Restoring from a management database backup

Use the apicup command to list backups and then restore the selected backup of the management database.

Before you begin

  • If you restore the management subsystem database, you must also restore the portal subsystem database from a backup that was taken at the same time. The database backups of the management and portal must be taken at the same time to ensure that the portal sites are consistent with the management database.
  • Restoring the management database requires downtime and is a destructive process that deletes current data and copies backup data. During the restoration process, external traffic must be stopped.
  • To restore the management database, you must use the original project directory that was created with apicup during the initial product installation. You cannot restore the database without the initial project directory. If necessary, restore the project directory from your Project directory backup.

About this task

Restoring a backup restores the registration credentials (client_ID, client_secret) that were in use at the time that the selected backup was created. For more information about the registration credentials, see Changing the registration client_id and client_secret for applications.

Procedure

  1. List the available backups: 
    apicup subsys list-backups <management subsystem name>
    Example output:
    NAME                             AGE     CLUSTER              METHOD              PHASE       ERROR
mgmt-backup-rnvx8                15m     stv3-management-site1-db   ObjectStore   completed   
stv3-management-20240617010000   7h46m   stv3-management-site1-db   ObjectStore   completed
    Take note of the name of the backup that you want to restore.

    If the backup you want to restore is not listed, but you know where it is on your SFTP server or object-store, then you can restore by using the backup ID instead of the backup name, seeRestore with ID.

  2. Restore the backup.
    Two methods are available to restore a backup:
    • Restore with the backup name identified in step 1.
      apicup subsys restore <management subsystem name> --name <backupname> <flags>
      Available flags:
      apicup subsys restore mgmt --help
Restore management subsystem

Usage:
  restore SUBSYS [flags]

Flags:
      --backup-certs string      Backup certs which are used for TLS communication between APIC and backup server. Currently only supported for objstore backups.
      --debug                    Enable debug logging
  -h, --help                     help for restore
      --host <host>/<myregion>   FQDN for DB backups server in format <host>/<myregion>
      --id string                ID of the backup to restore
      --name string              Name of the backup to restore
      --password string          Password for DB backups server
      --path string              Path for DB backups server
      --port int                 Server port for DB backups (default 22)
      --protocol string          Protocol for DB backups server ('objstore', 'sftp', 'local')
      --s3-uri-style string      Supports either 'host' or 'path'. Supported only for 'objstore' backups.
      --ssh-key string           OpenSSH private key file path for DB backups using SFTP only
      --username string          Username for DB backups server
      --wait                     Wait for the operation to complete or fail.
      --wait-timeout duration    Command timeout in seconds. (default 40s)
      Example: 
      apicup subsys restore boaz-ova2-management --name mgmt-backup-qdbfn

Starting restore...
please check later for completion status of restore
ManagementRestore is RestoreInProgress
    • Restore with the backup ID.

      If you do not have a backup name for the backup you want to restore, you can use a backup ID. Look on your SFTP server or object-store to identify the ID of the management database backup that you want to restore.

      Management database backups appear as folders that use a datestamp for their name, and are located inside the backup path. Example of a management database backup with its full path:
      apic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z/base/20230914T013040
      • apic-mgmt-backups/impr-restore/m1-65288d1d-db-2023-09-14T01:30:40Z is the backup path. The datestamp 2023-09-14T01:30:40Z indicates when the management database was created (not when the backup was created). The management database is created on initial installation, and re-created when a backup restore is run. The path with the most recent datestamp should contain the most recent backups.
      • 20230914T013040 is the backup ID. The format indicates the date and time that the backup was taken.
      When you restore with a backup ID, you must include the SFTP server or object-store host, path, protocol, username, and password as flags in the restore command:
      apicup subsys restore <management subsystem name> --id <backup ID> --host <hostname> --protocol <protocol>--username <username> --password <password> --path <backup path>
      For example:
      apicup subsys restore boaz-ova2-management --id 20230725T162548 --host s3.eu-gb.cloud-object-storage.appdomain.cloud/eu-gb --username 'a05e7aace2ab43b5941326429c8c071c' --password '3e510a1d9b06189b57334d064badf6abc39ab5a51d9bdcf7' --path upgrade-test/boaz-ova1-management-22/management-site1-db-2023-11-16T12:30:02Z

Starting restore...
INFO[0000] Creating generic secret mgmt-restore-auth-secret.
please check later for completion status of restore
ManagementRestore is RestoreInProgress
root@apicdev3067:/home/apicadm/boaz-ova2# k get mgmtr
NAME                 STATUS              MESSAGE                                                                                          BACKUP              CLUSTER                PITR                  AGE
NAME                 STATUS     MESSAGE                                            BACKUP              CLUSTER                PITR                  AGE
mgmt-restore-t6ss5   Complete   Restore process completed (DB Restore + DRR job)   mgmt-backup-cdkv6   boaz-ova2-management   2023-07-25T16:25:58   127m
mgmt-restore-tgxl2   Complete   Restore process completed (DB Restore + DRR job)                       boaz-ova2-management
  3. Monitor the restore: 
    apicup subsys list-restores <management subsystem name>
    The list-restores command shows RestoreSuccessful when the restore is complete.

What to do next

Restore your portal database backup: Restoring the portal database backup.