This topic describes the procedure for backing up your critical back-end components with BOSH Backup and Restore (BBR), a command-line tool for backing up and restoring BOSH deployments. To restore your backup, see Restoring Deployments from Backup with BBR.
For BBR release notes, see BOSH Backup and Restore Release Notes in the Cloud Foundry documentation.
During the backup, BBR stops the Cloud Controller API and the Cloud Controller workers to create a consistent backup. API functionality is affected, such as when pushing apps or using the Cloud Foundry Command Line Interface (cf CLI). The deployed apps do not experience downtime.
If the Cloud Controller API and workers are stopped during a backup, any services that rely on the API and workers are not functional during that backup.
Most of the effected components are stopped and restarted after a successful backup.
As of TAS for VMs v2.11, these components are:
For examples of the effect of component unavailability:
Autoscaler is unable to scale apps during a backup.
Any component within the TAS for VMs deployment that contains lock or unlock scripts for backup is temporarily unavailable during backup process.
UAA is in read-only mode for the duration of the backup.
VMware recommends:
Follow the full procedure documented in this topic when creating a backup. This ensures that you always have a consistent backup to restore from.
Back up frequently, especially before making any changes to your deployment, such as the configuration of any tiles in Ops Manager.
You can prune the BOSH blobstore by running bosh clean-up --all
before you run a backup of the BOSH Director. The command removes all unused resources including packages compiled against older stemcell versions. If a lot of unused resources have accumulated over time, you create a smaller, faster backup of the BOSH Director. For more information see Clean-Up in the BOSH documentation.
Note: Running the bosh clean-up --all
command is a destructive operation and can remove resources that are unused but needed. For example, if an On-Demand Service Broker is deployed and no service instances have been created, the releases needed to create a service instance are categorized as unused.
BBR is a binary that can back up and restore BOSH deployments and BOSH Directors. BBR requires that the backup targets supply scripts that implement the backup and restore functions. BBR can communicate securely with external blobstores and databases, using TLS, if these are configured accordingly.
BBR can back up VMware Tanzu Application Service for VMs (TAS for VMs) and BOSH Director.
BBR can back up and restore TAS for VMs configured with:
An internal MySQL database or a supported external database. For a list of supported external databases, see Supported External Databases in Configuring Cloud Foundry for BOSH Backup and Restore in the Cloud Foundry documentation.
An internal WebDAV/NFS blobstore, an external Amazon S3 or S3-compatible blobstore, or an external Azure blobstore.
For guidance about backing up unsupported databases and blobstores, see Unsupported External Blobstores and Databases in TAS for VMs.
BBR can back up and restore the BOSH Director configured with:
An internal PostgreSQL database or a supported external database. As part of backing up the BOSH Director, BBR backs up the BOSH UAA database and the CredHub database. For a list of supported external databases, see Supported External Databases in Configuring Cloud Foundry for BOSH Backup and Restore in the Cloud Foundry documentation.
An internal blobstore or an external versioned S3 blobstore.
Note: BBR support for backing up and restoring external databases and blobstores varies across Ops Manager versions. For more information, see External Storage Support Across Ops Manager Versions.
You can use BBR to back up and restore the following types of external database and blobstore configurations:
Deployment Type | External Storage Type |
---|---|
TAS for VMs |
|
BOSH Director |
|
*Any S3 clone that supports the versioning API.
If you configured an unsupported external blobstore or an unsupported external database in TAS for VMs, see the following guidelines to perform a backup successfully:
Scenario | Action |
---|---|
You configured a supported database and an unsupported external blobstore in TAS for VMs. | Follow the backup procedures and copy the external blobstore by using the IaaS-specific tool. |
You configured an unsupported external database and a supported blobstore in TAS for VMs. | Follow the backup procedures and copy the external database by using the IaaS-specific tool. |
You configured both an unsupported external database and an unsupported external blobstore in TAS for VMs. | Follow the backup procedures but skip Back Up Your TAS for VMs Deployment. Copy the external database and blobstore by using the IaaS-specific tool. |
Caution: You might encounter inconsistencies between the blobstore and database. If apps do not appear during a restore, re-push those apps.
Caution: BBR does not currently back up any service data.
When backing up services:
BBR backs up and restores the service bindings, but not the service data.
You can redeploy on-demand service instances manually during restore, but the data in the instance is not backed up.
BBR does not back up managed services or their data.
You can back up and restore brokered services with the procedures documented in this topic and in Restoring Deployments from Backup with BBR.
BBR examines the jobs in the BOSH deployment, and triggers the scripts in the following stages:
Pre-backup lock: The pre-backup lock scripts locks the job so backups are consistent across the cluster.
Backup: The backup script backs up the release.
Post-backup unlock: The post-backup unlock script unlocks the job after the backup is complete.
Scripts in the same stage are all triggered together. For instance, BBR triggers all pre-backup lock scripts before any backup scripts. Scripts within a stage can be triggered in any order.
The backup artifacts are drained to the jumpbox, where the operator can transfer them to storage and use them to restore the deployment.
The diagram shows a sample backup flow. A detailed description follows.
An operator runs bbr backup pcf-deployment
on the jumpbox.
BBR calls the following backup scripts on the deployment:
backup-lock
backup
backup-unlock
BBR transfers the backup artifacts from the deployment to the jumpbox.
BBR transfers the backup artifacts from the jumpbox to a secondary backup store that is outside of the network or Availability Zone.
You must have a jumpbox before you can install BBR to the jumpbox. A jumpbox is a separate, hardened server on your network that provides a controlled means of access to the VMs other computers on your network.
VMware recommends using the Ops Manager VM as your jumpbox. If you use the Ops Manager VM as your jumpbox, the path to the root certificate authority (CA) is:
/var/tempest/workspaces/default/root_ca_certificate
You must use this path to run BBR commands.
As an alternative to using the Ops Manager VM as your jumpbox, you can:
Use Concourse to back up a deployment using BBR. For more information, see the BBR PCF Pipeline Tasks repository on GitHub.
Configure a custom jumpbox. For more information, see Configuring a custom jumpbox for BBR in the Knowledge Base.
To retrieve the Cloud Controller database encryption credentials from the TAS for VMs tile:
Navigate to the Ops Manager Installation Dashboard.
Click the TAS for VMs tile.
Select Credentials.
Locate the Cloud Controller section.
Record the Db Encryption Credentials. You must provide these credentials when you contact Support for help restoring your installation.
To use BBR, you must retrieve and record the following credentials:
There are two ways to retrieve BOSH Director credentials:
Option 1: Ops Manager Installation Dashboard
To retrieve your BOSH Director credentials using the Ops Manager Installation Dashboard:
Navigate to the Ops Manager Installation Dashboard.
Click the BOSH Director tile.
Click the Credentials tab.
Locate Director Credentials.
identity
field. It should be director
.password
field.Locate Bbr Ssh Credentials.
private_key_pem
field.Reformat the copied value and save it in the current directory to a file named PRIVATE-KEY-FILE
. Run:
printf -- "YOUR-PRIVATE-KEY" > PRIVATE-KEY-FILE
Where:
YOUR-PRIVATE-KEY
is the text of your private key.PRIVATE-KEY-FILE
is the path to the private key file you are creating.For example:
$ printf -- "-----BEGIN RSA PRIVATE KEY----- MIIEkeycontents ----END RSA PRIVATE KEY-----" > bbr_key.pem
Locate Uaa Bbr Client Credentials.
identity
field. It should be bbr_client
.password
field.Option 2: Ops Manager API
To retrieve BOSH Director credentials using the Ops Manager API:
Obtain your UAA access token. For more information, see Access the API in Using the Ops Manager API.
Retrieve the Director Credentials.
Run:
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/director_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.UAA-ACCESS-TOKEN
is your UAA access token.Verify the value of the identity
field. It should be director
.
password
field.Retrieve Bbr Ssh Credentials.
Run:
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/bbr_ssh_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.UAA-ACCESS-TOKEN
is your UAA access token.Copy the value of the private_key_pem
field.
Reformat the copied value and save it in the current directory to a file named PRIVATE-KEY-FILE
. Run:
printf -- "YOUR-PRIVATE-KEY" > PRIVATE-KEY-FILE
Where:
YOUR-PRIVATE-KEY
is the text of your private key.PRIVATE-KEY-FILE
is the path to the private key file you are creating.For example:
$ printf -- "-----BEGIN RSA PRIVATE KEY----- MIIEkeycontents ----END RSA PRIVATE KEY-----" > bbr_key.pem
Retrieve Uaa Bbr Client Credentials.
Run:
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/uaa_bbr_client_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
Where:
OPS-MAN-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.UAA-ACCESS-TOKEN
is your UAA access token.Verify the value of the identity
field. It should be bbr_client
.
password
field.For more information about using the Ops Manager API, see Using the Ops Manager API.
To retrieve the IP address of your BOSH Director from the BOSH Director tile:
If you are not using the Ops Manager VM as your jumpbox, install the latest BOSH CLI on your jumpbox.
From the Installation Dashboard in Ops Manager, select BOSH Director > Status and record the IP address listed for the Director. You access the BOSH Director using this IP address.
From the command line, log in to the BOSH Director, using the IP address that you recorded above. Run:
bosh -e DIRECTOR-IP \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE log-in
Where:
DIRECTOR-IP
is the BOSH Director IP address recorded above.PATH-TO-BOSH-SERVER-CERTIFICATE
is the path to the root Certificate Authority (CA) certificate as outlined in Set Up your Jumpbox.When prompted for Email (), specify director
.
When prompted for Password (), enter the Director Credentials that you obtained in Retrieve BOSH Director Credentials.
For example:
$ bosh -e 10.0.0.3 \ --ca-cert /var/tempest/workspaces/default/root_ca_certificate log-in Email (): director Password (): ******************* Successfully authenticated with UAA Succeeded
This section describes the procedures you must perform to confirm that your BOSH Director is reachable and can be backed up.
You can establish a connection to your jumpbox in one of the following ways:
Note: These procedures require that you have a jumpbox configured for SSH access. If you do not have a jumpbox, see Enabling SSH Access and Tunneling in the BOSH documentation.
To connect to your jumpbox with SSH, perform one of these steps:
If you are using the Ops Manager VM as your jumpbox, log in to the Ops Manager VM. For more information, see Log Into the Ops Manager VM with SSH.
To connect to your jumpbox using the command line, run:
ssh -i PATH-TO-KEY JUMPBOX-USERNAME@JUMPBOX-ADDRESS
Where:
PATH-TO-KEY
is the local path to your private key file for the jumpbox host.JUMPBOX-USERNAME
is your jumpbox username.JUMPBOX-ADDRESS
is the IP address or hostname of the jumpbox.Note: If you connect to your jumpbox with SSH, you must run the BBR commands in this topic from within your jumpbox.
Option 2: Connect with BOSH_ALL_PROXY
You can use the environment variable BOSH_ALL_PROXY
to open an SSH tunnel with SOCKS5 to the jumpbox. This tunnel enables you to forward requests from your local machine to the BOSH Director through the jumpbox. When BOSH_ALL_PROXY
is set, the BBR CLI uses its value to forward requests to the BOSH Director.
Note: For the following procedures to work, ensure the SOCKS port is not already in use by a different tunnel or process.
Note: Using BOSH_ALL_PROXY
can result in longer backup and restore times due to network performance degradation. All operations must pass through the proxy, so moving backup artifacts can be significantly slower.
To connect with BOSH_ALL_PROXY
, perform one of the following procedures:
To establish the tunnel separately from the BOSH CLI:
Establish the tunnel and make it available on a local port by running:
ssh -4 -D SOCKS-PORT -fNC JUMPBOX-USERNAME@JUMPBOX-ADDRESS -i JUMPBOX-KEY-FILE -o ServerAliveInterval=60
Where:
SOCKS-PORT
is the local SOCKS port.JUMPBOX-USERNAME
is your jumpbox username.JUMPBOX-ADDRESS
is the IP address or hostname of the jumpbox.JUMPBOX-KEY-FILE
is the local SSH private key for accessing the jumpbox.Provide the BOSH CLI with access to the tunnel using the BOSH_ALL_PROXY
environment variable by running:
export BOSH_ALL_PROXY=socks5://localhost:SOCKS-PORT
Where is SOCKS-PORT
is your local SOCKS port.
To establish the tunnel using the BOSH CLI:
Provide the BOSH CLI with the necessary SSH credentials to create the tunnel by running:
export BOSH_ALL_PROXY=ssh+socks5://JUMPBOX-USERNAME@JUMPBOX-ADDRESS:SOCKS-PORT?private_key=JUMPBOX-KEY-FILE
Where:
JUMPBOX-USERNAME
is your jumpbox username.JUMPBOX-ADDRESS
is the IP address or hostname of the jumpbox.SOCKS-PORT
is the local SOCKS port.JUMPBOX-KEY-FILE
is the local SSH private key for accessing the jumpbox.Caution: In BBR v1.5.0 and earlier, the tunnel created by the BOSH CLI does not include the ServerAliveInterval
flag. This might cause your SSH connection to time out when transferring large artifacts. In BBR v1.5.1, the ServerAliveInterval
flag is included. For more information, see bosh-backup-and-restore on GitHub.
To check your BOSH Director:
Run:
bbr director \
--private-key-path PRIVATE-KEY-FILE \
--username bbr \
--host HOST \
pre-backup-check
Where:
PRIVATE-KEY-FILE
is the path to the private key file that you created from Bbr Ssh Credentials in Step 3: Retrieve BOSH Director Credentials.HOST
is the address of the BOSH Director. If the BOSH Director is public, HOST is a URL, such as https://bosh.xxx.cf-app.com
. Otherwise, HOST
is the BOSH-DIRECTOR-IP
you retrieved in Step 4: Retrieve BOSH Director Address.Note: To enable debug logs, use the optional --debug
flag. For more information, see Logging.
After the pre-backup check succeeds, continue to Step 6: Confirm Backup Restore Node is Deployed. If the pre-backup check fails, the BOSH Director might not have the correct backup scripts or the connection to the BOSH Director might have failed.
When BBR backs up TAS for VMs, it needs a Backup Restore node.
To confirm that the Backup Restore node is deployed:
Navigate to the Ops Manager Installation Dashboard.
Click the TAS for VMs tile.
Select Resource Config.
Find the Backup Restore Node job and check that the Instances dropdown is set to 1
.
If the Instances dropdown is not set to 1
:
1
.To identify the name of the BOSH deployment:
Log in to your BOSH Director.
To identify the name of the BOSH deployment, run:
bosh -e BOSH-DIRECTOR-IP --ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE deployments
Where:
BOSH-DIRECTOR-IP
is the BOSH Director IP you retrieved in Step 4: Retrieve BOSH Director Address.PATH-TO-BOSH-SERVER-CERTIFICATE
is the path to the CA for the BOSH Director.To check that your BOSH Director is reachable and has a deployment that can be backed up:
Run:
bbr deployment \
--target BOSH-DIRECTOR-IP \
--username BOSH-CLIENT \
--password BOSH-PASSWORD \
--deployment DEPLOYMENT-NAME \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE \
pre-backup-check
Where:
BOSH-DIRECTOR-IP
is the BOSH Director IP you retrieved in Step 4: Retrieve BOSH Director Address.BOSH-CLIENT
, BOSH-PASSWORD
are the Uaa Bbr Client Credentials, identity and password, that you retrieved in Step 3: Retrieve BOSH Director Credentials.DEPLOYMENT-NAME
is the deployment name you retrieved in Step 6: Identify Your Deployment.PATH-TO-BOSH-SERVER-CERTIFICATE
is the path to the root CA for the BOSH Director. If you are using the Ops Manager VM as your jumpbox, the path is /var/tempest/workspaces/default/root_ca_certificate
.After the pre-backup check succeeds, continue to Create Your Backup. If the pre-backup check fails, the deployment you selected might not have the correct backup scripts, or the connection to the BOSH Director might have failed.
This section describes the procedures for creating your backup with BBR.
VMware recommends that you back up your Ops Manager installation settings by exporting frequently.
When exporting your installation settings, keep in mind:
This option is only available after you have deployed at least once.
Always export your installation settings before following the procedure in Deploy Ops Manager and Import Installation Settings in Restoring Deployments from Backup with BBR.
Exporting your installation settings only backs up the settings you configured in Ops Manager. It does not back up your VMs or any external MySQL databases.
Your Ops Manager settings are encrypted. Ensure you keep track of your Decryption Passphrase, because you need it to restore the Ops Manager settings.
Note: When exporting installation settings for Ops Manager v1.12 and later, releases are not included in the output file. Releases are now included in the BOSH Director backup, so the output file is much smaller than in previous Ops Manager versions.
There are two ways to export Ops Manager installation settings:
To export your installation settings using the Ops Manager UI:
From the Ops Manager Installation Dashboard, click your username at the top right navigation.
Select Settings.
Select Export Installation Settings.
Click Export Installation Settings. Note the warning: ‘Upgrading Ops Manager may block the upgrade path for certain products. Review Upgrading Ops Manager and verify that an upgrade path exists for your installed products.’
If you want to automate the backup process, you can use the Ops Manager API to export your installation settings.
To export your installation settings using the Ops Manager API:
Run:
curl https://OPS-MANAGER-FQDN/api/v0/installation_asset_collection \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" > installation.zip
Where:
OPS-MANAGER-FQDN
is the fully-qualified domain name (FQDN) for your Ops Manager deployment.UAA-ACCESS-TOKEN
is your UAA access token. For more information, see Access the API in Using the Ops Manager API.backup
command can take a long time to complete, VMware recommends you run it independently of the SSH session so that the process can continue running even if your connection to the jumpbox fails. Use nohup
, a screen
, or a tmux
session.To back up BOSH Director:
Run:
bbr director \
--private-key-path PRIVATE-KEY-FILE \
--username bbr \
--host HOST \
backup
Where:
PRIVATE-KEY-FILE
is the path to the private key file that you created from Bbr Ssh Credentials in Step 3: Retrieve BOSH Director Credentials.HOST
is the address of the BOSH Director:
HOST
is a URL, such as https://bosh.xxx.cf-app.com
.HOST
is the BOSH-DIRECTOR-IP
retrieved in Step 4: Retrieve BOSH Director Address.Note: To enable debug logs, use the optional --debug
flag. For more information, see Logging.
If your backup terminates early or fails, you must perform a cleanup.
To clean up:
Run:
bbr director \
--private-key-path PRIVATE-KEY-FILE \
--username bbr \
--host HOST \
backup-cleanup
Where:
PRIVATE-KEY-FILE
is the path to the private key file that you created from Bbr Ssh Credentials in Step 3: Retrieve BOSH Director Credentials.HOST
is the address of the BOSH Director:
HOST
is a URL, such as https://bosh.xxx.cf-app.com
.HOST
is the BOSH-DIRECTOR-IP
retrieved in Step 4: Retrieve BOSH Director Address.backup
command can take a long time to complete, VMware recommends you run it independently of the SSH session, so that the process can continue running even if your connection to the jumpbox fails. The command above uses nohup
, but you could also run the command in a screen
or tmux
session.To back up your TAS for VMs deployment:
(Optional) If you are not using an internal blobstore or a versioned S3-compatible external blobstore, create a copy of the blobstore with your IaaS-specific tool. Your blobstore backup might be slightly inconsistent with your TAS for VMs backup depending on the duration of time between performing the backups.
Run:
bbr deployment \
--target BOSH-DIRECTOR-IP \
--username BOSH-CLIENT \
--password BOSH-PASSWORD \
--deployment DEPLOYMENT-NAME \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE \
backup
Where:
BOSH-DIRECTOR-IP
is the BOSH Director IP you retrieved in Step 4: Retrieve BOSH Director Address.BOSH-CLIENT
, BOSH-PASSWORD
are the Uaa Bbr Client Credentials, or the identity and password, that you retrieved in Step 3: Retrieve BOSH Director Credentials.DEPLOYMENT-NAME
is the deployment name you retrieved in Step 6: Identify Your Deployment.PATH-TO-BOSH-SERVER-CERTIFICATE
is the path to the CA for the BOSH Director.--debug
flag. For more information, see Logging.--with-manifest
flag. These manifests are included in the Ops Manager export, but are useful for reference.After the command successfully completes, continue to Step 12: Transfer Backup Artifacts. If the command fails:
Run:
bbr deployment \
--target BOSH-DIRECTOR-IP \
--username BOSH-CLIENT \
--password BOSH-PASSWORD \
--deployment DEPLOYMENT-NAME \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE \
backup-cleanup
Where:
BOSH-DIRECTOR-IP
is the BOSH Director IP you retrieved in Step 4: Retrieve BOSH Director Address.BOSH-CLIENT
, BOSH-PASSWORD
are the Uaa Bbr Client Credentials, or the identity and password, that you retrieved in Step 3: Retrieve BOSH Director Credentials.DEPLOYMENT-NAME
is the deployment name you retrieved in Step 6: Identify Your Deployment.PATH-TO-BOSH-SERVER-CERTIFICATE
is the path to the CA for the BOSH Director.--debug
flag. For more information, see Logging.--with-manifest
flag. These manifests are included in the Ops Manager export, but are useful for reference.Run the BBR backup
command again after ensuring that:
This section describes the procedures you must perform after taking your backup.
After creating your backup successfully:
Move the backup artifacts off the jumpbox to your preferred storage space. The backup created by BBR consists of a directory with the backup artifacts and metadata files. VMware recommends compressing and encrypting the files.
Make redundant copies of your backup artifacts and store them in multiple locations to minimize the risk of losing backups in the event of a disaster.
Attempt to restore every backup to validate the artifacts. For more information, see Step 13: Validate Your Backup.
Note: Backup artifacts might contain data covered by European Union regulations. For more information, see European Union's General Data Protection Regulation (GDPR).
After backing up Ops Manager, consider validating your backup by restoring it and checking the apps. BBR is designed for disaster recovery and BBR backups are only compatible with environments matching their source environment’s configuration.
To spin up a second environment and test the backup:
Export your Ops Manager installation by performing the procedure in Step 8: Export Installation Settings.
Create a new Ops Manager VM in a different network to the original. Ensure that the Ops Manager VM has enough persistent disk to accommodate the files exported in the previous step. For more information, see IaaS-Specific Deployment Guidelines in Deploying BOSH and Ops Manager.
Ensure that the restore environment is compatible with the backup. For more information, see Compatibility of Restore in Restoring Deployments from Backup with BBR.
Follow the procedures in Restoring Deployments from Backup with BBR.
For a sandbox or other non-production environment, you can optionally perform an in-place restore of TAS for VMs only. In this case, you restore the TAS for VMs backup to the same Ops Manager environment that the backup was created from. For more information, see Step 12: Redeploy TAS for VMs in Restoring Deployments from Backup with BBR.
BBR outputs logs to stdout. By default, BBR logs:
If you require additional logging, use the optional --debug
flag to print:
To cancel a backup:
Enter CTRL-C
to terminate the BBR process, then enter yes
to confirm.
Run the BBR backup-cleanup
command.
For a canceled director backup, run:
bbr director \
--private-key-path PRIVATE-KEY-FILE \
--username bbr \
--host HOST \
backup-cleanup
Where:
PRIVATE-KEY-FILE
is the path to the private key file that you created from Bbr Ssh Credentials in Step 3: Retrieve BOSH Director Credentials.HOST
is the address of the BOSH Director:
HOST
is a URL, such as https://bosh.xxx.cf-app.com
.HOST
is the BOSH-DIRECTOR-IP
retrieved in Step 4: Retrieve BOSH Director Address.For a canceled deployment backup, run:
bbr deployment \
--target BOSH-DIRECTOR-IP \
--username BOSH-CLIENT \
--password BOSH-PASSWORD \
--deployment DEPLOYMENT-NAME \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE \
backup-cleanup
Where:
BOSH-DIRECTOR-IP
is the BOSH Director IP you retrieved in Step 4: Retrieve BOSH Director Address.BOSH-CLIENT
, BOSH-PASSWORD
are the Uaa Bbr Client Credentials, or the identity and password, that you retrieved in Step 3: Retrieve BOSH Director Credentials.DEPLOYMENT-NAME
is the deployment name you retrieved in Step 6: Identify Your Deployment.PATH-TO-BOSH-SERVER-CERTIFICATE
is the path to the CA for the BOSH Director.--debug
flag. For more information, see Logging.--with-manifest
flag. These manifests are included in the Ops Manager export, but are useful for reference.Backup artifacts might contain personal and other data covered by the European Union’s General Data Protection Regulation (GDPR).
For example, a TAS for VMs backup could contain user email addresses.
As such, handle backup artifacts in accordance with organizational policies and applicable laws as they pertain to security, confidentiality, and privacy.