {%- else %}
+ getfacl -pR {{ dir }}/* > {{ dir }}/permissions.txt
+ {%- endif %}
+ {%- endfor %}
dogtag:
fs_includes:
- - /etc/pki/pki-tomcat
- - /etc/sysconfig/pki-tomcat
- - /etc/sysconfig/pki/tomcat/pki-tomcat
- - /var/lib/pki/pki-tomcat
- - /var/log/pki/pki-tomcat
- - /usr/share/pki/server/conf/
- - /etc/dogtag/
- - /var/lib/dirsrv/slapd-pki-tomcat/bak
+ {%- for dir in server.backup_dirs %}
+ - {{ dir }}
+ {%- endfor %}
fs_excludes: []