To restore a system, the following prerequisites must be met:
-
A fresh Carbon Black EDR server (or an old snapshot) installation must be available on which to restore the backup files. All restoration activities require that Carbon Black EDR be placed in a stopped state.
-
In a clustered environment, the server must have the same configuration for the primary node and minions as the system that was backed up.
-
The new server(s) must be installed on the same version of the server(s) from which the backups were taken (for example, 7.5.0).
To restore:
-
Restore entries to /etc/hosts.
-
Put tar files on the server(s).
-
Remove data from the fresh install:
rm -rf /etc/cb rm -rf /var/cb
-
Restore items from the tar files:
for f in *.tar; do tar -P -xvf "$f"; done
-
Set SE Linux permissions by issuing the following commands. Depending on which package is installed, some commands might fail, but it is safe to proceed.
chcon -R system_u:object_r:rabbitmq_var_lib_t:s0 /var/cb/data/rabbitmq/ chcon -R system_u:object_r:var_log_t:s0 /var/log/cb/redis chcon -R system_u:object_r:redis_log_t:s0 /var/log/cb/redis/*.log && chcon -R system_u:object_r:redis_log_t:s0 /var/log/cb/redis/*.log-* chcon -R system_u:object_r:var_log_t:s0 /var/log/cb/redis/* -
If Carbon Black EDR version is 7.3.0 or later, set
CbJavaHome=/usr/lib/jvm/jre-11/in /etc/cb/cb.conf for all nodes. -
Repeat the preceding steps for all cluster minions.
-
Start Carbon Black EDR.
