23. Backup and Restore Tasks/Commands

23.1. backup

backup exports files and all configuration objects from one or multiple domains.

The function provided by this task is equivalent to that of the “Create a backup of the entire system” or “Create a backup of one or more application domain” options in the “Export configuration” of WebGUI.

backup does not export user accounts, certificates or keys. Use secure backup if you need to include certificates and keys.

The backups are saved as zip files on the local file system.

Note that, unlike export, you can restore the output of backup only into the domain the backup was taken from.

backup only backs up the files located in the “local:/” filesystem.

Use backup when you need to export/backup multiple domains or if a domain may not exist. In most other cases, the export command/task is preferable, since it provides more flexibility.

23.1.1. Attributes/Options

Name Description Required
file

Name of the zip file where the backups should be saved. The resulting zip file will contains individual zip files for each domain.

The task will create directories to save the file to if they don’t exist.

Yes
domainPatterns

Comma-delimited list of regular expression patterns defining which domains to back up.

To backup all domains simply use ”.*”.

Use domainPattern nested elements if there is a need to use commas inside the regexp.

Defaults to the current domain. The current domain is specified using the dp.comain property or domain attribute of the task.

No
failIfNoDomain

If false, do not fail if no matching domains has been found. Convenient when you want to take a backup of a domain which may or may not exist.

Defaults to true.

No
appendTimestamp

If true, automatically append timestamp to the file name. The timestamp has the format yyyyMMdd_HHmmss.

Defaults to false.

No
persisted

If set to true, backup only the persisted domain configuration.

Defaults to false.

No
deploymentPolicyFile

Path to the deployment policy file on the local filesystem. The deployment policy is automatically uploaded/configured on the device before the request is executed.

The deployment policy will be embedded with the export file.

No
deploymentPolicyName Name of the deployment policy to include with the export/backup. The policy has to already be defined on the device. No

23.1.2. domainPattern Nested Element

domainPattern provides an alternative to specifying domain patterns in the domainPatterns attribute. It is useful when a regular expression pattern contains commas, which are used as a delimiter in the domainPatterns attribute.

You can specify multiple domainPattern elements within the same task.

Attribute Description Required
pattern Backup domains matching this regexp pattern. Yes

23.1.3. Examples

The following example backs up all domains with the name starting with “dev”. The timestamp will be automatically added to the file name.

dpbuddy backup -file backups/backup.zip -domainPatterns "dev.*" -appendTimestamp
<dp:backup file="backups/backup.zip" domainPatterns="dev.*" appendTimestamp="true" />

23.2. restore

restore imports configuration and files from the zip archive created by backup. restore is similar to import in that it performs the import of all the domains that are part of the backup file. Unlike import, it is able to import multiple domains in one shot. It can also automatically create domains if they don’t exist. restore supports only a small subset of the import's capabilities. It does not support transformation or quiescence of domains (DataPower deployment policies, however, are supported). restore can be used for syncing appliances that are part of the production cluster or for updating the DR appliance. import should be used for regular deployments.

Note that you cannot change the domain names created by restore. restore will automatically re-create all the domains from the backup file.

23.2.1. Attributes/Options

Name Description Required
file Name of the zip file with the output of the backup task/command. This zip file in turn contains zip files for each domain. Yes
deploymentPolicyFile Path to the deployment policy XML file on the local filesystem. The deployment policy is automatically uploaded/configured on the device before import is executed. This file could be a direct export of the deployment policy object. Note that DPBuddy will attempt to resolve “${}” variables inside the deployment policy file. If this is undesirable (e.g, if the variables are going to be resolved by DataPower using deployment policy variables), import the deployment policy using a separate “import” command. The deployment policy XML file must contain a single deployment policy; no other configuration objects are allowed. No
deploymentPolicyName Name of the existing deployment policy to use for the import operation. The policy should already exist on the device. No
deploymentPolicyVars Name of the deployment policy variables to use with the deployment policy. The variables object should already exist on the device. Note: this requires Version 7 of DataPower firmware. No
overwriteFiles

If set to true, overwrite existing files with the files included with the restore.

Defaults to true for zip files and to false for xml/xcfg configuration files.

No
overwriteObjects

If set to true, overwrite existing objects with the objects defined as part of this import.

Defaults to true (DataPower default).

No
rewriteLocalIp

If set to true, the local address bindings of services contained in the import package will be rewritten to match the equivalent interfaces of the device.

Defaults to false (DataPower default).

No
dryRun

If set to true, run restore in “dry run” mode.

Defaults to false (DataPower default).

No
reset

If set to true, all domains that are part of the backup file will be reset before restore.

Defaults to false (DataPower default).

No

23.2.2. Examples

dpbuddy restore -file backups/backup.zip -reset -save -env dr
<dp:restore file="${backup.file}" reset="true" save="true" env="dr"/>

23.3. secureBackup

This task performs secure backup of the device. Unlike regular backup, secure backup includes certificates, keys and user passwords. You can find more details about secure backups in Info Center or in this developerWorks article.

secureBackup first creates secure backup files on the appliance, then automatically downloads all the files to a local directory, specified using the toDir attribute. Creating backup files may take several minutes, depending on the size of your file systems.

Secure backups are always performed in the default domain.

Note that secure backup files may be quite large. DPBuddy always streams downloaded files directly to disk, so it is able to download files of any size. However, DataPower may not be able to stream files, so it may take a few minutes to prepare the file on the device (DataPower has to encode the file using base64 encoding) before the downloading can begin.

You can run secureBackup with the environment name list so that you can make a backup of multiple devices in a single command. In this case, you may want to append the host name of your DataPower device to the directory where the backup is saved. You will need to escape the dollar sign with backslash on Linux. Also, dp.url can contain only the host name.

dpbuddy secureBackup -cert crypto-backup-test -toDir "sbackup_\${dp.url}" -appendTimestamp -env "device1,device2"

23.3.1. Attributes/Options

Name Description Required
cert Name of the crypto certificate containing the public key used to encrypt the secure backup. You must create the crypto certificate before using this task. The crypto certificate can be created from WebGUI by navigating to Objects/Crypto Configuration/Crypto Certificate. Yes
toDir Local directory where the backup files should be saved. The directory will be created if it doesn’t exist. Yes
appendTimestamp

If true, automatically append timestamp to the directory name specified in toDir. The timestamp has the format yyyyMMdd_HHmmss.

Defaults to false.

No
includeISCSI

If set to true, the iSCSI device will be included in the backup.

Defaults to true (DataPower default).

No
includeRAID

If set to true, the RAID device will be included in the backup.

Defaults to true (DataPower default).

No
dpDir

DataPower directory for storing secure backup files. This could be any temporary directory.

Defaults to temporary:/secure-backup.

No

23.3.2. Examples

Create secure backup and download the backup files to “sbackups/${dp.host}/backup”. DPBuddy will add timestamp to the “backup” directory. You can use -env or dp.env property to run the backup against multiple devices.

dpbuddy secureBackup -cert crypto-backup-test -toDir "sbackups/${dp.host}/backup" -appendTimestamp -env="device1, device2"
<dp:secureBackup cert="crypto-backup-test" toDir="sbackups/${dp.host}/backup"
    includeISCSI="false" includeRAID="false" appendTimestamp="true" />

23.4. secureRestore

This task/command performs secure restore from the files created by secureBackup. This includes restoring configurations of all the domains, files and crypto. Please consult DataPower documentation for more details.

After the secure restore is completed, DataPower automatically restarts. secureRestore can optionally wait for the completion of the restart process.

23.4.1. Attributes/Options

Name Description Required
cred Name of the crypto credential to use to decrypt the backup. Yes
dir Local directory with the files created by secure backup. Secure backup creates a ”.tgz” file for each filesystem. Yes
waitForReboot

If set to true, wait for the completion of reboot after restore.

Defaults to false.

No
timeout

Time, in seconds, to wait for DataPower to become available after the reboot triggered by restore.

Defaults to 240 seconds.

No
dpDir

DataPower directory to upload secure backup files to. This could be any temporary directory.

Defaults to temporary:/secure-backup.

No

23.4.2. Examples

dpbuddy secureRestore -cred secure-restore-cred -dir sbackups -waitForReboot -env dr
<dp:secureRestore cred="secure-restore-cred" dir="sbackups" waitForReboot="true" env="dr" />