{"id":15811,"date":"2023-02-14T06:39:09","date_gmt":"2023-02-14T06:39:09","guid":{"rendered":"https:\/\/www.insentragroup.com\/us\/insights\/uncategorized\/aws-rds-disaster-recovery-for-aap\/"},"modified":"2024-12-13T02:01:23","modified_gmt":"2024-12-13T02:01:23","slug":"aws-rds-disaster-recovery-for-aap","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/modern-workplace\/aws-rds-disaster-recovery-for-aap\/","title":{"rendered":"AWS RDS Disaster Recovery for AAP: A Guide to Data Protection and High Availability"},"content":{"rendered":"\n

Introduction<\/h2>\n\n\n\n

This blog describes the method to recover the Ansible Automation Platform (AAP) database hosted on an AWS RDS PostgresDB in case of data corruption. This method can be also used to clone the database and use it in the development environment (daily snapshots). <\/p>\n\n\n\n

Step-By-Step Process<\/h2>\n\n\n\n

There are several ways to provide the Disaster Recovery for the Ansible Automation Platform installed in AWS<\/a>. AAP provides a built-in backup method that can be executed by using the same installation script with \u2018-b\u2019 switch: setup.sh -b. This approach backs up the entire AAP configuration, including the Postgres DB, all the controller, execution, and hub nodes. As the result, we have a backup that can be used to recover the entire environment.\u00a0<\/p>\n\n\n\n

This approach may prove challenging to implement in a cloud environment as it necessitates a prolonged interruption of the entire AAP environment, and it is best to perform recovery in a newly provisioned environment. <\/p>\n\n\n\n

This guide provides a detailed explanation of the steps needed to restore the Ansible Automation Platform’s DB in AWS when using RDS, without the need for an AAP backup file.<\/p>\n\n\n\n

Prerequisites:<\/p>\n\n\n\n

    \n
  1. AAP installed with AWS RDS Database <\/li>\n<\/ol>\n\n\n\n
      \n
    1. RDS DB is being protected with AWS Snapshots <\/li>\n<\/ol>\n\n\n\n
        \n
      1. RDS DB snapshot is available <\/li>\n<\/ol>\n\n\n\n
          \n
        1. Access to relevant sections of AWS console <\/li>\n<\/ol>\n\n\n\n
            \n
          1. Root access to controller and hub nodes<\/li>\n<\/ol>\n\n\n\n

            How to restore DB for AAP: <\/p>\n\n\n\n

              \n
            1. Log into AWS <\/li>\n<\/ol>\n\n\n\n
                \n
              1. Navigate to RDS > Snapshots <\/li>\n<\/ol>\n\n\n\n
                  \n
                1. Select the Snapshot to restore:<\/li>\n<\/ol>\n\n\n\n
                  \"\"<\/figure>\n\n\n\n
                    \n
                  1. Select Actions –> Restore Snapshot:<\/li>\n<\/ol>\n\n\n\n
                    \"\"<\/figure>\n\n\n\n
                      \n
                    1. In the configuration of Restore snapshot, specify a new DB instance identifier, for example —> aapdb02 <\/li>\n<\/ol>\n\n\n\n
                      \"\"<\/figure>\n\n\n\n
                        \n
                      1. Ensure all other settings are the same as for the original instance, especially VPC security groups <\/li>\n<\/ol>\n\n\n\n
                          \n
                        1. Click Restore DB Instance and wait patiently until is restored and online <\/li>\n<\/ol>\n\n\n\n
                            \n
                          1. Log into the controller node, preferably as a root<\/li>\n\n\n\n
                          2. Verify connection to a new db using psql or podman container. The syntax is like below, with the exception of the username (-U) and the database we are connecting to (the name can be found in the inventory file). <\/li>\n<\/ol>\n\n\n\n
                            [root@aapcontroller01 ~]# psql -h aapdb02.cbr8auhjg1vp.us-west-1.rds.amazonaws.com -U awx -d aapdb \n\nPassword for user awx: \n\npsql (13.7, server 12.10) \n\nSSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) \n\nType \"help\" for help. \n\n \n\naapdb=> l \n\n                                  List of databases \n\n   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges    \n\n-----------+----------+----------+-------------+-------------+----------------------- \n\n aapdb     | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc\/postgres         + \n\n           |          |          |             |             | postgres=CTc\/postgres+ \n\n           |          |          |             |             | awx=CTc\/postgres \n\n aaphubdb  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc\/postgres         + \n\n           |          |          |             |             | postgres=CTc\/postgres+ \n\n           |          |          |             |             | awx=CTc\/postgres \n\n postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | \n\n rdsadmin  | rdsadmin | UTF8     | en_US.UTF-8 | en_US.UTF-8 | rdsadmin=CTc\/rdsadmin \n\n template0 | rdsadmin | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c\/rdsadmin          + \n\n           |          |          |             |             | rdsadmin=CTc\/rdsadmin \n\n template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c\/postgres          + \n\n           |          |          |             |             | postgres=CTc\/postgres \n\n(6 rows) \n\naapdb=> <\/code><\/pre>\n\n\n\n
                              \n
                            1. Once connectivity has been confirmed, stop the services on all servers (controllers and hubs):<\/li>\n<\/ol>\n\n\n\n
                              Run the following command on controllers: <\/p>\n\n\n\n
                              automation-controller-service stop <\/code><\/pre>\n\n\n\n
                              Run the following command on the hubs: <\/p>\n\n\n\n
                              Run the following command on the hubs: <\/code><\/pre>\n\n\n\n
                                \n
                              1. On controller nodes, change directory to: \/etc\/tower\/conf.d\/ <\/li>\n<\/ol>\n\n\n\n
                                cd \/etc\/tower\/conf.d <\/code><\/pre>\n\n\n\n
                                  \n
                                1. Edit the postgres.py file and update the DB Host name on all controller nodes<\/li>\n<\/ol>\n\n\n\n
                                   Ansible Automation Platform controller database settings. \n\n \n\nDATABASES = { \n\n   'default': { \n\n       'ATOMIC_REQUESTS': True, \n\n       'ENGINE': 'awx.main.db.profiled_pg', \n\n       'NAME': 'aapdb', \n\n       'USER': 'awx', \n\n       'PASSWORD': \"\"\"Password\"\"\", \n\n       'HOST': 'aapdb02.cbr8auhjg1vp.us-west-1.rds.amazonaws.com', \n\n       'PORT': '5432', \n\n       'OPTIONS': { 'sslmode': 'prefer', \n\n                    'sslrootcert': '\/etc\/pki\/tls\/certs\/ca-bundle.crt', \n\n       }, \n\n   } \n\n} <\/code><\/pre>\n\n\n\n
                                    \n
                                  1. On the hub nodes, change directory to \/etc\/pulp: <\/li>\n<\/ol>\n\n\n\n
                                    cd \/etc\/pulp <\/code><\/pre>\n\n\n\n
                                      \n
                                    1. Edit the settings.py file and update the database name in DATABASES section: <\/li>\n<\/ol>\n\n\n\n
                                      DATABASES = {'default': {'HOST': 'aapdb02.cbr8auhjg1vp.us-west-1.rds.amazonaws.com', 'ENGINE': 'django.db.backends.postgresql_psycopg2', 'NAME': 'aaphubdb', 'USER': 'awx', 'PASSWORD': 'P@ssw0rd', 'PORT': 5432, 'OPTIONS': {'sslmode': 'prefer', 'sslrootcert': '\/etc\/pki\/tls\/certs\/ca-bundle.crt'}}} \n\nREDIS_HOST = 'localhost' \n\nREDIS_PORT = 6379 \n\nCACHE_ENABLED = True \n\nGALAXY_COLLECTION_SIGNING_SERVICE = 'ansible-default' \n\nPRIVATE_KEY_PATH = '\/etc\/pulp\/certs\/token_private_key.pem' \n\nPUBLIC_KEY_PATH = '\/etc\/pulp\/certs\/token_public_key.pem' \n\nTOKEN_SERVER = 'https:\/\/aaphub01.example.net\/token' \n\nTOKEN_SIGNATURE_ALGORITHM = 'ES256' \n\nALLOWED_CONTENT_CHECKSUMS = ['sha224', 'sha256', 'sha384', 'sha512'] \n\nSECRET_KEY = 'REDUCTED' \n\nCONTENT_ORIGIN = 'https:\/\/aaphub01.example.net' \n\nX_PULP_API_PROTO = 'https' \n\nX_PULP_API_HOST = 'aaphub01.example.net' \n\nX_PULP_API_PORT = '443' \n\nX_PULP_API_PREFIX = 'pulp_ansible\/galaxy\/automation-hub\/api' \n\nGALAXY_API_DEFAULT_DISTRIBUTION_BASE_PATH = 'published' \n\nGALAXY_ENABLE_API_ACCESS_LOG = False \n\nGALAXY_ENABLE_UNAUTHENTICATED_COLLECTION_ACCESS = False \n\nGALAXY_ENABLE_UNAUTHENTICATED_COLLECTION_DOWNLOAD = False \n\nGALAXY_REQUIRE_CONTENT_APPROVAL = True \n\nGALAXY_AUTO_SIGN_COLLECTIONS = False \n\nREDIS_URL = 'unix:\/\/\/var\/run\/redis\/redis.sock' \n\nANSIBLE_API_HOSTNAME = 'https:\/\/aaphub01.example.net' \n\nANSIBLE_CONTENT_HOSTNAME = 'https:\/\/aaphub01.example.net' \n\nCONTENT_BIND = 'unix:\/var\/run\/pulpcore-content\/pulpcore-content.sock' \n\nCONNECTED_ANSIBLE_CONTROLLERS = ['https:\/\/aapcontroller01.example.net', 'https:\/\/aapcontroller02.example.net'] \n\nDEPLOY_ROOT = \"\/var\/lib\/pulp\" \n\nMEDIA_ROOT = \"\/var\/lib\/pulp\/media\" \n\nSTATIC_ROOT = \"\/var\/lib\/pulp\/assets\" \n\nWORKING_DIRECTORY = \"\/var\/lib\/pulp\/tmp\" \n\nFILE_UPLOAD_TEMP_DIR = \"\/var\/lib\/pulp\/tmp\" \n\nDB_ENCRYPTION_KEY = \"\/etc\/pulp\/certs\/database_fields.symmetric.key\" <\/code><\/pre>\n\n\n\n
                                        \n
                                      1. Reboot the hub nodes <\/li>\n<\/ol>\n\n\n\n
                                          \n
                                        1. Start the service on all controller nodes: <\/li>\n<\/ol>\n\n\n\n
                                          automation-controller-service start <\/code><\/pre>\n\n\n\n
                                            \n
                                          1. On the controller node, run the following command as root. The command will verify the connection to the DB and connection between the controller nodes. All nodes should be visible and have the recent heartbeat timestamp: <\/li>\n<\/ol>\n\n\n\n
                                            [root@aapcontroller01 ~]# awx-manage list_instances \n\n[controlplane capacity=270 policy=100%] \n\naapcontroller01.example.net capacity=135 node_type=hybrid version=4.2.0 heartbeat=\"2022-06-23 05:44:45\" \n\naapcontroller02.example.net capacity=135 node_type=hybrid version=4.2.0 heartbeat=\"2022-06-23 05:44:44\" \n\n \n\n[default capacity=270 policy=100%] \n\naapcontroller01.example.net capacity=135 node_type=hybrid version=4.2.0 heartbeat=\"2022-06-23 05:44:45\" \n\naapcontroller02.example.net capacity=135 node_type=hybrid version=4.2.0 heartbeat=\"2022-06-23 05:44:44\" <\/code><\/pre>\n\n\n\n
                                              \n
                                            1. Connect to each controller node using web browser and verify the communication and configuration <\/li>\n<\/ol>\n\n\n\n
                                                \n
                                              1. Connect to each hub node using web browser and verify the communication and configuration <\/li>\n<\/ol>\n\n\n\n
                                                I hope this blog provided you with the necessary insights how to recover the database. Please note that the same process works for the AAP Database hosted in Azure. <\/p>\n\n\n\n
                                                AAP with AWS RDS ensures disaster recovery success. Automated backups and failover guarantee continuous app availability and data protection. With its ease of use and flexible architecture, Ansible is the ideal tool for managing disaster recovery in the cloud.\u00a0 Get ahead of the curve with this flexible and easy-to-use solution. Want to learn more? Contact us<\/a> today!<\/p>\n\n\n\n
                                                Related Articles<\/h2>\n\n\n\nAzure Site Recovery and MCS Provisioned Workloads<\/a>
                                                \n                                                Azure Disaster Recovery and Backup<\/a>
                                                \n                                                CIA Triad \u2013 The Mother of Data Security<\/a>
                                                \n                                                Veritas 360 Data Management<\/a>\n\n\n\n