This section describes how to restore the MAAS PostgreSQL database, Salt Master node, and Dogtag server files and database using the Backupninja Jenkins pipeline job.
Note
Restore of the Dogtag server and database using the pipeline is available starting from the 2019.2.11 maintenance update only. For previous versions, use the Backupninja pipeline job only to restore the Salt Master node and MAAS PostgreSQL database.
To restore the services using the Jenkins pipeline job:
Verify that you have completed the steps described in Configure the Backupninja restore pipeline.
Log in to the Jenkins web UI.
Select from the following options:
Specify the required parameters:
Parameter | Description and values |
---|---|
SALT_MASTER_URL | Add the IP address of your Salt Master node host and the
salt-api port. For example, http://172.18.170.27:6969 . |
CREDENTIALS_ID | Add credentials_id as credentials for the connection. |
RESTORE_SALTMASTER_AND_MAAS Added since 2019.2.6 | Select to restore Salt Master and MAAS. |
RESTORE_KEYSTONE_CREDENTIAL_KEYS Added since 2019.2.12 | Select to restore the Keystone credential keys. |
RESTORE_DOGTAG Added since 2019.2.11 | Select to restore the Dogtag files and database. |
Click Build.
The Jenkins pipeline job workflow:
Pillar verification. Verify that initial_data
in pillars are
defined correctly to prevent any issues related to a wrong
configuration during the execution of the pipeline job.
Perform the restore.
If the pipeline job fails during the Dogtag restore with the
"Rendering SLS 'base:barbican.server' failed: Jinja variable
'dict object' has no attribute 'key'"
error that may occur, for
example, due to the mine data deletion after calling the mine.flush
function:
Obtain the Dogtag certificate location:
salt -C 'I@dogtag:server:role:master' pillar.get \
dogtag:server:export_pem_file_path
Example of system response:
/etc/dogtag/kra_admin_cert.pem
Apply the following state:
Note
In the state below, substitute the certificate path with the one you obtained in the previous step.
salt -C 'I@dogtag:server:role:master' mine.send dogtag_admin_cert \
mine_function=cmd.run 'cat /etc/dogtag/kra_admin_cert.pem'
Rerun the failed Barbican state.
Verify that the restore completed and, in case of a remote backup storage, moved correctly:
/etc/salt/pki/
./srv/salt/reclass
.test.ping
.maasng.list_machines
Salt module.Verify Dogtag: