Backup and restore#
The full cluster backup is composed by configuration and applications data.
Access the Backup
page to manage the backup and restore.
Backup repository#
First, you will need to configure a backup repository where the data will be saved. A backup repository keeps all backup data encrypted using restic engine.
Access the Backup
page, click on Add repository button and choose a provider.
Currently supported providers are:
Generic S3, like MinIO
Windows file share, through SMB2/3 protocols
Local storage, attached to a node of the cluster
Fill in the required fields depending on the chosen provider.
A new encryption key will be automatically created for new repositories.
If you are accessing a repository which already contains a NS8 backup, remember also to enter
the Repository password
under the Advanced
section.
Local storage#
If you want to store backup data in a locally attached storage, like an external USB disk or similar, follow this procedure:
Format the disk with a supported filesystem, for example XFS:
mkfs.xfs /dev/disk/by-id/some-disk-id
Create a Podman volume named
backup00
for it:podman volume create \ --label org.nethserver.role=backup \ --opt=device=/dev/disk/by-id/some-disk-id \ --opt=o=noatime \ backup00
Configure the
rclone-webdav.service
unit to use that volume:echo BACKUP_VOLUME=backup00 > /var/lib/nethserver/node/state/rclone-webdav.env
Restart the service. The disk is mounted automatically:
systemctl restart rclone-webdav.service
Note
The disk is unmounted when the
rclone-webdav
service is stoppedRemove the default volume used by the service, because it is no longer used. Existing content will be lost:
podman volume rm rclone-webdav
Application backup#
Once at least one repository has been configured, you can schedule the backup of existing applications:
click on Schedule backup button
select which application instances should be added to the backup
choose one backup repository
setup day and time of the backup and the retention policy
enter a name of the backup
save the configuration by clicking the Schedule backup button
Whenever you want to manually execute the backup, click the Run backup now
item from the three-dots menu of the scheduled backup.
To add more instances to an existing backup, click the Edit
item from the three-dots menu of the scheduled backup.
Application restore#
You can restore an application only if there is at least one repository configured:
click on the Restore an app button.
a dialog box will list all applications inside the existing backup, select the application you want to restore
as default the restore procedure will create a new instance, if you want to replace the existing one select the
Replace existing app
optionselect the target node
click on the Restore button
Cluster backup#
The cluster configuration backup contains all required data to execute a Disaster recovery. It is a compressed JSON file encrypted with GPG.
The first time Backup
page is accessed an encryption password must be
set and stored in a safe place. A new encryption password is needed also
after a new leader node is elected (see Promote a node to leader).
To download the cluster configuration backup, click on Download cluster backup button under
the Cluster configuration
section of the Backup
page.
Please, download the cluster configuration backup and keep it on a safe place.
In addition, the cluster configuration backup is automatically copied to the designated repository each time a scheduled operation occurs. This ensures that the repository holds up-to-date backups of both your data and the specific cluster setup, including all its configurations.
Note
In case you lose the configuration backup, you can still restore applications to another cluster only if you know the encryption password of the backup repository.
To inspect the content of the backup use the following command, where <pass>
is the encryption password
entered before the download:
echo <pass> | gpg --batch --passphrase-fd 0 --decrypt backup.json.gz.gpg | gunzip | jq
Disaster recovery#
You can restore a previously configured cluster using the disaster recovery procedure. To follow this procedure you will need a a cluster configuration backup:
install a new cluster and login using default credentials
change the default administrator password
click on Restore cluster
you can now choose whether to restore a cluster configuration hosted on a remote HTTP server or upload the backup from your browser
if on step 2 you entered the same password of the old cluster, the system will automatically decrypt the configuration backup; otherwise enter the encryption secret inside the
Backup password
fieldselect the applications to restore