starlingx/docs
Code Issues Proposed changes

Notes regarding restore

Browse Source 
Closes-bug: 2090922

Change-Id: Ib54c4065e5c59088807e97c028099691df652f45
Signed-off-by: Suzana Fernandes <Suzana.Fernandes@windriver.com>
This commit is contained in:
Suzana Fernandes
2024-12-03 12:19:07 +00:00
parent 4b0d6f789e
commit c77108bf63
2 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst
View File

@@ -24,6 +24,12 @@ following commands to run the Ansible Restore playbook:
~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/restore_platform.yml -e "initial_backup_dir=<location_of_tarball ansible_become_pass=<admin_password> admin_password=<admin_password backup_filename=<backup_filename> wipe_ceph_osds=<true/false> ssl_ca_certificate_file=<complete path>/<ssl_ca certificates file>" ~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/restore_platform.yml -e "initial_backup_dir=<location_of_tarball ansible_become_pass=<admin_password> admin_password=<admin_password backup_filename=<backup_filename> wipe_ceph_osds=<true/false> ssl_ca_certificate_file=<complete path>/<ssl_ca certificates file>"
.. note::
If there are any expired ``ssl_ca`` certificates in the backup, the restore
(both, legacy and optimized) filters out the expired certificates and
restores only the valid ones.
Below you can find other ``-e`` command line options: Below you can find other ``-e`` command line options:
**Common** **Common**
@@ -117,19 +123,15 @@ Below you can find other ``-e`` command line options:
hardware. For more details, see :ref:`node-replacement-for-aiominussx-using-optimized-backup-and-restore-6603c650c80d`. hardware. For more details, see :ref:`node-replacement-for-aiominussx-using-optimized-backup-and-restore-6603c650c80d`.
- ``ssl_ca_certificate_file`` defines a single certificate that - ``ssl_ca_certificate_file`` defines a single certificate or a bundle that
contains all the ssl_ca certificates that will be installed during the contains all the ``ssl_ca`` certificates that will be installed during the
restore. It will replace restore.
``/opt/platform/config/<software-version>/ca-cert.pem``, which is a
single file containing all the ssl_ca certificates installed in
the host when the backup was done. The certificate assigned to this
parameter must follow this same pattern.
.. note:: .. note::
The ssl_ca certificates are not automatically renewed, you MUST renew The ``ssl_ca`` certificates are not automatically renewed, you MUST renew
the soon-to-expire certificates before the backup operation. The expired the soon-to-expire certificates before the backup operation. The expired
ssl_ca certificates are not restored. ``ssl_ca`` certificates are not restored.
For more details, see :ref:`Recommended Backup and Retention Policies<recommended-backup-and-retention-policies>`. For more details, see :ref:`Recommended Backup and Retention Policies<recommended-backup-and-retention-policies>`.
For example: For example:
@@ -142,6 +144,16 @@ Below you can find other ``-e`` command line options:
-e "ssl_ca_certificate_file=/home/sysadmin/new_ca-cert.pem" -e "ssl_ca_certificate_file=/home/sysadmin/new_ca-cert.pem"
.. note::
In **legacy** restore, when this option is used, it replaces all
``ssl_ca`` certificates in the backup {{
with the one specified in ``ssl_ca_certificate_file``.
In the **optimized** restore, when this option is used, it adds certificates
from ``ssl_ca_certificate_file`` to the existing ``ssl_ca`` certificates in
the backup” }}.
This parameter depends on ``on_box_data`` value. This parameter depends on ``on_box_data`` value.
When ``on_box_data=true`` or not defined, ``ssl_ca_certificate_file`` When ``on_box_data=true`` or not defined, ``ssl_ca_certificate_file``

20
doc/source/backup/kubernetes/system-backup-running-ansible-restore-playbook-remotely.rst
View File

@@ -142,13 +142,9 @@ In this method you can run Ansible Restore playbook and point to controller-0.
scp: /tmp/.ansible-sysadmin/tmp/ansible-tmp-1687355968.13-696694507261/source: No space left on device scp: /tmp/.ansible-sysadmin/tmp/ansible-tmp-1687355968.13-696694507261/source: No space left on device
- ``ssl_ca_certificate_file`` defines a single certificate that - ``ssl_ca_certificate_file`` defines a single certificate or a bundle that
contains all the ssl_ca certificates that will be installed during the contains all the ``ssl_ca`` certificates that will be installed during the
restore. It will replace the restore.
``/opt/platform/config/<software-version>/ca-cert.pem``, which is a
single certificate containing all the ssl_ca certificates installed in
the host when backup was done. So, the certificate assigned to this
parameter must follow this same pattern.
For example: For example:
@@ -160,6 +156,16 @@ In this method you can run Ansible Restore playbook and point to controller-0.
-e "ssl_ca_certificate_file=/home/sysadmin/new_ca-cert.pem" -e "ssl_ca_certificate_file=/home/sysadmin/new_ca-cert.pem"
.. note::
In **legacy** restore, when this option is used, it replaces all
``ssl_ca`` certificates in the backup {{
with the one specified in ``ssl_ca_certificate_file``.
In the **optimized** restore, when this option is used, it adds certificates
from ``ssl_ca_certificate_file`` to the existing ``ssl_ca`` certificates in
the backup” }}.
.. note:: .. note::
If the backup contains patches, Ansible Restore playbook will apply If the backup contains patches, Ansible Restore playbook will apply