Restoring the management database with a backup ID

If the Backup CR is missing, but the backup is present on your remote SFTP server or object-store, you can restore the backup by using the backup ID.

About this task

Restore of the management database with a backup ID is required in a disaster recovery scenario, where you redeployed your management subsystem and restored your infrastructure configuration from your config backup.

Note: For OpenShift users: The steps that are detailed in this topic use the Kubernetes kubectl command. On OpenShift, use the equivalent oc command in its place.

Procedure

  1. Identify the backup ID and path of the backup that you want to restore from your remote SFTP server or object-store.
    Management database backups appear as folders that use a datestamp for their name, and are located inside the backup path. Example of a management database backup with its full path:
    apic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z/base/20230914T013040
    • apic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z is the backup path. The datestamp 2023-09-14T01:30:40Z indicates when the management database was created (not when the backup was created). The management database is created on initial installation, and re-created when a backup restore is run. The path with the most recent datestamp should contain the most recent backups.
    • 20230914T013040 is the backup ID. The format indicates the date and time that the backup was taken.
  2. Create a file called mgmt-restore.yaml and paste in the following text:
    apiVersion: management.apiconnect.ibm.com/v1beta1
    kind: ManagementRestore
    metadata:
      generateName: management- # this the prefix for the name of the restore CR that is created
    spec:
      subsystemName: <management CR name>
      backup:
        protocol: [sftp|objstore]
        host: <host>/<region>
        port: <port number>
        path: <path>
        credentials: <backup secret>
        backupCerts: <custom CA certificate>
        backups3URIStyle: <path/host> # host or virtual style is the default 
      backupId: <backup ID>
    
    where:
    • subsystemName is the name of your ManagementCluster CR, run kubectl get mgmt to see what this name is.
    • protocol is the remote backup server type. Set to sftp or objstore.
    • host is the remote SFTP server hostname or object-store endpoint. If you are using an object-store and your endpoint does not have a region, then omit /<region>.
    • port is the listening port on your remote SFTP server or object-store. Defaults are 22 for SFTP and 443 for object-store.
    • path is the path that you identified in step 1.
    • credentials is the backup secret that you configured to authenticate with the remote backup site. See Create backup secret.
    • backupCerts is the CA certificate secret of the remote SFTP server or object-store. See step 2 on Configuring management database backups. If you did not create this secret during backup configuration, then omit this property.
    • backups3URIStyle applies to backups to object-store only. Indicates whether URIs to your object-store backup specify a host or a path value. Set to either host or path. The default is host.
    • backupId is the ID that you identified in step 1.
    Example mgmt-restore.yaml file that uses the values from step 1:
    apiVersion: management.apiconnect.ibm.com/v1beta1
    kind: ManagementRestore
    metadata:
      generateName: management-
    spec:
      subsystemName: management
      backup:
        protocol: objstore
        host: s3.ibm.com/us-west
        path: pic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z
        credentials: mgmt-backup-secret
      backupId: 20230914T013040
    Note: If the management database encryption key was changed since the backup was taken (because you followed the steps in Changing the database encryption key), then you must restore the original encryption key before you apply the restore CR. See restore old encryption key.
  3. Start the restore by creating the ManagementRestore CR from the mgmt-restore.yaml file:
    kubectl -n <management namespace> create -f mgmt-restore.yaml
  4. Verify that the restore is running with:
    kubectl -n <management namespace> get ManagementRestore --sort-by=.metadata.creationTimestamp
    Example output:
    NAME                 STATUS      BACKUP              CLUSTER       MESSAGE                                            PITR                    AGE
    mgmt-restore-hr9zx   Complete    mgmt-backup-xnjkl   m1            Restore process completed (DB Restore + DRR job)   9m8s
    

What to do next

Restore the database backups of any developer portal services that are registered with the management subsystem: Restoring from a portal database backup.