Back up the Graph DB
This guide shows you how to back up the Rhize Graph database. You can also use it to model an automation workflow.
Prerequisites
Before you start, ensure you have the following:
- A designated backup location, for example
~/rhize-backups/database. - Access to your Rhize Kubernetes Environment
- Optional: kubectx utilities
kubectxto manage multiple clusterskubensto switch between and configure namespaces easily
- Optional: the k8 Lens IDE, if you prefer to use Kubernetes graphically.
Before you start, confirm you are in the right context and namespace:
## context
kubectl config current-context
## namespace
kubectl get namespaceTo change the namespace for all subsequent kubectl commands to libre, run this command:
kubectl config set-context --current --namespace=libreFor a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.
Steps
To back up the database, follow these steps:
Check the logs for the alpha and zero pods, either in Lens or with
kubectl logs. Ensure there are no errors.kubectl logs libre-baas-baas-alpha-0 --tail=80Open a pod shell for one of the alpha pods. If you are using the terminal, run this command:
kubectl exec --stdin --tty libre-baas-baas-alpha-0 \ -n libre -- /bin/bashFor details, read the Kubernetes topic Get Shell to a Running Container.
Make a POST request to your Keycloak
/tokenendpoint to get anaccess_tokenvalue. For example, withcurlandjq:## replace USERNAME and PASSWORD with your credentials USERNAME=backups@libremfg.com \ && PASSWORD=password \ && curl --location \ --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \ --header 'Content-Type\ application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=password' \ --data-urlencode "username=${USERNAME}" \ --data-urlencode "password=${PASSWORD}" \ --data-urlencode "client_id=${BAAS_OIDC_CLIENT_ID}" \ --data-urlencode "client_secret=${OIDC_SECRET}" | jq .access_tokenUsing the token from the previous step, send a POST to
localhost:8080/adminto create a backup of the node. For example, withcurl:curl --location --request POST 'http://localhost:8080/admin' \ --header 'Authorization: Bearer <TOKEN>' \ --header 'Content-Type: application/json' \ --data-raw '{"query":"mutation {\r\n export(input: {format: \"json\", destination: \"/dgraph/backups/'"$(date +"%Y-%m-%dT%H.%M.%SZ")"'\"}) {\r\n response {\r\n message\r\n code\r\n }\r\n}\r\n}","variables":{}}'Change to the backup directory (the
destinationparameter in the precedingcurlcommand). For example:cd /dgraph/backupsCheck for the latest directory. Its name should be the timestamp of when you sent the preceding
curlrequest. For example:ls -ltWith these flags, the first listed directory should be the latest backup, named something like
2023-10-31T16.55.56ZCreate a file that holds the sha256 checksums of the latest backup files. You’ll use this file to confirm the copy is identical.
sha256sum <LATEST_BACKUP_DIR>/dgraph.<PODNAME>/*.gz > <LATEST_BACKUP_DIR>/backup.sumsExit the container shell, then copy files out of the container to your backup location:
## exit shell exit ## copy container files to backup kubectl cp --retries=10 <NAMESPACE>/<PODNAME>:backups/<CONTAINER_BACKUP> \ ./<BACKUP>/<ON_YOUR_DEVICE>Use the checksum to confirm that the pod files and the local files are the same. If you are using Windows, you can run an equivalent check with the
CertUtilutility:## Change to the directory cd ./<BACKUP>/<ON_YOUR_DEVICE>/ ## Check sums sha256sum -c backup.sums *.gzCertUtil -hashfile C:\<BACKUP>\<ON_YOUR_DEVICE>\backup.sums sha256
Confirm success
On success, the backup creates three zipped files:
- The GraphQL schema
- The DB schema
- A JSON file with the real database data.
To check that the backup succeeded, unzip the files and inspect the data.
Next Steps
- Test the Restore Graph Database procedure to ensure you can recover data in case of an emergency.
- To back up other Rhize services, read how to backup Grafana.