starlingx/docs
Code Issues Proposed changes

Recommendations regarding expired/invalid certificate in backup.(dsR8)

Browse Source 
Bug: 2077106

Change-Id: Iaaf157cc53f4cf3a42e249c184665739bc9e36a6
Signed-off-by: Suzana Fernandes <Suzana.Fernandes@windriver.com>
This commit is contained in:
Suzana Fernandes 2024-08-14 11:40:55 +00:00 committed by Suzana Barude Fernandes
parent d663b2122b
commit 729b2533fa
3 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/source/backup/kubernetes/backing-up-starlingx-system-data.rst
View File

@ -193,6 +193,7 @@ Execution Time for System Backups
- Systems with at least 4 platform cores will have much faster execution times. - Systems with at least 4 platform cores will have much faster execution times.
.. _recommended-backup-and-retention-policies:
Recommended Backup and Retention Policies Recommended Backup and Retention Policies
----------------------------------------- -----------------------------------------
@ -225,7 +226,8 @@ Recommended Backup and Retention Policies
- Backups should be performed prior to performing maintenance operations or - Backups should be performed prior to performing maintenance operations or
applying configuration changes to the platform or hosted applications. applying configuration changes to the platform or hosted applications.
- The retention period of backups should be approximately one month. - The retention period of backups should be shorter than the shortest certificate
duration on the system to avoid backup files with expired certificates.
- Since Kubernetes is an intent-based system, the most recent backup is the - Since Kubernetes is an intent-based system, the most recent backup is the
most important. most important.

10
doc/source/backup/kubernetes/running-ansible-backup-playbook-locally-on-the-controller.rst
View File

@ -10,6 +10,16 @@ Run Ansible Backup Playbook Locally on the Controller
In this method the Ansible Backup playbook is run on the active controller. In this method the Ansible Backup playbook is run on the active controller.
.. note::
Ensure that all certificates are valid and not expiring soon prior to the
backup. The certificates are not automatically renewed, you MUST renew the
soon-to-expire certificates before the backup operation.
.. warning::
The restore cannot recover expired certificates.
Use one of the following commands to run the Ansible Backup playbook and back Use one of the following commands to run the Ansible Backup playbook and back
up the |prod| configuration, data, and user container images in registry.local: up the |prod| configuration, data, and user container images in registry.local:

9
doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst
View File

@ -101,10 +101,17 @@ Below you can find other ``-e`` command line options:
contains all the ssl_ca certificates that will be installed during the contains all the ssl_ca certificates that will be installed during the
restore. It will replace restore. It will replace
``/opt/platform/config/<software-version>/ca-cert.pem``, which is a ``/opt/platform/config/<software-version>/ca-cert.pem``, which is a
single certificate containing all the ssl_ca certificates installed in single file containing all the ssl_ca certificates installed in
the host when the backup was done. The certificate assigned to this the host when the backup was done. The certificate assigned to this
parameter must follow this same pattern. parameter must follow this same pattern.
.. note::
The ssl_ca certificates are not automatically renewed, you MUST renew
the soon-to-expire certificates before the backup operation. The expired
ssl_ca certificates are not restored.
For more details, see :ref: `Recommended Backup and Retention Policies<recommended-backup-and-retention-policies>`.
For example: For example:
.. code-block:: none .. code-block:: none