Backup and Restore
1 Backup and Restore
You can backup and restore the LoadMaster configuration settings as needed. You can take manual backups, but you can also save backups to a remote server. The complete configuration (the Virtual Service, GEO, ESP and base configuration) of the LoadMaster is saved to a single file on the server along with statistical data.
No SSL certificate information is contained within a backup.
The server must be running an FTP daemon or an SSH daemon. By default the remote protocol is FTP but that can be changed to SCP.
When restoring a configuration, you specify what parts of the configuration should be restored:
The Virtual Service configuration only
The LoadMaster base configuration only
The GEO configuration only
The ESP SSO configuration only
A combination of the Virtual Service, GEO, ESP and/or LoadMaster base configuration
The base configuration contains the information about the basic configuration of the LoadMaster, that is, the IP addresses of the various interfaces and the keyboard and time zone settings.
The Virtual Service configuration contains only the settings relating to the Virtual Services and the Real Servers.
The GEO configuration contains only the settings relating to the GEO configuration.
The ESP SSO configuration stores the SSO domains, LDAP endpoints and SSO custom image sets. This does not restore the Virtual Service settings - use the VS Configuration option to restore those.
When performing a restore on the standby machine of a High Availability (HA) cluster only the base configuration can be restored. The Virtual Service configuration is taken from the active machine.
You can configure automated backups on a daily or weekly basis.
1.1 Document Purpose
This document provides further information on the backup and restore option in the Kemp LoadMaster.
1.2 Intended Audience
This document is intended to be used by anyone interested in finding out more information about the backup and restore functionality in the LoadMaster.
1.3 Related Firmware Version
Published with LMOS version 18.104.22.168 LTS. This document has not required substantial changes since 22.214.171.124 LTS. However, the content is in sync with the latest LoadMaster LTS firmware.
2 Take a Backup and Restore It
Follow the steps in the section below to perform a manual backup of LoadMaster settings and restore it:
1. Open the Web User Interface (WUI) of the LoadMaster to back up.
2. Navigate to System Configuration > System Administration > Backup/Restore.
3. Click Create Backup File.
4. The backup file downloads.
A date and timestamp are included in the backup filename.
If you run a backup while there is another backup already running, some files may not be included in the backup.
5. Open the WUI of the LoadMaster to restore the settings to.
6. Navigate to System Configuration > System Administration > Backup/Restore.
7. Click Choose File.
8. Browse to and select the backup file.
9. Select what configuration settings you want to restore.
Restoring the base configuration changes the IP address of the LoadMaster to the IP address of the LoadMaster that was backed up.
10. Click Restore Configuration.
3 Backup/Restore WUI Options
Generate a backup that contains the Virtual Service configuration, the local appliance information and statistics data. The backup does not contain license information and SSL Certificate information.
For ease of identification, the backup file name includes the LoadMaster's hostname.
By default, the LoadMaster includes a Netstat output in backups. When this is included, backups take longer to complete. You can stop including the Netstat output by disabling the Include Netstat in Backups option in the Debug Options screen (System Configuration > Logging Options > System Log Files > Debug Options).
Results of the top command are also included in LoadMaster backups. The setting used when running the top command are taken from the settings configured in the Debug Options screen (System Configuration > Logging Options > System Log Files > Debug Options).
When performing a restore (from a remote machine), select what information to restore:
- VS Configuration
- LoadMaster Base Configuration
- GEO Configuration
- ESP SSO Configuration (This restores the SSO domains, LDAP endpoints and SSO custom image sets. This does not restore the Virtual Service settings - use the VS Configuration option to restore those.)
- A combination of the options
It is not possible to restore a single machine configuration onto a HA machine or restore a HA configuration onto a single machine.
It is not possible to restore a configuration with ESP-enabled Virtual Services onto a machine which is not enabled for ESP.
If the Enable Automated Backups check box is selected, the system may be configured to perform daily or weekly automated backups.
For ease of identification, the backup file name includes the LoadMaster's hostname.
If the automated backups are not performed at the correct time, ensure the NTP settings are configured correctly. For further information, refer to the Date/Time section.
When to Perform Backup
Specify the time (24-hour clock) of backup. Also select whether to backup daily or on a specific day of the week. When ready, click Set Backup Time .
In some situations, spurious error messages may be displayed in the system logs, such as:
Dec 8 12:27:01 Kemp_1 /usr/sbin/cron: (system) RELOAD (/etc/crontab)
Dec 8 12:27:01 Kemp_1 /usr/sbin/cron: (CRON) bad minute (/etc/crontab)
These can be safely ignored and the automated backup will likely still complete successfully.
Select the file transfer method for automated backups:
- Ftp (insecure)
- scp (secure)
- sftp (secure)
If using scp or sftp, the Private Key File must be supplied.
Set the username required to access remote host.
Private Key File
If using scp as the backup method, the Private Key File must be provided. This is the SSH private key generated using ssh-keygen on the remote scp server.
The Remote password is used when the Backup Method is set to Ftp (insecure). Set the password required to access remote host. This field accepts alphanumeric characters and most non-alphanumeric characters. Disallowed characters are as follows:
The delete character
Set the IP address or hostname of the remote host to which you want the backup archives sent, optionally followed by a colon and the port number. If no port is specified, the default port for the selected protocol is used.
Set the location on the remote host to store the file.
Test Automated Backups
Clicking the Test Backup button performs a test to check if the automated backup configuration is working correctly. You can view the results of the test within the System Message File.
4 Preparing the Remote Host for Automated Backups using SCP
To prepare the remote host for automated backups using SCP, perform the following steps from the remote server that the LoadMaster backups will be sent to:
1. Run the ssh-keygen command to generate the public/private RSA key pair.
2. Do not assign a passphrase (leave the value empty).
3. By default, the following files are created in the /home/user/.ssh/ directory:
- id_rsa (private key file) - this file will be uploaded to the LoadMaster.
- id_rsa.pub (public key file) - this value must be copied into the appropriate files on the remote host.
4. Run the ssh-copy-id command to copy the public key information into the authorized_keys and known_hosts files: ssh-copy-id user@server.
5. The /home/user/.ssh directory now has the following files:
6. Export the private key (id_rsa) from the server.
7. Upload the private key (id_rsa) as the Private Key File in the LoadMaster.
8. Ensure to create a backup directory on the server and enter this path as the Remote Pathname in the LoadMaster, for example, /home/user/LMbackups.
Last Updated Date
This document was last updated on 22 March 2021.
The simplest way would be to reboot the LoadMaster. That way it would refresh the known_hosts file within it. Another way perhaps(unproven) is to re-do your automated backup settings.
Beyond that you would need someone from Kemp support to root into the device and delete that file for you. You can open up a ticket via email at firstname.lastname@example.org.
How do you fix a problem with the known_hosts after an upgrade of the server that is getting the backup file?
"Warning: the ECDSA host key for 'remoteserver.domain.com' differs from the key for the IP address '##.#.###.##' Offending key for IP in /root/.ssh/known_hosts:1 Matching host key in /root/.ssh/known_hosts:2