Restoring a policy database from a backup
The policy database stores Policy Editor items such as the Trust Framework, policies, and commit history. If someone accidentally deletes or changes those items or the database gets corrupted, restore the database from a backup.
Learn more about configuring backups in Policy database backups.
If you are using a managed RDBMS, such as PostgreSQL, instead of the default H2 database, make sure you implement backup strategies in line with your organization’s best practices. |
-
Not Using Docker
-
Using Docker
Restoring a database when not using Docker
About this task
To restore a policy database when not in a Docker environment:
Steps
-
Ensure the Policy Editor server is no longer running by either using
bin/stop-server
or killing the process. -
Locate the backup
.zip
archive that you want to restore.The default location is
. However, the location might have been changed using theSERVER_ROOT
/policy-backupPING_H2_BACKUP_DIR
environment variable. -
Extract the
.zip
archive to the configured database location overwriting the previous policy database file, if present.The default location is the root of the Policy Editor server installation directory. If it’s not there, check the location specified by the
PING_H2_FILE
environment variable. -
Start the Policy Editor server.
$ bin/start-server
Restoring a database when using Docker
About this task
To restore a policy database in a Docker environment:
Steps
-
Locate the backup
.zip
archive that you want to restore.The location should be a directory specified using the
PING_H2_BACKUP_DIR
environment variable, as mentioned in Policy database backups. -
Extract the
.zip
archive to the database location that you’ll specify using thePING_H2_FILE
environment variable when you start the Docker container. -
Start the Policy Editor Docker container with a mounted volume that has the extracted backup file and use
PING_H2_FILE
to specify that backup file in the container file system.For example, the following command assumes the uncompressed database file is named
Symphonic.mv.db
in the host file system. ThePING_H2_FILE
environment variable specifies the file name without the.mv.db
extension.$ docker run --network=<network_name> --env-file ~/.pingidentity/config \ --env PING_H2_FILE=/opt/out/Symphonic \ --volume <HOST_BACKUP_DIR>:/opt/out pingidentity/{PAP_CONTAINER_NAME}:<TAG>
For proper communication between containers, create a Docker network using a command such as
docker network create --driver <network_type> <network_name>
, and then connect to that network with the--network=<network_name>
option.The Docker image <TAG> used in the example is only a placeholder. You can find actual tag values in the Docker Hub.