Restore the services using Backupninja pipeline

Restore the services using Backupninja pipeline

This section describes how to restore the MAAS PostgreSQL database, Salt Master node, and Dogtag server files and database using the Backupninja Jenkins pipeline job.


Restore of the Dogtag server and database using the pipeline is available starting from the 2019.2.11 maintenance update only. For previous versions, use the Backupninja pipeline job only to restore the Salt Master node and MAAS PostgreSQL database.

To restore the services using the Jenkins pipeline job:

  1. Verify that you have completed the steps described in Configure the Backupninja restore pipeline.

  2. Log in to the Jenkins web UI.

  3. Select from the following options:

    • For MCP versions prior to 2019.2.6, open the Backupninja restore salt-master/MaaS backup pipeline job.
    • For MCP versions starting from 2019.2.6, open the Backupninja restore pipeline pipeline job.
  4. Specify the required parameters:

    Backupninja restore pipeline parameters
    Parameter Description and values
    SALT_MASTER_URL Add the IP address of your Salt Master node host and the salt-api port. For example,
    CREDENTIALS_ID Add credentials_id as credentials for the connection.
    RESTORE_SALTMASTER_AND_MAAS Added since 2019.2.6 Select to restore Salt Master and MAAS.
    RESTORE_KEYSTONE_CREDENTIAL_KEYS Added since 2019.2.12 Select to restore the Keystone credential keys.
    RESTORE_DOGTAG Added since 2019.2.11 Select to restore the Dogtag files and database.
  5. Click Build.

    The Jenkins pipeline job workflow:

    1. Pillar verification. Verify that initial_data in pillars are defined correctly to prevent any issues related to a wrong configuration during the execution of the pipeline job.

    2. Perform the restore.

      If the pipeline job fails during the Dogtag restore with the "Rendering SLS 'base:barbican.server' failed: Jinja variable 'dict object' has no attribute 'key'" error that may occur, for example, due to the mine data deletion after calling the mine.flush function:

      1. Obtain the Dogtag certificate location:

        salt -C 'I@dogtag:server:role:master' pillar.get \

        Example of system response:

      2. Apply the following state:


        In the state below, substitute the certificate path with the one you obtained in the previous step.

        salt -C 'I@dogtag:server:role:master' mine.send dogtag_admin_cert \ 'cat /etc/dogtag/kra_admin_cert.pem'
      3. Rerun the failed Barbican state.

  6. Verify that the restore completed and, in case of a remote backup storage, moved correctly:

    1. Verify the Salt Master node:
      1. Verify the Salt keys in /etc/salt/pki/.
      2. Verify the model in /srv/salt/reclass.
      3. Try to perform a test ping on the available Salt Minions using
    2. Verify MAAS:
      1. Verify the MAAS UI.
      2. List the available machines in MAAS through the maasng.list_machines Salt module.
  7. Verify Dogtag:

    1. Verify the server data.
    2. Verify the saved secrets in the database.