Backup and Restore
Back up your PrivX deployment in case of failures. You should at least back up your PrivX deployment before notable maintenance actions, such as system upgrades.
Backup PrivX Deployment
To allow system restore, back up at least the following components:
- The PrivX database.
- PrivX Server(s).
-
Back up the PrivX database according to PostgreSQL vendor instructions.
-
Copy PrivX backup files to an external secure location. PrivX-Server backups are located under
/var/backups/privx
on each PrivX Server.In virtual environments, you may back up PrivX Servers and other PrivX components by taking snapshots of them.
Note
We recommend setting up periodic synchronisation from
/var/backups/privx
to your external secure backup location.In HA environments that do not use Dedicated Server Roles, the backup data from all PrivX servers is identical.
Backup Interval
TODO
Restore PrivX Deployment
-
On all PrivX Servers, stop PrivX services with:
sudo systemctl stop privx
This prevents database changes during restore.
-
Restore the PrivX database.
-
On each PrivX node, restore your PrivX backup:
If using snapshots, restore your PrivX-component snapshots now. Ensure that system times on all components are correct.
Otherwise, restore from backups by performing the following on each PrivX Server:
-
Copy the PrivX-Server backup to the machine.
-
Install PrivX-Server package without running postinstall.
If installing from repository:
sudo export SKIP_POSTINSTALL=1 sudo yum install PrivX
If installing from RPM package:
sudo export SKIP_POSTINSTALL=1 sudo yum install PrivX-*.x86_64.rpm
Note
PrivX version to be installed here must match the PrivX version used for the backups you're trying to restore.
-
Restore PrivX setup from backup by running:
sudo /opt/privx/scripts/restore.sh /path/to/backup/directory/from/node/one/hostname_yyyy-mm-dd-hhmm_privx-version`
-
Finalize setup by running postinstall:
sudo /opt/privx/scripts/postinstall.sh
-
Manual PrivX-Server Backup and Restore
To manually back up a PrivX server:
- Create a backup by running:
/opt/privx/scripts/backup.sh
This creates a backup directory to:
/var/backups/privx/<hostname>_<date>_<privx-version>
Where <hostname>
, <date>
and <privx-version>
are the name of the host, backup timestamp and Privx-instance version respectively. A working example of a backup-directory path would be:
/var/backups/privx/privx_2017-12-31-2350_19.0-32
Note
By default, PrivX servers create daily backups. Automatic backups are created under:
/var/backups/privx/
If you have configured the server to store its certificates in non-default locations, or to use a non-default local database name. Check and adjust the Default options in
backup.sh
before running it.By default
backup.sh
backs up:
- PrivX keyvault at
/opt/privx/keyvault
- PrivX configurations under
/opt/privx/etc
- SSL certificate files located under
/etc/pki/CA
and/etc/nginx/ssl
- PrivX-CA trust anchor: files matching
privx-*.pem
under/etc/pki/ca-trust/course/anchors/
- Local PostgreSQL database named privx (only if using local databases).
Updated over 1 year ago