Configuring SFTP backup settings for fresh install of the Management subsystem on OpenShift and Cloud Pak for Integration

Beginning with API Connect V10.0.1.1, you can configure SFTP backups for your Management subsystem in your OpenShift and Cloud Pak for Integration environments.

Before you begin

If the APIConnectCluster instance is already created, do not use these instructions. Instead, add the Management backup configuration by following the instructions in Reconfiguring or adding backup settings after installation of the management subsystem on OpenShift and Cloud Pak for Integration.

About this task

When creating an instance of API Connect, use the advanced configuration settings to configure database backups for the Management subsystem.

Procedure

  1. Create a backup secret.

    The backup secret is a Kubernetes secret that contains your credentials for accessing the SFTP backup database. Supported credentials types:

    • Username and password (v10.0.2.0 or later).
    • Username and SSH-key (v10.0.3.0 or later). Only OpenSSH keys are supported.1

    Use one of the following commands to create the secret:

    • Username and password credentials
      oc create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>' --from-literal=password='<YOUR PASSWORD>' -n <namespace-of-mgmt-subsystem>
    • Version 10.0.3.0 or later: Username and SSH-key credentials: 
      oc create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>' --from-file=ssh-privatekey='<YOUR PRIVATEKEY FILE>' -n <namespace-of-mgmt-subsystem>
    Note: If the username contains the backslash character, insert an extra backslash to escape it. For example, if the username is:
    backup\svc-apic
    set this as:
    -from-literal=username='backup\\svc-apic'
  2. Configure the Management backup settings.

    Create the APIConnectCluster installation CR and add the Management backup configuration using one of the following methods:

    • OpenShift web console:
      1. Navigate to Advanced Configuration > ManagementSubsystem > Advanced Configuration > Database Backups > Advanced Configuration
      2. See the on-screen instructions for how to fill in each field. See also Management subsystem settings.

        The following fields are unique to SFTP backup configuration:

        • Server port. Default is 22.
        • The fields in the Restart Database section. Changing SFTP (protocol) backup configures does not involve any downtime.
        • Retries.
    • IBM Cloud Pak Platform UI:
      1. In the Platform UI for the API Connect cluster instance, select Configuration. On the Common settings tab, set Advanced Options to On.
      2. See the on-screen instructions for how to fill in values for:
        • Credentials
        • Server Hostname
        • Path
        • Server Port
        • Protocol
        • Retries
        • Schedule (The timezone for backups is that of the node on which the postgres-operator pod is scheduled.)

        For more information, see Management subsystem settings.

    • YAML file: Use Table 1 for guidance while you define the backup settings as shown in the following example.
      spec:
  management:
    databaseBackup:
      protocol: sftp
      host: <SFTP-host-name>
      port: <SFTP-port>
      path: apic-backup
      retries: 0
      credentials: mgmt-backup-secret
      schedule: "0 3 * * *"
      Table 1. Backup configuration settings
      Setting Description
      protocol The type of the backup. For SFTP storage: sftp.
      host The backups host. For sftp type, the SFTP server hostname
      port The SFTP server port. Optional. Default: 22.
      path The path to the location of the backup. For sftp type, the folder name on the SFTP server.
      retries The number of times the ibm-apiconnect Operator attempts backups in the event of a failed SFTP backup.

      Default value: 0.
      credentials Name of the Kubernetes secret containing your SFTP Username/password. For Version 10.0.3.0 or later, the Kubernetes secret can contain your SFTP Username and SSH key.
      schedule Cron like schedule for performing automatic backups. The format for the schedule is:
      • * * * * *
      • - - - - -
      • | | | | |
      • | | | | +----- day of week (0 - 6) (Sunday=0)
      • | | | +------- month (1 - 12)
      • | | +--------- day of month (1 - 31)
      • | +----------- hour (0 - 23)
      • +------------- min (0 - 59)

      The timezone for backups is that of the node on which the postgres-operator pod is scheduled.

      There is no default backup schedule set. Be sure to set your backup schedule.

      All scheduled Management subsystem backups are of type full only.
1 PuTTY style keys can be converted to OpenSSH by using the PuTTY Key Generator (PuTTYgen) application; see https://www.puttygen.com/.