This article discusses how to set up a custom jumpbox for use with BOSH Backup and Restore (BBR). You can use BBR to back up the Tanzu Operations Manager (TAS for VMs) and Tanzu Application Service (TAS for VMs).
For more information about using BBR to back up TAS for VMs and Operations Manager, see:
- What happens during TAS for VMs upgrades
- Backing up your Tanzu Operations Manager deployments with BBR
Step 1: Configure your jumpbox
Configure your custom jumpbox to meet the following requirements:
- Your jumpbox must have a sufficient amount of space for the backup. For example, a backup of Operations Manager and TAS for VMs requires at least 1.5 GB.
- Your jumpbox must exist on the same network as the VMs in your TAS for VMs deployment because BBR connects to the VMs at their private IP addresses. BBR does not support SSH gateways.
- Because BBR copies the backed-up data from the VMs to the jumpbox, you should have minimal network latency between them to reduce transfer times.
Consult the following table for more information about the network access permissions required by BBR.
| VM | Default Port | Description |
|---|---|---|
| BOSH Director | 25555 | BBR interacts with the BOSH Director API. |
| Deployed Instances | 22 | BBR uses SSH to orchestrate the backup on the instances. |
| BOSH Director UAA | 8443 | BBR interacts with the UAA API for authentication, if necessary. |
Step 2: Transfer BBR binary to your jumpbox
Perform the following steps to transfer the bbr binary to your jumpbox:
- Download the latest BOSH Backup and Restore release from the Broadcom Support portal.
- Extract the
bbrbinary file from the BBR release. -
On a command line, run the following command to add executable permissions to the bbr binary file:
chmod a+x bbr -
To securely copy the BBR binary to your jumpbox, run the following command, replacing the placeholders with the correct values:
rsync -Pv -e "ssh -i LOCAL-PATH-TO-JUMPBOX-PRIVATE-KEY" LOCAL-PATH-TO-BBR-BINARY JUMPBOX-USER@JUMPBOX-ADDRESS:
Step 3: Ensure BOSH Director Certificate availability
If the certificate chain on your local machine cannot verify the Certificate Authority (CA) certificate for the BOSH Director, perform the following steps:
Note You must have the path to the root CA certificate to run BBR commands.
-
Perform the procedures in Using the Ops Manager API to obtain a
UAA-ACCESS-TOKENusing the UAA CLI. -
If you do not have the open-source
jq utility, download it and place it in your$PATH. -
Use the Operations Manager API to download the CA certificate for the BOSH Director by running the following command, replacing the placeholders with the correct values:
curl -k "https://OPSMAN-IP/api/v0/security/root_ca_certificate" \ -H "Authorization: Bearer UAA-ACCESS-TOKEN" \ | jq --raw-output '.root_ca_certificate_pem' > PATH-TO-BOSH-SERVER-CERTIFICATE
Next Steps
After configuring your custom jumpbox, consult the documentation for using BBR to back up your components.
