Bug 2020268 - [17.0] Enable encrypted backups
Summary: [17.0] Enable encrypted backups
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: tripleo-ansible
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ga
: 17.0
Assignee: Fernando Díaz
QA Contact: Sree
URL:
Whiteboard:
Depends On:
Blocks: 2020312 2020549
TreeView+ depends on / blocked
 
Reported: 2021-11-04 13:54 UTC by Juan Larriba
Modified: 2022-09-21 12:17 UTC (History)
3 users (show)

Fixed In Version: tripleo-ansible-3.3.1-0.20220407002051.0bc2994.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2020312 (view as bug list)
Environment:
Last Closed: 2022-09-21 12:17:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 832785 0 None MERGED bnr - Enable encrypted backups 2022-04-19 11:36:33 UTC
OpenStack gerrit 834726 0 None MERGED bnr - Enable encrypted backups 2022-04-19 11:36:30 UTC
Red Hat Issue Tracker OSP-10671 0 None None None 2021-11-15 12:29:52 UTC
Red Hat Issue Tracker UPG-4738 0 None None None 2021-11-04 15:23:16 UTC
Red Hat Product Errata RHEA-2022:6543 0 None None None 2022-09-21 12:17:41 UTC

Description Juan Larriba 2021-11-04 13:54:45 UTC 
As stated in #1907967, ReaR supports encrypted backups by setting up the variables BACKUP_PROG_CRYPT_ENABLED and BACKUP_PROG_CRYPT_KEY.

Those keys should be configurable by the ansible automation.
Comment 4 Fernando Díaz 2022-07-08 09:49:20 UTC 
For decrypt the backup file it is required to run the command: 

dd if=backup.tar.gz | /usr/bin/openssl des3 -d -k "1234" | tar -C /ctl_plane_backups/undercloud-0/ -xzvf - '*.conf'

In this case the backup.tar.gz file is located in the folder /ctl_plane_backups/undercloud-0/ and the encryption key is "1234"
Comment 10 errata-xmlrpc 2022-09-21 12:17:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543
Note You need to log in before you can comment on or make changes to this bug.