commit c7d1c5f97151f7c3867502d3c63d353a5af515a0
author Oleksii Molchanov <omolchanov@mirantis.com> Thu Nov 12 10:53:05 2020 +0200
committer Oleksii Molchanov <omolchanov@mirantis.com> Tue Nov 17 16:58:27 2020 +0200
tree 9645f7d3d68aacc0daee1ff32b4c22b6b75839fa
parent 62147c7b4d0a596557acccc325d2f0120e9a8392

Add restore scripts for keystone credentials

Related-Prod: PROD-35496
Change-Id: Ic6b81b726e383eeb4333e1042bc7d58d0fee8419

keystone/files/restore_keystone.sh

diff --git a/keystone/files/restore_keystone.sh b/keystone/files/restore_keystone.sh
new file mode 100644
index 0000000..09051e2
--- /dev/null
+++ b/keystone/files/restore_keystone.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+{%- from "keystone/map.jinja" import server with context %}
+
+{%- if server.initial_data is defined %}
+rm -rf {{ server.credential.location }}.bak
+mkdir -p {{ server.credential.location }}.bak
+mv {{ server.credential.location }} {{ server.credential.location }}.bak
+
+BASENAME=$(basename {{ server.credential.location }})
+
+scp -r backupninja@{{ server.initial_data.source }}:{{ server.initial_data.get('home_dir', '/srv/backupninja') }}/{{ server.initial_data.host }}{{ server.credential.location }}/${BASENAME}.0 {{ server.credential.location }}
+RC=$?
+if [ $RC -gt 0 ]; then
+    mv {{ server.credential.location }}.bak/* {{ server.credential.location }}/
+else
+    chown -R keystone:keystone {{ server.credential.location }}
+    touch /etc/salt/.keystone_restored
+fi
+{%- endif %}

keystone/meta/backupninja.yml

diff --git a/keystone/meta/backupninja.yml b/keystone/meta/backupninja.yml
index b4a61ad..ffb1f57 100644
--- a/keystone/meta/backupninja.yml
+++ b/keystone/meta/backupninja.yml
@@ -1,4 +1,6 @@
+{%- from "keystone/map.jinja" import server with context %}
+
 backup:
   keystone:
     fs_includes:
-    - /var/lib/keystone/credential-keys
+    - {{ server.credential.location }}

keystone/restore.sls

diff --git a/keystone/restore.sls b/keystone/restore.sls
new file mode 100644
index 0000000..b130c72
--- /dev/null
+++ b/keystone/restore.sls
@@ -0,0 +1,18 @@
+{%- from "keystone/map.jinja" import server with context %}
+
+keystone_restore_script:
+  file.managed:
+  - name: /etc/keystone/keystone-restore.sh
+  - source: salt://keystone/files/restore_keystone.sh
+  - template: jinja
+  - user: root
+  - group: root
+  - mode: 700
+
+keystone_run_restore:
+  cmd.run:
+  - name: /bin/bash /etc/keystone/keystone-restore.sh
+  - user: root
+  - unless: "[ -e /etc/salt/.keystone_restored ]"
+  - require:
+    - file: keystone_restore_script