Configure scheduled database backups of your analytics subsystem.
Before you begin
You must have a PV available for backups to be stored. If you did not configure
this during installation, then configure it now:
- Open the analytics CR for editing.
- Add a
backup.volumeClaimTemplate
section to define your local backups PVC, in
the spec.storage
section. For example: spec:
storage:
backup:
volumeClaimTemplate:
storageClassName: <storage class>
volumeSize: <backups size>
where:
On Cloud Pak for Integration and OpenShift
top-level CR installations, add backup.volumeClaimTemplate
to
spec.analytics.storage
.
Procedure
- Create the analytics backup secret for your object-store or remote
SFTP server.
If you want to store your backups in an object-store and use an access key and secret, then
follow the documentation of your object-store provider to obtain an access key and secret.
Documentation links for some common object-store providers:
Create a Kubernetes secret called
analytics-backup-secret
that contains your
remote SFTP or object-store credentials in the same namespace as your analytics subsystem:
- Object-store:
kubectl -n <namespace> create secret generic analytics-backup-secret --from-literal=access_key='<your access key>' --from-literal=secret_key='<your access secret>'
orkubectl -n <namespace> create secret generic analytics-backup-secret --from-literal=username='<username>' --from-literal=password='<password>'
- SFTP
server:
kubectl -n <namespace> create secret generic analytics-backup-secret --from-literal=username='<username>' --from-literal=password='<password>'
If your object-store or remote SFTP server credentials change, then update the
analytics-backup-secret
by deleting and then recreating as follows:
- Delete the
analytics-backup-secret
:kubectl -n <namespace> delete secret analytics-backup-secret
- Recreate
analytics-backup-secret
with your new credentials.
- Open the analytics CR for editing.
On Kubernetes and OpenShift individual
subsystem installations, edit your analytics CR directly:
kubectl edit a7s
On
Cloud Pak for Integration and OpenShift top-level CR
installations, edit the
APIConnectCluster
CR:
kubectl edit APIConnectCluster
- Add the
databaseBackup
configuration. On Kubernetes and
OpenShift individual subsystem installations, add
databaseBackup
to the
spec
section of the analytics CR. On
Cloud Pak for Integration and OpenShift top-level CR
installations, add
databaseBackup
to the
spec.analytics
section of
the
APIConnectCluster
CR.
databaseBackup:
enabled: [true|false]
protocol: [local|sftp|objstore]
scope: [default|all]
credentials: analytics-backup-secret
host: <remote backup site hostname>
port: <remote backup site port>
path: <remote backup site path>
backups3URIStyle: [host|path]
backupCerts: <object-store server CA secret>
schedule: <cron formatted schedule> # "0 2 * * *"
where:
enabled
: Set to true
to enable backups. Set to
false
to disable.
protocol
: Type of remote backup site, objstore
or
sftp
. If you do not have a remote backup site then, set to
local
.
scope
: Set to all
to include all your analytics data, or set
to default
to backup only the summary data and shared queries. To estimate the
size of your analytics data, see Estimating storage requirements.
host
: is the hostname of your remote SFTP server or object-store endpoint.
If you are using an object-store, then this property must include the corresponding region. Examples:
- Region provided in the
FQDN:
s3.s3region.s3domain
- Region provided in the
path:
s3.s3domain/s3region
- If the endpoint has no region:
s3.s3domain
path
:
- If object-store is used, this property is a combination of the object-store bucket and the base
path within the bucket. Use the format:
bucket_name/path
.
- If a remote SFTP server is used, this property is the directory where your backups are
stored.
backups3URIStyle
: If object-store is used, this property defines the path
style, set to host
or path
.
backupCerts
: If object-store is used, this property is the name of a secret
that contains your object-store server certificate.This property is only required if your
object-store has a self-signed root certificate, see Creating the object-store CA certificates. If your object-store server does not have a
self-signed root certificate, then you can omit this line.
schedule
: The cron schedule for when backups are copied to your remote SFTP
server or object-store. This property does not control when backups are taken. Local backups are
taken at 55 minutes past the hour, and this property defines the schedule for transferring the most
recent local backup to your remote SFTP server or object store. The format for the schedule is any
valid cron
string. The time zone for backups is that of the
kube-controller-manager
.
Do not set the schedule to more frequently than once
an hour.
What to do next
After your backup settings are configured in your analytics CR, take a new config backup to capture the updated CR settings and backup
secrets.