Backup/Restore CA

Question

Backup/Restore CA

cdenneen opened this issue 2 years ago · 4 comments

Backup CA to be copied to newly provisioned infrastructure.
Saving all the certificates (agents, etc) to be re-used rather than having to re-provision those.

Backup CA
Restore CA

Answer 1 · 2022-10-20T15:27:16.000Z

Hey @cdenneen

The Backup and Restore plans already do this, but it's not been thoroughly tested.

Also the puppet-backup create command does that..

We created an internal ticket to properly test the PEAM backup/restore plans

Answer 2 · 2022-10-20T16:49:47.000Z

@mcka1n I don’t see in the task it backing up the SSL for the CA. Can you show me where?

Answer 3 · 2022-10-27T15:04:43.000Z

Sure thing, this is the line in the Backup plan for CA:

https://github.com/puppetlabs/puppetlabs-peadm/blob/main/plans/backup.pp#L76

And it is running the puppet-backup create ... --scope = certs and in the Puppet docs, we have listed that the certs scope is doing the backup for this directory: /etc/puppetlabs/puppet/ssl/

https://puppet.com/docs/pe/2019.8/backing_up_and_restoring_pe.html#directories-data-backed-up

Answer 4 · 2024-01-17T15:41:40.000Z

I Split the backup CA part of the above to allow this to be done in the meantime. #400 There is more thorough testing going on for the full backup restore functionality at the moment and will probably replace the CA specific one in due course. Will Close the issue as it can be done via either of these two routes.