-
Notifications
You must be signed in to change notification settings - Fork 9
Backups Strategy
cintiadr edited this page Sep 15, 2017
·
32 revisions
Backups should be kept in S3 (bucket openmrs-backups). S3 is configured to archive to Glacier after 30 days, and delete after 6 months (deleting before 3 months is actually more expensive).
Each server will have a separate access key pair, which only allows writes into a specific folder of the S3 bucket. Those keys are created by terraform, and can be see as terraform 'outputs'.
So, on each server, there should be:
- A user 'backup-s3' to upload files
- A cron task or equivalent which will get all relevant files into /opt/backups
- AWS credentials for that server
- Python and aws-cli installed
- Cron task to upload all files in /opt/backups to s3://openmrs-backups/// and delete them on disk on completion.
Exception is talk/discourse. Discourse is configured to upload its backups straight to S3, bucket openmrs-talk-backups.
For all manually uploaded backups, use S3 bucket openmrs-manual-backup.
- On AWS console, create a new key pair for your user. Go to IAM Users -> {Your User} -> Security Credentials -> Create access key. Download the csv file, and keep it safe!
- On AWS console, go to S3 -> 'openmrs-manual-backup'. Verify there's a folder for the product you are uploading the backups. Otherwise, create a folder now.
- Install aws cli on a machine with the backups
pip install awscli
- Run 'aws configure' on the machine containing the file(s) to be backed up. Add the access key created before, and region 'us-west-2'.
- Run aws cli to upload files to the s3 bucket. For example:
aws s3 cp backup-2016-09-03.tgz s3://openmrs-manual-backup/nexus/backup-2016-09-03.tgz
to upload a file to the folder nexus. - After the uploads, please deactivate the access key from the amazon console. You should always activate an access key every time there's a desire to upload something and deactivate it afterwards.
Read this before updating this wiki.