Backup and Restore
Back up your PrivX deployment to enable recovery from failure scenarios. You should at least back up your PrivX deployment before notable maintenance actions, such as system upgrades.
Backup PrivX Deployment
To allow system restore, back up at least the following components:
- The PrivX database.
- PrivX Server(s).
Back up the PrivX database according to PostgreSQL vendor instructions.
Copy PrivX backup files to an external secure location. PrivX-Server backups are located under
/var/backups/privx
on each PrivX Server.In virtual environments, you may back up PrivX Servers and other PrivX components by taking snapshots of them.
We recommend setting up periodic synchronisation from /var/backups/privx
to your external secure backup location.
In HA environments that do not use Dedicated Server Roles, the backup data from all PrivX servers is identical.
Backup Interval
By default, PrivX Servers create daily backups by running the following commands via cron
:
/opt/privx/scripts/clean_backups.sh
- Cleans old backups./opt/privx/scripts/backup.sh
- Backs up current configuration files and certificates.
To modify the backup interval, you may define your own cron scripts for running these commands, or use other mechanisms for regularly running the backup commands. The default backup cron script is at /etc/cron.daily/backup_privx
.
To immediately back up a PrivX server:
Create a backup by running:
/opt/privx/scripts/backup.sh
This creates a backup to
/var/backups/privx/<hostname>_<date>_<privx-version>
, where<hostname>
,<date>
and<privx-version>
are the name of the host, backup timestamp, and PrivX-instance version respectively.A working example of a backup-directory path would be:
/var/backups/privx/privx_2017-12-31-2350_19.0-32
backup.sh
and restore.sh
do not touch kerberos configuration files. If you have set up Kerberos Authentication, you must manually handle back up and restore of the following files on each PrivX Server:
/etc/krb5.keytab
/etc/krb5.conf
Restore PrivX Deployment
On all PrivX Servers, stop PrivX services with:
sudo systemctl stop privx
This prevents database changes during restore.
Restore the PrivX database.
On each PrivX node, restore your PrivX backup:
If using snapshots, restore your PrivX-component snapshots now. Ensure that system times on all components are correct.
Otherwise, restore from backups by performing the following on each PrivX Server:
Copy the PrivX-Server backup to the machine.
Install PrivX-Server package without running postinstall.
If installing from repository:
sudo export SKIP_POSTINSTALL=1 sudo yum install PrivX
If installing from RPM package:
sudo export SKIP_POSTINSTALL=1 sudo yum install PrivX-*.x86_64.rpm
PrivX version to be installed here must match the PrivX version used for the backups you're trying to restore.
Restore PrivX setup from backup by running:
sudo /opt/privx/scripts/restore.sh /path/to/backup/directory/from/node/one/hostname_yyyy-mm-dd-hhmm_privx-version`
Finalize setup by running postinstall:
sudo /opt/privx/scripts/postinstall.sh