Backup and Restore
You can backup and restore the LoadMaster configuration settings as needed. You can take manual backups, but you can also save backups to a remote server. The complete configuration (the Virtual Service, GEO, ESP and base configuration) of the LoadMaster is saved to a single file on the server along with statistical data.
No SSL certificate information is contained within a backup.
The server must be running an FTP daemon or an SSH daemon. By default the remote protocol is FTP but that can be changed to SCP.
When restoring a configuration, you specify what parts of the configuration should be restored:
The Virtual Service configuration only
The LoadMaster base configuration only
The GEO configuration only
The ESP SSO configuration only
A combination of the Virtual Service, GEO, ESP and/or LoadMaster base configuration
The base configuration contains the information about the basic configuration of the LoadMaster, that is, the IP addresses of the various interfaces and the keyboard and time zone settings.
The Virtual Service configuration contains only the settings relating to the Virtual Services and the Real Servers.
The GEO configuration contains only the settings relating to the GEO configuration.
The ESP SSO configuration stores the SSO domains, LDAP endpoints and SSO custom image sets. This does not restore the Virtual Service settings - use the VS Configuration option to restore those.
Prior to restoring your configuration, please ensure that the LoadMaster receiving the configuration is in the same High Availability (HA) mode as when the backup was taken. The LoadMaster Base Configuration currently only allows migration from an individual unit to an individual unit or from HA to HA. This cannot currently cross HA configuration types. For more information on how to set up HA, refer to the Set Up HA section of the High Availability (HA) Feature Description.
You can configure automated backups on a daily or weekly basis.
This document provides further information on the backup and restore option in the LoadMaster.
This document is intended to be used by anyone interested in finding out more information about the backup and restore functionality in the LoadMaster.
Here are some important notes relating to backups:
Hypervisor-initiated snapshots are not supported.
Backups do not contain:
- User accounts, passwords, and privileges
- Passwords for certificates
- API keys
Access Control Lists (ACLs) are only restored with a base configuration backup.
If you restore a backup taken on LoadMaster version 7.2.58 or below (with legacy Web Application Firewall (WAF) enabled on some Virtual Services) to a fresh install of 7.2.59 or above (where legacy WAF is no longer available) - the LoadMaster will enable OWASP WAF on the affected Virtual Services with default WAF settings. If this happens, a message is displayed listing the Virtual Services and SubVSs that were affected. You should review these Virtual Services and make any modifications needed.
Follow the steps in the section below to perform a manual backup of LoadMaster settings and restore it:
1. Open the Web User Interface (WUI) of the LoadMaster to back up.
2. Navigate to System Configuration > System Administration > Backup/Restore.
3. Click Create Backup File.
4. The backup file downloads.
A date and timestamp are included in the backup filename.
If you run a backup while there is another backup already running, some files may not be included in the backup.
5. Open the WUI of the LoadMaster to restore the settings to.
6. Navigate to System Configuration > System Administration > Backup/Restore.
7. Click Choose File.
8. Browse to and select the backup file.
9. Select what configuration settings you want to restore.
Restoring the base configuration changes the IP address of the LoadMaster to the IP address of the LoadMaster that was backed up.
10. Click Restore Configuration.
Generate a backup that contains the Virtual Service configuration, the local appliance information and statistics data. The backup does not contain license information and SSL Certificate information.
For ease of identification, the backup file name includes the LoadMaster’s hostname.
By default, the LoadMaster includes a Netstat output in backups. When this is included, backups take longer to complete. You can stop including the Netstat output by disabling the Include Netstat in Backups option in the Debug Options screen (System Configuration > Logging Options > System Log Files > Debug Options).
Results of the top command are also included in LoadMaster backups. The setting used when running the top command are taken from the settings configured in the Debug Options screen (System Configuration > Logging Options > System Log Files > Debug Options).
When performing a restore (from a remote machine), select what information to restore:
- VS Configuration
- LoadMaster Base Configuration
- GEO Configuration
- ESP SSO Configuration (This restores the SSO domains, LDAP endpoints and SSO custom image sets. This does not restore the Virtual Service settings - use the VS Configuration option to restore those.)
- A combination of the options
It is not possible to restore a single machine configuration onto a HA machine or restore a HA configuration onto a single machine.
It is not possible to restore a configuration with ESP-enabled Virtual Services onto a machine which is not enabled for ESP.
If the Enable Automated Backups check box is selected, the system may be configured to perform daily or weekly automated backups.
For ease of identification, the backup file name includes the LoadMaster’s hostname.
If the automated backups are not performed at the correct time, ensure the NTP settings are configured correctly. For further information, refer to the Date/Time section.
When to Perform Backup
Specify the time (24-hour clock) of backup. Also select whether to backup daily or on a specific day of the week. When ready, click Set Backup Time .
In some situations, spurious error messages may be displayed in the system logs, such as:
Dec 8 12:27:01 Kemp_1 /usr/sbin/cron: (system) RELOAD (/etc/crontab)
Dec 8 12:27:01 Kemp_1 /usr/sbin/cron: (CRON) bad minute (/etc/crontab)
These can be safely ignored and the automated backup will likely still complete successfully.
Select the file transfer method for automated backups:
- Ftp (insecure)
- scp (secure)
- sftp (secure)
If using scp or sftp, the Private Key File must be supplied.
Set the username required to access remote host.
Private Key File
If using scp as the backup method, the Private Key File must be provided. This is the SSH private key generated using ssh-keygen on the remote scp server.
The Remote password is used when the Backup Method is set to Ftp (insecure). Set the password required to access remote host. This field accepts alphanumeric characters and most non-alphanumeric characters. Disallowed characters are as follows:
The delete character
Set the IP address or hostname of the remote host to which you want the backup archives sent, optionally followed by a colon and the port number. If no port is specified, the default port for the selected protocol is used.
Set the location on the remote host to store the file.
Test Automated Backups
Clicking the Test Backup button performs a test to check if the automated backup configuration is working correctly. You can view the results of the test within the System Message File.
To prepare the remote host for automated backups using SCP, perform the following steps from the remote server that the LoadMaster backups will be sent to:
1. Run the ssh-keygen command to generate the public/private RSA key pair.
2. Do not assign a passphrase (leave the value empty).
3. By default, the following files are created in the /home/user/.ssh/ directory:
- id_rsa (private key file) - this file will be uploaded to the LoadMaster.
- id_rsa.pub (public key file) - this value must be copied into the appropriate files on the remote host.
4. Run the ssh-copy-id command to copy the public key information into the authorized_keys and known_hosts files: ssh-copy-id user@server.
5. The /home/user/.ssh directory now has the following files:
6. Export the private key (id_rsa) from the server.
7. Upload the private key (id_rsa) as the Private Key File in the LoadMaster.
8. Ensure to create a backup directory on the server and enter this path as the Remote Pathname in the LoadMaster, for example, /home/user/LMbackups.
This document was last updated on 03 August 2023.