/
Yarnman Photon Powered (YM-PH) - Backup and Restore Guide

Yarnman Photon Powered (YM-PH) - Backup and Restore Guide

Backup

ym-backup-setup.sh

Sets up the local backup service account on the yarnman node, and the passphrase used on the backup
yarnman@node1 [ ~ ]$ sudo ym-backup-setup.sh Starting yarnman ph4 backup Backup password not set Set Backup password: Backup password (again): Clevis not setup using local backup password no backup configuration file found creating yarnman@node1 [ ~ ]$

No login access is available to the backup service account

ym-backup-actions.sh

all the backup commands are done via the script above

Setup sftp as the backup method and ssh public keys
yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a sftp-user-setup backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = sftp-user-setup RESTORECOMMIT = RESTORE_IP = RESTORE_PATH = settting sftp mode profile mode :yarnman-sftp creating keys for ym-backup-user public key for ssh/sftp ssh-rsa ****LongStringForPubKey**** yarnman@node1 [ ~ ]$
Copy ssh pub key to sftp server

if ssh access is available to the SFTP server you can copy the ssh public key for login, otherwise provide the key to your SFTP Administrator.

yarnman@node1 [ ~ ]$ su Password: yarnman@node1 [ /var/home/yarnman ]# sudo -u ym-backup-user ssh-copy-id -i /home/ym-backup-user/.ssh/id_rsa.pub sftpbackup@10.101.10.86 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ym-backup-user/.ssh/id_rsa.pub" The authenticity of host '10.101.10.86 (10.101.10.86)' can't be established. ED25519 key fingerprint is SHA256:****j7t+o1aQu5FoWlxS0uhKzCe414jt3**** This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Authorized uses only. All activity may be monitored and reported. sftpbackup@10.101.10.86's password: Number of key(s) added: 1
Setup SFTP destination for backup

the script will prompt for backup path, ip address and userid to the SFTP server

yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a sftp-setup-connection backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = sftp-setup-connection RESTORECOMMIT = RESTORE_IP = RESTORE_PATH = settting sftp mode profile mode :yarnman-sftp SFTP config is /var/opt/yarnlab/backup/sftp enter sftp infomation SFTP Username: sftpbackup SFTP Host: 10.101.10.86 SFTP backup directory Path i.e /srv/yarnman/backup: /home/sftpbackup/yarnman sftp:yarnman@10.101.10.86:/home/sftpbackup/yarnman yarnman@node1 [ ~ ]$

you may be prompted for username/password if the SSH pub key hasn’t been added to the SFTP server, this is OK for the initial setup, however scheduled/automated backups will fail

Check if backups exist at location

for first time configuration no backups will be available, nor a backup repository which will be setup in the next section.

yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a snapshots backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = snapshots RESTORECOMMIT = RESTORE_IP = RESTORE_PATH = settting sftp mode profile mode :yarnman-sftp Checking snapshots for profile :yarnman-sftp 2023/08/11 04:41:34 profile 'yarnman-sftp': starting 'snapshots' 2023/08/11 04:41:34 unfiltered extra flags: subprocess ssh: Authorized uses only. All activity may be monitored and reported. Fatal: unable to open config file: Lstat: file does not exist Is there a repository at the following location? sftp:sftpbackup@10.101.10.86:/home/sftpbackup/yarnman 2023/08/11 04:41:34 snapshots on profile 'yarnman-sftp': exit status 1
Initialise the repository

the password used from the initial ym-backup-setup.sh will automatically be used

yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a init backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = init RESTORECOMMIT = RESTORE_IP = RESTORE_PATH = settting sftp mode profile mode :yarnman-sftp Initialise backup for profile :yarnman-sftp 2023/08/11 04:43:57 profile 'yarnman-sftp': starting 'init' 2023/08/11 04:43:57 unfiltered extra flags: created restic repository 7180598c67 at sftp:yarnman@10.101.10.86:/home/sftpbackup/yarnman Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. 2023/08/11 04:44:00 profile 'yarnman-sftp': finished 'init' yarnman@node1 [ ~ ]$

Initialising can only be preformed once to a repository, an error will occur if it exists already.

List backups (snapshots)

list all backups available , on a new repository this will be blank

yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a snapshots backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = snapshots RESTORECOMMIT = RESTORE_IP = RESTORE_PATH = settting sftp mode profile mode :yarnman-sftp Checking snapshots for profile :yarnman-sftp 2023/08/11 04:44:19 profile 'yarnman-sftp': starting 'snapshots' 2023/08/11 04:44:19 unfiltered extra flags: subprocess ssh: Authorized uses only. All activity may be monitored and reported. repository 7180598c opened (version 2, compression level auto) 2023/08/11 04:44:20 profile 'yarnman-sftp': finished 'snapshots' yarnman@node1 [ ~ ]$

repository 7180598c opened (version 2, compression level auto) indicating a valid backup location

Manual Backup

preform a manual backup

yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a backup backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = backup RESTORECOMMIT = RESTORE_IP = RESTORE_PATH = settting sftp mode profile mode :yarnman-sftp Running backup for profile :yarnman-sftp 2023/08/11 04:46:11 profile 'yarnman-sftp': starting 'backup' 2023/08/11 04:46:11 unfiltered extra flags: subprocess ssh: Authorized uses only. All activity may be monitored and reported. repository 7180598c opened (version 2, compression level auto) lock repository no parent snapshot found, will read all files load index files start scan on [/var/opt/yarnlab/yarnman/config /var/opt/yarnlab/couchdb/config /var/opt/yarnlab/couchdb/data /var/opt/yarnlab/couchdb/certs /var/opt/yarnlab/tang/db /var/opt/yarnlab/certs /var/opt/yarnlab/registry] start backup on [/var/opt/yarnlab/yarnman/config /var/opt/yarnlab/couchdb/config /var/opt/yarnlab/couchdb/data /var/opt/yarnlab/couchdb/certs /var/opt/yarnlab/tang/db /var/opt/yarnlab/certs /var/opt/yarnlab/registry] scan finished in 0.233s: 564 files, 5.211 MiB Files: 564 new, 0 changed, 0 unmodified Dirs: 348 new, 0 changed, 0 unmodified Data Blobs: 404 new Tree Blobs: 349 new Added to the repository: 5.479 MiB (736.577 KiB stored) processed 564 files, 5.211 MiB in 0:00 snapshot fa50ff98 saved 2023/08/11 04:46:12 profile 'yarnman-sftp': finished 'backup' 2023/08/11 04:46:12 profile 'yarnman-sftp': cleaning up repository using retention information 2023/08/11 04:46:12 unfiltered extra flags: repository 7180598c opened (version 2, compression level auto) Applying Policy: keep 3 daily, 1 weekly, 1 monthly snapshots and all snapshots with tags [[manual]] and all snapshots within 3m of the newest snapshots for (host [node76-restore4], paths [/var/opt/yarnlab/certs, /var/opt/yarnlab/couchdb/certs, /var/opt/yarnlab/couchdb/config, /var/opt/yarnlab/couchdb/data, /var/opt/yarnlab/registry, /var/opt/yarnlab/tang/db, /var/opt/yarnlab/yarnman/config]): keep 1 snapshots: ID Time Host Tags Reasons Paths ----------------------------------------------------------------------------------------------------------------- fa50ff98 2023-08-11 04:46:11 node1 ym-backup-sftp within 3m /var/opt/yarnlab/certs daily snapshot /var/opt/yarnlab/couchdb/certs weekly snapshot /var/opt/yarnlab/couchdb/config monthly snapshot /var/opt/yarnlab/couchdb/data /var/opt/yarnlab/registry /var/opt/yarnlab/tang/db /var/opt/yarnlab/yarnman/config ----------------------------------------------------------------------------------------------------------------- 1 snapshots yarnman@node1 [ ~ ]$
Schedule

By default the schedule is setup to backup at 1am UTC every day, This can be modified in the config file with as the root user

nano /var/opt/yarnlab/yarnman/config/ym-backup-config.yml
PENDING Enable Schedule sudo ym-backup-actions.sh -p sftp -a schedule Disable Schedule sudo ym-backup-actions.sh -p sftp -a unschedule Check status of schedule sudo ym-backup-actions.sh -p sftp -a status
Restore backup

To restore a snapshot to an existing node.

List the snapshots available as shown earlier to restore the required snapshot.

the restore script will create a Local backup before starting the restore in the event you need to rollback.

yarnman@node1 [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a restore -r fa50ff98 backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = restore RESTORECOMMIT = latest BACKUP_IP = BACKUP_PATH = settting sftp mode profile mode :yarnman-sftp Restore backup for profile :yarnman-sftp starting restore Restore backup for profile :yarnman-sftp commit :latest Are you sure you want to restore backup? Y or Ny Restore Backup subprocess ssh: Authorized uses only. All activity may be monitored and reported. Backup nodeId's match Stopping yarnman services Removing exising configuration to prevent duplicates Starting restic restore 2023/08/16 08:08:33 profile 'yarnman-sftp': finished 'restore' Resetting permissions Starting Database and Encryption services [+] Creating 5/5 ✔ Network yarnman_yl-yarnman Created 0.0s ✔ Container ym-redis Created 0.1s ✔ Container ym-couchdb Created 0.1s ✔ Container ym-tang Created 0.1s ✔ Container ym-yarnman Created 0.1s [+] Running 1/1 ✔ Container ym-couchdb Started 0.3s [+] Running 1/1 ✔ Container ym-tang Started

If you are restoring a node in a multi node deployment you will see an additional message of

Checking number of admin nodes number of admin nodes :x Yarnman is in distributed mode Check couchdb replication on other nodes is healthy and after 5 minutes reboot yarnman or run systemctl stop yarnman.service and systemctl start yarnman.service

This is to allow replication to all nodes, to prevent any schedule jobs/ reports from rerunning from the last backup

Rebuild Disaster recovery

Pre-Req

  • Deploy new OVA with same version as the backup

  • Setup as a new install (eg Configure with ip, user/pass, generate certificates if prompted)

  • install yarnman

  • confirm can reach appadmin webpage, Do not Login or Accept the EULA as we will restore over this.

  • Setup backup to same repo for the node to be restored, Do Not initiate the repo or preform a backup

A new SFTP/SSH key will be created, this will need to be added to the backups server for future automated backups to function again. interactive (user/pass) can be used for a restore , if the new ssh key can’t be added to the backup server at time of restore.

the Hostname doesn’t need to be the same as the restore backup, however any new backups will backup with the new hostname.

If building with a different IP address, Replication will need to be adjusted to the new IP address as well as Clevin/Tang if setup.

Run the following, Refer to previous detailed command instructions if required

sudo ym-backup-setup.sh sudo ym-backup-actions.sh -p sftp -a sftp-user-setup as root user ; sudo -u ym-backup-user ssh-copy-id -i /home/ym-backup-user/.ssh/id_rsa.pub sftpbackup@10.101.10.86 sudo ym-backup-actions.sh -p sftp -a sftp-setup-connection sudo ym-backup-actions.sh -p sftp -a snapshots sudo ym-backup-actions.sh -p sftp -a restore -r xxxxx

The restore script will warn we are restoring to a different node, Continue.

yarnman@node79-restore [ ~ ]$ sudo ym-backup-actions.sh -p sftp -a restore -r 5f13f62b backup config found PROFILE_NAME_VAR = sftp ACTION_VAR = restore RESTORECOMMIT = 5f13f62b BACKUP_IP = BACKUP_PATH = settting sftp mode profile mode :yarnman-sftp Restore backup for profile :yarnman-sftp starting restore Restore backup for profile :yarnman-sftp commit :5f13f62b Are you sure you want to restore backup? Y or Ny Restore Backup subprocess ssh: Authorized uses only. All activity may be monitored and reported. Current Node Id is :arm_46b194ad3d374b7397fa14b1a3136d56 Backup Node Id is :arm_3110b0b79eb84bd899291d5e0d231009 Do you want to apply this backup that has different nodeId? Y or N

Follow instructions after the restore completes.

Alternate Manual Method (not recommended)

*** snapshot command doesnt work in manual mode yet, also requires sudo ym-backup-setup.sh to be run ?

sudo ym-backup-actions.sh -p manual -a manual-sftp-snapshots -i 10.101.10.86 -k /home/sftpbackup/path/
sudo ym-backup-actions.sh -p manual -a manual-sftp-restore -i 10.101.10.86 -k /home/sftpbackup/path/ -r xxxxx

Related content