Supporting or documenting backups (also credhub)

[engrun]

Hi We're using the concourse-up tool with success, nice work!

However, as concourse becomes more and more business critical, we would like to ask if there are any guidelines for backing up the system. This is also important for Credhub, given keys and secrets are stored there. We'll schedule a backup of the database, but is this enough? I'm not too familiar with the inner workings of credhub, so I'm not sure how the keys/secrets are actually stored.

In the long term it would be nice if the tool automatically enabled backups to S3 of everything vital, so that the tool could provision a new concourse instance from the backups instead of from scratch.

Alternatively, supporting hot or cold standby in a another region would be nice.

So, is it possible for you to provide som insight into what needs backing up and how to restore, and any thoughts on long-term plans for supporting backup/restore in the tool?

[archgrove]

@engrun credhub-cli in master now supports export, which is how we're backing up our Credhub data.

[will-gant]

Please see #20

We've got a story ongoing to introduce self-backups as a feature. We're looking at using a tool called (BOSH Backup and Restore)[https://github.com/cloudfoundry-incubator/bosh-backup-and-restore]. We may end up with a backup pipeline that uses the bbr CLI to make a backup artifact once a day, and then stores that in s3. To restore, you'd then need to get hold of that artifact and provide it to BBR's restore command (which also takes creds for your BOSH director).

As for what to backup and restore, I believe it's the ATC, Credhub and the UAA. Each now provides the necessary backup/restore scripts that BBR looks for when the above commands are run.

[crsimmons]

Closing this for now. credhub export is a good temporary solution for back ups. Internally we are exploring better solutions for solving this problem.