Restore the GraphDB from S3

This guide shows you how to restore the Graph database from Amazon S3 to your Rhize environment.

Prerequisites

Before you start, ensure you have the following:

• The GraphDB Helm chart
• kubectl
• A Database backup

Steps

1. Set the follow environmental variables:

   • AWS_ACCESS_KEY_ID your AWS access key with permissions to write to the destination bucket
   • AWS_SECRET_ACCESS_KEY your AWS access key with permissions to write to the destination bucket
   • AWS_SESSION_TOKEN your AWS session token (if required)

2. Confirm the cluster and namespace are correct.

   ## context
   kubectl config current-context
   ## namespace
   kubectl get namespace
   

   To change the namespace for all subsequent kubectl commands to libre, run this command:

   kubectl config set-context --current --namespace=libre
   

   For a reference of useful kubectl commands, refer to the official kubectl Cheat Sheet.

3. Upgrade or install the Helm chart.

   helm upgrade --install -f baas.yaml libre-baas libre/baas -n libre
   

4. Wait for libre-baas-alpha-0 to start serving the GraphQL API.

5. Make a POST request to your Keycloak /token endpoint to get an access_token value. For example, with curl and jq:

   ## replace USERNAME and PASSWORD with your credentials
   USERNAME=backups@libremfg.com \
   && PASSWORD=password \
   && curl --location \
     --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \
     --header 'Content-Type\ application/x-www-form-urlencoded' \
     --data-urlencode 'grant_type=password' \
     --data-urlencode "username=<USERNAME>" \
     --data-urlencode "password=<PASSWORD>"  \
     --data-urlencode "client_id=<BASS_CLIENT_ID>" \
     --data-urlencode "client_secret=<BASS_CLIENT_SECRET>" | jq .access_token
   

6. Using the token from the previous step, send a POST to <alpha pod>:8080/admin to retrieve a list of available backups from the s3 bucket.

    curl --location 'http://alpha-0:8080/admin' \
   --header 'Content-Type: application/json' \
   --header 'Authorization: Bearer <TOKEN>' \
   --data '{"query":"query {\n\tlistBackups(input: {location: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n\t\tbackupId\n\t\tbackupNum\n\t\tencrypted\n\t\tpath\n\t\tsince\n\t\ttype\n        readTs\n\t}\n}","variables":{}}'
   

7. Using the backup id and token from the previous step, send a POST to <alpha pod>:8080/admin to start the restore from the s3 bucket to the alpha node. For example, with curl:

   curl --location 'http://alpha-0:8080/admin' \
   --header 'Content-Type: application/json' \
   --header 'Authorization: Bearer <TOKEN>' \
   --data '{"query":"mutation{\n  restore(input:{\n    location: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\",\n    backupId: \"<BACKUP_ID>\"\n  }){\n    message\n    code\n  }\n}","variables":{}}'