This is a collection of Concourse tasks for backing up a Pivotal Cloud Foundry installation using bbr.

Running regular backups (at least every 24 hours) and storing multiple copies of backup artifacts in different datacenters is highly recommended. The time Concourse resource can be added to the pipeline to trigger backups regularly. There are a variety of storage resources such as S3 that can be used to move backups to storage. A list of Concourse resources can be found here.

• bbr-pipeline-tasks-repo: this repository

• om-installation: a directory containing a installation.zip generated by exporting the Operations Manager installation.

• SKIP_SSL_VALIDATION: if true, ssl validation will be skipped. Defaults to false
• OPSMAN_URL: The OpsManager URL
• CLIENT_ID: Client ID for accessing OpsManager. If empty, the OPSMAN_USERNAME and OPSMAN_PASSWORD credentials will be used
• CLIENT_SECRET: Client Secret for accessing OpsManager
• OPSMAN_USERNAME: The OpsManager username
• OPSMAN_PASSWORD: The OpsManager password

To use this task you will need either:

• a Concourse worker with access to your BOSH Director and ERT/PAS VMs. You can find an example template for deploying an external worker in a different network to your Concouse deployment here
• or, provide the OPSMAN_PRIVATE_KEY to use an SSH tunnel via the Ops Manager VM. Please note, using an SSH tunnel may increase the time taken to drain backup artifacts from the ERT/PAS VMs. Backup artifacts can be very large and using a proxy will be a significant overhead on network performance.

N.B. this task will run bbr deployment backup from the Concourse worker. Ensure that the Concourse worker has enough disk space to accommodate the ERT/PAS backup artifact.

• bbr-pipeline-tasks-repo: this repository
• binary: a directory containing a executable bbr file

• ert-backup-artifact: a directory containing ert-backup.tar generated by backing up ERT.

• SKIP_SSL_VALIDATION: if true, ssl validation will be skipped. Defaults to false
• OPSMAN_URL: The OpsManager URL
• CLIENT_ID: Client ID for accessing OpsManager. If empty, the OPSMAN_USERNAME and OPSMAN_PASSWORD credentials will be used
• CLIENT_SECRET: Client Secret for accessing OpsManager
• OPSMAN_USERNAME: The OpsManager username
• OPSMAN_PASSWORD: The OpsManager password
• OPSMAN_PRIVATE_KEY: (optional) The OpsManager private key. If provided, the task will export BOSH_ALL_PROXY, which is used by bbr v1.2.6+ to create an SSH tunnel via the Ops Manager VM.

To use this task you will need either:

• a Concourse worker with access to your BOSH Director. You can find an example template for deploying an external worker in a different network to your Concouse deployment here
• or, provide the OPSMAN_PRIVATE_KEY to use an SSH tunnel via the Ops Manager VM. Please note, using an SSH tunnel may increase the time taken to drain backup artifacts from the BOSH director. Backup artifacts can be very large and using a proxy will be a significant overhead on network performance.

N.B. this task will run bbr director backup from the Concourse worker. Ensure that the Concourse worker has enough disk space to accommodate the BOSH Director backup artifact.

• bbr-pipeline-tasks-repo: this repository
• binary: a directory containing a executable bbr file

• director-backup-artifact: a directory containing director-backup.tar generated by backing up the Director.

• SKIP_SSL_VALIDATION: if true, ssl validation will be skipped. Defaults to false
• OPSMAN_URL: The OpsManager URL
• CLIENT_ID: Client ID for accessing OpsManager. If empty, the OPSMAN_USERNAME and OPSMAN_PASSWORD credentials will be used
• CLIENT_SECRET: Client Secret for accessing OpsManager
• OPSMAN_USERNAME: The OpsManager username
• OPSMAN_PASSWORD: The OpsManager password
• OPSMAN_PRIVATE_KEY: (optional) The OpsManager private key. If provided, the task will export BOSH_ALL_PROXY, which is used by bbr v1.2.6+ to create an SSH tunnel via the Ops Manager VM.

You can set the example pipeline with fly:

cp secrets.sample.yml secrets.yml
# update secrets.yml with real secrets
fly --target <target> \
    set-pipeline \
    --pipeline bbr-pipeline \
    --config pipeline.sample.yml \
    --load-vars-from secrets.yml