29.1 Restoring a Cluster

You must perform the following to restore the cluster:

29.1.1 Creating a Backup

Advanced Authentication provides support for database back up through the Administration portal. Backup can be used to restore a setup in case of a disaster. The backed up database includes configuration of the following sections:

  • Dashboard

  • Repositories

  • Methods

  • Chains

  • Events

  • Endpoints

  • Policies

  • Logs

  • Licenses

  • Tenant database

  • Server Options

    • Login page background

    • Web server SSL certificate for HTTPS

  • Enrollment

    • Enrolled Authenticators

    • Shared Authenticators

    • Emergency Passwords

    NOTE:The backed up database does not include configuration of the following sections:

    • Web Authentication

    • Debug logs

    • Cluster configuration in Global Master server

    • Updates.

Exporting the Database

  1. Log in to the Administration portal with the FULL ADMIN role privilege where the Global Master is set up.

  2. Click Export in the Administration console.

  3. Click Export Database.

    A message Are you sure? Backup file will be encrypted with LOCAL\admin PASSWORD is displayed.

  4. Click OK.

The exported database file is saved in the .cpt format on your local drive. This backup file will be encrypted with the LOCAL\admin PASSWORD.

You can automate the creation of the .cpt file. To do this, create a cronjob on the server that does the following:

  1. Create a proc folder in the docker container:

    docker exec -ti aaf_aucore_1 mkdir /etc/nginx/html/static/proc/

  2. Create /opt/AuCore/data/export/aubak-YYYY_MM_DD_HH_MM.cpt.

    docker exec -it aaf_aucore_1 "/opt/AuCore/aucore/scripts/db_tools/version2/au_export_encrypt.sh"

  3. Copy the .cpt file to a secure location.

    cp /var/lib/docker/volumes/aaf_aucore-data/_data/export/*.cpt <your location>

  4. Remove the .cpt file from the container.

    rm /var/lib/docker/volumes/aaf_aucore-data/_data/export/*.cpt

29.1.2 Recovering by Restoring the Backup

You can perform the following to restore the backup:

Prerequisite for Restoring

It is recommended to stop the Advanced Authentication services on the DB Masters and DB servers for a smooth recovery.

To stop the process, perform the following steps:

  1. Log in to the Database Masters and DB server machines (NOT the Global Master).

    1. Log in to the Aucore container:

      docker exec -it aaf_aucore_1 bash

    2. Stop the Advanced Authentication processes:

      /opt/superctl stop all

    3. Stop the replication from this server to the other cluster members:

      /opt/penv/bin/au-replica stop

    4. Exit the container:

      exit

    or

    Run the following single command to stop all the services:

    docker exec aaf_aucore_1 bash -c "/opt/penv/bin/au-replica stop && /opt/superctl stop all"

  2. Repeat the Step 1 on all the Database Master and DB server machines.

NOTE:After you import the database to the Global Master and copy the database to all the DB Masters and DB servers, you must start the Advanced Authentication process. There will be a short duration of downtime.

Importing the Database

  1. Log in to the Administration portal with the FULL ADMIN role privilege where the Global Master is set up.

  2. Click Export.

  3. Click For import Click Here to upload the database.

  4. In Upload backup section, specify the following details:

    1. From: The database download URL (FTP or HTTP server). Ensure the database file is in the .cpt format.

    2. Decrypt Password: The password to decrypt the database file.

  5. Click Upload.

  6. The upload logs are displayed. The uploaded file is displayed in the Import backup section.

  7. Click Import next to the uploaded file.

  8. Click OK.

    The import logs are displayed. Import of the database to the Global Master is complete.

  9. Copy the Global Master DB to all the Database Masters and database server machines.

    1. Log in as a root user to the Database Master machine.Run the following commands to copy from the Global Master database to a local DB.

      1. Log in to the Aucore container:

        docker exec -it aaf_aucore_1 bash

      2. Copy the database from Global Master server to a local DB:

        /opt/penv/bin/au-replica copy-db

      3. Start all the Advanced Authentication processes:

        /opt/superctl start all

      4. Start the replication to the other cluster members:

        /opt/penv/bin/au-replica start

      5. Exit the container:

        exit

      or

      Run the following single command to start all the services:

      docker exec aaf_aucore_1 bash -c "/opt/penv/bin/au-replica copy-db && /opt/superctl start all && /opt/penv/bin/au-replica start"

  10. Repeat Step 1 to Step 9 on all the Database Master and DB server machines.

  11. Log in to all the server members and check the cluster page.

NOTE:After importing the database, information about the Last 200 outgoing batches for every server listed in Cluster > Batches of the Administration portal will be lost.

Restoring the LDAP Servers on All the DB Master(s)

  1. Log in to the Administration portal with the FULL ADMIN role privilege where the Global Master is set up.

  2. Click Repositories.

  3. Click on any repository.

  4. Under LDAP Servers, click Add Server.

  5. Click on the icon to add the LDAP Server of the same site as the DB Master server.

    NOTE:You can perform the Step 4 to Step 5 with the DNS discovery as well.

  6. Provide the repository administrator user password and save the configuration.

  7. Repeat the Step 1 to Step 6 on all the Database Master.