This topic tells you how to configure automated backups in Redis for VMware Tanzu Application Service.
Redis for Tanzu Application Service provides two backup methods, which you can use together or alone.
They are:
If you have already set up BBR for your VMware Tanzu Application Service for VMs deployment, you might find it easier to use BBR to back up your on-demand Redis service instances, in addition to or instead of, using automated service backups.
The following table summarizes the differences between the two methods:
Backup method | Supported services | What is backed up |
---|---|---|
BBR | On-demand |
|
Automated service backups |
|
Data stored in Redis |
Neither backup method backs up other manual changes made to service instances, either using SSH or with the Redis client config
command.
For more information, see BOSH Backup and Restore (BBR) for On-Demand Redis for VMware Tanzu Application Service.
You can configure automatic backups for both on-demand and shared-VM plan types.
Automated backups have the following features:
BGSAVE
on each instance.When Redis for Tanzu Application Service runs an automated backup, it labels the backups in the following ways:
For each backup artifact, Redis for Tanzu Application Service creates a file that contains the MD5 checksum for that artifact. This can be used to check that the artifact is not corrupted.
Redis for Tanzu Application Service automatically backs up databases to external storage.
How and where: There are four options for how automated backups transfer backup data and where the data saves to:
When: Backups follow a schedule that you specify with a cron expression.
For general information about cron, see package cron.
To configure automated backups, follow these procedures according to the option you choose for external storage.
To back up your database to an Amazon S3 bucket:
Redis for Tanzu Application Service accesses your S3 store through a user account. VMware recommends that this account be solely for Redis for Tanzu Application Service. You must apply a minimal policy that lets the user account upload backups to your S3 store.
Do the following to create a policy and access key:
To create a new custom policy, go to IAM > Policies > Create Policy > Create Your Own Policy and paste in the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::MY-BUCKET-NAME",
"arn:aws:s3:::MY-BUCKET-NAME/*"
]
}
]
}
Where MY-BUCKET-NAME
is the name of your S3 bucket.
If the S3 bucket does not already exist, add s3:CreateBucket
to the Action
list to create it.
(Recommended) Create a new user for Redis for Tanzu Application Service and record its Access Key ID and Secret Access Key, the user credentials.
(Recommended) Attach the policy you created to the AWS user account that Redis for Tanzu Application Service will use to access S3. Go to IAM > Policies > Policy Actions > Attach.
Do the following to connect Redis for Tanzu Application Service to your S3 account:
Under Backup configuration, select AWS S3.
Fill in the fields as follows:
Field | Description | Mandatory/optional |
---|---|---|
Access Key ID | The access key for your S3 account | Mandatory |
Secret Access Key | The Secret Key associated with your Access Key | Mandatory |
Endpoint URL | The endpoint of your S3 account, such as http://s3.amazonaws.com |
Optional, defaults to http://s3.amazonaws.com if not specified |
Bucket Name | Name of the bucket where to store the backup | Mandatory |
Bucket Path | Path inside the bucket to save backups to | Mandatory |
CA Certificate | CA certificate used to verify the connection to the S3 bucket | Optional |
Cron Schedule | Backups schedule in crontab format. For example, once daily at 2am is * 2 * * * . This field also accepts a pre-defined schedule, such as @yearly , @monthly , @weekly , @daily , @hourly , or @every TIME , where TIME is any supported time string, such as 1h30m . For more information, see the cron package documentation. |
Mandatory |
Backup timeout | The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to your configured destination. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. |
Mandatory |
To back up your database using SCP:
Redis for Tanzu Application Service accesses a remote host as a user with a private key for authentication. VMware recommends that this user and keypair be solely for Redis for Tanzu Application Service.
Do the following to create a new public and private keypair for authenticating:
Do the following to connect Redis for Tanzu Application Service to your destination VM:
Under Backup configuration, select SCP.
Fill in the fields as follows:
Field | Description | Mandatory/optional |
---|---|---|
Username | The username to use for transferring backups to the SCP server | Mandatory |
Private Key | The private SSH key of the user configured in Username |
Mandatory |
Host name | The host name or IP address of the SCP server | Mandatory |
Destination Directory | The path in the SCP server, where the backups will be transferred | Mandatory |
SCP Port | The SCP port of the SCP server | Mandatory |
Cron Schedule | Backups schedule in crontab format. For example, once daily at 2am is * 2 * * * . This field also accepts a pre-defined schedule, such as @yearly , @monthly , @weekly , @daily , @hourly , or @every TIME , where TIME is any supported time string, such as 1h30m . For more information, see the cron package documentation. |
Mandatory |
Backup timeout | The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to the SCP server. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. |
Mandatory |
Fingerprint | The fingerprint of the public key of the SCP server. To retrieve the server’s fingerprint, run ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub . |
Optional |
Click Save.
To back up your database using GCS:
Redis for Tanzu Application Service accesses your GCS store through a service account. VMware recommends that this account be solely for Redis for Tanzu Application Service. You must apply a minimal policy that lets the user account upload backups to your GCS store.
Do the following to create a service account with the correct permissions:
Redis-for-VMware-Tanzu
.Do the following to connect Redis for Tanzu Application Service to GCS:
Under Backup configuration, select GCS.
Fill in the fields as follows:
Field | Description | Mandatory/optional |
---|---|---|
Project ID | Google Cloud Platform (GCP) Project ID | Mandatory |
Bucket name | Name of the bucket where to store the backup | Mandatory |
Service account private key | The JSON secret key associated with your service account | Mandatory |
Cron Schedule | Backups schedule in crontab format. For example, once daily at 2am is * 2 * * * . This field also accepts a pre-defined schedule, such as @yearly , @monthly , @weekly , @daily , @hourly , or @every TIME , where TIME is any supported time string, such as 1h30m . For more information, see the cron package documentation. |
Mandatory |
Backup timeout | The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to your configured destination. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. |
Mandatory |
Do the following to back up your database to an Azure storage account:
Under Backup configuration, select Azure.
Fill in the fields as follows:
Field | Description | Mandatory/optional |
---|---|---|
Account | Account name | Mandatory |
Azure Storage Access Key | Azure specific credentials required to write to the Azure container | Mandatory |
Container Name | Name of the Azure container where to store the backup | Mandatory |
Destination Directory | Directory within the Azure container to store the backup files to | Mandatory |
Blob Store Base URL | URL pointing to Azure resource | Optional |
Cron Schedule | Backups schedule in crontab format. For example, once daily at 2am is * 2 * * * . This field also accepts a pre-defined schedule, such as @yearly , @monthly , @weekly , @daily , @hourly , or @every TIME , where TIME is any supported time string, such as 1h30m . For more information, see the cron package documentation. |
Mandatory |
Backup timeout | The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to your configured destination. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. |
Mandatory |
Click Save.
To back up or restore Redis manually, see Manually backing up and restoring Redis for Tanzu Application Service.