Enables or disables automated backups.
-
true
— Enables automated backups (default). -
false
— Disables automated backups.
Twistlock disaster recovery automatically backs up all data and configuration files periodically. You can view all backups, make new backups, and restore specific backups from the Console UI. You can also restore specific backups using the twistcli command line utility.
Twistlock is implemented with containers that cleanly separate the application from its state and configuration data. To back up a Twistlock installation, only the files in the data directory need to be archived. Because Twistlock containers read their state from the files in the data directory, Twistlock containers do not need to be backed up, and they can be installed and restarted from scratch.
When data recovery is enabled (default), Twistlock archives its data files periodically and copies the backup file to a location you specify. The default path to the data directory is /var/lib/twistlock. You can specify a different path to the data directory in twistlock.cfg when you install Console.
By default, automated backups are enabled. With automated backups enabled, Twistlock takes a daily, weekly, and monthly snapshots. These are known as system backups.
To specify a different backup directory or to disable automated backups, modify twistlock.cfg and install (or reinstall) Twistlock Console. The following configuration options are available:
Configuration option | Description |
---|---|
|
Enables or disables automated backups.
|
|
Specifies the directory where backups are saved. For example, archives could be saved on durable persistent storage, such as a volume from Amazon Elastic Block Storage (EBS). The default value is /var/lib/twistlock-backup. |
Open twistlock.cfg for editing.
Scroll down to the Data recovery section.
Enable (or disable) automated back up by setting DATA_RECOVERY_ENABLED to true (or false).
DATA_RECOVERY_ENABLED=true
Specify the location where backups should be stored.
DATA_RECOVERY_VOLUME=</PATH/TO/BACKUP/VOLUME>
Load your new configuration settings.
If you have not installed Twistlock yet, follow the regular installation procedure. For more information, see Install Twistlock.
If Twistlock has already been installed on your host, load your new twistlock.cfg file by re-running twistlock.sh. The following command assumes that twistlock.sh and your updated twistlock.cfg reside in the same directory.
$ sudo ./twistlock.sh console
Twistlock automatically creates and maintains daily, weekly, and monthly backups. These are known as system backups. You can also make your own backups at any point in time. These are known as manual backups.
Open Console.
Go to Manage > System > Backup & Restore.
Under Manual backups, click Create backup.
Give your backup a name, then click Create.
Your backup file is stored in /var/lib/twistlock-backup in the storage volume allocated to Twistlock Console. For a onebox installation, this would simply be the local file system of the host where Console runs. For a cluster, such as Kubernetes, this would be the persistent volume allocated to the Console service.
You can restore Console from a backup file directly from within the Console UI. The Console UI lists all available backups.
You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 2.5.88, you cannot restore a backup whose version is 2.5.50. To restore a different version of Console, install the Twistlock version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it. |
Open Console.
Go to Manage > System > Backup & Restore.
Click Restore on one of the system or manual backups.
After the database is reloaded from the backup file, restart Console.
For a onebox installation, ssh to the host where Console runs, then run the following command:
$ docker restart twistlock_console
For a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:
// Get the name of Twistlock Console pod:
$ kubectl get po -n twistlock | grep console
// Delete the Twistlock Console pod:
$ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlock
If any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly. |
If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible. |
You can also restore Console from a backup using twistcli. Use this restore flow when Console is unresponsive and you cannot access the UI to force a restore to a known good state.
You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 2.5.88, you cannot restore a backup whose version is 2.5.50. To restore a different version of Console, install the Twistlock version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it. |
Your host can access the volume where the Twistlock backups are stored. By default, backups are stored in /var/lib/twistlock-backup, although this path might have been customized at install time.
Your host can access the Twistlock’s data volume. By default, the data volume is located in /var/lib/twistlock, although this path might have been customized at install time.
Your version of twistcli matches the version of the backup you want to restore.
Go to the directory where you unpacked the Twistlock release.
Run the twistcli restore command. Run twistcli restore --help to see all arguments.
List all available backups. To list all files in the default backup folder (/var/lib/twistlock-backup), run twistcli restore without any arguments:
$ ./twistcli restore
To list all backup files in a specific location, run:
$ ./twistcli restore <PATH/TO/FOLDER>
Choose a file to restore by entering the number that corresponds with the backup file.
For example:
aqsa@aqsa-faith: ./twistcli restore --data-recovery-folder /var/lib/twistlock-backup/
Please select from the following:
0: backup1 2.5.91 2018-08-07 15:10:10 +0000 UTC
1: daily 2.5.91 2018-08-06 16:10:48 +0000 UTC
2: monthly 2.5.91 2018-08-06 16:10:48 +0000 UTC
3: weekly 2.5.91 2018-08-06 16:10:48 +0000 UTC
Please enter your selection:
0
After the database is reloaded from the backup file, re-install/restart Console.
For a onebox installation, ssh to the host where Console runs, then rerun the installer:
$ sudo ./twistlock.sh -ys onebox
For a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:
// Get the name of Twistlock Console pod:
$ kubectl get po -n twistlock | grep console
// Delete the Twistlock Console pod:
$ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlock
If any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly. |
If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible. |