Restoring a backup of Guardium Data Security Center
Restore your backup of Guardium Data Security Center to recover any lost data.
Before you begin
- Verify that the target system is in normal running status because the restore process can't recover a broken cluster.
- Verify that you have permission to access the backup files before you attempt to restore. To
check your permissions, run the following command:
chmod 777 -R <backup_directory>
Important: You cannot restore a backup from version 3.2.0 to
version 3.2.x. Instead, restore to version 3.2.0. Then, update from version 3.2.0 to version
3.2.x.
Procedure
What to do next
Use one of these methods to check the log files:
- To check one pod, issue this command:
oc logs --follow <pod>
- See <gdsc-backup-xxxx>/ backup-<timestamp>.log <gdsc-backup-xxxx>/restore-<timestamp>.log. These logs are in the PV under each directory for full backups.
Note: After restoring a backup to Guardium Data Security Center,
Guardium Data
Protection connections can become red and
data marts are not pulled from Guardium Data
Protection. This occurs rarely.
In addition, the
guard_filetransfer_log file may contain a Permission denied, please try
again
error.
To work around either of these issues, see Existing data mart pull configuration does not work in a restored environment.
Options for Guardium Data Security Center restore custom resource files
When you restore Guardium Data Security Center, you must employ a YAML custom resource (CR) file.
The CR file looks similar to this example:
apiVersion: gi.ds.isc.ibm.com/v1
kind: Restore
metadata:
name: insights
spec:
targetGIInstance: gi-sample
gi-restore:
insightsEnv:
# Directory name of a full backup in the pv attached.
# default to the most recent full backup
DATA_DIR: gi-backup-2021-10-28-1730
SYS_DEBUG: False
# This volumes section is optional, the sourceName will
# default to <value of targetGIInstance>-pvc-backup
volumes:
restore:
# Name of the PVC
sourceName: "whatever"
- The
targetGDSCinstance
must have the same name that was used in the CR file for backups. - If you don't specify a
DATA_DIR
, the system picks the most recent backups from the PV. - The
SYS_DEBUG
field defaults toFalse
. You can includeSYS_DEBUG: true
in theguardiumdatasecuritycenterEnv
section to pause the restore pod at the end of the restore process to review the log. - The self-created PVC for backups must be named
<value of targetGDSCInstance>-pvc-backup
, but the restore PV name can have any name if it contains valid Guardium Data Security Center full backups.