No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI CLOUD Stack 6.5.0 Backup and Restoration Guide 03

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Backing Up Security Service Data

Backing Up Security Service Data

Security service data can be backed up in Region Type I and Region Type II scenarios.

Backing Up the Configuration File and Database

To prevent the loss of configuration files or critical service data due to misoperations or disasters (such as unexpected power failures), the system automatically backs up important configuration files and critical service data. You can manually back up the preceding backup objects before major operations, such as OS upgrade.

To-be-backed-up critical service data of the SCC background

Table 3-14 and Table 3-15 describe the to-be-backed-up critical service data of the SCC background. Database backup is implemented by using the full backup policy. All data in the scc2 database is backed up.

Table 3-14 To-be-backed-up service data of the SCC background (DBSS)

Data Table

Description

QRTZ_BLOB_TRIGGERS

Distribution task scheduling table

QRTZ_CALENDARS

QRTZ_CRON_TRIGGERS

QRTZ_FIRED_TRIGGERS

QRTZ_JOB_DETAILS

QRTZ_LOCKS

QRTZ_PAUSED_TRIGGER_GRPS

QRTZ_SCHEDULER_STATE

QRTZ_SIMPLE_TRIGGERS

QRTZ_SIMPROP_TRIGGERS

QRTZ_TRIGGERS

tbl_asyn_history_task

Asynchronous task history table

tbl_asyn_task

Asynchronous task table

tbl_DBSS_instance

DBSS instance table

tbl_DBSS_job

DBSS job table

tbl_operater_info

Operator information table

tbl_refresh_info

Host refreshing time records

Table 3-15 To-be-backed-up service data of the SCC background (KMS)

Critical Data

Description

tbl_kms_sr_key

srkey data table

tbl_kms_sys_key

syskey data table

tbl_kms_domain_key

domain key data table

tbl_kms_kek_info

Basic kek key information table

tbl_kms_revoke_dmk

domain key rotation table

tbl_kms_key_to_delete

Key table to be deleted

tbl_kms_key_alias

Key alias table. A key supports multiple aliases.

tbl_kms_key_value

Key value. A key supports key values of multiple versions.

tbl_kms_key_eva

Reservation table, used for expanding follow-up table entries

tbl_kms_api_charge

Charging table (by times)

tbl_kms_ud_charge

Charging table (by time duration)

tbl_kms_key_free_date

key list

tbl_kms_key_suspend

List of frozen keys

tbl_kms_key_tag

Key tag table

tbl_kms_tag_quota

Tag quota table

tbl_kms_tenant_quota

Tenant quota table

tbl_kms_cmk_quota

Master key quota table

tbl_kms_grant_info

Authorization information table

To-be-backed-up critical service data of the SCC background (applicable to SSA)

Table 3-16 lists the to-be-backed-up critical service data of the SCC background. Database backup is implemented by using the full backup policy. Currently, all data in the ssamdb and vulnerabilitydb databases is backed up.

Table 3-16 To-be-backed-up service data of the SCC background (SSA)

Critical Data

Description

TENANT_TBL

Threat information table

ATTACK_VULNERABILITY_TBL

DATA_STATIST_TIME_TBL

HOST_VIRUS_BASE_TBL

PULL_DATA_TIME_TBL

RESOURCE_ATTACKED_STATUS_TBL

SECURITY_INFORMATION_TBL

ATTACKED_HOST_TBL

TRANSACTION_TBL

TREND_HOST_TENANT_MAP_TBL

UNHANDLED_ATTACK_EVENT_TBL

USER_TBL

VIRUS_HOST_TBL

VULNERABILITY_HOST_TBL

VULNERABILITY_TBL

VULNERABILITY_TREND_TBL

QRTZ_BLOB_TRIGGERS

Scheduled task table

QRTZ_CALENDARS

QRTZ_CRON_TRIGGERS

QRTZ_FIRED_TRIGGERS

QRTZ_JOB_DETAILS

QRTZ_LOCKS

QRTZ_PAUSED_TRIGGER_GRPS

QRTZ_SCHEDULER_STATE

QRTZ_SIMPLE_TRIGGERS

QRTZ_SIMPROP_TRIGGER

QRTZ_TRIGGERS

Backing Up the SCC-GaussDB Node of the SCC Background

Configuring a Backup Policy

This section describes how to configure the maximum number of backup files to be stored, backup file names, and parameters for connecting the third-party backup server based on service requirements.

Context

Before an automatic or manual backup, specify the backup file quantity, naming rules, and the IP address of the third-party server where backup files are to be stored, and the storage path.

Prerequisites
  • You have obtained the IP addresses of the active and standby nodes as well as the passwords of OS account root and OS service account sccadmin if the nodes are deployed in active/standby mode.
  • A PC that can communicate with the DB node is available.
  • You have obtained the configuration information about the third-party backup server.
Procedure

Configuring the backup configuration file and information for interconnecting with the third-party backup server

You need to configure the maximum number of backup files that can be saved and information for interconnecting with the third-party backup server on DMK or log in to the DB node to modify configuration parameters. Using DMK is preferred.

Using DMK

  1. Log in to DMK using a browser.

    • Login address: https://DMK floating IP address:8443.
    • Default account: sysadmin; default password: Admin@123

  1. In the navigation pane, choose Deploy Guide, as shown in Figure 3-12.

    Figure 3-12 Deploy Guide

  2. In the Service Configuration area, click Third-Party Components and choose GaussdbHA. See Figure 3-13.

    Figure 3-13 Service Configuration

  3. Set the parameters as follows:

    • Select Version: 1.2.2
    • Select Action: Select upgrade.
    • Select Region: local
    • Host Repository: NO
    • Blue-Green Deployment: NO

  4. Click Next to go to the Hosts and User Configuration page.
  5. Select the team and added account.
  6. Modify the configuration file.

    The configuration files define backup file parameters and parameters for interconnecting with the third-party backup server.

    Click following Configuration File. Two configuration boxes are displayed. Click to synchronize configuration items from Configuration File Template to Configuration File. Then, modify the parameter values in the Configuration File area as required, as shown in Figure 3-14 and Figure 3-15.

    Figure 3-14 Configuration file a
    Figure 3-15 Configuration file b
    NOTE:

    Table 3-17 and Table 3-18 list parameters in the configuration files. For parameters not listed, retain the default values.

    Table 3-17 Parameter description

    Parameter

    Description

    LOCATION

    Region ID in the backup file name

    MAX_BACKUP_NUM

    Maximum number of backup files that can be stored

    SN_BACKUP_NUM

    No. of the latest backup file

    UPLOAD_FTP_MODE

    Backup type. Retain the default value.

    • Value 1 indicates that data is backed up to an SFTP server.
    • Value 0 indicates that data is backed up to an OBS bucket.
    Table 3-18 Parameters for interconnecting with the third-party backup server

    Parameter

    Description

    SFTP_SERVER_IP

    IP address of the third-party backup server

    SFTP_SERVER_PORT

    Port number of the third-party backup server

    SFTP_SERVER_USER

    Username for logging in to the third-party backup server

    SFTP_SERVER_PASSWD

    Ciphertext password for logging in to the third-party backup server. The password is encrypted using the SHA-256 encryption tool.

    SFTP_SERVER_FILEPATH

    Directory on the third-party backup server for storing backup files

  7. Click Execute.
  8. View the configuration status.

    1. In the navigation pane, choose Task Board.
    2. Locate the task and check its status in the Task Name column. If the status changes to , the upgrade is successful.
    3. Click Details in the Operation column to view details about the task.

Logging in to the DB node to modify configuration files

  1. Use PuTTY to log in to the SCC-GuassDB-FusionGuard01 management VM using the IP address corresponding to SCC-DB01.

    Default username: sccadmin; default password: Scloud12#$

  2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

    sudo su - root

  3. Run the following command to check the database status and check whether the current node is the active one:

    service had query

    Information similar to that shown in Figure 3-16 is displayed. The node whose ROLE is active is the active node.

    Figure 3-16 Database status

  4. Determine whether the currently logged-in node is the active one based on the command output in Step 3.

  5. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  1. Run the following command to switch to the directory containing the backup configuration file:

    cd /opt/gaussdb/ha/tools/backupAndRestore

  1. Run the following command to open the backup configuration file using the vi editor:

    vi backup.conf

    Table 3-19 describes the parameters in the configuration file.

    Table 3-19 Parameter description

    Parameter

    Description

    LOCATION

    Region ID in the backup file name

    MAX_BACKUP_NUM

    Maximum number of backup files that can be stored

    SN_BACKUP_NUM

    No. of the latest backup file

    SERVICE_NAME

    Database node of a service

    UPLOAD_FTP_MODE

    Backup type. Retain the default value.

    • Value 1 indicates that data is backed up to an FTP server.
    • Value 0 indicates that data is backed up to an OBS bucket.

  2. Type i to enter the editing mode.
  3. Modify the parameters as required.
  4. Press Esc to exit the editing mode.
  5. Enter :wq and press Enter to save the configuration and exit the editor.

Configuring third-party backup server interconnection information

  1. Use PuTTY to log in to the SCC-GuassDB-FusionGuard01 management VM using the IP address corresponding to SCC-DB01.

    Default username: sccadmin; default password: Scloud12#$

  2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

    sudo su - root

  3. Run the following command to check the database status and check whether the current node is the active one:

    service had query

    Information similar to that shown in Figure 3-17 is displayed. The node whose ROLE is active is the active node.

    Figure 3-17 Database status

  4. Determine whether the currently logged-in node is the active one based on the command output in Step 3.

  5. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  6. Run the following command to switch to the directory containing the configuration file for interconnecting with the third-party backup server:

    cd /opt/gaussdb/ha/tools/backupAndRestore

  7. Run the following command to open the configuration file using the vi editor:

    vi Upload_Server.cfg

    Table 3-20 describes the parameters in the configuration file.

    Table 3-20 Parameters for interconnecting with the third-party backup server

    Parameter

    Description

    FTP_SERVER_IP

    IP address of the third-party backup server

    FTP_SERVER_PORT

    Port number of the third-party backup server

    FTP_SERVER_USER

    Username for logging in to the third-party backup server

    FTP_SERVER_PASSWD

    Ciphertext password for logging in to the third-party backup server. The password is encrypted using the SHA-256 encryption tool.

    FTP_SERVER_FILEPATH

    Directory on the third-party backup server for storing backup files

    NOTE:

    Parameters in Table 3-18 and Table 3-20 correspond with each other in the DMK configuration file and database node configuration file. Although the parameter names are different, for example,

    SFTP_SERVER_IP and FTP_SERVER_IP.

    • If the current GaussDB node already has an FTP backup server deployed, you can obtain the required ciphertext required in Table 3-20 from the following directory: /opt/gaussdb/ha/tools/backupAndRestore/Upload_Server.cfg.
    • If the ciphertext of the FTP server cannot be obtained, perform the following operations to encrypt the plaintext:
      1. Use PuTTY and the management plane IP address of the DB node to log in to the DB node.

        Default username: sccadmin; default password: Scloud12#$

      2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

        sudo su - root

      3. Run the following commands:

        source /etc/profile

        pwswitch -e Plaintext password

  8. Type i to enter the editing mode.
  9. Modify the parameters in the configuration file based on the obtained configurations of the third-party backup server.
  10. Press Esc to exit the editing mode.
  11. Enter :wq and press Enter to save the configuration and exit the editor.

Adjusting the automatic backup time

NOTE:

If you need to change the automatic backup time, perform the following operations. This step is optional. After the system is installed, the system automatically performs full backup at 00:00 every day by default and performs incremental backup every four hours from 04:00 every day.

  1. Use PuTTY to log in to the SCC-GuassDB-FusionGuard01 management VM using the IP address corresponding to SCC-DB01.

    Default username: sccadmin; default password: Scloud12#$

  1. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

    sudo su - root

  2. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  1. Run the following command to switch to the directory containing the backup configuration file:

    vi /etc/crontab

    Figure 3-18 shows an example of the configuration file. Automatic backup has two modes:
    • Full backup: The system automatically performs a full backup at 00:00 every day.
    • Incremental backup: The system automatically performs an incremental backup at an interval of 4 hours starting from 04:00 every day. (At 00:00, the system performs a full backup and does not perform an incremental backup.)
    Figure 3-18 Automatic backup configuration file

  2. Type i to enter the editing mode and modify automatic backup parameters as required.

    • For example, if you want a full backup at 01:00 every day, change 0 0 * * * root /opt/gaussdb/ha/tools/backupAndRestore/dbBackupCron.sh f to 0 1 * * * root /opt/gaussdb/ha/tools/backupAndRestore/dbBackupCron.sh f.
    • For example, if you want an incremental backup at an interval of 4 hours starting from 05:00 every day, change to 0 5-24/4 * * * root /opt/gaussdb/ha/tools/backupAndRestore/dbBackupCron.sh i.

  3. Press Esc to exit the editing mode.
  4. Enter :wq and press Enter to save the configuration and exit the editor.
  5. Repeat Step 1 to Step 7 to log in to the other DB node and configure interconnection information.
Viewing Automatic Backup Data

After the system periodically performs the automatic backup task, it will save the backup data packages locally and periodically upload them to a third-party server. This section describes how to view the automatic backup data packages.

Prerequisites
  1. You have obtained a tool, such as PuTTY, used for remote access on various platforms.
  2. The following conditions must be met if you want to query the local automatic backup package:

    • You have configured the backup file by following the steps provided in Configuring a Backup Policy.
    • You have obtained the IP addresses of the active and standby nodes as well as the passwords of OS account root and OS service account sccadmin if the nodes are deployed in active/standby mode.
    • A PC that can communicate with the DB node is available.

  3. The following conditions must be met if you want to query backup data stored on the third-party server:

    • The DB node can properly communicate with the third-party backup server.
    • Information about the third-party backup server has been configured on the DB node. For details, see Configuring a Backup Policy.
    • A PC that can communicate with the DB node is available.

Procedure

Viewing the automatically backed up data package saved on the local PC

  1. Use PuTTY to log in to the SCC-GuassDB-FusionGuard01 management VM using the IP address corresponding to SCC-DB01.

    Default username: sccadmin; default password: Scloud12#$

  2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

    sudo su - root

  3. Run the following command to check the database status and check whether the current node is the active one:

    service had query

    Information similar to that shown in Figure 3-19 is displayed. The node whose ROLE is active is the active node.

    Figure 3-19 Database status

  4. Determine whether the currently logged-in node is the active one based on the command output in Step 3.

  5. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  6. Run the following command to view the files in the directory for storing backup files:

    ll /opt/backup/DB

    Check whether the directory contains the latest backup files.
    • If yes, no further action is required.
    • If no, contact technical support for assistance.

Viewing the automatic backup data package saved on the third-party backup server

  1. In the address box of a browser, enter the IP address of the third-party backup server (SFTP server) and press Enter.

    Login address: sftp://SFTP_SERVER_IP

    Login username: SFTP_SERVER_USER; password: SFTP_SERVER_PASSWD

    NOTE:

    SFTP_SERVER_IP indicates the IP address of the third-party backup server; SFTP_SERVER_USER indicates the username for logging in to the third-party backup server; SFTP_SERVER_PASSWD indicates the password for backing up data to the SFTP server.

  2. View the files in the directory for storing backup files.

    For the path for storing backup files, see SFTP_SERVER_FILEPATH in Table 3-18.

    Check whether the directory contains the latest backup files.
    • If yes, no further action is required.
    • If no, contact technical support for assistance.

Manually Backing Up Data

This section describes how to manually back up data.

Context

Back up data on the database node to ensure that services can be restored if any of the following failures occurs.

  • An exception occurs or the operation has not achieved the expected result after an important operation, such as a system upgrade or critical data modification.
  • The disks or OSs of both active and standby nodes are faulty, and data on both nodes is lost.
  • Data is damaged due to misoperations.
Prerequisites
  • You have obtained a tool, such as PuTTY, used for remote access on various platforms.
  • You have configured the backup file by following the steps provided in Configuring a Backup Policy.
  • You have obtained the IP addresses of the active and standby nodes as well as the passwords of OS account root and OS service account sccadmin if the nodes are deployed in active/standby mode.
  • A PC that can communicate with the DB node is available.
  • The third-party component JDK has been installed.
  • The following requirements must be met if data is to be backed up to a third-party backup server:
    • The DB node can properly communicate with the third-party backup server.
    • Information about the third-party backup server has been configured on the DB node. For details, see Configuring a Backup Policy.
Procedure
  1. Use PuTTY to log in to the SCC-GuassDB-FusionGuard01 management VM using the IP address corresponding to SCC-DB01.

    Default username: sccadmin; default password: Scloud12#$

  2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

    sudo su - root

  3. Run the following command to check the database status and check whether the current node is the active one:

    service had query

    Information similar to that shown in Figure 3-20 is displayed. The node whose ROLE is active is the active node.

    Figure 3-20 Database status

  4. Determine whether the currently logged-in node is the active one based on the command output in Step 3.

  5. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  6. Run the following command to make environment variables take effect:

    source /etc/profile

  7. Run the following command to back up data:

    dbBackupManual

    After the data is backed up to a local directory, the system automatically uploads the backup files to the third-party backup server.

    If the command output contains the following information, the data backup has finished and the backup files are uploaded to the third-party backup server:

    b0(backup success)u0(upload success)
    Successfully, backup file is in /opt/backup/DB like xxx.tar.gz

  8. Run the following command to view the files in the directory for storing backup files:

    ll /opt/backup/DB

    Check whether the directory contains the latest backup files.

    • If yes, the backup is successful.
    • If no, contact technical support for assistance.

Translation
Download
Updated: 2019-06-14

Document ID: EDOC1100062366

Views: 766

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next