Configuration Backups¶
Backup Utility¶
TNSR includes a utility, named tnsr-backup
, which can create and restore
backup archives containing configuration databases along with other important
files such as PKI entries.
Creating a Backup Archive¶
To create a backup file, run the tnsr-backup
utility in a shell without any
additional parameters.
This command can be executed from a shell prompt directly:
$ sudo tnsr-backup
/tmp/tnsr-backup-2023-02-13-155628.tar.gz
Alternately, this task can be performed using the shell
command from the
TNSR CLI:
tnsr# host shell sudo tnsr-backup
/tmp/tnsr-backup-2023-02-13-155648.tar.gz
This archive contains the current configuration databases from the router, the dataplane startup configuration, and PKI entries.
Warning
If there are other customized files on the router, such as custom scripts or files in user home directories, those must be backed up separately.
Copy the backup archive off the router to a safe and secure location using a
mechanism such as scp
.
Restoring a Backup Archive¶
Restoring a backup from the archive file requires a few more steps.
Note
Due to the way this process manipulates the files in question, restoring a backup should be done from a shell outside of TNSR while TNSR is stopped.
Warning
This process involves stopping TNSR which halts processing network traffic through the dataplane. As such, this procedure should be performed locally at the console or from a system reachable through the host management network.
First, stop TNSR:
$ sudo tnsrctl stop
Next, issue the command to restore the backup file:
$ sudo tnsr-backup --import /tmp/tnsr-backup-2022-10-07-144921.tar.gz
Finally, start TNSR with the restored data:
$ sudo tnsrctl start --boot
If the configuration being restored contained named interfaces, TNSR may need to restart again to successfully configure the interfaces.
$ sudo tnsrctl restart
Manual Backups from the TNSR CLI¶
The candidate and running databases can be saved to or loaded from files in the host OS using the TNSR CLI. This can be used to make backups, copy configurations to other routers, or similar purposes.
Warning
This procedure only backs up the configuration database. It does not back up
other important files such as PKI entries from /etc/pki/tls/tnsr/
. Copy
those files, and any other modified files such as custom scripts and shell
configuration files, outside of TNSR as described in
Manual Backups from the Shell.
The filenames can take an absolute path and filename, or the path may be omitted to save the file in the directory from which the TNSR CLI was invoked by the administrator. When saving, this file must be writable by the TNSR backend daemon. When loading, this file must be readable by the TNSR backend daemon.
Tip
The best practice is to store backup configuration files in a secure location to prevent unauthorized access to sensitive information.
Saving the running configuration as a backup:
tnsr# config
tnsr(config)# configuration save running backup.xml
Loading a configuration file from a backup:
tnsr# config
tnsr(config)# configuration candidate load backup.xml
tnsr(config)# configuration candidate commit
See also
Manual Backups from the Shell¶
The previous procedure creates and restores the configuration from within the TNSR CLI. In certain cases that method may not be viable, such as when the configuration from an older version of TNSR must be updated (Updating the Configuration Database).
In these cases, the TNSR configuration database files in /var/tnsr
may be
accessed directly.
Warning
Unlike operations performed within TNSR, these actions must be performed with
elevated privileges, either by the root
account or using sudo
.
Warning
This procedure only backs up the configuration database. It does not back up
other important files such as PKI entries from /etc/pki/tls/tnsr/
. Copy
those files, and any other modified files such as custom scripts and shell
configuration files, using the same method described here.
To make a configuration backup of the running database:
$ sudo cp -p /var/tnsr/running_db ~/backup.xml
Warning
The configuration database files may be read while TNSR is running, but TNSR must be stopped when making changes.
To restore a backup to the running and startup databases:
Warning
This process involves stopping TNSR which halts processing network traffic through the dataplane. As such, this procedure should be performed locally at the console or from a system reachable through the host management network.
$ sudo tnsrctl stop
$ sudo cp -p ~/backup.xml /var/tnsr/running_db
$ sudo cp -p /var/tnsr/running_db /var/tnsr/startup_db
$ sudo tnsrctl start