Configuring SFTP backup settings for a fresh install of the Management subsystem on OpenShift or Cloud Pak for Integration

Configure SFTP backups for the API Connect Management subsystem that you will deploy in your OpenShift or Cloud Pak for Integration environment.

1. Create a backup secret.

   The backup secret is a Kubernetes secret that contains your credentials for accessing the SFTP backup database. Supported credentials types:

   • Username and password (10.0.1.1-eus or later).
   • Username and SSH-key (10.0.1.4-ifix1-eus or later). Only OpenSSH keys are supported.¹

   Use one of the following commands to create the secret:

   • Username and password credentials

     $ oc create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>' 
     --from-literal=password='<YOUR PASSWORD>' -n <namespace-of-mgmt-subsystem>

   • Version 10.0.1.4-ifix1-eus or later: Username and SSH-key credentials:

     $ oc create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>'
      --from-file=ssh-privatekey='<YOUR PRIVATEKEY FILE>' -n <namespace-of-mgmt-subsystem>

2. Configure th Management backup settings.

   Create the APIConnectCluster installation CR and add the Management backup configuration using one of the following methods:

   • OpenShift web console:
     1. Navigate to Advanced Configuration > ManagementSubsystem > Advanced Configuration > Database Backups > Advanced Configuration
     2. See the on-screen instructions for how to fill in each field. See also Management subsystem settings.

        The following fields are unique to SFTP backup configuration:

        • Server port. Default is 22.
        • The fields in the Restart Database section. Changing SFTP (protocol) backup configures does not involve any downtime.
        • Retries.
   • Cloud Pak Platform Navigator:
     1. In Platform Navigator for the API Connect cluster instance, select Configuration. On the UI Form tab, set Advanced Options to On.
     2. See the on-screen instructions for how to fill in values for:
        • Credentials
        • Server Hostname
        • Path
        • Server Port
        • Protocol
        • Retries
        • Schedule

        For more information, see Management subsystem settings.

   • YAML file: Use Table 1 for guidance while you define the backup settings as shown in the following example.

     spec:
       management:
         databaseBackup:
           protocol: sftp
           host: <SFTP-host-name>
           port: <SFTP-port>
           path: apic-backup
           retries: 0
           credentials: mgmt-backup-secret
           schedule: "0 3 * * *"

     Table 1. Backup configuration settings

     Setting	Description
     protocol	The type of the backup. For SFTP storage: sftp.
     host	The backups host. For sftp type, the SFTP server hostname
     port	The SFTP server port. Optional. Default: 22.
     path	The path to the location of the backup. For sftp type, the folder name on the SFTP server.
     retries	The number of times the ibm-apiconnect Operator attempts backups in the event of a failed SFTP backup. Default value: 0.
     credentials	Name of the Kubernetes secret containing your SFTP Username/password. For Version 10.0.1.4-ifix1-eus or later, the Kubernetes secret can contain your SFTP Username and SSH key.
     schedule	Cron like schedule for performing automatic backups. The format for the schedule is: * * * * * - - - - - | | | | | | | | | +----- day of week (0 - 6) (Sunday=0) | | | +------- month (1 - 12) | | +--------- day of month (1 - 31) | +----------- hour (0 - 23) +------------- min (0 - 59) The timezone for backups is that of the node on which the postgres-operator pod is scheduled. There is no default backup schedule set. Be sure to set your backup schedule. All scheduled Management subsystem backups are of type full only.