Release notes
Manage protection of cloud-native application data
Suggest changes
PDFs
Monitor jobs
You can monitor the status of the jobs that have been initiated in your working environments. This allows you to see the jobs that have completed successfully, those currently in progress, and those that have failed so you can diagnose and fix any problems.
|
The scheduled jobs will be listed in the BlueXP Job monitor page after a delay of 5 minutes (maximum) from the job completion time. |
For more information, refer to Monitor job status.
Maintenance of Oracle database hosts
An admin can manually put the database hosts in maintenance mode to perform maintenance tasks on the hosts. During upgrade, the hosts are automatically put to maintenance mode and after upgrade, the hosts are automatically switched to production mode.
When the hosts are put in maintenance mode, the on-demand operations fail and the scheduled jobs are skipped.
|
|
You cannot verify if any jobs are running for the resources on the hosts before putting the hosts in maintenance mode. |
-
In the BlueXP UI, click Protection > Backup and recovery > Applications
-
Select Oracle as the application type.
-
Click Settings > Hosts.
-
Perform one of the following actions:
If you… Do this… Want to put the host in maintenance mode
Click
corresponding to the host and select Enable maintenance mode.Want to bring the host out of maintenance mode
Click
corresponding to the host that is under maintenance and select Disable maintenance mode.
Audit data
When you either run an API directly or use the UI to make the API call to any of the externally exposed APIs of the BlueXP backup and recovery for applications, the request details such as headers, role, request body, and API information will be logged in the BlueXP timeline and the audit entries are retained in the timeline forever. The status and error response of the API call are also audited post operation completion. In the case of asynchronous API responses like jobs, the job id also gets logged as part of response.
BlueXP backup and recovery for applications log the entries such as host IP, request body, operation name, who triggered, some headers, and the operation state of the API.
View backup details
You can view total number of backups created, policies used for creating backups, database version, and agent ID.
-
Click Backup and recovery > Applications.
-
Click
corresponding to the application and click View Details.
|
The agent ID is associated to the Connector. If a Connector that was used during registering the SAP HANA host no longer exists, the subsequent backups of that application will fail because the agent ID of the new Connector is different. You should modify the Connector id in the host. For information, see Update the Connector Details. |
Delete clone
You can delete a clone if you no longer require.
-
Click
adjacent to Filter By and select Clone options > Clone parents. -
Click
corresponding to the application and click View Details. -
In the Database Details page, click
adjacent to Filter By and select Clone. -
Click
corresponding to the clone that you want to delete and click Delete. -
(Optional) Select the force delete checkbox.
Update the Connector Details
You should deploy a new Connector, if the Connector that was used during registering the application host no longer exists or is corrupted. After deploying the new connector, you should run the connector-update API to update the Connector details for all hosts registered using the old connector.
After updating the Connector details for Oracle or SAP HANA hosts, perform the following to ensure that the Connector details were updated successfully.
-
Login into BlueXP Connector VM and perform the following steps:
-
Validate that the plug-in is reachable from the Connector by running the below command from the Connector.
docker exec -it cloudmanager_scs_cloud curl -ik https://<FQDN or IP of the plug-in host>:<plug-in port>/getVersion --cert/config/client/certificate/certificate.pem --key/config/client/certificate/key.pem -
Obtain the base mount path.
sudo docker volume ls | grep scs_cloud_volume | awk {'print $2'} | xargs sudo docker volume inspect | grep Mountpoint -
Copy certificate.pem from <base_mount_path>/client/certificate/ path of the Connector VM to /var/opt/snapcenter/spl/etc/ on the plug-in host.
-
-
Log in to the plug-in host and perform the following steps:
-
Navigate to /var/opt/snapcenter/spl/etc and run the keytool command to import the certificate.pem file.
keytool -import -alias agentcert -file certificate.pem -keystore keystore.jks -deststorepass snapcenter -noprompt -
Restart SPL:
systemctl restart spl -
Perform one of the following:
If you are on… Do this… Oracle database host
-
Ensure that all the prerequisites are met.
-
Click Backup and recovery > Applications
-
Click
corresponding to the application and click View Details. -
Modify Connector ID.
SAP HANA database host
-
Ensure that all the prerequisites are met.
-
Run the following command:
curl --location --request PATCH 'https://snapcenter.cloudmanager.cloud.netapp.com/api/saphana/hosts/connector/update' \ --header 'x-account-id: <CM account-id>' \ --header 'Authorization: Bearer token' \ --header 'Content-Type: application/json' \ --data-raw '{ "old_connector_id": "Old connector id that no longer exists", "new_connector_id": "New connector Id"}Connector details will get updated successfully if all the hosts have SnapCenter Plug-in for SAP HANA service installed and running and also if they are all reachable from the new Connector.
-
-
Configure CA signed certificate
You can configure CA signed certificate if you want to include additional security to your environment.
Configure CA signed certificate for BlueXP Connector
The connector uses a self-signed certificate to communicate with plug-in. The self-signed certificate is imported to the keystore by the installation script. You can perform the following steps to replace the self-signed certificate with CA signed certificate.
-
Perform the following steps on the Connector to use the CA certificate as the client certificate when the Connector is connecting with the plug-in.
-
Login to Connector.
-
Run the following command to get the <base_mount_path>:
sudo docker volume ls | grep scs_cloud_volume | awk {'print $2'} | xargs sudo docker volume inspect | grep Mountpoint -
Delete all the existing files located at <base_mount_path>/client/certificate in the Connector.
-
Copy the CA signed certificate and key file to the <base_mount_path>/client/certificate in the Connector.
The file name should be certificate.pem and key.pem. The certificate.pem should have the entire chain of the certificates like intermediate CA and root CA.
-
Create the PKCS12 format of the certificate with the name certificate.p12 and keep at <base_mount_path>/client/certificate.
Example: openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
-
-
Perform the following steps on the plug-in host to validate the certificate sent by the Connector.
-
Log in to the plug-in host.
-
Copy the certificate.pem and certificates for all the intermediate CA and root CA from the Connector to the plug-in host at /var/opt/snapcenter/spl/etc/.
The format of the Intermediate CA and root CA certificate should be in .crt format. -
Navigate to /var/opt/snapcenter/spl/etc and run the keytool command to import the certificate.pem file.
keytool -import -alias agentcert -file certificate.pem -keystore keystore.jks -deststorepass snapcenter -noprompt -
Import the root CA and intermediate certificates.
keytool -import -trustcacerts -keystore keystore.jks -storepass snapcenter -alias trustedca -file <certificate.crt>
The certificate.crt refers to the certificates of root CA as well as intermediate CA. -
Restart SPL:
systemctl restart spl
-
Configure CA signed certificate for the plug-in
The CA certificate should have the same name as registered in Cloud Backup for the plug-in host.
-
Perform the following steps on the plug-in host to host the plug-in using the CA certificate.
-
Navigate to the folder containing the SPL's keystore /var/opt/snapcenter/spl/etc.
-
Create the PKCS12 format of the certificate having both certificate and key with alias splkeystore.
The certificate.pem should have the entire chain of the certificates like intermediate CA and root CA.
Example: openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12 -name splkeystore
-
Add the CA certificate created in the above step.
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS -srcalias splkeystore -destalias splkeystore -noprompt -
Verify the certificates.
keytool -list -v -keystore keystore.jks -
Restart SPL:
systemctl restart spl
-
-
Perform the following steps on the Connector so that the Connector can verify the plug-in's certificate.
-
Log in to the Connector as non-root user.
-
Run the following command to get the <base_mount_path>:
sudo docker volume ls | grep scs_cloud_volume | awk {'print $2'} | xargs sudo docker volume inspect | grep Mountpoint -
Copy the the root CA and intermediate CA files under the server directory.
cd <base_mount_path>
mkdir serverThe CA files should be in pem format.
-
Connect to the cloudmanager_scs_cloud and modify the enableCACert in config.yml to true.
sudo docker exec -t cloudmanager_scs_cloud sed -i 's/enableCACert: false/enableCACert: true/g' /opt/netapp/cloudmanager-scs-cloud/config/config.yml -
Restart cloudmanager_scs_cloud container.
sudo docker restart cloudmanager_scs_cloud
-
Access REST APIs
The REST APIs to protect the applications to cloud is available at: https://snapcenter.cloudmanager.cloud.netapp.com/api-doc/.
You should obtain the user token with federated authentication to access the REST APIs. For information to obtain the user token, refer to Create a user token with federated authentication.