Backing Up and Restoring Configuration Data On AWS

You can use the following information to back up and restore configuration data for deployed capabilities.

 

Backing Up Configuration Data On AWS

You can back up the configuration data for the deployed capabilities and ArcSight Platform components.

  1. Log in to the AWS Backup console at https://console.aws.amazon.com/backup.

  2. Attach the AWSBackupFullAccess policy to your IAM role.

    For more information, see Managed policies for AWS Backup in the AWS documentation.

  3. Create an AWS backup plan for the EFS that you created during installation.

    For more information, see Creating a backup plan in the AWS Documentation.

  4. Follow the onscreen prompts to complete the backup plan for backups at intervals of your choice with appropriate retention periods.
  5. After backup creation, in the left-hand pane select Protected resources to view a list of Resource IDs and Resource Types.

  6. To view associated backups available, click a Resource ID.

Restoring Configuration Data On AWS

When restoring data stores, retain the original directory structure and the pod-level sub-directory structure:

/<efs_server mount path>/arcsight-volume
The default EFS server mount path is /mnt/efs/<efs parent folder>

  1. Ensure that you have valid AWS backups.

  2. Log in to the AWS Backup console at https://console.aws.amazon.com/backup.

  3. In the left-hand pane, select Protected resources to view a list of resources designated by Resource Type and Resource ID.

  4. To view the available Recovery point IDs, select a given Resource ID.

  5. Select a Recovery point ID and then click Restore.

  6. Keep default values on the page and then click Restore backup.

  7. In the left-hand pane, drill down to Jobs > Restore Jobs to view the restore job status.

    The Restore Job creates a new Recovery directory off of the root of the EFS with the recovered contents preserving the original path hierarchy.

  8. On the bastion machine used for your AWS setup, run the following command:

    cd <INSTALLER_LOCATION>/aws-scripts/scripts

  9. To view the restore script options, execute the following command:

    ./nfs-arcsight-volume-restore.sh -h

    Use the following parameters:

    -r | --restore-dir
    Specify the AWS restore directory name created in the mount location. This parameter is mandatory.
    -o | --older-backup
    Available pod backups. This parameter is optional.
    -p | --path
    Specify the EFS mount path. This parameter is mandatory.
    -h | --help
    Displays the command options.

  10. To restore to the latest pod backup, execute the following command: 

    ./nfs-arcsight-volume-restore.sh -r <restore_dir_in_mount_location> -p <mount_path>

    For example:

    ./nfs-arcsight-volume-restore.sh -r aws-backup-restore_<TIMESTAMP> -p arcsight
    To restore to an earlier pod backup, use the -o parameter from the Usage Options.

  11. To complete the restore process, follow the onscreen instructions.

  12. (Conditional) If Transformation Hub is deployed, complete the following steps:

    1. Mount and navigate to the EFS backup location.

    2. Navigate to the Transformation Hub directory.

      For example:

      /<efs mount location>/arcsight-volume/transformationhub/config/

    3. Ensure that the arcsight-volume is mounted, then navigate to /transformationhub/config/.

    4. If the file arcsight-env-override.properties exists in the backup location (12b), copy it to the arcsight-volume directory (12c) and then remove any file properties that do not apply to the restored environment.

  13. To get the names of pods to restart, execute the following command:

    kubectl get pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1)
    Compare the output with the impacted pods listed in the table on page, to know pods names.

  14. To restart pods listed in this table, execute the following command:

    kubectl delete pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) <space separated pod names>

    For example:

    kubectl delete pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) fusion-user-management-56497c76bb-mdmmz fusion-dashboard-web-app-7b864467d5-d2c8v fusion-metadata-rethinkdb-5c69c77756-hxxzg

  15. Remove the recovery directory restored from AWS to the default mount location in step 7 above.

    cd <default mount path>
    sudo rm -rf aws-backup-restore_<TIMESTAMP>
  16. Ensure that all pods display a running status:
    kubectl get pods --all-namespaces

  17. To verify restored data stores, log in to the associated application.