zenmonkeykstop
commented
3 weeks ago We could probably regenerate it, I don't think we need to persist any redis state between backups.
Open legoktm opened 3 weeks ago
zenmonkeykstop
commented
3 weeks ago We could probably regenerate it, I don't think we need to persist any redis state between backups.
legoktm
commented
3 weeks ago Ack, that's probably better. Since we already run dpkg-reconfigure securedrop-app-code, I think we should delete the redis password out of config.py (if set), out of redis.conf (if set), and then delete rq_config.py (if it exists) and then let it be regenerated by the postinst script.
I'll think about edge cases a bit more but tentatively tagging with the 2.11.0 milestone.
legoktm
commented
2 weeks ago I'm planning to tackle this after #7331 lands because that one moves the script around.
Description
I haven't verified it yet, but there's probably a regression in the backup/restore prodecure now that we set a redis password. The password is set in config.py, which we backup, but we don't backup the redis.conf, so when it is restored, that same password won't be re-added to the redis config (a different one will be randomly generated).
We're also not backing up the new rq_config.py file.