Configuring NFS backup on an existing HA cluster

You can configure Network File System (NFS) for an existing high-availability cluster.

About this task

Warning:

Large backups, such as data backups, can take a long time to complete because the backups are generated directly in the mounted folder over the network. Unless a network interruption occurs, these backups usually complete successfully, but can take 14-19 hours. As an alternative, you could leave your backup directory local and have a script copy the backup to a mounted NFS share.

If you use NFS or a Windows share for offboard storage, your system can lock and cause an outage. This practice is not supported by IBM QRadar.

If you choose to use NFS or a Windows share anyway, they can be used only for daily backup data, such as the /store/backup directory. You cannot use NFS or a Windows share for storing active data, which includes the PostgreSQL and ariel databases. If you do use NFS or a Windows share, they might cause database corruption or performance issues.

Restriction: Do not create your new backup location under the /store file system. Use a different directory, such as /backup or /nfs.

Procedure

  1. Use SSH to log in to the primary HA host as the root user.
  2. Start NFS services by typing the following commands:
    systemctl enable rpcbind
    systemctl start rpcbind
    
  3. Add the following line to the /opt/qradar/ha/fstab.back file.
    nfsserver:/nfs/export/path /<backuppath> nfs rw,soft,intr,noac 0 0

    You might need to adjust the settings for the NFS mount point to accommodate your configuration.

  4. Add the same line to the /etc/fstab file, preceded by #HA.
    #HA nfsserver:/nfs/export/path /<backuppath>  nfs rw,soft,intr,noac 0 0

    You might need to adjust the settings for the NFS mount point to accommodate your configuration.

  5. Repeat steps 1 - 4 on the secondary HA host.
  6. Move your backup files from the existing directory on the primary HA host to a temporary location by typing the following commands:
    cd /store/
    mv backup backup.local
  7. Create a new backup directory on the primary HA host by typing the following command:
    mkdir /<backuppath> 
  8. Set the permissions for the NFS volume on the primary HA host by typing the following command:
    chown nobody:nobody /<backuppath> 
  9. On the navigation menu ( Navigation menu icon ), click Admin.
  10. Click Advanced > Deploy Full Configuration.
    All services restart.
  11. Verify that the /<backuppath> mount point is listed in the output of the following command on the primary and secondary HA hosts:
    grep MOUNTS /opt/qradar/ha/ha.conf
  12. Verify that /<backuppath> is mounted on the primary HA host by typing the following command:
    df -h
  13. On the primary HA host, move the backup files from the temporary location to the NFS volume by typing the following command:
    mv -f /store/backup.local/* /<backuppath> 
  14. Remove the backup.local directory by typing the following commands:
    cd /store
    rm -rf backup.local