Backup and restore
Table of Contents
Backup and restore
Prisma Cloud automatically backs up all data and configuration files periodically.
You can view all backups, make new backups, and restore specific backups from the Console UI.
You can also restore specific backups using the twistcli command line utility.
Prisma Cloud is implemented with containers that cleanly separate the application from its state and configuration data.
To back up a Prisma Cloud installation, only the files in the data directory need to be archived.
Because Prisma Cloud containers read their state from the files in the data directory, Prisma Cloud containers do not need to be backed up, and they can be installed and restarted from scratch.
When data recovery is enabled (default), Prisma Cloud archives its data files periodically and copies the backup file to a location you specify.
The default path to the data directory is /var/lib/twistlock.
You can specify a different path to the data directory in twistlock.cfg when you install Console.
Configuring automated backups
By default, automated backups are enabled.
With automated backups enabled, Prisma Cloud takes a daily, weekly, and monthly snapshots.
These are known as system backups.
To specify a different backup directory or to disable automated backups, modify twistlock.cfg and install (or reinstall) Prisma Cloud Console.
The following configuration options are available:
Configuration option | Description |
|---|---|
Specifies the directory where backups are saved. For example, archives could be saved on durable persistent storage, such as a volume from Amazon Elastic Block Storage (EBS). The default value is /var/lib/twistlock-backup. |
- Open twistlock.cfg for editing.
- Scroll down to the Data recovery section.
- Enable (or disable) automated back up by setting DATA_RECOVERY_ENABLED to true (or false).DATA_RECOVERY_ENABLED=trueSpecify the location where backups should be stored.DATA_RECOVERY_VOLUME=</PATH/TO/BACKUP/VOLUME>Load your new configuration settings.If you have not installed Prisma Cloud Console yet, follow the regular installation procedure. For more information, see Install Prisma Cloud.If Prisma Cloud has already been installed on your host, load your new twistlock.cfg file by re-running twistlock.sh. The following command assumes that twistlock.sh and your updated twistlock.cfg reside in the same directory.$ sudo ./twistlock.sh consoleMaking manual backupsPrisma Cloud automatically creates and maintains daily, weekly, and monthly backups. These are known as system backups. You can also make your own backups at any point in time. These are known as manual backups.
- Open Console.
- Go toManage > System > Backup & Restore.
- UnderManual backups, clickCreate backup.
- Give your backup a name, then clickCreate.Your backup file is stored in /var/lib/twistlock-backup in the storage volume allocated to Prisma Cloud Console. For a onebox installation, this would simply be the local file system of the host where Console runs. For a cluster, such as Kubernetes, this would be the persistent volume allocated to the Console service.
Restoring backups from the Console UIYou can restore Console from a backup file directly from within the Console UI. The Console UI lists all available backups.You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 19.11.512, you cannot restore a backup whose version is 19.11.506. To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it.- Open Console.
- Go toManage > System > Backup & Restore.
- ClickRestoreon one of the system or manual backups.
- After the database is reloaded from the backup file, restart Console.For a onebox installation, ssh to the host where Console runs, then run the following command:$ docker restart twistlock_consoleFor a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:// Get the name of Prisma Cloud Console pod: $ kubectl get po -n twistlock | grep console // Delete the Prisma Cloud Console pod: $ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlockIf any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly.If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible.
- Your host can access the volume where the Prisma Cloud backups are stored. By default, backups are stored in /var/lib/twistlock-backup, although this path might have been customized at install time.
- Your host can access the Prisma Cloud’s data volume. By default, the data volume is located in /var/lib/twistlock, although this path might have been customized at install time.
- Your version of twistcli matches the version of the backup you want to restore.
- Go to the directory where you unpacked the Prisma Cloud release.
- Run the twistcli restore command. Run twistcli restore --help to see all arguments.
- List all available backups. To list all files in the default backup folder (/var/lib/twistlock-backup), run twistcli restore without any arguments:$ ./twistcli restoreTo list all backup files in a specific location, run:$ ./twistcli restore <PATH/TO/FOLDER>Choose a file to restore by entering the number that corresponds with the backup file.For example:aqsa@aqsa-faith: ./twistcli restore --data-recovery-folder /var/lib/twistlock-backup/ Please select from the following: 0: backup1 2.5.91 2018-08-07 15:10:10 +0000 UTC 1: daily 2.5.91 2018-08-06 16:10:48 +0000 UTC 2: monthly 2.5.91 2018-08-06 16:10:48 +0000 UTC 3: weekly 2.5.91 2018-08-06 16:10:48 +0000 UTC Please enter your selection: 0After the database is reloaded from the backup file, re-install/restart Console.For a onebox installation, ssh to the host where Console runs, then rerun the installer:$ sudo ./twistlock.sh -ys oneboxFor a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:// Get the name of Prisma Cloud Console pod: $ kubectl get po -n twistlock | grep console // Delete the Prisma Cloud Console pod: $ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlockIf any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly.If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible.Restoring Fargate ConsoleWhen restoring a Console running on Fargate perform the following steps:
- Create a new Console Fargate task.
- Create Console’s first administrative account and enter your license.
- Restart the Console by stopping the task and allowing the scheduler to create a new Console task.
Downloading backup filesPrisma Cloud Compute lets you download backup files so that they can be copied to another location. Backup files can be downloaded from the Console. Go toManage > System > Backup & Restore, and clickActions > Exportto download a backup.
Restoring backups from twistcliYou can restore Console from a backup using twistcli. Use this restore flow when Console is unresponsive and you cannot access the UI to force a restore to a known good state.You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 2.5.88, you cannot restore a backup whose version is 2.5.50. To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it.Prerequisites:
