Storing a Local Backup File
This page describes how to manually store a backup file in case a local copy is needed.
Known Issues
Every backup is encrypted by the a9s Backup Agent using the OpenSSL library which is shipped with the underlying stemcell. A backup can only be decrypted with the same OpenSSL version, that was earlier used to encrypt it. Therefore, special caution is required when migrating to a new stemcell version as backups encrypted on a earlier version cannot be decrypted with the default OpenSSL version shipped with the new stemcell.
This table provides an overview on the default OpenSSL versions shipped with each stemcell:
| Stemcell | OpenSSL version |
|---|---|
| below Ubuntu-Bionic | 1.0.x |
| Ubuntu-Bionic (Ubuntu 18.04). | 1.1.x |
| Ubuntu-Jammy (Ubuntu 22.04) and above | 3.0.x |
Create and Download Backup File
By default, backup files are encrypted with a secret key. That secret key is generated by the a9s Backup Manager.
To be able to download the backup, the user has to set up an encryption key.
To set up an encryption key and download the backup, you can follow these steps: Download a Backup.
Decrypting Backup Files
You can decrypt a backup file with the openssl program.
Use the following command:
cat <encrypted-backup-file> | openssl enc -aes256 -md md5 -d -pass 'pass:<encryption-key>' > <decrypted-backup-file>.gz
The file will still be compressed, so you will need to decompress it:
cat <decrypted-backup-file>.gz | gunzip -c > <backup-file-name>
Every service creates the backup according to its architecture (single vs cluster) and backup type (logical, continuous archiving etc).
Each service provides tools that handle the data by itself. For this reason, the output of this command can be a still zipped file, POSIX tar archive, a binary file, or a plain text file.
To know how to proceed, click the service below for more details:
You can also check the header of the file to decide how to decompress it.
file <backup-file-name>
| Output | Archive-Type | How to extract |
|---|---|---|
POSIX tar archive (GNU) | tar-archive | tar -xvf <backup-file-name> |
gzip compressed data | gzip-file | gunzip <backup-file-name> |
data | - | It's ready to use as plain text data or as binary. |
Be careful here, since the output of this command can be multiple files.
At this point, you will have your local backup ready to be manually restored in another place.