Backup/Restore CA

[cdenneen]

Backup CA to be copied to newly provisioned infrastructure.
Saving all the certificates (agents, etc) to be re-used rather than having to re-provision those.

1. Backup CA
2. Restore CA

[mcka1n]

Hey @cdenneen

The Backup and Restore plans already do this, but it's not been thoroughly tested.

Also the puppet-backup create command does that..

We created an internal ticket to properly test the PEAM backup/restore plans

[cdenneen]

@mcka1n I don’t see in the task it backing up the SSL for the CA. Can you show me where?

[mcka1n]

Sure thing, this is the line in the Backup plan for CA:

https://github.com/puppetlabs/puppetlabs-peadm/blob/main/plans/backup.pp#L76

And it is running the puppet-backup create ... --scope = certs and in the Puppet docs, we have listed that the certs scope is doing the backup for this directory: /etc/puppetlabs/puppet/ssl/

https://puppet.com/docs/pe/2019.8/backing_up_and_restoring_pe.html#directories-data-backed-up

[ragingra]

I Split the backup CA part of the above to allow this to be done in the meantime. #400 There is more thorough testing going on for the full backup restore functionality at the moment and will probably replace the CA specific one in due course. Will Close the issue as it can be done via either of these two routes.