forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_preparing-for-bbr.html.md.erb
242 lines (174 loc) · 9.22 KB
/
_preparing-for-bbr.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
Before using BBR you must perform the following steps:
* [Verify your BBR Version](#verify-bbr-version)
* [Download the BBR SSH Credentials](#bbr-ssh-creds)
* [Download the BOSH Director Credentials](#bosh-creds)
* [Download the UAA Client Credentials](#cluster-creds)
* [Retrieve the BOSH Director Address](#bosh-address)
* [Download the Root CA Certificate](#root-ca-cert)
* [Download the BOSH Command Line Credentials](#bosh-cli-creds)
* [Retrieve your Cluster Deployment Name](#cluster-deployment-name)
### <a id='verify-bbr-version'></a> Verify Your BBR Version
Before running BBR, you must verify that the installed version of BBR is compatible with your deployment's current <%= vars.product_short %> release.
1. For your current <%= vars.product_short %> release's minimum version information, see the [<%= vars.product_short %> Release Notes](release-notes.html).
1. To verify the currently installed BBR version, run the following command:
```
bbr version
```
<br>
If you do not have BBR installed, or your installed version does not meet the minimum version requirement,
see [Installing BOSH Backup and Restore](bbr-install.html).
<br>
### <a id='setup'></a> Collect Credentials and Account Information
Before you can use BBR to perform a backup or restore, you will need to collect accounts and credentials to authenticate into your jumpbox, BOSH Director, and Ops Manager.
#### <a id='bbr-ssh-creds'></a> Download the BBR SSH Credentials
There are two ways to retrieve BOSH Director credentials:
* [Ops Manager Installation Dashboard](#bbr-ssh-creds-via-ui)
* [Ops Manager API](#bbr-ssh-creds-via-api)
#### <a id='bbr-ssh-creds-via-ui'></a> Ops Manager Installation Dashboard
To retrieve your **Bbr Ssh Credentials** using the Ops Manager Installation Dashboard, perform the following steps:
1. Navigate to the Ops Manager Installation Dashboard.
1. Click the BOSH Director tile.
1. Click the **Credentials** tab.
1. Locate **Bbr Ssh Credentials**.
1. Click **Link to Credentials** next to it.
1. Copy the `private_key_pem` field value.
#### <a id='bbr-ssh-creds-via-api'></a> Ops Manager API
To retrieve your **Bbr Ssh Credentials** using the Ops Manager API, perform the following steps:
1. Obtain your UAA access token. For more information,
see [Access the API](https://docs.pivotal.io/pivotalcf/customizing/ops-man-api.html#access-api).
1. Retrieve the **Bbr Ssh Credentials** by running the following command:
```
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/bbr_ssh_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
```
Where:
* `OPS-MAN-FQDN` is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
* `UAA-ACCESS-TOKEN` is your UAA access token.
1. Copy the value of the `private_key_pem` field.
##### <a id='bbr-ssh-creds-save'></a> Save the BBR SSH Credentials to File
1. To reformat the copied `private_key_pem` value and save it to a file in the current directory, run the following command:
```
printf -- "YOUR-PRIVATE-KEY" > PRIVATE-KEY-FILE
```
Where:
* `YOUR-PRIVATE-KEY` is the text of your private key.
* `PRIVATE-KEY-FILE` is the path to the private key file you are creating.
For example:
<pre class="terminal">
$ printf -- "-----begin rsa private key----- fake key contents ----end rsa private key-----" > bbr_key.pem
</pre>
#### <a id='bosh-creds'></a> Download the BOSH Director Credentials
There are two ways to retrieve BOSH Director credentials:
* [Ops Manager Installation Dashboard](#bosh-creds-via-ui)
* [Ops Manager API](#bosh-creds-via-api)
##### <a id='bosh-creds-via-ui'></a> Ops Manager Installation Dashboard
To retrieve your BOSH Director credentials using the Ops Manager Installation Dashboard, perform the following steps:
1. Navigate to the Ops Manager Installation Dashboard.
1. Click the BOSH Director tile.
1. Click the **Credentials** tab.
1. Locate **Director Credentials**.
1. Click **Link to Credentials** next to it.
1. Copy the value of the `private_key_pem` field.
##### <a id='bosh-creds-via-api'></a> Ops Manager API
To retrieve your BOSH Director credentials using the Ops Manager API, perform the following steps:
1. Obtain your UAA access token. For more information, see
[Access the Ops Manager API](https://docs.pivotal.io/pivotalcf/customizing/ops-man-api.html#access).
1. Retrieve the **Director Credentials** by running the following command:
```
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/bbr_ssh_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
```
Where:
`OPS-MAN-FQDN` is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
`UAA-ACCESS-TOKEN` is your UAA access token.
1. Copy the value of the `private_key_pem` field.
#### <a id='bosh-creds-save'></a> Save the BOSH Director Credentials to a File
1. To reformat the copied `private_key_pem` value and save it a file in the current directory, run the following command:
```
printf -- "YOUR-PRIVATE-KEY" > PRIVATE-KEY-FILE
```
Where:
* `YOUR-PRIVATE-KEY` is the text of your private key.
* `PRIVATE-KEY-FILE` is the path to the private key file you are creating.
For example:
<pre class="terminal">
$ printf -- "-----begin rsa private key----- fake key contents ----end rsa private key-----" > bbr_key.pem
</pre>
#### <a id='cluster-creds'></a> Download the UAA Client Credentials
To obtain BOSH credentials for your BBR operations, perform the following steps:
1. From the Ops Manager Installation Dashboard, click the **<%= vars.product_tile %>** tile.
1. Select the **Credentials** tab.
1. Navigate to **Credentials > UAA Client Credentials**.
1. Record the value for `uaa_client_secret`.
1. Record the value for `uaa_client_name`.
<p class="note"><strong>Note</strong>: You must use BOSH credentials that limit the scope of BBR activity to your cluster deployments.</p>
#### <a id='bosh-address'></a> Retrieve the BOSH Director Address
You access the BOSH Director using an IP address.
To obtain your BOSH Director's IP address:
1. Open the Ops Manager Installation Dashboard.
1. Select **BOSH Director > Status**.
1. Select the listed Director IP Address.
#### <a id='bosh-address-log-in'></a> Log In to BOSH Director
1. If you are not using the Ops Manager VM as your jumpbox, install the latest [BOSH CLI](https://bosh.io/docs/cli-v2.html#install) on your jumpbox.
1. To log in to BOSH Director, using the IP address that you recorded above, run the following command line:
```
bosh -e BOSH-DIRECTOR-IP \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE log-in
```
Where:
* `BOSH-DIRECTOR-IP` is the BOSH Director IP address recorded above.
* `PATH-TO-BOSH-SERVER-CERTIFICATE` is the path to the root Certificate Authority (CA) certificate
as outlined in [Download the Root CA Certificate](#root-ca-cert).
1. To specify **Email**, specify `director`.
1. To specify **Password**, enter the **Director Credentials** that you obtained in
[Download the BOSH Director Credentials](#bosh-creds).
For example:
<pre class='terminal'>
$ bosh -e 10.0.0.3 \
--ca-cert /var/tempest/workspaces/default/root\_ca\_certificate log-in
Email (): director
Password (): *******************
Successfully authenticated with UAA
Succeeded
</pre>
#### <a id='root-ca-cert'></a> Download the Root CA Certificate
To download the root CA certificate for your <%= vars.product_short %> deployment,
perform the following steps:
1. Open the Ops Manager Installation Dashboard.
1. In the top right corner, click your username.
1. Navigate to **Settings** > **Advanced**.
1. Click **Download Root CA Cert**.
#### <a id='bosh-cli-creds'></a> Download the BOSH Command Line Credentials
1. Open the Ops Manager Installation Dashboard.
1. Click the **BOSH Director** tile.
1. In the BOSH Director tile, click the **Credentials** tab.
1. Navigate to **Bosh Commandline Credentials**.
1. Click **Link to Credential**.
1. Copy the credential value.
#### <a id='cluster-deployment-name'></a> Retrieve Your Cluster Deployment Name
To locate and record your cluster's BOSH deployment name, follow the steps below.
1. <%= partial 'login-pks-api' %>
1. To find the cluster ID associated with the cluster you want to back up, run the following
command:
```
pks cluster CLUSTER-NAME
```
Where `CLUSTER-NAME` is the name of your cluster.
1. From the output of this command, record the **UUID** value.
1. Open the Ops Manager Installation Dashboard.
1. Click the **BOSH Director** tile.
1. Select the **Credentials** tab.
1. Navigate to **Bosh Commandline Credentials** and click **Link to Credential**.
1. Copy the credential value.
1. SSH into your jumpbox. For more information about the jumpbox, see [Installing BOSH Backup and Restore](bbr-install.html#jumpbox-setup).
1. To retrieve your cluster BOSH deployment name, run the following command:
```
BOSH-CLI-CREDENTIALS deployments | grep UUID
```
Where:
* `BOSH-CLI-CREDENTIALS` is the full value that you copied from the BOSH Director tile
in [Download the BOSH Command Line Credentials](bbr-backup.html#bosh-cli-creds).
* `UUID` is the cluster UUID that you recorded in the previous step.
<br>