Connecting a BareMetal server to Yandex Cloud Backup
Note
BareMetal is at the Preview stage.
In Cloud Backup, you can configure BareMetal server backup.
For more information on managing servers, see Step-by-step guides for Yandex BareMetal.
The following server operating systems are supported:
- Debian 10.
- Debian 11.
- Ubuntu 16.04 LTS.
- Ubuntu 18.04 LTS.
- Ubuntu 20.04 LTS.
- Ubuntu 22.04 LTS.
- Ubuntu 24.04 LTS.
To connect a server to Cloud Backup:
- Get your cloud ready.
- Create a service account.
- Activate Cloud Backup.
- Lease a test server.
- Connect to the server.
- Install the Cloud Backup agent.
- Link the server to a backup policy.
- Run the backup process.
- Restore your server from backup.
See also How to cancel a lease and delete resources.
Get your cloud ready
Sign up for Yandex Cloud and create a billing account:
- Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEor
TRIAL_ACTIVEstatus. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Required paid resources
The infrastructure support cost includes:
- Server lease fee (see Yandex BareMetal pricing).
- Fee for the BareMetal server connected to Cloud Backup and the backup size (see Yandex Cloud Backup pricing).
Create a service account
-
In the management console, select the folder you want to lease a BareMetal server in.
-
From the list of services, select Identity and Access Management.
-
Click Create service account.
-
Enter a name for the service account. The naming requirements are as follows:
- It must be 2 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- It must start with a letter and cannot end with a hyphen.
-
Click Add role and assign the
backup.editorand
baremetal.editorroles to the service account.
-
Click Create.
-
To select the service account you created earlier, click the row with its name.
-
In the top panel, click Create new key.
-
Select Create authorized key.
-
Select an encryption algorithm and click Create.
-
In the window that opens, click Download file with keys and then click Close.
You will need the authorized key of the service account in the later steps.
Activate Cloud Backup
To activate Cloud Backup, you need at least the
backup.editor role for the folder where you want to lease a server and connect it to Cloud Backup.
When you activate the service, the backup provider starts. For more information about the backup provider and data sent to it, see Service activation and backup provider.
-
In the management console, select the folder where you want to lease a server and connect it to Cloud Backup.
-
From the list of services, select Cloud Backup.
-
If you have not activated Cloud Backup yet, click Activate.
If there is no Activate button, Cloud Backup is already activated. Proceed to the next step.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name or
--folder-id parameters.
-
View the description of the CLI command to activate the service:
yc backup provider activate --help
-
Activate the service in the default folder:
yc backup provider activate --async
Where
--asyncdisplays the operation progress info. This is an optional parameter.
Result:
id: cdgmnefxiatx******** description: activate provider created_at: "2024-10-14T09:03:47.960564Z" created_by: ajec1gaqcmtr******** modified_at: "2024-10-14T09:03:47.960564Z" done: true metadata: '@type': type.googleapis.com/yandex.cloud.backup.v1.ActivateProviderMetadata folder_id: b1go3el0d8fs******** response: '@type': type.googleapis.com/google.protobuf.Empty value: {}
After activation, the system automatically creates the following backup policies:
Default daily: Daily incremental backup with the last 15 backups retained.
Default weekly: Weekly incremental backup with the last 15 backups retained.
Default monthly: Monthly incremental backup with the last 15 backups retained.
If you prefer not to create them, use the
--skip-default-policy parameter.
After activation, the system automatically creates the following backup policies:
Default daily: Daily incremental backup with the last 15 backups retained.
Default weekly: Weekly incremental backup with the last 15 backups retained.
Default monthly: Monthly incremental backup with the last 15 backups retained.
Lease a test server
If you are already leasing a server with an appropriate OS, go to Connect to the server. Make sure to check the network permissions you need to configure on the server.
-
In the management console, select the folder you want to lease a server in.
-
In the list of services, select BareMetal.
-
Click Lease server.
-
Select the
ru-central1-mavailability zone.
-
Select the
ru-central1-m3pool.
-
Under Configuration:
-
Select the server configuration, e.g.,
BA-i203-S-10G.
-
Configure disk partitioning:
- Click Configure disk layout.
- Keep the default partitioning and click Save.
Note
The disk partitioning parameters are vital to have your server restored from a backup later on. Learn more in Restore your server from backup.
-
-
Under Image, select the
Ubuntu 22.04 LTSimage.
-
Under Lease conditions, specify:
- Number of servers:
1.
- Lease duration:
1 month.
- Number of servers:
-
Under Network settings:
-
Click Create a private subnet.
-
Optionally, if you need to enable DHCP for automatic IP address assignment, do so in the IP addressing and routing section.
-
Enter
bm-subnetworkfor the subnet name and click Create subnet.
-
In the Public address field, select
Automatically.
For the Cloud Backup agent to exchange data with the backup provider servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table:
Port range Protocol Destination name CIDR blocks
80
TCP
CIDR
213.180.193.0/24
80
TCP
CIDR
213.180.204.0/24
443
TCP
CIDR
84.47.172.0/24
443
TCP
CIDR
84.201.181.0/24
443
TCP
CIDR
178.176.128.0/24
443
TCP
CIDR
213.180.193.0/24
443
TCP
CIDR
213.180.204.0/24
7770-7800
TCP
CIDR
84.47.172.0/24
8443
TCP
CIDR
84.47.172.0/24
44445
TCP
CIDR
51.250.1.0/24
-
-
Under Access:
- Generate a password for the root user. To do this, click Password next to the Generate field.
Warning
Once you have ordered your server, you will no longer be able to view the password. Save the password to a secure location right away.
- In the Public SSH key field, paste the contents of the public key file. You will need to create an SSH key pair on your own.
-
Under Server information, enter the server Name:
bm-server.
-
Click Lease server.
Save the server name and ID for use in the later steps.
For more information on leasing a server, see the BareMetal documentation.
Connect to the server
- In the management console, select the folder the server belongs to.
- In the list of services, select BareMetal.
- In the row with the server, click and select Start KVM console.
- In the window that opens, click KVM console.
To establish a server connection, specify its public IP address which can be found in the management console, in the Public address field under Network settings on the server page.
-
In the terminal, run this command:
ssh root@<server_public_IP_address>
If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '51.250.83.243 (51.250.83.243)' can't be established. ED25519 key fingerprint is SHA256:6Mjv93NJDCaf/vu3NYwiLQK4tKI+4cfLtkd********. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Type
yesinto the terminal and press Enter.
-
Enter the password you specified when creating the server and press Enter.
To establish a server connection, specify its public IP address which can be found in the management console, in the Public address field under Network settings on the server page.
Make sure the Windows account has read permissions for the directory containing the keys.
-
To connect to the server, run the following command in the command line:
ssh root@<server_public_IP_address>
If this is your first time connecting to the server, you will get an unknown host warning:
The authenticity of host '89.169.132.223 (89.169.132.223)' can't be established. ECDSA key fingerprint is SHA256:DfjfFB+in0q0MGi0HnqLNMdHssLfm1yRanB********. Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Type
yesinto the terminal and press Enter.
-
Enter the password you specified when creating the server and press Enter.
Install the Cloud Backup agent
-
Copy the file with the service account authorized key you created earlier to the server. To do this, run this command on the local machine:
scp <path_to_authorized_key_file_on_local_machine> \ root@<server_public_IP_address>:<absolute_path_to_folder_on_server>
-
Install the Yandex Cloud CLI. To do this, run this command on the server:
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash
-
Install the jq utility:
apt update && apt install -y jq
-
Authenticate in the Yandex Cloud CLI as a service account:
yc config set service-account-key <absolute_path_to_authorized_key>
-
Get an IAM token:
yc iam create-token
-
Install the Cloud Backup agent specifying the service account IAM token you got earlier:
wget https://storage.yandexcloud.net/backup-distributions/agent_installer_bms.sh && \ sudo bash ./agent_installer_bms.sh \ -t=<IAM_token>
Wait for the message informing you the Cloud Backup agent is registered:
... Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********
Link the server to a backup policy
You can create backups in Cloud Backup only as part of a backup policy. By default, BareMetal servers are not linked to any policy.
To link a server to a backup policy:
-
In the management console, select a folder where you want to link a server to a backup policy.
-
From the list of services, select Cloud Backup.
-
In the left-hand panel, select Backup policies.
-
Select the policy to link the server to.
Create a new backup policy if you need to.
-
Under Attached resources, click Attach a VM.
-
In the window that opens, select the BareMetal servers tab and select the server from the list.
-
Click Attach.
-
View the description of the CLI command to link a BareMetal server to a backup policy:
yc backup policy apply --help
-
Get the ID of the policy to link the server to:
yc backup policy list
Result:
+----------------------+----------------------+---------+---------+---------------------+---------------------+ | ID | FOLDER ID | NAME | ENABLED | CREATED AT | UPDATED AT | +----------------------+----------------------+---------+---------+---------------------+---------------------+ | abc7n3wln123******** | ghi681qpe789******** | policy1 | true | 2023-07-03 09:12:02 | 2023-07-03 09:12:43 | | deflqbiwc456******** | ghi681qpe789******** | policy2 | true | 2023-07-07 14:58:23 | 2023-07-07 14:58:23 | +----------------------+----------------------+---------+---------+---------------------+---------------------+
Create a new backup policy if you need to.
-
Get the ID of the server to link. To do this, select BareMetal from the list of services of the relevant folder in the management console. The IDs are specified in the server list in the ID field.
-
Link the server to the backup policy by specifying its ID:
yc backup policy apply <policy_ID> \ --instance-ids <server_ID>
Where
--instance-idsis the ID of the BareMetal server to link to the policy.
For more information about the command, see the CLI reference.
Run the backup process
To start creating a BareMetal server backup outside of the backup policy schedule:
- In the management console, select the folder containing the backup policy.
- From the list of services, select Cloud Backup.
- In the left-hand panel, select BareMetal servers.
- In the row with the server, click and select Create backup.
- In the window that opens, select the backup policy for creating the backup and click Create.
Cloud Backup will start to create a backup of the BareMetal server. You can see the progress in the relevant server row in the Server status field.
Run this command specifying the backup policy and server IDs:
yc backup policy execute \
--id <policy_ID> \
--instance-id <server_ID>
Wait for the operation to complete.
Also, you can run the command in asynchronous mode using the
--async parameter and track the backup process using the yc backup resource list-tasks command.
Restore your server from backup
Note
You cannot restore a VM backup to a BareMetal server, nor restore a BareMetal server backup to a VM.
If you need to restore one server's backup to another server, or if the OS has been reinstalled on the source server, reinstall the Cloud Backup agent on that server.
To avoid errors when recovering from a backup, start by comparing the parameters of the disks and partitions of the backup against those of the VM or Yandex BareMetal server. For more information, see Viewing the parameters of backup disks and partitions.
Tip
If the server had used a RAID array, we recommend that you restore the backup to a server with a similar partition configuration. We also recommend that you make the partitions at least as big as on the source server.
To restore your server from a backup:
- In the management console, select the folder where the backup is located.
- From the list of services, select Cloud Backup.
- In the left-hand panel, select Backups and open the BareMetal servers tab.
- In the row with the backup to restore the BareMetal server from, click and select Recover BareMetal server.
- In the window that opens, select the server you created the selected backup from. This server will be marked in the list as
(current).
- Click Restore.
The process of BareMetal server recovery from the backup will start. Wait until it is complete.
-
Get a list of backups for the server by specifying its ID:
yc backup backup list \ --instance-id <server_ID>
Save the backup
ID.
-
Restore your server from the backup by specifying their IDs:
yc backup backup recover \ --destination-instance-id="<server_ID>" \ --source-backup-id="<backup_ID>"
The recovery of your BareMetal server will start. Wait for it to complete.
Also, you can run the command in asynchronous mode using the
--asyncparameter and track the backup process using the yc backup resource list-tasks command.
For more information about the
yc backup backup recovercommand, see the CLI reference.
Warning
After you recover a BareMetal server from another server’s backup, network access to the target server may become impossible. This is because the network settings recovered from the backup, namely the network interface MAC addresses, were taken from the source server.
To restore the network on the target VM, update the MAC addresses in the server's network interface settings using the KVM console. You can get the current MAC addresses using the
ip a command. For more information on setting up network interfaces in a particular OS, see the relevant OS guides.