This article provides instructions on how to change the automatic backup and replication schedule in OAG.
- Okta Access Gateway (OAG)
- Backup and Restore
The following command can be used to change the backup schedule through the shell. It will open crontab in Vim.
sudo crontab -e
The crontab output below has been truncated to limit only the backup-related configurations.
Here, oag_backup will backup the existing application configurations. This process will be executed on all the nodes individually; for example, all nodes in the cluster will have a separate backup archive in /opt/oag/backups. However, since the admin service resides only on the admin node, the backup from the admin is replicated on the workers through replicateBackup.sh under /opt/oag/backups/admin_backup.
# Okta Access-Gateway backup script: oag_backup.sh 0 0 * * * /opt/oag/scripts/oag_backup.sh # Okta Access-Gateway admin backup script: replicateBackup.sh 0 2 * * * /opt/oag/scripts/replicateBackup.sh
To change the timing, the first two values in the configuration, which correspond to the minute and hour, can be changed. The replicateBackup.sh script should start at least 2 hours after the oag_backup.sh script is started. This ensures adequate time for the backup to complete.
# Okta Access-Gateway backup script: oag_backup.sh 30 21 * * * /opt/oag/scripts/oag_backup.sh # Okta Access-Gateway admin backup script: replicateBackup.sh 30 23 * * * /opt/oag/scripts/replicateBackup.sh
The above example will run the backup script every day at 21:30 system time and the replicateBackup.sh script at 23:30 system time. To check the system time following command can be used:
date
An explanation of each crontab field can be found by running:
sudo cat /etc/crontab
The following will be the reference section from the output:
# Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed
NOTE:
- If the Okta Access Gateway is not running when the script is called, the backup and replication will never be executed. Ideally, the servers should run continuously, but if they must be shut down when the scripts execute, the cron job time will need to be changed.
- The backup or other crontab jobs will not conflict with any other OAG operations, so the values can be kept default unless it needs to be aligned with a standard schedule. Also, the changes must be applied to all nodes, since the admin will not transfer the system configuration changes to the workers.
