This section describes how to prepare your environment for the backup of the Dogtag server files and database.
To prepare your environment for the Dogtag backup:
Log in to Salt Master node.
Open the cluster Reclass level of your deployment.
In openstack/barbican.yml
, add the following configuration:
classes:
- system.openssh.client.root
parameters:
backupninja:
client:
enabled: false
Apply the openssh state on the nodes with Dogtag to create the private key:
salt -C 'I@dogtag:server' state.sls openssh
Verify that the private key has been created with correct permissions:
salt -C 'I@dogtag:server' cmd.run 'ls -la /root/.ssh'
The file with the following permissions should be present:
-r-------- 1 root root <DATE> <TIME> id_rsa
Update authenticated hosts on the backup server node:
salt -C '*' state.sls salt.minion.grains
salt -C '*' mine.update
salt -C 'I@backupninja:server' state.sls backupninja
Verify that the authorized_keys
file on the backup server node
contains the IP addresses for the kmn
nodes:
salt -C 'I@backupninja:server' cmd.run "su -l backupninja -c 'cat ~/.ssh/authorized_keys'"
Example of system response:
no-pty,from="10.11.0.67,10.11.0.66,10.11.0.15,10.11.0.65" ssh-rsa AAAAB3NzaC.....6tS7iqfkZ
Note
Note the IP addresses from the from
parameter.
Now, you can proceed with Back up the Dogtag server files and database.