Connecting a Yandex BareMetal server to Yandex Cloud Backup
In Cloud Backup, you can configure BareMetal server backup.
BareMetal and the server backup feature will be released at the Preview stage in Q4 2024.
The following server operating systems are supported:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
To connect a server to Yandex Cloud Backup:
- Prepare your cloud.
- Create a service account.
- Activate Cloud Backup.
- Lease a test server.
- Connect to the server.
- Install a backup agent.
- Link your server to a backup policy.
- Take a backup of your server.
- Restore your server from a backup.
See also How to cancel a lease and delete resources.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.
Required paid resources
Currently, BareMetal and the server backup feature are offered at no charge.
Create a service account
-
In the management console, select the folder you want to lease a BareMetal server in.
-
At the top of the page, go to the Service accounts tab.
-
Click Create service account.
-
Enter a name for the service account. The name format requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Click Add role and select the
backup.editorrole. -
Click Create.
-
To select the service account you created earlier, click the row with its name.
-
In the top panel, click Create new key.
-
Select Create authorized key.
-
Select an encryption algorithm and click Create.
-
In the window that opens, click Download file with keys and then click Close.
You will need the authorized key of the service account in later steps.
Activate Cloud Backup
To activate Cloud Backup, you need at least the backup.editor role for the folder where you want to lease a server and connect it to Cloud Backup.
-
In the management console, select the folder where you want to lease a server and connect it to Cloud Backup.
-
In the list of services, select Cloud Backup.
-
If you have not activated Cloud Backup yet, click Activate.
If there is no Activate button, Cloud Backup is already activated. Proceed to the next step.
After activation, the system automatically creates the following backup policies:
Default daily: Daily incremental backup with the last 15 backups retained.Default weekly: Weekly incremental backup with the last 15 backups retained.Default monthly: Monthly incremental backup with the last 15 backups retained.
Lease a test server
If you are already leasing a server with an appropriate OS, go to Connect to the server. Make sure to check the network permissions you need to configure on the server.
-
In the management console, select the folder you want to lease a server in.
-
In the list of services, select BareMetal.
-
Click Lease server.
-
Select the
ru-central1-mavailability zone. -
Select the
ru-central1-m3pool. -
Under Configuration:
-
Select the
BA-i103-S-10Gserver configuration. -
Configure the disk layout:
- Click Configure disk layout.
- Keep the default layout and click Save.
-
-
Under Image, select the
Ubuntu 22.04 LTSimage. -
Under Lease conditions, specify:
- Number of servers:
1 - Lease duration:
1 month
- Number of servers:
-
Under Network settings:
-
Click Create a private subnet.
-
Optionally, if you need to enable DHCP to assign IP addresses automatically, use the Routing settings section.
-
Enter
bm-subnetworkfor the subnet name and click Create subnet. -
In the Public address field, select
Automatically.For the Cloud Backup agent to exchange data with the backup provider servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table:
Port range Protocol Destination name CIDR blocks 80TCPCIDR213.180.193.0/2480TCPCIDR213.180.204.0/24443TCPCIDR84.47.172.0/24443TCPCIDR84.201.181.0/24443TCPCIDR178.176.128.0/24443TCPCIDR213.180.193.0/24443TCPCIDR213.180.204.0/247770-7800TCPCIDR84.47.172.0/248443TCPCIDR84.47.172.0/2444445TCPCIDR51.250.1.0/24
-
-
Under Access:
- Generate a password for the root user. To do this, click Generate next to the Password field.
Warning
Once you lease a server, you will no longer be able to view the password. Make sure to save the password in a secure location right away.
- In the Public SSH key field, paste the contents of the public key file. You need to create an SSH key pair yourself.
-
Under Server information, enter the server Name:
bm-server. -
Click Lease server.
Save the server name and ID for use in the later steps.
Connect to the server
- In the management console, select the folder the server belongs to.
- In the list of services, select BareMetal.
- In the row with the server you need, click and select Start KVM console.
- In the window that opens, click KVM console.
To connect to a server, specify its public IP address, which you can find in the management console on the server page (the Public address field of Network settings).
-
In the terminal, run this command:
ssh root@<server_public_IP_address>If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established. ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? -
Type
yesin the terminal and press Enter. -
Enter the password you specified when creating the server and press Enter.
To connect to a server, specify its public IP address, which you can find in the management console on the server page (the Public address field of Network settings).
Make sure the Windows account has read permissions for the folder containing the keys.
-
To connect to the server, run the following command in the command line:
ssh root@<server_public_IP_address>If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established. ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********. Are you sure you want to continue connecting (yes/no/[fingerprint])? -
Type
yesin the terminal and press Enter. -
Enter the password you specified when creating the server and press Enter.
Install a backup agent
-
Copy the file with the service account authorized key you created earlier to the server. To do this, run this command on the local machine:
scp <path_to_authorized_key_file_on_local_machine> \ root@<server_public_IP_address>:<absolute_path_to_folder_on_server> -
Install the Yandex Cloud CLI. To do this, run this command on the server:
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash -
Authenticate in the Yandex Cloud CLI as a service account:
yc config set service-account-key <absolute_path_to_authorized_key> -
Get an IAM token:
yc iam create-token -
Install the jq utility:
apt update && apt install -y jq -
Install the backup agent:
wget https://storage.yandexcloud.net/backup-distributions/agent_installer_bms.sh && \ bash agent_installer_bms.sh \ -i "`<server_ID>`-`date +%s`" \ -n "`<server_name>`-`date +%Y%m%d.%H%M%S`" \ -t "`<IAM_token>`"Wait for the message informing you the agent is registered:
... Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********
Link your server to a backup policy
-
Get a list of resources connected to Cloud Backup. To do this, run this command on the local machine:
yc backup resource listThe server connected to Cloud Backup will be displayed with
BMSas itsTYPE.Save the server ID (
INSTANCE ID). -
Get a list of backup policies:
yc backup policy listSave the
IDof the policy you want to link to the server. -
Link your server to a backup policy:
yc backup policy apply \ --id <policy_ID> \ --instance-ids="<server_ID>"
Take a backup of your server
To take a server backup at a time other than the scheduled time defined in a backup policy, run this command:
yc backup policy execute \
--id <policy_ID> \
--instance-id <server_ID>
Wait for the operation to complete.
Also, you can run the command in asynchronous mode using the --async parameter and track the backup process using the yc backup resource list-tasks command.
Restore your server from a backup
-
Get a list of server backups:
yc backup backup list \ --instance-id <server_ID>Save the backup
ID. -
Restore your server from the backup:
yc backup backup recover \ --source-backup-id="<backup_ID>" \ --destination-instance-id="<server_ID>"Wait for the operation to complete.
Also, you can run the command in asynchronous mode using the
--asyncparameter and track the backup process using the yc backup resource list-tasks command.
How to cancel a lease and delete resources
- Cancel a BareMetal server lease.
- Delete the backup in Cloud Backup using the CLI.