[00:07:30] <mutante>	 bstorm: back now
[00:08:21] <bstorm>	 👋🏻
[00:08:23] <bstorm>	 Hey!
[00:08:24] <mutante>	 bstorm: if you restore to the same place the files came from there should be no issue with keys
[00:08:34] <bstorm>	 Yes, but that place is not a working server anymore
[00:08:41] <mutante>	 i see. uhm
[00:08:49] <bstorm>	 I cannot figure out if it just fried or if DCops actually threw it out :)
[00:08:51] <bstorm>	 I think the former
[00:09:23] <bstorm>	 I didn't want to try that process of stopping puppet and screwing with the config on my own when nobody else was around
[00:10:15] <mutante>	 https://wikitech.wikimedia.org/wiki/Bacula#Restore_from_a_non-existent_host_(missing_private_key)  is what you were looking at, right 
[00:10:32] <bstorm>	 I want to restore the contexts of /var/lib/grafana from cloudmetrics1002 (dead) to anywhere on the filesystem BUT /var/lib/grafana on cloudmetrics1001, basically
[00:10:34] <bstorm>	 Yep
[00:10:44] <bstorm>	 I know I need to create a config
[00:10:50] <bstorm>	 I haven't attempted that yet. 
[00:11:01] <bstorm>	 I didn't want to risk the main backup server while everyone was on the weekend :)
[00:11:13] <bstorm>	 again at least not alone
[00:11:44] <bstorm>	 I'm not sure about how the retention works, but it looks like 30 days, which means I'm down to the last minute to restore this lol
[00:11:59] <bstorm>	 I just noticed today how badly we are missing lots of work on grafana-labs
[00:12:08] <mutante>	 ok.. so.. I haven't exactly done that procedure but we can through it together
[00:12:09] <bstorm>	 after our server failure
[00:12:14] <bstorm>	 Ok :)
[00:12:22] <mutante>	 at least there is no writign involved on the backup server
[00:12:23] <bstorm>	 Doing it together sounds better than doing it alone at least
[00:12:24] <mutante>	 just where you restore
[00:12:30] <bd808>	 would a quick 'fix' be to somehow bump the retention for that backup to give more time for piddling?
[00:12:37] <bstorm>	 nope, you have to create a config file on the backup server
[00:13:09] <bstorm>	 mutante: I'll have to create a file by hand on /etc/bacula/clients.d 
[00:13:16] <bstorm>	 The client is missing
[00:13:39] <bstorm>	 So it won't work, keys be damned, until I copy a file there
[00:13:51] <bstorm>	 The docs don't seem very clear on this, but having tried to restore, I'm sure it needs that
[00:14:08] <bstorm>	 And I think puppet will remove it so I have to stop puppet on backup1001
[00:14:18] <bstorm>	 You see why I was nervous? :)
[00:14:23] <mutante>	 yea, I see that. first step is to check if that client config is already gone
[00:14:30] <bstorm>	 done
[00:14:42] <bstorm>	 https://www.irccloud.com/pastebin/fvOVHRqk/
[00:14:51] <mutante>	 I disabled puppet on backup1001
[00:14:55] <bstorm>	 I can copy cloudmetrics1001's file
[00:15:03] <bstorm>	 Ok, creating a file then
[00:16:00] <bstorm>	 Ok, the client file now exists
[00:16:12] <bstorm>	 I copied it and simply changed the hostname
[00:16:17] <mutante>	 ACK, "modify the name/host of the client to match the job to be restored."
[00:16:55] <bstorm>	 So now we need to restart a bacula daemon to pick up the config?
[00:17:09] <mutante>	 the client file looks good to me
[00:17:20] <bstorm>	 "Then reload the bacula-dir daemon"
[00:17:31] <mutante>	 I can do that
[00:17:37] <bstorm>	 thank you :)
[00:17:51] <mutante>	 that failed
[00:17:54] <mutante>	 logs
[00:18:22] <bstorm>	 permission denied?
[00:18:25] <bstorm>	 I'll check my file perms
[00:18:41] <bstorm>	 root:bacula is needed
[00:18:45] <bstorm>	 It was created as root:root
[00:18:47] <bstorm>	 fixing it fast
[00:19:09] <bstorm>	 ok restart again mutante?
[00:19:16] <bstorm>	 Should be better now :(
[00:19:17] <bstorm>	 sorry
[00:19:19] <mutante>	 done, looks much better
[00:19:23] <bstorm>	 great
[00:19:30] <mutante>	 let's add this to the docs..once we are done 
[00:19:45] <bstorm>	 👍🏻
[00:19:53] <mutante>	 ok, I see some warnings about removed hosts but seems normal
[00:19:56] <mutante>	 it's running
[00:19:59] <bstorm>	 That would really upset someone at 3am when things are on fire
[00:20:11] <bstorm>	 ok great
[00:20:34] <mutante>	 do you want to copy the key from puppetmaster or should I
[00:20:39] <mutante>	 needs to be pasted to where you restore
[00:20:41] <bstorm>	 Go right ahead :)
[00:20:44] <mutante>	 ok
[00:20:54] <bstorm>	 cloudmetrics1001 is the destination
[00:21:10] <bstorm>	 I just need to make sure it is not restore over the existing files, and I'll be thrilled
[00:21:28] <bstorm>	 cloudmetrics1001.eqiad.wmnet to be more specific
[00:22:43] <mutante>	 interestingly one of the 2 files can be read without root but not the other.. on it
[00:23:05] <mutante>	 ah, well makes sense
[00:23:08] <bstorm>	 Great, thank you
[00:23:23] <bstorm>	 Yeah, as long as the one that can be read is the public key :)
[00:24:21] <bstorm>	 so we have to stop "bacula-fd"?
[00:24:30] <mutante>	 ok, we have a temp-restore.pem there
[00:24:35] <mutante>	 now stopping service
[00:24:38] <mutante>	 puppet first
[00:24:44] <bstorm>	 Ok, and this is on the client?
[00:24:52] <mutante>	 root@cloudmetrics1001:/root# puppet agent --disable
[00:25:02] <bstorm>	 got it
[00:25:34] <mutante>	 root@cloudmetrics1001:/root# systemctl stop bacula-fd
[00:25:43] <mutante>	 vi /etc/bacula/bacula-fd.conf
[00:26:02] <bstorm>	 ok, and then the restore should be doable, when that's done and back running, if I'm reading this right
[00:26:02] * mutante points config to temp key in /root
[00:26:10] <bstorm>	 👍🏻
[00:26:43] <mutante>	 looking for "PKI Keypair" not the other lines..
[00:27:20] <mutante>	 .I need to move thiss from root to /etc/bacula 
[00:27:30] <bstorm>	 huh ok
[00:28:06] <mutante>	 mv temp-restore.pem /etc/bacula/ssl/
[00:28:10] <bstorm>	 Now that I'm getting that this part is on the client, it's making sense
[00:28:36] <mutante>	 ok, so now we can go back to backup1001 and run bconsole
[00:28:38] <bstorm>	 The doc could use, in bold "on the director" and "on the client" before each line :)
[00:28:50] <mutante>	 yes, true
[00:28:55] <bstorm>	 Alright, shall I try that?
[00:29:01] <mutante>	 sure, yes
[00:29:04] <mutante>	 5 -> restore ..
[00:29:06] <bstorm>	 ok
[00:29:26] <mutante>	 then you get to a part where it builds a virtual filesystem you can move around in
[00:29:37] <mutante>	 and then you have to "mark" the files you want
[00:29:44] <bstorm>	 got there
[00:29:50] <mutante>	 well, let's hope the key part works
[00:29:54] <mutante>	 :) yay
[00:30:09] <bstorm>	 gonna mark the grafana dir 
[00:30:16] <mutante>	 ok, mark all the files and then it's "done" somehow
[00:30:32] <bstorm>	 which is clearly more files than I need, but it won't blow away the freespace so more is better
[00:30:47] <mutante>	 and then it should show you another time all the things.. what host to restore from, what host to restore to
[00:31:06] <bstorm>	 Ok, so I'll say "mod"
[00:31:11] <bstorm>	 to change host
[00:31:19] <mutante>	 yes
[00:31:50] <mutante>	 eh, wait a sec
[00:32:01] <mutante>	 let me give bacula the right to read the temp key, heh
[00:32:01] <bstorm>	 looks ready to go
[00:32:11] <bstorm>	 yes please :)
[00:32:30] <bstorm>	 https://www.irccloud.com/pastebin/bdL68j83/
[00:32:39] <bstorm>	 That all looks good to me. 
[00:32:43] <mutante>	 ok, done, files in ./ssl/ all have same privs now
[00:32:45] <bstorm>	 whenever the client is ready
[00:32:47] <bstorm>	 thanks :)
[00:32:49] <mutante>	 go ahead
[00:33:01] <bstorm>	 Job queued. JobId=340859
[00:33:11] <bstorm>	 I guess bacula doesn't believe in progress bars
[00:33:21] <mutante>	 ok, cool.. now it's just about checking the destination directory
[00:33:29] <mutante>	 did it already create all the file names but they are empty?
[00:33:42] <mutante>	 I am not sure how long it takes
[00:33:52] <mutante>	 sometimes fast sometimes not afair
[00:34:18] <mutante>	 you can also try looking at jobs from bconosle
[00:34:54] <mutante>	 what did you pick as destination path ?
[00:35:07] <bstorm>	 I left the default of /var/tmp/bacula-restores
[00:35:15] <bstorm>	 That doesn't seem to exist at the moment
[00:35:26] <mutante>	 ack, yea, not yet
[00:36:00] <mutante>	 oh, but we need to start the daemon again too
[00:36:08] <mutante>	 checks
[00:36:12] <bstorm>	 I tried `status jobid=blah` and that didn't really help
[00:36:27] <bstorm>	 it didn't give me a job status per se
[00:36:38] <mutante>	 root@cloudmetrics1001:/var/tmp# systemctl start bacula-fd
[00:36:39] <mutante>	 :p
[00:37:02] <bstorm>	 heh
[00:37:06] <mutante>	 guess that is needed to write the files
[00:37:22] <mutante>	 docs dont say it though
[00:38:05] <bstorm>	 https://www.irccloud.com/pastebin/e4iD1TtD/
[00:38:26] <bstorm>	 I guess that's a socket
[00:38:28] <mutante>	 can you tell it to run that again?
[00:38:41] <bstorm>	 https://www.irccloud.com/pastebin/P7BtJS4N/
[00:38:45] <bstorm>	 Yeah I can try that
[00:39:28] <mutante>	 fwiw, /var/log/bacula exists on client but is empty
[00:40:16] <bstorm>	 [bstorm@cloudmetrics1001]:tmp $ systemctl status bacula-fd
[00:40:16] <bstorm>	 ● bacula-fd.service - Bacula File Daemon service
[00:40:16] <bstorm>	    Loaded: loaded (/lib/systemd/system/bacula-fd.service; enabled; vendor preset: enabled)
[00:40:16] <bstorm>	    Active: active (running) since Sat 2021-06-05 00:36:33 UTC; 3min 27s ago
[00:40:25] <bstorm>	 That looks promising anyway :)
[00:40:36] <mutante>	 ah, yea, that is running
[00:40:48] <mutante>	 but we need the director to try it again 
[00:40:57] <mutante>	 to connect to the client
[00:41:04] <bstorm>	 I am starting it...now
[00:41:09] <mutante>	 cool
[00:41:33] <mutante>	 root@cloudmetrics1001:/var/tmp# file bacula-restores/
[00:41:33] <mutante>	 bacula-restores/: directory
[00:41:37] <mutante>	 ^ this is new :)
[00:41:40] <bstorm>	 yay!
[00:41:46] <bstorm>	 status looks better on bconsole too
[00:41:56] <bstorm>	 Running Jobs:
[00:41:56] <bstorm>	 Reading: Full Restore job RestoreFiles JobId=340860 Volume="production0471"
[00:41:56] <bstorm>	     pool="Default" device="FileStorageProduction" (/srv/production) newbsr=0
[00:41:56] <bstorm>	     Files=545 Bytes=376,748,783 AveBytes/sec=41,860,975 LastBytes/sec=41,860,975
[00:41:56] <bstorm>	     FDReadSeqNo=6 in_msg=6 out_msg=16944 fd=5
[00:41:57] <mutante>	 but wait until we see files are not empty
[00:42:03] <bstorm>	 yeah
[00:42:09] <mutante>	 without the key we would also see this ..so far
[00:42:40] <bstorm>	 files do not look empty so far
[00:43:09] <bstorm>	 job finished
[00:43:18] <mutante>	 looking great
[00:43:22] <mutante>	 I can read content in clear text
[00:43:29] <bstorm>	 484M	bacula-restores/var/lib/grafana/
[00:43:32] <bstorm>	 great
[00:43:48] <bstorm>	 ok, I'll move it to /root so some random reboot doesn't erase it
[00:43:56] <mutante>	 *nod*
[00:44:38] <mutante>	 sure enough this is what you need ?
[00:45:06] <bstorm>	 This is what I was after :)
[00:45:18] <bstorm>	 If it doesn't work, i probably have no other recourse anyway
[00:45:28] <bstorm>	 Now we can try to restore the lost content on Monday
[00:45:33] <mutante>	 oh, look "enable puppet again / let it start bacula-fd or start it yourself" is at the very end
[00:45:35] <bstorm>	 Thank you!
[00:45:42] <bstorm>	 Yeah, let's do that
[00:45:44] <mutante>	 but .. either not true or we got away with it
[00:45:50] <mutante>	 starting it early
[00:46:02] <bstorm>	 I'll enable puppet on the director, if you haven't already
[00:46:23] <mutante>	 please do and remove your client config file
[00:46:30] <mutante>	 I will shred the temp key on the client
[00:46:50] <bstorm>	 I'm running puppet agent to see if it deletes my file for me (and will remove it not)
[00:47:10] <bstorm>	 partly because it should need to reload bacula-dir
[00:47:21] <mutante>	 restarting bacula-fd on cloudmetrics1001 after removing temp key..and failed
[00:47:22] <bstorm>	 Notice: /Stage[main]/Bacula::Director/File[/etc/bacula/clients.d/cloudmetrics1002.eqiad.wmnet.conf]/ensure: removed
[00:47:28] <bstorm>	 oh that's fun :)
[00:47:30] <mutante>	 because I need to remove my edit there as well
[00:47:34] <mutante>	 that points to the key
[00:47:34] <bstorm>	 yeah...
[00:47:45] <bstorm>	 puppet should fix that?
[00:47:49] <bstorm>	 or maybe not
[00:48:04] <mutante>	 yea, verifying that right now
[00:48:20] <bstorm>	 it removed the file, on the director, but I didn't see a refresh, so I'll restart that service
[00:48:35] <mutante>	 do a reload
[00:48:39] <mutante>	 all we did was a reload so far
[00:48:42] <mutante>	 for the director
[00:48:46] <bstorm>	 Will do
[00:49:12] <bstorm>	 It's running after the reload
[00:49:15] <mutante>	 and yea, puppet agent on cloudmetrics fixed the PKI Keypair line .. and started bacula-fd
[00:49:18] <mutante>	 done
[00:49:25] <bstorm>	 🎉
[00:49:30] <bstorm>	 Thank you for working with me on that
[00:49:35] <mutante>	 nice. you're welcome
[00:49:45] <bstorm>	 All set :)
[00:49:48] <bstorm>	 have a good weekend
[00:49:55] * mutante logs out of servers. you too !:) 
[00:53:38] * bstorm makes a reminder to update the docs too
[00:54:54] <mutante>	 oh yea, thanks (something about chmod, then to remember to also revert edits in config everywhere and not sure if starting -fd only at the very end is correct now or not
[00:55:41] <mutante>	 but how would bacula write restored files with the file daemon :)
[00:55:53] <mutante>	 so I dont think docs can be correct in that part
[00:56:03] <mutante>	 s/with/without