Connecting a Yandex BareMetal server to Cloud Backup
Note
BareMetal is at the Preview stage.
You can connect an existing BareMetal server to Cloud Backup and configure backups of its data.
For more information about connecting a BareMetal server to Cloud Backup when ordering it, see Leasing a Yandex BareMetal server with a connection to Cloud Backup.
For more information on managing BareMetal servers, see Step-by-step guides for Yandex BareMetal.
Connecting to Cloud Backup is supported for servers running the following operating systems:
- CentOS 7
- Debian 10.
- Debian 11.
- Ubuntu 16.04 LTS.
- Ubuntu 18.04 LTS.
- Ubuntu 20.04 LTS.
- Ubuntu 22.04 LTS.
- Ubuntu 24.04 LTS.
To connect an existing server to Cloud Backup:
- Get your cloud ready.
- Create a service account.
- Activate Cloud Backup.
- Lease a test server.
- Connect to the server.
- Install the Cloud Backup agent.
- Link the server to a backup policy.
- Run the backup process.
- Restore your server from backup.
See also How to cancel a lease and delete resources.
Get your cloud ready
Sign up in Yandex Cloud and create a billing account:
- Navigate to the management console and log in to Yandex Cloud or register a new account.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one and link a cloud to it.
If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Required paid resources
The infrastructure support cost includes:
- Server lease fee (see Yandex BareMetal pricing).
- Fee for the BareMetal server connected to Cloud Backup and the backup size (see Yandex Cloud Backup pricing).
Create a service account
-
In the management console, select the folder you want to lease a BareMetal server in.
-
From the list of services, select Identity and Access Management.
-
Click Create service account.
-
Enter a name for the service account. The naming requirements are as follows:
- It must be from 2 to 63 characters long.
- It can only contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
Click Add role and assign the
backup.editorandbaremetal.editorroles to the service account. -
Click Create.
-
To select the service account you created earlier, click the row with its name.
-
In the top panel, click Create new key.
-
Select Create authorized key.
-
Select an encryption algorithm and click Create.
-
In the window that opens, click Download file with keys and then click Close.
You will need the authorized key of the service account in the later steps.
Activate Cloud Backup
To activate Cloud Backup, you need at least the backup.editor role for the folder where you want to lease a server and connect it to Cloud Backup.
When you enable the service, the backup provider starts. For more information about the backup provider and data sent to it, see Service activation and backup provider.
-
In the management console, select the folder where you want to lease a server and connect it to Cloud Backup.
-
From the list of services, select Cloud Backup.
-
If you have not activated Cloud Backup yet, click Activate.
If there is no Activate button, Cloud Backup is already activated. Proceed to the next step.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.
-
View the description of the CLI command to activate the service:
yc backup provider activate --help -
Activate the service in the default folder:
yc backup provider activate --asyncWhere
--asyncdisplays the operation progress info. This is an optional parameter.Result:
id: cdgmnefxiatx******** description: activate provider created_at: "2024-10-14T09:03:47.960564Z" created_by: ajec1gaqcmtr******** modified_at: "2024-10-14T09:03:47.960564Z" done: true metadata: '@type': type.googleapis.com/yandex.cloud.backup.v1.ActivateProviderMetadata folder_id: b1go3el0d8fs******** response: '@type': type.googleapis.com/google.protobuf.Empty value: {}
After activation, the system automatically creates the following backup policies:
Default daily: Daily incremental backup with the last 15 backups retained.Default weekly: Weekly incremental backup with the last 15 backups retained.Default monthly: Monthly incremental backup with the last 15 backups retained.
If you prefer not to create them, use the --skip-default-policy parameter.
After activation, the system automatically creates the following backup policies:
Default daily: Daily incremental backup with the last 15 backups retained.Default weekly: Weekly incremental backup with the last 15 backups retained.Default monthly: Monthly incremental backup with the last 15 backups retained.
Lease a test server
If you are already leasing a server with an appropriate OS, go to Connect to the server. Make sure to check the network permissions you need to configure on the server.
-
In the management console, select the folder you want to lease a server in.
-
In the list of services, select BareMetal and click Lease server.
-
In the Availability zone field, select the availability zone the server will be leased in.
-
In the Pool field, select the pool the server will be leased from.
-
Under Configuration, select the appropriate server configuration.
-
(Optional) Under Disk, configure disk partitioning:
-
Click Configure disk layout.
-
Specify the partitioning parameters. To create a new partition, click Add partition.
To build RAID arrays and configure disk partitions yourself, click Remove RAID.
-
Click Save.
Note
The disk partitioning parameters are vital to have your server restored from a backup later on. For more information, see Restoring a VM or Yandex BareMetal server from a backup.
-
-
Under Image, select
Marketplaceand an OS supported in Cloud Backup. -
Under Lease conditions:
- In the Number of servers field, specify
1. -
In the Lease duration field, select a lease period:
1 day,1 month,3 months,6 months, or1 year.When this period expires, server lease will be automatically renewed for the same period. You cannot terminate the lease during the specified lease period, but you can refuse to extend the server lease further.
- In the Number of servers field, specify
-
Under Network settings:
-
In the Private subnet field, select an existing private subnet or click Create to create a new one.
-
In the Public address field, select a public IP address assignment method:
Automatic: To assign a random IP address.
-
From a dedicated subnet: To assign an IP address from the range of addresses in a dedicated public subnet.In the field that opens, select a public subnet or click Order to order a new one.
Warning
The public subnet does not have a DHCP server. In this case, on the network interface of a server connected to a public subnet, set up a static IP address from the subnet’s range of public IP addresses and you also need to set the default gateway address.
For the Cloud Backup agent to exchange data with the backup provider servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table:
Port range Protocol Destination name CIDR blocks 80TCPCIDR213.180.193.0/2480TCPCIDR213.180.204.0/24443TCPCIDR84.47.172.0/24443TCPCIDR84.201.181.0/24443TCPCIDR178.176.128.0/24443TCPCIDR213.180.193.0/24443TCPCIDR213.180.204.0/247770-7800TCPCIDR84.47.172.0/248443TCPCIDR84.47.172.0/2444445TCPCIDR51.250.1.0/24
-
-
Under Access:
-
In the Password field, use one of these options to create a password for the root user:
-
To generate a password for the root users, select
New passwordand click Generate.Warning
This option assumes that the user is responsible for password security. Save the password in a safe place. Yandex Cloud does not store this password, and you will not be able to view it once you lease the server.
-
To use the root user password saved in a Yandex Lockbox secret, select
Lockbox secret.In the Name, Version, and Key fields, select the secret, its version, and the key your password is saved in, respectively.
If you do not have a Yandex Lockbox secret, click Create to create it.
This option allows you either to set your own password (the
Customsecret type) or to use an automatically generated one (theGeneratedsecret type).
-
-
In the Public SSH key field, select the SSH key saved in your organization user profile.
If there are no SSH keys in your profile or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You will need to create a key pair for the SSH connection to a server yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If adding SSH keys by users to their profiles is disabled in the organization, the public SSH key you add will be saved only to the OS user profile of the new BareMetal server.
-
-
-
Under Server information:
- Enter the server name in the Name field.
- Optionally, add a server description in the Description field.
- Optionally, set labels in the Labels field.
-
-
Click Lease server.
Save the server name and ID for use in the later steps.
For more information on leasing a server, see the BareMetal documentation.
Connect to the server
- In the management console, select the folder the server belongs to.
- In the list of services, select BareMetal.
- In the row with the server, click and select Start KVM console.
- In the window that opens, click KVM console.
To establish a server connection, specify its public IP address which can be found in the management console, in the Public address field under Network settings on the server page.
-
In the terminal, run this command:
ssh root@<server_public_IP_address>If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established. ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? -
Type
yesinto the terminal and press Enter. -
Enter the password you specified when creating the server and press Enter.
To establish a server connection, specify its public IP address which can be found in the management console, in the Public address field under Network settings on the server page.
Make sure the Windows account has read permissions for the directory containing the keys.
-
To connect to the server, run the following command in the command line:
ssh root@<server_public_IP_address>If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established. ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********. Are you sure you want to continue connecting (yes/no/[fingerprint])? -
Type
yesinto the terminal and press Enter. -
Enter the password you specified when creating the server and press Enter.
Install the Cloud Backup agent
-
Copy the file with the service account authorized key you created earlier to the server. To do this, run this command on the local machine:
scp <path_to_authorized_key_file_on_local_machine> \ root@<server_public_IP_address>:<absolute_path_to_folder_on_server> -
Install the Yandex Cloud CLI. To do this, run this command on the server:
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash -
Install the required packages and utilities:
Debian/UbuntuCentOSapt update && apt install -y jqyum install epel-release -y && \ yum update -y && \ yum install jq -y && \ yum install wget -y -
Authenticate in the Yandex Cloud CLI as a service account:
yc config set service-account-key <absolute_path_to_authorized_key> -
Get an IAM token:
yc iam create-token -
Install the Cloud Backup agent specifying the service account IAM token you got earlier:
wget https://storage.yandexcloud.net/backup-distributions/agent_installer_bms.sh && \ sudo bash ./agent_installer_bms.sh \ -t=<IAM_token>Wait for the message informing you the Cloud Backup agent is registered:
... Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********
Link the server to a backup policy
You can create backups in Cloud Backup only as part of a backup policy. By default, BareMetal servers are not linked to any policy.
To link a server to a backup policy:
-
In the management console, select a folder where you want to link a server to a backup policy.
-
From the list of services, select Cloud Backup.
-
In the left-hand panel, select Backup policies.
-
Select the policy to link the server to.
Create a new backup policy if you need to.
-
Under Attached resources, click Attach a VM.
-
In the window that opens, select the BareMetal servers tab and select the server from the list.
-
Click Attach.
-
View the description of the CLI command to link a BareMetal server to a backup policy:
yc backup policy apply --help -
Get the ID of the policy to link the server to:
yc backup policy listResult:
+----------------------+----------------------+---------+---------+---------------------+---------------------+ | ID | FOLDER ID | NAME | ENABLED | CREATED AT | UPDATED AT | +----------------------+----------------------+---------+---------+---------------------+---------------------+ | abc7n3wln123******** | ghi681qpe789******** | policy1 | true | 2023-07-03 09:12:02 | 2023-07-03 09:12:43 | | deflqbiwc456******** | ghi681qpe789******** | policy2 | true | 2023-07-07 14:58:23 | 2023-07-07 14:58:23 | +----------------------+----------------------+---------+---------+---------------------+---------------------+Create a new backup policy if you need to.
-
Get the ID of the server to link. To do this, select BareMetal from the list of services of the relevant folder in the management console. The IDs are specified in the server list in the ID field.
-
Link the server to the backup policy by specifying its ID:
yc backup policy apply <policy_ID> \ --instance-ids <server_ID>Where
--instance-idsis the ID of the BareMetal server to link to the policy.
For more information about the command, see the CLI reference.
Run the backup process
To start creating a BareMetal server backup outside of the backup policy schedule:
- In the management console, select the folder containing the backup policy.
- From the list of services, select Cloud Backup.
- In the left-hand panel, select BareMetal servers.
- In the row with the server, click and select Create backup.
- In the window that opens, select the backup policy for creating the backup and click Create.
Cloud Backup will start to create a backup of the BareMetal server. You can see the progress in the relevant server row in the Server status field.
Run this command specifying the backup policy and server IDs:
yc backup policy execute \
--id <policy_ID> \
--instance-id <server_ID>
Wait for the operation to complete.
Also, you can run the command in asynchronous mode using the --async parameter and track the backup process using the yc backup resource list-tasks command.
Restore your server from backup
Note
You can restore neither a VM backup to a BareMetal server, nor a BareMetal server backup to a VM.
If you need to restore one server's backup to another server, or if the OS has been reinstalled on the source server, reinstall the Cloud Backup agent on that server.
To avoid errors when recovering from a backup, start by comparing the parameters of the disks and partitions of the backup against those of the VM or Yandex BareMetal server. For more information, see Viewing the parameters of backup disks and partitions.
Tip
If the server had used a RAID array, we recommend that you restore the backup to a server with a similar partition configuration. We also recommend that you make the partitions at least as big as on the source server.
To restore your server from a backup:
- In the management console, select the folder where the backup is located.
- From the list of services, select Cloud Backup.
- In the left-hand panel, select Backups and open the BareMetal servers tab.
- In the row with the backup to restore the BareMetal server from, click and select Recover BareMetal server.
- In the window that opens, select the server you created the selected backup from. This server will be marked in the list as
(current). - Click Restore.
The process of BareMetal server recovery from the backup will start. Wait until it is complete.
-
Get a list of backups for the server by specifying its ID:
yc backup backup list \ --instance-id <server_ID>Save the backup
ID. -
Restore your server from the backup by specifying their IDs:
yc backup backup recover \ --destination-instance-id="<server_ID>" \ --source-backup-id="<backup_ID>"The recovery of your BareMetal server will start. Wait for it to complete.
Also, you can run the command in asynchronous mode using the
--asyncparameter and track the backup process using the yc backup resource list-tasks command.For more information about the
yc backup backup recovercommand, see the CLI reference.
Warning
After you recover a BareMetal server from another server’s backup, you may lose network access to the target server. This is because the network settings recovered from the backup, namely the network interface MAC addresses, were taken from the source server.
To restore the network on the target VM, update the MAC addresses in the server's network interface settings using the KVM console. You can get the current MAC addresses using the ip a command. For more information on setting up network interfaces in a particular OS, see the relevant OS guides.