# 4.3.7.1 Restoring a backup If you are provisioning a new set of OpenCRVS servers, perhaps during an upgrade procedure, you may wish to restore from a previous backup onto a **staging** or **production** environment. These steps document the required process. Once your servers are provisioned, follow these steps: 1. SSH into the **backup** server (using details for a user who has permission to access the backup environment , e.g.: a user in your backup.yml inventory file), and make a directory named the date of the backup you wish to restore from where the variable **$DATE\_OF\_REQUIRED\_BACKUP** is in this format: YYYY-MM-DD, in the following provisioned directory: ``` mkdir /home/backup/backups/$DATE_OF_REQUIRED_BACKUP ``` 2. Exit the backup server and use the rsync command to copy an encrypted backup file from **(in this example - a local environment)** onto your backup server into the above directory, in the following manner. $SSH\_HOST, $SSH\_PORT, $SSH\_USER are the details for a user has permission to access the backup environment , e.g.: a user in your backup.yml inventory file ``` rsync -a -r --delete --progress --rsh="ssh -o StrictHostKeyChecking=no -p $SSH_PORT" \ ${DATE_OF_REQUIRED_BACKUP}.tar.gz.enc \ $SSH_USER@$SSH_HOST:/home/backup/backups/$DATE_OF_REQUIRED_BACKUP/${DATE_OF_REQUIRED_BACKUP}.tar.gz.enc ``` 3. You will need the appropriate BACKUP\_ENCRYPTION\_PASSPHRASE **that was used to encrypt the backup that you are restoring.** 4. You also need the REPLICAS, ELASTICSEARCH\_ADMIN\_PASSWORD, MONGODB\_ADMIN\_USER, MONGODB\_ADMIN\_PASSWORD secrets for the **staging** or **production** environment you are restoring to. You created and stored these in your password manager in this [step](https://github.com/opencrvs/documentation/blob/master/v1.9.0/setup/3.-installation/3.3-set-up-a-server-hosted-environment/4.3.4-create-a-github-environment). 5. SSH into the provisioned environment that you wish to restore the backup onto, e.g. a **staging** or **production** server manager node. 6. Export the required variables that the commands will use so that they are available as environment variables in your terminal session ``` export ELASTICSEARCH_ADMIN_USER=elastic \ export ELASTICSEARCH_ADMIN_PASSWORD= \ export MONGODB_ADMIN_USER= \ export MONGODB_ADMIN_PASSWORD= \ export BACKUP_ENCRYPTION_PASSPHRASE= \ export SSH_HOST= \ export SSH_PORT= \ export LABEL= \ export REPLICAS= \ ``` 7. Run this command to download and decrypt the backup from the backup environment onto your current environment. Any errors will output to: /var/log/opencrvs-restore.log ``` cd / && bash /opt/opencrvs/infrastructure/backups/download.sh --passphrase=$BACKUP_ENCRYPTION_PASSPHRASE --ssh_user=backup --ssh_host=$SSH_HOST --ssh_port=$SSH_PORT --label=$LABEL --remote_dir=/home/backup/backups >> /var/log/opencrvs-restore.log 2>&1 ``` 8. Run this command to restore the backup onto your server. Any errors will output to: /var/log/opencrvs-restore.log

cd / && bash /opt/opencrvs/infrastructure/backups/restore.sh --replicas=$REPLICAS --label=$LABEL >> /var/log/opencrvs-restore.log 2>&1

9. OpenCRVS requires to be re-deployed to function properly once a backup has been restored. Run this command to **take OpenCRVS down / OFFLINE**. ``` docker stack rm opencrvs ``` 10. Run this command to clear your terminal session of the history of any exported secrets (security step) ``` history -c history -w ``` 11. Now exit the server follow the "[Running a deployment step](https://documentation.opencrvs.org/setup/3.-installation/3.3-set-up-a-server-hosted-environment/3.3.6-deploy-automated-and-manual/4.3.6.1-running-a-deployment)" step to re-deploy OpenCRVS. Do not seed the environment. You can use the user details to login as they existed on the backup as soon as OpenCRVS deploys.