Replicate Backup Files to AWS S3
In additional to having the backup snapshot files stored locally at
/opt/logichub/backups, it is very important that you replicate the backup files to another location. If the disk of the deployment is somehow unrecoverable, having backup files in another location will enable LogicHub to resume your deployment in the shortest amount of time.
There are two ways to do it. You can configure the system to upload the backup files (encrypted) to an AWS S3 bucket. Or, you can run a script provided by us on another Linux machine to sync the files.
In this page, we describe how to configure S3 replication. The next page describes how to replicate them to another Linux machine.
Here is the procedure for S3:
- Set up an S3 bucket that has an object expiration policy, such as 60 days.
- Create an IAM user that has
PutObjectpermission to the bucket. We strongly recommend that you allow only the
PutObjectpermission by this user.
s3cmdon the server using
yum install s3cmd.
- Run the following command to configure
a. When prompted, provide the AWS
Access Key IDand
Secret Access Keyof the IAM user you have created in step #2
b. Specify True for Use HTTPS protocol.
c. Provide the Encryption Password. The Encryption Password is the string representation of a GPG key.
s3cmduses GPG to encrypt the files. This is required because the LogicHub backup process invokes
s3cmdwith client-side encryption.
d. Follow the prompts to complete the rest of the configuration steps for
e. As the list step of configuration,
s3cmdwill attempt to validate whether the AWS credentials you have provided in #4(b) is correct. It is expected to fail because the validation checks whether
ListObjectsworks. It will not if you follow the advice in #2 to not give the IAM user any permission other than PutObject.
/opt/logichub/InstallerSettings.confto put this line
- Reinstall the same version of LogicHub software. After about 12 hours, you should see the first backup file replicated to the S3 bucket.
Store the GPG encryption key safely
Make sure that the GPG encryption key is stored securely and is accessible independent of the server that is running LogicHub. If the key is lost, LogicHub will not be able to recover the backup files.
Updated over 2 years ago