During restore, the ca-cert.pem file is extracted from the backup tar.
Because there are multiple ca-cert.pem files in the tar and
both wildcard and transform options are used, the wrong
one was being selected.
The tar extract command has been narrowed to use an exact file path for
the copy in platform config.
By using the copy from /opt, backing up the ca-cert in /etc can be skipped.
TEST PLAN
PASS Create a backup (Debian SX/DX)
PASS Restore from backup
PASS Confirm that ca-cert was installed:
source /etc/platform/openrc; system certificate-list
PASS Confirm ca-certs all match: sha256sum /etc/ssl/certs/ca-cert.pem sha256sum /opt/platform/config/22.12/ca-cert.pem
tar xfO ~/localhost_platform_backup.tgz \ opt/platform/config/22.12/ca-cert.pem | sha256sum
Reviewed: https:/ /review. opendev. org/c/starlingx /ansible- playbooks/ +/856845 /opendev. org/starlingx/ ansible- playbooks/ commit/ 70c19c7c961d086 f303623dcf5dca8 67a7b569d6
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 70c19c7c961d086 f303623dcf5dca8 67a7b569d6
Author: Joshua Kraitberg <email address hidden>
Date: Fri Sep 9 11:50:10 2022 -0400
Refine ca-cert.pem extraction command
During restore, the ca-cert.pem file is extracted from the backup tar.
Because there are multiple ca-cert.pem files in the tar and
both wildcard and transform options are used, the wrong
one was being selected.
The tar extract command has been narrowed to use an exact file path for
the copy in platform config.
By using the copy from /opt, backing up the ca-cert in /etc can be skipped.
TEST PLAN openrc; system certificate-list
sha256sum /etc/ssl/ certs/ca- cert.pem
sha256sum /opt/platform/ config/ 22.12/ca- cert.pem platform_ backup. tgz \
opt/ platform/ config/ 22.12/ca- cert.pem | sha256sum
PASS Create a backup (Debian SX/DX)
PASS Restore from backup
PASS Confirm that ca-cert was installed:
source /etc/platform/
PASS Confirm ca-certs all match:
tar xfO ~/localhost_
Closes-Bug: 1989150 8eff74643886ca8 db6f9faff13
Signed-off-by: Joshua Kraitberg <email address hidden>
Change-Id: I451d49e52e32e7