23. Backup and Restore Tasks/Commands¶
23.1. backup
¶
backup
exports files and all configuration objects from one or multiple domains.
The function provided by this task is equivalent to that of the “Create a backup of the entire system” or “Create a backup of one or more application domain” options in the “Export configuration” of WebGUI.
backup
does not export user accounts, certificates or keys. Use secure backup if you need to include certificates and keys.
The backups are saved as zip files on the local file system.
Note that, unlike export, you can restore the output of backup
only into the domain the backup was taken from.
backup
only backs up the files located in the “local:/” filesystem.
Use backup
when you need to export/backup multiple domains or if a domain may not exist. In most other cases, the export
command/task is preferable, since it provides more flexibility.
23.1.1. Attributes/Options¶
Name | Description | Required |
---|---|---|
file | Name of the zip file where the backups should be saved. The resulting zip file will contains individual zip files for each domain. The task will create directories to save the file to if they don’t exist. |
Yes |
domainPatterns | Comma-delimited list of regular expression patterns defining which domains to back up. To backup all domains simply use ”.*”. Use Defaults to the current domain. The current domain is specified using the |
No |
failIfNoDomain | If false, do not fail if no matching domains has been found. Convenient when you want to take a backup of a domain which may or may not exist. Defaults to |
No |
appendTimestamp | If true, automatically append timestamp to the file name. The timestamp has the format Defaults to |
No |
persisted | If set to Defaults to |
No |
deploymentPolicyFile | Path to the deployment policy file on the local filesystem. The deployment policy is automatically uploaded/configured on the device before the request is executed. The deployment policy will be embedded with the export file. |
No |
deploymentPolicyName | Name of the deployment policy to include with the export/backup. The policy has to already be defined on the device. | No |
23.1.2. domainPattern
Nested Element¶
domainPattern
provides an alternative to specifying domain patterns in the domainPatterns
attribute. It is useful when a regular expression pattern contains commas, which are used as a delimiter in the domainPatterns
attribute.
You can specify multiple domainPattern
elements within the same task.
Attribute | Description | Required |
---|---|---|
pattern | Backup domains matching this regexp pattern. | Yes |
23.1.3. Examples¶
The following example backs up all domains with the name starting with “dev”. The timestamp will be automatically added to the file name.
dpbuddy backup -file backups/backup.zip -domainPatterns "dev.*" -appendTimestamp
<dp:backup file="backups/backup.zip" domainPatterns="dev.*" appendTimestamp="true" />
23.2. restore
¶
restore
imports configuration and files from the zip archive created by backup. restore
is similar to import
in that it performs the import of all the domains that are part of the backup file. Unlike import, it is able to import multiple domains in one shot. It can also automatically create domains if they don’t exist. restore
supports only a small subset of the import's
capabilities. It does not support transformation or quiescence of domains (DataPower deployment policies, however, are supported). restore
can be used for syncing appliances that are part of the production cluster or for updating the DR appliance. import
should be used for regular deployments.
Note that you cannot change the domain names created by restore
. restore
will automatically re-create all the domains from the backup file.
23.2.1. Attributes/Options¶
Name | Description | Required |
---|---|---|
file | Name of the zip file with the output of the backup task/command. This zip file in turn contains zip files for each domain. | Yes |
deploymentPolicyFile | Path to the deployment policy XML file on the local filesystem. The deployment policy is automatically uploaded/configured on the device before import is executed. This file could be a direct export of the deployment policy object. Note that DPBuddy will attempt to resolve “${}” variables inside the deployment policy file. If this is undesirable (e.g, if the variables are going to be resolved by DataPower using deployment policy variables), import the deployment policy using a separate “import” command. The deployment policy XML file must contain a single deployment policy; no other configuration objects are allowed. | No |
deploymentPolicyName | Name of the existing deployment policy to use for the import operation. The policy should already exist on the device. | No |
deploymentPolicyVars | Name of the deployment policy variables to use with the deployment policy. The variables object should already exist on the device. Note: this requires Version 7 of DataPower firmware. | No |
overwriteFiles | If set to true, overwrite existing files with the files included with the restore. Defaults to |
No |
overwriteObjects | If set to true, overwrite existing objects with the objects defined as part of this import. Defaults to |
No |
rewriteLocalIp | If set to Defaults to |
No |
dryRun | If set to Defaults to |
No |
reset | If set to Defaults to |
No |
23.2.2. Examples¶
dpbuddy restore -file backups/backup.zip -reset -save -env dr
<dp:restore file="${backup.file}" reset="true" save="true" env="dr"/>
23.3. secureBackup
¶
This task performs secure backup of the device. Unlike regular backup, secure backup includes certificates, keys and user passwords. You can find more details about secure backups in Info Center or in this developerWorks article.
secureBackup
first creates secure backup files on the appliance, then automatically downloads all the files to a local directory, specified using the toDir
attribute. Creating backup files may take several minutes, depending on the size of your file systems.
Secure backups are always performed in the default domain.
Note that secure backup files may be quite large. DPBuddy always streams downloaded files directly to disk, so it is able to download files of any size. However, DataPower may not be able to stream files, so it may take a few minutes to prepare the file on the device (DataPower has to encode the file using base64 encoding) before the downloading can begin.
You can run secureBackup
with the environment name list so that you can make a backup of multiple devices in a single command. In this case, you may want to append the host name of your DataPower device to the directory where the backup is saved. You will need to escape the dollar sign with backslash on Linux. Also, dp.url can contain only the host name.
dpbuddy secureBackup -cert crypto-backup-test -toDir "sbackup_\${dp.url}" -appendTimestamp -env "device1,device2"
23.3.1. Attributes/Options¶
Name | Description | Required |
---|---|---|
cert | Name of the crypto certificate containing the public key used to encrypt the secure backup. You must create the crypto certificate before using this task. The crypto certificate can be created from WebGUI by navigating to Objects/Crypto Configuration/Crypto Certificate. | Yes |
toDir | Local directory where the backup files should be saved. The directory will be created if it doesn’t exist. | Yes |
appendTimestamp | If true, automatically append timestamp to the directory name specified in Defaults to |
No |
includeISCSI | If set to Defaults to |
No |
includeRAID | If set to Defaults to |
No |
dpDir | DataPower directory for storing secure backup files. This could be any temporary directory. Defaults to |
No |
23.3.2. Examples¶
Create secure backup and download the backup files to “sbackups/${dp.host}/backup”. DPBuddy will add timestamp to the “backup” directory.
You can use -env
or dp.env
property to run the backup against multiple devices.
dpbuddy secureBackup -cert crypto-backup-test -toDir "sbackups/${dp.host}/backup" -appendTimestamp -env="device1, device2"
<dp:secureBackup cert="crypto-backup-test" toDir="sbackups/${dp.host}/backup"
includeISCSI="false" includeRAID="false" appendTimestamp="true" />
23.4. secureRestore
¶
This task/command performs secure restore from the files created by secureBackup. This includes restoring configurations of all the domains, files and crypto. Please consult DataPower documentation for more details.
After the secure restore is completed, DataPower automatically restarts. secureRestore
can optionally wait for the completion of the restart process.
23.4.1. Attributes/Options¶
Name | Description | Required |
---|---|---|
cred | Name of the crypto credential to use to decrypt the backup. | Yes |
dir | Local directory with the files created by secure backup. Secure backup creates a ”.tgz” file for each filesystem. | Yes |
waitForReboot | If set to Defaults to |
No |
timeout | Time, in seconds, to wait for DataPower to become available after the reboot triggered by restore. Defaults to 240 seconds. |
No |
dpDir | DataPower directory to upload secure backup files to. This could be any temporary directory. Defaults to |
No |
23.4.2. Examples¶
dpbuddy secureRestore -cred secure-restore-cred -dir sbackups -waitForReboot -env dr
<dp:secureRestore cred="secure-restore-cred" dir="sbackups" waitForReboot="true" env="dr" />