Backup and Restore

Back up your PrivX deployment in case of failures. You should at least back up your PrivX deployment before notable maintenance actions, such as system upgrades.

Backup PrivX Deployment

To allow system restore, back up at least the following components:

  • The PrivX database.
  • PrivX Server(s).
  1. Back up the PrivX database according to PostgreSQL vendor instructions.

  2. Copy PrivX backup files to an external secure location. PrivX-Server backups are located under /var/backups/privx on each PrivX Server.

    In virtual environments, you may back up PrivX Servers and other PrivX components by taking snapshots of them.

    📘

    Note

    We recommend setting up periodic synchronisation from /var/backups/privx to your external secure backup location.

    In HA environments that do not use Dedicated Server Roles, the backup data from all PrivX servers is identical.

Backup Interval

TODO

Restore PrivX Deployment

  1. On all PrivX Servers, stop PrivX services with:

    sudo systemctl stop privx
    

    This prevents database changes during restore.

  2. Restore the PrivX database.

  3. On each PrivX node, restore your PrivX backup:

    If using snapshots, restore your PrivX-component snapshots now. Ensure that system times on all components are correct.

    Otherwise, restore from backups by performing the following on each PrivX Server:

    1. Copy the PrivX-Server backup to the machine.

    2. Install PrivX-Server package without running postinstall.

      If installing from repository:

      sudo export SKIP_POSTINSTALL=1
      sudo yum install PrivX
      

      If installing from RPM package:

      sudo export SKIP_POSTINSTALL=1
      sudo yum install PrivX-*.x86_64.rpm
      

      📘

      Note

      PrivX version to be installed here must match the PrivX version used for the backups you're trying to restore.

    3. Restore PrivX setup from backup by running:

      sudo /opt/privx/scripts/restore.sh /path/to/backup/directory/from/node/one/hostname_yyyy-mm-dd-hhmm_privx-version` 
      
    4. Finalize setup by running postinstall:

      sudo /opt/privx/scripts/postinstall.sh
      

Manual PrivX-Server Backup and Restore

To manually back up a PrivX server:

  1. Create a backup by running:
    /opt/privx/scripts/backup.sh
    

This creates a backup directory to:
/var/backups/privx/<hostname>_<date>_<privx-version>
Where <hostname>, <date> and <privx-version> are the name of the host, backup timestamp and Privx-instance version respectively. A working example of a backup-directory path would be:
/var/backups/privx/privx_2017-12-31-2350_19.0-32

📘

Note

By default, PrivX servers create daily backups. Automatic backups are created under:

/var/backups/privx/

If you have configured the server to store its certificates in non-default locations, or to use a non-default local database name. Check and adjust the Default options in backup.sh before running it.

By default backup.sh backs up:

  • PrivX keyvault at /opt/privx/keyvault
  • PrivX configurations under /opt/privx/etc
  • SSL certificate files located under /etc/pki/CA and /etc/nginx/ssl
  • PrivX-CA trust anchor: files matching privx-*.pem under /etc/pki/ca-trust/course/anchors/
  • Local PostgreSQL database named privx (only if using local databases).

Did this page help you?