Autonomous Identity 2022.11.9

Backing up and restoring

Autonomous Identity stores its entitlement analytics results, association rules, predictions, and confidence scores in the Apache Cassandra, MongoDB, and Opensearch databases. Cassandra is an open-source, NoSQL database system where data is distributed across multiple nodes in a master-less cluster. MongoDB is a popular schema-free database that uses JSON-like documents. Opensearch is a distributed search engine based on Apache Lucene.

For single-node deployments, however, you need to back up Cassandra or MongoDB on a regular basis. If the machine goes down for any reason, you need to restore the database as required.

To simplify the backup process, ForgeRock provides backup and restore scripts in the target directory.

Backing up Cassandra

  1. On the ForgeRock Google Cloud Registry, download the cassandra-backup.sh script.

  2. Move the script to the Cassandra home directory on your deployment.

  3. Run the backup.

    $ ./cassandra-backup.sh \
    -d <Cassandra Database path> \
    -b <Backup folder path> \
    -u <Cassandra Username> \
    -p <Cassandra Password> \
    -s <SSL enable true/false> \
    -k <Keyspace (optional) default value: zoran>

Restore Cassandra

  1. On the ForgeRock Google Cloud Registry, download the cassandra-restore.sh script.

  2. Move the script to the Cassandra home directory on your deployment.

  3. Run the restore.

    $ ./cassandra-restore.sh \
    -d <Cassandra Database path> \
    -b <Snapshot Backup tar file> \
    -f <Schema file> \
    -u <Cassandra Username> \
    -p <Cassandra Password> \
    -c <Cassandra commitlog path> \
    -i <Cassandra install path> \
    -s <SSL enable true/false> \
    -k <Keyspace (optional) default value: zoran>

Backing up assignment index data in Opensearch

  1. From the deployer node, SSH to the target node.

  2. Change to the /opt/autoid/elastic directory. The directory was configured during the ./deployer.sh run.

    $ cd /opt/autoid/elastic

  3. Run the backup.

    $ ./assignment-index-backup.sh

Elastic Host: 10.128.0.52
Elastic Server Status : 200
Elastic server is up and running …​
assignment index exists status : 200
 registerSnapshotStatus 200
backup snapshot name with time stamp : assignment_snapshot_2020_10_07__19_31_53
 entitlement-assignment backup status : 200
* entitlement-assignment backup successful *

  4. Make note of the snapshot name. For example, assignment_snapshot_2020_10_07__19_31_53.

Restoring assignment index data in Opensearch

  1. From the deployer node, SSH to the target node.

  2. Change to the /opt/autoid/elastic directory.

    $ cd /opt/autoid/elastic

  3. Run the restore using the snapshot taken from the previous procedure. When prompted if you want to close the existing index, enter Y. When prompted for the snapshot name, enter the name of the snapshot.

    $ ./assignment-index-restore.sh

[Elastic Host: 10.128.0.55
 Elastic Server Status : 200
 Elastic server is up and running …​
 assignment index exists status : 200
 index with alias name -→ entitlement-assignment exists and is in open state…​
 Do you want to close the existing index -→ entitlement-assignment. (Required for restoring from snapshot ) (Y/N) ?
  y
 Restore snapshot ? true
  registerSnapshotStatus 200
 registering assignment_index_backup successful…​
 proceeding with index restore…​
 Enter the snapshot name to restore [snapshot_01]: assignment_snapshot_2020_10_0719_31_53
 snapshot to restore -→ assignment_snapshot_2020_10_0719_31_53
 entitlement-assignment index restore status -→ 200
 * entitlement-assignment restore successful *

Accessing Opensearch index data using Opensearch dashboards

During the Autonomous Identity deployment, Opensearch is installed to facilitate the efficient searching of entitlement data within the system. A typical deployment may have millions of different entitlements and assignments that require fast search processing. Opensearch provides that performance.

Opensearch comes bundled with its visualization console, Opensearch Dashboards, that lets you monitor and manage your Opensearch data. Once you run the analytics create-assignment-index command that populates the Opensearch index, you can configure an SSL tunnel to access Opensearch Dashboards. This is particularly useful when you want to retrieve a list of your backup snapshots.

  1. Open a local terminal, and set up an SSL tunnel to your target node. The syntax is as follows:

    $ ssh -L < local-port >:<private-ip-remote>:<remote-port> -i <private-key> <user@public-ip-remote>

    For example:

    $ ssh -L 5601:10.128.0.71:5601 -i ~/.ssh/id_rsa autoid@34.70.190.144

Last login: Fri Oct  9 20:10:59 2020

  2. Open a browser and point it to localhost:5601 Login in as elasticadmin. Enter your password that you set in the ~/autoid-config/vault.yml file on the deployer node during install.

  3. On the Opensearch page, click Explore on my own.

  4. On the Opensearch Home page, click the menu in the top left corner, and click Dev Tools.

  1. On the Dev Tools page, get a total count of indices.

    $ GET /entitlement-assignment/_count

  2. On the Dev Tools page, search the indices.

    $ GET /entitlement-assignment/_search

  3. On the Dev Tools page, get the list of snapshot backups.

    $ GET /_cat/snapshots/assignment_index_backup