Backing Up and Restoring HA Appliance Configurations
This section provides information on how to back up and restore configuration for paired high-availability (HA) Solace PubSub+ appliances running Guaranteed Messaging.
Do not use this procedure for event broker services in PubSub+ Cloud. Using this procedure in PubSub+ Cloud may result in a degradation of service. Instead, see Backing up Event Broker Services for more information.
Some configuration information is not backed up, including:
- product keys
- TLS/SSL server certificate files
- TLS/SSL server certificate configuration
- client certificates for the following:
- Message VPN bridges
- replication bridges
- rest delivery points
- Dynamic Message Routing (DMR)
- Multi-Node Routing (MNR)
- Kerberos Keytabs
- trusted-root configuration (for appliances prior to software version 8.2.0 and software event brokers prior to version 8.7.0)
- software broker storage group
- software broker scaling parameters
- monitoring agents running in the broker (Datadog, SolGeneos)
In addition, messaging data is not backed up, including:
- the guaranteed message spool
- queued messages
- replay log messages
Backing Up Configuration
The default backup procedure for paired appliances running Guaranteed Messaging is to run the copy current-config Privileged EXEC command.
However, before creating configuration file backups, always note the local state of Guaranteed Messaging activity on the paired appliances and observe the following:
- Creating the configuration file backup while Guaranteed Messaging is active captures the Guaranteed Messaging configuration at the time of backup.
- Creating the configuration file backup while Guaranteed Messaging is inactive (that is, while the mate appliance is active), captures the Guaranteed Messaging configuration from when this appliance was last active. Further, a backup of the inactive appliance contains the queue and topic endpoint configuration that was present at the time this appliance was last active.
- Queue and topic endpoint configuration changes are only acknowledged on the inactive paired appliance when it assumes the active role.
- Solace recommends using a naming scheme for the backed up Guaranteed Messaging configuration files to help identify the appliance and Guaranteed Messaging activity at the time of backup.
For example, consider the backups for paired appliance
R1andR2, whereR1is active, andR2is inactive:copy current-config config_R1_AD_activecopy current-config config_R2_AD_inactive
Rolling Back to a Previous Configuration
The default procedure for restoring the configuration files for redundant appliance pairs running Guaranteed Messaging service is to use the reload Privileged EXEC command as described below. The result is the restoration of a previously backed up Guaranteed Messaging service configuration.
During the following procedure, all spooled messages are lost.
To rollback to a previous Guaranteed Messaging configuration used by a redundant appliance pair, use the following procedure:
- Select a backup configuration file for the primary appliance that you want to roll back to. The configuration file must have been taken while Guaranteed Messaging service was active.
- Rollback to the selected backup configuration file on the primary appliance as follows:
solace1# configure
solace1(configure)# redundancy
solace1(configure/redundancy)# shutdown
solace1(configure/redundancy)# exit
solace1(configure)# hardware message-spool
solace1(configure/hardware/message-spool)# shutdown
solace1(configure/hardware/message-spool)# endsolace1# admin
solace1(admin)# system message-spool
solace1(admin/system/message-spool)# reset
solace1(admin/system/message-spool)# end
solace1# reload config <config-file>The appliance restarts with the restored configuration. All spooled messages are lost.
solace1# configure
solace1(configure)# hardware message-spool
solace1(configure/hardware/message-spool)# shutdown
solace1(configure/hardware/message-spool)# end - On the secondary appliance, shut down the redundancy and message-spool, and then reset the message-spool:
solace2# configure
solace2(configure)# redundancy
solace2(configure/redundancy)# shutdown
solace2(configure/redundancy)# exit
solace2(configure)# hardware message-spool
solace2(configure/hardware/message-spool)# shutdown
solace2(configure/hardware/message-spool)# endsolace2# admin
solace2(admin)# system message-spool
solace2(admin/system/message-spool)# reset
solace2(admin/system/message-spool)# end - Assert disk ownership on the primary appliance, and start the message spool and redundancy:
solace1# admin
solace1(admin)# system message-spool
solace1(admin/system/message-spool)# assert-disk-ownership
solace1(admin/system/message-spool)# endsolace1# configure
solace1(configure)# hardware message-spool
solace1(configure/hardware/message-spool)# no shutdown primary
solace1(configure/hardware/message-spool)# exit
solace1(configure)# redundancy
solace1(configure/redundancy)# no shutdown - When the primary appliance is back in service, select the backup configuration file for the mate appliance.
- Run the following command to rollback to the selected backup configuration file on the secondary appliance:
solace2# reload config <config-file>
The appliance restarts with the restored configuration. All spooled messages are lost.
- Check activity status on both appliances:
local active/local activeon the first appliancemate active/mate activeon the second appliance
- If the backup virtual router on the primary appliance is
local active, you may wish to restore the usual state by doing arevert-activityon the primary appliance:solace1# admin
solace1(admin)# redundancy revert-activity
solace1(admin)# end -
If the HA pair is using SSL, restore the server certificate by reloading it. For instructions to load server certificates, see Loading Server Certificate Files.
- The configuration for redundant pair of appliances may need reconciliation. Use Config-Sync to assert one appliance’s configuration over its mate. For more information, see Asserting Event Brokers VPN Configurations.