Backup and Restore does not include all the content under /etc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Virginia Martins Perozim |
Bug Description
Brief Description
-----------------
Backup and restore does not include the configuration required to enable a secure openldap. The configuration is created in "/etc/openldap" directory. It's expected that B&R includes all the data under /etc
Severity
--------
Major
Steps to Reproduce
------------------
Create an openldap certificate.
CertMon will detect the new certificate and will trigger the secure openldap configuration updates as follows:
1. store certificate and key files in "/etc/openldap/
controller-
total 116
drwxr-xr-x. 2 root root 4096 May 3 20:13 .
drwxr-----. 6 root root 4096 May 3 20:16 ..
-rw-r--r--. 1 root root 65536 May 3 17:22 cert8.db
-rw-r--r--. 1 root root 16384 May 3 17:22 key3.db
-rw-r--r-- 1 ldap ldap 1090 May 3 20:16 openldap-cert.crt
-rw-r--r-- 1 ldap ldap 1679 May 3 20:16 openldap-cert.key
-r--r-----. 1 root ldap 45 May 3 17:21 password
-rw-r--r--. 1 root root 16384 May 3 17:21 secmod.db
-rw-r--r--. 1 root root 0 May 3 17:22 .slapd-leave
2. update /etc/openldap/
controller-
AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
CRC32 2a03daf9
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/
olcConfigDir: /etc/openldap/
-------
entryUUID: 3effb13f-
creatorsName: cn=config
createTimestamp: 20220503174350Z
olcTLSCertifica
olcTLSCertifica
entryCSN: 20220503201653.
modifiersName: cn=config
modifyTimestamp: 20220503201653Z
3. add ldaps configuration to slapd in "/etc/rc.
controller-
root 93790 1 0 22:31 ? 00:00:00 /usr/sbin/slapd -h ldap:/// -F /etc/openldap/
root 146195 121213 0 22:40 ttyS0 00:00:00 grep --color=auto slapd
Expected Behavior
------------------
After a system backup and restore, steps 1 to 3 are not executed.
Actual Behavior
----------------
The secure openldap configuration (steps 1 to 3) is missing.
Reproducibility
---------------
100% reproducible
System Configuration
-------
AIO-SX
Branch/Pull Time/Commit
-------
Starlingx master
Last Pass
---------
-
Timestamp/Logs
--------------
-
Test Activity
-------------
Backup and Restore with openldap feature configured
Workaround
----------
Manually update missing configuration
Changed in starlingx: | |
importance: | Undecided → Medium |
Changed in starlingx: | |
assignee: | nobody → Virginia Martins Perozim (vmperozim) |
tags: | added: stx.7.0 stx.update |
Fix proposed to branch: master /review. opendev. org/c/starlingx /ansible- playbooks/ +/849146
Review: https:/