From b80785e75e60d124b3422914fed7587915b94bc4 Mon Sep 17 00:00:00 2001
From: moelsayed <m.elsayed@gmail.com>
Date: Sat, 2 Mar 2019 04:28:40 +0200
Subject: [PATCH] Ensure certs are availaible for restore

---
 cluster/etcd.go  | 27 +++++++++++++++++++++++++++
 cluster/hosts.go |  3 +--
 cmd/etcd.go      |  4 ++++
 3 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/cluster/etcd.go b/cluster/etcd.go
index 41155f2f..aa596912 100644
--- a/cluster/etcd.go
+++ b/cluster/etcd.go
@@ -7,8 +7,10 @@ import (
 	"github.com/rancher/rke/docker"
 	"github.com/rancher/rke/hosts"
 	"github.com/rancher/rke/log"
+	"github.com/rancher/rke/pki"
 	"github.com/rancher/rke/services"
 	"github.com/rancher/rke/util"
+	"golang.org/x/sync/errgroup"
 )
 
 func (c *Cluster) SnapshotEtcd(ctx context.Context, snapshotName string) error {
@@ -24,6 +26,31 @@ func (c *Cluster) SnapshotEtcd(ctx context.Context, snapshotName string) error {
 	return nil
 }
 
+func (c *Cluster) DeployRestoreCerts(ctx context.Context, clusterCerts map[string]pki.CertificatePKI) error {
+	var errgrp errgroup.Group
+	hostsQueue := util.GetObjectQueue(c.EtcdHosts)
+	restoreCerts := map[string]pki.CertificatePKI{}
+	for _, n := range []string{pki.CACertName, pki.KubeNodeCertName, pki.KubeNodeCertName} {
+		restoreCerts[n] = clusterCerts[n]
+	}
+	for w := 0; w < WorkerThreads; w++ {
+		errgrp.Go(func() error {
+			var errList []error
+			for host := range hostsQueue {
+				err := pki.DeployCertificatesOnPlaneHost(ctx, host.(*hosts.Host), c.RancherKubernetesEngineConfig, restoreCerts, c.SystemImages.CertDownloader, c.PrivateRegistriesMap, false)
+				if err != nil {
+					errList = append(errList, err)
+				}
+			}
+			return util.ErrList(errList)
+		})
+	}
+	if err := errgrp.Wait(); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (c *Cluster) PrepareBackup(ctx context.Context, snapshotPath string) error {
 	// local backup case
 	var backupServer *hosts.Host
diff --git a/cluster/hosts.go b/cluster/hosts.go
index 286b3c32..ceed6842 100644
--- a/cluster/hosts.go
+++ b/cluster/hosts.go
@@ -12,7 +12,7 @@ import (
 	"github.com/rancher/rke/pki"
 	"github.com/rancher/rke/services"
 	"github.com/rancher/rke/util"
-	"github.com/rancher/types/apis/management.cattle.io/v3"
+	v3 "github.com/rancher/types/apis/management.cattle.io/v3"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
 )
@@ -127,7 +127,6 @@ func (c *Cluster) SetUpHosts(ctx context.Context, flags ExternalFlags) error {
 		}
 		hostList := hosts.GetUniqueHostList(c.EtcdHosts, c.ControlPlaneHosts, c.WorkerHosts)
 		var errgrp errgroup.Group
-
 		hostsQueue := util.GetObjectQueue(hostList)
 		for w := 0; w < WorkerThreads; w++ {
 			errgrp.Go(func() error {
diff --git a/cmd/etcd.go b/cmd/etcd.go
index 64570a6c..97dc6a8b 100644
--- a/cmd/etcd.go
+++ b/cmd/etcd.go
@@ -131,6 +131,10 @@ func RestoreEtcdSnapshot(
 	if err := kubeCluster.TunnelHosts(ctx, flags); err != nil {
 		return err
 	}
+	// if we fail after cleanup, we can't find the certs to do the download, we need to redeploy them
+	if err := kubeCluster.DeployRestoreCerts(ctx, rkeFullState.DesiredState.CertificatesBundle); err != nil {
+		return err
+	}
 	// first download and check
 	if err := kubeCluster.PrepareBackup(ctx, snapshotName); err != nil {
 		return err