This topic tells you how to configure automated backups in Redis for VMware Tanzu Application Service.

Comparison of available backup methods

Redis for Tanzu Application Service provides two backup methods, which you can use together or alone.

They are:

  • BOSH Backup and Restore (BBR) - (preferred)
  • Automated service backups

If you have already set up BBR for your VMware Tanzu Application Service for VMs deployment, you might find it easier to use BBR to back up your on-demand Redis service instances, in addition to or instead of, using automated service backups.

The following table summarizes the differences between the two methods:

Backup method Supported services What is backed up
BBR On-demand
  • Data stored in Redis
  • Manifest used to deploy service instance
  • Certain additional configuration including: plan settings such as Redis Client Timeout and arbitrary parameters such as maxmemory-policy
Automated service backups
  • On-demand
  • Shared-VM
Data stored in Redis

Neither backup method backs up other manual changes made to service instances, either using SSH or with the Redis client config command.

For more information, see BOSH Backup and Restore (BBR) for On-Demand Redis for VMware Tanzu Application Service.

Automated service backups

You can configure automatic backups for both on-demand and shared-VM plan types.

Automated backups have the following features:

  • Backups run on a configurable schedule.
  • Every instance is backed up.
  • The Redis broker state file is backed up.
  • Data from Redis is flushed to disk before the backup is started by running a BGSAVE on each instance.
  • You can configure Amazon Web Services (AWS) S3, SCP, Azure, or Google Cloud Storage (GCS) as your destination.

Backup files

When Redis for Tanzu Application Service runs an automated backup, it labels the backups in the following ways:

  • For shared-VM plans, backups are labeled with timestamp, instance GUID, and plan name. Files are stored by date.
  • For on-demand plans, backups are labeled with timestamp and plan name. Files are stored by deployment, then date.

For each backup artifact, Redis for Tanzu Application Service creates a file that contains the MD5 checksum for that artifact. This can be used to check that the artifact is not corrupted.

Configuring backups

Redis for Tanzu Application Service automatically backs up databases to external storage.

  • How and where: There are four options for how automated backups transfer backup data and where the data saves to:

    • Option 1: Back Up with AWS: Redis for Tanzu Application Service runs an Amazon S3 client that saves backups to an S3 bucket.
    • Option 2: Back Up with SCP: Redis for Tanzu Application Service runs an SCP command that secure-copies backups to a VM or physical machine operating outside the deployment. SCP stands for secure copy protocol, and offers a way to securely transfer files between two hosts. The operator provisions the backup machine separately from their installation. This is the fastest option.
    • Option 3: Back Up to GCS: Redis for Tanzu Application Service runs an GCS SDK that saves backups to an Google Cloud Storage bucket.
    • Option 4: Back Up to Azure: Redis for Tanzu Application Service runs an Azure SDK that saves backups to an Azure storage account.
  • When: Backups follow a schedule that you specify with a cron expression.

    For general information about cron, see package cron.

To configure automated backups, follow these procedures according to the option you choose for external storage.

Option 1: Back up with AWS

To back up your database to an Amazon S3 bucket:

Create a policy and access key

Redis for Tanzu Application Service accesses your S3 store through a user account. VMware recommends that this account be solely for Redis for Tanzu Application Service. You must apply a minimal policy that lets the user account upload backups to your S3 store.

Do the following to create a policy and access key:

  1. Go to the AWS Console and log in.
  2. To create a new custom policy, go to IAM > Policies > Create Policy > Create Your Own Policy and paste in the following permissions:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListBucket",
                    "s3:ListBucketMultipartUploads",
                    "s3:ListMultipartUploadParts",
                    "s3:PutObject"
                ],
                "Resource": [
                    "arn:aws:s3:::MY-BUCKET-NAME",
                    "arn:aws:s3:::MY-BUCKET-NAME/*"
                ]
            }
        ]
    }
    

    Where MY-BUCKET-NAME is the name of your S3 bucket.

    If the S3 bucket does not already exist, add s3:CreateBucket to the Action list to create it.

  3. (Recommended) Create a new user for Redis for Tanzu Application Service and record its Access Key ID and Secret Access Key, the user credentials.

  4. (Recommended) Attach the policy you created to the AWS user account that Redis for Tanzu Application Service will use to access S3. Go to IAM > Policies > Policy Actions > Attach.

Configuring backups in Tanzu Operations Manager

Do the following to connect Redis for Tanzu Application Service to your S3 account:

  1. Go to the Tanzu Operations Manager Installation Dashboard and click the Redis for Tanzu Application Service tile.
  2. Click Backups.
  3. Under Backup configuration, select AWS S3.

    The Configure blob store for Redis backups pane in Ops Manager with AWS S3 selected. See following step for a description of other fields.

  4. Fill in the fields as follows:

    Field Description Mandatory/optional
    Access Key ID The access key for your S3 account Mandatory
    Secret Access Key The Secret Key associated with your Access Key Mandatory
    Endpoint URL The endpoint of your S3 account, such as http://s3.amazonaws.com Optional, defaults to http://s3.amazonaws.com if not specified
    Bucket Name Name of the bucket where to store the backup Mandatory
    Bucket Path Path inside the bucket to save backups to Mandatory
    CA Certificate CA certificate used to verify the connection to the S3 bucket Optional
    Cron Schedule Backups schedule in crontab format. For example, once daily at 2am is * 2 * * *. This field also accepts a pre-defined schedule, such as @yearly, @monthly, @weekly, @daily, @hourly, or @every TIME, where TIME is any supported time string, such as 1h30m. For more information, see the cron package documentation. Mandatory
    Backup timeout The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to your configured destination. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. Mandatory
  5. Click Save.

Option 2: Back up with SCP

To back up your database using SCP:

(Recommended) Create a public and private key pair

Redis for Tanzu Application Service accesses a remote host as a user with a private key for authentication. VMware recommends that this user and keypair be solely for Redis for Tanzu Application Service.

Do the following to create a new public and private keypair for authenticating:

  1. Determine the remote host to use to store backups for Redis for Tanzu Application Service. Ensure that the Redis service instances can access the remote host. VMware recommends using a VM outside the deployment for the destination of SCP backups. As a result, you might need to enable public IPs for the Redis VMs.
  2. Create a new user for Redis for Tanzu Application Service on the destination VM.
  3. Create a new public and private keypair for authenticating as the above user on the destination VM.

Configuring backups in Tanzu Operations Manager

Do the following to connect Redis for Tanzu Application Service to your destination VM:

  1. Go to the Tanzu Operations Manager Installation Dashboard and click the Redis for Tanzu Application Service tile.
  2. Click Backups.
  3. Under Backup configuration, select SCP.

    The Configure blob store for Redis backups pane in Ops Manager with the SCP radio button selected. See the following step for a detailed description of the other fields.

  4. Fill in the fields as follows:

    Field Description Mandatory/optional
    Username The username to use for transferring backups to the SCP server Mandatory
    Private Key The private SSH key of the user configured in Username Mandatory
    Host name The host name or IP address of the SCP server Mandatory
    Destination Directory The path in the SCP server, where the backups will be transferred Mandatory
    SCP Port The SCP port of the SCP server Mandatory
    Cron Schedule Backups schedule in crontab format. For example, once daily at 2am is * 2 * * *. This field also accepts a pre-defined schedule, such as @yearly, @monthly, @weekly, @daily, @hourly, or @every TIME, where TIME is any supported time string, such as 1h30m. For more information, see the cron package documentation. Mandatory
    Backup timeout The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to the SCP server. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. Mandatory
    Fingerprint The fingerprint of the public key of the SCP server. To retrieve the server’s fingerprint, run ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub. Optional
  5. Click Save.

Option 3: Back up with GCS

To back up your database using GCS:

Create a service account

Redis for Tanzu Application Service accesses your GCS store through a service account. VMware recommends that this account be solely for Redis for Tanzu Application Service. You must apply a minimal policy that lets the user account upload backups to your GCS store.

Do the following to create a service account with the correct permissions:

  1. In the GCS console, create a new service account for Redis for Tanzu Application Service: IAM and Admin > Service Accounts > Create Service Account.
  2. Enter a unique name in the Service account name field, such as Redis-for-VMware-Tanzu.
  3. In the Roles dropdown, grant the new service account the Storage Admin role.
  4. Select the Furnish a new private key checkbox so that a new key is created and downloaded.
  5. Click Create and take note of the name and location of the service account JSON file that is downloaded.

Configuring backups in Tanzu Operations Manager

Do the following to connect Redis for Tanzu Application Service to GCS:

  1. Go to the Tanzu Operations Manager Installation Dashboard and click the Redis for Tanzu Application Service tile.
  2. Click Backups.
  3. Under Backup configuration, select GCS.

    The Configure blob store for Redis backups pane in Ops Manager with the GCS radio button selected. See the following step for a detailed description of the other fields.

  4. Fill in the fields as follows:

    Field Description Mandatory/optional
    Project ID Google Cloud Platform (GCP) Project ID Mandatory
    Bucket name Name of the bucket where to store the backup Mandatory
    Service account private key The JSON secret key associated with your service account Mandatory
    Cron Schedule Backups schedule in crontab format. For example, once daily at 2am is * 2 * * *. This field also accepts a pre-defined schedule, such as @yearly, @monthly, @weekly, @daily, @hourly, or @every TIME, where TIME is any supported time string, such as 1h30m. For more information, see the cron package documentation. Mandatory
    Backup timeout The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to your configured destination. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. Mandatory
  5. Click Save.

Back up to Azure

Do the following to back up your database to an Azure storage account:

  1. Go to the Tanzu Operations Manager Installation Dashboard and click the Redis for Tanzu Application Service tile.
  2. Click Backups.
  3. Under Backup configuration, select Azure.

    The Configure blob store for Redis backups pane in Ops Manager with the Azure radio button selected. See the following step for a description of the other fields.

  4. Fill in the fields as follows:

    Field Description Mandatory/optional
    Account Account name Mandatory
    Azure Storage Access Key Azure specific credentials required to write to the Azure container Mandatory
    Container Name Name of the Azure container where to store the backup Mandatory
    Destination Directory Directory within the Azure container to store the backup files to Mandatory
    Blob Store Base URL URL pointing to Azure resource Optional
    Cron Schedule Backups schedule in crontab format. For example, once daily at 2am is * 2 * * *. This field also accepts a pre-defined schedule, such as @yearly, @monthly, @weekly, @daily, @hourly, or @every TIME, where TIME is any supported time string, such as 1h30m. For more information, see the cron package documentation. Mandatory
    Backup timeout The amount of time, in minutes, that the backup process waits for the BGSAVE command to complete on your instance before transferring the RDB file to your configured destination. If the timeout is reached, BGSAVE continues but backups fail and are not uploaded. Mandatory
  5. Click Save.

Back up and restore manually

To back up or restore Redis manually, see Manually backing up and restoring Redis for Tanzu Application Service.

check-circle-line exclamation-circle-line close-line
Scroll to top icon