Skip to content

Backups Strategy

cintiadr edited this page Sep 15, 2017 · 32 revisions

Backups should be kept in S3 (bucket openmrs-backups). S3 is configured to archive to Glacier after 30 days, and delete after 6 months (deleting before 3 months is actually more expensive).

Each server will have a separate access key pair, which only allows writes into a specific folder of the S3 bucket. Those keys are created by terraform, and can be see as terraform 'outputs'.

So, on each server, there should be:

  • A user 'backup-s3' to upload files
  • A cron task or equivalent which will get all relevant files into /opt/backups
  • AWS credentials for that server
  • Python and aws-cli installed
  • Cron task to upload all files in /opt/backups to s3://openmrs-backups/// and delete them on disk on completion.

Exception is talk/discourse. Discourse is configured to upload its backups straight to S3, bucket openmrs-talk-backups.

How to upload manual backups

For all manually uploaded backups, use S3 bucket openmrs-manual-backup.

  • On AWS console, create a new key pair for your user. Go to IAM Users -> {Your User} -> Security Credentials -> Create access key. Download the csv file, and keep it safe!
  • On AWS console, go to S3 -> 'openmrs-manual-backup'. Verify there's a folder for the product you are uploading the backups. Otherwise, create a folder now.
  • Install aws cli on a machine with the backups pip install awscli
  • Run 'aws configure' on the machine containing the file(s) to be backed up. Add the access key created before, and region 'us-west-2'.
  • Run aws cli to upload files to the s3 bucket. For example: aws s3 cp backup-2016-09-03.tgz s3://openmrs-manual-backup/nexus/backup-2016-09-03.tgz to upload a file to the folder nexus.
  • After the uploads, please deactivate the access key from the amazon console. You should always activate an access key every time there's a desire to upload something and deactivate it afterwards.
Clone this wiki locally