Setting Up Your Jumpbox for BBR
Page last updated:
This topic describes how to set up your jumpbox for BOSH Backup and Restore (BBR).
To use BBR to back up and restore your Pivotal Cloud Foundry (PCF) deployment, you must first set up a jumpbox to run BBR from.
Configure your jumpbox with the following settings:
- Your jumpbox must have sufficient space for the backup. A PCF backup requires at least 1.5 GB.
- Because BBR connects to the virtual machines (VMs) in your PCF deployment on their private IP addresses, your jumpbox must exist on the same network as the VMs. BBR does not support SSH gateways.
- Because BBR copies the backed-up data from the VMs to the jumpbox, you should have minimal network latency between them to reduce transfer times.
Consult the following table for more information about the network access permissions required by BBR.
|BOSH Director||25555||BBR interacts with the BOSH Director API.|
|Deployed Instances||22||BBR uses SSH to orchestrate the backup on the instances.|
|BOSH Director UAA||8443||BBR interacts with the UAA API for authentication, if necessary.|
Transfer the BBR binary to your jumpbox in one of the following ways:
Jumpbox without Internet Access
Follow the steps below if your jumpbox does not have Internet access:
Download the latest BOSH Backup and Restore release from Pivotal Network.
On a command line, enter
chmod a+x PATH-TO-BBR-FILE/bbrto make the file executable. Replace
PATH-TO-BBR-FILEwith the local path to the BBR file.
$ chmod a+x bbr
scp PATH-TO-BBR-FILE/bbr JUMPBOX-USER/JUMPBOX-ADDRESSto securely copy the binary to your jumpbox.
Jumpbox with Internet Access
Follow the steps below if your jumpbox has Internet access:
On a command line, enter
ssh JUMPBOX-USER/JUMPBOX-ADDRESS -i YOUR-CERTIFICATE.pemto ssh into your jumpbox.
wget BBR-RELEASE-URLto download the BBR release. Replace
BBR-RELEASE-URLwith the URL of the BBR release.
chmod a+x LOCAL-PATH-TO-BBR-FILE/bbrto make the file executable.
If the certificate chain on your local machine cannot verify the Certificate Authority (CA) certificate for the BOSH Director, you must have the path to the root CA certificate to run BBR commands.
If you have configured the Ops Manager VM as your jumpbox, the path to the root CA certificate is
If you have configured another machine as your jumpbox, run the following commands on the jumpbox to copy the CA certificate from your Ops Manager VM.
$ export OPSMAN=127.0.0.1 # Ops Manager DNS name or IP address $ export OPSMAN_USERNAME=OPSMANAGER-USERNAME # Ops Manager admin username $ export OPSMAN_PASSWORD=OPSMANAGER-PASSWORD # Ops Manager admin password # Get UAA token $ uaac target $OPSMAN/uaa --skip-ssl-validation $ uaac token owner get opsman $OPSMAN_USERNAME -s "" -p $OPSMAN_PASSWORD $ apitoken=uaac contexts | grep $OPSMAN -B6 | grep access_token | cut -d ':' -f 2 | cut -d ' ' -f 2 # Get the certificate (it's a json payload) $ export cert=$(curl -k "https://$OPSMAN/api/v0/security/root_ca_certificate" -X GET -H "Authorization: Bearer $apitoken" | jq '.root_ca_certificate_pem') $ echo -e $cert > PATH-TO-BOSH-SERVER-CERTIFICATE