Step 1: Configure your jumpbox
Configure your custom jumpbox to meet the following requirements:
- Your jumpbox must have a sufficient amount of space for the backup. For example, a backup of Ops Manager and PAS requires at least 1.5 GB.
- Your jumpbox must exist on the same network as the VMs in your PCF deployment because BBR connects to the VMs at their private IP addresses. BBR does not support SSH gateways.
- Because BBR copies the backed-up data from the VMs to the jumpbox, you should have minimal network latency between them to reduce transfer times.
Consult the following table for more information about the network access permissions required by BBR.
VM | Default Port | Description |
---|
BOSH Director | 25555 | BBR interacts with the BOSH Director API. |
Deployed Instances | 22 | BBR uses SSH to orchestrate the backup on the instances. |
BOSH Director UAA | 8443 | BBR interacts with the UAA API for authentication, if necessary. |
Step 2: Transfer BBR binary to your jumpbox
Perform the following steps to transfer the
bbr binary to your jumpbox:
1. Download the latest
BOSH Backup and Restore release from Pivotal Network.
2. Extract the
bbr binary file from the BBR release.
3. On a command line, run the following command to add executable permissions to the
bbr binary file:
chmod a+x bbr
4. To securely copy the BBR binary to your jumpbox, run the following command, replacing the placeholders with the correct values:
rsync -Pv -e "ssh -i LOCAL-PATH-TO-JUMPBOX-PRIVATE-KEY" LOCAL-PATH-TO-BBR-BINARY JUMPBOX-USER@JUMPBOX-ADDRESS:
Step 3: Ensure BOSH Director Certificate availability
If the certificate chain on your local machine cannot verify the Certificate Authority (CA) certificate for the BOSH Director.
Note: You must have the path to the root CA certificate to run BBR commands.
Perform the following steps:
1.Perform the procedures in the
Using the Ops Manager API topic to obtain a
UAA-ACCESS-TOKEN using the UAA CLI.
2. If you do not have the open-source
jq utility,
download it and place it in your $PATH.
3. Use the Ops Manager API to download the CA certificate for the BOSH Director by running the following command, replacing the placeholders with the correct values:
curl -k "https://OPSMAN-IP/api/v0/security/root_ca_certificate" \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
| jq --raw-output '.root_ca_certificate_pem' > PATH-TO-BOSH-SERVER-CERTIFICATE
Next Steps
After configuring your custom jumpbox, consult the documentation for using BBR to back up your components.
For more information about using BBR to back up the BOSH Director and PAS, see
Backing Up and Restoring Pivotal Cloud Foundry. For more information about using BBR to back up PKS, see
Backing Up and Restoring PKS .