PingAuthorize

Restoring a policy database from a backup

The policy database stores Policy Editor items such as the Trust Framework, policies, and commit history. If someone accidentally deletes or changes those items or the database gets corrupted, restore the database from a backup.

Learn more about configuring backups in Policy database backups.

If you are using a managed RDBMS, such as PostgreSQL, instead of the default H2 database, make sure you implement backup strategies in line with your organization’s best practices.

  • Not Using Docker

  • Using Docker

Restoring a database when not using Docker

About this task

To restore a policy database when not in a Docker environment:

Steps

  1. Ensure the Policy Editor server is no longer running by either using bin/stop-server or killing the process.

  2. Locate the backup .zip archive that you want to restore.

    The default location is SERVER_ROOT/policy-backup. However, the location might have been changed using the PING_H2_BACKUP_DIR environment variable.

  3. Extract the .zip archive to the configured database location overwriting the previous policy database file, if present.

    The default location is the root of the Policy Editor server installation directory. If it’s not there, check the location specified by the PING_H2_FILE environment variable.

  4. Start the Policy Editor server.

    $ bin/start-server

Restoring a database when using Docker

About this task

To restore a policy database in a Docker environment:

Steps

  1. Locate the backup .zip archive that you want to restore.

    The location should be a directory specified using the PING_H2_BACKUP_DIR environment variable, as mentioned in Policy database backups.

  2. Extract the .zip archive to the database location that you’ll specify using the PING_H2_FILE environment variable when you start the Docker container.

  3. Start the Policy Editor Docker container with a mounted volume that has the extracted backup file and use PING_H2_FILE to specify that backup file in the container file system.

    For example, the following command assumes the uncompressed database file is named Symphonic.mv.db in the host file system. The PING_H2_FILE environment variable specifies the file name without the .mv.db extension.

    $ docker run --network=<network_name>  --env-file ~/.pingidentity/config \
      --env PING_H2_FILE=/opt/out/Symphonic \
      --volume  <HOST_BACKUP_DIR>:/opt/out pingidentity/{PAP_CONTAINER_NAME}:<TAG>

    For proper communication between containers, create a Docker network using a command such as docker network create --driver <network_type> <network_name>, and then connect to that network with the --network=<network_name> option.

    The Docker image <TAG> used in the example is only a placeholder. You can find actual tag values in the Docker Hub.