Autonomous Identity 2021.8.1

Backing Up and Restoring

Autonomous Identity stores its entitlement analytics results, association rules, predictions, and confidence scores in the Apache Cassandra, MongoDB, and Open Distro for Elasticsearch databases. Cassandra is an open-source, NoSQL database system where data is distributed across multiple nodes in a master-less cluster. MongoDB is a popular schema-free database that uses JSON-like documents. Open Distro for Elasticsearch is a distributed search engine based on Apache Lucene.

For single-node deployments, however, you need to back up Cassandra or MongoDB on a regular basis. If the machine goes down for any reason, you need to restore the database as required.

To simplify the backup process, ForgeRock provides backup and restore scripts in the target directory.

Backing Up Cassandra

  1. On the ForgeRock Google Cloud Registry (gcr.io), download the cassandra-backup.sh script.

  2. Move the script to the Cassandra home directory on your deployment.

  3. Run the backup.

    $ ./cassandra-backup.sh \
        -d <Cassandra Database path> \
        -b <Backup folder path> \
        -u <Cassandra Username> \
        -p <Cassandra Password> \
        -s <SSL enable true/false> \
        -k <Keyspace (optional) default value: zoran>

Restore Cassandra

  1. On the ForgeRock Google Cloud Registry (gcr.io), download the cassandra-restore.sh script.

  2. Move the script to the Cassandra home directory on your deployment.

  3. Run the restore.

    $ ./cassandra-restore.sh \
        -d <Cassandra Database path> \
        -b <Snapshot Backup tar file> \
        -f <Schema file> \
        -u <Cassandra Username> \
        -p <Cassandra Password> \
        -c <Cassandra commitlog path> \
        -i <Cassandra install path> \
        -s <SSL enable true/false> \
        -k <Keyspace (optional) default value: zoran>

Backing Up Assignment Index Data in Elasticsearch

  1. From the deployer node, SSH to the target node.

  2. Change to the /opt/autoid/elastic directory. The directory was configured during the ./deployer.sh run.

    $ cd /opt/autoid/elastic
  3. Run the backup.

    $ ./assignment-index-backup.sh
    
    Elastic Host: 10.128.0.52
    Elastic Server Status : 200
    Elastic server is up and running …​
    assignment index exists status : 200
     registerSnapshotStatus 200
    backup snapshot name with time stamp : assignment_snapshot_2020_10_07__19_31_53
     entitlement-assignment backup status : 200
    * entitlement-assignment backup successful *
  4. Make note of the snapshot name. For example, assignment_snapshot_2020_10_07__19_31_53.

Restoring Assignment Index Data in Elasticsearch

  1. From the deployer node, SSH to the target node.

  2. Change to the /opt/autoid/elastic directory.

    $ cd /opt/autoid/elastic
  3. Run the restore using the snapshot taken from the previous procedure. When prompted if you want to close the existing index, enter Y. When prompted for the snapshot name, enter the name of the snapshot.

    $ ./assignment-index-restore.sh
    
    [Elastic Host: 10.128.0.55
     Elastic Server Status : 200
     Elastic server is up and running …​
     assignment index exists status : 200
     index with alias name -→ entitlement-assignment exists and is in open state…​
     Do you want to close the existing index -→ entitlement-assignment. (Required for restoring from snapshot ) (Y/N) ?
      y
     Restore snapshot ? true
      registerSnapshotStatus 200
     registering assignment_index_backup successful…​
     proceeding with index restore…​
     Enter the snapshot name to restore [snapshot_01]: assignment_snapshot_2020_10_0719_31_53
     snapshot to restore -→ assignment_snapshot_2020_10_0719_31_53
     entitlement-assignment index restore status -→ 200
     * entitlement-assignment restore successful *

Accessing Elasticsearch Index Data using Kibana

During the Autonomous Identity deployment, Open Distro for Elasticsearch (ODFE) is installed to facilitate the efficient searching of entitlement data within the system. A typical deployment may have millions of different entitlements and assignments that require fast search processing. ODFE provides that performance.

ODFE comes bundled with its visualization console, Kibana, that lets you monitor and manage your Elasticsearch data. Once you run the analytics create-assignment-index command that populates the Elasticsearch index, you can configure an SSL tunnel to access Kibana. This is particularly useful when you want to retrieve a list of your backup snapshots.

  1. Open a local terminal, and set up an SSL tunnel to your target node. The syntax is as follows:

    $ ssh -L < local-port >:<private-ip-remote>:<remote-port> -i <private-key> <user@public-ip-remote>

    For example:

    $ ssh -L 5601:10.128.0.71:5601 -i ~/.ssh/id_rsa autoid@34.70.190.144
    
    Last login: Fri Oct  9 20:10:59 2020
  2. Open a browser and point it to localhost:5601 Login in as elasticadmin. Enter your password that you set in the ~/autoid-config/vault.yml file on the deployer node during install.

  3. On the Elasticsearch page, click Explore on my own.

  4. On the Elasticsearch Home page, click the menu in the top left corner, and click Dev Tools.

  5. On the Dev Tools page, get a total count of indices.

    $ GET /entitlement-assignment/_count
  6. On the Dev Tools page, search the indices.

    $ GET /entitlement-assignment/_search
  7. On the Dev Tools page, get the list of snapshot backups.

    $ GET /_cat/snapshots/assignment_index_backup
Copyright © 2010-2022 ForgeRock, all rights reserved.