4.3.7.1 Restoring a backup

If you are provisioning a new set of OpenCRVS servers, perhaps during an upgrade procedure, you may wish to restore from a previous backup onto a staging or production environment. These steps document the required process.

Once your servers are provisioned, follow these steps:

1. SSH into the backup server (using details for a user who has permission to access the backup environment , e.g.: a user in your backup.yml inventory file), and make a directory named the date of the backup you wish to restore from where the variable $DATE_OF_REQUIRED_BACKUP is in this format: YYYY-MM-DD, in the following provisioned directory:

mkdir /home/backup/backups/$DATE_OF_REQUIRED_BACKUP

1. Exit the backup server and use the rsync command to copy an encrypted backup file from (in this example - a local environment) onto your backup server into the above directory, in the following manner. $SSH_HOST, $SSH_PORT, $SSH_USER are the details for a user has permission to access the backup environment , e.g.: a user in your backup.yml inventory file

rsync -a -r --delete --progress --rsh="ssh -o StrictHostKeyChecking=no -p $SSH_PORT" \
  ${DATE_OF_REQUIRED_BACKUP}.tar.gz.enc \
  $SSH_USER@$SSH_HOST:/home/backup/backups/$DATE_OF_REQUIRED_BACKUP/${DATE_OF_REQUIRED_BACKUP}.tar.gz.enc

1. You will need the appropriate BACKUP_ENCRYPTION_PASSPHRASE that was used to encrypt the backup that you are restoring.

2. You also need the REPLICAS, ELASTICSEARCH_ADMIN_PASSWORD, MONGODB_ADMIN_USER, MONGODB_ADMIN_PASSWORD secrets for the staging or production environment you are restoring to. You created and stored these in your password manager in this .

3. SSH into the provisioned environment that you wish to restore the backup onto, e.g. a staging or production server manager node.

4. Export the required variables that the commands will use so that they are available as environment variables in your terminal session

export ELASTICSEARCH_ADMIN_USER=elastic \
export ELASTICSEARCH_ADMIN_PASSWORD=<enter the appropriate secret here> \
export MONGODB_ADMIN_USER=<enter the appropriate secret here> \
export MONGODB_ADMIN_PASSWORD=<enter the appropriate secret here> \
export BACKUP_ENCRYPTION_PASSPHRASE=<enter the BACKUP_ENCRYPTION_PASSPHRASE that was used to encrypt the backup that you are restoring> \
export SSH_HOST=<enter the backup server host> \
export SSH_PORT=<enter the backup server SSH port> \
export LABEL=<enter the DATE_OF_REQUIRED_BACKUP in this format: YYYY-MM-DD> \
export REPLICAS=<enter the appropriate secret for this environment> \

1. Run this command to download and decrypt the backup from the backup environment onto your current environment. Any errors will output to: /var/log/opencrvs-restore.log

cd / && bash /opt/opencrvs/infrastructure/backups/download.sh --passphrase=$BACKUP_ENCRYPTION_PASSPHRASE --ssh_user=backup --ssh_host=$SSH_HOST --ssh_port=$SSH_PORT --label=$LABEL --remote_dir=/home/backup/backups >> /var/log/opencrvs-restore.log 2>&1

1. Run this command to restore the backup onto your server. Any errors will output to: /var/log/opencrvs-restore.log

cd / && bash /opt/opencrvs/infrastructure/backups/restore.sh --replicas=$REPLICAS --label=$LABEL >> /var/log/opencrvs-restore.log 2>&1

1. OpenCRVS requires to be re-deployed to function properly once a backup has been restored. Run this command to take OpenCRVS down / OFFLINE.

docker stack rm opencrvs

1. Run this command to clear your terminal session of the history of any exported secrets (security step)

history -c
history -w