Skip to content

Backup and restore custom CA certificates #281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 23, 2017
Merged

Backup and restore custom CA certificates #281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dd67968
Backup and restore ca certificates
snh Nov 18, 2016
328e89a
Don't suppress output
snh Nov 18, 2016
88ed581
Check if command exists so to expose errors
snh Dec 22, 2016
074bd37
Backup not restore
snh Dec 22, 2016
eb25675
Use which instead of type to verify existence
snh Dec 22, 2016
6fcde2c
Silence test output
snh Feb 2, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion share/github-backup-utils/ghe-backup-settings
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
#/ Usage: ghe-backup-settings
#/ Restore settings from a snapshot to the given <host>.
#/ Backup settings from a snapshot to the given <host>.
set -e

# Bring in the backup configuration
Expand Down Expand Up @@ -45,6 +45,11 @@ if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
fi
fi

if ghe-ssh "$host" -- "which ghe-export-ssl-ca-certificates 1>/dev/null"; then
echo "* Transferring CA certificates ..." 1>&3
ghe-ssh "$host" -- "ghe-export-ssl-ca-certificates" > ssl-ca-certificates.tar
fi

if [ "$GHE_BACKUP_STRATEGY" = "cluster" ]; then
echo "* Transferring cluster configuration ..." 1>&3
if ! ghe-ssh "$host" -- "sudo cat $GHE_REMOTE_CLUSTER_CONF_FILE 2>/dev/null" > cluster.conf; then
Expand Down
7 changes: 7 additions & 0 deletions share/github-backup-utils/ghe-restore-settings
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,11 @@ if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/saml-keys.tar" ]; then
ghe-ssh "$GHE_HOSTNAME" -- "sudo tar -C $GHE_REMOTE_DATA_USER_DIR/common/ -xf -"
fi

# Restore CA certificates if present.
if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/ssl-ca-certificates.tar" ]; then
echo "Restoring CA certificates ..."
cat "$GHE_RESTORE_SNAPSHOT_PATH/ssl-ca-certificates.tar" |
ghe-ssh "$GHE_HOSTNAME" -- "ghe-import-ssl-ca-certificates"
fi

bm_start "$(basename $0)"
1 change: 1 addition & 0 deletions test/bin/ghe-export-ssl-ca-certificates
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ghe-fake-export-command
1 change: 1 addition & 0 deletions test/bin/ghe-import-ssl-ca-certificates
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ghe-fake-import-command
9 changes: 9 additions & 0 deletions test/test-ghe-backup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,9 @@ begin_test "ghe-backup first snapshot"

# verify the UUID was transferred
diff -ru "$GHE_REMOTE_DATA_USER_DIR/common/uuid" "$GHE_DATA_DIR/current/uuid"

# check that ca certificates were backed up
[ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ]
fi

# verify that ghe-backup wrote its version information to the host
Expand Down Expand Up @@ -235,6 +238,9 @@ begin_test "ghe-backup subsequent snapshot"

# verify the UUID was transferred
diff -ru "$GHE_REMOTE_DATA_USER_DIR/common/uuid" "$GHE_DATA_DIR/current/uuid"

# check that ca certificates were backed up
[ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ]
fi
)
end_test
Expand Down Expand Up @@ -335,6 +341,9 @@ begin_test "ghe-backup with relative data dir path"

# verify the UUID was transferred
diff -ru "$GHE_REMOTE_DATA_USER_DIR/common/uuid" "$GHE_DATA_DIR/current/uuid"

# check that ca certificates were backed up
[ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ]
fi

# verify that ghe-backup wrote its version information to the host
Expand Down
7 changes: 7 additions & 0 deletions test/test-ghe-restore.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ echo "fake ghe-export-es-indices data" > "$GHE_DATA_DIR/current/elasticsearch.ta
echo "fake ghe-export-ssh-host-keys data" > "$GHE_DATA_DIR/current/ssh-host-keys.tar"
echo "fake ghe-export-repositories data" > "$GHE_DATA_DIR/current/repositories.tar"
echo "fake ghe-export-settings data" > "$GHE_DATA_DIR/current/settings.json"
echo "fake ghe-export-ssl-ca-certificates data" > "$GHE_DATA_DIR/current/ssl-ca-certificates.tar"
echo "fake license data" > "$GHE_DATA_DIR/current/enterprise.ghl"
echo "fake manage password hash data" > "$GHE_DATA_DIR/current/manage-password"
echo "rsync" > "$GHE_DATA_DIR/current/strategy"
Expand Down Expand Up @@ -288,6 +289,9 @@ begin_test "ghe-restore -c into unconfigured vm"

# verify the UUID was transferred
diff -ru "$GHE_DATA_DIR/current/uuid" "$GHE_REMOTE_DATA_USER_DIR/common/uuid"

# verify ghe-export-ssl-ca-certificates was run
grep -q "fake ghe-export-ssl-ca-certificates data" "$TRASHDIR/restore-out"
fi
)
end_test
Expand Down Expand Up @@ -356,6 +360,9 @@ begin_test "ghe-restore into unconfigured vm"
# verify the UUID was transferred
diff -ru "$GHE_DATA_DIR/current/uuid" "$GHE_REMOTE_DATA_USER_DIR/common/uuid"

# verify ghe-export-ssl-ca-certificates was run
grep -q "fake ghe-export-ssl-ca-certificates data" "$TRASHDIR/restore-out"

# verify no config run after restore on unconfigured instance
! grep -q "ghe-config-apply OK" "$TRASHDIR/restore-out"
fi
Expand Down