//Cloudogu EcoSystem Docs

Backup and Restore (B&R)

Introduction

A supported feature of cesapp is backing up and restoring the most important thing in a Cloudogu EcoSystem (CES): The user's data as well as data that is vital to a running CES instance. Backup and restore is powered by restic which features fast backup cycles combined with strong encryption.

This document describes some aspects of B&R that go beyond day-to-day usage.

What is a Backup?

This chapter describes what makes a backup created by the cesapp.

In terms of backing up data, a CES consists of several individual points of data:

  • Dogu meta data (dogu.json)
  • Dogu volumes that contain the dogu's production data
  • CES instance configuration
  • registry data for dogus and the instance

As a cesapp design decision, each point of data is backed up with a single restic snapshot in order to gain precise control. A snapshot is restic's own way to make saved files and directories addressable. A snapshot ID identifies uniquely a single snapshot. In a way a snapshot ID is roughly comparable to Git commit hashes.

The result of a CES backup is a list of many snapshots. The cesapp hides this complexity by grouping all snapshots so a backup can be easily addressed by the administrator. Technically, all restic snapshots are tagged with a uniquely generated Backup ID. When listing existing backups or even restoring to an earlier state, Backup IDs are the way to visualize and address the data from single backup runs.

Handling uninitialized backup repositories

This chapter describes how cesapp detects an uninitialized backup repository and how a necessary initialization is automated for the ease of use.

The cesapp supports the administrator in many ways and removes unnecessary and repetitive tasks while working with backups, including initializing a backup repository when necessary.

A restic repository is the place in which the backup data reside. Independently of the way where the backup data should be stored (local, S3, SFTP), a backup repository needs to be initialized in order to securely store data. This can be done exactly once and (the storage parameters aside) needs at least an encryption key.

restic does not provide a dedicated command to test if a backup repository has already been initialized. The usual way is to test it with restic snapshots, which may have two different outcomes, and how the cesapp reacts:

Repository state Exit code Output Reaction
uninitialized 1 unable to open config file or Is there a repository at the following location? cesapp initializes a backup repository at the configured address with the configured encryption key.
initialized 0 a list with zero or more snapshots cesapp keeps the configured backup repository as-is, neglects the snapshot information, and proceeds with the original backup command.

Any cesapp command that touches a backup repository will check if a backup repository has been initialized beforehand in such a way. If this is not the case, the cesapp will automatically initialize the repository with the data provided by the CES registry.

Handling wrong encryption keys

This chapter describes what happens if a wrong encryption key was provided.

In the previous chapter we learned that a backup repository must be secured with an encryption key. restic does not provide a dedicated command to test if the given encryption key matches with that of the backup repository. Given the repository was already initialized, a usual way to test the correctness of the encryption key is to execute restic snapshots.

Since we do not know if the repository was initialized beforehand, that call may result in these different outcomes, and how the cesapp reacts:

Repository state encryption key Exit code Output Reaction
uninitialized * 1 Fatal: unable to open config file or Is there a repository at the following location? cesapp initializes a backup repository; see above
initialized incorrect 1 Fatal: wrong password or no key found cesapp fails the backup command with an appropriate error message
initialized correct 0 a list with zero or more snapshots cesapp keeps the configured backup repository as-is, neglects the snapshot information, and proceeds with the original backup command.