You must perform the following to restore the cluster:
Advanced Authentication provides support for database back up through the Administration portal. Backup can be used to restore a setup in case of a disaster. The backed up database includes configuration of the following sections:
Dashboard
Repositories
Methods
Chains
Events
Endpoints
Policies
Logs
Licenses
Tenant database
Server Options
Login page background
Web server SSL certificate for HTTPS
Enrollment
Enrolled Authenticators
Shared Authenticators
Emergency Passwords
NOTE:The backed up database does not include configuration of the following sections:
Web Authentication
Debug logs
Cluster configuration in Global Master server
Updates.
Log in to the Administration portal with the FULL ADMIN role privilege where the Global Master is set up.
Click Export in the Administration console.
Click Export Database.
A message Are you sure? Backup file will be encrypted with LOCAL\admin PASSWORD is displayed.
Click OK.
The exported database file is saved in the .cpt format on your local drive. This backup file will be encrypted with the LOCAL\admin PASSWORD.
You can automate the creation of the .cpt file. To do this, create a cronjob on the server that does the following:
Create a proc folder in the docker container:
docker exec -ti aaf_aucore_1 mkdir /etc/nginx/html/static/proc/
Create /opt/AuCore/data/export/aubak-YYYY_MM_DD_HH_MM.cpt.
docker exec -it aaf_aucore_1 "/opt/AuCore/aucore/scripts/db_tools/version2/au_export_encrypt.sh"
Copy the .cpt file to a secure location.
cp /var/lib/docker/volumes/aaf_aucore-data/_data/export/*.cpt <your location>
Remove the .cpt file from the container.
rm /var/lib/docker/volumes/aaf_aucore-data/_data/export/*.cpt
You can perform the following to restore the backup:
It is recommended to stop the Advanced Authentication services on the DB Masters and DB servers for a smooth recovery.
To stop the process, perform the following steps:
Log in to the Database Masters and DB server machines (NOT the Global Master).
Log in to the Aucore container:
docker exec -it aaf_aucore_1 bash
Stop the Advanced Authentication processes:
/opt/superctl stop all
Stop the replication from this server to the other cluster members:
/opt/penv/bin/au-replica stop
Exit the container:
exit
or
Run the following single command to stop all the services:
docker exec aaf_aucore_1 bash -c "/opt/penv/bin/au-replica stop && /opt/superctl stop all"
Repeat the Step 1 on all the Database Master and DB server machines.
NOTE:After you import the database to the Global Master and copy the database to all the DB Masters and DB servers, you must start the Advanced Authentication process. There will be a short duration of downtime.
Log in to the Administration portal with the FULL ADMIN role privilege where the Global Master is set up.
Click Export.
Click For import Click Here to upload the database.
In Upload backup section, specify the following details:
From: The database download URL (FTP or HTTP server). Ensure the database file is in the .cpt format.
Decrypt Password: The password to decrypt the database file.
Click Upload.
The upload logs are displayed. The uploaded file is displayed in the Import backup section.
Click Import next to the uploaded file.
Click OK.
The import logs are displayed. Import of the database to the Global Master is complete.
Copy the Global Master DB to all the Database Masters and database server machines.
Log in as a root user to the Database Master machine.Run the following commands to copy from the Global Master database to a local DB.
Log in to the Aucore container:
docker exec -it aaf_aucore_1 bash
Copy the database from Global Master server to a local DB:
/opt/penv/bin/au-replica copy-db
Start all the Advanced Authentication processes:
/opt/superctl start all
Start the replication to the other cluster members:
/opt/penv/bin/au-replica start
Exit the container:
exit
or
Run the following single command to start all the services:
docker exec aaf_aucore_1 bash -c "/opt/penv/bin/au-replica copy-db && /opt/superctl start all && /opt/penv/bin/au-replica start"
Repeat Step 1 to Step 9 on all the Database Master and DB server machines.
Log in to all the server members and check the cluster page.
NOTE:After importing the database, information about the Last 200 outgoing batches for every server listed in Cluster > Batches of the Administration portal will be lost.
Log in to the Administration portal with the FULL ADMIN role privilege where the Global Master is set up.
Click Repositories.
Click on any repository.
Under LDAP Servers, click Add Server.
Click on the icon to add the LDAP Server of the same site as the DB Master server.
NOTE:You can perform the Step 4 to Step 5 with the DNS discovery as well.
Provide the repository administrator user password and save the configuration.