Backup / recovery

To create a backup of your OpenIAM deployment, which is based on a Single VM deployment configuration, follow the steps outlined below. You may use any backup solution.

Backup procedures

In addition to the database, the OpenIAM architecture consists of numerous components (listed below), which need to be backed up.

  • Conf folder.
  • Jar and War file for the UI and backend users.
  • Vault - secrets and certificates.
  • Elastic search storage files.

Backup the database

You can back up your database by performing a DB dump. OpenIAM has two databases: openiam and activiti. Both must be backed up. If you are using MariaDB or MySQL, you can use the following approach.

Open a terminal window to the Linux host where your DB has been installed.

  • MariaDB
mysqldump -u [username] -p openiam > /usr/local/openiam/backup/openiam-'date+%F'.sql
mysqldump -u [username] -p activiti > /usr/local/openiam/backup/activiti-'date+%F'.sql
  • PostgreSQL
pg_dump -U postgres -W -F t openiam > /usr/local/openiam/backup/openiam-'date+%F'.tar
pg_dump -U [username]] -W -F t activiti > /usr/local/openiam/backup/activiti-'date+%F'.tar

Download the backup utility

The utility currently supports a single node installation. You can modify this script to align with your environment.

First, download the utility using the following steps. This utility can be executed from either a remote server or from the server where the OpenIAM system has been installed.

mkdir /usr/local/openiam/backuputil
cd /usr/local/openiam/backuputil
git clone https://bitbucket.org/openiam/backup-utils.git

Update the env file

Open the env.sh file and update the following parameters with values that reflect your environment.

Parameter NameDescriptionDefault Value
HOST_NAMEThe host name of remote server where backup file will be uploaded.empty
HOST_PORTThe port of remote server where backup file will be uploaded.22 (default SSH port)
USER_NAMEUsername that will be used to upload file.empty
AUTH_CERT_PATHThe certificate that will be used to authenticate on remote server.~/.ssh/id_rsa
REMOTE_PATHThe folder on the remote server where backup will be placed.~/

Run the backup process

After the env.sh file has been updated, you can run the backup process by using the command below.

./backup.sh

Restoring procedures

The following steps describe how to restore an RPM installation from previously created backups. The steps are for a single node installation. They assume that you have created a backup using the steps described above and the env.sh file has already been updated.

Stop OpenIAM

If you not already done so, stop your OpenIAM deployment.

openiam-cli stop

Restore your database

Use the steps below to restore your database. Please make sure that you are using the backup files which correspond to the point in time that you want to revert to. Substitute the date earlier.

MariaDB

mysql openiam < openaim-[date].sql
mysql activiti < activity-[date].sql

PostgreSQL

pg_restore --dbname=openiam --create --verbose c/usr/local/openiam/backup/openiam-[date].tar
pg_restore --dbname=activiti --create --verbose c/usr/local/openiam/backup/activiti-[date].tar

Restore the openiam application

Use the command below to restore OpenIAM from previously created backup.

./restore.sh <name_of_backup_file>.backup

The utility will restore all stored files from the specified backup and then start the OpenIAM instance again.

You can also execute the restore process from a remote server using the following command.

Please don't forget to fill AUTH_CERT_PATH`` and HOST_PORT in env.conf folder before running this step

./restore.sh [username]@hostname:[]/filename.backup

Example:

./restore.sh user@openiam.com:/opt/openiam/backups/2020-01-01_00-00__4.2.0.0.backup