Backing Up and Restoring Configuration Data for On-premises Deployments

To backup or restore configuration data for capabilities deployed on-premises, use the following procedures:

 

Backing Up Configuration Data for On-premises

You can back up the configuration data for the deployed capabilities and ArcSight Platform components.

This procedure explains one possible approach for performing a backup. If you have your own managed backup system and prefer to use it, you can configure it to perform a backup of the arcsight- volume instead of using the approach described here.
A maximum of 15 backups folders are available on a given day.
  1. SSH into your master node as a sudo user with sufficient privileges and access to NFS shares, or root.
  2. Navigate to the following location where the backup script resides:
    cd /opt/arcsight/kubernetes/scripts
  1. Execute the following command to view backup script options:

    ./nfs-arcsight-volume-backup.sh -h

    Use the following parameters:

    -s | --source
    Source mount path without the 'arcsight-volume'. This can be either an external or local NFS server mount path. This parameter is mandatory.
    -d | --destination
    Destination path where the NFS backup is to be located. This can be either an external or local NFS server mount path. If not specified, the default location is /nfs/nfs-backup/ and /nfs/nfs-backup/ must be a NFS mount FS.
    -h | --help
    Displays the command options.
  2. Execute the following command to create a NFS backup at an interval of your choice; here daily:

    (crontab -l 2>/dev/null; echo "0 0 * * * /opt/arcsight/kubernetes/scripts/nfs-arcsight-volume-backup.sh -s <NFS_server:mount_path> -d <NFS_server:mount_path>")| crontab -

    Set the interval 0 0 * * * following standard Linux cron job settings. Each digit represents minute, hour, day, month, and day of the week.

    Make sure to replace the <NFS_server:mount_path> variable, with a specific value, before you run the command.

Restoring Configuration Data for On-premises

When restoring data stores, retain the original directory structure and the pod-level sub-directory structure:

/<NFS_server mount path>/arcsight-volume   
Make sure to replace the <NFS_server mount path> variable, with a specific value, before you run the command.
  1. Ensure that you have a valid data stores backup.

  2. Navigate to the following location where the restore script resides:

    cd /opt/arcsight/kubernetes/scripts
  3. To view the restore script options, execute the following command:

    ./nfs-arcsight-volume-restore.sh -h

    Use the following parameters:

    -o | --older-backup
    Available pod backups. This parameter is optional.
    -r | --restore-dir
    Available nfs backups. This parameter is optional.
    -s | --source
    Source mount path of the NFS backup location. This can be either an external or local NFS server mount path. This parameter is mandatory.
    -d | --destination
    The Source mount path without the 'arcsight-volume' used in ./nfs-arcsight-volume-backup.sh where the NFS backup is to be restored. This parameter is mandatory.
    -h | --help
    Displays the command options.
  4. (Conditional) If you restore from your own managed backup system, execute the restore script as follows:

    1. Parameter -s to specify a source mount path one level above arcsight-volume

    2. Parameter -r to list available sub directories therein that includes arcsight-volume

    3. Select the index value for arcsight-volume to proceed with restore.

  5. (Conditional) To restore to the latest NFS backup, execute the following command:

    ./nfs-arcsight-volume-restore.sh -s /nfs/nfs-backup/ -d <NFS_server:mount_path>
    For -o or -r as parameters, backup index values are made available to choose from upon command execution. Also, ensure to replace the <NFS_server:mount_path> variable, with a specific value, before you run the command.
  6. (Conditional) To restore from the listed index values, choose an available backup.

  7. To complete the restore process, follow the onscreen instructions.

  8. (Conditional) If Transformation Hub is deployed, complete the following steps:

    1. Mount and navigate to the nfs backup location.

    2. Navigate to the Transformation Hub directory.

      For example:

      /<nfs mount location>/<time stamped backup directory>/transformationhub/config/
    3. Ensure that the arcsight-volume is mounted, then navigate to /transformationhub/config/.

    4. (Conditional) If the file arcsight-env-override.properties exists in the backup location (Step 8b), copy it to the arcsight-volume directory (Step 8c), and then remove any file properties that do not apply to the restored environment.

  9. To get the names of pods to restart, execute the following command:

    kubectl get pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1)
    Compare the output with the impacted pods listed in this table to know pods names.
  1. To restart pods listed in this table, execute the following command:

    kubectl delete pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) <space separated impacted pod names>
    Ensure to replace the <space separated pod names> variable, with specific values, before you run the command.

    For example:

    kubectl delete pods -n $( kubectl get namespaces | grep arcsight | cut -d ' ' -f1) fusion-user-management-56497c76bb-mdmmz fusion-dashboard-web-app-7b864467d5-d2c8v fusion-metadata-rethinkdb-5c69c77756-hxxzg
  2. Ensure that all pods display a running status:
    kubectl get pods --all-namespaces
  3. To verify restored data stores, log in to the associated application.