signserver enterprise cloud edition backup guide€¦ · signserver enterprise cloud edition backup...

SignServer Enterprise

Cloud Edition Backup

Guide

Print date: 2018-11-01

SignServer Enterprise Cloud Edition Backup Guide

2( )13 © 2018 PRIMEKEY

Table of Contents

Introduction _______________________________________________________________________ 3

Documentation __________________________________________________________________ 3

Overview _______________________________________________________________________ 3

Backup via CLI Script _______________________________________________________________ 4

Backup via Script _________________________________________________________________ 4

Backup using AWS Snapshot ________________________________________________________ 6

Backup using AWS Snapshot _______________________________________________________ 6

Copying backup files to other systems __________________________________________________ 8

Copying file to local workstation _____________________________________________________ 8

Copy backup file to another instance ______________________________________________ 9

Deleting old backup files ___________________________________________________________ 11

Optional - Using Expect to automate backups ___________________________________________ 12

Optional - Automating the backup script _______________________________________________ 13

Optional automation of backups with Cron and expect ___________________________________ 13


© 2018 PRIMEKEY 3( )13

Introduction

This guide is intended to show an administrator of a PrimeKey SignServer Enterprise Cloud Edition

hourly instance how to create a backup of a SignServer Enterprise Cloud Edition.

Documentation

SignServer Enterprise Cloud Edition documentation is available on:

https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest

SignServer Enterprise Edition documentation is available on:

https://download.primekey.com/docs/SignServer-Enterprise/current

Additional information on SignServer Community Edition is available on: www.signserver.org

Overview

This guide describes how to backup an instance of SignServer Enterprise Cloud Edition, either via the

CLI script included on the instance or using the AWS Console with snapshots:

Backup via CLI Script

Backup using AWS Snapshot

https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest

https://download.primekey.com/docs/SignServer-Enterprise/current

https://www.signserver.org


4( )13 © 2018 PRIMEKEY

1.

2.

3.

4.

5.

Backup via CLI Script

To backup an instance of SignServer Enterprise Cloud Edition, you can either use the CLI script

included on the instance or create a snapshot in the AWS Console. This section describes how to

backup via script. For information on using the AWS Console with snapshots, see Backup using AWS

.Snapshot

Backup via Script

To backup the instance using the script included on the instance:

Using the SSH key that you selected when procuring the instance, SSH into the SignServer

Enterprise Cloud Edition instance using the username :ec2-user

# ssh –i ssh-key.pem [email protected]

Run the command to get elevated privileges:sudo su

# sudo su

Change to the directory./opt/PrimeKey/support

Run the script to create a backup of your system.system_backup.sh

Press to proceed and enter a password to protect the backup once prompted:Y


© 2018 PRIMEKEY 5( )13

6.

7.

Make a note of the name of the backup file created. Copy the backup file to a directory that is

accessible by the , for example .ec2-user /home/ec2-user/

In this case, the file named:

"/opt/PrimeKey/support/backup_files/signserver_db-ec2-54-162-206-73.compute-1.amazonaws.

com-1532645892.tar.gz"

is copied to :/home/ec2-user/

# cp /opt/PrimeKey/support/backup_files/signserver_db-ec2-54-162-206-73.compute-1.

amazonaws.com-1532645892.tar.gz /home/ec2-user/

It is recommended to copy this backup to another system, either locally from your administration

workstation, or in another AWS data center. For more information on how to copy the file from

the SignServer Cloud instance, see the section.Copying backup files to other systems

For instructions on how to automate the backup of the system in order not to NOTE

prompt for passwords, see the section.Optional - Automating the backup script


6( )13 © 2018 PRIMEKEY

1.

2.

3.

4.


To backup an instance of SignServer Enterprise Cloud Edition, you can either use the CLI script

included on the instance or create a snapshot in the AWS Console. This section describes how to

backup using AWS snapshot. For information on how to backup via script, see .Backup via CLI Script


To backup the instance by taking a snapshot in the AWS Console:

Access the EC2 Console at and click .https://console.aws.amazon.com/ec2 Running Instances

Select the instance to take a snapshot of.

Right-click the instance, point to and select .Image Create Image

Enter a name and description for the image in the and fields, Image name Image description

and then click .Create Image

https://console.aws.amazon.com/ec2


© 2018 PRIMEKEY 7( )13

5.

6.

In the sidebar, select . You will see the pending snapshot being created.Snapshots

Once the snapshot is accessible it will be marked as in the column.Completed Status


8( )13 © 2018 PRIMEKEY

1.

Copying backup files to other systems

Copying file to local workstation

Using either the command line interface (CLI) or a Secure Copy Protocol (SCP) utility, copy the file to

your local system. You can copy the file directly from one instance to another if your VPC allows it. In

this example, we will bring the file down locally and then SCP it to the new instance.

Using the CLI:

# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ec2-user@ec2-34-2

29-187-81.compute-1.amazonaws.com:/home/ec2-user/signserver_db-ip-172-16-0-128.ec2.

internal-1509663778.tar.gz ~/Downloads/signserver_db-ip-172-16-0-128.ec2.internal-150

9663778.tar.gz


© 2018 PRIMEKEY 9( )13

2.

a.

b.

c.

1.

Using a SCP utility (in this case Cyberduck):

Specify details to connect to your instance, for example hostname, username, and SSH

key:

Connect to the instance and download the file to the local system:

Wait for the download to complete.

Copy backup file to another instance

SCP the backup file to another instance using the following CLI command:

# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ~/Downloads

/signserver_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz ec2-user@ec2-52-23-217-

245.compute-1.amazonaws.com:/home/ec2-user/


10( )13 © 2018 PRIMEKEY

2. Once the backup file is copied, SSH into the new host and verify that the file was copied

correctly.


© 2018 PRIMEKEY 11( )13

Deleting old backup files

To automatically delete old backup files and keep the drive from filling up, run the system_backup.sh

script with the option and give it a numerical value:--delete-files

# /opt/PrimeKey/support/system_backup.sh --delete-files 10


12( )13 © 2018 PRIMEKEY

1.

2.

3.

4.

5.

Optional - Using Expect to automate backups

Use the commands and to automate the backup script and avoid the script to expect autoexpect

prompt for input. This is recommended in order to not require the user running the scrips to supply the

password via the CLI and also allow for permissions on the file containing the password to be locked

down.

First, we need to build the script by running a backup with expect to record the process.expect

Start by typing the following command in the preferred home directory.

This creates a file called which is essentially a recording of the backup_password.exp

prompts used during the running of the script.

# autoexpect -f backup_password.exp /opt/PrimeKey/support/system_backup.sh

The file now has the contents of the options we used in the running of backup_password.exp

the backup.

The file contains the password used to protect the WARNING backup_password.exp

backup in plan text.

If you are uncomfortable with this, remove the file or proceed to protect the file with permissions.

# sudo chown ec2_user backup_password.exp //make ec2_user the owner.

# sudo chmod 700 backup_password.exp //make file only readable by ec2_user.

Next, run the backup with the file containing the recording of the process by using the expect

command:

# expect -f backup_password.exp /opt/PrimeKey/support/system_backup.sh

The backup file was created and the prompts filled out as specified.

Add this script to cron (if desired) in the next section .Optional - Automating the backup script


© 2018 PRIMEKEY 13( )13

1.

2.

3.

Optional - Automating the backup script

NOTE This is one method of automating the backups using the included backup script.

PrimeKey does not officially support the expect binary, but provides it as a means of automation.

Optional automation of backups with Cron and expect

To automate the backups, do the following:

Edit the file to schedule the tasks:/etc/crontab

# vim /etc/crontab

Enter the schedule that you would like to run.

In this example, we have two entries. One to create the backup that will run at 1AM system

time, and another to delete more than 10 log files that runs at 2AM system time.

You must first record the command with (per the previous section NOTE autoexpect

). Record the command as cron will run it. Optional - Using Expect to automate backups exactly

If you specify full paths with cron, you need to record the command with the same full paths with

autoexpect.

#Run Backup

* 1 * * * root expect /home/ec2-user/backup_password.exp /opt/PrimeKey/support

/system_backup.sh

#Prune backups after 10 total

* 2 * * * root /opt/PrimeKey/support/system_backup.sh --delete-files 10

To output these entries to log files of their own for testing and validation, use the following

entries:

#Run Backup and log to file

* 1 * * * root expect /home/ec2-user/backup_password.exp /opt/PrimeKey/support

/system_backup.sh >> /var/log/cron.log 2>&1

#Prune backups after 10 total and log to file

* 2 * * * root /opt/PrimeKey/support/system_backup.sh --delete-files 10 >> /var/log

/cron2.log 2>&1