Prepare for the Dogtag backup¶

This section describes how to prepare your environment for the backup of the Dogtag server files and database.

To prepare your environment for the Dogtag backup:

1. Log in to Salt Master node.

2. Open the cluster Reclass level of your deployment.

3. In openstack/barbican.yml, add the following configuration:

   classes:
   - system.openssh.client.root
   parameters:
     backupninja:
       client:
         enabled: false
   

4. Apply the openssh state on the nodes with Dogtag to create the private key:

   salt -C 'I@dogtag:server' state.sls openssh
   

5. Verify that the private key has been created with correct permissions:

   salt -C 'I@dogtag:server' cmd.run 'ls -la /root/.ssh'
   

   The file with the following permissions should be present:

   -r-------- 1 root root <DATE> <TIME> id_rsa
   

6. Update authenticated hosts on the backup server node:

   salt -C '*' state.sls salt.minion.grains
   salt -C '*' mine.update
   salt -C 'I@backupninja:server' state.sls backupninja
   

7. Verify that the authorized_keys file on the backup server node contains the IP addresses for the kmn nodes:

   salt -C 'I@backupninja:server' cmd.run "su -l backupninja -c 'cat ~/.ssh/authorized_keys'"
   

   Example of system response:

   no-pty,from="10.11.0.67,10.11.0.66,10.11.0.15,10.11.0.65" ssh-rsa AAAAB3NzaC.....6tS7iqfkZ
   

   Note

   Note the IP addresses from the from parameter.

Now, you can proceed with Back up the Dogtag server files and database.