How to create and list backups

This guide contains recommended steps and useful commands for creating and managing backups to ensure smooth restores.

Prerequisites

• A cluster with at least three nodes deployed

• Access to S3 storage

• Configured settings for S3 storage

Save current cluster credentials

For security reasons, charm credentials are not stored inside backups. So, if you plan to restore to a backup at any point in the future, you will need the following user passwords for your existing cluster:

• operator

• monitoring

• replication

• rewind

If custom passwords were set with a secret previously, retrieve them with

juju config postgresql system-users

This will output a secret URI that starts with secret:. To display its contents (i.e. the credentials):

juju show-secret --reveal <secret URI>

The output will include the credentials for the system users:

<secret URI>:
    ...

    monitoring-password: <password-to-copy>
    operator-password: <password-to-copy>
    patroni-password: ...
    raft-password: ...
    replication-password: <password-to-copy>
    rewind-password: <password-to-copy>

If custom passwords were not previously set with a secret, you can find the peer secret with:

juju secrets --format=json | jq -r 'to_entries[] | select(.value.label == "database-peers.postgresql.app") | .key' 

Copy the secret URI, and use it in the following command:

juju show-secret --reveal <secret URI> --format=json | jq '.[].content.Data | with_entries(select(.key|contains("password")))'  

See also

• How to manage passwords

• Juju | How to view secrets

Create a backup

Once you have a three-node cluster with configurations set for S3 storage, check that Charmed PostgreSQL is active and idle with juju status.

Once Charmed PostgreSQL is active and idle, you can create your first backup with the create-backup command:

juju run postgresql/leader create-backup

By default, backups created with the command above will be full backups: a copy of all your data will be stored in S3. There are 2 other supported types of backups (available in revision 416+):

• Differential: Only modified files since the last full backup will be stored.

• Incremental: Only modified files since the last successful backup (of any type) will be stored.

To specify the desired backup type, use the type parameter:

juju run postgresql/leader create-backup type={full|differential|incremental}

To avoid unnecessary service downtime, always use non-primary units for the action create-backup. Keep in mind that:

• When TLS is enabled, create-backup can only run on replicas (non-primary)

• When TLS is not enabled, create-backup can only run in the primary unit

List backups

You can list your available, failed, and in progress backups by running the list-backups command:

juju run postgresql/leader list-backups