Schedule System Backup
Warning
For performing a backup, there needs to be more than 50% free space on the
root
filesystem.
You can check the free space with the df -h
command in the IP Fabric VM’s
shell.
Use backup to protect your IP Fabric data.
There are two types of backup:
- local backup
- remote backup (FTP, SFTP)
Important
Backups are encrypted with the osadmin
user password configured with IPF
CLI Config. If you lose the osadmin
user password, backups are also
lost!
Automatic Local Backups
Local backup saves the database and user and system files locally on a dedicated backup volume. It’s highly recommended to place the backup volume on a different datastore, ideally on separate physical storage.
Backup Disk
The backup disk is not present by default! To enable local backups, please add a new virtual disk.
To add a new backup disk, follow the instructions in Increase Disk Space - Local Backup Disk.
To schedule automatic local backups, follow these steps:
- If not done yet, add a dedicated backup volume.
- Log in to the IP Fabric main GUI.
- Go to Settings → System → Backup & Maintenance → Schedule system backup.
- Enable backup.
- Set a backup schedule. See the example for
Every day at 13:25
. - Change the Destination to
Local hard drive
. - Click Save.
Automatic Remote Backups
Remote backup saves the database and user and system files remotely using the FTP or SFTP protocol.
Note
This is the recommended type of backup.
Warning
For FTP and SFTP backups, a directory must be specified. It must exist on the remote side. If it does not, you will get an error.
For FTP, the directory path must be specified as a relative path.
For SFTP, the directory path must be specified as an absolute path.
To set up remote backup, follow these steps:
- Log in to the IP Fabric main GUI.
- Go to Settings → System → Backup & Maintenance → Schedule system backup.
- Enable backup.
- Set a backup schedule. See the example for
Every day at 5:15 and 17:15
(to select multiple values, holdCtrl
orShift
during the selection). - Change the Destination to
FTP
orSFTP
. - Enter the remote FTP/SFTP Server FQDN or IP address. Make sure that your DNS client is configured and working properly in case of FQDN.
- Enter Username and Password for accessing the FTP/SFTP server.
- Specify the Directory to which FTP/SFTP backup should be uploaded.
- Click Save.
- IP Fabric will try to reach the FTP/SFTP server with the configured parameters.
Username and Password Character Restrictions
Username must match the following regular expression:
/^[A-Za-z0-9_][A-Za-z0-9\._-]*\$?$/
- It must start with one of these characters:
A-Z
a-z
0-9
_
- It may contain any of these characters:
A-Z
a-z
0-9
._-
$
is only allowed once at the very end.
Password must match the following regular expression:
/^[A-Za-z0-9\.,\/_@%^:=+ -]*$/
- It must contain only these characters:
A-Z
a-z
0-9
.,/_@%^:=+ -
Warning
The FTP/SFTP user needs the read
, write
, list
, and delete
permissions.
Note
Since version 4.1.1
, we do not check the validity of SSL certificates
during FTP backups.
Full vs Incremental Backups
The first backup is a full backup, while subsequent backups are incremental. Incremental backup 1 depends on the full backup, incremental backup 2 depends on incremental backup 1 and the full backup, and so forth.
By default, a new full backup is created 14 days after the previous full backup.
You can modify this behavior by adjusting --full-if-older-than 14D
in
the following line in /opt/nimpee/conf.d/backup/duplicity-backup.conf
(for
example, using sudo vi /opt/nimpee/conf.d/backup/duplicity-backup.conf
):
STATIC_OPTIONS="--full-if-older-than 14D --allow-source-mismatch --ssl-no-check-certificate"
- Possible time values include:
s
(seconds),m
(minutes),h
(hours),D
(days),W
(weeks),M
(months), andY
(years).
By default, only one full backup is retained in the backup directory. You can
alter this behavior by adjusting the value in the following line in
/opt/nimpee/conf.d/backup/duplicity-backup.conf
(for example, using
sudo vi /opt/nimpee/conf.d/backup/duplicity-backup.conf
):
CLEAN_UP_VARIABLE="1"
Tip
As
restore does not function properly when two full backups are present,
you may want to keep CLEAN_UP_VARIABLE="1"
(i.e., retaining only one full
backup and its increments).
Please note that this approach has a downside – when a new full backup is created, all previous backup files will be removed from the backup directory.
If you are unsure, please contact IP Fabric Support for assistance.
Examples
The first full backup’s files (depending on its size, you may have vol1
,
vol2
, …, volX
instead of just vol1
):
-rw-r--r-- 1 root root 54M Sep 27 11:14 ipfabric-94c370c9-duplicity-full.20230927T111440Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 3.3M Sep 27 11:14 ipfabric-94c370c9-duplicity-full-signatures.20230927T111440Z.sigtar.gpg
-rw-r--r-- 1 root root 62K Sep 27 11:14 ipfabric-94c370c9-duplicity-full.20230927T111440Z.manifest.gpg
Incremental backup 1’s files (referring to / dependent on the full backup):
-rw-r--r-- 1 root root 28M Sep 27 11:17 ipfabric-94c370c9-duplicity-inc.20230927T111440Z.to.20230927T111735Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 1.6M Sep 27 11:17 ipfabric-94c370c9-duplicity-new-signatures.20230927T111440Z.to.20230927T111735Z.sigtar.gpg
-rw-r--r-- 1 root root 11K Sep 27 11:17 ipfabric-94c370c9-duplicity-inc.20230927T111440Z.to.20230927T111735Z.manifest.gpg
Incremental backup 2’s files (referring to / dependent on incremental backup 1 and also dependent on the full backup):
-rw-r--r-- 1 root root 28M Sep 27 11:20 ipfabric-94c370c9-duplicity-inc.20230927T111735Z.to.20230927T112005Z.vol1.difftar.gpg
-rw-r--r-- 1 root root 1.6M Sep 27 11:20 ipfabric-94c370c9-duplicity-new-signatures.20230927T111735Z.to.20230927T112005Z.sigtar.gpg
-rw-r--r-- 1 root root 11K Sep 27 11:20 ipfabric-94c370c9-duplicity-inc.20230927T111735Z.to.20230927T112005Z.manifest.gpg
The recommended command for sorting all backup files from oldest to newest:
ls -lahtr <path_to_backup_directory>