PingAuthorize

Restoring a policy database from a backup

The policy database stores Policy Editor items such as the Trust Framework, policies, and commit history. If someone accidentally deletes or changes those items or the database gets corrupted, restore the database from a backup.

For information about how to configure backups, see Policy database backups.

If you are using a managed RDBMS, such as PostgreSQL, instead of the default H2 database, make sure you implement backup strategies in line with your organization’s best practices.

Not Using Docker

Restoring a database when not using Docker

About this task

To restore a policy database when not in a Docker environment:

Steps

  1. Ensure the Policy Editor server is no longer running by either using bin/stop-server or killing the process.

  2. Locate the backup .zip file that you want to restore.

    The default location is [.parmname]SERVER_ROOT/policy-backup. However, the location might have been changed using the PING_H2_BACKUP_DIR environment variable.

  3. Extract the .zip file to the configured database location overwriting the previous policy database file, if present.

    The default location is the root of the Policy Editor server installation directory. If it’s not there, check the location specified by the PING_H2_FILE environment variable.

  4. Start the Policy Editor server.

    $ bin/start-server
Using Docker

Restoring a database when using Docker

About this task

To restore a policy database in a Docker environment:

Steps

  1. Locate the backup .zip file that you want to restore.

    The location should be a directory specified using the PING_H2_BACKUP_DIR environment variable, as mentioned in Policy database backups.

  2. Extract the .zip file to the database location that you will specify using the PING_H2_FILE environment variable when you start the Docker container.

  3. Start the Policy Editor Docker container with a mounted volume that has the extracted backup file and use PING_H2_FILE to specify that backup file in the container file system.

For example, the following command assumes the uncompressed database file is named Symphonic.mv.db in the host file system. The PING_H2_FILE environment variable specifies the file name without the .mv.db extension.

$ docker run --network=<network_name>  --env-file ~/.pingidentity/config \
  --env PING_H2_FILE=/opt/out/Symphonic \
  --volume  <HOST_BACKUP_DIR>:/opt/out pingidentity/{PAP_CONTAINER_NAME}:<TAG>

For proper communication between containers, create a Docker network using a command such as docker network create --driver <network_type> <network_name>, and then connect to that network with the --network=<network_name> option.

The Docker image <TAG> used in the example is only a placeholder.For actual tag values, see Docker Hub.