Skip to main content
Skip table of contents

Backup via CLI Script

To backup an instance of EJBCA Cloud, you can either use the CLI script included on the instance or create a snapshot in the AWS Console. This section describes how to backup using a script. For information on using the AWS Console with snapshots, see Backup using AWS Snapshot.

As of EJBCA Cloud version 3.4.0, the backup script will not default to using “age” encryption over OpenSSL. OpenSSL will still work as a fallback mechanism should age not work or be installed on older systems.

“Age” does not support passwords being fed from standard out. This is because “age” directly opens /dev/tty and there's no way to redirect input to that. Once this changes the scripts will be modified to support it. Until then, any use of the new silent (-s) option will require the --use-openssl option.

Backup via Script

To backup the instance using the script included on the instance:

  1. Using the SSH key that was selected when procuring the instance, SSH into the EJBCA Cloud instance using the username ec2-user:

    CODE 
    # ssh –i ssh-key.pem ec2-user@elastic-ip.compute-1.amazonaws.com

  2. Run the command sudo su to get elevated privileges:

    CODE 
    # sudo su

  3. Change to the /opt/PrimeKey/support directory.

  4. Run the script system_backup.sh to create a backup of your system.

  5. Press Y to proceed and enter a password to protect the backup once prompted:

  6. Make a note of the name of the backup file created. Copy the backup file to a directory that is accessible by the ec2-user, for example /home/ec2-user/.

    In this case, the file named:
    "/opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz"
    is copied to /home/ec2-user/:

    CODE 
    # cp /opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz /home/ec2-user/

  7. It is recommended to copy this backup to another system, either locally from the administration workstation, or in another AWS data center. For more information on how to copy the file from the EJBCA Cloud instance, see the Copying Backup Files to Other Systems section.

    NOTE For instructions on how to automate the backup of the system in order not to prompt for passwords, see the Automating Backup Script section.

Other options in post 3.4.0 version

Option

Description

-p

Specify the password to the database if changed, specified in <password>. This script will try to read from different variables, but if the password on the database is different from those variables and needs to be specified, use this option.

-e

Specify the password on the CLI used to encrypt the backup. Useful for automating backups with Cron, specified in <password>

--use-openssl

Force use of OpenSSL encryption instead of age (for compatibility). This must be specified when using silent mode (-s).

-s

Silent. Do not have ANY prompts for input (used for automation). Must be used with -e. Automatically uses OpenSSL for encrypting backups and assumes any prompts that would normally be asked are responded with "yes".

-b

Specify Database Password (used when DATABASE_PASSWORD is removed from start.sh and automating this script)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close