Configuring analytics database backups

Configure scheduled database backups of your analytics subsystem.

Before you begin

You must have a PV available for backups to be stored. If you did not configure a PV during installation, then configure it now by completing the following steps.

Open the analytics CR for editing.
- On Kubernetes and OpenShift® individual subsystem installations, edit your analytics CR directly:
```
kubectl edit a7s
```
- On Cloud Pak for Integration and OpenShift top-level CR installations, edit the APIConnectCluster CR:
```
kubectl edit APIConnectCluster
```
Add a backup.volumeClaimTemplate section to define your local backups PVC, in the spec.storage section. For example:
```
spec:
  storage:
    backup:
      volumeClaimTemplate:
        storageClassName: <storage class>
        volumeSize: <backups size>
```
where,
- <storage class> - The storage class for this PVC, see Storage class.
- <backups size> - The size you calculated for your backups in Estimating storage requirements.
On Cloud Pak for Integration and OpenShift top-level CR installations, add backup.volumeClaimTemplate to spec.analytics.storage.

Procedure

Create the analytics backup secret for your object-store or remote SFTP server.
If you want to store your backups in an object-store and use an access key and secret, then follow the documentation of your object-store provider to obtain an access key and secret. Documentation links for some common object-store providers are as follows:
- IBM Cloud® Object Storage
- AWS
Create a Kubernetes secret called analytics-backup-secret that contains your remote SFTP or object-store credentials in the same namespace as your analytics subsystem:
- Object-store
```
kubectl -n <namespace> create secret generic analytics-backup-secret --from-literal=access_key='<your access key>' --from-literal=secret_key='<your access secret>'
```
  or
```
kubectl -n <namespace> create secret generic analytics-backup-secret --from-literal=username='<username>' --from-literal=password='<password>'
```
- SFTP server
```
kubectl -n <namespace> create secret generic analytics-backup-secret --from-literal=username='<username>' --from-literal=password='<password>'
```
If your object-store or remote SFTP server credentials change, then update the analytics-backup-secret by deleting and then re-creating as follows:
1. Delete the analytics-backup-secret:
```
kubectl -n <namespace> delete secret analytics-backup-secret
```
2. Re-create analytics-backup-secret with your new credentials.
Open the analytics CR for editing.
On Kubernetes and OpenShift individual subsystem installations, edit your analytics CR directly:
```
kubectl edit a7s
```
On Cloud Pak for Integration and OpenShift top-level CR installations, edit the APIConnectCluster CR:
```
kubectl edit APIConnectCluster
```
Add the databaseBackup configuration.
On Kubernetes and OpenShift individual subsystem installations, add databaseBackup to the spec section of the analytics CR. On Cloud Pak for Integration and OpenShift top-level CR installations, add databaseBackup to the spec.analytics section of the APIConnectCluster CR.
```
  databaseBackup:
    enabled: [true|false]
    protocol: [local|sftp|objstore]
    scope: [default|all]
    credentials: analytics-backup-secret
    host: <remote backup site hostname>
    port: <remote backup site port>
    path: <remote backup site path>
    backups3URIStyle: [host|path]
    backupCerts: <object-store server CA secret>
    schedule: <cron formatted schedule> # "0 2 * * *"
```
where,
- enabled - Set to true to enable backups. Set to false to disable.
- protocol - Type of remote backup site, objstore or sftp.
  If you do not have a remote backup site then, set to local.
- scope - Set to all to include all your analytics data, or set to default to backup only the summary data and shared queries.
  To estimate the size of your analytics data, see Estimating storage requirements.
- host - is the hostname of your remote SFTP server or object-store endpoint.
  If you are using an object-store, then this property must include the corresponding region. Examples:
  - Region provided in the FQDN -
    s3.s3region.s3domain
  - Region provided in the path:
    s3.s3domain/s3region
  - If the endpoint has no region:
    s3.s3domain
- path-
  - If object-store is used, this property is a combination of the object-store bucket and the base path within the bucket. Use the format: bucket_name/path.
  - If a remote SFTP server is used, this property is the directory where your backups are stored.
- backups3URIStyle - If object-store is used, this property defines the path style, set to host or path.
- backupCerts - If object-store is used, this property is the name of a secret that contains your object-store server certificate.
  This property is only required if your object-store has a self-signed root certificate, see Creating the object-store CA certificates. If your object-store server does not have a self-signed root certificate, then you can omit this line.
- schedule - The cron schedule for when backups are copied to your remote SFTP server or object-store.
  This property does not control when backups are taken. Local backups are taken at 55 minutes past the hour, and this property defines the schedule for transferring the most recent local backup to your remote SFTP server or object store. The format for the schedule is any valid cron string. The time zone for backups is that of the kube-controller-manager.
  
  Do not set the schedule to more frequently than once every hour.

What to do next

After your backup settings are configured in your analytics CR, take a new config backup to capture the updated CR settings and backup secrets.