Database
PostgreSQL Database
Kasm uses Postgres as the backend database. This section covers backup and restoration of the Kasm database.
Backups
The following script will backup the Postgres data and all conf files to a single file.
# this will place the back at /tmp/backup.tar
sudo docker exec kasm_db pg_dump -U kasmapp -F t kasm > /tmp/backup.tar
Hint
This can be scripted out in a cron job, for example daily, with the date in the filename of the tar file for historical backups. Change the /tmp to a directory that is using an NFS mount so the files are stored off the server.
Restore
The following script will restore the database from backup. This example assumes the server is just the database role, however, this process will work just as well on a system where all roles are installed.
# download the same version of kasm that is on the primary database server and unpack it cd /tmp curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.16.0.a1d5b7.tar.gz tar -xf kasm_release*.tar.gz # install just the database component sudo bash kasm_release/install.sh -b # copy the backup.tar into the kasm_db container sudo docker cp backup.tar kasm_db:/tmp/backup.tar # restore the database sudo docker exec kasm_db pg_restore -d kasm /tmp/backup.tar -c -U kasmapp
Warning
If you restore to a different server you will need to change the database IP or hostname that is referenced by all API and Manager systems. You can avoid this using several methods. Use a hostname and change the IP address in your DNS record. This may take up to an hour to propogate depending on the TTL setting of the DNS record. Use a 5 minute TTL if possible. The other method is to use a virtual IP address if you have a router or firewall inbetween your database servers and the manager/api components. Finally, you can use NGINX with layer 4 load balancing. You can back one backend server as back in the upstream definition in nginx.
Change Database Password
Administrators may wish to change the password Kasm API service uses to connect to the database. The following will change the password for the kasmapp user in the PostgreSQL database and the password that the Kasm API is configured to use when attempting to connect to the PostgreSQL database.
Warning
Changing the Postgres password involves restarting Kasm services and will result in an interruption in service.
Login to the server with the Database role and run the following to change the database password. Replace ‘new_password’ with your desired password, ensuring it does not contain any $
, '
or "
characters.
sudo docker exec -it kasm_db psql -U kasmapp -d kasm -c "ALTER ROLE kasmapp WITH PASSWORD 'new_password';"
Login to the server with the Web App role and stop the Kasm Services.
sudo /opt/kasm/bin/stop
Edit the API app config, replacing the value on the line starting with ‘password: ‘ with your new desired password.
sudo vi /opt/kasm/current/conf/app/api.app.config.yaml
Start Kasm Services on Web App server.
sudo /opt/kasm/bin/start
Redis Database
Kasm uses a Redis database to store chat messages in Kasm Shared sessions
Change Redis Database Password
Administrators may wish to change the password Kasm API service uses to connect to the Redis Database. The following will change the password in the Redis startup config and the Kasm API config.
Warning
Changing the Redis password involves restarting Kasm services and will result in an interruption in service.
Log into the server with the Database role and edit the docker-compose file, replacing the value of REDIS_PASSWORD with your new, desired password. Ensure that the password does not contain any special characters.
sudo vi /opt/kasm/current/docker/docker-compose.yaml
Restart the Database services.
sudo /opt/kasm/bin/stop
sudo /opt/kasm/bin/start
Log into the server with the Web App Role and stop the Kasm Services.
sudo /opt/kasm/bin/stop
Edit the api config and replace the value of ‘redis_password’ with your new password.
sudo vi /opt/kasm/current/conf/app/api.app.config.yaml
Start the Kasm Services on the Web App Role server.
sudo /opt/kasm/bin/start