Breadcrumbs

Backup via CLI Script on AWS

To backup an instance of EJBCA Cloud, you can either use the CLI script included on the instance or create a snapshot in the AWS Console. This section describes how to backup using a script. For information on using the AWS Console with snapshots, see Backup using AWS Snapshot.

As of EJBCA Cloud version 3.4.0, the backup script will not default to using “age” encryption over OpenSSL. OpenSSL will still work as a fallback mechanism should age not work or be installed on older systems.

“Age” does not support passwords being fed from standard out. This is because “age” directly opens /dev/tty and there's no way to redirect input to that. Once this changes the scripts will be modified to support it. Until then, any use of the new silent (-s) option will require the --use-openssl option.

Backup via Script

This section describes how to manually back up the instance using the system backup script. For instructions on how to automate the backup of the system in order not to prompt for passwords, see the Automating Backup Script section.

To back up the instance using the system backup script:

  1. Using the SSH key that was selected when procuring the instance, SSH into the EJBCA Cloud instance using the username ec2-user:

    # ssh –i ssh-key.pem ec2-user@elastic-ip.compute-1.amazonaws.com

  2. Run the command sudo su to get elevated privileges:

    # sudo su

  3. Change to the /opt/PrimeKey/support directory.

  4. Run the script system_backup.sh to create a backup of your system.

  5. Press Y to proceed and enter a password to protect the backup once prompted.

  6. Make a note of the name of the backup file created. Copy the backup file to a directory that is accessible by the ec2-user, for example,/home/ec2-user/.
    Example:
    Copy the file named:
    "/opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz"
    to the directory /home/ec2-user/:

    # cp /opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz /home/ec2-user/

  7. It is recommended to copy this backup to another system, either locally from the administration workstation or in another AWS data center. For more information on how to copy the file from the EJBCA Cloud instance, see the Copying Backup Files to Other Systems section.

Other options in post 3.4.0 version

Option

Description

-p

Specify the password to the database if changed, specified in <password>. This script will try to read from different variables, but if the password on the database is different from those variables and needs to be specified, use this option.

-e

Specify the password on the CLI used to encrypt the backup. Useful for automating backups with Cron, specified in <password>

--use-openssl

Force use of OpenSSL encryption instead of age (for compatibility). This must be specified when using silent mode (-s).

-s

Silent. Do not have ANY prompts for input (used for automation). Must be used with -e. Automatically uses OpenSSL for encrypting backups and assumes any prompts that would normally be asked are responded with "yes".

-b

Specify Database Password (used when DATABASE_PASSWORD is removed from start.sh and automating this script)