JumpServer is a widely used open-source bastion host designed to provide secure access and management for your IT infrastructure. Whether you are performing routine maintenance or migrating to a new environment, a robust backup and recovery strategy is essential to ensure data integrity and service continuity.
This guide provides a comprehensive walkthrough on how to back up your JumpServer data and restore it to a new server.
Understanding JumpServer Data Structure
Before starting, it is crucial to understand that JumpServer data is categorized into two main components:
• Database Data: Includes user information, asset details, account credentials, operation logs, and command records.
• Static Files: Includes session recordings (replays), system logs, images, and configuration files.
By default, static files are stored in the /data/jumpserver directory.
Step 1: Backing Up Data on the Source Server
Backing Up the Database
On your current JumpServer instance, execute the following command to back up the database:
./jmsctl.sh backup_db
The backup file and the current configuration will be saved in /data/jumpserver/backups. The filename will follow these formats:
• PostgreSQL (EE): jumpserver-vX.X.X-ee-yyyy-mm-dd_HH:mm:ss.dump.
• MySQL/MariaDB: jumpserver-vX.X.X-yyyy-mm-dd_HH:mm:ss.sql.
Backing Up the Configurations
Copy the value of BOOTSTRAP_TOKEN and SECRET_KEY from the configuration file /opt/jumpserver/config/config.txt .
Backing Up Static Files
To ensure session recordings and other media are preserved, you can use rsync to back up the static file directories. For example, to back up replays:
# Replace /backup/path with your actual backup destination
rsync -avh /data/jumpserver/core/data/media/replay/ /backup/path/replay_backup/
Note: If you have a custom path for static files, adjust the command accordingly.
Step 2: Transferring Backups to the New Server
Once the backup files are generated, transfer the .dump or .sql database file and the static file archives to the new server.
Important: You must also copy the original configuration details, specifically the BOOTSTRAP_TOKEN and SECRET_KEY from the source environment. These keys are mandatory for decrypting data on the new server.
Step 3: Deploying JumpServer on the New Server
Deploy a brand new JumpServer instance using the same version of installation package with current JumpServer environment.
Step 4: Restoring Data to the New Server
Prerequisites for Cross-Environment Recovery
To successfully restore data to a new server, ensure the following requirements are met:
1. Version Consistency: The database version on the new server must match the version used on the source server.
2. Matching Keys: The BOOTSTRAP_TOKEN and SECRET_KEY in the new environment's configuration file must be identical to those of the source environment.
3. Data Alignment: Ensure the static files (replays) match the database records, otherwise, you may encounter issues when attempting to view historical session recordings.
Restoring the Database
Set the value of BOOTSTRAP_TOKEN and SECRET_KEY from the configuration file /opt/jumpserver/config/config.txt to be the same with the current environment.
Run the restoration command on the new server, pointing to the backup file you transferred:
jmsctl restore_db /path/to/your/backup/jumpserver-vX.X.X-yyyy-mm-dd.dump
(Replace the path with the actual location of your backup file).
Restoring Static Files
Copy the static files back into their corresponding directories (e.g., /data/jumpserver/core/data/media/) on the new server to ensure the system can associate logs with their respective recording files.
5. Best Practices and Tips
• Shared Storage: For multi-node deployments, it is highly recommended to use a shared storage solution like NFS for static files to prevent data inconsistency between nodes.
• Automate Backups: Integrate the backup commands into a cron job to ensure regular data protection.
• Verify Restores: Periodically test your backup files in a staging environment to ensure they are functional and complete.
By following this guide, you can ensure a smooth transition and reliable data protection for your JumpServer environment. For more advanced configurations, please refer to the official JumpServer documentation.