This is a collection of Concourse tasks for backing up a Pivotal Cloud Foundry installation using bbr.
Running regular backups (at least every 24 hours) and storing multiple copies of backup artifacts in different datacenters is highly recommended. The time Concourse resource can be added to the pipeline to trigger backups regularly. There are a variety of storage resources such as S3 that can be used to move backups to storage. A list of Concourse resources can be found here.
bbr-pipeline-tasks-repo
: this repository
om-installation
: a directory containing a installation.zip generated by exporting the Operations Manager installation.
SKIP_SSL_VALIDATION
: if true, ssl validation will be skipped. Defaults to falseOPSMAN_URL
: The OpsManager URLCLIENT_ID
: Client ID for accessing OpsManager. If empty, the OPSMAN_USERNAME and OPSMAN_PASSWORD credentials will be usedCLIENT_SECRET
: Client Secret for accessing OpsManagerOPSMAN_USERNAME
: The OpsManager usernameOPSMAN_PASSWORD
: The OpsManager password
To use this task you will need either:
- a Concourse worker with access to your BOSH Director and ERT/PAS VMs. You can find an example template for deploying an external worker in a different network to your Concouse deployment here
- or, provide the
OPSMAN_PRIVATE_KEY
to use an SSH tunnel via the Ops Manager VM. Please note, using an SSH tunnel may increase the time taken to drain backup artifacts from the ERT/PAS VMs. Backup artifacts can be very large and using a proxy will be a significant overhead on network performance.
N.B. this task will run bbr deployment backup
from the Concourse worker. Ensure that the Concourse worker has enough disk space to accommodate the ERT/PAS backup artifact.
bbr-pipeline-tasks-repo
: this repositorybinary
: a directory containing a executablebbr
file
ert-backup-artifact
: a directory containing ert-backup.tar generated by backing up ERT.
SKIP_SSL_VALIDATION
: if true, ssl validation will be skipped. Defaults to falseOPSMAN_URL
: The OpsManager URLCLIENT_ID
: Client ID for accessing OpsManager. If empty, the OPSMAN_USERNAME and OPSMAN_PASSWORD credentials will be usedCLIENT_SECRET
: Client Secret for accessing OpsManagerOPSMAN_USERNAME
: The OpsManager usernameOPSMAN_PASSWORD
: The OpsManager passwordOPSMAN_PRIVATE_KEY
: (optional) The OpsManager private key. If provided, the task will export BOSH_ALL_PROXY, which is used bybbr
v1.2.6+ to create an SSH tunnel via the Ops Manager VM.
To use this task you will need either:
- a Concourse worker with access to your BOSH Director. You can find an example template for deploying an external worker in a different network to your Concouse deployment here
- or, provide the
OPSMAN_PRIVATE_KEY
to use an SSH tunnel via the Ops Manager VM. Please note, using an SSH tunnel may increase the time taken to drain backup artifacts from the BOSH director. Backup artifacts can be very large and using a proxy will be a significant overhead on network performance.
N.B. this task will run bbr director backup
from the Concourse worker. Ensure that the Concourse worker has enough disk space to accommodate the BOSH Director backup artifact.
bbr-pipeline-tasks-repo
: this repositorybinary
: a directory containing a executablebbr
file
director-backup-artifact
: a directory containing director-backup.tar generated by backing up the Director.
SKIP_SSL_VALIDATION
: if true, ssl validation will be skipped. Defaults to falseOPSMAN_URL
: The OpsManager URLCLIENT_ID
: Client ID for accessing OpsManager. If empty, the OPSMAN_USERNAME and OPSMAN_PASSWORD credentials will be usedCLIENT_SECRET
: Client Secret for accessing OpsManagerOPSMAN_USERNAME
: The OpsManager usernameOPSMAN_PASSWORD
: The OpsManager passwordOPSMAN_PRIVATE_KEY
: (optional) The OpsManager private key. If provided, the task will export BOSH_ALL_PROXY, which is used bybbr
v1.2.6+ to create an SSH tunnel via the Ops Manager VM.
You can set the example pipeline with fly:
cp secrets.sample.yml secrets.yml
# update secrets.yml with real secrets
fly --target <target> \
set-pipeline \
--pipeline bbr-pipeline \
--config pipeline.sample.yml \
--load-vars-from secrets.yml