If the Backup
CR is missing, but the backup is present on your remote
SFTP server or object-store, you can restore the backup by using the backup ID.
About this task
Restore of the management database with a backup ID is required in a disaster recovery scenario,
where you redeployed your management subsystem and restored your infrastructure configuration from
your config backup.
Note: For OpenShift users: The steps that are
detailed in this topic use the Kubernetes kubectl
command. On OpenShift, use the
equivalent oc
command in its place.
Procedure
-
Identify the backup ID and path of the backup that you want to restore from your remote SFTP
server or object-store.
Management database backups appear as folders that use a datestamp for
their name, and are located inside the backup path. Example of a management database backup with its
full path:
apic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z/base/20230914T013040
apic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z
is the
backup path. The datestamp 2023-09-14T01:30:40Z
indicates when the management
database was created (not when the backup was created). The management database is created on
initial installation, and re-created when a backup restore is run. The path with the most recent
datestamp should contain the most recent backups.
20230914T013040
is the backup ID. The format indicates the date and time that
the backup was taken.
- Create a file called mgmt-restore.yaml and paste in the following
text:
apiVersion: management.apiconnect.ibm.com/v1beta1
kind: ManagementRestore
metadata:
generateName: management- # this the prefix for the name of the restore CR that is created
spec:
subsystemName: <management CR name>
backup:
protocol: [sftp|objstore]
host: <host>/<region>
port: <port number>
path: <path>
credentials: <backup secret>
backupCerts: <custom CA certificate>
backups3URIStyle: <path/host> # host or virtual style is the default
backupId: <backup ID>
where:
subsystemName
is the name of your ManagementCluster
CR, run
kubectl get mgmt
to see what this name is.
protocol
is the remote backup server type. Set to sftp
or
objstore
.
host
is the remote SFTP server hostname or object-store endpoint. If you are
using an object-store and your endpoint does not have a region, then omit
/<region>.
port
is the listening port on your remote SFTP server or object-store. Defaults
are 22 for SFTP and 443 for object-store.
path
is the path that you identified in step 1.
credentials
is the backup secret that you configured to authenticate with the
remote backup site. See Create backup secret.
backupCerts
is the CA certificate secret of the remote SFTP server or
object-store. See step 2 on Configuring management database backups. If you did not create this secret during backup configuration,
then omit this property.
backups3URIStyle
applies to backups to object-store only. Indicates whether
URIs to your object-store backup specify a host or a path value. Set to either host
or path
. The default is host
.
backupId
is the ID that you identified in step 1.
Example
mgmt-restore.yaml file that uses the values from step
1:
apiVersion: management.apiconnect.ibm.com/v1beta1
kind: ManagementRestore
metadata:
generateName: management-
spec:
subsystemName: management
backup:
protocol: objstore
host: s3.ibm.com/us-west
path: pic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z
credentials: mgmt-backup-secret
backupId: 20230914T013040
- Start the restore by creating the
ManagementRestore
CR from the
mgmt-restore.yaml file:
kubectl -n <management namespace> create -f mgmt-restore.yaml
- Verify that the restore is running with:
kubectl -n <management namespace> get ManagementRestore --sort-by=.metadata.creationTimestamp
Example
output:
NAME STATUS BACKUP CLUSTER MESSAGE PITR AGE
mgmt-restore-hr9zx Complete mgmt-backup-xnjkl m1 Restore process completed (DB Restore + DRR job) 9m8s
What to do next
Restore the database backups of any developer portal services that are registered with the
management subsystem: Restoring from a portal database backup.