You can restore Red Hat Advanced Cluster Security for Kubernetes from an existing backup by using the roxctl command-line interface (CLI).

You can use the roxctl CLI to restore Red Hat Advanced Cluster Security for Kubernetes by using the restore command. You require either an API token or your administrator password to run this command.

Restoring by using an API token

You can restore the entire database of Red Hat Advanced Cluster Security for Kubernetes by using an API token.

Prerequisites
  • You must have a Red Hat Advanced Cluster Security for Kubernetes backup file.

  • You must have an API token with the administrator role.

  • You must have installed the roxctl CLI.

Procedure
  1. Set the ROX_API_TOKEN and the CENTRAL_ADDRESS environment variables:

    $ export ROX_API_TOKEN=<api_token>
    $ export CENTRAL_ADDRESS=<address>:<port_number>
  2. Run the restore command:

    $ roxctl -e "$CENTRAL_ADDRESS" central db restore <backup_file>

Restoring by using the administrator password

You can restore the entire database of Red Hat Advanced Cluster Security for Kubernetes by using your administrator password.

Prerequisites
  • You must have a Red Hat Advanced Cluster Security for Kubernetes backup file.

  • You must have the administrator password.

  • You must have installed the roxctl CLI.

Procedure
  1. Set the CENTRAL_ADDRESS environment variable:

    $ export CENTRAL_ADDRESS=<address>:<port_number>
  2. Run the restore command:

    $ roxctl -p <admin_password> -e "$CENTRAL_ADDRESS" central db restore <backup_file>

Resuming the restore operation

During a restore operation, if your connection is interrupted or you need to go offline, you can resume the restore operation.

  • If you do not have access to the machine running the resume operation, use the roxctl central db restore status command to check the status of an ongoing restore operation.

  • In case of connection interruptions, the roxctl CLI automatically tries to restore a task when the connection becomes available. The automatic connection retries depend on the duration specified by the timeout option.

  • Use the --timeout option to specify the time in seconds, minutes, or hours, after which the roxctl CLI stops trying to resume a restore operation. If not specified, the default timeout is 10 minutes (10m).

  • If a restore operation is stuck or if you want to cancel it, use the roxctl central db restore cancel command to cancel an ongoing restore operation.

  • If a restore operation is stuck, or you have canceled it, or it timed out, you can resume the previous restore by re-running the original command.

  • During interruptions, Red Hat Advanced Cluster Security for Kubernetes caches an ongoing restore operation for 24 hours. You can resume this operation by re-running the original restore command.

  • The --timeout option only governs client-side connection retries and does not affect the 24 hours server-side restore cache.

  • You cannot resume restore operations across restarts of the Central pod.

  • If a restore operation is interrupted, you must restart it within 24 hours and before Central restarts, otherwise Red Hat Advanced Cluster Security for Kubernetes cancels the restore operation.