Back up the Graph DB to S3

Back up the Graph DB to S3

This guide shows you how to back up the Rhize Graph database to Amazon S3 and S3-compatible storage.

Prerequisites

Before you start, ensure you have the following:

  • A designated S3 backup location, for example s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>.
  • Access to your Rhize Kubernetes Environment
  • Optional: kubectx utilities
    • kubectx to manage multiple clusters
    • kubens to switch between and configure namespaces easily
  • Optional: the k8 Lens IDE, if you prefer to use Kubernetes graphically.

Before you start, confirm you are in the right context and namespace:

## context
kubectl config current-context
## namespace
kubectl get namespace

To change the namespace for all subsequent kubectl commands to libre, run this command:

kubectl config set-context --current --namespace=libre

For a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.

Steps

To back up the database, follow these steps:

  1. Check the logs for the alpha and zero pods, either in Lens or with kubectl logs. Ensure there are no errors.

    kubectl logs libre-baas-baas-alpha-0 --tail=80
  2. Set the following environmental variables:

    • AWS_ACCESS_KEY_ID. Your AWS access key with permissions to write to the destination bucket
    • AWS_SECRET_ACCESS_KEY. Your AWS access key with permissions to write to the destination bucket
    • AWS_SESSION_TOKEN. Your AWS session token (if required)
  3. Make a POST request to your Keycloak /token endpoint to get an access_token value. For example, with curl and jq:

    ## replace USERNAME and PASSWORD with your credentials
    USERNAME=backups@libremfg.com \
    && PASSWORD=password \
    && curl --location \
      --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \
      --header 'Content-Type\ application/x-www-form-urlencoded' \
      --data-urlencode 'grant_type=password' \
      --data-urlencode "username=<USERNAME>" \
      --data-urlencode "password=<PASSWORD>"  \
      --data-urlencode "client_id=<BASS_CLIENT_ID>" \
      --data-urlencode "client_secret=<BASS_CLIENT_SECRET>" | jq .access_token
  4. Using the token from the previous step, send a POST to <alpha service>:8080/admin to create a backup of the node to your S3 bucket. For example, with curl:

    curl --location 'http://alpha:8080/admin' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Bearer <TOKEN>' \
    --data '{"query":"mutation {\n  backup(input: {destination: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n    response {\n      message\n      code\n    }\n    taskId\n  }\n}","variables":{}}'
  5. List available backups to confirm your backup succeeded:

    curl --location 'http://alpha:8080/admin' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Bearer <TOKEN>' \
    --data '{"query":"query backup {\n\tlistBackups(input: {location: \"s3://s3.<AWS-REGION>>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n\t\tbackupId\n\t\tbackupNum\n\t\tpath\n\t\tsince\n\t\ttype\n\t}\n}","variables":{}}'

Next Steps