Skip to main content

Cyware Fusion and Threat Response

Recover Backup Data

In CFTR, the default target destination for data backup is /apps/cyware/cy-object-store/data/cftr-backup/. Admins can configure the target destination to store the backup data during the CFTR app deployment and initial configuration in the file server. The backup data is stored on the same file server, where the CFTR app data is stored but in a different bucket, and consumes the data storage of the file server that is used for the application.

Admins or the technical teams can recover the backup data of the following services from their file server:

  • PostgreSQL: Stores the whole application data and the corresponding relational data. PostgreSQL backup data is zipped and stored at the following File Server location: {Path-To-Object-Storage}/cftr-backup/psql.

  • Elasticsearch: Stores the module indexes or data overview for filtering, sorting, and listing. The backup is performed and maintained by the Elasticsearch Snapshot API. Elasticsearch backup data is stored at the following location: {Path-To-Object-Storage}/cftr-backup/elasticsearch/incremental/ .

  • Redis: Maintains the queue for the background tasks. Redis dump.rbd file is backed up and stored at the following location in ZIP format: {Path-To-Object-Storage}/cftr-backup/redis/ .

  • Object Storage - Object Storage is the default file server of CFTR. You can have a different file server to store attachments and other details. The backup of Object Storage is stored as a plain directory structure at the following location: {Path-To-Object-Storage}/cftr-backup/object-storage/.

Before you Start

  • Ensure that the Backup Settings under Data Policy are configured.

  • During the disaster recovery process, the CFTR platform data (live data) that is not backed up will be affected. Before performing the data recovery process, create a database and import all the recovery files.

  • Move the backup data from the file server for access during disasters and recover the data that is deleted by mistake.

Steps

The backup data recovery process includes the following steps:

  1. Sign in to Object Storage Server

  2. Recover PostgreSQL Data

  3. Recover Redis Data

  4. Recover Elasticsearch Data

  5. Recover Object Storage Data

Sign in to Object Storage Server

The Object Storage server stores the CFTR data in the form of buckets. CFTR data types are segregated and channelized to a dedicated bucket or folder, where the data is stored. Sign in to the Object Storage server before recovering the backup data of the PostgreSQL Database, Elasticsearch, Redis, and Object Storage database services.

Sign in to the following Object Storage server terminal: /apps/cyware/cy-object-store/data/cftr-backup/

Note

You do not require root user permissions to sign in to the Object Storage server terminal.

The backup directory includes all the service backups (Elasticsearch, Object Storage, PostgreSQL, and Redis) as sub-directories.

Recover PostgreSQL Data

The recommended method for the OS user is to sign in with the centos user. To recover the PostgreSQL backup data, do the following:

  1. Move the PostgreSQL Database backup file ({Path-To-Object-Storage}/cftr-backup/psql/{Backup-File-Name}.zip) to PostgreSQL Server at the home location (~/{{Backup-File-Name}}.zip).

  2. To extract the .sql file, run the following command:

    unzip {{Backup-File-Name}}.zip

  3. To sign in to PostgreSQL Shell, run the following command. You can find the PostgreSQL-Username in /apps/cyware/cftr/.env as DATABASE_USER in the app instance.

    psql -U {{PostgreSQL-Username}}

  4. To create a recovery database, run the following command. The CFTR-DB-Name should not be more than 15 characters in length and may contain hyphens (-) and underscores(_) as special characters.

    CREATE DATABASE {{CFTR-DB-Name}} WITH ENCODING = 'UTF8' LC_COLLATE = 'en_US.utf8' LC_CTYPE = 'en_US.utf8' ;

  5. To exit the PostgreSQL Shell, run the following command.

    \q

  6. To import the restored data from the file to the newly created database, run the following command. Use the same username from /apps/cyware/cftr/.env: DATABASE_USER.

    psql -U {{PostgreSQL-Username}} {{CFTR-DB-Name}} < ~/{{Backup-File-Name}}.sql

  7. In the app instance, to update the DATABASE_NAME variable in the /apps/cyware/cftr/.env file, run the following command:

    DATABASE_NAME={{CFTR-DB-NAME}}

  8. [Optional] To sign in to the PostgreSQL shell and delete the previously used database to free up disk space, run the following command:

    psql -U {{PostgreSQL-Username}}
DROP DATABASE {{OLD-CFTR-DB-NAME}}

Recover Redis Data

The recommended method for the OS user is to log on with the centos user. To recover the Redis backup data, do the following:

  1. Move the Redis Database backup file from File Storage ({Path-To-Object-Storage}/cftr-backup/redis/{Redis-Backup-FileName}.rdb.gz) to All Redis node home Directory (~/{Redis-Backup-FileName}.rdb.gz).

  2. On the Redis Instance, to extract the zipped backup file, run the following command:

    gzip -d {Redis-Backup-FileName}.rdb.gz

  3. To replace the existing dump.rdb file on all the Redis nodes with the extracted rdb file, run the following command. The default value of {Path-To-Redis} is /apps/cyware/redis/.

    mv ~/{Redis-Backup-FileName}.rdb {Path-To-Redis}/dump.rdb

  4. To update the file ownership to Redis, run the following command:

    sudo chown redis:redis {Path-To-Redis}/dump.rdb

Recover Elasticsearch Data

To recover the Elasticsearch backup data, do the following:

  1. Sign in to the app instance with the centos user.

  2. To restore the Elasticsearch backup data, run the following Elasticsearch Snapshot Restore API command. The format of {{Snapshot-Name}} is "cftr_20211020-103726".

    curl -X POST "{{Elasticsearch-Endpoint}}/_snapshot/cftr_snapshots/{{Snapshot-Name}}/_restore?pretty"

  3. Elasticsearch executes the backup task in the background. To check the task completion status, run the following API command:

    curl "{{Elasticsearch-Endpoint}}/_cat/recovery/_all"

Recover Object Storage Data

Perform the following steps to recover the Object Storage backup data:

  1. Sign in to the file server with the root user.

  2. To copy the entire backed-up directory to the cftrbucket directory on the server, run the following command.

    Note

    Default value of {Path-To-Object-Storage} is /apps/cyware/cy-object-store/data.

    cp -r {Path-To-Object-Storage}/cftr-backup/object-storage/cftr_files_20211020_103726/ {Path-To-Object-Storage}/cftrbucket/