Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

skip TLS verify for restic #2335

Closed
macevil opened this issue Mar 9, 2020 · 2 comments
Closed

skip TLS verify for restic #2335

macevil opened this issue Mar 9, 2020 · 2 comments
Labels
Enhancement/User End-User Enhancement to Velero Restic Relates to the restic integration

Comments

@macevil
Copy link

macevil commented Mar 9, 2020

What steps did you take and what happened:
I want to make a backup of my cluster with velero and restic. with velero i can skip the certificate check for access the S3 Bucket. But restic throw me a validation error:

Command
velero install --use-restic --provider aws --bucket velero-2c2fe3cc --secret-file ./credentials-velero --use-volume-snapshots=false --backup-location-config region=default,s3ForcePathStyle="true",s3Url=https://os-s3.domain.de,insecureSkipTLSVerify=true --plugins velero/velero-plugin-for-aws:v1.0.1 --image velero/velero:v1.3.0

Error
error="restic repository is not ready: error running command=restic init --repo=s3:https://os-s3.domain.de/velero-2c2fe3cc/restic/default --password-file=/tmp/velero-restic-credentials-default157019853 --cache-dir=/scratch/.cache/restic, stdout=, stderr=Fatal: create repository at s3:https://os-s3.domain.de/velero-2c2fe3cc/restic/default failed: client.BucketExists: Get https://os-s3.domain.de/velero-2c2fe3cc/?location=: x509: certificate signed by unknown authority

What did you expect to happen:
I would like to be able to configure restic insecureSkipTLSVerify during the velero installation.

The output of the following commands will help us better understand what's going on:

  • velero backup logs pg-backup
time="2020-03-09T18:07:16Z" level=info msg="Setting up backup temp file" backup=velero/pg-backup logSource="pkg/controller/backup_controller.go:494"
time="2020-03-09T18:07:16Z" level=info msg="Setting up plugin manager" backup=velero/pg-backup logSource="pkg/controller/backup_controller.go:501"
time="2020-03-09T18:07:16Z" level=info msg="Getting backup item actions" backup=velero/pg-backup logSource="pkg/controller/backup_controller.go:505"
time="2020-03-09T18:07:16Z" level=info msg="Setting up backup store" backup=velero/pg-backup logSource="pkg/controller/backup_controller.go:511"
time="2020-03-09T18:07:16Z" level=info msg="Writing backup version file" backup=velero/pg-backup logSource="pkg/backup/backup.go:213"
time="2020-03-09T18:07:16Z" level=info msg="Including namespaces: default" backup=velero/pg-backup logSource="pkg/backup/backup.go:219"
time="2020-03-09T18:07:16Z" level=info msg="Excluding namespaces: <none>" backup=velero/pg-backup logSource="pkg/backup/backup.go:220"
time="2020-03-09T18:07:16Z" level=info msg="Including resources: *" backup=velero/pg-backup logSource="pkg/backup/backup.go:223"
time="2020-03-09T18:07:16Z" level=info msg="Excluding resources: <none>" backup=velero/pg-backup logSource="pkg/backup/backup.go:224"
time="2020-03-09T18:07:31Z" level=info msg="Backing up group" backup=velero/pg-backup group=v1 logSource="pkg/backup/group_backupper.go:101"
time="2020-03-09T18:07:31Z" level=info msg="Backing up resource" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:105" resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Listing items" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:226" namespace=default resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Retrieved 2 items" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:240" namespace=default resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Backing up item" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:169" name=debianbaseimage-6dcb9b4b69-lfsxs namespace=default resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Executing custom action" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:330" name=debianbaseimage-6dcb9b4b69-lfsxs namespace=default resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Executing podAction" backup=velero/pg-backup cmd=/velero logSource="pkg/backup/pod_action.go:51" pluginName=velero
time="2020-03-09T18:07:31Z" level=info msg="Done executing podAction" backup=velero/pg-backup cmd=/velero logSource="pkg/backup/pod_action.go:77" pluginName=velero
time="2020-03-09T18:07:31Z" level=info msg="Backing up item" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:169" name=postgres-b7955c8f9-d96bs namespace=default resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Executing custom action" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:330" name=postgres-b7955c8f9-d96bs namespace=default resource=pods
time="2020-03-09T18:07:31Z" level=info msg="Executing podAction" backup=velero/pg-backup cmd=/velero logSource="pkg/backup/pod_action.go:51" pluginName=velero
time="2020-03-09T18:07:31Z" level=info msg="Adding pvc postgres-pv-claim to additionalItems" backup=velero/pg-backup cmd=/velero logSource="pkg/backup/pod_action.go:67" pluginName=velero
time="2020-03-09T18:07:31Z" level=info msg="Done executing podAction" backup=velero/pg-backup cmd=/velero logSource="pkg/backup/pod_action.go:77" pluginName=velero
time="2020-03-09T18:07:31Z" level=info msg="Backing up item" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:169" name=postgres-pv-claim namespace=default resource=persistentvolumeclaims
time="2020-03-09T18:07:31Z" level=info msg="Executing custom action" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:330" name=postgres-pv-claim namespace=default resource=persistentvolumeclaims
time="2020-03-09T18:07:31Z" level=info msg="Executing PVCAction" backup=velero/pg-backup cmd=/velero logSource="pkg/backup/backup_pv_action.go:49" pluginName=velero
time="2020-03-09T18:07:31Z" level=info msg="Backing up item" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:169" name=postgres-pv-volume namespace= resource=persistentvolumes
time="2020-03-09T18:07:31Z" level=info msg="Executing takePVSnapshot" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:400" name=postgres-pv-volume namespace= resource=persistentvolumes
time="2020-03-09T18:07:31Z" level=info msg="label \"topology.kubernetes.io/zone\" is not present on PersistentVolume, checking deprecated label..." backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:427" name=postgres-pv-volume namespace= persistentVolume=postgres-pv-volume resource=persistentvolumes
time="2020-03-09T18:07:31Z" level=info msg="label \"failure-domain.beta.kubernetes.io/zone\" is not present on PersistentVolume" backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:430" name=postgres-pv-volume namespace= persistentVolume=postgres-pv-volume resource=persistentvolumes
time="2020-03-09T18:07:31Z" level=info msg="Persistent volume is not a supported volume type for snapshots, skipping." backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:464" name=postgres-pv-volume namespace= persistentVolume=postgres-pv-volume resource=persistentvolumes
time="2020-03-09T18:07:32Z" level=info msg="1 errors encountered backup up item" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:283" name=postgres-b7955c8f9-d96bs namespace=default resource=pods
time="2020-03-09T18:07:32Z" level=error msg="Error backing up item" backup=velero/pg-backup error="restic repository is not ready: error running command=restic init --repo=s3:https://os-s3.domain.de/velero-2c2fe3cc/restic/default --password-file=/tmp/velero-restic-credentials-default157019853 --cache-dir=/scratch/.cache/restic, stdout=, stderr=Fatal: create repository at s3:https://os-s3.domain.de/velero-2c2fe3cc/restic/default failed: client.BucketExists: Get https://os-s3.domain.de/velero-2c2fe3cc/?location=: x509: certificate signed by unknown authority\n\n: exit status 1" error.file="/go/src/github.com/vmware-tanzu/velero/pkg/restic/repository_ensurer.go:186" error.function="github.com/vmware-tanzu/velero/pkg/restic.(*repositoryEnsurer).EnsureRepo" group=v1 logSource="pkg/backup/resource_backupper.go:287" name=postgres-b7955c8f9-d96bs namespace=default resource=pods
time="2020-03-09T18:07:32Z" level=info msg="Backing up resource" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:105" resource=persistentvolumeclaims
time="2020-03-09T18:07:32Z" level=info msg="Listing items" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:226" namespace=default resource=persistentvolumeclaims
time="2020-03-09T18:07:32Z" level=info msg="Retrieved 1 items" backup=velero/pg-backup group=v1 logSource="pkg/backup/resource_backupper.go:240" namespace=default resource=persistentvolumeclaims
time="2020-03-09T18:07:32Z" level=info msg="Skipping item because it's already been backed up." backup=velero/pg-backup group=v1 logSource="pkg/backup/item_backupper.go:163" name=postgres-pv-claim namespace=default resource=persistentvolumeclaims

Environment:

  • Velero version (use velero version):
Client:
        Version: v1.3.0
        Git commit: 8fec8ed7fb8b4776b191753497eafeb47f2f9136
Server:
        Version: v1.3.0
  • Velero features (use velero client config get features): features: <NOT SET>
  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:16:51Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.5", GitCommit:"20c265fef0741dd71a66480e35bd69f18351daea", GitTreeState:"clean", BuildDate:"2019-10-15T19:07:57Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}
  • Kubernetes installer & version: k8s 1.15.5
  • Cloud provider or hardware configuration: PKS 1.6.1-build.6
  • OS (e.g. from /etc/os-release):
@skriss skriss added Enhancement/User End-User Enhancement to Velero Restic Relates to the restic integration labels Mar 12, 2020
@skriss
Copy link
Member

skriss commented Apr 9, 2020

hey @macevil, it doesn't look like restic itself supports this option, so you'd need to file an enhancement request or PR in that repo to get that implemented before Velero could make use of it.

Alternately, we have recently merged #2353, which will allow you to use a custom CA bundle with Velero. That does flow through to restic.

I'm going to close this issue out for now as it's not actionable for Velero, but feel free to reach out again as needed.

@skriss skriss closed this as completed Apr 9, 2020
@dbrekau
Copy link
Contributor

dbrekau commented Oct 21, 2021

Hey @skriss Hey @macevil

Wanted to let you know that in the meantime there was a PR which provides the named option in restic.

@ricsanfre ricsanfre mentioned this issue Dec 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement/User End-User Enhancement to Velero Restic Relates to the restic integration
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skriss @macevil @dbrekau