Skip to main content
Version: Latest

Integration with the a9s Backup Manager

An a9s-pg backup can be handled by the a9s Backup Manager in the same way the backup of Service Instances are. This provides an easy way to control the retention of all backups, and unifies the way an operator triggers a backup.

Limitations

Since a9s-pg is the main database for the a9s Backup Manager and all Data Services around anynines-deployment, the consistency of the backup information of a9s-pg is not guaranteed. Specifically:

  • Restores of a9s-pg can not be stored in the database. See below for more details.
  • All backups that have been triggered after the backup that is restored are no longer known to the database.
info

It is currently not possible to perform a restore for a9s-pg using the a9s Backup Manager, as the a9s-pg hosts the backup & restore data of the a9s Backup Manager itself. Even in cases when the restore is intended for a fresh deployment, the a9s Backup Manager does not currently support the scenario.

For information on how to restore an existing backup for a9s-pg, please see the Manual Logical Backup Recovery page.

Running Backups

warning

In order to download and restore backups, it is necessary to setup an encryption key which must be stored securely. This is crucial in the case of a9s-pg, because without it no Logical Recovery is possible.

Therefore, it is strongly advised that the encryption key is stored securely, and that it is available when needed.

Prerequisites

  • Get Credentials for the backup-service from CredHub

    $ credhub get -n /backup_manager_password
    id: bb6af4e4-ab35-45d5-8180-4c03ac82164e
    name: /backup_manager_password
    type: password
    value: <PASSWORD>
    version_created_at: "2017-09-04T15:35:04Z"

  • Ensure you have the URL of the backup-manager VM. In our example it is backup-manager.service.dc1.consul:3000. You can also use the IP address of the VM given by bosh vms -d backup-service.

Set the Backup Encryption Key Manually via Backup Manager API

It is possible to set the encryption key using an API endpoint of the a9s Backup Manager.

url="http://admin:<PASSWORD>@<URL>:3000/instances/a9s-pg"

$ curl -X PUT
  --header 'Content-Type: application/json' "${url}"
  --data '{"encryption_key":"my-encryption-key", "credentials_updated_by_user":true}'
=> {"message":"instance updated"}

After the encryption key is set, you may trigger a new backup.

$ curl -X POST
  --header 'Content-Type: application/json' "${url}/backups"
=> {"id":11,"message":"job to backup is queued"}

# check the status of the backup (can be queued, running, done, failed, deleted):
$ curl "${url}/backups/11"
=> {"id":11,"size":272,"status":"done","triggered_at":"2022-04-12T12:00:31.047Z","finished_at":"2022-04-12T12:00:50.478Z","downloadable":true}

Trigger a Backup

Curl the backup_agent/backup API endpoint of the a9s Backup Manager.

$ curl http://admin:<PASSWORD>@<URL>:3000/backup_agent/backup -H 'Content-Type: application/json' -d '{"instance_guid": "a9s-pg"}'
{"id": 148,"message":"job to backup is queued"}

You can get the state of the backup by curling the instances/a9s-pg endpoint of the backup manager.

$ curl admin:<PASSWORD>@<URL>:3000/instances/a9s-pg | json_pp
{
  "backups": [
    {
      "backup_agent_task": {
        "msg": null,
        "updated_at": "2018-11-22T04:01:28.853Z",
        "created_at": "2018-11-22T04:00:15.718Z",
        "status": "done",
        "task_id": 148,
        "id": 156
      },
      "is_downloadable": false,
      "size": 44985152,
      "backup_id": "a9s-pg-1542859215559",
      "instance_id": 38,
      "id": 148
    }
  ],
  "restores": [],
  "guid": "99a44eaf-a310-4952-97d7-72492f989d0a",
  "instance_id": "a9s-pg",
  "id": 38
}

The status flag "backups.backup_agent_task.status" can have the values

  • "done" when the backup is finished
  • "running" when the backup is running
  • "queued" while the backup is only queued
  • "failed" once the backup failed
  • "deleted" when the backup has been deleted.