S3 Backup Restore Tool

Owned by Rumena Zlatkova (Deactivated)
Last updated: Dec 07, 2023 by Bala Harish A(AC)
10 min read

The S3 Backup Restore Tool is the standalone utility for performing DR from the S3 backup bucket, either to the original cluster or to an empty cluster that is meant to replace the original. See S3 Backup Feeds.

Once the data is backed up in S3, the restore tool allows both examining a backup and controlling how, what, and where it is restored:

  • List all domains and buckets, or within a domain, with the logical space used for each.

  • List all objects within a bucket or unnamed objects in a domain, optionally with sizes and paging.

  • Restore either the complete cluster contents or a list of domains, buckets, or individual objects to restore. 

  • Rerun the restore, should any part of it fail to complete.

  • Partition the restoration tasks across multiple instances of the command line tool, to run them in parallel.

Installing the Restore Tool

The S3 Backup Restore tool has a separate install package available by Support request. Install it on one or more (for parallel restores) systems where the restore processes run.

Required

The S3 Backup Restore Tool must be installed on a system that is running RHEL/CentOS 7.

Preparation (One-Time)

The swarmrestore package is delivered as a Python pip3 source distribution. Each machine needs to be prepared to be able to install this and future versions of swarmrestore.

  1. As root, run the following command:

    yum install python3

  2. Verify version 3.6 is installed:

    python3 --version

  3. Upgrade pip

pip3 install --upgrade pip

Installation

Uninstall Python 2 generation of the tool (caringo-swarmrestore-1.0.x.tar.gz) if installed:

Rerun this installation when a new version of swarmrestore is obtained:

  1. Copy the latest version of the swarmrestore package to the server.

  2. Run the following as root:

  3. swarmrestore is likely in /usr/local/bin and is already in the path.

  4. Repeat for any additional servers if planning to perform partitioning for parallel restores.

Restore Tool Settings

The tool uses a configuration file, .swarmrestore.cfg, because the file contains sensitive passwords. The tool warns if the configuration file is not access-protected (chmod mode 600 or 400).

The configuration file follows the format of Swarm Storage settings files, using sections listing name = value pairs. These setting names map to the S3 Backup feed definition, where the values have the same meaning.

  1. Locate the sample configuration file where it is installed:

  2. Copy the file into the home directory and rename it, and open it for editing:

sample-.swarmrestore.cfg

Section

Settings

Section

Settings

[s3] 

  • host - The hostname of the S3 service.

  • port - The port to use for the S3 service. Use 443 or else 80, if SSL (sslOption) is disabled.

  • accessKeyID - The S3 access key ID.

  • secretAccessKey - The S3 secret access key.

  • bucketName - The name of the destination bucket in S3.

  • sslOption - The S3 connection constraint, with one of two values:

    • "trusted" (the default) specifies use of SSL and requires a trusted server certificate from the destination server.

    • “none” disables use of SSL. Use for testing and troubleshooting, and change the port to 80.

[s3]

archival

Set these additional parameters if using an S3 bucket with an archival storage class (Glacier, Glacier Deep Archive):

  • performArchiveRetrieval - Whether restoration from archival storage is needed. Performing a restore does not incur any expenses for the bucket owner if false (default), .

  • retrievalTier - Which S3 Glacier retrieval tier to use for restoration: ‘Standard' (default), 'Expedited', or 'Bulk'. Each tier has its own cost and expected restoration time; see Amazon S3 Storage Classes.

  • accountID - Specifies the 9-digit AWS account ID of the bucket owner, granting the tool permission to incur archive restoration expenses at the tier requested. This setting appears in the x-amz-expected-bucket-owner header on the restore object request.

  • activeLifetimeDays - How many days an object restored from archive should remain active before expiring (returning to archival storage). The default is 7 (1 week).

[forwardProxy] 

This section is for use with an optional forward proxy:

  • host - The forward proxy hostname or IP address.

  • port - The forward proxy host to use.

  • username - (optional) The user name.

  • password - (optional) The password.

[log] 

The same log settings as the Swarm cluster may be used; identify the logs by looking for those with the component "RESTORE" if done so.

  • host - The log host. Leave blank to disable logging.

  • port - (optional) The log port. Defaults to 514.

  • file - (optional) The log filename. Accepts the value of “stdout” for logging to the console screen. Defaults to /dev/null.

  • level - The log level. Defaults to 30 (Warning). Levels are the same used by Swarm: 20 (Info), 15 (Audit), 10 (Debug).

[swarm] 

  • host - A list of host names or IP addresses of Swarm nodes or Gateway nodes.

  • port - (optional) The SCSP port. Defaults to 80.

  • user - The cluster administrator user name, usually "admin".

  • password - The cluster administrator password.

Additional Restore Configuration

  • Gateway: Add the IP of the machine where the Restore tool runs to the Gateway Configuration scsp.allowSwarmAdminIP if communicating with a Swarm cluster via Gateway.

Using the Restore Tool

Full Cluster Restore

Before undertaking a restore of a large cluster, contact DataCore Support. They help balance the speed of the restore with bandwidth constraints by examining the space used by the S3 backup bucket, estimating the bandwidth needed, and recommending best use of the -p command line option (for multiple simultaneously running restore commands on different hosts). They also advise on whether a forward proxy is needed, to reduce bandwidth usage.

The AWS bucket may be pulled out of cold storage before the full cluster restore by changing the storage class to Standard if using an AWS Glacier storage class.

The restoration tool runs using batch-style operation with commands given on the command line. The tool logs the actions to the log file or server in the log configuration section. The restoration tool uses the following command format:

Specifying Objects

<objectspec>, or object specification, refers to how the path to the Swarm object to be targeted is referenced. It may be a domain name, a bucket name, a named object, an unnamed UUID, or an historical version of an object.

Options:

  • --help - Displays a summary of the current configuration. 

  • --version - Reports the version of the tool.

  • ls --help - Displays help on the ls command, for listing and enumerating. 

  • restore --help - Displays help on the restore command, for selective restore and disaster recovery. 

ls Subcommand

Enumeration and selection are handled by the ls command, which is modeled after the Linux command ls and whose results are captured with standard Linux stdout. Use the command to visualize what domains and buckets are backed up in S3 and are available to be restored. The output is sorted by name and interactively paginated to help manage large result sets by default.

The ls subcommand has this format:

Command options, which can be combined (for example, -Rvl): 

  • -R or --recursive - Recursively lists the given domain or bucket, or else the entire cluster. Without this option, the command lists the top-level contents of the object.

  • -v or --versions - List previous versions of versioned objects. Versions are not listed by default.

  • -l or --long - Lists details for each item returned in the output:

    • Creation date

    • Content length of the body

    • ETag

    • Archive status:

      • AN - Archived; not available for restoration

      • AR - Archived with an archive restore in progress; not available for restoration

      • AA - Archived with a copy available for restoration

      • OK - Not archived and fully available

    • Objectspec

    • Alias UUID, if the object is a domain or bucket

  • <objectspec> - If none, the command runs across the entire contents of the S3 backup. If present, filters the command to a specific domain or bucket (context object) in Swarm. Use this format:

Cluster

 

Domain

mydomain/

Bucket

mydomain/mybucket/

Named Object

mydomain/mybucket/myobject/name/with/slashes.jpg

Named Version

mydomain/mybucket/myobject/name/with/slashes.jpg//645f3912802bb4c31311afc46de2cfc3

Unnamed Object

mydomain/06ea262a860af23504261f50c09a6b29 (no domain if untenanted)

Unnamed Version

mydomain/06ea262a860af23504261f50c09a6b29//137a88d550041ecda9b8ec4bc36ebea2

When running the command without any options, it returns the list of domains that are included in this S3 bucket for the Swarm cluster:

Run a command like this if wanting a complete accounting of every object backed up for a specific domain, redirecting to an output file:

restore Subcommand

Object restoration and verification is handled by the restore subcommand, which has the following format:

<objectspec> - If none, applies the command to the entire cluster backup. If present, filters the command to a specific domain, bucket, object, or object version.
To target a command to a specific context (domain/bucket) or content object in Swarm, format the type of object as follows:

Cluster

 

Domain

mydomain/

Bucket

mydomain/mybucket/

Named Object

mydomain/mybucket/myobject/name/with/slashes.jpg

Named Version

mydomain/mybucket/myobject/name/with/slashes.jpg//645f3912802bb4c31311afc46de2cfc3

Unnamed Object

mydomain/06ea262a860af23504261f50c09a6b29 (no domain if untenanted)

Unnamed Version

mydomain/06ea262a860af23504261f50c09a6b29//137a88d550041ecda9b8ec4bc36ebea2

Any number of command options can be used, and the short forms may be combined with a single dash (-Rv). The <objectspecs>, -R, and -v options iterate over objects the same way as the ls command.

Options:

  • -R or --recursive - Recursively restore domains, buckets, or the entire cluster with an empty object spec. See above for what is iterated over when -R is not used.

  • -v or --versions - Include previous versions of versioned objects. They are not included by default.

  • -f <file> or --file <file> - Use objectspecs from a file instead of the command line.

  • -p <count>/<total> or --partition <count>/<total> - Partition work for a large restore job (but every instance restores buckets and domains before objects).

    • Example: To run 4 instances in parallel, configure each option to be one of the series: -p 1/4, -p -2/4, -p -3/4, -p -4/4

  • -n or ---noop - Perform the checking of a restore, but do not restore any objects.

    • Does not change the cluster state. The option can be used before and after a restore, as both a pre-check and a verification.

  • <objectspecs> - Any number; newlines separate objects. If none, the top level of the cluster’s backup contents is the scope.

    • Using no object specification with the command options -Rv causes Swarm to restore all backed up objects in the entire cluster, including any historical versions of versioned objects.

What is Restored: Restore copies an object from S3 to the cluster if the cluster object is missing or else older than the S3 object. Note: context objects restore before the content they contain: restore first restores any domains or buckets needed before restoring objects within them.

Output of Restore: At the end of the restoration, the tool reports the number of objects restored and the number of objects skipped, for being either identical to or newer than the backed up copy. The command output lists each object spec with its status:

  • current - The object was not restored because the target cluster already has the same version of the object.

  • older - The object was not restored because it is older than the one in the target cluster.

  • obsolete - The object was not restored because the cluster does not allow the object to be written. Usually it means the object is deleted.

  • needed - The object needs restoration, but the -n option was used.

  • restored - The object was successfully restored.

  • nocontext - The object cannot be restored because its parent domain or bucket cannot be restored.

  • failure - The object cannot be restored. Consult the logs for details.

  • archived - The object is archived and the restore tool is not configured for archive restoration. This is a failure condition.

  • initiated - The object is archived and the tool has issued an object restoration request. See the Amazon S3 API RestoreObject Request Syntax. This is also a failure condition, but the object is counted in the archive retrieval initiated stats. It is these operations that incur expense to the bucket owner by the restore tool.

  • ongoing - The object is in archive and a restoration request has already been initiated. Restoration from archive is in progress. This is also a failure condition.

Rate of Restore: Restoration may take a long time run, especially if recursion (-R) is used on domains or buckets. To boost the rate of restore, install the S3 Backup Restore tool on multiple servers and then run the restore command with partitioning parameters (-p) across all instances of the tool, which allows restoring faster in parallel, with minimal overlap.

Headers for Audit: When the S3 Backup feed writes an object to the S3 bucket, it adds to the S3 copy a header (Castor-System-Tiered) that captures when and from where the object was tiered. When the S3 Backup Restore tool writes the S3 object back to Swarm, it includes that S3 header and then adds another one of the same, to capture when and from where the object was restored. These paired headers (both named Castor-System-Tiered) provide the audit trail of the object's movement to and from S3. Swarm persists these headers but does not include them in Entity-MD5 or Header-MD5 calculations. The dates are of the same format as Last-Modified (RFC 7232, section 2.2). See SCSP Headers.

Audit Headers

 

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.