AWS Deployment using EFS
Note
Note
- If the user chooses
backup_configasefsinconfig.tomlbackup is already configured during deployment, the below steps are not required and can be skipped. i.e.,backup_config = "efs". If we have kept thebackup_configblank, then the configuration needs to be configured manually.
Overview
A shared file system is always required to create OpenSearch snapshots. To register the snapshot repository using OpenSearch, it is necessary to mount the same shared filesystem to the exact location on all master and data nodes. Register the location in the path.repo setting on all master and data nodes.
Setting up the backup configuration
Create an EFS file system, please refer sample steps here
Let’s create a folder structure
/mnt/automate_backups/on all the Frontend and backend nodes, then we have to mount EFS to all the vm’s manually. To do that please refer this
Configuration in OpenSearch Node
Mount the EFS on all OpenSearch Node. For example you mount the EFS to folder structure
/mnt/automate_backups/Create an
opensearchsub-directory and set permissions as mention below (all the opensearch nodes).sudo mkdir -p /mnt/automate_backups/opensearch sudo chown hab:hab /mnt/automate_backups/opensearch/
Configuration for OpenSearch Node from Provision host
Configure the OpenSearch path.repo attribute.
Create a toml file (
os_config.toml) and add below template[path] repo = "/mnt/automate_backups/opensearch"Patch the config
os_config.tomlfrom bastion to the opensearch cluster.chef-automate config patch --opensearch os_config.tomlAbove command will restart the opensearch cluster.
Healthcheck commands
Following command can be run in the OpenSearch node
hab svc status (check whether OpenSearch service is up or not) curl -k -X GET "<https://localhost:9200/_cat/indices/*?v=true&s=index&pretty>" -u admin:admin (Another way to check is to check whether all the indices are green or not) # Watch for a message about OpenSearch going from RED to GREEN `journalctl -u hab-sup -f | grep 'automate-ha-opensearch'
Configuration for Automate node from Bastion host
Mount the EFS to all the Frontend node manually. For example you mount the EFS to folder structure
/mnt/automate_backupsCreate an
automate.tomlfile on the bastion host using the following command:touch automate.tomlAdd the following configuration to
automate.tomlon the bastion host:[global.v1.external.opensearch.backup] enable = true location = "fs" [global.v1.external.opensearch.backup.fs] # The `path.repo` setting you've configured on your OpenSearch nodes must be a parent directory of the setting you configure here: path = "/mnt/automate_backups/opensearch" [global.v1.backups.filesystem] path = "/mnt/automate_backups/backups"Patch the
configusing below command../chef-automate config patch --frontend automate.toml
Backup and Restore commands
Backup
Run the backup command from bastion as shown below to create a backup:
chef-automate backup create
Restoring the EFS Backed-up Data
To restore backed-up data of the Chef Automate High Availability (HA) using External File System (EFS), follow the steps given below:
Check the status of all Chef Automate and Chef Infra Server front-end nodes by executing the
chef-automate statuscommand.Execute the restore command from bastion
chef-automate backup restore <BACKUP-ID> -b /mnt/automate_backups/backups --airgap-bundle </path/to/bundle>.
Note
- If you are restoring the backup from an older version, then you need to provide the
--airgap-bundle </path/to/current/bundle>. - Large Compliance Report is not supported in Automate HA
Troubleshooting
Try these steps if Chef Automate returns an error while restoring data.
Check the Chef Automate status.
chef-automate statusCheck the status of your Habitat service on the Automate node.
hab svc statusIf the deployment services are not healthy, reload them.
hab svc load chef/deployment-service
Now check the status of the Automate node and then try running the restore command from the bastion host.