Configuring a custom jumpbox for BBR
search cancel

Configuring a custom jumpbox for BBR

book

Article ID: 298562

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

This article discusses how to set up a custom jumpbox for use with BOSH Backup and Restore (BBR). 

You can use BBR to back up the BOSH Director, Pivotal Application Service (PAS), and Pivotal Container Service (PKS).

For more information about using BBR to back up the BOSH Director and PAS, see Backing Up and Restoring Pivotal Cloud Foundry. For more information about using BBR to back up PKS, see Backing Up and Restoring PKS.


Environment


Resolution

Step 1: Configure your jumpbox

Configure your custom jumpbox to meet the following requirements: 

  • Your jumpbox must have a sufficient amount of space for the backup. For example, a backup of Ops Manager and PAS requires at least 1.5 GB.
  • Your jumpbox must exist on the same network as the VMs in your PCF deployment because BBR connects to the VMs at their private IP addresses. BBR does not support SSH gateways.
  • Because BBR copies the backed-up data from the VMs to the jumpbox, you should have minimal network latency between them to reduce transfer times.
Consult the following table for more information about the network access permissions required by BBR.
 
VMDefault PortDescription
BOSH Director25555BBR interacts with the BOSH Director API.
Deployed Instances22BBR uses SSH to orchestrate the backup on the instances.
BOSH Director UAA8443BBR interacts with the UAA API for authentication, if necessary.

Step 2: Transfer BBR binary to your jumpbox

Perform the following steps to transfer the bbr binary to your jumpbox:

1. Download the latest BOSH Backup and Restore release from Pivotal Network.
2. Extract the bbr binary file from the BBR release.
3. On a command line, run the following command to add executable permissions to the bbr binary file:​​​​​
​​​​​​chmod a+x bbr
4. To securely copy the BBR binary to your jumpbox, run the following command, replacing the placeholders with the correct values: 
rsync -Pv -e "ssh -i LOCAL-PATH-TO-JUMPBOX-PRIVATE-KEY" LOCAL-PATH-TO-BBR-BINARY JUMPBOX-USER@JUMPBOX-ADDRESS:  

Step 3: Ensure BOSH Director Certificate availability

If the certificate chain on your local machine cannot verify the Certificate Authority (CA) certificate for the BOSH Director.

Note: You must have the path to the root CA certificate to run BBR commands.

Perform the following steps:

1.Perform the procedures in the Using the Ops Manager API topic to obtain a UAA-ACCESS-TOKEN using the UAA CLI.
2. ​​​​​If you do not have the open-source jq utility, download it and place it in your $PATH.
3. Use the Ops Manager API to download the CA certificate for the BOSH Director by running the following command, replacing the placeholders with the correct values: 
curl -k "https://OPSMAN-IP/api/v0/security/root_ca_certificate" \ 
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
| jq --raw-output '.root_ca_certificate_pem' > PATH-TO-BOSH-SERVER-CERTIFICATE 

Next Steps

After configuring your custom jumpbox, consult the documentation for using BBR to back up your components.

For more information about using BBR to back up the BOSH Director and PAS, see Backing Up and Restoring Pivotal Cloud Foundry. 

For more information about using BBR to back up PKS, see Backing Up and Restoring PKS .