Backup & Restore

Backup

Using Remote Backup

Shield supports SFTP as a remote storage for backup files. Follow theses steps to define the backup settings in the system.

Create a dedicated account for this purpose. This account will be used to store the backup files and also to retrieve these files when restoring Shield.

On the SFTP server, create a SSH key. For more details, see here.

On the Rancher Server machine, download the custom-management file to the ericomshield folder:

curl -s -o custom-management.yaml https://raw.githubusercontent.com/EricomSoftwareLtd/Shield/Rel-19.07.1/Kube/scripts/custom-management.yaml

Edit the file to configure the SFTP account (backup path, SFTP server IP & username) and copy the SSH private key. (Missing settings are marked with <>):

remotePath: "<BACKUP_PATH>"
config: |
  rclone.conf: |
    [SFTPStorage]
    type = sftp
    host = <SFTP_SERVER_IP>
    user = <SFTP_USERNAME>
key:
    key_file.pem: |
    ----BEGIN RSA PRIVATE KEY-----
    <PRIVATE_KEY>
    ----END RSA PRIVATE KEY-----

Save the changes and deploy Shield, run:

./deploy-shield.sh

Note

When editing the yaml file it is important to avoid any redundant characters (e.g. blank spaces, tabs etc.). In addition, it is recommended to back up this file.

Using Local Backup

Backup files may be stored locally on Shield machines. On a multi machine system, several backups may exist on different machines and it is hard to tell which backup should be used in case a restore is needed. The best practice is to update the backup path to a specific folder. This folder can be a NFS folder or another local folder which is backed up on a regular basis.

To update the local backup path, follow these steps:

On the Rancher Server machine, download the custom-management file to the ericomshield folder:

curl -s -o custom-management.yaml https://raw.githubusercontent.com/EricomSoftwareLtd/Shield/Rel-19.07.1/Kube/scripts/custom-management.yaml

Edit the file to update the local backup path. Uncomment the localPath variable and set it to the designated path:

localPath: <SPECIFIC_FOLDER_PATH>

Save the changes and deploy Shield, run:

./deploy-shield.sh

Note

When editing the yaml file it is important to avoid any redundant characters (e.g. blank spaces, tabs etc.). In addition, it is recommended to back up this file.

Rancher Backup

It is highly recommended to backup the ~/rancher-store/ folder (of the Rancher Server machine) on a regular basis (to be used in case of Rancher Server failure).

Restore

Restore is performed automatically when required (e.g. system failure).

To perform a manual restore using a specific backup file, follow these steps:

1. Verify remote backup settings are configured properly (detailed above)

2. Place the selected backup file in the backup path on the SFTP server

3. In Rancher, look up all the nodes running with management label (shield-role/management=accept) and list them

   

4. Connect to the Linux machines (from the list) and remove ALL files located under the localPath defined in the custom-management.yaml (default: /home/ericom/shield/backup/). This step is required to remove all local backup and ensure the restore process is performed with the selected backup file.

5. In Rancher, click on the cluster and select Default under the cluster name

   

   Select Workloads and search for backup

   

   Select the mng-consul-backup deployment. The related pod is displayed. Select it and click Delete

   

   After this pod is deleted, the restore process is automatically initiated, this time using the selected backup file.