Backing up and restoring Vulnerability Advisor

By default, the Kafka and Zookeeper services, which are used by the Vulnerability Advisor (VA), are backed up to the storage class that is set during IBM Cloud Pak® for Multicloud Management installation.

Before you begin

If you want to back up to an alternative storage class, you must edit the ibm-management-vulnerability-advisor.datapipeline.kafka.persistence.storageClassName and ibm-management-vulnerability-advisor.datapipeline.zookeeper.persistence.storageClassName parameters during IBM Cloud Pak for Multicloud Management installation.

Important: You cannot change this parameter after installation is complete.


Backing up VA

You do not need to back up the VA. VA serves as a pipeline for data from Kafka and Zookeeper. Data that is lost from the Kafka and Zookeeper services is restored automatically when the services are restarted.

Restoring VA

If the administrator finds that the data in the security reports is not correct, or did not get updated, the administrator can restart the pods. Restarting the pods forces the pods to refresh the data.

For example, the administrator can list the VA pods, then restart them:

  1. List the VA pods by entering the following command:

    # oc get po -n management-security-services

    The command results in the following output:

    NAME                                                            READY   STATUS      RESTARTS   AGE
    ibm-vulnerability-advisor-operator-58f8ff5757-j5nrz             1/1     Running     0          2d23h
    vulnerability-advisor-compliance-annotator-6859bf499b-jqj44     1/1     Running     2          6d
    vulnerability-advisor-compliance-indexer-6cbc5d8bdf-f2mwc       1/1     Running     1          5d23h
    vulnerability-advisor-config-parser-84ffd4dc45-xfhgp            1/1     Running     1          6d
    vulnerability-advisor-kafka-0                                   1/1     Running     0          6d
    vulnerability-advisor-live-crawler-2zb8c                        1/1     Running     0          2d9h
    vulnerability-advisor-live-crawler-h4z5t                        1/1     Running     0          2d9h
    vulnerability-advisor-live-crawler-h5s6c                        1/1     Running     0          2d9h
    vulnerability-advisor-live-crawler-kl7w7                        1/1     Running     0          2d9h
    vulnerability-advisor-live-crawler-xhk9h                        1/1     Running     0          2d9h
    vulnerability-advisor-password-annotator-6449bd7494-2rxdx       1/1     Running     1          6d
    vulnerability-advisor-registry-crawler-69bf56f6bc-5n7wr         1/1     Running     0          3h16m
    vulnerability-advisor-rootkit-annotator-c59bbbfc8-k9fdl         1/1     Running     0          6d
    vulnerability-advisor-rootkit-indexer-774d944d44-krsbt          1/1     Running     2          5d23h
    vulnerability-advisor-sas-apiserver-748477457-hhk7s             4/4     Running     1          6d
    vulnerability-advisor-secconfig-annotator-6fcc6d84df-86658      1/1     Running     1          6d
    vulnerability-advisor-secconfig-indexer-567d558fd5-x4ng2        1/1     Running     2          5d23h
    vulnerability-advisor-statsd-f8999d9bb-mhzr9                    1/1     Running     0          6d
    vulnerability-advisor-usncrawler-risk-feed-96szf                0/1     Completed   1          5d23h
    vulnerability-advisor-va-policy-controller-7f95d5f488-7s228     1/1     Running     0          6d
    vulnerability-advisor-vulnerability-annotator-969759dd9-csllz   2/2     Running     1          5d23h
    vulnerability-advisor-vulnerability-indexer-8b68cc78b-vnf9h     1/1     Running     1          5d23h
    vulnerability-advisor-zookeeper-0                               1/1     Running     0          6d
  2. Restart the pods by entering the following command:

    oc delete po vulnerability-advisor-zookeeper-0 vulnerability-advisor-kafka-0 -n management-security-services

After a couple of minutes, the pods will restart and the Kafka and Zookeeper data is restored.