Enabling External Blobstore Backups

Page last updated:

This topic provides instructions for enabling external blobstore backups in your Pivotal Application Service (PAS) tile.

BOSH Backup and Restore (BBR) supports the following:

  • Versioned S3 or S3-Compatible Blobstores
  • Unversioned S3 or S3-Compatible Blobstores
  • Azure Blobstores

For more information, see Backup and Restore with External Blobstores.

Note: To enable external blobstore backups for PAS, the Backup Prepare Node must be enabled. See Enable Backup Prepare Node in Backing Up Pivotal Cloud Foundry with BBR.

Note: The instructions below require the BOSH Command Line Interface (CLI) v2+. For more information, see Install in the BOSH documentation.

External Blobstore Support

External blobstore backup support varies based on which version of Ops Manager you are running and what type of blobstore you are backing up.

In some cases, external blobstore support is included in the version of Ops Manager you are using. In other cases, installing Blobstore Add-On is required.

Refer to the table below to determine if external blobstore support is included in the version of Ops Manager you are using.

Ops Manager Version
Blobstore Type
1.11 1.12 2.0 2.1 2.2 2.3+
Versioned Add-On Add-On Add-On Included Included Included
Unversioned Add-On Add-On Add-On Add-On Included Included
Azure Add-On Add-On Add-On Add-On Add-On Included

Versioned S3 or S3-Compatible Blobstores

In PAS v2.1, BBR supports backing up and restoring versioned S3 or S3-compatible blobstores by default. For more information about configuring an S3 or S3-compatible blobstore, see External S3 or Ceph Filestore.

Note:
  • Backup artifacts of external, S3-compatible, versioned blobstores do not contain the physical blobs. BBR requires that the original buckets still exist to be restored.
  • To protect yourself from losing a bucket, see Enable Replication on Your External Blobstore in Backup and Restore with External Blobstores in the Cloud Foundry documentation.

Unversioned S3 or S3-Compatible Blobstores

For information about configuring an unversioned S3 or S3-compatible blobstore for backups and installing Blobstore Add-On, see the following sections:

Note: If you enable unversioned S3 or S3-compatible external blobstore backups and you want to upgrade to PAS v2.2, you must remove s3-unversioned-blobstore-backup-restorer from your runtime configuration before upgrading.

Configure an Unversioned S3 or S3-Compatible Blobstore for Backups

For each bucket used by your PAS installation, you must create a corresponding backup bucket. Pivotal recommends that you store the backup buckets or copies of them in a different region than the originals.

For more information, see Enable Backup and Restore of Your Unversioned S3-Compatible Blobstore.

Install Blobstore Add-On

To enable BBR to back up and restore a PAS installation that uses an unversioned S3 or S3-compatible blobstore, you must install Blobstore Add-On.

To install Blobstore Add-On, follow the instructions below:

  1. On the Ops Manager Installation Dashboard, click the PAS tile.

  2. From the URL in the address bar, record the deployment name of your PAS installation. The name begins with cf.

    For example, in https://pcf.example.com/products/cf-3247176589a379f246d1, the deployment name is cf-3247176589a379f246d1.

  3. Navigate to the Ops Manager Installation Dashboard and click the BOSH Director tile.

  4. In the BOSH Director tile, select the Credentials tab.

  5. Locate Director Credentials and click the corresponding Link to Credentials. Record the identity and password.

  6. Select the Status tab. Record the IP address of your BOSH Director.

  7. From the BOSH Backup and Restore page in Pivotal Network, download the latest version of the add-on.

  8. To copy the release archive to your Ops Manager instance, run the following command:

    scp -i PATH-TO-PRIVATE-KEY backup-and-restore-sdk-addon-SEMVER.tar.gz ubuntu@YOUR-OPS-MANAGER-VM-IP:~
    

    Where:

    • PATH-TO-PRIVATE-KEY is the path to your Ops Manager private key.
    • SEMVER is the semantic version of the add-on that you downloaded in the previous step.
    • YOUR-OPS-MANAGER-VM-IP is the IP address of your Ops Manager VM.
  9. SSH into the Ops Manager instance by following the instructions in SSH Into Ops Manager VM.

  10. In the Ops Manager VM, authenticate with your BOSH Director by following the instructions in Log in to the BOSH Director. Use the Director Credentials and Director IP address that you recorded in previous steps.

  11. To upload the release that you downloaded from Pivotal Network, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate upload-release backup-and-restore-sdk-addon-SEMVER.tar.gz
    

    Where:

    • BOSH-DIRECTOR-IP is the IP address of your BOSH Director.
    • SEMVER is the semantic version of the add-on that you are uploading.
  12. To confirm that the release upload has succeeded, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate releases
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    You should see a backup-and-restore-sdk-addon-SEMVER entry.

  13. To download your current runtime configuration and save it as a file named runtime-config.yml, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate runtime-config > runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    If you receive an error message that references a missing runtime configuration, create an empty file and save it as runtime-config.yml.

  14. Append the following to the releases section of your runtime-config.yml file:

    releases:
    # Append the below to the list of releases:
    - name: backup-and-restore-sdk-addon
      version: RELEASE-VERSION
    

    Where RELEASE-VERSION is the release version.

  15. Append the following to the addons section of your runtime-config.yml file:

    addons:
    # Append the below to the list of addons:
    - name: sdk-preview
      jobs:
      - name: s3-unversioned-blobstore-backup-restorer
        release: backup-and-restore-sdk-addon
        properties:
          enabled: true
          buckets:
            droplets:
              name: NAME-OF-DROPLETS-BUCKET
              region: REGION-OF-DROPLETS-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
              backup:
                name: NAME-OF-DROPLETS-BACKUP-BUCKET
                region: REGION-OF-DROPLETS-BACKUP-BUCKET
            packages:
              name: NAME-OF-PACKAGES-BUCKET
              region: REGION-OF-PACKAGES-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
              backup:
                name: NAME-OF-PACKAGES-BACKUP-BUCKET
                region: REGION-OF-PACKAGES-BACKUP-BUCKET
            buildpacks:
              name: NAME-OF-BUILDPACKS-BUCKET
              region: REGION-OF-BUILDPACKS-BUCKET
              aws_access_key_id: AWS-ACCESS-KEY
              aws_secret_access_key: AWS-SECRET-KEY
              endpoint: BLOBSTORE-ENDPOINT
              backup:
                name: NAME-OF-BUILDPACKS-BACKUP-BUCKET
                region: REGION-OF-BUILDPACKS-BACKUP-BUCKET
      include:
        deployments:
        - PAS-DEPLOYMENT-NAME
        jobs:
        - name: mysql-backup
          release: cf-backup-and-restore
    

    Replace the placeholder text as follows:

    • In the droplets, packages, and buildpacks section, replace the text with the values configured in Ops Manager and the backup buckets that you created in a previous step. See Configure an Unversioned S3 or S3-Compatible Blobstore for Backups.
    • In the include section, replace the text with the PAS deployment name that you recorded in a previous step.
  16. To complete updating the runtime configuration, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate update-runtime-config runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

  17. Navigate to your Ops Manager Installation Dashboard and click Apply Changes.

Azure Blobstores

For information about configuring an Azure blobstore for backups and installing Blobstore Add-On, see the following sections:

Configure an Azure Blobstore for Backups

To configure your Azure blobstore for backups, enable soft deletes in your Azure Storage account. For more information, see Soft delete for Azure Storage blobs in the Microsoft documentation.

To save storage space and cost, Pivotal recommends that you configure a retention policy to permanently delete objects after a period of time.

Install Blobstore Add-On

To enable BBR to back up and restore a PAS installation that uses an Azure blobstore, you must install Blobstore Add-On.

To install Blobstore Add-On, follow the instructions below:

  1. On the Ops Manager Installation Dashboard, click the PAS tile.

  2. From the URL in the address bar, record the deployment name of your PAS installation. The name begins with cf.

    For example, in https://pcf.example.com/products/cf-3247176589a379f246d1, the deployment name is cf-3247176589a379f246d1.

  3. Navigate to the Ops Manager Installation Dashboard and click the BOSH Director tile.

  4. In the BOSH Director tile, select the Credentials tab.

  5. Locate Director Credentials and click the corresponding Link to Credentials. Record the identity and password.

  6. Select the Status tab. Record the IP address of your BOSH Director.

  7. From the BOSH Backup and Restore page in Pivotal Network, download the latest version of the add-on.

  8. To copy the release archive to your Ops Manager instance, run the following command:

    scp -i PATH-TO-PRIVATE-KEY backup-and-restore-sdk-addon-SEMVER.tar.gz ubuntu@YOUR-OPS-MANAGER-VM-IP:~
    

    Where:

    • PATH-TO-PRIVATE-KEY is the path to your Ops Manager private key.
    • SEMVER is the semantic version of the add-on that you downloaded in the previous step.
    • YOUR-OPS-MANAGER-VM-IP is the IP address of your Ops Manager VM.
  9. SSH into the Ops Manager instance by following the instructions in SSH Into Ops Manager VM.

  10. In the Ops Manager VM, authenticate with your BOSH Director by following the instructions in Log in to the BOSH Director. Use the Director Credentials and Director IP address that you recorded in previous steps.

  11. To upload the release that you downloaded from Pivotal Network, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate upload-release backup-and-restore-sdk-addon-SEMVER.tar.gz
    

    Where:

    • BOSH-DIRECTOR-IP is the IP address of your BOSH Director.
    • SEMVER is the semantic version of the add-on that you are uploading.
  12. To confirm that the release upload has succeeded, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate releases
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    You should see a backup-and-restore-sdk-addon-SEMVER entry.

  13. To download your current runtime configuration and save it as a file named runtime-config.yml, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate runtime-config > runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

    If you receive an error message that references a missing runtime configuration, create an empty file and save it as runtime-config.yml.

  14. Append the following to the releases section of your runtime-config.yml file:

    releases:
    # Append the below to the list of releases:
    - name: backup-and-restore-sdk-addon
      version: RELEASE-VERSION
    

    Where RELEASE-VERSION is the release version.

  15. Append the following to the addons section of your runtime-config.yml file:

    addons:
    # Append the below to the list of addons:
    - name: sdk-preview
      jobs:
      - name: azure-blobstore-backup-restorer
        release: backup-and-restore-sdk-addon
        properties:
          enabled: true
          containers:
            droplets:
              name: NAME-OF-DROPLETS-CONTAINER
              azure_storage_account: AZURE-STORAGE-ACCOUNT
              azure_storage_key: AZURE-STORAGE-KEY
            packages:
              name: NAME-OF-PACKAGES-CONTAINER
              azure_storage_account: AZURE-STORAGE-ACCOUNT
              azure_storage_key: AZURE-STORAGE-KEY
            buildpacks:
              name: NAME-OF-BUILDPACKS-CONTAINER
              azure_storage_account: AZURE-STORAGE-ACCOUNT
              azure_storage_key: AZURE-STORAGE-KEY
      include:
        deployments:
        - PAS-DEPLOYMENT-NAME
        jobs:
        - name: mysql-backup
          release: cf-backup-and-restore
    

    Replace the placeholder text as follows:

    • In the droplets, packages, and buildpacks section, replace the text with the values configured in Ops Manager.
    • In the include section, replace the text with the PAS deployment name that you recorded in a previous step.
  16. (Optional) To configure backup and restore for Azure Sovereign Cloud, configure the environment property described in the Backup and Restore SDK Documentation topic in GitHub.

    For more information about Azure Sovereign Cloud, see Microsoft National Clouds in the Microsoft documentation.

  17. To complete updating the runtime configuration, run the following command:

    bosh -e BOSH-DIRECTOR-IP --ca-cert /var/tempest/workspaces/default/root_ca_certificate update-runtime-config runtime-config.yml
    

    Where BOSH-DIRECTOR-IP is the IP address of your BOSH Director.

  18. Navigate to your Ops Manager Installation Dashboard and click Apply Changes.

Create a pull request or raise an issue on the source for this page in GitHub