Skip to main content

Back up a tenant

This topic describes how to back up the data of a tenant. OBTenantBackupPolicy and OBTenantBackup resources are key to tenant data backup. You can use OBTenantBackupPolicy to define backup policies and OBTenantBackup to define backup jobs. A backup policy specifies the interval of log archiving and data backup parameters for a tenant in an OceanBase cluster. When a backup policy takes effect, a backup job is created to execute specific operations. The backup destination can be a Network File System (NFS) volume or an Alibaba Cloud Object Storage Service (OSS) bucket.

Prerequisites

To back up data to an NFS volume, make sure that backup volume has been configured when the OceanBase cluster is deployed and can be accessed, and that you have the read and write permissions on the NFS volume.

Configure backup policies

Sample configurations

You can use the configuration file to specify a backup policy for a specific tenant. Here is an example:

apiVersion: oceanbase.oceanbase.com/v1alpha1
kind: OBTenantBackupPolicy
metadata:
  name: backup-policy-example
  namespace: oceanbase
spec:
  obClusterName: "test"
  tenantName: "t1"
  tenantSecret: "t1-credential"
  tenantCRName: "tenant-cr"
  jobKeepWindow: "1d"
  suspend: false
  dataClean:
    recoveryWindow: "8d"
  logArchive:
    destination:
      type: "OSS"
      path: "oss://bucket/archive?host=oss-cn-hangzhou.aliyuncs.com"
      ossAccessSecret: "oss-access"
      # type: "NFS"
      # path: "t1/logArchive"
    switchPieceInterval: "1d"
    binding: Optional
  dataBackup:
    destination:
      type: "OSS"
      path: "oss://bucket/backup?host=oss-cn-hangzhou.aliyuncs.com"
      ossAccessSecret: "oss-access"
      # type: "NFS"
      # path: "t1/dataBackup"
    fullCrontab: "30 0 * * 6"
    incrementalCrontab: "30 1 * * *"
    encryptionSecret: t1-encryption

Configuration description

The parameters are described as follows:

  • obClusterName: the name of the OceanBase cluster in the same namespace.
  • tenantName: the tenant name in the OceanBase cluster.
  • tenantSecret: the name of the secret resource that contains the password of the root user of the specified tenant, whose name is the value of the tenantName parameter.
  • tenantCRName: the name of the custom resources of the OceanBase Database tenant. If you specify this parameter, you do not need to specify the tenantName or tenantSecret parameter.
  • jobKeepWindow: the time window for which the resources for a backup job are retained.
  • suspend: specifies whether the backup job can be suspended. The default value is false.
  • dataClean: the configuration for the cleanup of expired backup data.
    • recoveryWindow: the time window for data recovery.
  • logArchive: the configuration for log archiving.
    • destination: the destination of the backup data.
    • switchPieceInterval: the switching interval of pieces of archived logs. The value range is [1d,7d]. The default value is 1d.
    • binding: the mode for prioritizing archiving and business. Optional and Mandatory modes are supported. By default, Optional mode is used.
  • dataBackup: the configuration for data backup.
    • destination: the destination of the backup data.
    • fullCrontab: the scheduled timestamp, in the cron expression format, when a full data backup job is triggered. For more information, visit https://crontab.guru/.
    • incrementalCrontab: the scheduled timestamp, in the cron expression format, when an incremental data backup job is triggered. For more information, visit https://crontab.guru/.
    • encryptionSecret: the name of the secret resource for data backup encryption.

The parameters are described as follows:

destination:

  • type: the type of the destination. Valid values are NFS and OSS.
  • path: the path of the backup destination. If you use an OSS backup destination, the path must start with oss://. If you use an NFS backup destination, you must specify a relative path, which must not start with /.
  • ossAccessSecret: the name of the secret resource that stores the OSS access credential. If you use an OSS backup destination, you must specify this parameter.

Here is the configuration of a sample tenantSecret resource:

apiVersion: v1
kind: Secret
metadata:
  name: tenant-root
  namespace: oceanbase
data:
  # base64 encoded
  password: ******

Here is the configuration of a sample encryptionSecret resource:

apiVersion: v1
kind: Secret
metadata:
  name: tenant-backup-encryption
  namespace: oceanbase
data:
  # base64 encoded
  password: ******

Here is the configuration of a sample ossAccessSecret resource:

apiVersion: v1
kind: Secret
metadata:
  name: oss-access
  namespace: obcluster
data:
  # base64 encoded
  accessId: ******
  accessKey: ******

Common operations

Initiate a backup job

Specify the name of the related secret resource as needed and run the following command to create the secret resource:

kubectl apply -f tenant-secret.yaml
kubectl apply -f backup-encryption.yaml
kubectl apply -f oss-access.yaml

Run the following command to create a tenant backup policy:

kubectl apply -f backup-policy.yaml

View the status of the backup policy

Run the following command to view the status of the backup policy:

kubectl get obtenantbackuppolicies.oceanbase.oceanbase.com -n oceanbase

The command output is as follows:

NAME                       STATUS    AGE     TENANTNAME   NEXTFULL              NEXTINCREMENTAL   FULLCRONTAB    INCREMENTALCRONTAB
backup-policy-example      RUNNING   2m46s   t1           2023-11-10 11:07:58                     */60 * * * *   */25 * * * *

View the status of the backup job

When a backup policy takes effect, a backup job is created to execute specific operations. You can run the following command to view the status of a backup job:

kubectl get obtenantbackups.oceanbase.oceanbase.com -n oceanbase

The command output is as follows:

NAME                                              TYPE      STATUS       TENANTNAME   STARTEDAT                    ENDEDAT
backup-policy-example-clean-20231110110746        CLEAN     RUNNING      t1                                        
backup-policy-example-full-20231110110756         FULL      SUCCESSFUL   t1           2023-11-10 11:08:06.952711   2023-11-10 11:13:31.079246
backup-policy-example-archive-20231110110746      ARCHIVE   RUNNING      t1           2023-11-10 11:07:50.139978   2023-11-10 11:13:50.128627

View details of the backup policy

You can view details of the backup policy by running the following two commands.

  • Run the kubectl get -o yaml command:
kubectl get -n oceanbase obtenantbackuppolicies.oceanbase.oceanbase.com backup-policy-example -o yaml

The command output is as follows:

apiVersion: oceanbase.oceanbase.com/v1alpha1
kind: OBTenantBackupPolicy
metadata:
  creationTimestamp: "2023-11-10T03:07:39Z"
  finalizers:
  - obtenantbackuppolicy.finalizers.oceanbase.com
  generation: 1
  name: backup-policy-example
  namespace: oceanbase
  resourceVersion: "775461"
  uid: 7ab40200-f849-434d-b1a5-6aad888cf42e
spec:
  dataBackup:
    destination:
      ossAccessSecret: oss-access
      path: oss://bucket/backup?host=oss-cn-hangzhou.aliyuncs.com
      type: OSS
    fullCrontab: '*/60 * * * *'
    incrementalCrontab: '*/25 * * * *'
    encryptionSecret: t1-encryption
  dataClean:
    recoveryWindow: 8d
  jobKeepWindow: 1d
  logArchive:
    destination:
      ossAccessSecret: oss-access
      path: oss://bucket/archive?host=oss-cn-hangzhou.aliyuncs.com
      type: OSS
    switchPieceInterval: 1d
  obClusterName: test
  tenantName: t1
  tenantSecret: t1-credential
status:
  latestArchiveLogJob:
    fields: values...
  latestFullBackupJob:
    fields: values...
  nextFull: "2023-11-10 12:00:00"
  nextIncremental: "2023-11-10 11:25:00"
  observedGeneration: 1
  status: RUNNING
  tenantCR:
    fields: values...
  tenantInfo:
    fields: values...
  • Run the kubectl describe command:
kubectl describe -n oceanbase obtenantbackuppolicies.oceanbase.oceanbase.com backup-policy-example

The command output is as follows:

Name:         backup-policy-example
Namespace:    oceanbase
Labels:       <none>
Annotations:  <none>
API Version:  oceanbase.oceanbase.com/v1alpha1
Kind:         OBTenantBackupPolicy
Metadata:
  Creation Timestamp:  2023-11-10T03:07:39Z
  Finalizers:
    obtenantbackuppolicy.finalizers.oceanbase.com
  Generation:        1
  Resource Version:  775477
  UID:               7ab40200-f849-434d-b1a5-6aad888cf42e
Spec:
  Data Backup:
    Destination:
      Oss Access Secret:  oss-access
      Path:               oss://bucket/backup?host=oss-cn-hangzhou.aliyuncs.com
      Type:               OSS
    Full Crontab:         */60 * * * *
    Incremental Crontab:  */25 * * * *
    Encryption Secret:    t1-encryption
  Data Clean:
    Recovery Window:  8d
  Job Keep Window:    1d
  Log Archive:
    Destination:
      Oss Access Secret:    oss-access
      Path:                 oss://bucket/archive?host=oss-cn-hangzhou.aliyuncs.com
      Type:                 OSS
    Switch Piece Interval:  1d
  Ob Cluster Name:          test
  Tenant Name:              t1
  Tenant Secret:            t1-credential
Status:
  Latest Archive Log Job:
    fields: values...
  Latest Full Backup Job:
    fields: values...
  Next Full:             2023-11-10 12:00:00
  Next Incremental:      2023-11-10 11:25:00
  Observed Generation:   1
  Status:                RUNNING
  Tenant CR:
    fields: values...
  Tenant Info:
    fields: values...
Events:
  Type    Reason  Age   From                             Message
  ----    ------  ----  ----                             -------
  Normal          12m   obtenantbackuppolicy-controller  init status