Backing Up and Restoring Configuration Data On-Premises

To backup or restore configuration data for deployed capabilities, use the following procedures:

 

Backing Up Configuration Data On-Premises

You can back up the configuration data for the deployed capabilities and ArcSight Platform components.

This procedure explains one possible approach for performing a backup. If you have your own managed backup system and prefer to use it, you can configure it to perform a backup of the arcsight- volume instead of using the approach described here.
A maximum of 15 backups folders are available on a given day.
  1. SSH to your jump host and become root.
  2. Navigate to the following location where the backup script resides: 
    cd <INSTALLER_LOCATION>/installers/cdf/scripts
  1. Execute the following command to view backup script options:

    ./nfs-arcsight-volume-backup.sh -h

    Use the following parameters:

    -s | --source
    Source mount path without the 'arcsight-volume'. This can be either an external or local NFS server mount path. This parameter is mandatory.
    -d | --destination
    Destination path where the NFS backup is to be located. This can be either an external or local NFS server mount path. If not specified, the default location is /nfs/nfs-backup/. This parameter is optional.
    -h | --help
    Displays the command options.

  2. Execute the following command to create a NFS backup at an interval of your choice; here daily:

    (crontab -l 2>/dev/null; echo "0 0 * * * <installer_location>/installers/cdf/script/nfs-arcsight-volume-backup.sh -s <NFS_server:mount_path>")| crontab -

Restoring Configuration Data On-Premises

When restoring data stores, retain the original directory structure and the pod-level sub-directory structure:

/<NFS_server mount path>/arcsight-volume

  1. Ensure that you have a valid data stores backup.

  2. Navigate to the following location where the restore script resides:

    cd <INSTALLER_LOCATION>/installers/cdf/scripts

  3. To view the restore script options, execute the following command:

    ./nfs-arcsight-volume-restore.sh -h

    Use the following parameters:

    -o | --older-backup
    Available pod backups. This parameter is optional.
    -r | --restore-dir
    Available nfs backups. This parameter is optional.
    -s | --source
    Source mount path of the NFS backup location. This can be either an external or local NFS server mount path. This parameter is mandatory.
    -d | --destination
    Destination path without the 'arcsight-volume' where the NFS backup is to be restored. This can be either an external or local NFS server mount path. This parameter is mandatory.
    -h | --help
    Displays the command options.

  4. (Conditional) If you restore from your own managed backup system, execute the restore script as follows:

    1. Parameter -s to specify a source mount path one level above arcsight-volume

    2. Parameter -r to list available sub directories therein that includes arcsight-volume

    3. Select the index value for arcsight-volume to proceed with restore.

  5. To restore to the latest NFS backup, execute the following command: 

    ./nfs-arcsight-volume-restore.sh -s /nfs/nfs-backup/ -d <NFS_server:mount_path>
    For -o or -r as parameters, backup index values are made available to choose from upon command execution.

  6. Follow the onscreen instructions to complete the restore process as appropriate.

  7. (Conditional) If Transformation Hub is deployed, complete the following steps:

    1. Mount and navigate to the nfs backup location.

    2. Navigate to the Transformation Hub directory.

      For example:

      /<nfs mount location>/<time stamped backup directory>/transformationhub/config/

    3. Ensure that the arcsight-volume is mounted, then navigate to /transformationhub/config/.

    4. (Conditional) If the file arcsight-env-override.properties exists in the backup location (7b), copy it to the arcsight-volume directory (7c), and then remove any file properties that do not apply to the restored environment.

  8. To get the names of pods to restart, execute the following command:

    kubectl get pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1)
    Compare the output with the impacted pods listed in the table on page to know pods names.

  1. To restart pods listed in this table, execute the following command:

    kubectl delete pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) <space separated impacted pod names>

    For example:

    kubectl delete pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) fusion-user-management-56497c76bb-mdmmz fusion-dashboard-web-app-7b864467d5-d2c8v fusion-metadata-rethinkdb-5c69c77756-hxxzg
  2. Ensure that all pods display a running status:
    kubectl get pods --all-namespaces

  3. To verify restored data stores, log in to the associated application.