CMS Maintenance

Database Backup and Restore

VM

1. Log in to the Artifactory site using Virsec-provided credentials from the local machine
2. Navigate to the directory cmsbase > utils >  <ReleaseNumber> > shellscripts. Download and Unzip mongoBackupRestore.zip
3. Execute the below commands for CMS DB backup and restore

./VM-BackupAndRestoreScript.sh -p <Backup_File_Path>   #To take the backup
./stop.sh   #stop all the CMS Services
sudo rm -rf /var/kafkavolume/ /var/zookeepervolume/ /var/lib/mongo/ /var/lib/redisvolume/ /varlib/jreports/  # Clear out existing volumes
docker-compose -f <CMS_Installation_Directory>/docker-compose-files/docker-compose-cms.yaml up -d --no-deps vsp-mongo   #To start only the Mongo Service
watch docker ps | grep mongo   # Ensure that the service is healthy
./VM-BackupAndRestoreScript.sh -b <Backup_File_Path/Filename> 
  #To restore the backup
./VM-BackupAndRestoreScript.sh -h   #To view the help menu
./stop.sh   #To stop the Mongo Service
./start.sh  #To start all the CMS Services

Kubernetes

1. Log in to the Artifactory site using Virsec-provided credentials from the local machine
2. Navigate to the directory cmsbase > utils >  <ReleaseNumber> > shellscripts. Download and Unzip mongoBackupRestore.zip
3. Take the backup using the below command: 
   ShellShell

   ./k8sbackupscript -p <Backup_File_Path>
   ./k8sbackupscript -h # to view help menu

4. Stop all the CMS services
5. Execute the below command on the worker node

   sudo rm -rf /home/virsec/kafkavolume

6. Execute the below commands for restoring backup from the Control-plane 

   kubectl apply -f <CMS_Installation_Directory>/cms_serviceperpod/infra/vsp_mongo.yaml  #To start MongoDB Service
   ./k8sRestoreScript.sh -b <Backup_File_Path/Filename> #To Restore Backup
   ./k8sRestoreScript.sh -h #To view the help menu
   ./vsp_deploy_cms.sh -s #To stop MongoDB Service

7. Start all the CMS services

VM Backup and Restore

CMS VM backup and restore is through capturing snapshot of the VM and restoring it as required. This section provides the process of snapshot capture and restore on vCenter Web Client and vSphere Client.

vCenter Web Client

1. Capture Snapshot of VM:
   1. Log in to the vCenter web client using valid credentials
   2. Right-click on the deployed VM and select Power > Power off to shut down the VM
   3. Right-click on the deployed VM and select Snapshot > Take Snapshot
   4. Give the preferred name and Description. Click OK
   5. Right-click on the deployed VM and select Power > Power On to start up the VM
2. Restoring VM to Captured Snapshot:
   1. Log in to the vCenter web client using valid credentials
   2. Right-click on the deployed VM and select Snapshot > Revert to Latest Snapshot
   3. On the confirmation screen, click Yes

vSphere Client

1. Capture Snapshot of VM: 
   1. Log in to the ESXi machine using root credentials through the vSphere client
   2. Right-click on the deployed VM and navigate to Snapshot > Take Snapshot
   3. Give the preferred name and Description. Click OK
2. Restoring VM to Captured Snapshot: 
   1. Log in to the ESXi machine using root credentials through the vSphere client
   2. Right-click on the deployed VM and select Snapshot > Snapshot Manager
   3. Choose the Snapshot to which the VM should be reverted. Click Go to
   4. Click Yes
   5. Click Close

Deploy Custom SSL Certificate

VSP provides default SSL certificates utilized for communication among various components. During CMS deployment, an option is provided to utilize custom SSL certificates instead of the VSP-provided default ones. Follow the steps below:

1. Identify and note the CMS Client Container ID and Dashboard Settings MFE Client Container ID(VM) using the below commands:
   1. VM

      docker ps | grep client
      docker ps | grep dashboard-settings

      
   2. Kubernetes

      docker ps | grep cms-client

       
2. Enable Shared Volume Mounts for Client Service
   1. Copy the custom certificates, key files and rootCA in the volume mount directory on the Master Node
      1. For VMs, copy on CMS VM directory: /var/lib/customer-certs
      2. For Kubernetes, copy on Master node directory: /home/virsec/customer-certs
3. Create the properties file vsp-cms-certs.properties in the root directory of the associated mount folder with the below content format:

   ssl_certificate_file_path=<PATH_TO_SSL_CERTIFICATE_FILE_AND_NAME>
   ssl_certificate_key_file_path=<PATH_TO_SSL_CERTIFICATE_KEY_FILE_AND_NAME>
   ssl_client_certificate_file_path=<PATH_TO_SSL_CLIENT_CERTIFICATE_FILE_AND_NAME>
   http_proxy_rootCA=<CERTIFICATE_FILENAME> 
   http_ldaps_rootCA=<LDAPS_CERTIFICATE_FILENAME>

   NOTE

   The property ssl_certificate_file_path is optional. But when it is used, ensure that the two properties ssl_certificate_file_path and ssl_certificate_key_file_path are used together.

   The property http_proxy_rootCA is optional. Utilize it when proxy server is applied for outbound call in the respective service.

   
   

4. After the property file creation, copy the files on the mount folder as mentioned in the properties file
5. For Kubernetes, execute the below command to apply the custom certificates

   - kubectl -n virsec create configmap cms-certs --from-file=./customer-certs/ --dry-run=client -o yaml | kubectl -n virsec apply -f -

6. Restart the CMS container: CMS Client and Dashboard Settings MFE Client using the below command. During restart, the CMS UI may be affected momentarily without any effect on other VSP features

   docker restart <container_id>

7. Verification
   1. After the container restart, log in to the CMS UI using valid credentials using a browser and verify the certificate in use
      
      NOTE

      Since the changes are made to a running container, if that container instance is restarted, the above configurations must be performed again.

      
      

8. (If required) For Kubernetes, execute the command below to delete the applied custom certificates
   ShellShell

   kubectl delete configmap cms-certs -n virsec
   kubectl -n virsec create configmap cms-certs