Backing Up and Restoring
Autonomous Identity stores its entitlement analytics results, association rules, predictions, and confidence scores in the Apache Cassandra, MongoDB, and Open Distro for Elasticsearch databases. Cassandra is an open-source, NoSQL database system where data is distributed across multiple nodes in a master-less cluster. MongoDB is a popular schema-free database that uses JSON-like documents. Open Distro for Elasticsearch is a distributed search engine based on Apache Lucene.
For single-node deployments, however, you need to back up Cassandra or MongoDB on a regular basis. If the machine goes down for any reason, you need to restore the database as required.
To simplify the backup process, ForgeRock provides backup and restore scripts in the target directory.
Backing Up Cassandra
On the ForgeRock Google Cloud Registry (gcr.io), download the
cassandra-backup.sh
script.Move the script to the Cassandra home directory on your deployment.
Run the backup.
$
./cassandra-backup.sh \ -d <Cassandra Database path> \ -b <Backup folder path> \ -u <Cassandra Username> \ -p <Cassandra Password> \ -s <SSL enable true/false> \ -k <Keyspace (optional) default value: zoran>
Restore Cassandra
On the ForgeRock Google Cloud Registry (gcr.io), download the
cassandra-restore.sh
script.Move the script to the Cassandra home directory on your deployment.
Run the restore.
$
./cassandra-restore.sh \ -d <Cassandra Database path> \ -b <Snapshot Backup tar file> \ -f <Schema file> \ -u <Cassandra Username> \ -p <Cassandra Password> \ -c <Cassandra commitlog path> \ -i <Cassandra install path> \ -s <SSL enable true/false> \ -k <Keyspace (optional) default value: zoran>
Backing Up Assignment Index Data in Elasticsearch
From the deployer node, SSH to the target node.
Change to the
/opt/autoid/elastic
directory. The directory was configured during the./deployer.sh run
.$
cd /opt/autoid/elastic
Run the backup.
$
./assignment-index-backup.sh
Elastic Host: 10.128.0.52 Elastic Server Status : 200 Elastic server is up and running ... assignment index exists status : 200 registerSnapshotStatus 200 backup snapshot name with time stamp : assignment_snapshot_2020_10_07__19_31_53 entitlement-assignment backup status : 200 ********* entitlement-assignment backup successful *********
Make note of the snapshot name. For example,
assignment_snapshot_2020_10_07__19_31_53
.
Restoring Assignment Index Data in Elasticsearch
From the deployer node, SSH to the target node.
Change to the
/opt/autoid/elastic
directory.$
cd /opt/autoid/elastic
Run the restore using the snapshot taken from the previous procedure. When prompted if you want to close the existing index, enter
Y
. When prompted for the snapshot name, enter the name of the snapshot.$
./assignment-index-restore.sh
Elastic Host: 10.128.0.55 Elastic Server Status : 200 Elastic server is up and running ... assignment index exists status : 200 index with alias name --> entitlement-assignment exists and is in open state... Do you want to close the existing index --> entitlement-assignment .(Required for restoring from snapshot ) (Y/N) ? y Restore snapshot ? true registerSnapshotStatus 200 registering assignment_index_backup successful... proceeding with index restore... Enter the snapshot name to restore [snapshot_01]: assignment_snapshot_2020_10_07__19_31_53 snapshot to restore --> assignment_snapshot_2020_10_07__19_31_53 entitlement-assignment index restore status --> 200 ********* entitlement-assignment restore successful *********
Accessing Elasticsearch Index Data using Kibana
During the Autonomous Identity deployment, Open Distro for Elasticsearch (ODFE) is installed to facilitate the efficient searching of entitlement data within the system. A typical deployment may have millions of different entitlements and assignments that require fast search processing. ODFE provides that performance.
ODFE comes bundled with its visualization console, Kibana, that lets you monitor and manage your Elasticsearch data. Once you run the analytics create-assignment-index command that populates the Elasticsearch index, you can configure an SSL tunnel to access Kibana. This is particularly useful when you want to retrieve a list of your backup snapshots.
Open a local terminal, and set up an SSL tunnel to your target node. The syntax is as follows:
$
ssh -L < local-port >:<private-ip-remote>:<remote-port> -i <private-key> <user@public-ip-remote>
For example:
$
ssh -L 5601:10.128.0.71:5601 -i ~/.ssh/id_rsa autoid@34.70.190.144
Last login: Fri Oct 9 20:10:59 2020
Open a browser and point it to
localhost:5601
Login in aselasticadmin
. Enter your password that you set in the~/autoid-config/vault.yml
file on the deployer node during install.On the Elasticsearch page, click Explore on my own.
On the Elasticsearch Home page, click the menu in the top left corner, and click Dev Tools.
On the Dev Tools page, get a total count of indices.
$
GET /entitlement-assignment/_count
On the Dev Tools page, search the indices.
$
GET /entitlement-assignment/_search
On the Dev Tools page, get the list of snapshot backups.
$
GET /_cat/snapshots/assignment_index_backup