From dd679688d61ac85077bc3cbf1eee8b315044f2b2 Mon Sep 17 00:00:00 2001 From: Steven Honson Date: Fri, 18 Nov 2016 11:33:38 -0700 Subject: [PATCH 1/6] Backup and restore ca certificates --- share/github-backup-utils/ghe-backup-settings | 4 ++++ share/github-backup-utils/ghe-restore-settings | 7 +++++++ test/bin/ghe-export-ssl-ca-certificates | 1 + test/bin/ghe-import-ssl-ca-certificates | 1 + test/test-ghe-backup.sh | 9 +++++++++ test/test-ghe-restore.sh | 7 +++++++ 6 files changed, 29 insertions(+) create mode 120000 test/bin/ghe-export-ssl-ca-certificates create mode 120000 test/bin/ghe-import-ssl-ca-certificates diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings index 0982f55ce..14f5fdac9 100755 --- a/share/github-backup-utils/ghe-backup-settings +++ b/share/github-backup-utils/ghe-backup-settings @@ -45,6 +45,10 @@ if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then fi fi +if ghe-ssh "$host" -- "ghe-export-ssl-ca-certificates" > ssl-ca-certificates.tar; then + echo "* Transferring CA certificates ..." 1>&3 +fi + if [ "$GHE_BACKUP_STRATEGY" = "cluster" ]; then echo "* Transferring cluster configuration ..." 1>&3 if ! ghe-ssh "$host" -- "sudo cat $GHE_REMOTE_CLUSTER_CONF_FILE 2>/dev/null" > cluster.conf; then diff --git a/share/github-backup-utils/ghe-restore-settings b/share/github-backup-utils/ghe-restore-settings index a0ac361f4..069b57dae 100755 --- a/share/github-backup-utils/ghe-restore-settings +++ b/share/github-backup-utils/ghe-restore-settings @@ -58,4 +58,11 @@ if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/saml-keys.tar" ]; then ghe-ssh "$GHE_HOSTNAME" -- "sudo tar -C $GHE_REMOTE_DATA_USER_DIR/common/ -xf -" fi +# Restore CA certificates if present. +if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/ssl-ca-certificates.tar" ]; then + echo "Restoring CA certificates ..." + cat "$GHE_RESTORE_SNAPSHOT_PATH/ssl-ca-certificates.tar" | + ghe-ssh "$GHE_HOSTNAME" -- "ghe-import-ssl-ca-certificates >/dev/null" +fi + bm_start "$(basename $0)" diff --git a/test/bin/ghe-export-ssl-ca-certificates b/test/bin/ghe-export-ssl-ca-certificates new file mode 120000 index 000000000..a772e4ad9 --- /dev/null +++ b/test/bin/ghe-export-ssl-ca-certificates @@ -0,0 +1 @@ +ghe-fake-export-command \ No newline at end of file diff --git a/test/bin/ghe-import-ssl-ca-certificates b/test/bin/ghe-import-ssl-ca-certificates new file mode 120000 index 000000000..bc329368a --- /dev/null +++ b/test/bin/ghe-import-ssl-ca-certificates @@ -0,0 +1 @@ +ghe-fake-import-command \ No newline at end of file diff --git a/test/test-ghe-backup.sh b/test/test-ghe-backup.sh index 31c904f7c..53dd9b9dd 100755 --- a/test/test-ghe-backup.sh +++ b/test/test-ghe-backup.sh @@ -151,6 +151,9 @@ begin_test "ghe-backup first snapshot" # verify the UUID was transferred diff -ru "$GHE_REMOTE_DATA_USER_DIR/common/uuid" "$GHE_DATA_DIR/current/uuid" + + # check that ca certificates were backed up + [ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ] fi # verify that ghe-backup wrote its version information to the host @@ -235,6 +238,9 @@ begin_test "ghe-backup subsequent snapshot" # verify the UUID was transferred diff -ru "$GHE_REMOTE_DATA_USER_DIR/common/uuid" "$GHE_DATA_DIR/current/uuid" + + # check that ca certificates were backed up + [ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ] fi ) end_test @@ -335,6 +341,9 @@ begin_test "ghe-backup with relative data dir path" # verify the UUID was transferred diff -ru "$GHE_REMOTE_DATA_USER_DIR/common/uuid" "$GHE_DATA_DIR/current/uuid" + + # check that ca certificates were backed up + [ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ] fi # verify that ghe-backup wrote its version information to the host diff --git a/test/test-ghe-restore.sh b/test/test-ghe-restore.sh index 003db96f3..035a588f8 100755 --- a/test/test-ghe-restore.sh +++ b/test/test-ghe-restore.sh @@ -79,6 +79,7 @@ echo "fake ghe-export-es-indices data" > "$GHE_DATA_DIR/current/elasticsearch.ta echo "fake ghe-export-ssh-host-keys data" > "$GHE_DATA_DIR/current/ssh-host-keys.tar" echo "fake ghe-export-repositories data" > "$GHE_DATA_DIR/current/repositories.tar" echo "fake ghe-export-settings data" > "$GHE_DATA_DIR/current/settings.json" +echo "fake ghe-export-ssl-ca-certificates data" > "$GHE_DATA_DIR/current/ssl-ca-certificates.tar" echo "fake license data" > "$GHE_DATA_DIR/current/enterprise.ghl" echo "fake manage password hash data" > "$GHE_DATA_DIR/current/manage-password" echo "rsync" > "$GHE_DATA_DIR/current/strategy" @@ -288,6 +289,9 @@ begin_test "ghe-restore -c into unconfigured vm" # verify the UUID was transferred diff -ru "$GHE_DATA_DIR/current/uuid" "$GHE_REMOTE_DATA_USER_DIR/common/uuid" + + # verify ghe-export-ssl-ca-certificates was run + grep -q "fake ghe-export-ssl-ca-certificates data" "$TRASHDIR/restore-out" fi ) end_test @@ -356,6 +360,9 @@ begin_test "ghe-restore into unconfigured vm" # verify the UUID was transferred diff -ru "$GHE_DATA_DIR/current/uuid" "$GHE_REMOTE_DATA_USER_DIR/common/uuid" + # verify ghe-export-ssl-ca-certificates was run + grep -q "fake ghe-export-ssl-ca-certificates data" "$TRASHDIR/restore-out" + # verify no config run after restore on unconfigured instance ! grep -q "ghe-config-apply OK" "$TRASHDIR/restore-out" fi From 328e89a597453b235e101e2b14fd14123e7efe15 Mon Sep 17 00:00:00 2001 From: Steven Honson Date: Fri, 18 Nov 2016 12:08:33 -0700 Subject: [PATCH 2/6] Don't suppress output --- share/github-backup-utils/ghe-restore-settings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/github-backup-utils/ghe-restore-settings b/share/github-backup-utils/ghe-restore-settings index 069b57dae..bcb453c1f 100755 --- a/share/github-backup-utils/ghe-restore-settings +++ b/share/github-backup-utils/ghe-restore-settings @@ -62,7 +62,7 @@ fi if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/ssl-ca-certificates.tar" ]; then echo "Restoring CA certificates ..." cat "$GHE_RESTORE_SNAPSHOT_PATH/ssl-ca-certificates.tar" | - ghe-ssh "$GHE_HOSTNAME" -- "ghe-import-ssl-ca-certificates >/dev/null" + ghe-ssh "$GHE_HOSTNAME" -- "ghe-import-ssl-ca-certificates" fi bm_start "$(basename $0)" From 88ed581f15af66a16c9b5449587b904b0dd5ba2d Mon Sep 17 00:00:00 2001 From: Steven Honson Date: Thu, 22 Dec 2016 13:36:55 +1100 Subject: [PATCH 3/6] Check if command exists so to expose errors --- share/github-backup-utils/ghe-backup-settings | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings index 14f5fdac9..8b1273f6e 100755 --- a/share/github-backup-utils/ghe-backup-settings +++ b/share/github-backup-utils/ghe-backup-settings @@ -45,8 +45,9 @@ if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then fi fi -if ghe-ssh "$host" -- "ghe-export-ssl-ca-certificates" > ssl-ca-certificates.tar; then +if ghe-ssh "$host" -- "type ghe-export-ssl-ca-certificates"; then echo "* Transferring CA certificates ..." 1>&3 + ghe-ssh "$host" -- "ghe-export-ssl-ca-certificates" > ssl-ca-certificates.tar fi if [ "$GHE_BACKUP_STRATEGY" = "cluster" ]; then From 074bd37963231c6f389a46475eef122f64401996 Mon Sep 17 00:00:00 2001 From: Steven Honson Date: Thu, 22 Dec 2016 13:38:53 +1100 Subject: [PATCH 4/6] Backup not restore --- share/github-backup-utils/ghe-backup-settings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings index 8b1273f6e..8133a36bf 100755 --- a/share/github-backup-utils/ghe-backup-settings +++ b/share/github-backup-utils/ghe-backup-settings @@ -1,6 +1,6 @@ #!/usr/bin/env bash #/ Usage: ghe-backup-settings -#/ Restore settings from a snapshot to the given . +#/ Backup settings from a snapshot to the given . set -e # Bring in the backup configuration From eb25675126a45df49044a2f21500e27fec460c75 Mon Sep 17 00:00:00 2001 From: Steven Honson Date: Thu, 22 Dec 2016 13:51:40 +1100 Subject: [PATCH 5/6] Use which instead of type to verify existence --- share/github-backup-utils/ghe-backup-settings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings index 8133a36bf..0a6b8d85c 100755 --- a/share/github-backup-utils/ghe-backup-settings +++ b/share/github-backup-utils/ghe-backup-settings @@ -45,7 +45,7 @@ if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then fi fi -if ghe-ssh "$host" -- "type ghe-export-ssl-ca-certificates"; then +if ghe-ssh "$host" -- "which ghe-export-ssl-ca-certificates"; then echo "* Transferring CA certificates ..." 1>&3 ghe-ssh "$host" -- "ghe-export-ssl-ca-certificates" > ssl-ca-certificates.tar fi From 6fcde2cdb667997653c9ed9522e171f16e9e4cb9 Mon Sep 17 00:00:00 2001 From: Steven Honson Date: Thu, 2 Feb 2017 11:17:05 +1100 Subject: [PATCH 6/6] Silence test output --- share/github-backup-utils/ghe-backup-settings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/github-backup-utils/ghe-backup-settings b/share/github-backup-utils/ghe-backup-settings index 0a6b8d85c..d9a67c747 100755 --- a/share/github-backup-utils/ghe-backup-settings +++ b/share/github-backup-utils/ghe-backup-settings @@ -45,7 +45,7 @@ if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then fi fi -if ghe-ssh "$host" -- "which ghe-export-ssl-ca-certificates"; then +if ghe-ssh "$host" -- "which ghe-export-ssl-ca-certificates 1>/dev/null"; then echo "* Transferring CA certificates ..." 1>&3 ghe-ssh "$host" -- "ghe-export-ssl-ca-certificates" > ssl-ca-certificates.tar fi