OpenCRVS
v1.7
v1.7
  • 👋Welcome!
  • CRVS Systems
    • Understanding CRVS
    • Effective digital CRVS systems
    • OpenCRVS within a government systems architecture
    • OpenCRVS Value Proposition
  • Product Specifications
    • Functional Architecture
    • Workflow management
    • Status Flow Diagram
    • User roles & scopes
      • Examples
    • Core functions
      • 1. Notify event
      • 2. Declare event
      • 3. Validate event
      • 4. Register event
      • 5. Print certificate
      • 6. Issue certificate
      • 7. Search for a record
      • 8. View record
      • 9. Correct record
      • 10. Verify record
      • 11. Archive record
      • 12. Vital statistics export
    • Support functions
      • 13. Login
      • 14. Audit
      • 15. Deduplication
      • 16. Performance management
      • 17. Payment
      • 18. Learning
      • 19. User support
      • 20. User onboarding
    • Admin functions
      • 21. User management
      • 22. Comms management
      • 23. Content management
      • 24. Config management
    • Data functions
      • 25. Legacy data import
      • 26. Legacy paper import
  • Technology
    • Architecture
      • Performance tests
    • Standards
      • FHIR Documents
        • Event Composition
        • Person
        • Registration Task
        • Event Observations
        • Locations
    • Security
    • Interoperability
      • Create a client
      • Authenticate a client
      • Event Notification clients
      • Record Search clients
      • Webhook clients
      • National ID client
      • FHIR Location REST API
      • Other ways to interoperate
  • Default configuration
    • Intro to Farajaland
    • Civil registration in Farajaland
    • OpenCRVS configuration in Farajaland
      • Application settings
      • User roles
      • Declaration forms
      • Certified Copies templates
    • Business process flows in Farajaland
  • Setup
    • 1. Planning an OpenCRVS Implementation
    • 2. Establish project and team
    • 3. Gather requirements
      • 3.1 Mapping business processes
      • 3.2 Mapping offices and user types
      • 3.3 Define your application settings
      • 3.4 Designing event declaration forms
      • 3.5 Designing a certified copy
    • 4. Installation
      • 4.1 Quick start: Set-up a local development environment
        • 4.1.1 Install the required dependencies
        • 4.1.2 Install OpenCRVS locally
        • 4.1.3 Starting and stopping OpenCRVS
        • 4.1.4 Log in to OpenCRVS locally
        • 4.1.5 Tooling
          • 4.1.5.1 WSL Support
      • 4.2 Configure: Set-up your own, local, country configuration
        • 4.2.1 Fork your own country configuration repository
        • 4.2.2 Set up administrative address divisions
          • 4.2.2.1 Prepare source file for administrative structure
          • 4.2.2.2 Prepare source file for statistics
        • 4.2.3 Set up CR offices and Health facilities
          • 4.2.3.1 Prepare source file for CRVS Office facilities
          • 4.2.3.2 Prepare source file for health facilities
        • 4.2.4 Set up employee users, and scopes, for testing or production
          • 4.2.3.1 Prepare source file for employees
          • 4.2.3.2 Configure roles and scopes
        • 4.2.5 Set up application settings
          • 4.2.5.1 Managing language content
            • 4.2.5.1.1 Informant and staff notifications
          • 4.2.5.2 Configuring Metabase Dashboards
        • 4.2.6 Configure certificate templates
        • 4.2.7 Configure declaration forms
          • 4.2.7.1 Configuring an event form
        • 4.2.8 Seeding & clearing your local databases
        • 4.2.9 Countryconfig API endpoints explained
      • 4.3 Deploy: Set-up a server-hosted environment
        • 4.3.1 Verify servers & create a "provision" user
        • 4.3.2 TLS / SSL & DNS
          • 4.3.2.1 LetsEncrypt https challenge in development environments
          • 4.3.2.2 LetsEncrypt DNS challenge in production
          • 4.3.2.3 Static TLS certificates
        • 4.3.3 Configure inventory files
        • 4.3.4 Create a Github environment
          • 4.3.4.1 Environment secrets and variables explained
          • 4.3.4.2 VPN Recipes
        • 4.3.5 Provisioning servers
          • 4.3.5.1 SSH access
          • 4.3.5.2 Building, pushing & releasing your countryconfig code
          • 4.3.5.3 Ansible tasks when provisioning
        • 4.3.6 Deploy
          • 4.3.6.1 Running a deployment
          • 4.3.6.2 Seeding a server environment
          • 4.3.6.3 Login to an OpenCRVS server
          • 4.3.6.5 Resetting a server environment
        • 4.3.7 Backup & Restore
          • 4.3.7.1 Restoring a backup
          • 4.3.7.2 Off-boarding from OpenCRVS
    • 5. Quality assurance testing
    • 6. Go-live
      • 6.1 Pre-Deployment Checklist
    • 7. Operational Support
    • 8. Monitoring
      • 8.1 Application logs
      • 8.2 Infrastructure health
      • 8.3 Routine monitoring checklist
      • 8.4 Setting up alerts
      • 8.5 Managing a Docker Swarm
  • General
    • Community
    • Contributing
    • Migration notes
    • Releases and upgrades
    • Release notes
    • Product roadmap
Powered by GitBook
On this page
  1. Setup
  2. 4. Installation
  3. 4.3 Deploy: Set-up a server-hosted environment
  4. 4.3.7 Backup & Restore

4.3.7.1 Restoring a backup

Previous4.3.7 Backup & RestoreNext4.3.7.2 Off-boarding from OpenCRVS

Last updated 3 months ago

If you are provisioning a new set of OpenCRVS servers, perhaps during an upgrade procedure, you may wish to restore from a previous backup onto a staging or production environment. These steps document the required process.

Once your servers are provisioned, follow these steps:

  1. SSH into the backup server (using details for a user who has permission to access the backup environment , e.g.: a user in your backup.yml inventory file), and make a directory named the date of the backup you wish to restore from where the variable $DATE_OF_REQUIRED_BACKUP is in this format: YYYY-MM-DD, in the following provisioned directory:

mkdir /home/backup/backups/$DATE_OF_REQUIRED_BACKUP
  1. Exit the backup server and use the rsync command to copy an encrypted backup file from (in this example - a local environment) onto your backup server into the above directory, in the following manner. $SSH_HOST, $SSH_PORT, $SSH_USER are the details for a user has permission to access the backup environment , e.g.: a user in your backup.yml inventory file

rsync -a -r --delete --progress --rsh="ssh -o StrictHostKeyChecking=no -p $SSH_PORT" \
  ${DATE_OF_REQUIRED_BACKUP}.tar.gz.enc \
  $SSH_USER@$SSH_HOST:/home/backup/backups/$DATE_OF_REQUIRED_BACKUP/${DATE_OF_REQUIRED_BACKUP}.tar.gz.enc
  1. You will need the appropriate BACKUP_ENCRYPTION_PASSPHRASE that was used to encrypt the backup that you are restoring.

  2. You also need the REPLICAS, ELASTICSEARCH_ADMIN_PASSWORD, MONGODB_ADMIN_USER, MONGODB_ADMIN_PASSWORD secrets for the staging or production environment you are restoring to. You created and stored these in your password manager in this .

  3. SSH into the provisioned environment that you wish to restore the backup onto, e.g. a staging or production server manager node.

  4. Export the required variables that the commands will use so that they are available as environment variables in your terminal session

export ELASTICSEARCH_ADMIN_USER=elastic \
export ELASTICSEARCH_ADMIN_PASSWORD=<enter the appropriate secret here> \
export MONGODB_ADMIN_USER=<enter the appropriate secret here> \
export MONGODB_ADMIN_PASSWORD=<enter the appropriate secret here> \
export BACKUP_ENCRYPTION_PASSPHRASE=<enter the BACKUP_ENCRYPTION_PASSPHRASE that was used to encrypt the backup that you are restoring> \
export SSH_HOST=<enter the backup server host> \
export SSH_PORT=<enter the backup server SSH port> \
export LABEL=<enter the DATE_OF_REQUIRED_BACKUP in this format: YYYY-MM-DD> \
export REPLICAS=<enter the appropriate secret for this environment> \
  1. Run this command to download and decrypt the backup from the backup environment onto your current environment. Any errors will output to: /var/log/opencrvs-restore.log

cd / && bash /opt/opencrvs/infrastructure/backups/download.sh --passphrase=$BACKUP_ENCRYPTION_PASSPHRASE --ssh_user=backup --ssh_host=$SSH_HOST --ssh_port=$SSH_PORT --label=$LABEL --remote_dir=/home/backup/backups >> /var/log/opencrvs-restore.log 2>&1
  1. Run this command to restore the backup onto your server. Any errors will output to: /var/log/opencrvs-restore.log

cd / && bash /opt/opencrvs/infrastructure/backups/restore.sh --replicas=$REPLICAS --label=$LABEL >> /var/log/opencrvs-restore.log 2>&1
  1. OpenCRVS requires to be re-deployed to function properly once a backup has been restored. Run this command to take OpenCRVS down / OFFLINE.

docker stack rm opencrvs
  1. Run this command to clear your terminal session of the history of any exported secrets (security step)

history -c
history -w

Now exit the server follow the "" step to re-deploy OpenCRVS. Do not seed the environment. You can use the user details to login as they existed on the backup as soon as OpenCRVS deploys.

step
Running a deployment step