4.3.7.1 Restoring a backup
If you are provisioning a new set of OpenCRVS servers, perhaps during an upgrade procedure, you may wish to restore from a previous backup onto a staging or production environment. These steps document the required process.
Once your servers are provisioned, follow these steps:
SSH into the backup server (using details for a user who has permission to access the backup environment , e.g.: a user in your backup.yml inventory file), and make a directory named the date of the backup you wish to restore from where the variable $DATE_OF_REQUIRED_BACKUP is in this format: YYYY-MM-DD, in the following provisioned directory:
Exit the backup server and use the rsync command to copy an encrypted backup file from (in this example - a local environment) onto your backup server into the above directory, in the following manner. $SSH_HOST, $SSH_PORT, $SSH_USER are the details for a user has permission to access the backup environment , e.g.: a user in your backup.yml inventory file
You will need the appropriate BACKUP_ENCRYPTION_PASSPHRASE that was used to encrypt the backup that you are restoring.
You also need the REPLICAS, ELASTICSEARCH_ADMIN_PASSWORD, MONGODB_ADMIN_USER, MONGODB_ADMIN_PASSWORD secrets for the staging or production environment you are restoring to. You created and stored these in your password manager in this step.
SSH into the provisioned environment that you wish to restore the backup onto, e.g. a staging or production server manager node.
Export the required variables that the commands will use so that they are available as environment variables in your terminal session
Run this command to download and decrypt the backup from the backup environment onto your current environment. Any errors will output to: /var/log/opencrvs-restore.log
Run this command to restore the backup onto your server. Any errors will output to: /var/log/opencrvs-restore.log
OpenCRVS requires to be re-deployed to function properly once a backup has been restored. Run this command to take OpenCRVS down / OFFLINE.
Run this command to clear your terminal session of the history of any exported secrets (security step)
Now exit the server follow the "Running a deployment step" step to re-deploy OpenCRVS. Do not seed the environment. You can use the user details to login as they existed on the backup as soon as OpenCRVS deploys.