DCAP Central Backup

DCAP Central supports backup of your data, config files and reports.

The backup can run in two ways:

  • If you have set up cloud storage, DCAP Central will automatically backup the config files and reports for you on a daily basis. The Configuration information will be encrypted using the passphrase provided during cloud setup.
  • Manual/schedule backup your system by running the backup script.

Manually backup your system

The default backup.conf file is set for backing up the system configuration. When cloud storage is set it is being used for the daily backup, therefore it is advised to use a different config file for other backups. In order to use a different config, create a copy of the backup.conf file using a different name (located at: /etc/sonar/backup.conf), and make sure you also copy the permissions, then make the required changes in the new copy. You can add DBs and/or collection to the default list.

The backup script is located at: /usr/lib/sonarw/sonarg-backup.py

Running the backup on the |product| server

The backup is designed to be run using the “sonarw” user.

To run the backup locally use:

$ sudo -u sonarw bash
$ cd      # move to the sonarw user home folder
$ python /usr/lib/sonarw/sonarg-backup.py --local

The backup also accepts additional options:

  • sonarg-backup.py [–conf_only –local –config_file=<full_path>, –backup_dir=<full_path>, –cloud_config]
  • sonarg-backup.py -h | –help

Options:

-h –help help screen

-c –conf_only make backup of configuration files and of data specified in your backup.conf

-l –local A flag to make a local backup, the host in backup.conf will be ignored

-f –config_file=<path> full path to config file to use for backup. default is /etc/sonar/backup.conf

-d –backup_dir=<path> full path to the target backup directory. default is the “backup_dir” in the backup config file.

-c –cloud_config backup (and encrypt) config files to cloud. Will also create a local copy of the backup directory

Once the backup process has finished, a backup directory is created: default is <sonarw_home>/backup where you can find all the backed up data.

Note: Previous backups are deleted from the backup directory upon a new backup creation.


Remote backup and scheduled backups

The instructions are for setting the backup from a remote machine that has access to the DCAP Central server.

  1. Download and install the SonarBackup package.

  2. Create a backup directory, make sure that sonarw user have full previliges to that directory, for example:

    sudo mkdir /sonarw-backup
    sudo chown -R sonarw.sonar /sonarw-backup
    
  3. Change to sonarw user and cd to its’ home directory (typically /var/lib/sonarw), for example:

    sudo su sonarw
    cd ~
    
  4. Create a ssh folder and generate ssh key pairs (skip if already exists), for example:

    mkdir ~sonarw/.ssh
    cd ~sonarw/.ssh
    ssh-keygen -N ""
    
  5. Copy ~sonarw/.ssh/id_rsa.pub from the backup machine to ~/sonarw/.ssh/authorized_keys on the DCAP Central node, for example:

    scp ~sonarw/.ssh/id_rsa.pub <your-user>@<SonarW-node-ip>:/tmp/
    
  6. On the DCAP Central node, add the content of the copied id_rsa.pub file to ~sonarw/.ssh/authorized_keys, for example:

    sudo su sonarw
    cd ~sonarw/.ssh (create .ssh folder if doesn't exist).
    cat /tmp/id_rsa.pub >> authorized_keys
    
  7. Make sure that ~sonarw/.ssh on the DCAP Central node is owned by sonarw.sonar and that ~sonarw/.ssh/authorized_keys permissions are 600, for example:

    sudo chown sonarw.sonar ~sonarw/.ssh/authorized_keys
    sudo chmod 600 ~sonarw/.ssh/authorized_keys
    
  8. Remove the temporary copy of id_rsa.pub from the DCAP Central node:

    rm /tmp/id_rsa.pub
    
  9. Set SonarW to accept access from the remote backup server

    Edit the file /etc/sonar/sonard.conf

    set the parameter:

    bind_ip = 127.0.0.1,<IP of backup server>
    

    Restart the sonard service on the DCAP Central node:

    $ sudo service sonard restart
    
  10. Set the input parameters described above in the backup.conf file

Config file parameters:
  • backup_dir: Full path of the local directory where the backups will be created
  • sonar_client_uri: URI used to create a client connection to SonarW on the DCAP Central node - for example mongodb://username:password@192.168.1.1:27117
  • server_host_uri: URI of the server host to be used for ssh access to the DCAP Central node - for example, sonarw@192.168.1.1
  • [DATABASES]: set the required Databases/collections to be backed up

Note: the default sonar_client_uri can only work when running on the DCAP Central node, for remote this parameter must be changed.

You can now run the backup without the “local” flag:

$ sudo -u sonarw bash
$ cd      # move to the sonarw user home folder
$ python /usr/lib/sonarw/sonarg-backup.py --conf_only --config_file=/etc/sonar/backup_2.conf --backup_dir=/data/sonar/backup

Scheduling backups

Backups can be scheduled using a standard cron job.

the job should be run with the sonarw user:

su -c "python /usr/lib/sonarw/sonarg-backup.py" sonarw

Reports backup

Running the backup in normal mode (i.e. not in config-only mode) will also backup all existing reports

When cloud storage is defined reports are also backed up daily to the cloud storage

Note: The retain policy for the cloud backed reports is different from the policy for local storage

  • Local storage retention is controlled by the “delete_days_interval” config parameter in the dispatcher.conf
  • Cloud storage retention is managed by the lifecycle policy associated with the “lmrm__sonarg_cloud_base” collection in the sonargd DB. By default there is none therefore reports will not be removed from the cloud storage