IMPORTANT:The Advanced Authentication upgrade with the database is not supported post Advanced Authentication 5.6. Therefore, it is recommended to export the database and upgrade an appliance from version 5 to the 6.0 version.
Advanced Authentication facilitates you to export the entire database to .cpt format. In this way, you can create backup of the database or migrate the database to Advanced Authentication 6.0 version. The exported database includes configuration of the following sections:
Dashboard
Repositories
Methods
Chains
Events
Endpoints
Policies
Logs
Licenses
Tenant database
Server Options
Login page background
Web server SSL certificate for HTTPS
Enrollment
Enrolled Authenticators
Shared Authenticators
Emergency Passwords
NOTE:The exported database does not include configuration of the following sections:
Web Authentication
Debug logs
Cluster configuration in Global Master server
Updates.
To export the database, perform the following steps:
Click Export in the Administration console on the Global Master server.
Click Export Database.
The exported database file is saved in the .cpt format on your local drive.
You can use the following procedure along with some third-party modules to automate the backup process:
Run the following command to launch the bash terminal:
docker exec -it aaf_aucore_1 /bin/bash
Run the following command to navigate to the directory version 2:
cd /opt/AuCore/aucore/scripts/db_tools/version2/
Run the following command to export the database:
./au_export_encrypt.sh
NOTE:You can also run the following command to initiate the database export process instead of performing Step 1 to Step 3:
docker exec aaf_aucore_1 /opt/AuCore/aucore/scripts/db_tools/version2/au_export_encrypt.sh
The exported database file is saved in the following locations in .cpt format:
Within the container: /opt/AuCore/data/export/
Out of the container: /var/lib/docker/volumes/aaf_aucore-data/_data/export/
IMPORTANT:When you are exporting the database for the first time, ensure to export using the Administration portal. If you try to Exporting the Database Through Console for the first time instead of exporting through the administration portal, you might get an error message as follows:
+ pidfile=/etc/nginx/html/static/proc/export.pid
+ '[' -f /etc/nginx/html/static/proc/export.pid ']'
+ echo 17985
./export.sh: line 12: /etc/nginx/html/static/proc/export.pid: No such file or directory
To import the database, perform the following steps:
Click Export.
Click For import Click Here to upload the database.
In Step 1. Upload backup section, specify the following details:
From: The database download URL (FTP or HTTP server).
Ensure the database file is in the .cpt format.
Decrypt Password: The password to decrypt the database file.
Click Upload.
The upload logs are displayed. The uploaded file is displayed in the Step 2. Import backup section.
Click Import next to the uploaded file.
The import logs are displayed.
IMPORTANT:For recovering from a disaster in production environments with multiple sites and services, see Disaster Recovery
.
NOTE:You may get the following errors while you are importing the database:
If the provided download path or decrypt password is incorrect, a message Error Download or decrypt. Wrong back up password or URL is displayed.
When you export the configurations from Advanced Authentication 5.6 Patch Update 5 to 6.0 appliance, an error message oob: ERROR (spawn error) is displayed in the Importlogs.txt. You can ignore this error and the Authentication Agent service will start immediately after the server reboot.
After you export and import the database, you must restart the server.
NOTE:The Tenant administrators cannot export and import the database.