Back up the Graph DB

This guide shows you how to back up the Rhize Graph database. You can also use it to model an automation workflow.

Prerequisites

Before you start, ensure you have the following:

A designated backup location, for example ~/rhize-backups/database.
Access to your Rhize Kubernetes Environment
Optional: kubectx utilities
- kubectx to manage multiple clusters
- kubens to switch between and configure namespaces easily
Optional: the k8 Lens IDE, if you prefer to use Kubernetes graphically.

Before you start, confirm you are in the right context and namespace:

## context
kubectl config current-context
## namespace
kubectl get namespace

To change the namespace for all subsequent kubectl commands to libre, run this command:

kubectl config set-context --current --namespace=libre

For a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.

Steps

To back up the database, follow these steps:

Check the logs for the alpha and zero pods, either in Lens or with kubectl logs. Ensure there are no errors.
```
kubectl logs libre-baas-baas-alpha-0 --tail=80
```
Open a pod shell for one of the alpha pods. If you are using the terminal, run this command:
```
kubectl exec --stdin --tty libre-baas-baas-alpha-0 \
-n libre -- /bin/bash
```
For details, read the Kubernetes topic Get Shell to a Running Container.

Make a POST request to your Keycloak /token endpoint to get an access_token value. For example, with curl and jq:

## replace USERNAME and PASSWORD with your credentials
USERNAME=backups@libremfg.com \
&& PASSWORD=password \
&& curl --location \
  --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \
  --header 'Content-Type\ application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=password' \
  --data-urlencode "username=${USERNAME}" \
  --data-urlencode "password=${PASSWORD}"  \
  --data-urlencode "client_id=${BAAS_OIDC_CLIENT_ID}" \
  --data-urlencode "client_secret=${OIDC_SECRET}" | jq .access_token

Using the token from the previous step, send a POST to localhost:8080/admin to create a backup of the node. For example, with curl:

curl --location --request POST 'http://localhost:8080/admin' \
--header 'Authorization: Bearer <TOKEN>' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"mutation {\r\n export(input: {format: \"json\", destination: \"/dgraph/backups/'"$(date +"%Y-%m-%dT%H.%M.%SZ")"'\"}) {\r\n response {\r\n message\r\n code\r\n }\r\n}\r\n}","variables":{}}'

Change to the backup directory (the destination parameter in the preceding curl command). For example:
```
cd /dgraph/backups
```
Check for the latest directory. Its name should be the timestamp of when you sent the preceding curl request. For example:
```
ls -lt
```
With these flags, the first listed directory should be the latest backup, named something like 2023-10-31T16.55.56Z
Create a file that holds the sha256 checksums of the latest backup files. You’ll use this file to confirm the copy is identical.
```
sha256sum <LATEST_BACKUP_DIR>/dgraph.<PODNAME>/*.gz > <LATEST_BACKUP_DIR>/backup.sums
```

Exit the container shell, then copy files out of the container to your backup location:

## exit shell
exit
## copy container files to backup
kubectl cp --retries=10 <NAMESPACE>/<PODNAME>:backups/<CONTAINER_BACKUP> \
./<BACKUP>/<ON_YOUR_DEVICE>

Use the checksum to confirm that the pod files and the local files are the same. If you are using Windows, you can run an equivalent check with the CertUtil utility:

## Change to the directory
cd ./<BACKUP>/<ON_YOUR_DEVICE>/
## Check sums
sha256sum -c backup.sums *.gz

CertUtil -hashfile C:\<BACKUP>\<ON_YOUR_DEVICE>\backup.sums sha256

Confirm success

On success, the backup creates three zipped files:

The GraphQL schema
The DB schema
A JSON file with the real database data.

To check that the backup succeeded, unzip the files and inspect the data.

Next Steps

Test the Restore Graph Database procedure to ensure you can recover data in case of an emergency.
To back up other Rhize services, read how to backup Grafana.