Skip to content

Schedule System Backup

Warning

For performing a backup, there needs to be > 50 % free space on the root filesystem.

You can check the free space with the df -h command in the IP Fabric VM’s shell.

Use backup to protect your IP Fabric data.

There are two types of backup:

  • local backup
  • remote backup (FTP, SFTP)

Important

Backups are encrypted with the osadmin user password configured during the First Boot Wizard. When you lose the osadmin user password, backups are also lost!

Automatic Local Backups

Local backup saves database, user and system files locally on a dedicated backup volume. It’s highly recommended placing the backup volume on a different datastore, ideally on a separate physical storage.

Backup Disk

The backup disk is not present by default! Please add a new virtual disk to enable local backups.

To add a new backup drive, follow the instructions in Increase Disk Space - Local Backup Disk.

To schedule automatic local backups, do the following steps:

  1. Add a dedicated backup volume (if not done yet).
  2. Log in to the main user interface.
  3. Go to Settings → System → Backup & Maintenance → Schedule system backup.
  4. Enable backup.
  5. Set a backup schedule. See the example for Every day at 13:25.
  6. Change the Destination to Local hard drive.
  7. Click Save.

Schedule local backup

Automatic Remote Backups

Remote backup saves database, user and system files remotely using the FTP or SFTP protocol.

Note

This is the recommended type of backup.

Warning

For FTP and SFTP backups, a directory has to be specified . It has to exist on the remote side. If it does not, you will get an error.

For FTP, the directory path has to be specified as a relative path.

For SFTP, the directory path has to be specified as an absolute path.

To set up remote backup, do the following steps:

  1. Log in to the user interface.
  2. Go to Settings → System → Backup & Maintenance → Schedule system backup.
  3. Enable backup.
  4. Set a backup schedule. See the example for Every day at 5:15 and 17:15 (for selecting multiple values, hold Ctrl or Shift during the selection). Backup schedule
  5. Change the Destination to FTP or SFTP.
  6. Enter the remote FTP/SFTP Server FQDN or IP address. Make sure that your DNS client is configured and working properly in case of FQDN.
  7. Enter Username and Password for accessing the FTP/SFTP server.
  8. Specify the Directory where FTP/SFTP backup should be uploaded.
  9. Click Save.
  10. IP Fabric will try to reach the FTP/SFTP server with the configured parameters.

Username and Password character restrictions

Username must match the following /^[a-zA-Z0-9_][a-zA-Z0-9_-]*\$?$/.

Password must match the following `[A-Za-z0-9.,/_@%^:=+ -]*`.

Warning

The FTP/SFTP user needs the read, write, list and delete permissions.

Note

Since version 4.1.1, we do not check the validity of SSL certificates during FTP backups.

Full vs Incremental Backups

The first backup is a full backup. Additional backups are incremental backups. Incremental backup 1 depends on the full backup, incremental backup 2 depends on incremental backup 1 and the full backup etc.

By default, a new full backup is created after 14 days since the previous full backup. You may change this behavior by changing --full-if-older-than 14D in the following line in /opt/nimpee/conf.d/backup/duplicity-backup.conf (for example with sudo vi /opt/nimpee/conf.d/backup/duplicity-backup.conf):

STATIC_OPTIONS="--full-if-older-than 14D --allow-source-mismatch --ssl-no-check-certificate"
  • possible time values: s (seconds), m (minutes), h (hours), D (days), W (weeks), M (months), Y (years)

By default, only 2 full backups are kept in the backup directory. You may change this behavior by amending the value in the following line in /opt/nimpee/conf.d/backup/duplicity-backup.conf (for example with sudo vi /opt/nimpee/conf.d/backup/duplicity-backup.conf):

CLEAN_UP_VARIABLE="2"

Tip

Due to Restore is not working when 2 full backups are present, you may consider setting CLEAN_UP_VARIABLE="1" (i.e. keeping only 1 full backup and its increments).

Please note that this has a downside – when a new full backup is created, all previous backup files will be removed from the backup directory.

If unsure, please contact IP Fabric Support for assistance.

Examples

First full backup’s files (depending on the backup’s size, you may have vol1, vol2volX instead of just vol1):

-rw-r--r-- 1 root root  54M Sep 27 11:14 ipfabric-94c370c9-duplicity-full.20230927T111440Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 3.3M Sep 27 11:14 ipfabric-94c370c9-duplicity-full-signatures.20230927T111440Z.sigtar.gpg
-rw-r--r-- 1 root root  62K Sep 27 11:14 ipfabric-94c370c9-duplicity-full.20230927T111440Z.manifest.gpg

First incremental backup’s files (they refer to/depend on the full backup):

-rw-r--r-- 1 root root  28M Sep 27 11:17 ipfabric-94c370c9-duplicity-inc.20230927T111440Z.to.20230927T111735Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 1.6M Sep 27 11:17 ipfabric-94c370c9-duplicity-new-signatures.20230927T111440Z.to.20230927T111735Z.sigtar.gpg
-rw-r--r-- 1 root root  11K Sep 27 11:17 ipfabric-94c370c9-duplicity-inc.20230927T111440Z.to.20230927T111735Z.manifest.gpg

Second incremental backup’s files (they refer to/depend on the first incremental backup and also depend on the full backup):

-rw-r--r-- 1 root root  28M Sep 27 11:20 ipfabric-94c370c9-duplicity-inc.20230927T111735Z.to.20230927T112005Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 1.6M Sep 27 11:20 ipfabric-94c370c9-duplicity-new-signatures.20230927T111735Z.to.20230927T112005Z.sigtar.gpg
-rw-r--r-- 1 root root  11K Sep 27 11:20 ipfabric-94c370c9-duplicity-inc.20230927T111735Z.to.20230927T112005Z.manifest.gpg

The recommended command for sorting all backup files from oldest to newest:

ls -lahtr <path_to_backup_directory>