import rear-2.4-18.el8

This commit is contained in:
CentOS Sources 2021-03-30 13:42:25 -04:00 committed by Stepan Oksanichenko
parent b42cd5791b
commit 7d47e6b7b7
5 changed files with 403 additions and 63 deletions

View File

@ -1,27 +1,3 @@
From 9a2e5bf96df70883fc5978471f72d6bd697116e0 Mon Sep 17 00:00:00 2001
From: Damani <damani@rubrik.com>
Date: Thu, 26 Sep 2019 08:27:53 -0600
Subject: [PATCH] Support for Rubrik
---
.gitignore | 3 +
doc/user-guide/16-Rubrik-CDM.adoc | 106 ++++++++++++++++++
usr/share/rear/conf/default.conf | 11 ++
.../rear/prep/CDM/default/400_prep_cdm.sh | 7 ++
.../prep/CDM/default/450_check_cdm_client.sh | 13 +++
.../CDM/default/400_restore_with_cdm.sh | 19 ++++
.../410_use_replica_cdm_cluster_cert.sh | 43 +++++++
.../CDM/default/430_gen_rbs_uuid_for_cdm.sh | 29 +++++
.../verify/CDM/default/450_start_cdm_rbs.sh | 17 +++
9 files changed, 248 insertions(+)
create mode 100644 doc/user-guide/16-Rubrik-CDM.adoc
create mode 100644 usr/share/rear/prep/CDM/default/400_prep_cdm.sh
create mode 100644 usr/share/rear/prep/CDM/default/450_check_cdm_client.sh
create mode 100644 usr/share/rear/restore/CDM/default/400_restore_with_cdm.sh
create mode 100644 usr/share/rear/verify/CDM/default/410_use_replica_cdm_cluster_cert.sh
create mode 100644 usr/share/rear/verify/CDM/default/430_gen_rbs_uuid_for_cdm.sh
create mode 100644 usr/share/rear/verify/CDM/default/450_start_cdm_rbs.sh
diff --git a/.gitignore b/.gitignore
index 5e3dc940..a644c865 100644
--- a/.gitignore
@ -146,7 +122,7 @@ index 00000000..41f37d20
+
+* Empty cells indicate that no tests were run.
diff --git a/usr/share/rear/conf/default.conf b/usr/share/rear/conf/default.conf
index b9f10e89..692e1874 100644
index 0f0d0675..56967132 100644
--- a/usr/share/rear/conf/default.conf
+++ b/usr/share/rear/conf/default.conf
@@ -1334,6 +1334,17 @@ LANG_RECOVER=C
@ -226,53 +202,98 @@ index 00000000..bc4811c4
+rear_shell "Has the restore been completed and are you ready to continue the recovery?"
diff --git a/usr/share/rear/verify/CDM/default/410_use_replica_cdm_cluster_cert.sh b/usr/share/rear/verify/CDM/default/410_use_replica_cdm_cluster_cert.sh
new file mode 100644
index 00000000..7f18f27a
index 00000000..518387e3
--- /dev/null
+++ b/usr/share/rear/verify/CDM/default/410_use_replica_cdm_cluster_cert.sh
@@ -0,0 +1,43 @@
@@ -0,0 +1,88 @@
+# 410_use_replica_cdm_cluster_cert.sh
+# If restoring from a replica Rubrik (CDM) cluster use it's cert for RBS.
+# If restoring from a replica Rubrik (CDM) cluster use its cert for RBS.
+
+LogPrint "If restoring from a replica Rubrik (CDM) cluster its cert will be downloaded and used for RBS"
+
+CDM_RBA_DIR=/etc/rubrik
+CDM_KEYS_DIR=${CDM_RBA_DIR}/keys
+
+# When USER_INPUT_CDM_REPLICA_CLUSTER has any 'true' value be liberal in what you accept and assume exactly 'y' was actually meant:
+LogPrint ""
+is_true "$USER_INPUT_CDM_REPLICA_CLUSTER" && USER_INPUT_CDM_REPLICA_CLUSTER="y"
+local prompt="Is the data being restored from the original CDM Cluster?"
+local input_value=""
+local wilful_input=""
+while true ; do
+ # Find out if the restore is being done from the original CDM cluster or a Replica
+ # the default (i.e. the automated response after the timeout) should be 'n':
+ answer="$( UserInput -I CDM_REPLICA_CLUSTER -p "Is the data being restored from the original CDM Cluster? (y/n)" -D 'y' -t 300 )"
+ is_true "$answer" && return 0
+ if is_false "$answer" ; then
+ # the default (i.e. the automated response after the timeout) should be 'no':
+ input_value="$( UserInput -I CDM_REPLICA_CLUSTER -p "$prompt" -D 'no' )" && wilful_input="yes" || wilful_input="no"
+ if is_false "$input_value" ; then
+ if is_true "$wilful_input" ; then
+ LogPrint "User confirmed the data is not being restored from the original CDM Cluster"
+ else
+ LogPrint "Assuming the data is not being restored from the original CDM Cluster"
+ fi
+ break
+ fi
+ UserOutput "Please answer 'y' or 'n'"
+done
+
+while true; do
+ CDM_CLUSTER_IP="$(UserInput -I USER_INPUT_CDM_CLUSTER_IP -r -t 0 -p "Enter one of the IP addresses for the replica CDM cluster: ")"
+ [[ -n "$CDM_CLUSTER_IP" ]] && break
+ PrintError "Please enter a non-empty CDM cluster IP."
+ if is_true "$input_value" ; then
+ LogPrint "User confirmed the data is being restored from the original CDM Cluster"
+ return 0
+ fi
+done
+
+LogPrint "Downloading cert from replica CDM cluster"
+# The name of the tar file that is being downloaded has changed in Rubrik CDM v5.1.
+# Before Rubrik CDM v5.1 it was rubrik-agent-sunos5.10.sparc.tar.gz
+# since Rubrik CDM v5.1 it is rubrik-agent-solaris.sparc.tar.gz
+# cf. https://github.com/rear/rear/issues/2441
+CDM_SUNOS_TAR=rubrik-agent-sunos5.10.sparc.tar.gz
+cd /tmp
+/usr/bin/curl $v -kLOJ https://${CDM_CLUSTER_IP}/connector/${CDM_SUNOS_TAR}
+StopIfError "Could not download https://${CDM_CLUSTER_IP}/connector/${CDM_SUNOS_TAR}"
+
+/usr/bin/tar $v -xzf $CDM_SUNOS_TAR
+StopIfError "Could not extract $CDM_SUNOS_TAR"
+
+CDM_CERT_FILE=$(find ./ -name "rubrik.crt")
+mv $v ${CDM_KEYS_DIR}/rubrik.crt ${CDM_KEYS_DIR}/rubrik.crt.orig
+cp $v $CDM_CERT_FILE $CDM_KEYS_DIR
+StopIfError "Could not copy replica CDM cluster certificate"
+
+/usr/bin/chmod $v 600 ${CDM_KEYS_DIR}/rubrik.crt
+
+
+LogPrint "Replica Rubrik (CDM) cluster certificate installed."
+CDM_SOLARIS_TAR=rubrik-agent-solaris.sparc.tar.gz
+pushd $TMPDIR
+while true ; do
+ prompt="Enter one of the IP addresses for the replica CDM cluster (or 'no' to cancel)"
+ CDM_CLUSTER_IP="$( UserInput -I CDM_CLUSTER_IP -r -t 0 -p "$prompt" )"
+ test $CDM_CLUSTER_IP || continue
+ if is_false "$CDM_CLUSTER_IP" ; then
+ LogPrint "User canceled downloading cert from replica CDM cluster (data restore may fail now)"
+ popd
+ return 0
+ fi
+ # When curl fails for all files continue with an empty CDM_TAR_FILE to denote that nothing was downloaded:
+ for CDM_TAR_FILE in $CDM_SOLARIS_TAR $CDM_SUNOS_TAR '' ; do
+ test $CDM_TAR_FILE || continue
+ curl $v -fskLOJ https://${CDM_CLUSTER_IP}/connector/${CDM_TAR_FILE} && break
+ done
+ if ! test -s "$CDM_TAR_FILE" ; then
+ LogPrintError "Could not download Rubrik agent from https://${CDM_CLUSTER_IP}/connector/${CDM_SOLARIS_TAR} or https://${CDM_CLUSTER_IP}/connector/${CDM_SUNOS_TAR}"
+ while true ; do
+ prompt="Enter URL to download Rubrik agent tar archive (or 'no' to cancel)"
+ CDM_AGENT_URL="$( UserInput -I CDM_AGENT_URL -r -t 0 -p "$prompt" )"
+ test $CDM_AGENT_URL || continue
+ if is_false "$CDM_AGENT_URL" ; then
+ LogPrint "User canceled downloading Rubrik agent (data restore may fail now)"
+ popd
+ return 0
+ fi
+ curl $v -fskLOJ $CDM_AGENT_URL && break
+ LogPrintError "Could not download Rubrik agent from $CDM_AGENT_URL"
+ done
+ CDM_TAR_FILE=$( basename "$CDM_AGENT_URL" )
+ fi
+ if ! tar $v -xzf $CDM_TAR_FILE ; then
+ LogPrintError "Could not extract Rubrik agent (failed to 'tar -xzf $CDM_TAR_FILE')"
+ continue
+ fi
+ CDM_CERT_FILE=$(find ./ -name "rubrik.crt")
+ mv $v ${CDM_KEYS_DIR}/rubrik.crt ${CDM_KEYS_DIR}/rubrik.crt.orig
+ if ! cp $v $CDM_CERT_FILE $CDM_KEYS_DIR ; then
+ LogPrintError "Could not copy replica CDM cluster certificate"
+ continue
+ fi
+ chmod $v 600 ${CDM_KEYS_DIR}/rubrik.crt
+ mv $v ${CDM_KEYS_DIR}/agent.crt ${CDM_KEYS_DIR}/agent.crt.orig
+ mv $v ${CDM_KEYS_DIR}/agent.pem ${CDM_KEYS_DIR}/agent.pem.orig
+ # TODO: Actually do something if /etc/rubrik/rba-keygen.sh failed.
+ # Is /etc/rubrik/rba-keygen.sh perhaps only optional?
+ # cf. https://github.com/rear/rear/pull/2445#discussion_r448217873
+ /etc/rubrik/rba-keygen.sh || LogPrintError "/etc/rubrik/rba-keygen.sh failed (data restore may also fail)"
+ break
+done
+popd
+LogPrint "Replica Rubrik (CDM) cluster certificate installed"
diff --git a/usr/share/rear/verify/CDM/default/430_gen_rbs_uuid_for_cdm.sh b/usr/share/rear/verify/CDM/default/430_gen_rbs_uuid_for_cdm.sh
new file mode 100644
index 00000000..5e99b79c
@ -331,6 +352,3 @@ index 00000000..571da1da
+StopIfError "Unable to start RBS Agent service"
+
+LogPrint "Rubrik (CDM) RBS agent started."
--
2.25.4

View File

@ -0,0 +1,248 @@
diff -up rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh.orig rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh
--- rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh.orig 2018-06-21 10:40:53.000000000 +0200
+++ rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh 2020-11-25 09:21:55.186716041 +0100
@@ -1,35 +1,74 @@
# Code to recreate LUKS volumes.
create_crypt() {
+ # See the create_device() function in lib/layout-functions.sh what "device type" means:
+ local device_type="$1"
+ if ! grep -q "^crypt $device_type " "$LAYOUT_FILE" ; then
+ LogPrintError "Skip recreating LUKS volume $device_type (no 'crypt $device_type' entry in $LAYOUT_FILE)"
+ # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh:
+ return 1
+ fi
+
local crypt target_device source_device options
- read crypt target_device source_device options < <(grep "^crypt $1 " "$LAYOUT_FILE")
+ local mapping_name option key value
+ local cryptsetup_options="" keyfile="" password=""
- local target_name=${target_device#/dev/mapper/}
+ read crypt target_device source_device options < <( grep "^crypt $device_type " "$LAYOUT_FILE" )
+
+ # Careful! One cannot 'test -b $source_device' here at the time when this code is run
+ # because the source device is usually a disk partition block device like /dev/sda2
+ # but disk partition block devices usually do not yet exist (in particular not on a new clean disk)
+ # because partitions are actually created later when the diskrestore.sh script is run
+ # but not here when this code is run which only generates the diskrestore.sh script:
+ if ! test $source_device ; then
+ LogPrintError "Skip recreating LUKS volume $device_type: No source device (see the 'crypt $device_type' entry in $LAYOUT_FILE)"
+ # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh:
+ return 1
+ fi
+
+ mapping_name=${target_device#/dev/mapper/}
+ if ! test $mapping_name ; then
+ LogPrintError "Skip recreating LUKS volume $device_type on $source_device: No /dev/mapper/... mapping name (see the 'crypt $device_type' entry in $LAYOUT_FILE)"
+ # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh:
+ return 1
+ fi
- local cryptsetup_options="" keyfile="" password=""
- local option key value
for option in $options ; do
- key=${option%=*}
+ # $option is of the form keyword=value and
+ # we assume keyword has no '=' character but value could be anything that may have a '=' character
+ # so we split keyword=value at the leftmost '=' character so that
+ # e.g. keyword=foo=bar gets split into key="keyword" and value="foo=bar":
+ key=${option%%=*}
value=${option#*=}
-
+ # The "cryptseup luksFormat" command does not require any of the type, cipher, key-size, hash, uuid option values
+ # because if omitted a cryptseup default value is used so we treat those values as optional.
+ # Using plain test to ensure the value is a single non empty and non blank word
+ # without quoting because test " " would return zero exit code
+ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style
case "$key" in
- cipher)
- cryptsetup_options+=" --cipher $value"
+ (type)
+ test $value && cryptsetup_options+=" --type $value"
+ ;;
+ (cipher)
+ test $value && cryptsetup_options+=" --cipher $value"
;;
- key_size)
- cryptsetup_options+=" --key-size $value"
+ (key_size)
+ test $value && cryptsetup_options+=" --key-size $value"
;;
- hash)
- cryptsetup_options+=" --hash $value"
+ (hash)
+ test $value && cryptsetup_options+=" --hash $value"
;;
- uuid)
- cryptsetup_options+=" --uuid $value"
+ (uuid)
+ test $value && cryptsetup_options+=" --uuid $value"
;;
- keyfile)
- keyfile=$value
+ (keyfile)
+ test $value && keyfile=$value
;;
- password)
- password=$value
+ (password)
+ test $value && password=$value
+ ;;
+ (*)
+ LogPrintError "Skipping unsupported LUKS cryptsetup option '$key' in 'crypt $target_device $source_device' entry in $LAYOUT_FILE"
;;
esac
done
@@ -37,26 +76,25 @@ create_crypt() {
cryptsetup_options+=" $LUKS_CRYPTSETUP_OPTIONS"
(
- echo "Log \"Creating LUKS device $target_name on $source_device\""
+ echo "LogPrint \"Creating LUKS volume $mapping_name on $source_device\""
if [ -n "$keyfile" ] ; then
# Assign a temporary keyfile at this stage so that original keyfiles do not leak onto the rescue medium.
# The original keyfile will be restored from the backup and then re-assigned to the LUKS device in the
# 'finalize' stage.
# The scheme for generating a temporary keyfile path must be the same here and in the 'finalize' stage.
- keyfile="${TMPDIR:-/tmp}/LUKS-keyfile-$target_name"
+ keyfile="$TMP_DIR/LUKS-keyfile-$mapping_name"
dd bs=512 count=4 if=/dev/urandom of="$keyfile"
chmod u=rw,go=- "$keyfile"
-
echo "cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device $keyfile"
- echo "cryptsetup luksOpen --key-file $keyfile $source_device $target_name"
+ echo "cryptsetup luksOpen --key-file $keyfile $source_device $mapping_name"
elif [ -n "$password" ] ; then
echo "echo \"$password\" | cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device"
- echo "echo \"$password\" | cryptsetup luksOpen $source_device $target_name"
+ echo "echo \"$password\" | cryptsetup luksOpen $source_device $mapping_name"
else
- echo "LogPrint \"Please enter the password for LUKS device $target_name ($source_device):\""
+ echo "LogUserOutput \"Set the password for LUKS volume $mapping_name (for 'cryptsetup luksFormat' on $source_device):\""
echo "cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device"
- echo "LogPrint \"Please re-enter the password for LUKS device $target_name ($source_device):\""
- echo "cryptsetup luksOpen $source_device $target_name"
+ echo "LogUserOutput \"Enter the password for LUKS volume $mapping_name (for 'cryptsetup luksOpen' on $source_device):\""
+ echo "cryptsetup luksOpen $source_device $mapping_name"
fi
echo ""
) >> "$LAYOUT_CODE"
diff -up rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh.orig rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh
--- rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh.orig 2018-06-21 10:40:53.000000000 +0200
+++ rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh 2020-11-25 09:19:31.406669210 +0100
@@ -9,6 +9,8 @@ Log "Saving Encrypted volumes."
REQUIRED_PROGS=( "${REQUIRED_PROGS[@]}" cryptsetup dmsetup )
COPY_AS_IS=( "${COPY_AS_IS[@]}" /usr/share/cracklib/\* /etc/security/pwquality.conf )
+local invalid_cryptsetup_option_value="no"
+
while read target_name junk ; do
# find the target device we're mapping
if ! [ -e /dev/mapper/$target_name ] ; then
@@ -30,17 +32,96 @@ while read target_name junk ; do
source_device="$(get_device_name ${slave##*/})"
done
- if ! cryptsetup isLuks $source_device >/dev/null 2>&1; then
+ if ! blkid -p -o export $source_device >$TMP_DIR/blkid.output ; then
+ LogPrintError "Error: Cannot get attributes for $target_name ('blkid -p -o export $source_device' failed)"
+ continue
+ fi
+
+ if ! grep -q "TYPE=crypto_LUKS" $TMP_DIR/blkid.output ; then
+ Log "Skipping $target_name (no 'TYPE=crypto_LUKS' in 'blkid -p -o export $source_device' output)"
+ continue
+ fi
+
+ # Detect LUKS version:
+ # Remove all non-digits in particular to avoid leading or trailing spaces in the version string
+ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style
+ # that could happen if the blkid output contains "VERSION = 2" so that 'cut -d= -f2' results " 2".
+ version=$( grep "VERSION" $TMP_DIR/blkid.output | cut -d= -f2 | tr -c -d '[:digit:]' )
+ if ! test "$version" = "1" -o "$version" = "2" ; then
+ LogPrintError "Error: Unsupported LUKS version for $target_name ('blkid -p -o export $source_device' shows 'VERSION=$version')"
+ continue
+ fi
+ luks_type=luks$version
+
+ # Gather crypt information:
+ if ! cryptsetup luksDump $source_device >$TMP_DIR/cryptsetup.luksDump ; then
+ LogPrintError "Error: Cannot get LUKS$version values for $target_name ('cryptsetup luksDump $source_device' failed)"
continue
fi
+ uuid=$( grep "UUID" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
+ keyfile_option=$( [ -f /etc/crypttab ] && awk '$1 == "'"$target_name"'" && $3 != "none" && $3 != "-" && $3 != "" { print "keyfile=" $3; }' /etc/crypttab )
+ if test $luks_type = "luks1" ; then
+ cipher_name=$( grep "Cipher name" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
+ cipher_mode=$( grep "Cipher mode" $TMP_DIR/cryptsetup.luksDump | cut -d: -f2- | awk '{printf("%s",$1)};' )
+ cipher=$cipher_name-$cipher_mode
+ key_size=$( grep "MK bits" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
+ hash=$( grep "Hash spec" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
+ elif test $luks_type = "luks2" ; then
+ cipher=$( grep "cipher:" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
+ # More than one keyslot may be defined - use key_size from the first slot.
+ # Depending on the version the "cryptsetup luksDump" command outputs the key_size value
+ # as a line like
+ # Key: 512 bits
+ # and/or as a line like
+ # Cipher key: 512 bits
+ # cf. https://github.com/rear/rear/pull/2504#issuecomment-718729198 and subsequent comments
+ # so we grep for both lines but use only the first match from the first slot:
+ key_size=$( egrep -m 1 "Key:|Cipher key:" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+) bits$/\1/' )
+ hash=$( grep "Hash" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
+ fi
- # gather crypt information
- cipher=$(cryptsetup luksDump $source_device | grep "Cipher name" | sed -r 's/^.+:\s*(.+)$/\1/')
- mode=$(cryptsetup luksDump $source_device | grep "Cipher mode" | cut -d: -f2- | awk '{printf("%s",$1)};')
- key_size=$(cryptsetup luksDump $source_device | grep "MK bits" | sed -r 's/^.+:\s*(.+)$/\1/')
- hash=$(cryptsetup luksDump $source_device | grep "Hash spec" | sed -r 's/^.+:\s*(.+)$/\1/')
- uuid=$(cryptsetup luksDump $source_device | grep "UUID" | sed -r 's/^.+:\s*(.+)$/\1/')
- keyfile_option=$([ -f /etc/crypttab ] && awk '$1 == "'"$target_name"'" && $3 != "none" && $3 != "-" { print "keyfile=" $3; }' /etc/crypttab)
+ # Basic checks that the cipher key_size hash uuid values exist
+ # cf. https://github.com/rear/rear/pull/2504#issuecomment-718729198
+ # because some values are needed during "rear recover"
+ # to set cryptsetup options in layout/prepare/GNU/Linux/160_include_luks_code.sh
+ # and it seems cryptsetup fails when options with empty values are specified
+ # cf. https://github.com/rear/rear/pull/2504#issuecomment-719479724
+ # For example a LUKS1 crypt entry in disklayout.conf looks like
+ # crypt /dev/mapper/luks1test /dev/sda7 type=luks1 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=1b4198c9-d9b0-4c57-b9a3-3433e391e706
+ # and a LUKS1 crypt entry in disklayout.conf looks like
+ # crypt /dev/mapper/luks2test /dev/sda8 type=luks2 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=3e874a28-7415-4f8c-9757-b3f28a96c4d2
+ # Only the keyfile_option value is optional and the luks_type value is already tested above.
+ # Using plain test to ensure a value is a single non empty and non blank word
+ # without quoting because test " " would return zero exit code
+ # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style
+ # Do not error out instantly here but only report errors here so the user can see all messages
+ # and actually error out at the end of this script if there was one actually invalid value:
+ if ! test $cipher ; then
+ LogPrint "No 'cipher' value for LUKS$version volume $target_name in $source_device"
+ fi
+ if test $key_size ; then
+ if ! is_positive_integer $key_size ; then
+ LogPrintError "Error: 'key_size=$key_size' is no positive integer for LUKS$version volume $target_name in $source_device"
+ invalid_cryptsetup_option_value="yes"
+ fi
+ else
+ LogPrint "No 'key_size' value for LUKS$version volume $target_name in $source_device"
+ fi
+ if ! test $hash ; then
+ LogPrint "No 'hash' value for LUKS$version volume $target_name in $source_device"
+ fi
+ if ! test $uuid ; then
+ # Report a missig uuid value as an error to have the user informed
+ # but do not error out here because things can be fixed manually during "rear recover"
+ # cf. https://github.com/rear/rear/pull/2506#issuecomment-721757810
+ # and https://github.com/rear/rear/pull/2506#issuecomment-722315498
+ # and https://github.com/rear/rear/issues/2509
+ LogPrintError "Error: No 'uuid' value for LUKS$version volume $target_name in $source_device (mounting it or booting the recreated system may fail)"
+ fi
+
+ echo "crypt /dev/mapper/$target_name $source_device type=$luks_type cipher=$cipher key_size=$key_size hash=$hash uuid=$uuid $keyfile_option" >> $DISKLAYOUT_FILE
- echo "crypt /dev/mapper/$target_name $source_device cipher=$cipher-$mode key_size=$key_size hash=$hash uuid=$uuid $keyfile_option" >> $DISKLAYOUT_FILE
done < <( dmsetup ls --target crypt )
+
+# Let this script return successfully when invalid_cryptsetup_option_value is not true:
+is_true $invalid_cryptsetup_option_value && Error "Invalid or empty LUKS cryptsetup option value(s) in $DISKLAYOUT_FILE" || true

View File

@ -0,0 +1,14 @@
diff -up rear-2.4/usr/share/rear/conf/default.conf.orig rear-2.4/usr/share/rear/conf/default.conf
--- rear-2.4/usr/share/rear/conf/default.conf.orig 2020-12-02 10:12:49.617305887 +0100
+++ rear-2.4/usr/share/rear/conf/default.conf 2020-12-02 10:12:49.628306023 +0100
@@ -592,8 +592,8 @@ ISO_MAX_SIZE=
# ebiso (https://github.com/gozora/ebiso/) can be used as alternative
# for mkisofs/genisoimage on UEFI bootable systems
# to use ebiso, specify ISO_MKISOFS_BIN=<full_path_to_ebiso>/ebiso
-# in /etc/rear/local.conf or /etc/rear/site.conv
-# xorisofs is now used as the preferred method for generating the iso image
+# in /etc/rear/local.conf or /etc/rear/site.conf
+# xorrisofs is now used as the preferred method for generating the iso image
# with mkisofs and genisoimage as second and third option
ISO_MKISOFS_BIN="$( type -p xorrisofs || type -p mkisofs || type -p genisoimage )"

View File

@ -0,0 +1,38 @@
diff --git a/usr/share/rear/conf/default.conf b/usr/share/rear/conf/default.conf
index 264f2217..313f4118 100644
--- a/usr/share/rear/conf/default.conf
+++ b/usr/share/rear/conf/default.conf
@@ -1489,7 +1489,7 @@ OBDR_BLOCKSIZE=2048
# BACKUP=NBU stuff (Symantec/Veritas NetBackup)
##
#
-COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt )
+COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt /opt/VRTSpbx /etc/vx/VxICS /etc/vx/vrtslog.conf )
COPY_AS_IS_EXCLUDE_NBU=( "/usr/openv/netbackup/logs/*" "/usr/openv/netbackup/bin/bpjava*" /usr/openv/netbackup/bin/xbp /usr/openv/netbackup/bin/private /usr/openv/lib/java /usr/openv/lib/shared/vddk /usr/openv/netbackup/baremetal )
NBU_LD_LIBRARY_PATH="/usr/openv/lib:/usr/openv/netbackup/sec/at/lib/"
PROGS_NBU=( )
diff --git a/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh b/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh
index cd48b8d9..ae5a3ccc 100644
--- a/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh
+++ b/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh
@@ -7,6 +7,12 @@
[[ $NBU_version -lt 7 ]] && return # NBU is using xinetd when version <7.x
+if [ -e "/etc/init.d/vxpbx_exchanged" ]; then
+ cp $v /etc/init.d/vxpbx_exchanged $ROOTFS_DIR/etc/scripts/system-setup.d/vxpbx_exchanged.real
+ chmod $v +x $ROOTFS_DIR/etc/scripts/system-setup.d/vxpbx_exchanged.real
+ echo "( /etc/scripts/system-setup.d/vxpbx_exchanged.real start )" > $ROOTFS_DIR/etc/scripts/system-setup.d/89-vxpbx_exchanged.sh
+fi
+
if [ -e "/etc/init.d/netbackup" ]; then
cp $v /etc/init.d/netbackup $ROOTFS_DIR/etc/scripts/system-setup.d/netbackup.real
chmod $v +x $ROOTFS_DIR/etc/scripts/system-setup.d/netbackup.real
diff --git a/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore b/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore
new file mode 100644
index 00000000..d6b7ef32
--- /dev/null
+++ b/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore

View File

@ -3,7 +3,7 @@
Summary: Relax-and-Recover is a Linux disaster recovery and system migration tool
Name: rear
Version: 2.4
Release: 16%{?dist}
Release: 18%{?dist}
License: GPLv3
Group: Applications/File
URL: http://relax-and-recover.org/
@ -32,6 +32,9 @@ Patch24: rear-bz1737042.patch
Patch25: rear-bz1743303-rubrik.patch
Patch26: rear-bz1729502-ppc64-iso-level.patch
Patch27: rear-bz1843809-skip-longhorn.patch
Patch28: rear-bz1882060.patch
Patch29: rear-bz1832394.patch
Patch30: rear-sfdc02772301.patch
ExcludeArch: s390x
ExcludeArch: s390
@ -140,8 +143,11 @@ fi
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
echo "30 1 * * * root /usr/sbin/rear checklayout || /usr/sbin/rear mkrescue" >rear.cron
echo "30 1 * * * root test -f /var/lib/rear/layout/disklayout.conf && /usr/sbin/rear checklayout || /usr/sbin/rear mkrescue" >rear.cron
### Add a specific os.conf so we do not depend on LSB dependencies
%{?fedora:echo -e "OS_VENDOR=Fedora\nOS_VERSION=%{?fedora}" >etc/rear/os.conf}
@ -173,6 +179,22 @@ TZ=UTC %{__make} -C doc
%{_sbindir}/rear
%changelog
* Mon Jan 11 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4-18
- Fix typo in default.conf
Resolves: #1882060
- Modify the cron command to avoid an e-mail with error message after
ReaR is installed but not properly configured when the cron command
is triggered for the first time
Resolves: #1729499
- Backport upstream code related to LUKS2 support
Resolves: #1832394
- Changes for NetBackup (NBU) support, upstream PR2544
Resolves: #1898080
* Mon Aug 10 2020 Pavel Cahyna <pcahyna@redhat.com> - 2.4-17
- Update the Rubrik patch to include complete PR2445
Resolves: rhbz1867696
* Thu Jun 04 2020 Václav Doležal <vdolezal@redhat.com> - 2.4-16
- Apply upstream PR2373: Skip Longhorn Engine replica devices
Resolves: rhbz1843809