Introduction
This guide provides instructions on how to use the Terraform Enterprise Backup and Restore API by connecting directly to the server's private IP address. This method is useful for bypassing network components like load balancers or for operating in environments with DNS resolution challenges.
Use Case
You may need to use this procedure in the following scenarios:
-
Bypassing Load Balancer Limits: A load balancer in front of the Terraform Enterprise server may enforce a maximum request body size. During a restore operation, this can cause an
HTTP 413 Request Entity Too Largeerror. Connecting directly to the server's private IP bypasses the load balancer. - DNS Resolution Issues: In some environments, DNS resolution for the Terraform Enterprise hostname may not be available from the client machine where you are performing the backup or restore.
Procedure
Follow these steps to back up a source instance and restore it to a destination instance using private IP addresses.
1. Back Up the Source Terraform Enterprise Instance
Perform these steps from a client with network access to the source Terraform Enterprise server's private IP, or directly from the server itself.
-
Find and store the backup token from your source server.
$ export BACKUP_TOKEN=$(replicatedctl app-config export --template '{{.backup_token.Value}}') -
Create a
payload.jsonfile containing a password to encrypt the backup blob.$ cat > payload.json << EOF { "password": "befit-brakeman-footstep-unclasp"} EOF -
Retrieve the private IP address from the Replicated configuration on your source server.
$ replicatedctl params export --template '{{.LocalAddress}}' ## The command returns the private IP, for example: 192.168.78.179 -
Perform the backup using the server's private IP. This command uses
curlwith the--resolveflag to direct the request to the private IP while still using the correct hostname for the TLS certificate validation.Note: Replace
tfe_source.example.netwith your source server's hostname and192.168.78.179with the private IP you retrieved.$ curl -k --resolve tfe_source.example.net:443:192.168.78.179 \ --header "Authorization: Bearer $BACKUP_TOKEN" \ --request POST \ --data @payload.json \ --output backup.blob \ https://tfe_source.example.net/_backup/api/v1/backup
2. Restore to the Destination Terraform Enterprise Instance
After completing the backup, transfer the backup.blob and payload.json files to a client with access to the destination server's private IP, or directly onto the destination server.
-
Find and store the backup token for your destination server.
$ export RESTORE_TOKEN=$(replicatedctl app-config export --template '{{.backup_token.Value}}') -
Retrieve the private IP address from the Replicated configuration on your destination server.
$ replicatedctl params export --template '{{.LocalAddress}}' ## The command returns the private IP, for example: 10.0.103.149 -
Perform the restore using the destination server's private IP.
Note: Replace
tfe_destination.example.netwith your destination server's hostname and10.0.103.149with its private IP.$ curl -k --resolve tfe_destination.example.net:443:10.0.103.149 \ --header "Authorization: Bearer $RESTORE_TOKEN" \ --request POST \ --form config=@payload.json \ --form snapshot=@backup.blob \ https://tfe_destination.example.net/_backup/api/v1/restore ## snapshot applied successfully
-
After the restore process completes successfully, restart the Terraform Enterprise application to apply the new configuration.
$ replicatedctl app apply-config