|
19 | 19 |
|
20 | 20 | # Path to the recovery tarball |
21 | 21 | Pattern[/.*\.tar\.gz$/] $input_file, |
| 22 | + |
| 23 | + # Console password for restored system |
| 24 | + Optional[String] $console_password = undef, |
22 | 25 | ) { |
23 | 26 | peadm::assert_supported_bolt_version() |
24 | 27 |
|
|
194 | 197 | # Restore secrets/keys.json if it exists |
195 | 198 | out::message('# Restoring ldap secret key if it exists') |
196 | 199 | run_command(@("CMD"/L), $primary_target) |
197 | | - test -f ${shellquote($recovery_directory)}/rbac/keys.json \ |
198 | | - && cp -rp ${shellquote($recovery_directory)}/keys.json /etc/puppetlabs/console-services/conf.d/secrets/ \ |
| 200 | + test -f ${shellquote($recovery_directory)}/rbac/secrets/keys.json \ |
| 201 | + && cp -rp ${shellquote($recovery_directory)}/rbac/secrets/keys.json /etc/puppetlabs/console-services/conf.d/secrets/ \ |
199 | 202 | || echo secret ldap key doesnt exist |
200 | 203 | | CMD |
201 | 204 | # lint:ignore:140chars |
|
296 | 299 | # TODO: consider adding a heuristic to skip when innappropriate due to size |
297 | 300 | # or other factors. |
298 | 301 | if getvar('recovery_opts.puppetdb') and $restore_type == 'migration' { |
| 302 | + # ensure there is a valid token on the new primary host |
| 303 | + run_task('peadm::rbac_token', $primary_target, |
| 304 | + password => $console_password, |
| 305 | + token_lifetime => '1y', |
| 306 | + ) |
299 | 307 | run_command(@("CMD"/L), $primary_target) |
300 | 308 | /opt/puppetlabs/bin/puppet-db import \ |
301 | 309 | --cert=$(/opt/puppetlabs/bin/puppet config print hostcert) \ |
|
0 commit comments