libremfg · mvandergrift · Nov 6, 2024 · Nov 4, 2024 · Nov 4, 2024 · Nov 4, 2024
diff --git a/content/deploy/backup/binary.md b/content/deploy/backup/binary.md
@@ -0,0 +1,83 @@
+---
+title: 'Back up the Graph DB to S3'
+date: '2024-11-04T11:01:46-03:00'
+categories: ["how-to"]
+description: How to back up the Rhize graph database to Amazon S3 storage.
+weight: 100
+menu:
+  main:
+    parent: backup
+    identifier:
+---
+
+This guide shows you how to back up the Rhize Graph database to Amazon S3 and S3-compatible storage.
+
+## Prerequisites
+
+Before you start, ensure you have the following:
+
+
+- A designated S3 backup location, for example `s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>`.
+- Access to your [Rhize Kubernetes Environment]({{< relref "install" >}})
+{{% param pre_reqs %}}.
+
+
+Before you start, confirm you are in the right context and namespace:
+
+{{% param "k8s_cluster_ns" %}}
+
+## Steps
+
+To back up the database, follow these steps:
+
+1. Check the logs for the alpha and zero pods, either in Lens or with [`kubectl logs`](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#logs).
+    Ensure there are no errors.
+
+    ```bash
+    kubectl logs {{< param application_name >}}-baas-baas-alpha-0 --tail=80
+    ```
+1. Set the following environmental variables:
+   - `AWS_ACCESS_KEY_ID`. Your AWS access key with permissions to write to the destination bucket 
+   - `AWS_SECRET_ACCESS_KEY`. Your AWS access key with permissions to write to the destination bucket
+   - `AWS_SESSION_TOKEN`. Your AWS session token (if required)
+
+1. Make a POST request to your Keycloak `/token` endpoint to get an `access_token` value.
+For example, with `curl` and `jq`:
+
+    ```bash
+    ## replace USERNAME and PASSWORD with your credentials
+    USERNAME=backups@libremfg.com \
+    && PASSWORD=password \
+    && curl --location \
+      --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \
+      --header 'Content-Type\ application/x-www-form-urlencoded' \
+      --data-urlencode 'grant_type=password' \
+      --data-urlencode "username=<USERNAME>" \
+      --data-urlencode "password=<PASSWORD>"  \
+      --data-urlencode "client_id=<BASS_CLIENT_ID>" \
+      --data-urlencode "client_secret=<BASS_CLIENT_SECRET>" | jq .access_token
+    ```
+
+1. Using the token from the previous step, send a POST to `<alpha service>:8080/admin` to create a backup of the node to your S3 bucket.
+For example, with `curl`:
+
+    ```bash
+   curl --location 'http://alpha:8080/admin' \
+   --header 'Content-Type: application/json' \
+   --header 'Authorization: Bearer <TOKEN>' \
+   --data '{"query":"mutation {\n  backup(input: {destination: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n    response {\n      message\n      code\n    }\n    taskId\n  }\n}","variables":{}}'
+   ```
+
+1. List available backups to confirm your backup succeeded:
+
+    ```bash
+    curl --location 'http://alpha:8080/admin' \
+   --header 'Content-Type: application/json' \
+   --header 'Authorization: Bearer <TOKEN>' \
+   --data '{"query":"query backup {\n\tlistBackups(input: {location: \"s3://s3.<AWS-REGION>>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n\t\tbackupId\n\t\tbackupNum\n\t\tpath\n\t\tsince\n\t\ttype\n\t}\n}","variables":{}}'
+    ```
+
+## Next Steps
+
+- Test the [Restore Graph Database From S3]({{< relref "../restore/binary" >}}) procedure to ensure you can recover data from Amazon S3 in case of an emergency.
+- To back up other Rhize services, read how to backup [Grafana]({{< relref "grafana" >}}).
diff --git a/content/deploy/restore/binary.md b/content/deploy/restore/binary.md
@@ -0,0 +1,78 @@
+---
+title: 'Restore the GraphDB from S3'
+date: '2023-10-19T13:52:23-03:00'
+ategories: ["how-to"]
+description: How to restore a backup of the Rhize Graph DB from Amazon S3.
+weight: 200
+menu:
+  main:
+    parent: restore
+    identifier:
+---
+
+This guide shows you how to restore the Graph database from Amazon S3 to your Rhize environment.
+
+## Prerequisites
+
+Before you start, ensure you have the following:
+
+- The GraphDB Helm chart
+- [`kubectl`](https://kubernetes.io/docs/tasks/tools/)
+- A [Database backup]({{< relref "../backup/binary" >}})
+
+## Steps
+
+<!-- if procedure is very long, consider using h3s -->
+
+1. Set the follow environmental variables:
+   - `AWS_ACCESS_KEY_ID` your AWS access key with permissions to write to the destination bucket
+   - `AWS_SECRET_ACCESS_KEY` your AWS access key with permissions to write to the destination bucket
+   - `AWS_SESSION_TOKEN` your AWS session token (if required)
+
+1. Confirm the cluster and namespace are correct.
+
+    {{% param k8s_cluster_ns %}}
+
+1. Upgrade or install the Helm chart.
+
+    ```bash
+    helm upgrade --install -f baas.yaml {{< param application_name >}}-baas {{< param application_name >}}/baas -n {{< param application_name >}}
+    ```
+
+1. Wait for `{{< param application_name >}}-baas-alpha-0` to start serving the GraphQL API.
+
+1.  Make a POST request to your Keycloak `/token` endpoint to get an `access_token` value.
+    For example, with `curl` and `jq`:
+
+    ```bash
+    ## replace USERNAME and PASSWORD with your credentials
+    USERNAME=backups@libremfg.com \
+    && PASSWORD=password \
+    && curl --location \
+      --request POST "${BAAS_OIDC_URL}/realms/libre/protocol/openid-connect/token" \
+      --header 'Content-Type\ application/x-www-form-urlencoded' \
+      --data-urlencode 'grant_type=password' \
+      --data-urlencode "username=<USERNAME>" \
+      --data-urlencode "password=<PASSWORD>"  \
+      --data-urlencode "client_id=<BASS_CLIENT_ID>" \
+      --data-urlencode "client_secret=<BASS_CLIENT_SECRET>" | jq .access_token
+    ```
+
+1. Using the token from the previous step, send a POST to to `<alpha pod>:8080/admin` to retrieve a list of available backups from the s3 bucket.
+
+    ```bash
+     curl --location 'http://alpha-0:8080/admin' \
+    --header 'Content-Type: application/json' \
+    --header 'Authorization: Bearer <TOKEN>' \
+    --data '{"query":"query {\n\tlistBackups(input: {location: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\"}) {\n\t\tbackupId\n\t\tbackupNum\n\t\tencrypted\n\t\tpath\n\t\tsince\n\t\ttype\n        readTs\n\t}\n}","variables":{}}'
+    ```
+
+1. Using the backup id and token from the previous step, send a POST to `<alpha pod>:8080/admin` to start the restore from the s3 bucket to the alpha node.
+   For example, with `curl`:
+
+    ```bash
+   curl --location 'http://alpha-0:8080/admin' \
+   --header 'Content-Type: application/json' \
+   --header 'Authorization: Bearer <TOKEN>' \
+   --data '{"query":"mutation{\n  restore(input:{\n    location: \"s3://s3.<AWS-REGION>.amazonaws.com/<AWS-BUCKET-NAME>\",\n    backupId: \"<BACKUP_ID>\"\n  }){\n    message\n    code\n  }\n}","variables":{}}'
+   ```