Schedule System Backup
Warning
For performing a backup, there needs to be > 50 % free space on the root
filesystem.
You can check the free space with the df -h
command in the IP Fabric VM’s
shell.
Use backup to protect your IP Fabric data.
There are two types of backup:
- local backup
- remote backup (FTP, SFTP)
Important
Backups are encrypted with the osadmin
user password configured during the
First Boot Wizard. When you lose the osadmin
user password, backups
are also lost!
Automatic Local Backups
Local backup saves database, user and system files locally on a dedicated backup volume. It’s highly recommended placing the backup volume on a different datastore, ideally on a separate physical storage.
Backup Disk
The backup disk is not present by default! Please add a new virtual disk to enable local backups.
To add a new backup drive, follow the instructions in Increase Disk Space - Local Backup Disk.
To schedule automatic local backups, do the following steps:
- Add a dedicated backup volume (if not done yet).
- Log in to the main user interface.
- Go to Settings → System → Backup & Maintenance → Schedule system backup.
- Enable backup.
- Set a backup schedule. See the example for
Every day at 13:25
. - Change the Destination to
Local hard drive
. - Click Save.
Automatic Remote Backups
Remote backup saves database, user and system files remotely using the FTP or SFTP protocol.
Note
This is the recommended type of backup.
Warning
For FTP and SFTP backups, a directory must be specified. It must exist on the remote side. If it does not, you will get an error.
For FTP, the directory path must be specified as a relative path.
For SFTP, the directory path must be specified as an absolute path.
To set up remote backup, do the following steps:
- Log in to the user interface.
- Go to Settings → System → Backup & Maintenance → Schedule system backup.
- Enable backup.
- Set a backup schedule. See the example for
Every day at 5:15 and 17:15
(for selecting multiple values, holdCtrl
orShift
during the selection). - Change the Destination to
FTP
orSFTP
. - Enter the remote FTP/SFTP Server FQDN or IP address. Make sure that your DNS client is configured and working properly in case of FQDN.
- Enter Username and Password for accessing the FTP/SFTP server.
- Specify the Directory where FTP/SFTP backup should be uploaded.
- Click Save.
- IP Fabric will try to reach the FTP/SFTP server with the configured parameters.
Username and Password character restrictions
Username must match the following regular expression:
/^[A-Za-z0-9_][A-Za-z0-9\._-]*\$?$/
- it must start with one of these characters:
A-Z
a-z
0-9
_
- it may contain any of these characters:
A-Z
a-z
0-9
._-
$
is only allowed once at the very end
Password must match the following regular expression:
/^[A-Za-z0-9\.,\/_@%^:=+ -]*$/
- it must contain only these characters:
A-Z
a-z
0-9
.,/_@%^:=+ -
Warning
The FTP/SFTP user needs the read
, write
, list
and delete
permissions.
Note
Since version 4.1.1
, we do not check the validity of SSL certificates
during FTP backups.
Full vs Incremental Backups
The first backup is a full backup. Additional backups are incremental backups. Incremental backup 1 depends on the full backup, incremental backup 2 depends on incremental backup 1 and the full backup etc.
By default, a new full backup is created after 14 days since the previous full
backup. You may change this behavior by changing --full-if-older-than 14D
in
the following line in /opt/nimpee/conf.d/backup/duplicity-backup.conf
(for
example with sudo vi /opt/nimpee/conf.d/backup/duplicity-backup.conf
):
STATIC_OPTIONS="--full-if-older-than 14D --allow-source-mismatch --ssl-no-check-certificate"
- possible time values:
s
(seconds),m
(minutes),h
(hours),D
(days),W
(weeks),M
(months),Y
(years)
By default, only 2 full backups are kept in the backup directory. You may change
this behavior by amending the value in the following line in
/opt/nimpee/conf.d/backup/duplicity-backup.conf
(for example with
sudo vi /opt/nimpee/conf.d/backup/duplicity-backup.conf
):
CLEAN_UP_VARIABLE="2"
Tip
Due to
Restore is not working when 2 full backups are present,
you may consider setting CLEAN_UP_VARIABLE="1"
(i.e. keeping only 1 full
backup and its increments).
Please note that this has a downside – when a new full backup is created, all previous backup files will be removed from the backup directory.
If unsure, please contact IP Fabric Support for assistance.
Examples
First full backup’s files (depending on the backup’s size, you may have
vol1
, vol2
… volX
instead of just vol1
):
-rw-r--r-- 1 root root 54M Sep 27 11:14 ipfabric-94c370c9-duplicity-full.20230927T111440Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 3.3M Sep 27 11:14 ipfabric-94c370c9-duplicity-full-signatures.20230927T111440Z.sigtar.gpg
-rw-r--r-- 1 root root 62K Sep 27 11:14 ipfabric-94c370c9-duplicity-full.20230927T111440Z.manifest.gpg
First incremental backup’s files (they refer to/depend on the full backup):
-rw-r--r-- 1 root root 28M Sep 27 11:17 ipfabric-94c370c9-duplicity-inc.20230927T111440Z.to.20230927T111735Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 1.6M Sep 27 11:17 ipfabric-94c370c9-duplicity-new-signatures.20230927T111440Z.to.20230927T111735Z.sigtar.gpg
-rw-r--r-- 1 root root 11K Sep 27 11:17 ipfabric-94c370c9-duplicity-inc.20230927T111440Z.to.20230927T111735Z.manifest.gpg
Second incremental backup’s files (they refer to/depend on the first incremental backup and also depend on the full backup):
-rw-r--r-- 1 root root 28M Sep 27 11:20 ipfabric-94c370c9-duplicity-inc.20230927T111735Z.to.20230927T112005Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 1.6M Sep 27 11:20 ipfabric-94c370c9-duplicity-new-signatures.20230927T111735Z.to.20230927T112005Z.sigtar.gpg
-rw-r--r-- 1 root root 11K Sep 27 11:20 ipfabric-94c370c9-duplicity-inc.20230927T111735Z.to.20230927T112005Z.manifest.gpg
The recommended command for sorting all backup files from oldest to newest:
ls -lahtr <path_to_backup_directory>