Setting up the backup script

You can prepare for using the backup script by setting up a private key for the sftp session and setting environment variables.

Procedure

  1. Run the following command to connect to the management subsystem as the API Connect administrator. 
    ssh ip_address -l apicadm
  2. Select Yes to continue connecting, and once connected, get necessary credentials: 
    sudo -i
  3. Setup a Private Key for sftp Session.
    1. Create an RSA SSH key. For example, the following command can be used to generate an SSH key with the required RSA encryption: 
      ssh-keygen -t rsa -m pem

      Note the directory in which the generated id_rsa and id_rsa.pub files reside.

      The generated key needs to be uploaded to the Backup and Restore Pod by adding the key to the postgres-backrest-repo-config Kubernetes secret.

    2. Use the following command to determine the name of the secret: 
      kubectl get secrets -n <namespace> | grep postgres-backrest-repo-config | awk '{print $1}'

      Replace <namespace> with the namespace where the Management Subsystem resides. If you are using the default namespace, you can omit -n <namespace>.

    3. Use the following command to add the key to the secret:
      • MacOS
        kubectl patch secret <postgres-backrest-repo-config secret name> \
    -p="{\"data\":{\"sftp-key\": \"$(cat <path-to-key>/id_rsa | base64)\"}}"\
    -n <namespace>
      • Linux
        kubectl patch secret <postgres-backrest-repo-config secret name> \
    -p="{\"data\":{\"sftp-key\": \"$(cat <path-to-key>/id_rsa | base64 -w0)\"}}"\
    -n <namespace>

        Note that on Linux an extra -w0 flag is required to the base64 script to ensure that there are no extra line breaks added to the property.

      The SSH key will be automatically uploaded to the Backup and Restore Pod as file /sshd/sftp-key. This can take a few seconds.

    4. The id_rsa.pub file needs to be added to the authorized_keys file, on the sftp server, for the username that the sftp session uses. SSH to the sftp server with the following command: 
      ssh <sftp username>@<sftp server>

      Enter the password when prompted.

      Change to the .ssh directory of the sftp user. For example, cd /root/.ssh.

      Append the contents of the id_rsa.pub to the authorized_keys file.

  4. Complete the following setup steps for the sftp script:
    1. Determine the name of the Backup and Restore Pod, using the following command: 
      export POD=`kubectl get pods -n <namespace> | grep backrest-shared-repo | awk '{print $1}'`
    2. Set the following environment parameters either on the client machine or in the Pod: 
      export HOST=<sftp server hostname>
export DIRECTORY=<sftp backup directory on sftp server>
export USERNAME=<sftp session username>
export PASSWORD=<sftp session password> # if ssh key is not being used

Results

You can now use the sftp script: