Prepare for the Dogtag backup

Prepare for the Dogtag backup

This section describes how to prepare your environment for the backup of the Dogtag server files and database.

To prepare your environment for the Dogtag backup:

  1. Log in to Salt Master node.

  2. Open the cluster Reclass level of your deployment.

  3. In openstack/barbican.yml, add the following configuration:

    classes:
    - system.openssh.client.root
    parameters:
      backupninja:
        client:
          enabled: false
    
  4. Apply the openssh state on the nodes with Dogtag to create the private key:

    salt -C 'I@dogtag:server' state.sls openssh
    
  5. Verify that the private key has been created with correct permissions:

    salt -C 'I@dogtag:server' cmd.run 'ls -la /root/.ssh'
    

    The file with the following permissions should be present:

    -r-------- 1 root root <DATE> <TIME> id_rsa
    
  6. Update authenticated hosts on the backup server node:

    salt -C '*' state.sls salt.minion.grains
    salt -C '*' mine.update
    salt -C 'I@backupninja:server' state.sls backupninja
    
  7. Verify that the authorized_keys file on the backup server node contains the IP addresses for the kmn nodes:

    salt -C 'I@backupninja:server' cmd.run "su -l backupninja -c 'cat ~/.ssh/authorized_keys'"
    

    Example of system response:

    no-pty,from="10.11.0.67,10.11.0.66,10.11.0.15,10.11.0.65" ssh-rsa AAAAB3NzaC.....6tS7iqfkZ
    

    Note

    Note the IP addresses from the from parameter.

Now, you can proceed with Back up the Dogtag server files and database.