-
Bug
-
Resolution: Done
-
Blocker
-
OADP 1.1.0
-
None
-
False
-
-
False
-
oadp-velero-container-1.1.0-17
-
Passed
-
0
-
0
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
Proposed
-
Yes
Description of problem: on Velero 1.9, Restic backup fails when using CA certificate. Thus it's not possible to use secure port with MCG for example.
Version-Release number of selected component (if applicable):
OADP 1.1
Velero 1.9 (Verified also on vanilla velero 1.9 and getting the same issue. On 1.7 it didn't happen)
How reproducible: 100%
Steps to Reproduce:
1. Create MCG bucket (install OCS first) and creds file. You can use the following script:
https://gitlab.cee.redhat.com/migrationqe/oadp-qe-automation/-/blob/main/backup-locations/mcg/deploy.sh
2. create secret and DPA with MCG:
oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=credentials oc get configmap -n openshift-config kube-root-ca.crt -o jsonpath='{.data.ca\.crt}' > cacert cat <<EOF | oc create -f - apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: namespace: openshift-adp name: example-velero spec: configuration: velero: defaultPlugins: - openshift - aws restic: enable: true backupLocations: - name: default velero: provider: aws default: true objectStorage: bucket: $BUCKET prefix: velero caCert: $(cat cacert | base64 -w 0) config: insecureSkipTLSVerify: 'false' profile: noobaa region: noobaa s3ForcePathStyle: 'true' s3Url: https://$(oc get route s3 -n openshift-storage -o jsonpath='{.spec.host}') credential: name: cloud-credentials key: cloud EOF
3. create some application with PVC
4. Create a restic backup of the application:
alias velero='oc -n openshift-adp exec deployment/velero -c velero -- ./velero' velero backup create backup$((i++)) --include-namespaces=oadp93 --default-volumes-to-restic --snapshot-volumes=false
5. After the backup is failing, check the velero logs for errors
Actual results:
velero backup logs backup4 --insecure-skip-tls-verify| grep error time="2022-07-22T14:11:27Z" level=info msg="1 errors encountered backup up item" backup=openshift-adp/backup4 logSource="pkg/backup/backup.go:413" name=mysql-6c5dc95db9-lcj2t time="2022-07-22T14:11:27Z" level=error msg="Error backing up item" backup=openshift-adp/backup4 error="pod volume backup failed: running Restic backup, stderr=unable to read root certificate: open /tmp/cacert-example-velero-12352206643: no such file or directory\ngithub.com/restic/restic/internal/backend.Transport\n\t/remote-source/src/github.com/restic/restic/internal/backend/http_transport.go:110\nmain.open\n\t/remote-source/src/github.com/restic/restic/cmd/restic/global.go:687\nmain.OpenRepository\n\t/remote-source/src/github.com/restic/restic/cmd/restic/global.go:421\nmain.runBackup\n\t/remote-source/src/github.com/restic/restic/cmd/restic/cmd_backup.go:524\nmain.glob..func2\n\t/remote-source/src/github.com/restic/restic/cmd/restic/cmd_backup.go:61\ngithub.com/spf13/cobra.(*Command).execute\n\t/remote-source/restic/deps/gomod/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:856\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/remote-source/restic/deps/gomod/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:974\ngithub.com/spf13/cobra.(*Command).Execute\n\t/remote-source/restic/deps/gomod/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:902\nmain.main\n\t/remote-source/src/github.com/restic/restic/cmd/restic/main.go:98\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:255\nruntime.goexit\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1581\n: exit status 1" error.file="/remote-source/src/github.com/vmware-tanzu/velero/pkg/restic/backupper.go:199" error.function="github.com/vmware-tanzu/velero/pkg/restic.(*backupper).BackupPodVolumes" logSource="pkg/backup/backup.go:417" name=mysql-6c5dc95db9-lcj2t [mperetz@mperetz oadp-qe-automation]$
Additional info:
- mentioned on