Skip to content

NBE-221: document backup and restore of Diode and Hydra secrets #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 51 additions & 2 deletions docs/netbox-enterprise/nbe-backups.md
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,33 @@ Save it somewhere safe for future restores.

For more details on backing up NetBox databases, see [the official NetBox documentation](https://netboxlabs.com/docs/netbox/en/stable/administration/replicating-netbox/).

#### Diode and Hydra Secrets (NetBox 1.10 and Up)

To ensure that Diode OAuth login information is not lost, you will also need to save the Diode and Hydra secrets from the cluster.

Run this set of commands:

```shell
NETBOX_NAMESPACE="kotsadm" && \
(
kubectl get secrets \
--namespace "${NETBOX_NAMESPACE}" \
--no-headers \
--output name \
| grep secret/diode \
| while read -r SECRET; do \
echo "---" && \
kubectl get \
"${SECRET}" \
--namespace "${NETBOX_NAMESPACE}" \
-o yaml \
| grep -v -E '^ (creationTimestamp|resourceVersion|uid):'; \
done \
) > netbox-enterprise-diode-secrets.yaml
```

Save it alongside your `netbox-enterprise.pgsql` for future restores.

### Restoring Your Backups

Restoring is almost as simple as backing up.
Expand Down Expand Up @@ -178,6 +205,20 @@ cat netbox-data.tar.gz | kubectl exec ${NETBOX_RESTORE_POD} \
-C /opt/netbox/netbox
```

#### Diode and Hydra Secrets (NetBox 1.10 and Up)

To restore from a secrets yaml file, pass it to `kubectl apply` like so:

```shell
# add/replace existing diode secrets
NETBOX_NAMESPACE="kotsadm" && \
kubectl apply \
--server-side \
--force-conflicts \
--namespace "${NETBOX_NAMESPACE}" \
--filename netbox-enterprise-diode-secrets.yaml
```

#### Built-In PostgreSQL

To restore from a dump file, pipe the `netbox-enterprise.pgsql` created during backup into `psql` in the PostgreSQL pod:
Expand Down Expand Up @@ -223,6 +264,14 @@ while read -r DB; do
-n "${NETBOX_NAMESPACE}" \
-i \
-c database \
-- psql -c "ALTER DATABASE ${DB} OWNER TO ${DB}; GRANT ALL PRIVILEGES ON DATABASE ${DB} TO ${DB};";
-- \
psql --dbname "${DB}" -c "\
ALTER DATABASE ${DB} OWNER TO ${DB}; \
GRANT ALL PRIVILEGES ON DATABASE ${DB} TO ${DB}; \
GRANT CREATE ON SCHEMA public TO ${DB}; \
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO ${DB}; \
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ${DB}; \
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ${DB}; \
"; \
done
```
```