Backing up your management certificates

How to backup your management subsystem certificates on VMware.

Backup your management subsystem certificates by using the dr-preparation script.

  1. Download v10_ova_dr_files-<version>.tgz from IBM Fix Central.
  2. Decompress v10_ova_dr_files-<version>.tgz to extract the dr-preparation-py script:
    tar -xzf v10_ova_dr_files-<version>.tgz
  3. Copy the v10-dr/dist/dr-preparation-py script to one of your management VMs:
    scp v10-dr/dist/dr-preparation-py apicadm@<management vm>:/home/apicadm
    Note: On three replica deployments, you can run this script on any of the management VMs.
  4. Log in to the management VM:
    ssh apicadm@<management vm>
  5. Run the dr-preparation-py script:
    sudo python3 dr-preparation

    The script creates the output file apicup-commands.txt that contains the apicup commands. The apicup commands that are generated include the encoded certificates of your management subsystem. In a disaster recovery scenario, you redeploy your management subsystems and run these apicup commands to re-create the certificates.

    Verify that the file contains the following apicup commands:
    apicup certs set management atm-credential --encoded-string '<encoded_string>'
    apicup certs set management consumer-toolkit-credential --encoded-string '<encoded_string>'
    apicup certs set management designer-credential --encoded-string '<encoded_string>'
    apicup certs set management toolkit-credential --encoded-string '<encoded_string>'
    apicup certs set management juhu-credential --encoded-string '<encoded_string>'
    apicup certs set management consumer-ui-credential --encoded-string '<encoded_string>'
    apicup certs set management ui-credential --encoded-string '<encoded_string>'
    apicup certs set management encryption-secret --encoded-string '<encoded_string>'
    apicup certs set management discovery-credential --encoded-string '<encoded_string>'
    apicup certs set management governance-credential --encoded-string '<encoded_string>'
    apicup subsys set management site-name='<site_name>'
    Note: If any of the certificates are missing, the script shows an error message. Resolve any errors before you continue, or you cannot successfully recover from a disaster event.
  6. Copy the apicup-commands.txt file off the VM and store it with your project directory backup.