New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BACKUP=CDM missing security certificate for replica Rubrik instance #3208
Comments
@rmccrack If you look into the
And also check script |
The issue is not with starting the Rubrik agent, it is that the original Rubrik installation, which is what the iso contains, does not have the correct security certificate for the replica Rubrik instance. This is embedded in the rpm package that is normally downloaded from the Rubrik instance, and is installed when that package is installed. It is possible to download that package, as the curl utility does seem to be available. But once downloaded, neither rpm nor yum are available to install the replacement package, and without that one cannot complete the step of registering the system by IP address on the replica Rubrik instance. Consequently, one cannot complete the recovery. |
@rmccrack Certificates of Rubrik are stored on your original system on a dedicated location. Please check the Rubrik documentation if you don't know it by heart. You could also verify inside the RPM package with |
@rmccrack In particular there is no software package management You could add what you like to the ReaR recovery system All what is needed for "rear recover" must be put So the missing "security certificate" has to be be put This is what @gdha tried to tell you. In case of emergency during "rear recover" you can add FYI Usually we at ReaR upstream do not have or use third-party backup tools In case of issues with third-party backup tools and ReaR |
First, all the "COPY_AS_IS" information is beside the point, because the required certificate for the Rubrik replica server is not on the original system. True, I could anticipate and stash the required file somewhere, but then the user would have to have a simple way to stop the Rubrik agent, move the certificate file into place, and restart the agent. With the usual "service" or "systemctl" utilities non-existent (apparently) that's not a trivial issue and at the very least your program should be putting detailed instructions to the screen for this when a replica is to be used. If you are not intending to support use of a Rubrik replica instance for a restore, why do you prompt for a yes/no answer regarding whether the original CDM instance is being used for recovery? And then, if the answer is no, prompt for the IP address of a node in the replica instance? These are valid questions if you can use the replica to restore from. Otherwise, they are misleading because the fact is, one can only use the original instance as the code stands today. What I need is for our average off-hours support technician to be able to use this product to get a trashed unix virtual system back up and running in a reasonable period of time. They aren't going to know all the intricacies of either ReaR or Rubrik to "work around" this issue. And for reasons I won't detail, as often as not a replica copy needs to be used. |
ReaR version ("/usr/sbin/rear -V"):
rear-2.7-1.git.5366
If your ReaR version is not the current version, explain why you can't upgrade:
OS version ("cat /etc/os-release" or "lsb_release -a" or "cat /etc/rear/os.conf"):
RHEL 7.9
ReaR configuration files ("cat /etc/rear/site.conf" and/or "cat /etc/rear/local.conf"):
Hardware vendor/product (PC or PowerNV BareMetal or ARM) or VM (KVM guest or PowerVM LPAR):
Vmware VM
System architecture (x86 compatible or PPC64/PPC64LE or what exact ARM device):
Firmware (BIOS or UEFI or Open Firmware) and bootloader (GRUB or ELILO or Petitboot):
Storage (local disk or SSD) and/or SAN (FC or iSCSI or FCoE) and/or multipath (DM or NVMe):
Storage layout ("lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,LABEL,SIZE,MOUNTPOINT"):
Description of the issue (ideally so that others can reproduce it):
When I attempt a restore from an iso created
using the rear -v mkrescue command,
and select the option to restore from a replica Rubrik cluster,
the agent will not register on the replica cluster
when I attempt to register it using the IP address.
I get an error indicating the agent is not running
(refusal to connect on port 12801).
When I check on the partially restored system,
the Rubrik agents are not running.
Attempts to start the agents using
"systemctl start rubrikagents"
result in an error
"rubrikagents.service not found"
None I can find so far.
The backup log files did not reflect any errors.
The system I was trying to recover (a Vmware VM)
no longer exists and I have no option left to restore
except to use the Rubrik replica copy of the backup.
You can drag-drop log files into this editor to create an attachment
or paste verbatim text like command output or file content
by including it between a leading and a closing line of
three backticks like this:
The text was updated successfully, but these errors were encountered: