You are here

How to transfer Airlock-configurations from one system to another

Affects version(s): 
5.0
4.2

 
Backup/Save the configuration

For manually backup your Airlock configuration, sign in to "Airlock Configuration Centre" as admin, switch to "Configuration > Configuration Files" and choose "Export" in the section "Download currently edited configuration". Download the configuration and save it to the backup folder on the your backup system. It is also possible to save a non activated configuration by clicking the "Save" button and export it afterwards. the The export file is automatically named like airlock_cfg_<hostname>_<current date>.zip. If necessary include SSL private keys in downloaded configuration. Attention: Make sure the Airlock backup is stored on a safe storage.

To automatically backup the Airlock configuration use SCP with the <backup user> user. The <backup user> must be created by the customer, following this description. Run periodically, for example every day, a script with the following command on your backup system:
scp <backup user>@<airlock>:/home/log/configuration/airlock-conf_without-keys.zip <backup path>/airlock-conf_without-keys_<date>.zip

Attention: To backup the configuration with scp, a specific user must be created as described in this Techzone article. It is not supported to use the existing user log!

Make sure that the autorized key from the backup system is configured on Airlock in the file /home/log/.ssh/authorized_keys. This way the backup host can sign in to Airlock without entering the password.
Example of an entry in /home/log/.ssh/authorized_keys:
ssh-rsa AAAAB3NzaC1yc2EYXBBBIwAAAIEAxD0rhXzhJUJYQokiVQ5cXA7NESRDXE6d1hMsN6nyKYrkzSb44N1N/m40tfq1nXfTYpJu0Mx0/
gt/hHHtrGTJKldB1w2wOAABfhQ5dhKZRuMxN7G4SK/wYeIYt2UMmPuLU9HMdNw1OsCzoAzy576t4/SZjddtQAc= test
 

Restore/Import the configuration

Sign in to "Airlock Configuration Centre" as admin, switch to "Configuration > Configuration Files" and choose "Import" in the section "Upload a configuration backed up earlier". Select the configuration file to upload. Depending on the system type (standalone system or cluster) there are several possibilities to restore/import an Airlock configuration.

Standalone system

When restoring the configuration after a system crash on the same system, no further queries were asked during the import. If the configuration is imported from another standalone system, for example to clone a system, the following import wizard is shown:

Source system: Standalone --> Destination system: Standalone

To import a configuration from a failover system node to a standalone system choose "Keep current node and license", shown as follows. After importing, the host settings has to be configured separately for the new host.

Failover cluster --> Standalone

Failover cluster system

How to setup an Airlock failover cluster is well described in this Techzone article. A brief overview is listed below:

  1. Configure the first Airlock node and activate.
  2. Export the configuration on the first Airlock node.
  3. Import the configuration on the second Airlock node.

    When doing so, the import wizard below is shown on the second Airlock node. By choosing "Set up a Failover Cluster" the cluster configuration can be started. The following steps are necessery to finish the cluster configuration (brief overview):

  4. Activate the imported configuration on second Airlock node.
  5. Export the configuration on the second Airlock node.
  6. Import the configuration on the first Airlock node and activate.

Standalone --> Build Failover cluster

The Airlock failover configuration contains the node settings for both cluster nodes. If a cluster configuration must be restored, upload the configuration file and choose as which node the host has to be configured.


Failover cluster --> Failover cluster

Loadbalanced system (host independent settings)

In case that an loadbalancer is in front of a few Airlock systems, each of this standalone Airlock has the same configuration, except the node settings and IP addresses of the virtual hosts. Because each Airlock system differs from each other, every Airlock node must be backed up. When restoring the configuration after a system crash, the Airlock configuration must be imported and activated on the corresponding node. To do so, just import the Airlock configuration file and choose "Use node and license from import file".

An easy way to bring all nodes to the same configuration level as the source node is to import the Airlock configuration from the source node and choose "Keep current node and license". This way the node settings are left untouched, depending on the environment the IP addresses of the virtual hosts must be adapted.


Standalone --> Loadbalanced partner system

Convert the Airlock configuration to for the current Airlock version

When importing a Airlock configuration from a older to a newer Airlock, the configuration is converted automatically. This functionality allows easly to migrate from Airlock 4.2 to Airlock 5.0. The steps, how to import a configuration, are the same as described in the examples above. After the import, the administrator has the opportunity to adapt the configuration before activating it.

Export/Import mappings

Since Airlock 4.2 it is possible to export or import a single mapping. In the "Airlock Configuration Center" just navigate to "Application Firewall > Reverse Proxy". To export a mapping, choose the corresponding mapping and click the "Export" icon next to the mapping name.

The export file is automatically named like airlock_cfg_<hostname>_<current date>_<mapping name>.zip.

To import a single mapping just navigate to "Application Firewall > Reverse Proxy" an click the "+" button above the mapping List and then choose "Import..." from the appearing list.

During the import it will be checked if there are all references available. If not, it is possible to import the mapping anyway by clicking "Import Now". At this point it is also possible to cancel the import procedure. Make sure that after the import all validation errors are fixed before activating the new configuration.

Knowledge Base Categories: