Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Backing Up Product Data

Automated Backup: Using the ncc backup Command

To make a complete backup of your Paragon Active Assurance system, first stop services as follows:

Then run the command

Finally, restart services:

The backup command takes backups of all the following:

  • Main PostgreSQL database
  • Plugin service PostgreSQL database
  • Plugin service files
  • RRD filescons
  • TimescaleDB database
  • TimescaleDB configuration files
  • OpenVPN keys
  • SSL certificates and keys
  • Control Center configuration files
  • Licenses

Options:

  • --without-rrd creates a backup without the RRD files (paa_cc_rrd.tar.gz)
  • --without-timescaledb creates a backup without the TimescaleDB database (paa_cc_timescaledb.tar.gz)
  • --without-configs creates a backup without the Control Center configuration files (paa_cc_configs.tar.gz)
  • --without-db creates a backup without the main and plugin service databases (paa_cc_postgres.sql and paa_cc_plugins.sql)

The output file is a tarball named according to the pattern paa_backup-version-yyyy-mm-dd_hh-mm-ss.tar.gz.

These files serve as input to restoring the system with the ncc restore command; see the chapter Restoring Product Data from Backup.

Troubleshooting: Manual Backup

Should the ncc backup command fail for some reason, you can achieve the same result manually by following the steps in this section.

To make a consistent backup of your Paragon Active Assurance data, you need to stop all services accessing the database before starting the backup procedure. It is possible to make backups of a live system, but data consistency cannot then be guaranteed.

Proceed as follows:

  • Stop Paragon Active Assurance services:

  • Make backups according to the subsections below.

  • Start Paragon Active Assurance services:

Backing Up the Main PostgreSQL Database and Plugin Database

The plugin database is created along with the main PostgreSQL database, but it needs to be backed up separately.

Run these commands:

Note:

The pg_dump command will ask for a password which can be found in /etc/netrounds/netrounds.conf under "postgres database". The default password is "netrounds".

To learn about advanced options of pg_dump, such as compression, type

Note:

Alternatively, you may want to back up the database in binary format. If so, use this command:

Backing Up the RRD Files

The RRD (round-robin database) files contain the Paragon Active Assurance measurement data.

  • For a small-scale setup (< 50 GB), use this backup command:

  • For a large-scale setup (> 50 GB), making a tarball of the RRD files might take too long, and taking a snapshot of the volume can be a better idea. Possible solutions for doing this include: using a file system that supports snapshots, or taking a snapshot of the virtual volume if the server is running in a virtual environment.

Backing Up Plugin Files

Back up plugin files with the commands

Backing Up the TimescaleDB Database

To back up the TimescaleDB database, you must first start it.

Backup of the TimescaleDB database also requires the timescaledb service related to the Streaming API to be enabled and running:

For more information on this API, see the document Streaming API Guide.

To back up the TimescaleDB database manually, run:

Backups of TimescaleDB data are stored in /var/lib/netrounds/rrd/timescaledb/pgbackrest/repo/<backup dir>.

Backing Up the OpenVPN Keys

Use this command:

Backing Up the SSL Certificates and Keys

Note:

This procedure creates a TAR archive that might contain duplicates as the same cert/key file may be mentioned in multiple configuration files.

  1. Create a TAR archive paa_cc_certs.tar:

  2. Collect the secret key path:

    • Open the file etc/netrounds/netrounds.conf.
    • Copy the value for the SECRET_KEY_FILE setting without single/double quotes (<SECRET_KEY_FILE value>)

    • Paste the value you just obtained at the end of this command:

  3. Collect the certificate from the services configuration files:

    • Open the file /etc/netrounds/consolidated.yaml.

    • Copy the value <cert path> for both ssl-key and ssl-cert directives, but only if they are uncommented and have a name different from ssl-cert-snakeoil.

      Example:

      • Copy this one: /etc/certs/fullchain.pem
      • Don't copy this one: /etc/ssl/certs/ssl-cert-snakeoil.pem

    • Paste the value you just copied at the end of this command:

    • Repeat the steps above for the files /etc/netrounds/plugin.yaml and /etc/netrounds/test-agent-gateway.yaml.

  4. Collect the certificates used by the Apache web server:

    • Open the file /etc/apache2/sites-available/netrounds-restol-standalone.conf.
    • Copy the value <cert path> for both SSLCertificateFile and SSLCertificateKeyFile directives, but only if they are uncommented and have a name different from ssl-cert-snakeoil.

    • Paste the value you just copied at the end of this command:

    • Repeat the steps above for the file /etc/apache2/sites-available/netrounds-ssl.conf.

  5. Compress the archive further with gzip and create the file paa_cc_certs.tar.gz:

Backing Up the Licenses

Use this command:

Backing Up the Configuration Files

Make copies of the following files:

  • /etc/apache2/sites-available/netrounds-ssl.conf
  • /etc/apache2/sites-available/netrounds.conf
  • /etc/netrounds/consolidated.yaml
  • /etc/netrounds/metrics.yaml
  • /etc/netrounds/netrounds.conf
  • /etc/netrounds/plugin.yaml
  • /etc/netrounds/probe-connect.conf
  • /etc/netrounds/restol.conf
  • /etc/netrounds/test-agent-gateway.yaml
  • /etc/netrounds/timescaledb.conf
  • /etc/openvpn/netrounds.conf

For example: