Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-637

Restic backup fails with CA certificate

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • OADP 1.1.0
    • OADP 1.1.0
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • oadp-velero-container-1.1.0-17
    • Passed
    • 0
    • 0
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown
    • Proposed
    • Yes

      Description of problem: on Velero 1.9, Restic backup fails when using CA certificate. Thus it's not possible to use secure port with MCG for example.

       

      Version-Release number of selected component (if applicable):

      OADP 1.1

      Velero 1.9 (Verified also on vanilla velero 1.9 and getting the same issue. On 1.7 it didn't happen)

      How reproducible: 100%

      Steps to Reproduce:
      1. Create MCG bucket (install OCS first) and creds file. You can use the following script:

      https://gitlab.cee.redhat.com/migrationqe/oadp-qe-automation/-/blob/main/backup-locations/mcg/deploy.sh
      2. create secret and DPA with MCG:

      oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials
      oc get configmap -n openshift-config kube-root-ca.crt -o jsonpath='{.data.ca\.crt}' > cacert
      cat <<EOF | oc create -f -
      apiVersion: oadp.openshift.io/v1alpha1
      kind: DataProtectionApplication
      metadata:
        namespace: openshift-adp
        name: example-velero
      spec:
        configuration:
          velero:
            defaultPlugins:
            - openshift
            - aws
          restic:
            enable: true
        backupLocations:
          - name: default
            velero:
              provider: aws
              default: true
              objectStorage:
                bucket: $BUCKET
                prefix: velero
                caCert: $(cat cacert | base64 -w 0)
              config:
                insecureSkipTLSVerify: 'false'
                profile: noobaa
                region: noobaa
                s3ForcePathStyle: 'true'
                s3Url: https://$(oc get route s3 -n openshift-storage -o jsonpath='{.spec.host}')
              credential:
                name: cloud-credentials
                key: cloud
      EOF

      3. create some application with PVC

      4. Create a restic backup of the application:

      alias velero='oc -n openshift-adp exec deployment/velero -c velero -- ./velero'
      velero backup create backup$((i++)) --include-namespaces=oadp93 --default-volumes-to-restic --snapshot-volumes=false

      5. After the backup is failing, check the velero logs for errors

      Actual results:

       velero backup logs backup4 --insecure-skip-tls-verify| grep error 
      time="2022-07-22T14:11:27Z" level=info msg="1 errors encountered backup up item" backup=openshift-adp/backup4 logSource="pkg/backup/backup.go:413" name=mysql-6c5dc95db9-lcj2t
      time="2022-07-22T14:11:27Z" level=error msg="Error backing up item" backup=openshift-adp/backup4 error="pod volume backup failed: running Restic backup, stderr=unable to read root certificate: open /tmp/cacert-example-velero-12352206643: no such file or directory\ngithub.com/restic/restic/internal/backend.Transport\n\t/remote-source/src/github.com/restic/restic/internal/backend/http_transport.go:110\nmain.open\n\t/remote-source/src/github.com/restic/restic/cmd/restic/global.go:687\nmain.OpenRepository\n\t/remote-source/src/github.com/restic/restic/cmd/restic/global.go:421\nmain.runBackup\n\t/remote-source/src/github.com/restic/restic/cmd/restic/cmd_backup.go:524\nmain.glob..func2\n\t/remote-source/src/github.com/restic/restic/cmd/restic/cmd_backup.go:61\ngithub.com/spf13/cobra.(*Command).execute\n\t/remote-source/restic/deps/gomod/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:856\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/remote-source/restic/deps/gomod/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:974\ngithub.com/spf13/cobra.(*Command).Execute\n\t/remote-source/restic/deps/gomod/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:902\nmain.main\n\t/remote-source/src/github.com/restic/restic/cmd/restic/main.go:98\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:255\nruntime.goexit\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1581\n: exit status 1" error.file="/remote-source/src/github.com/vmware-tanzu/velero/pkg/restic/backupper.go:199" error.function="github.com/vmware-tanzu/velero/pkg/restic.(*backupper).BackupPodVolumes" logSource="pkg/backup/backup.go:417" name=mysql-6c5dc95db9-lcj2t
      [mperetz@mperetz oadp-qe-automation]$ 
       

       

       

       

      Additional info:

              sseago Scott Seago
              mperetz@redhat.com Maya Peretz
              Maya Peretz Maya Peretz
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: