PAS Component Availability During Backup

This topic describes the operational impact of backing up Pivotal Application Service (PAS) components with BBR. To ensure correctness of backups, each component that requires backup has its own set of scripts. The sections in this topic describe the availability of each component during backup of its database.

Cloud Controller

The Cloud Controller is unavailable during backup. Apps and Services continue to run as normal, but you cannot perform operations that require the Cloud Controller API. This includes the following:

  • Pushing new apps or creating new services
  • Modifying existing apps or services
  • Using the clients of the Cloud Controller API, such as the following:
    • The Cloud Foundry Command Line Interface (cf CLI)
    • Apps Manager and its integrations
    • The Java client used by Spring apps

The backup process for the Cloud Controller is as follows:

Stage Description
1: Pre-backup lock The processes running on the Cloud Controller Worker, Cloud Controller, and Clock Global VMs are stopped.
2: Backup The BBR SDK backup script runs to backup the Cloud Controller database (CCDB), which contains state information for apps on your deployment.
3: Post-backup unlock The processes start again on the Cloud Controller Worker, Cloud Controller, and Clock Global VMs.

UAA

UAA remains available in read-only mode during backup. This means that you cannot perform write operations for clients, users, groups, identity providers, or zone configuration. However, you can continue performing read operations, such as generating, validating, and revoking tokens. Additionally, UAA continues to authenticate users and authorize requests for users and clients.

The read-only behavior during backup applies to all of the following ways of accessing UAA: the UAA API, the UAA CLI, cf CLI, login screens, and services such as the Single Sign-On Service tile.

The backup process for UAA is as follows:

Stage Description
1: Pre-backup lock UAA enters read-only mode.
2: Backup The BBR SDK backup script runs to backup the UAA database, which contains Cloud Foundry user credentials.
3: Post-backup unlock UAA exits read-only mode.

Routing API

The Routing API remains available during backup. However, you cannot perform write operations using the Routing API because the routing database is locked. All read operations offered by the Routing API remain available.

The BBR SDK backup script for the Routing API backs up its database, which contains router groups, routes, and internal implementation information.

Usage Service

The Usage Service is unavailable during backup. You cannot access the API as described in Monitoring App, Task, and Service Instance Usage. Additionally, you cannot view usage and accounting reports as described in Monitoring Instance Usage with Apps Manager.

The backup process for Usage Service is as follows:

Note: The Usage Service runs as a set of Cloud Foundry apps in the system org.

Stage Description
1: Pre-backup lock The Usage Service apps in the system org stop. This lock occurs before the Cloud Controller and UAA components lock.
2: Backup The BBR SDK backup script runs to backup the Usage Service database.
3: Post-backup unlock The Usage Service apps in the system org start again. This unlock occurs after the Cloud Controller and UAA components unlock.

App Autoscaler

The App Autoscaler service is unavailable during backup. You cannot access the UI or API. For any apps configured to use the App Autoscaler, the service does not scale these apps during backup.

The backup process for App Autoscaler is as follows:

Note: The App Autoscaler service runs as a set of Cloud Foundry apps in the system org.

Stage Description
1: Pre-backup lock The Autoscaler apps in the system org stop. This lock occurs before the Cloud Controller and UAA components lock.
2: Backup The BBR SDK backup script runs to backup the App Autoscaler database.
3: Post-backup unlock The Autoscaler apps in the system org start again. This unlock occurs after the Cloud Controller and UAA components unlock.

NFS Volume Service

The NFS service broker backup scripts rely on the locking of the Cloud Controller to stop traffic to its service. This is because the Cloud Controller is responsible for invoking the NFS service broker.

When the Cloud Controller locks during backup, you cannot create or delete new instances or bindings of a volume service. However, apps already bound to a volume service continue to operate normally during backups.

The NFS service broker backup script performs a backup of the database used to store service instances and service bindings for the NFS service broker.

Notification Service

The Notification Service is not available during backup with BBR due to its dependency on the Cloud Controller. Notifications cannot be sent while the Cloud Controller is unavailable.

Network Policy Server

The Network Policy Server is unavailable during backup. While existing policies are still enforced, you cannot use the cf CLI to add or remove policies for Container Networking as documented in Administering Container-to-Container Networking.

CredHub

Runtime CredHub is unavailable during backup. If the service instance credentials for an app are stored in CredHub, the app cannot fetch those credentials during backup. In some cases, apps may not start if they cannot fetch credentials for a service instance binding.

Create a pull request or raise an issue on the source for this page in GitHub