Connecting a Yandex BareMetal server to Yandex Cloud Backup
Note
BareMetal is at the Preview stage.
In Cloud Backup, you can configure BareMetal server backup.
For more information on managing servers, see Step-by-step guides for Yandex BareMetal.
The following server operating systems are supported:
- Debian 10.
- Debian 11.
- Ubuntu 16.04 LTS.
- Ubuntu 18.04 LTS.
- Ubuntu 20.04 LTS.
- Ubuntu 22.04 LTS.
To connect a server to Cloud Backup:
- Prepare your cloud.
- Create a service account.
- Activate Cloud Backup.
- Lease a test server.
- Connect to the server.
- Install a backup agent.
- Run the backup process.
- Restore your server from backup.
See also How to cancel a lease and delete resources.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Required paid resources
Currently, BareMetal and the server backup feature are offered at no charge.
Create a service account
-
In the management console
, select the folder you want to lease a BareMetal server in. -
In the list of services, select Identity and Access Management.
-
Click Create service account.
-
Enter a name for the service account. The name format requirements are as follows:
- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Click
Add role and select thebackup.editor
role. -
Click Create.
-
To select the service account you created earlier, click the row with its name.
-
In the top panel, click Create new key.
-
Select Create authorized key.
-
Select an encryption algorithm and click Create.
-
In the window that opens, click Download file with keys and then click Close.
You will need the authorized key of the service account in the later steps.
Activate Cloud Backup
To activate Cloud Backup, you need at least the backup.editor
role for the folder where you want to lease a server and connect it to Cloud Backup.
-
In the management console
, select the folder where you want to lease a server and connect it to Cloud Backup. -
In the list of services, select Cloud Backup.
-
If you have not activated Cloud Backup yet, click Activate.
If there is no Activate button, Cloud Backup is already activated. Proceed to the next step.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the CLI command to activate the service:
yc backup provider activate --help
-
Activate the service in the default folder:
yc backup provider activate --async
Where
--async
displays the operation progress info. This is an optional parameter.Result:
id: cdgmnefxiatx******** description: activate provider created_at: "2024-10-14T09:03:47.960564Z" created_by: ajec1gaqcmtr******** modified_at: "2024-10-14T09:03:47.960564Z" done: true metadata: '@type': type.googleapis.com/yandex.cloud.backup.v1.ActivateProviderMetadata folder_id: b1go3el0d8fs******** response: '@type': type.googleapis.com/google.protobuf.Empty value: {}
After activation, the system automatically creates the following backup policies:
Default daily
: Daily incremental backup with the last 15 backups retained.Default weekly
: Weekly incremental backup with the last 15 backups retained.Default monthly
: Monthly incremental backup with the last 15 backups retained.
If you prefer not to create them, use the --skip-default-policy
parameter.
After activation, the system automatically creates the following backup policies:
Default daily
: Daily incremental backup with the last 15 backups retained.Default weekly
: Weekly incremental backup with the last 15 backups retained.Default monthly
: Monthly incremental backup with the last 15 backups retained.
Lease a test server
If you are already leasing a server with an appropriate OS, go to Connect to the server. Make sure to check the network permissions you need to configure on the server.
-
In the management console
, select the folder you want to lease a server in. -
In the list of services, select BareMetal.
-
Click Lease server.
-
Select the
ru-central1-m
availability zone. -
Select the
ru-central1-m3
pool. -
Under Configuration:
-
Select the server configuration, e.g.,
BA-i203-S-10G
. -
Configure disk partitioning:
- Click Configure disk layout.
- Keep the default partitioning and click Save.
Note
The disk partitioning parameters are vital to have your server restored from a backup later on. Learn more in Restore your server from backup.
-
-
Under Image, select the
Ubuntu 22.04 LTS
image. -
Under Lease conditions, specify:
- Number of servers:
1
. - Lease duration:
1 month
.
- Number of servers:
-
Under Network settings:
-
Click
Create a private subnet. -
Optionally, if you need to enable DHCP for automatic IP address assignment, do so in the Routing settings section.
-
Enter
bm-subnetwork
for the subnet name and click Create subnet. -
In the Public address field, select
Automatically
.For the Cloud Backup agent to exchange data with the backup provider servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table:
Port range Protocol Destination name CIDR blocks 80
TCP
CIDR
213.180.193.0/24
80
TCP
CIDR
213.180.204.0/24
443
TCP
CIDR
84.47.172.0/24
443
TCP
CIDR
84.201.181.0/24
443
TCP
CIDR
178.176.128.0/24
443
TCP
CIDR
213.180.193.0/24
443
TCP
CIDR
213.180.204.0/24
7770-7800
TCP
CIDR
84.47.172.0/24
8443
TCP
CIDR
84.47.172.0/24
44445
TCP
CIDR
51.250.1.0/24
-
-
Under Access:
- Generate a password for the root user. To do this, click Password next to the Generate field.
Warning
Once you have ordered your server, you will no longer be able to view the password. Save the password to a secure location right away.
- In the Public SSH key field, paste the contents of the public key file. You need to create an SSH key pair yourself.
-
Under Server information, enter the server Name:
bm-server
. -
Click Lease server.
Save the server name and ID for use in the later steps.
For more information on leasing a server, see the BareMetal documentation.
Connect to the server
- In the management console
, select the folder the server belongs to. - In the list of services, select BareMetal.
- In the row with the server you need, click
and select Start KVM console. - In the window that opens, click KVM console.
To establish a server connection, specify its public IP address which can be found in the management console, in the Public address field under Network settings on the server page.
-
In the terminal, run this command:
ssh root@<server_public_IP_address>
If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established. ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Type
yes
in the terminal and press Enter. -
Enter the password you specified when creating the server and press Enter.
To establish a server connection, specify its public IP address which can be found in the management console, in the Public address field under Network settings on the server page.
Make sure the Windows account has read permissions for the folder containing the keys.
-
To connect to the server, run the following command in the command line:
ssh root@<server_public_IP_address>
If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established. ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********. Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Type
yes
in the terminal and press Enter. -
Enter the password you specified when creating the server and press Enter.
Install a backup agent
-
Copy the file with the service account authorized key you created earlier to the server. To do this, run this command on the local machine:
scp <path_to_authorized_key_file_on_local_machine> \ root@<server_public_IP_address>:<absolute_path_to_folder_on_server>
-
Install the Yandex Cloud CLI. To do this, run this command on the server:
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash
-
Authenticate in the Yandex Cloud CLI as a service account:
yc config set service-account-key <absolute_path_to_authorized_key>
-
Get an IAM token:
yc iam create-token
-
Install the jq
utility:apt update && apt install -y jq
-
Install the backup agent:
wget https://storage.yandexcloud.net/backup-distributions/agent_installer_bms.sh && \ sudo bash ./agent_installer_bms.sh \ -t=<IAM_token> \ -p=<backup_policy_ID>
Where:
-t
: Service account IAM token you got earlier. This is a required parameter.-p
: ID of the backup policy you need to link to the server. Multiple IDs should be comma-separated. This is an optional parameter.
Wait for the message informing you the agent is registered:
... Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********
Run the backup process
To start creating a backup outside of the backup policy schedule, run this command:
yc backup policy execute \
--id <policy_ID> \
--instance-id <server_ID>
Wait for the operation to complete.
Also, you can run the command in asynchronous mode using the --async
parameter and track the backup process using the yc backup resource list-tasks command.
Restore your server from backup
Note
You cannot restore a VM backup to a BareMetal server, nor restore a BareMetal server backup to a VM.
If you need to restore one server's backup to another, or if the OS had been reinstalled on the source server, reinstall the backup agent on that server.
To avoid errors when recovering from a backup, start by comparing the parameters of the disks and partitions of the backup against those of the VM or Yandex BareMetal server. For more information, see Viewing the parameters of disks and partitions in a backup.
Tip
If the server had used a RAID array, we recommend that you restore the backup to a server with a similar partition configuration. We also recommend that you make the partitions at least as big as on the source server.
-
Get a list of server backups:
yc backup backup list \ --instance-id <server_ID>
Save the backup
ID
. -
Restore your server from backup:
yc backup backup recover \ --source-backup-id="<backup_ID>" \ --destination-instance-id="<server_ID>"
Wait for the operation to complete.
Also, you can run the command in asynchronous mode using the
--async
parameter and track the backup process using the yc backup resource list-tasks command.