...
| Info |
|---|
The details for these commands is in Yarnman Photon Powered (YM-PH) - Deployment and InstallationInstallation and Upgrade Guide |
ym-set-static-ip.sh
| Code Block |
|---|
sudo ym-set-static-ip.sh |
ym-generate-certs.sh
| Code Block |
|---|
sudo ym-generate-certs.sh |
ym-install.sh
| Code Block |
|---|
sudo ym-install.sh |
Upgrade
| Note |
|---|
All yarnman upgrade commands need to be run with sudo |
...
| Info |
|---|
This command upgrades yarnman |
| Warning |
|---|
Take a vmware snapshot before starting the upgrade process |
Copy the upgrade file into /var/opt/yarnlab/upgrade eg wget http://xxxxxxxx or if Web access from Yarnman type wget https://yldev.blob.core.windows.net/yl-ph-staging-updates/<update file package name> or sftp/ftp/scp the file onto the server
SSH into the yarnman host and change into the directory /var/opt/yarnlab/upgrade run the command
| Info |
|---|
Note that you may need to rename the file to the following format if you ssh client cannot accept : ym-registry:package-upgrade-master-<version>-<build>.tar.gz i.e. ym-registry:package-upgrade-master-2.6.5-81d5809c.tar.gz |
run the command yarnman@host [ ~ ]$ sudo ym-upgrade.sh upgradefileym-registry:package-upgrade-master-2.6.5-81d5809c.tar.gz
| Code Block |
|---|
Yarnman Upgrade file found /var/opt/yarnlab/upgrade/ym-registry:package-upgrade-yl-ph-8023676b.tar.gz
Do you want to upgrade yarnman to ym-registry:package-upgrade-yl-ph-8023676b.tar.gz ? Y or Ny
Upgrade yarnman
Stopping yarnman services
Stopping local registry containers
Removing local registry images
Loading local registry package tgz
Loaded image: ym-registry:package
Launching yarnman registry
f39ac12322df9a3add72c0ad135e691c6fc3ca0fc7be463a5b4534b88e8e68e6
Loading upgrade pre-req script from registry container
Starting upgrade pre-req script
TEMP upgrade script
Setting up tang
groupadd: group 'ym-tang-app-gp' already exists
Showing package container registry catalog
{"repositories":["ym-couchdb","ym-ostree-upgrade","ym-redis","ym-tang","ym-yarnman"]}
{"name":"ym-ostree-upgrade","tags":["yl-ph-8023676b"]}
{"name":"ym-yarnman","tags":["yl-ph-8023676b"]}
[+] Running 2/4
*** lots of docker pull output ***
*** lots of ostree output ***
State: idle
Deployments:
photon:photon/4.0/x86_64/yarnman
Version: 4.0_yarnman (2022-11-16T23:54:09Z)
Commit: 9941830a095f3a8630eabca846414afa03a935e95462845f7e71cc17f8437438
GPGSignature: Valid signature by 352365935446AC840528AF8703F9C95608035F3C
Diff: 15 added
● photon:photon/4.0/x86_64/yarnman
Version: 4.0_yarnman (2022-11-14T04:04:13Z)
Commit: 7fe66e8afc639d7a006b60208b5981748426ef4487581924e897d69a7b7c87cd
GPGSignature: Valid signature by 352365935446AC840528AF8703F9C95608035F3C
Do you want to remove upgrade file ? Y or N
Removing :ym-registry:package-upgrade-yl-ph-n18-a23846af.tar.gz
Removing old containers
Removing old yarnman image :localhost:5000/ym-yarnman:yl-ph-n18-475aac7a
Removing old couchdb image :localhost:5000/ym-couchdb:yl-ph-n18-475aac7a
Removing old redis image :localhost:5000/ym-redis:yl-ph-n18-475aac7a
Removing old tang image :localhost:5000/ym-tang:yl-ph-n18-475aac7a
Do you want to reboot yarnman ? Y or N
Reboot yarnman |
| Note |
|---|
A reboot may be required to apply OS patches if they are bundled into the update. |
Service Commands
| Note |
|---|
All yarnman service commands need to be run with sudo |
| Note |
|---|
Ensure that the database upgrade is completed |
Service Commands
| Note |
|---|
All yarnman service commands need to be run with sudo |
ym-service-commands.sh start
...
| Code Block |
|---|
yarnman@yarnman-test [ ~ ]$ sudo ym-service-commands.sh restart
restarting yarnman.service
● yarnman.service - yarnman
Loaded: loaded (/usr/lib/systemd/system/yarnman.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-08-17 08:27:36 UTC; 6ms ago
Process: 63277 ExecStartPre=/usr/bin/docker-compose -f docker-compose.yml down (code=exited, status=0/SUCCESS)
Main PID: 63287 (docker-compose)
Tasks: 6 (limit: 4694)
Memory: 4.9M
CGroup: /system.slice/yarnman.service
└─63287 /usr/bin/docker-compose -f docker-compose.yml -f docker-compose-override.yml up --remove-orphans
Aug 17 08:27:36 yarnman-test systemd[1]: Starting yarnman...
Aug 17 08:27:36 yarnman-test docker-compose[63277]: yarnman Warning: No resource found to remove
Aug 17 08:27:36 yarnman-test systemd[1]: Started yarnman.
|
ym-service-commands.sh
...
reboot
| Info |
|---|
this command shows the systemd service statusreboots the yarnman appliance |
| Code Block |
|---|
yarnman@yarnman-test [ sudo ym-service-commands.sh reboot rebooting yarnman |
ym-service-commands.sh status
| Info |
|---|
this command shows the systemd service status |
| Code Block |
|---|
yarnman@yarnman-test [ ~ ]$ sudo ym-service-commands.sh status
● yarnman.service - yarnman
Loaded: loaded (/usr/lib/systemd/system/yarnman.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-08-17 08:29:13 UTC; 4s ago
Process: 67157 ExecStartPre=/usr/bin/docker-compose -f docker-compose.yml down (code=exited, status=0/SUCCESS)
Main PID: 67167 (docker-compose)
Tasks: 9 (limit: 4694)
Memory: 15.7M
CGroup: /system.slice/yarnman.service
└─67167 /usr/bin/docker-compose -f docker-compose.yml -f docker-compose-override.yml up --remove-orphans
Aug 17 08:29:14 yarnman-test docker-compose[67167]: ym-couchdb | [info] 2022-08-17T08:29:14.759420Z nonode@nohost <0.11.0> -------- Application ddoc_cache started on node nonode@nohost
Aug 17 08:29:14 yarnman-test docker-compose[67167]: ym-couchdb | [info] 2022-08-17T08:29:14.769878Z nonode@nohost <0.11.0> -------- Application global_changes started on node nonode@nohost
Aug 17 08:29:14 yarnman-test docker-compose[67167]: ym-couchdb | [info] 2022-08-17T08:29:14.769962Z nonode@nohost <0.11.0> -------- Application jiffy started on node nonode@nohost
Aug 17 08:29:14 yarnman-test docker-compose[67167]: ym-couchdb | [info] 2022-08-17T08:29:14.774590Z nonode@nohost <0.11.0> -------- Application mango started on node nonode@nohost
Aug 17 08:29:14 yarnman-test docker-compose[67167]: ym-couchdb | [info] 2022-08-17T08:29:14.779025Z nonode@nohost <0.11.0> -------- Application setup started on node nonode@nohost
Aug 17 08:29:14 yarnman-test docker-compose[67167]: ym-couchdb | [info] 2022-08-17T08:29:14.779045Z nonode@nohost <0.11.0> -------- Application snappy started on node nonode@nohost
Aug 17 08:29:15 yarnman-test docker-compose[67167]: ym-yarnman | 1660724955149 WARN Setting Default startup.
Aug 17 08:29:15 yarnman-test docker-compose[67167]: ym-couchdb | [notice] 2022-08-17T08:29:15.166800Z nonode@nohost <0.334.0> 144d89930f localhost:5984 127.0.0.1 undefined GET / 200 ok 70
Aug 17 08:29:16 yarnman-test docker-compose[67167]: ym-couchdb | [notice] 2022-08-17T08:29:16.252345Z nonode@nohost <0.335.0> 23ea8ef0ca localhost:5984 127.0.0.1 undefined GET / 200 ok 1
Aug 17 08:29:17 yarnman-test docker-compose[67167]: ym-couchdb | [notice] 2022-08-17T08:29:17.323062Z nonode@nohost <0.465.0> a377eb4c4c localhost:5984 127.0.0.1 undefined GET / 200 ok 0
|
...
| Info |
|---|
This command shows the tag thp used for setting up configuration encryption |
| Code Block |
|---|
yarnman@ym-ph-test [ ~ ]$ sudo ym-service-commands.sh tang-adv
9_CZiwV9PKBlQfehPKZO7cd5ZpM |
...
| Info |
|---|
This command updates jtapi for test_mate locally |
| Code Block |
|---|
PENDING |
ym-service-commands.sh
...
update-
...
yarnman-
...
database
| Code Block |
|---|
PENDING |
ym-service-commands.sh stig-hardening-run
| Code Block |
|---|
PENDING |
| Info |
|---|
This command runs a manual database update |
| Code Block |
|---|
sudo ym-service-commands.sh |
...
update- |
...
| Info |
|---|
This command provides yarnman-database
!! ommitted
1712036279860 INFO Yarnman database version record is currently at 2.6.6.
1712036279860 INFO Yarnman database version already updated to latest version 2.6.6 and is ready |
ym-service-commands.sh stig-hardening-check
| Code Block |
|---|
PENDING |
ym-service-commands.sh show-tech-support
| Info |
|---|
This command provides an overview of the system for yarnlab tech support |
...
| Info |
|---|
This command allocates 8vcpu and 16gb ram which is required for large wrangler_ migrations |
| Code Block |
| Note |
|---|
Note that this command does check if there are 8vCPU and 16vGB RAM present |
| Code Block |
|---|
sudo ym-edit-config.sh set-hw-8vcpu-16gb |
...
| Code Block |
|---|
sudo ym-edit-config.sh set-custom-motd |
Backup
ym-backup-setup.sh
Sets up the local backup service account on the yarnman node, and the passphrase used on the backup
...
refer to Yarnman Photon Powered (YM-PH) - Backup and Restore Guide
ym-backup-
...
| Note |
|---|
No login access is available to the backup service account |
ym-backup-actions.sh
all the backup commands are done via the script above
Setup sftp as the backup method and ssh public keys
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a sftp-user-setup
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = sftp-user-setup
RESTORECOMMIT =
RESTORE_IP =
RESTORE_PATH =
settting sftp mode
profile mode :yarnman-sftp
creating keys for ym-backup-user
public key for ssh/sftp
ssh-rsa ****LongStringForPubKey****
yarnman@node1 [ ~ ]$
|
Copy ssh pub key to sftp server
if ssh access is available to the SFTP server you can copy the ssh public key for login, otherwise provide the key to your SFTP Administrator.
| Code Block |
|---|
yarnman@node1 [ ~ ]$ su
Password:
yarnman@node1 [ /var/home/yarnman ]# sudo -u ym-backup-user ssh-copy-id -i /home/ym-backup-user/.ssh/id_rsa.pub sftpbackup@10.101.10.86
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ym-backup-user/.ssh/id_rsa.pub"
The authenticity of host '10.101.10.86 (10.101.10.86)' can't be established.
ED25519 key fingerprint is SHA256:****j7t+o1aQu5FoWlxS0uhKzCe414jt3****
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized uses only. All activity may be monitored and reported.
sftpbackup@10.101.10.86's password:
Number of key(s) added: 1
|
Setup SFTP destination for backup
the script will prompt for backup path, ip address and userid to the SFTP server
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a sftp-setup-connection
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = sftp-setup-connection
RESTORECOMMIT =
RESTORE_IP =
RESTORE_PATH =
settting sftp mode
profile mode :yarnman-sftp
SFTP config is /var/opt/yarnlab/backup/sftp
enter sftp infomation
SFTP Username: sftpbackup
SFTP Host: 10.101.10.86
SFTP backup directory Path i.e /srv/yarnman/backup: /home/sftpbackup/yarnman
sftp:yarnman@10.101.10.86:/home/sftpbackup/yarnman
yarnman@node1 [ ~ ]$ |
| Info |
|---|
you may be prompted for username/password if the SSH pub key hasn’t been added to the SFTP server, this is OK for the initial setup, however scheduled/automated backups will fail |
Check if backups exist at location
for first time configuration no backups will be available, nor a backup repository which will be setup in the next section.
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a snapshots
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = snapshots
RESTORECOMMIT =
RESTORE_IP =
RESTORE_PATH =
settting sftp mode
profile mode :yarnman-sftp
Checking snapshots for profile :yarnman-sftp
2023/08/11 04:41:34 profile 'yarnman-sftp': starting 'snapshots'
2023/08/11 04:41:34 unfiltered extra flags:
subprocess ssh: Authorized uses only. All activity may be monitored and reported.
Fatal: unable to open config file: Lstat: file does not exist
Is there a repository at the following location?
sftp:sftpbackup@10.101.10.86:/home/sftpbackup/yarnman
2023/08/11 04:41:34 snapshots on profile 'yarnman-sftp': exit status 1 |
Initialise the repository
the password used from the initial ym-backup-setup.sh will automatically be used
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a init
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = init
RESTORECOMMIT =
RESTORE_IP =
RESTORE_PATH =
settting sftp mode
profile mode :yarnman-sftp
Initialise backup for profile :yarnman-sftp
2023/08/11 04:43:57 profile 'yarnman-sftp': starting 'init'
2023/08/11 04:43:57 unfiltered extra flags:
created restic repository 7180598c67 at sftp:yarnman@10.101.10.86:/home/sftpbackup/yarnman
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
2023/08/11 04:44:00 profile 'yarnman-sftp': finished 'init'
yarnman@node1 [ ~ ]$ |
| Info |
|---|
Initialising can only be preformed once to a repository, an error will occur if it exists already. |
List backups (snapshots)
list all backups available , on a new repository this will be blank
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a snapshots
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = snapshots
RESTORECOMMIT =
RESTORE_IP =
RESTORE_PATH =
settting sftp mode
profile mode :yarnman-sftp
Checking snapshots for profile :yarnman-sftp
2023/08/11 04:44:19 profile 'yarnman-sftp': starting 'snapshots'
2023/08/11 04:44:19 unfiltered extra flags:
subprocess ssh: Authorized uses only. All activity may be monitored and reported.
repository 7180598c opened (version 2, compression level auto)
2023/08/11 04:44:20 profile 'yarnman-sftp': finished 'snapshots'
yarnman@node1 [ ~ ]$ |
| Info |
|---|
|
Manual Backup
preform a manual backup
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a backup
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = backup
RESTORECOMMIT =
RESTORE_IP =
RESTORE_PATH =
settting sftp mode
profile mode :yarnman-sftp
Running backup for profile :yarnman-sftp
2023/08/11 04:46:11 profile 'yarnman-sftp': starting 'backup'
2023/08/11 04:46:11 unfiltered extra flags:
subprocess ssh: Authorized uses only. All activity may be monitored and reported.
repository 7180598c opened (version 2, compression level auto)
lock repository
no parent snapshot found, will read all files
load index files
start scan on [/var/opt/yarnlab/yarnman/config /var/opt/yarnlab/couchdb/config /var/opt/yarnlab/couchdb/data /var/opt/yarnlab/couchdb/certs /var/opt/yarnlab/tang/db /var/opt/yarnlab/certs /var/opt/yarnlab/registry]
start backup on [/var/opt/yarnlab/yarnman/config /var/opt/yarnlab/couchdb/config /var/opt/yarnlab/couchdb/data /var/opt/yarnlab/couchdb/certs /var/opt/yarnlab/tang/db /var/opt/yarnlab/certs /var/opt/yarnlab/registry]
scan finished in 0.233s: 564 files, 5.211 MiB
Files: 564 new, 0 changed, 0 unmodified
Dirs: 348 new, 0 changed, 0 unmodified
Data Blobs: 404 new
Tree Blobs: 349 new
Added to the repository: 5.479 MiB (736.577 KiB stored)
processed 564 files, 5.211 MiB in 0:00
snapshot fa50ff98 saved
2023/08/11 04:46:12 profile 'yarnman-sftp': finished 'backup'
2023/08/11 04:46:12 profile 'yarnman-sftp': cleaning up repository using retention information
2023/08/11 04:46:12 unfiltered extra flags:
repository 7180598c opened (version 2, compression level auto)
Applying Policy: keep 3 daily, 1 weekly, 1 monthly snapshots and all snapshots with tags [[manual]] and all snapshots within 3m of the newest
snapshots for (host [node76-restore4], paths [/var/opt/yarnlab/certs, /var/opt/yarnlab/couchdb/certs, /var/opt/yarnlab/couchdb/config, /var/opt/yarnlab/couchdb/data, /var/opt/yarnlab/registry, /var/opt/yarnlab/tang/db, /var/opt/yarnlab/yarnman/config]):
keep 1 snapshots:
ID Time Host Tags Reasons Paths
-----------------------------------------------------------------------------------------------------------------
fa50ff98 2023-08-11 04:46:11 node1 ym-backup-sftp within 3m /var/opt/yarnlab/certs
daily snapshot /var/opt/yarnlab/couchdb/certs
weekly snapshot /var/opt/yarnlab/couchdb/config
monthly snapshot /var/opt/yarnlab/couchdb/data
/var/opt/yarnlab/registry
/var/opt/yarnlab/tang/db
/var/opt/yarnlab/yarnman/config
-----------------------------------------------------------------------------------------------------------------
1 snapshots
yarnman@node1 [ ~ ]$ |
Schedule
By default the schedule is setup to backup at 1am UTC every day, This can be modified in the config file with as the root user
| Code Block |
|---|
nano /var/opt/yarnlab/yarnman/config/ym-backup-config.yml |
| Code Block |
|---|
PENDING
Enable Schedule
sudo ym-backup-actions.sh -p sftp -a schedule
Disable Schedule
sudo ym-backup-actions.sh -p sftp -a unschedule
Check status of schedule
sudo ym-backup-actions.sh -p sftp -a status
|
Restore backup
To restore a snapshot to an existing node.
List the snapshots available as shown earlier to restore the required snapshot.
the restore script will create a Local backup before starting the restore in the event you need to rollback.
| Code Block |
|---|
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a restore -r fa50ff98
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = restore
RESTORECOMMIT = latest
BACKUP_IP =
BACKUP_PATH =
settting sftp mode
profile mode :yarnman-sftp
Restore backup for profile :yarnman-sftp
starting restore
Restore backup for profile :yarnman-sftp commit :latest
Are you sure you want to restore backup? Y or Ny
Restore Backup
subprocess ssh: Authorized uses only. All activity may be monitored and reported.
Backup nodeId's match
Stopping yarnman services
Removing exising configuration to prevent duplicates
Starting restic restore
2023/08/16 08:08:33 profile 'yarnman-sftp': finished 'restore'
Resetting permissions
Starting Database and Encryption services
[+] Creating 5/5
✔ Network yarnman_yl-yarnman Created 0.0s
✔ Container ym-redis Created 0.1s
✔ Container ym-couchdb Created 0.1s
✔ Container ym-tang Created 0.1s
✔ Container ym-yarnman Created 0.1s
[+] Running 1/1
✔ Container ym-couchdb Started 0.3s
[+] Running 1/1
✔ Container ym-tang Started
|
If you are restoring a node in a multi node deployment you will see an additional message of
| Code Block |
|---|
Checking number of admin nodes
number of admin nodes :x
Yarnman is in distributed mode
Check couchdb replication on other nodes is healthy and after 5 minutes reboot yarnman or run systemctl stop yarnman.service and systemctl start yarnman.service |
This is to allow replication to all nodes, to prevent any schedule jobs/ reports from rerunning from the last backup
Rebuild Disaster recovery
Pre-Req
Deploy new OVA with same version as the backup
Setup as a new install (eg Configure with ip, user/pass, generate certificates if prompted)
install yarnman
confirm can reach appadmin webpage, Do not Login or Accept the EULA as we will restore over this.
Setup backup to same repo for the node to be restored, Do Not initiate the repo or preform a backup
| Info |
|---|
A new SFTP/SSH key will be created, this will need to be added to the backups server for future automated backups to function again. interactive (user/pass) can be used for a restore , if the new ssh key can’t be added to the backup server at time of restore. |
| Note |
|---|
the Hostname doesn’t need to be the same as the restore backup, however any new backups will backup with the new hostname. If building with a different IP address, Replication will need to be adjusted to the new IP address as well as Clevin/Tang if setup. |
Run the following, Refer to previous detailed command instructions if required
| Code Block |
|---|
sudo ym-backup-setup.sh
sudo ym-backup-actions.sh -p sftp -a sftp-user-setup
as root user ; sudo -u ym-backup-user ssh-copy-id -i /home/ym-backup-user/.ssh/id_rsa.pub sftpbackup@10.101.10.86
sudo ym-backup-actions.sh -p sftp -a sftp-setup-connection
sudo ym-backup-actions.sh -p sftp -a snapshots
sudo ym-backup-actions.sh -p sftp -a restore -r xxxxx |
The restore script will warn we are restoring to a different node, Continue.
| Code Block |
|---|
yarnman@node79-restore [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a restore -r 5f13f62b
backup config found
PROFILE_NAME_VAR = sftp
ACTION_VAR = restore
RESTORECOMMIT = 5f13f62b
BACKUP_IP =
BACKUP_PATH =
settting sftp mode
profile mode :yarnman-sftp
Restore backup for profile :yarnman-sftp
starting restore
Restore backup for profile :yarnman-sftp commit :5f13f62b
Are you sure you want to restore backup? Y or Ny
Restore Backup
subprocess ssh: Authorized uses only. All activity may be monitored and reported.
Current Node Id is :arm_46b194ad3d374b7397fa14b1a3136d56
Backup Node Id is :arm_3110b0b79eb84bd899291d5e0d231009
Do you want to apply this backup that has different nodeId? Y or N
|
Follow instructions after the restore completes.
Alternate Manual Method (not recommended)
*** snapshot command doesnt work in manual mode yet, also requires sudo ym-backup-setup.sh to be run ?
| Code Block |
|---|
sudo ym-backup-actions.sh -p manual -a manual-sftp-snapshots -i 10.101.10.86 -k /home/sftpbackup/path/ |
...
actions.sh
refer to Yarnman Photon Powered (YM-PH) - Backup and Restore Guide
Advanced Configuration
ym-encrypt-at-rest.sh
...