This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/docs/maintenance/backups/index.md
2020-10-05 22:30:13 +02:00

3 KiB

Backup and restore

!!! warning

Local backups are only supported for docker-compose installs. If you want to backup a Kubernetes instance locally, use an S3-compatible server such as [minio](https://min.io/)

Backup

Local backups can be created by running the following command in your passbook installation directory

docker-compose run --rm worker backup

This will dump the current database into the ./backups folder. By defaults, the last 10 Backups are kept.

To schedule these backups, use the following snippet in a crontab

0 0 * * * bash -c "cd <passbook install location> && docker-compose run --rm worker backup" >/dev/null

!!! notice

passbook does support automatic backups on a schedule, however this is currently not recommended, as there is no way to monitor these scheduled tasks.

Restore

Run this command in your passbook installation directory

docker-compose run --rm worker restore

This will prompt you to restore from your last backup. If you want to restore from a specific file, use the -i flag with the filename:

docker-compose run --rm worker restore -i default-2020-10-03-115557.psql

After you've restored the backup, it is recommended to restart all services with docker-compose restart.

S3 Configuration

!!! notice

To trigger backups with S3 enabled, use the same commands as above.

S3 Preparation

passbook expects the bucket you select to already exist. The IAM User given to passbook should have the following permissions

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Principal": {
                "AWS": "arn:aws:iam::example-AWS-account-ID:user/example-user-name"
            },
            "Resource": [
                "arn:aws:s3:::example-bucket-name/*",
                "arn:aws:s3:::example-bucket-name"
            ]
        }
    ]
}

docker-compose

Set the following values in your .env file.

PASSBOOK_POSTGRESQL__S3_BACKUP__ACCESS_KEY=
PASSBOOK_POSTGRESQL__S3_BACKUP__SECRET_KEY=
PASSBOOK_POSTGRESQL__S3_BACKUP__BUCKET=
PASSBOOK_POSTGRESQL__S3_BACKUP__REGION=

If you want to backup to an S3-compatible server, like minio, use this setting:

PASSBOOK_POSTGRESQL__S3_BACKUP__HOST=http://play.min.io

Kubernetes

Simply enable these options in your values.yaml file

# Enable Database Backups to S3
backup:
  access_key: access-key
  secret_key: secret-key
  bucket: s3-bucket
  region: eu-central-1
  host: s3-host

Afterwards, run a helm upgrade to update the ConfigMap. Because passbook-scheduled backups are not recommended currently, a Kubernetes CronJob is created that runs the backup daily.