Log in as the root or NSP admin user on the NSP deployer host.

Open a console window.

If a common backup storage location is defined in the NSP configuration, go to Step 8.

Open the following file with a plain-text editor such as vi:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml

If the clusterProvider in the NSP configuration is set to ‘customer’ as shown below, perform one of the following.

  kubernetes:

      clusterProvider: "customer"

1. To use an existing PVC, perform the following steps:

   Note: The PVC must support ReadWriteMany semantics.

   1. Locate the section that begins with the following:

        kubernetes:

   2. Configure the following parameter in the section:

            rwxClass: "class"

      where class is the storage class

   3. Locate the section that begins with the following:

        backups:

   4. Configure the following parameter in the section:

              existingClaim: "store"

      where store is the name of the PVC store

2. To use an existing storage class that supports ReadWriteMany semantics, perform the following steps.

   1. Locate the section that begins with the following:

        backups:

   2. Configure the following parameters in the following subsection by adding the lines in boldface type:

            storage:

      create:

      storageClass: class

      capacity: size

      where

      class is the storage class

      size is the storage class capacity

If required, configure the backups to be stored on an NFS server.

1. Locate the section that begins with the following:

     backups:

2. Configure the following parameters in the following subsection:

           nfs:

             server: "server"

             path: "path"

   where

   server is the NFS server IP address

   path is the path of the exported file system on the server

If you made any changes to the nsp-config.yml file in Step 5 or Step 6, enter the following to apply the changes to the cluster:

Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the nspdeployerctl command, as shown in the following example, and are subsequently prompted for the root password of each cluster member:

nspdeployerctl --ask-pass install --config --deploy

# /opt/nsp/NSP-CN-DEP-release-ID/bin/nspdeployerctl install --config --deploy ↵

Enter the following:

# cd /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/database ↵

Enter one or more of the following, as required, to back up system data and databases:

Note: It is recommended that you back up all system data and databases.

Note: You must not proceed to the next step until each backup job is complete.

1. To back up the NSP Kubernetes etcd data:

   # ./nspos-db-backup-k8s.sh nsp-etcd backup_dir ↵

2. To back up the NSP file service data:

   # ./nspos-db-backup-k8s.sh nsp-file-service backup_dir ↵

3. To back up the NSP Neo4j database:

   # ./nspos-db-backup-k8s.sh nspos-neo4j backup_dir ↵

4. To back up the NSP PostgreSQL database:

   # ./nspos-db-backup-k8s.sh nspos-postgresql backup_dir ↵

5. To back up the NSP Solr database:

   # ./nspos-db-backup-k8s.sh nspos-solr backup_dir ↵

6. To back up the NSP Tomcat database:

   # ./nspos-db-backup-k8s.sh nsp-tomcat backup_dir ↵

7. To back up the cross-domain Tomcat database:

   # ./nspos-db-backup-k8s.sh nrcx-tomcat backup_dir ↵

where backup_dir is the directory in which to store the backup

The backup script displays messages like the following as a backup job proceeds:

---------------- BEGIN : Backing up database-backup ----------------

job.batch/backup_job created

timestamp LOG: Waiting for job backup_job at namespace namespace to finish...

timestamp LOG: backup done successfully

timestamp LOG: Removing job backup_job at namespace namespace

job.batch "backup_job" deleted

timestamp LOG: Job backup_job at namespace namespace deleted

----------------- END : Backing up database_backup -----------------

----------------- BEGIN : Fetching backup database -----------------

timestamp LOG: Fetching database backup from pod nsp-backup-storage-0 at namespace namespace

timestamp LOG: Latest database backup is database_backup_timestamp.tar.gz

tar: removing leading '/' from member names

timestamp LOG: Latest database backup fetched successfully

----------------- END : Fetching backup database -------------------

A backup filename has the following format:

database_backup_timestamp.tar.gz

where

database is the database name, for example, nspos-neo4j

timestamp is the start time of the database backup

Back up NSP Kubernetes secrets

Perform the following steps in each data center to back up the Kubernetes secrets.

1. Enter the following on the NSP deployer host:

   # cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵

2. Enter the following:

   # ./nspdeployerctl secret -o backup_file backup ↵

   where backup_file is the absolute path and name of the backup file to create

   As the secrets are backed up, messages like the following are displayed for each Kubernetes namespace:

   Backing up secrets to /opt/backupfile...

     Including secret namespace:ca-key-pair-external

     Including secret namespace:ca-key-pair-internal

     Including secret namespace:nsp-tls-store-pass

   When the backup is complete, the following prompt is displayed:

   Please provide an encryption password for backup_file

   enter aes-256-ctr encryption password:

3. Enter a password.

   The following prompt is displayed:

   Verifying - enter aes-256-ctr encryption password:

4. Re-enter the password.

   The backup file is encrypted using the password.

5. Record the password for use when restoring the backup.

6. Record the name of the data center associated with the backup.

7. Copy backup_file to backup_dir, which contains the backup files created in Step 9.

Safeguard backup files

Transfer the files in backup_dir to a secure location for safekeeping.

Note: It is strongly recommended that you transfer each backup file to a secure facility that is outside the local data center.

Close the console window.

End of steps