Updated Backup section #4103
Updated Backup section #4103
Conversation
|
@fspmarshall @awly PTAL: as I've incorporated some of your recent feedback and suggestions. |
There was a problem hiding this comment.
This PR made me realize how incoherent our backup/restore story is.
We leak too much implementation detail to the user and don't have good naming for various pieces of data we store.
It also doesn't seem to be possible to migrate audit log or session recordings between backends.
docs/4.3/admin-guide.md
Outdated
|
|
||
| | Backend | Recommend Backup Strategy | | ||
| |-|-| | ||
| | dir ( local filesystem ) | Copy `data_dir/storage` and use `tctl get all` to get local state. | |
There was a problem hiding this comment.
I'd rephrase the strategy as: "Backup /var/lib/teleport/storage directory and the output of tctl get all".
Also, if a user backs up /var/lib/teleport, is there any reason to do tctl get all?
There was a problem hiding this comment.
I think the idea with tctl get all was that the format would be YAML and therefore backend agnostic, so theoretically you could dump out the CAs, users etc and then restore these into a different backend.
|
@travelton TIL about code suggestions...
|
Co-authored-by: Travis Swientek <tswientek@gravitational.com>
Co-authored-by: Gus Luxton <gus@gravitational.com>
Co-authored-by: Gus Luxton <gus@gravitational.com>
Co-authored-by: Travis Swientek <tswientek@gravitational.com>
Co-authored-by: Travis Swientek <tswientek@gravitational.com>
Co-authored-by: Travis Swientek <tswientek@gravitational.com>
Correct, it has been requested by customers before especially to load in session recordings into a Teleport UI. I think our stance has been, we recommend you ship it off to long term storage and use |
|
retest this please |
Co-authored-by: Gus Luxton <gus@gravitational.com>
A bunch of customers have been confused with our recommend backup instructions, I hope this makes things clearer.