Enabling External Blobstore Backups

Page last updated:

This topic provides instructions for enabling external blobstore backups in your Pivotal Elastic Runtime tile.

BOSH Backup and Restore (BBR) supports versioned and unversioned S3 or S3-compatible blobstores and Azure blobstores. For more information, see Backup and Restore for External Blobstores in the open-source Cloud Foundry documentation.

Note: To enable external blobstore backups for Elastic Runtime, the Backup Prepare Node must be enabled. See Enable Backup Prepare Node in Backing Up Pivotal Cloud Foundry with BBR.

Note: The instructions below require the BOSH Command Line Interface (CLI) v2+. For more information, see Install in the BOSH documentation.

External Blobstore Support

External blobstore backup support varies based on which version of Ops Manager you are running and what type of blobstore you are backing up.

In some cases, external blobstore support is included in the version of Ops Manager you are using. In other cases, installing Blobstore Add-On is required.

Refer to the table below to determine if external blobstore support is included in the version of Ops Manager you are using.

This chart shows whether Blobstore Add-On is required for backing up external blobstores.

Versioned S3 or S3-Compatible Blobstores

For information about configuring a versioned S3 or S3-compatible blobstore for backups and installing Blobstore Add-On, see the following sections:

Note: If you enable versioned S3 or S3-compatible external blobstore backups and you want to upgrade to Pivotal Application Service (PAS) v2.1, you must remove s3-versioned-blobstore-backup-restorer from your runtime configuration before upgrading.

Configure a Versioned S3 or S3-Compatible Blobstore for Backups

To configure a versioned S3 or S3-compatible blobstore for backups, do the following:

  1. Enable versioning. For more information, see Enable Versioning on Your S3 or S3-Compatible Blobstore in the open-source Cloud Foundry documentation.

  2. (Recommended) Enable cross-region replication for your buckets. For more information, see Enable Replication on Your Versioned S3 or S3-Compatible Blobstore in the open-source Cloud Foundry documentation.

  3. (Recommended) Include a lifecycle policy rule. This ensures non-current versions are deleted after a period of time. For an example of a lifecycle policy rule, see Specifying a Lifecycle Rule for a Versioning-Enabled Bucket in the AWS documentation.

Install Blobstore Add-On

To enable BBR to back up and restore a Pivotal Elastic Runtime installation that uses a versioned S3 or S3-compatible blobstore, you must install Blobstore Add-On.

To install Blobstore Add-On, follow the instructions below:

  1. On the Ops Manager Installation Dashboard, click the Pivotal Elastic Runtime tile.

  2. From the URL in the address bar, record the deployment name of your Elastic Runtime. The name begins with cf.

    For example, in https://pcf.example.com/products/cf-3247176589a379f246d1, the deployment name is cf-3247176589a379f246d1.

  3. Navigate to the Ops Manager Installation Dashboard and click the Ops Manager Director tile.

  4. In the Ops Manager Director tile, select the Credentials tab.

  5. Locate Director Credentials and click the corresponding Link to Credentials. Record the identity and password.

  6. Select the Status tab. Record the IP address of your BOSH Director.

  7. From the BOSH Backup and Restore page in Pivotal Network, download the latest version of Blobstore Add-On.

  8. To copy the release archive to your Ops Manager instance, run the following command:

    scp -i PATH-TO-PRIVATE-KEY backup-and-restore-sdk-addon-SEMVER.tar.gz ubuntu@YOUR-OPS-MANAGER-VM-IP:~
    

    Where:

    • PATH-TO-PRIVATE-KEY is the path to your Ops Manager private key.
    • SEMVER is the semantic version of the add-on that you downloaded in the previous step.
    • YOUR-OPS-MANAGER-VM-IP is the IP address of your Ops Manager VM.
  9. SSH into the Ops Manager instance by following the instructions in SSH into Ops Manager VM.

  10. In the Ops Manager VM, authenticate with your BOSH Director by following the instructions in Log in to the BOSH Director. Use the Director Credentials and Director IP address that you recorded in previous steps.

  11. To upload the release that you downloaded from Pivotal Network, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate upload-release backup-and-restore-sdk-addon-SEMVER.tar.gz
    

    Where:

    • BOSH-DIRECTOR-IP is the IP address of your BOSH Director.
    • SEMVER is the semantic version of the add-on that you are uploading.
  12. To confirm that the release upload has succeeded, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate releases
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    You should see a backup-and-restore-sdk-addon-SEMVER entry.

  13. To download your current runtime configuration and save it as a file named runtime-config.yml, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate runtime-config > runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    If you receive an error message that references a missing runtime configuration, create an empty file and save it as runtime-config.yml.

  14. Append the following to the releases section of your runtime-config.yml file:

    releases:
    # Append the below to the list of releases:
    - name: backup-and-restore-sdk-addon
      version: RELEASE-VERSION
    

    Where RELEASE-VERSION is the release version.

  15. Append the following to the addons section of your runtime-config.yml file:

    addons:
    # Append the below to the list of addons:
    - name: sdk-preview
      jobs:
      - name: s3-versioned-blobstore-backup-restorer
        release: backup-and-restore-sdk-addon
        properties:
          enabled: true
          buckets:
            droplets:
              name: NAME-OF-DROPLETS-BUCKET
              region: REGION-OF-DROPLETS-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
            packages:
              name: NAME-OF-PACKAGES-BUCKET
              region: REGION-OF-PACKAGES-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
            buildpacks:
              name: NAME-OF-BUILDPACKS-BUCKET
              region: REGION-OF-BUILDPACKS-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
      include:
        deployments:
        - ELASTIC-RUNTIME-DEPLOYMENT-NAME
        jobs:
        - name: mysql-backup
          release: cf-backup-and-restore
    

    Replace the placeholder text as follows:

    • In the droplets, packages, and buildpacks section, replace the text with the values configured in Ops Manager.
    • In the include section, replace the text with the Elastic Runtime deployment name that you recorded in a previous step.
  16. To complete updating the runtime configuration, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate update-runtime-config runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

  17. Navigate to your Ops Manager Installation Dashboard and click Apply Changes.

Unversioned S3 or S3-Compatible Blobstores

For information about configuring an unversioned S3 or S3-compatible blobstore for backups and installing Blobstore Add-On, see the following sections:

Note: If you enable unversioned S3 or S3-compatible external blobstore backups and you want to upgrade to PAS v2.2, you must remove s3-unversioned-blobstore-backup-restorer from your runtime configuration before upgrading.

Configure an Unversioned S3 or S3-Compatible Blobstore for Backups

For each bucket used by your Pivotal Elastic Runtime installation, you must create a corresponding backup bucket. Pivotal recommends that you store the backup buckets or copies of them in a different region than the originals.

For more information, see Enable Backup and Restore of Your Unversioned S3 or S3-Compatible Blobstore in the open-source Cloud Foundry documentation.

Install Blobstore Add-On

To enable BBR to back up and restore a Pivotal Elastic Runtime installation that uses an unversioned S3 or S3-compatible blobstore, you must install Blobstore Add-On.

To install Blobstore Add-On, follow the instructions below:

  1. On the Ops Manager Installation Dashboard, click the Pivotal Elastic Runtime tile.

  2. From the URL in the address bar, record the deployment name of your Elastic Runtime. The name begins with cf.

    For example, in https://pcf.example.com/products/cf-3247176589a379f246d1, the deployment name is cf-3247176589a379f246d1.

  3. Navigate to the Ops Manager Installation Dashboard and click the Ops Manager Director tile.

  4. In the Ops Manager Director tile, select the Credentials tab.

  5. Locate Director Credentials and click the corresponding Link to Credentials. Record the identity and password.

  6. Select the Status tab. Record the IP address of your BOSH Director.

  7. From the BOSH Backup and Restore page in Pivotal Network, download the latest version of the add-on.

  8. To copy the release archive to your Ops Manager instance, run the following command:

    scp -i PATH-TO-PRIVATE-KEY backup-and-restore-sdk-addon-SEMVER.tar.gz ubuntu@YOUR-OPS-MANAGER-VM-IP:~
    

    Where:

    • PATH-TO-PRIVATE-KEY is the path to your Ops Manager private key.
    • SEMVER is the semantic version of the add-on that you downloaded in the previous step.
    • YOUR-OPS-MANAGER-VM-IP is the IP address of your Ops Manager VM.
  9. SSH into the Ops Manager instance by following the instructions in SSH Into Ops Manager VM.

  10. In the Ops Manager VM, authenticate with your BOSH Director by following the instructions in Log in to the BOSH Director. Use the Director Credentials and Director IP address that you recorded in previous steps.

  11. To upload the release that you downloaded from Pivotal Network, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate upload-release backup-and-restore-sdk-addon-SEMVER.tar.gz
    

    Where:

    • BOSH-DIRECTOR-IP is the IP address of your BOSH Director.
    • SEMVER is the semantic version of the add-on that you are uploading.
  12. To confirm that the release upload has succeeded, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate releases
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    You should see a backup-and-restore-sdk-addon-SEMVER entry.

  13. To download your current runtime configuration and save it as a file named runtime-config.yml, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate runtime-config > runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    If you receive an error message that references a missing runtime configuration, create an empty file and save it as runtime-config.yml.

  14. Append the following to the releases section of your runtime-config.yml file:

    releases:
    # Append the below to the list of releases:
    - name: backup-and-restore-sdk-addon
      version: RELEASE-VERSION
    

    Where RELEASE-VERSION is the release version.

  15. Append the following to the addons section of your runtime-config.yml file:

    addons:
    # Append the below to the list of addons:
    - name: sdk-preview
      jobs:
      - name: s3-unversioned-blobstore-backup-restorer
        release: backup-and-restore-sdk-addon
        properties:
          enabled: true
          buckets:
            droplets:
              name: NAME-OF-DROPLETS-BUCKET
              region: REGION-OF-DROPLETS-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
              backup:
                name: NAME-OF-DROPLETS-BACKUP-BUCKET
                region: REGION-OF-DROPLETS-BACKUP-BUCKET
            packages:
              name: NAME-OF-PACKAGES-BUCKET
              region: REGION-OF-PACKAGES-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
              backup:
                name: NAME-OF-PACKAGES-BACKUP-BUCKET
                region: REGION-OF-PACKAGES-BACKUP-BUCKET
            buildpacks:
              name: NAME-OF-BUILDPACKS-BUCKET
              region: REGION-OF-BUILDPACKS-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
              backup:
                name: NAME-OF-BUILDPACKS-BACKUP-BUCKET
                region: REGION-OF-BUILDPACKS-BACKUP-BUCKET
      include:
        deployments:
        - ELASTIC-RUNTIME-DEPLOYMENT-NAME
        jobs:
        - name: mysql-backup
          release: cf-backup-and-restore
    

    Replace the placeholder text as follows:

    • In the droplets, packages, and buildpacks section, replace the text with the values configured in Ops Manager and the backup buckets that you created in a previous step. See Configure an Unversioned S3 or S3-Compatible Blobstore for Backups.
    • In the include section, replace the text with the Elastic Runtime deployment name that you recorded in a previous step.
  16. To complete updating the runtime configuration, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate update-runtime-config runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

  17. Navigate to your Ops Manager Installation Dashboard and click Apply Changes.

Azure Blobstores

For information about configuring an Azure blobstore for backups and installing Blobstore Add-On, see the following sections:

Configure an Azure Blobstore for Backups

To configure your Azure blobstore for backups, enable soft deletes in your Azure Storage account. For more information, see Soft delete for Azure Storage blobs in the Microsoft documentation.

To save storage space and cost, Pivotal recommends that you configure a retention policy to permanently delete objects after a period of time.

Install Blobstore Add-On

To enable BBR to back up and restore a Pivotal Elastic Runtime installation that uses an Azure blobstore, you must install Blobstore Add-On.

To install Blobstore Add-On, follow the instructions below:

  1. On the Ops Manager Installation Dashboard, click the Pivotal Elastic Runtime tile.

  2. From the URL in the address bar, record the deployment name of your Elastic Runtime. The name begins with cf.

    For example, in https://pcf.example.com/products/cf-3247176589a379f246d1, the deployment name is cf-3247176589a379f246d1.

  3. Navigate to the Ops Manager Installation Dashboard and click the Ops Manager Director tile.

  4. In the Ops Manager Director tile, select the Credentials tab.

  5. Locate Director Credentials and click the corresponding Link to Credentials. Record the identity and password.

  6. Select the Status tab. Record the IP address of your BOSH Director.

  7. From the BOSH Backup and Restore page in Pivotal Network, download the latest version of the add-on.

  8. To copy the release archive to your Ops Manager instance, run the following command:

    scp -i PATH-TO-PRIVATE-KEY backup-and-restore-sdk-addon-SEMVER.tar.gz ubuntu@YOUR-OPS-MANAGER-VM-IP:~
    

    Where:

    • PATH-TO-PRIVATE-KEY is the path to your Ops Manager private key.
    • SEMVER is the semantic version of the add-on that you downloaded in the previous step.
    • YOUR-OPS-MANAGER-VM-IP is the IP address of your Ops Manager VM.
  9. SSH into the Ops Manager instance by following the instructions in SSH Into Ops Manager VM.

  10. In the Ops Manager VM, authenticate with your BOSH Director by following the instructions in Log in to the BOSH Director. Use the Director Credentials and Director IP address that you recorded in previous steps.

  11. To upload the release that you downloaded from Pivotal Network, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate upload-release backup-and-restore-sdk-addon-SEMVER.tar.gz
    

    Where:

    • BOSH-DIRECTOR-IP is the IP address of your BOSH Director.
    • SEMVER is the semantic version of the add-on that you are uploading.
  12. To confirm that the release upload has succeeded, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate releases
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    You should see a backup-and-restore-sdk-addon-SEMVER entry.

  13. To download your current runtime configuration and save it as a file named runtime-config.yml, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate runtime-config > runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    If you receive an error message that references a missing runtime configuration, create an empty file and save it as runtime-config.yml.

  14. Append the following to the releases section of your runtime-config.yml file:

    releases:
    # Append the below to the list of releases:
    - name: backup-and-restore-sdk-addon
      version: RELEASE-VERSION
    

    Where RELEASE-VERSION is the release version.

  15. Append the following to the addons section of your runtime-config.yml file:

    addons:
    # Append the below to the list of addons:
    - name: sdk-preview
      jobs:
      - name: azure-blobstore-backup-restorer
        release: backup-and-restore-sdk-addon
        properties:
          enabled: true
          containers:
            droplets:
              name: NAME-OF-DROPLETS-CONTAINER
              azure_storage_account: AZURE-STORAGE-ACCOUNT
              azure_storage_key: AZURE-STORAGE-KEY
            packages:
              name: NAME-OF-PACKAGES-CONTAINER
              azure_storage_account: AZURE-STORAGE-ACCOUNT
              azure_storage_key: AZURE-STORAGE-KEY
            buildpacks:
              name: NAME-OF-BUILDPACKS-CONTAINER
              azure_storage_account: AZURE-STORAGE-ACCOUNT
              azure_storage_key: AZURE-STORAGE-KEY
      include:
        deployments:
        - ELASTIC-RUNTIME-DEPLOYMENT-NAME
        jobs:
        - name: mysql-backup
          release: cf-backup-and-restore
    

    Replace the placeholder text as follows:

    • In the droplets, packages, and buildpacks section, replace the text with the values configured in Ops Manager.
    • In the include section, replace the text with the Elastic Runtime deployment name that you recorded in a previous step.
  16. (Optional) To configure backup and restore for Azure Sovereign Cloud, configure the environment property described in the Backup and Restore SDK Documentation topic in GitHub.

    For more information about Azure Sovereign Cloud, see Microsoft National Clouds in the Microsoft documentation.

  17. To complete updating the runtime configuration, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate update-runtime-config runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

  18. Navigate to your Ops Manager Installation Dashboard and click Apply Changes.

Create a pull request or raise an issue on the source for this page in GitHub