signserver enterprise cloud edition backup guide€¦ · signserver enterprise cloud edition backup...
TRANSCRIPT
SignServer Enterprise
Cloud Edition Backup
Guide
Print date: 2018-11-01
SignServer Enterprise Cloud Edition Backup Guide
2( )13 © 2018 PRIMEKEY
Table of Contents
Introduction _______________________________________________________________________ 3
Documentation __________________________________________________________________ 3
Overview _______________________________________________________________________ 3
Backup via CLI Script _______________________________________________________________ 4
Backup via Script _________________________________________________________________ 4
Backup using AWS Snapshot ________________________________________________________ 6
Backup using AWS Snapshot _______________________________________________________ 6
Copying backup files to other systems __________________________________________________ 8
Copying file to local workstation _____________________________________________________ 8
Copy backup file to another instance ______________________________________________ 9
Deleting old backup files ___________________________________________________________ 11
Optional - Using Expect to automate backups ___________________________________________ 12
Optional - Automating the backup script _______________________________________________ 13
Optional automation of backups with Cron and expect ___________________________________ 13
SignServer Enterprise Cloud Edition Backup Guide
© 2018 PRIMEKEY 3( )13
Introduction
This guide is intended to show an administrator of a PrimeKey SignServer Enterprise Cloud Edition
hourly instance how to create a backup of a SignServer Enterprise Cloud Edition.
Documentation
SignServer Enterprise Cloud Edition documentation is available on:
https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest
SignServer Enterprise Edition documentation is available on:
https://download.primekey.com/docs/SignServer-Enterprise/current
Additional information on SignServer Community Edition is available on: www.signserver.org
Overview
This guide describes how to backup an instance of SignServer Enterprise Cloud Edition, either via the
CLI script included on the instance or using the AWS Console with snapshots:
Backup via CLI Script
Backup using AWS Snapshot
SignServer Enterprise Cloud Edition Backup Guide
4( )13 © 2018 PRIMEKEY
1.
2.
3.
4.
5.
Backup via CLI Script
To backup an instance of SignServer Enterprise Cloud Edition, you can either use the CLI script
included on the instance or create a snapshot in the AWS Console. This section describes how to
backup via script. For information on using the AWS Console with snapshots, see Backup using AWS
.Snapshot
Backup via Script
To backup the instance using the script included on the instance:
Using the SSH key that you selected when procuring the instance, SSH into the SignServer
Enterprise Cloud Edition instance using the username :ec2-user
# ssh –i ssh-key.pem [email protected]
Run the command to get elevated privileges:sudo su
# sudo su
Change to the directory./opt/PrimeKey/support
Run the script to create a backup of your system.system_backup.sh
Press to proceed and enter a password to protect the backup once prompted:Y
SignServer Enterprise Cloud Edition Backup Guide
© 2018 PRIMEKEY 5( )13
6.
7.
Make a note of the name of the backup file created. Copy the backup file to a directory that is
accessible by the , for example .ec2-user /home/ec2-user/
In this case, the file named:
"/opt/PrimeKey/support/backup_files/signserver_db-ec2-54-162-206-73.compute-1.amazonaws.
com-1532645892.tar.gz"
is copied to :/home/ec2-user/
# cp /opt/PrimeKey/support/backup_files/signserver_db-ec2-54-162-206-73.compute-1.
amazonaws.com-1532645892.tar.gz /home/ec2-user/
It is recommended to copy this backup to another system, either locally from your administration
workstation, or in another AWS data center. For more information on how to copy the file from
the SignServer Cloud instance, see the section.Copying backup files to other systems
For instructions on how to automate the backup of the system in order not to NOTE
prompt for passwords, see the section.Optional - Automating the backup script
SignServer Enterprise Cloud Edition Backup Guide
6( )13 © 2018 PRIMEKEY
1.
2.
3.
4.
Backup using AWS Snapshot
To backup an instance of SignServer Enterprise Cloud Edition, you can either use the CLI script
included on the instance or create a snapshot in the AWS Console. This section describes how to
backup using AWS snapshot. For information on how to backup via script, see .Backup via CLI Script
Backup using AWS Snapshot
To backup the instance by taking a snapshot in the AWS Console:
Access the EC2 Console at and click .https://console.aws.amazon.com/ec2 Running Instances
Select the instance to take a snapshot of.
Right-click the instance, point to and select .Image Create Image
Enter a name and description for the image in the and fields, Image name Image description
and then click .Create Image
SignServer Enterprise Cloud Edition Backup Guide
© 2018 PRIMEKEY 7( )13
5.
6.
In the sidebar, select . You will see the pending snapshot being created.Snapshots
Once the snapshot is accessible it will be marked as in the column.Completed Status
SignServer Enterprise Cloud Edition Backup Guide
8( )13 © 2018 PRIMEKEY
1.
Copying backup files to other systems
Copying file to local workstation
Using either the command line interface (CLI) or a Secure Copy Protocol (SCP) utility, copy the file to
your local system. You can copy the file directly from one instance to another if your VPC allows it. In
this example, we will bring the file down locally and then SCP it to the new instance.
Using the CLI:
# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ec2-user@ec2-34-2
29-187-81.compute-1.amazonaws.com:/home/ec2-user/signserver_db-ip-172-16-0-128.ec2.
internal-1509663778.tar.gz ~/Downloads/signserver_db-ip-172-16-0-128.ec2.internal-150
9663778.tar.gz
SignServer Enterprise Cloud Edition Backup Guide
© 2018 PRIMEKEY 9( )13
2.
a.
b.
c.
1.
Using a SCP utility (in this case Cyberduck):
Specify details to connect to your instance, for example hostname, username, and SSH
key:
Connect to the instance and download the file to the local system:
Wait for the download to complete.
Copy backup file to another instance
SCP the backup file to another instance using the following CLI command:
# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ~/Downloads
/signserver_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz ec2-user@ec2-52-23-217-
245.compute-1.amazonaws.com:/home/ec2-user/
SignServer Enterprise Cloud Edition Backup Guide
10( )13 © 2018 PRIMEKEY
2. Once the backup file is copied, SSH into the new host and verify that the file was copied
correctly.
SignServer Enterprise Cloud Edition Backup Guide
© 2018 PRIMEKEY 11( )13
Deleting old backup files
To automatically delete old backup files and keep the drive from filling up, run the system_backup.sh
script with the option and give it a numerical value:--delete-files
# /opt/PrimeKey/support/system_backup.sh --delete-files 10
SignServer Enterprise Cloud Edition Backup Guide
12( )13 © 2018 PRIMEKEY
1.
2.
3.
4.
5.
Optional - Using Expect to automate backups
Use the commands and to automate the backup script and avoid the script to expect autoexpect
prompt for input. This is recommended in order to not require the user running the scrips to supply the
password via the CLI and also allow for permissions on the file containing the password to be locked
down.
First, we need to build the script by running a backup with expect to record the process.expect
Start by typing the following command in the preferred home directory.
This creates a file called which is essentially a recording of the backup_password.exp
prompts used during the running of the script.
# autoexpect -f backup_password.exp /opt/PrimeKey/support/system_backup.sh
The file now has the contents of the options we used in the running of backup_password.exp
the backup.
The file contains the password used to protect the WARNING backup_password.exp
backup in plan text.
If you are uncomfortable with this, remove the file or proceed to protect the file with permissions.
# sudo chown ec2_user backup_password.exp //make ec2_user the owner.
# sudo chmod 700 backup_password.exp //make file only readable by ec2_user.
Next, run the backup with the file containing the recording of the process by using the expect
command:
# expect -f backup_password.exp /opt/PrimeKey/support/system_backup.sh
The backup file was created and the prompts filled out as specified.
Add this script to cron (if desired) in the next section .Optional - Automating the backup script
SignServer Enterprise Cloud Edition Backup Guide
© 2018 PRIMEKEY 13( )13
1.
2.
3.
Optional - Automating the backup script
NOTE This is one method of automating the backups using the included backup script.
PrimeKey does not officially support the expect binary, but provides it as a means of automation.
Optional automation of backups with Cron and expect
To automate the backups, do the following:
Edit the file to schedule the tasks:/etc/crontab
# vim /etc/crontab
Enter the schedule that you would like to run.
In this example, we have two entries. One to create the backup that will run at 1AM system
time, and another to delete more than 10 log files that runs at 2AM system time.
You must first record the command with (per the previous section NOTE autoexpect
). Record the command as cron will run it. Optional - Using Expect to automate backups exactly
If you specify full paths with cron, you need to record the command with the same full paths with
autoexpect.
#Run Backup
* 1 * * * root expect /home/ec2-user/backup_password.exp /opt/PrimeKey/support
/system_backup.sh
#Prune backups after 10 total
* 2 * * * root /opt/PrimeKey/support/system_backup.sh --delete-files 10
To output these entries to log files of their own for testing and validation, use the following
entries:
#Run Backup and log to file
* 1 * * * root expect /home/ec2-user/backup_password.exp /opt/PrimeKey/support
/system_backup.sh >> /var/log/cron.log 2>&1
#Prune backups after 10 total and log to file
* 2 * * * root /opt/PrimeKey/support/system_backup.sh --delete-files 10 >> /var/log
/cron2.log 2>&1