Configuring backups by using the CLI

Configure the backup and restore function by editing the custom resource (CR) definition for the orchestration instance. You can edit the CR definition from the OpenShift® CLI.

About this task

You can run two types of backup. The backup type that you run depends on which of these types of data you want to back up:
  • Orchestration data, such as assembly and resource packages. This data is stored in a cloud-native PostgreSQL database.
  • Application logging data, such as microservice logs. This data is stored in OpenSearch.

Aside from the wal settings, which apply only to orchestration data backups, the CR settings that you configure in this procedure apply to both types of backup.

Procedure

  1. Run the following command to edit the orchestration instance:
    oc edit orchestration <orchestration_instance_name>
  2. Find the backup section, and enter the information for the backup and restore function. The information to enter is shown in the following table:
    Table 1. Configuring backup and restore attributes
    Attribute Required Description
    bucketName Yes The name of the S3 bucket to contain the backup. The name of the S3 bucket to contain the backup in the following format:
    s3://bucket_name/path_to_folder
    For example: s3://cp4na-bucket/backup/v220/
    endpointURL Yes The URL to use to access the S3 storage.
    serverName No The S3 server name. If you omit this parameter, the cluster name is used.
    Restriction: If you specify a server name on S3 when you configure your orchestration backups, an unrecoverable error might occur when you attempt to restore orchestration backups from the PostgreSQL database. To avoid this known issue, do not specify a server name when you configure your orchestration backups.
    wal No The section for configuration of the PostgreSQL write-ahead log (WAL). If you require compression and encryption of the backup, use the wal section to configure them.
    compression No The type of compression to use on the backup. Use compression for larger backups. The following options are available:
    • gzip
    • bzip2

    encryption No The type of encryption to use on the backup. Server-side encryption must be enabled on the S3 bucket to use encryption. The following options are available:
    • AES256
    • aws:kms
    endpointCA No The section for configuration of the CA bundle of the S3 endpoint URL. Use this section if you want to use self-signed certificates to avoid errors with the certificate issuer. The secret must be created in the IBM® Cloud Pak for Network Automation namespace.
    key No The key that contains the CA certificate.
    name No The name of the secret that contains the CA certificate.
    retention No Use the settings in this section to specify how long to retain backups. If you don't define values for these settings, the backups are retained forever.
    postgres No Specify how long to retain backups of orchestration or PostgreSQL data. Specify this value in days. If you don't define a value for this setting, the backups of your orchestration data are retained forever.
    opensearch No Specify how long to retain backups of application logging or OpenSearch data. Specify this value in hours. If you don't define a value for this setting, the backups of your application logging data are retained forever.
    The following YAML section shows a sample backup section:
    backup:
      bucketName: "s3://cp4na-bucket/backup/v220/"
      endpointURL: "https://s3.us.cloud-object-storage.appdomain.cloud"
      serverName: "" # Optional
      wal:
         compression: "gzip" # Valid values are gzip and bzip2.
         encryption: "AES256" # Optional - valid values are AES256 and aws:kms. Server-side encryption must be enabled on the bucket.
      endpointCA: # Optional
         key: "cacer" # Private key to use to connect to the S3 endpoint URL.
         name: "cp4na-o-postgresql-endpointca-secret" # Name of the secret that contains the CA cert of the S3 endpoint.
      retention: # Optional
         postgres: "7d" # Number of days to retain orchestration backups.
         opensearch: "168h" # Number of hours to retain application logging backups.

What to do next

  • Back up the Vault keys for use in disaster recovery by running the following command:
    oc get secret -o yaml cp4na-o-vault-keys -n <cp4na_namespace> > /tmp/cp4na-o-vault-keys.yaml
  • Back up the orchestration CR for use in disaster recovery by running the following command:
    oc get orchestration <instance_name>  -o yaml > /tmp/orchestration-backup.yaml
    
    For example, run a command like this to back up the orchestration CR for the instance name that is called default:
    oc get orchestration default -o yaml > /tmp/orchestration-backup.yaml
    
    Important: If you modify the orchestration CR settings, then you must back up the orchestration CR.
  • Make sure to store the Vault key and the orchestration CR backup in a secure location.