Back up and recovery
F5 NGINX Management Suite includes several scripts for backing up and restoring the configuration files, secrets, and databases used by the platform.
Important The backup and recovery scripts are provided for reference and may need to be changed for your deployment.
To complete the instructions in this guide, you need the following:
- 
An installed version of Instance Manager 
- 
An installed version of API Connectivity Manager 
- 
Instance Manager versions older than 2.15.0 will require an installed version of SQLite. Refer to the Install SQLite guide for installation instructions. 
- 
The NGINX Management Suite services must be running: sudo systemctl start nms
To run the backup and restore scripts, you need to set their permissions to make them executable.
- 
Open a secure shell (SSH) connection to the NGINX Management Suite host and log in. 
- 
Change to the directory where the scripts are located: cd /etc/nms/scripts
- 
Run the following commands to make the scripts executable: sudo chmod +x backup.sh sudo chmod +x restore.sh sudo chmod +x backup-acm.sh sudo chmod +x restore-acm.sh sudo chmod +x support-package.sh
By default, the data for API Connectivity Manager isn’t included in the backup.
To back up module data, follow these steps:
- 
Open a secure shell (SSH) connection to the NGINX Management Suite host and log in. 
- 
Change to the directory where the scripts are located: cd /etc/nms/scripts
- 
Edit the backup.shandrestore.shscripts and uncomment the commands in the relevant sections:In backup.sh, uncomment the following lines: ## Back up API Connectivity Manager # Uncomment the following line to back up API Connectivity Manager. ACM_ACTIVE=$(systemctl is-active --quiet nms-acm) IS_ACM_ACTIVE=$? if [ $IS_ACM_ACTIVE -ne 0 ]; then echo "You need to start the required NGINX Management Suite services before running the backup script." echo "Please ensure the following nms service is running:" echo "nms-acm" exit 1 fi## Back up API Connectivity Manager # Uncomment the following line to back up API Connectivity Manager. ./backup-acm.shIn restore.sh, uncomment the following lines: ## Back up API Connectivity Manager # Uncomment the following line to back up API Connectivity Manager. ACM_ACTIVE=$(systemctl is-active --quiet nms-acm) IS_ACM_ACTIVE=$? if [ $IS_ACM_ACTIVE -eq 0 ]; then echo "You need to stop the required NGINX Management Suite services before running the restore script." echo "Please ensure the following nms service is stopped:" echo "nms-acm" exit 1 fi## Restore the API Connectivity Manager database. # Uncomment the following line to restore API Connectivity Manager. ./restore-acm.sh
To back up the NGINX Management Suite configuration files, secrets, and databases:
- 
Open a secure shell (SSH) connection to the NGINX Management Suite host and log in. 
- 
To back up NGINX Management Suite, run the following commands: cd /etc/nms/scripts sudo ./backup.shThe backup is saved to a tarball file similar to the following example: /tmp/nms-backup-<DATETIME>.tgz
To restore NGINX Management Suite:
- 
Open a secure shell (SSH) connection to the NGINX Management Suite host and log in. 
- 
To restore NGINX Management Suite, run the following commands: cd /etc/nms/scripts sudo ./restore.sh /tmp/nms-backup-<DATETIME>.tgz
To complete the instructions in this guide, you need the following:
- An installed version of NGINX Management Suite and Instance Manager
- An installed version of API Connectivity Manager
- Instance Manager versions older than 2.15.0 will require an installed version of SQLite. Refer to the Install SQLite guide for installation instructions.
- 
Root Access To back up and restore the NGINX Management Suite on Kubernetes, run the scripts as a superuser with sudo. These scripts use thekubectlcommand to interact with the Kubernetes API. It is necessary to ensure the target Kubernetes cluster is accessible to the root user.To confirm that the root user has access to the Kubernetes API, run the following command: sudo kubectl -n nms get podsIf the result is error-free and the output is the list of currently running pods/nodes the root user has the required access. If the root user does not have the required access, you will need to configure the root user to have Kubernetes API access, or provide the script with the location of the Kubernetes configuration via the environment variable KUBECONFIG. For example:KUBECONFIG=/etc/kubernetes/admin.confIn the example above, /etc/kubernetes/admin.confis the default configuration location of a Kubernetes cluster. If the configuration location is different for the target Kubernetes cluster, update the location accordingly.
- 
Utility pod To back up and restore NGINX Management Suite in a Kubernetes cluster, you need to install the utilitypod in your Kubernetes cluster. For each module you want to back up and restore, you need to configure theutilitypod accordingly:- 
Update your Helm Deployment values.yaml file, add the utility: trueline underglobalto enable the utility pod, and the required sections undernmsModulesto back up and restore API Connectivity Manager. Example below:global: utility: true nmsModules : nms—acm: enabled: true addClaimsToUtility: true
- 
Upgrade your NGINX Management Suite deployment to apply the changes. 
- 
Download the NGINX Management Suite Helm chart for your currently installed version of NGINX Management Suite: helm repo add nginx-stable https://helm.nginx.com/stable helm repo update helm pull nginx-stable/nms tar zxvf nms-<version>.tgz
 
- 
To back up NGINX Management Suite deployed in a Kubernetes cluster, follow these steps:
- 
Copy the backup script k8s-backup.shextracted fromnms-<version>.tgzto your working directory:cp nms-<version>/charts/nms-hybrid/backup-restore/k8s-backup.sh .
- 
Make the scripts executable: chmod +x k8s-backup.sh
- 
Run the backup script: ./k8s-backup.shNote: The backup script does not need theutilitypod orsudopermissions to create a backup.
- 
The command will ask for the NGINX Management Suite namespace. The script will create a backup archive in the same directory called k8s-backup-<timestamp>.tar.gz.
To restore NGINX Management Suite and the installed modules deployed in the same Kubernetes cluster, follow these steps:
- 
Copy the restore script k8s-restore.shextracted fromnms-<version>.tgzto your working directory:- For NGINX Management Suite and API Connectivity Manager, copy k8s-restore.shfrom thenms-<version>/charts/nms-hybrid/backup-restore/directory.
 cp nms-<version>/nms/charts/nms-hybrid/backup-restore/k8s-restore.sh .
- For NGINX Management Suite and API Connectivity Manager, copy 
- 
Make the scripts executable: chmod +x k8s-restore.sh
- 
Copy your k8s-backup-<timestamp>.tar.gzfile to the same directory as thek8s-restore.shscript.
- 
Run the restore script: sudo KUBECONFIG=/etc/kubernetes/admin.conf ./k8s-restore.sh -i k8s-backup-<timestamp>.tar.gz -rIn the command above, /etc/kubernetes/admin.confis the default configuration location of a Kubernetes cluster. If the configuration location is different for the target Kubernetes cluster, update the command accordingly.Note: The restore script needs root access to Kubernetes for the restore operation.
- 
The script will ask for the NGINX Management Suite namespace. Once the namespace has been provided, the script will use the specified backup archive. Note: The script will use theutilitypod to access all the mounted volumes to restore database directories and core secrets; andkubectlto restore the Kubernetes configmaps and secrets. Before starting the restoration, the script will stop all service pods and start theutilitypod. After finishing the restore, it will stop theutilitypod and start all service pods.
To restore NGINX Management Suite and the installed modules into a different Kubernetes cluster, follow these steps:
- 
Copy the restore script k8s-restore.shextracted fromnms-<version>.tgzto your working directory:- For NGINX Management Suite and API Connectivity Manager, copy k8s-restore.shfrom thenms-<version>/charts/nms-hybrid/backup-restore/directory.
 cp nms-<version>/nms/charts/nms-hybrid/backup-restore/k8s-restore.sh .
- For NGINX Management Suite and API Connectivity Manager, copy 
- 
Make the scripts executable: chmod +x k8s-restore.sh
- 
Copy your k8s-backup-<timestamp>.tar.gzfile to the same directory as thek8s-restore.shscript.
- 
Run the restore script: sudo KUBECONFIG=/etc/kubernetes/admin.conf ./k8s-restore.sh -i k8s-backup-<timestamp>.tar.gz -r -dIn the command above, /etc/kubernetes/admin.confis the default configuration location of a Kubernetes cluster. If the configuration location is different for the target Kubernetes cluster, update the command accordingly.Note: The restore script needs root access to Kubernetes for the restore operation.
- 
The script will ask for the NGINX Management Suite namespace. Once the namespace has been provided, the script will use the specified backup archive. 
The restore script will only restore the databases and core secrets. If you want to restore the user passwords too, run the following commands on the extracted k8s-backup-<timestamp>.tar.gz file:
cd k8s-backup-<version>/secrets
kubectl -n nms apply -f nms-auth.json
kubectl -n nms delete pod apigw-<hash>ClickHouse supports backup and restore on versions greater than v22.
For instructions on how to back up and restore the ClickHouse database, please refer to ClickHouse’s documentation.
To check your ClickHouse version, run the following command:
clickhouse-server --version