Back up the Graph DB to S3

This guide shows you how to back up the Rhize Graph database to Amazon S3 and S3-compatible storage.

Prerequisites

Before you start, ensure you have the following:

• A designated S3 backup location, for example s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>.
• Access to your Rhize Kubernetes Environment
• Optional: kubectx utilities
  • kubectx to manage multiple clusters
  • kubens to switch between and configure namespaces easily
• Optional: the k8 Lens IDE, if you prefer to use Kubernetes graphically.

Before you start, confirm you are in the right context and namespace:

## context
kubectl config current-context
## namespace
kubectl get namespace

To change the namespace for all subsequent kubectl commands to libre, run this command:

kubectl config set-context --current --namespace=libre

For a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.

Steps

To back up the database, follow these steps:

1. Check the logs for the alpha and zero pods, either in Lens or with kubectl logs. Ensure there are no errors.

   kubectl logs libre-baas-baas-alpha-0 --tail=80

2. Set the following environmental variables:

   • AWS_ACCESS_KEY_ID. Your AWS access key with permissions to write to the destination bucket
   • AWS_SECRET_ACCESS_KEY. Your AWS access key with permissions to write to the destination bucket
   • AWS_SESSION_TOKEN. Your AWS session token (if required)

3. Make a POST request to your Keycloak /token endpoint to get an access_token value. For example, with curl and jq:

   ## replace USERNAME and PASSWORD with your credentials
   USERNAME=backups@libremfg.com \
   && PASSWORD=password \
   && curl --location \
     --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \
     --header 'Content-Type\ application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=password' \
     --data-urlencode "username=<USERNAME>" \
     --data-urlencode "password=<PASSWORD>"  \
     --data-urlencode "client_id=<BASS_CLIENT_ID>" \
     --data-urlencode "client_secret=<BASS_CLIENT_SECRET>" | jq .access_token

4. Using the token from the previous step, send a POST to <alpha service>:8080/admin to create a backup of the node to your S3 bucket. For example, with curl:

   curl --location 'http://alpha:8080/admin' \
   --header 'Content-Type: application/json' \
   --header 'Authorization: Bearer <TOKEN>' \
   --data '{"query":"mutation {\n  backup(input: {destination: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n    response {\n      message\n      code\n    }\n    taskId\n  }\n}","variables":{}}'

5. List available backups to confirm your backup succeeded:

   curl --location 'http://alpha:8080/admin' \
   --header 'Content-Type: application/json' \
   --header 'Authorization: Bearer <TOKEN>' \
   --data '{"query":"query backup {\n\tlistBackups(input: {location: \"s3://s3.<AWS-REGION>>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n\t\tbackupId\n\t\tbackupNum\n\t\tpath\n\t\tsince\n\t\ttype\n\t}\n}","variables":{}}'

Next Steps

• Test the Restore Graph Database From S3 procedure to ensure you can recover data from Amazon S3 in case of an emergency.
• To back up other Rhize services, read how to backup Grafana.