Backing up the Overcloud control plane services

This backup guide is meant to backup services based on a HA + containers deployment.


There is a need to backup the control plane services in the Overcloud, to do so, we need to apply the same approach from the Undercloud, which is, running a backup of the databases and create a filesystem backup.

Databases backup

MySQL backup

If using HA the operator can run the database backup in any controller node using the --single-transaction option when executing the mysqldump.

If the deployment is using containers the hieradata file containing the mysql root password is located in the folder /var/lib/config-data/mysql/etc/puppet/hieradata/.

The file containing the mysql root password is service_configs.json and the key is mysql::server::root_password.

Create a temporary folder to store the backups:

sudo -i
mkdir -p /var/tmp/mysql_backup/

Store the MySQL root password to be added to further queries:

MYSQLDBPASS=$(cat /var/lib/config-data/mysql/etc/puppet/hieradata/service_configs.json | grep mysql | grep root_password | awk -F": " '{print $2}' | awk -F"\"" '{print $2}')

Execute from any controller:

mysql -uroot -p$MYSQLDBPASS -e "select distinct table_schema from information_schema.tables where engine='innodb' and table_schema != 'mysql';" \
      -s -N | xargs mysqldump -uroot -p$MYSQLDBPASS --single-transaction --databases > /var/tmp/mysql_backup/openstack_databases-`date +%F`-`date +%T`.sql

This will dump a database backup called /var/tmp/mysql_backup/openstack_databases-<date>.sql

Then backup all the users and permissions information:

mysql -uroot -p$MYSQLDBPASS -e "SELECT CONCAT('\"SHOW GRANTS FOR ''',user,'''@''',host,''';\"') FROM mysql.user where (length(user) > 0 and user NOT LIKE 'root')" \
      -s -N | xargs -n1 mysql -uroot -p$MYSQLDBPASS -s -N -e | sed 's/$/;/' > /var/tmp/mysql_backup/openstack_databases_grants-`date +%F`-`date +%T`.sql

This will dump a database backup called /var/tmp/mysql_backup/openstack_databases_grants-<date>.sql

MongoDB backup (only needed until Ocata)

Since OpenStack Pike, there is no support for MongoDB, so be sure you backup the data from your telemetry backend.

If telemetry services are used, then its needed to backup the data stored in the MongoDB instance. Connect to any controller and get the IP of the MongoDB primary instance:

MONGOIP=$(cat /etc/mongod.conf | grep bind_ip | awk '{print $3}')

Now, create the backup:

mkdir -p /var/tmp/mongo_backup/
mongodump --oplog --host $MONGOIP --out /var/tmp/mongo_backup/

Be sure the files were created successfully.

Redis backup

If telemetry services are used, then it’s needed to backup the data stored in the Redis instance.

Let’s get the Redis endpoint to get the backup, open /var/lib/config-data/haproxy/etc/haproxy/haproxy.cfg and get the bind IP in the listen redis section, should have a string of this form bind <bind_IP:bind_port> transparent:

grep -A1 'listen redis' /var/lib/config-data/haproxy/etc/haproxy/haproxy.cfg
REDISIP=$(grep -A1 'listen redis' /var/lib/config-data/haproxy/etc/haproxy/haproxy.cfg | grep bind | awk '{print $2}' | awk -F":" '{print $1}')

Let’s store the master auth password to connect to the Redis cluster, the config file should be /var/lib/config-data/redis/etc/redis.conf and the password under the masterauth parameter. Let’s store it in a variable:

REDISPASS=$(cat /var/lib/config-data/redis/etc/redis.conf | grep masterauth | grep -v \# | awk '{print $2}')

Let’s check connectivity to the Redis cluster:

redis-cli -a $REDISPASS -h $REDISIP ping

Now, create a database dump by executing:

redis-cli -a $REDISPASS -h $REDISIP bgsave

Now the database backup should be stored in the default directory /var/lib/redis/ directory.

Filesystem backup

We need to backup all files that can be used to recover from a possible failure in the Overcloud controllers when executing a minor update or a major upgrade.

The option --ignore-failed-read is added to the tar command because the list of files to backup might be different on each environment and we make the list of paths to backup is as much general as possible.

The following folders should be backed up:

mkdir -p /var/tmp/filesystem_backup/
tar --xattrs --ignore-failed-read \
    -zcvf /var/tmp/filesystem_backup/fs_backup-`date '+%Y-%m-%d-%H-%M-%S'`.tar.gz \
    /etc/nova \
    /var/log/nova \
    /var/lib/nova \
    --exclude /var/lib/nova/instances \
    /etc/glance \
    /var/log/glance \
    /var/lib/glance \
    /etc/keystone \
    /var/log/keystone \
    /var/lib/keystone \
    /etc/httpd \
    /etc/cinder \
    /var/log/cinder \
    /var/lib/cinder \
    /etc/heat \
    /var/log/heat \
    /var/lib/heat \
    /var/lib/heat-config \
    /var/lib/heat-cfntools \
    /etc/rabbitmq \
    /var/log/rabbitmq \
    /var/lib/rabbitmq \
    /etc/neutron \
    /var/log/neutron \
    /var/lib/neutron \
    /etc/corosync \
    /etc/haproxy \
    /etc/logrotate.d/haproxy \
    /var/lib/haproxy \
    /etc/openvswitch \
    /var/log/openvswitch \
    /var/lib/openvswitch \
    /etc/ceilometer \
    /var/lib/redis \
    /etc/sysconfig/memcached \
    /etc/gnocchi \
    /var/log/gnocchi \
    /etc/aodh \
    /var/log/aodh \
    /etc/panko \
    /var/log/panko \
    /etc/ceilometer \