.. index:: Backup Tasks
.. _backup_tasks:
Backup and Restore Commands
===========================
.. _backup:
``backup``
----------
``backup`` exports files and all configuration objects from one or multiple domains.
The function provided by this task is equivalent to that of the "Create a backup of the entire system" or "Create a backup of one or more application domain" options in the "Export configuration" of WebGUI.
``backup`` does not export user accounts, certificates or keys. Use secure backup if you need to include certificates and keys.
The backups are saved as zip files on the local file system.
Note that, unlike :ref:`export`, you can restore the output of ``backup`` only into the domain the backup was taken from.
``backup`` only backs up the files located in the "local:/" filesystem.
Use ``backup`` when you need to export/backup multiple domains or if a domain may not exist. In most other cases, the ``export`` command/task is preferable, since it provides more flexibility.
Attributes/Options
^^^^^^^^^^^^^^^^^^
.. list-table::
:widths: 20 80 8
:header-rows: 1
* - Name
- Description
- Required
* - file
- Name of the zip file where the backups should be saved. The resulting zip file will contains individual zip files for each domain.
The task will create directories to save the file to if they don't exist.
- Yes
* - domainPatterns
- Comma-delimited list of regular expression patterns defining which domains to back up.
To backup all domains simply use ".*".
Use ``domainPattern`` nested elements if there is a need to use commas inside the regexp.
Defaults to the current domain. The current domain is specified using the ``dp.comain`` property or ``domain`` attribute of the task.
- No
* - failIfNoDomain
- If false, do not fail if no matching domains has been found. Convenient when you want to take a backup of a domain which may or may not exist.
Defaults to ``true``.
- No
* - appendTimestamp
- If true, automatically append timestamp to the file name. The timestamp has the format ``yyyyMMdd_HHmmss``.
Defaults to ``false``.
- No
* - persisted
- If set to ``true``, backup only the persisted domain configuration.
Defaults to ``false``.
- No
* - deploymentPolicyFile
- Path to the deployment policy file on the local filesystem. The deployment policy is automatically uploaded/configured on the device before the request is executed.
The deployment policy will be embedded with the export file.
- No
* - deploymentPolicyName
- Name of the deployment policy to include with the export/backup. The policy has to already be defined on the device.
- No
``domainPattern`` Nested Element
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
``domainPattern`` provides an alternative to specifying domain patterns in the ``domainPatterns`` attribute. It is useful when a regular expression pattern contains commas, which are used as a delimiter in the ``domainPatterns`` attribute.
You can specify multiple ``domainPattern`` elements within the same task.
.. list-table::
:widths: 20 80 8
:header-rows: 1
* - Attribute
- Description
- Required
* - pattern
- Backup domains matching this regexp pattern.
- Yes
Examples
^^^^^^^^
The following example backs up all domains with the name starting with "dev". The timestamp will be automatically added to the file name.
.. code-block:: bat
dpbuddy backup -file backups/backup.zip -domainPatterns "dev.*" -appendTimestamp
.. code-block:: xml
.. _restore:
``restore``
-----------
``restore`` imports configuration and files from the zip archive created by :ref:`backup`. ``restore`` is similar to ``import`` in that it performs the import of all the domains that are part of the backup file. Unlike import, it is able to import multiple domains in one shot. It can also automatically create domains if they don't exist. ``restore`` supports only a small subset of the ``import's`` capabilities. It does not support transformation or quiescence of domains (DataPower deployment policies, however, are supported). ``restore`` can be used for syncing appliances that are part of the production cluster or for updating the DR appliance. ``import`` should be used for regular deployments.
Note that you cannot change the domain names created by ``restore``. ``restore`` will automatically re-create all the domains from the backup file.
Attributes/Options
^^^^^^^^^^^^^^^^^^
.. list-table::
:widths: 20 80 8
:header-rows: 1
* - Name
- Description
- Required
* - file
- Name of the zip file with the output of the :ref:`backup` task/command. This zip file in turn contains zip files for each domain.
- Yes
* - deploymentPolicyFile
- Path to the deployment policy XML file on the local filesystem. The deployment policy is automatically uploaded/configured on the device before import is executed. This file could be a direct export of the deployment policy object. Note that DPBuddy will attempt to resolve "${}" variables inside the deployment policy file. If this is undesirable (e.g, if the variables are going to be resolved by DataPower using deployment policy variables), import the deployment policy using a separate "import" command. The deployment policy XML file must contain a single deployment policy; no other configuration objects are allowed.
- No
* - deploymentPolicyName
- Name of the existing deployment policy to use for the import operation. The policy should already exist on the device.
- No
* - deploymentPolicyVars
- Name of the deployment policy variables to use with the deployment policy. The variables object should already exist on the device. Note: this requires Version 7 of DataPower firmware.
- No
* - overwriteFiles
- If set to true, overwrite existing files with the files included with the restore.
Defaults to ``true`` for zip files and to ``false`` for xml/xcfg configuration files.
- No
* - overwriteObjects
- If set to true, overwrite existing objects with the objects defined as part of this import.
Defaults to ``true`` (DataPower default).
- No
* - rewriteLocalIp
- If set to ``true``, the local address bindings of services contained in the import package will be rewritten to match the equivalent interfaces of the device.
Defaults to ``false`` (DataPower default).
- No
* - dryRun
- If set to ``true``, run restore in "dry run" mode.
Defaults to ``false`` (DataPower default).
- No
* - reset
- If set to ``true``, all domains that are part of the backup file will be reset before restore.
Defaults to ``false`` (DataPower default).
- No
Examples
^^^^^^^^
.. code-block:: bat
dpbuddy restore -file backups/backup.zip -reset -save -env dr
.. code-block:: xml
.. _secureBackup:
``secureBackup``
----------------
This task performs secure backup of the device. Unlike regular backup, secure backup includes certificates, keys and user passwords. You can find more details about secure backups in `Info Center
`_ or in `this developerWorks article `_.
``secureBackup`` first creates secure backup files on the appliance, then automatically downloads all the files to a local directory, specified using the ``toDir`` attribute. Creating backup files may take several minutes, depending on the size of your file systems.
Secure backups are always performed in the default domain.
Note that secure backup files may be quite large. DPBuddy always streams downloaded files directly to disk, so it is able to download files of any size. However, DataPower may not be able to stream files, so it may take a few minutes to prepare the file on the device (DataPower has to encode the file using base64 encoding) before the downloading can begin.
You can run ``secureBackup`` with the :ref:`environment name list ` so that you can make a backup of multiple devices in a single command. In this case, you may want to append the host name of your DataPower device to the directory where the backup is saved. You will need to escape the dollar sign with backslash on Linux. Also, :ref:`dp.url ` can contain only the host name.
.. code-block:: bat
dpbuddy secureBackup -cert crypto-backup-test -toDir "sbackup_\${dp.url}" -appendTimestamp -env "device1,device2"
Attributes/Options
^^^^^^^^^^^^^^^^^^
.. list-table::
:widths: 20 80 8
:header-rows: 1
* - Name
- Description
- Required
* - cert
- Name of the crypto certificate containing the public key used to encrypt the secure backup. You must create the crypto certificate before using this task. The crypto certificate can be created from WebGUI by navigating to Objects/Crypto Configuration/Crypto Certificate.
- Yes
* - toDir
- Local directory where the backup files should be saved. The directory will be created if it doesn't exist.
- Yes
* - appendTimestamp
- If true, automatically append timestamp to the directory name specified in ``toDir``. The timestamp has the format ``yyyyMMdd_HHmmss``.
Defaults to ``false``.
- No
* - includeISCSI
- If set to ``true``, the iSCSI device will be included in the backup.
Defaults to ``true`` (DataPower default).
- No
* - includeRAID
- If set to ``true``, the RAID device will be included in the backup.
Defaults to ``true`` (DataPower default).
- No
* - dpDir
- DataPower directory for storing secure backup files. This could be any temporary directory.
Defaults to ``temporary:/secure-backup``.
- No
Examples
^^^^^^^^
Create secure backup and download the backup files to "sbackups/${dp.host}/backup". DPBuddy will add timestamp to the "backup" directory.
You can use ``-env`` or ``dp.env`` property to run the backup against multiple devices.
.. code-block:: bat
dpbuddy secureBackup -cert crypto-backup-test -toDir "sbackups/${dp.host}/backup" -appendTimestamp -env="device1, device2"
.. code-block:: xml
.. _secureRestore:
``secureRestore``
-----------------
This task/command performs secure restore from the files created by :ref:`secureBackup`. This includes restoring configurations of all the domains, files and crypto. Please consult `DataPower documentation
`_ for more details.
After the secure restore is completed, DataPower automatically restarts. ``secureRestore`` can optionally wait for the completion of the restart process.
Attributes/Options
^^^^^^^^^^^^^^^^^^
.. list-table::
:widths: 20 80 8
:header-rows: 1
* - Name
- Description
- Required
* - cred
- Name of the crypto credential to use to decrypt the backup.
- Yes
* - dir
- Local directory with the files created by secure backup. Secure backup creates a ".tgz" file for each filesystem.
- Yes
* - waitForReboot
- If set to ``true``, wait for the completion of reboot after restore.
Defaults to ``false``.
- No
* - timeout
- Time, in seconds, to wait for DataPower to become available after the reboot triggered by restore.
Defaults to 240 seconds.
- No
* - dpDir
- DataPower directory to upload secure backup files to. This could be any temporary directory.
Defaults to ``temporary:/secure-backup``.
- No
Examples
^^^^^^^^
.. code-block:: bat
dpbuddy secureRestore -cred secure-restore-cred -dir sbackups -waitForReboot -env dr
.. code-block:: xml