backup¶
The backup command creates a backup of an MKE manager node. Specifically, the command creates a TAR file with the contents of the volumes used by the given MKE manager node and then prints it. You can then use the restore command to restore the data from an existing backup.
To create backups of a multi-node cluster, you only need to back up a single manager node. The restore operation will reconstitute a new MKE installation from the backup of any previous manager node.
Note
The backup contains private keys and other sensitive information. Use
the --passphrase
flag to encrypt the backup with PGP-compatible
encryption or --no-passphrase
to opt out of encrypting the backup.
Mirantis does not recommend the latter option.
To use the backup command:
docker container run \
--rm \
--interactive \
--name ucp \
--log-driver none \
--volume /var/run/docker.sock:/var/run/docker.sock \
mirantis/ucp:3.x.y \
backup <command-options> > backup.tar
Options¶
Option |
Description |
---|---|
|
Enables debug mode. |
|
Specifies the name of the file wherein the backup contents are written. This option requires that you bind-mount the file path to the container that is performing the backup. The file path must be relative to the container file tree. For example: docker run <other options> --mount
type=bind,src=/home/user/backup:/backup mirantis/ucp --file
/backup/backup.tar
This option is ignored in interactive mode. |
|
Produces JSON-formatted output for easier parsing. |
|
Stores an encrypted |
|
Runs in interactive mode and prompts for configuration values. |
|
Bypasses the option to encrypt the TAR file with a passphrase. Mirantis does not recommend this option. |
|
Encrypts the TAR file with a passphrase. |
SELinux¶
Installing MKE on a manager node with SELinux enabled at the daemon and the
operating system levels requires that you include
--security-opt label=disable
with your backup command. This flag
disables SELinux policies on the MKE container. The MKE container mounts and
configures the Docker socket as part of the MKE container. Therefore, the MKE
backup process fails with the following error if you neglect to include this
flag:
FATA[0000] unable to get valid Docker client: unable to ping Docker
daemon: Got permission denied while trying to connect to the Docker
daemon socket at unix:///var/run/docker.sock:
Get http://%2Fvar%2Frun%2Fdocker.sock/_ping:
dial unix /var/run/docker.sock: connect: permission denied -
If SELinux is enabled on the Docker daemon, make sure you run
MKE with "docker run --security-opt label=disable -v /var/run/docker.sock:/var/run/docker.sock ..."
To backup MKE with SELinux enabled at the daemon level:
docker container run \
--rm \
--interactive \
--name ucp \
--security-opt label=disable \
--volume /var/run/docker.sock:/var/run/docker.sock \
mirantis/ucp:3.x.y \
backup <command-options> > backup.tar