Skip to main content

Management

Restart the application#

From the root directory of the application, run:

./manage.sh restart

Change from a Self Signed certificate to an authority signed certificate#

If your start the installation with a self signed certificate and now you want to change it to a new one (signed by an authority), follow these steps:

  1. Copy your signed certificate here /etc/gitguardian/nginx/tls/cert.pem
  2. Copy your associated private key file here /etc/gitguardian/nginx/tls/cert.key
  3. Ensure that the permission on the key file are 600
chmod 600 /etc/gitguardian/nginx/tls/cert.key

Now, restart nginx to apply the change, run the command from the root directory of the application:

docker-compose restart nginx

Check the logs to catch any errors:

docker-compose logs -f --tail 20 nginx

If you encounter an issue, please contact our support team.

Upgrade the application#

Note: The application won't be available during the upgrade process to avoid database issues.

Online mode#

Use the following command to update the application (when a new version is available):

./manage.sh upgrade

You can choose to backup the application before the upgrade:

./manage.sh upgrade --backup

The application is now updated.

If you encounter an issue, please contact our support team.

Offline mode#

This mode will only work with offline installation.

Download the latest version of the management CLI and the application:

Replace GGC_CLIENT_ID inside the URL with your value (sent during onboarding).

Upload the files:

  • put manage.sh inside the root directory of the application
  • put gitguardian.latest.enc inside download/

Now you can upgrade the application:

./manage.sh upgrade

You can choose to not backup the application before the upgrade:

./manage.sh upgrade --no-backup

If you encounter an issue, please contact our support team.

Change application FQDN#

TODO

.app file up -d docker compose

Backup#

Database#

We take care of the database backup with a cron installed during the installation (with the user used for installation).

Backups are scheduled each day regarding the configuration available in /etc/gitguardian/.config file.

Because backups are stored locally, we highly recommend that you backup with your internal solution the backup directory (${HOME}/gitguardian/backup/postgres/ by default) to an external system (to avoid loosing data in case of loosing the host used).

We also recommend that you backup the configuration directorie (/etc/gitguardian) and Management audit logs (${HOME}/gitguardian/opslog). Because this directory contain secrets, you must encrypt the backup to avoid leaking important data.

Backup the database manually#

./ggcli backup-postgres

You can also specify that you do not want to rotate backup file with this new backup:

./mange.sh backup-postgres --no-rotate

Restore a backup#

First, list the backup and choose the backup you want to restore:

ls -alh backup/postgrestotal 204Kdrwxr-xr-x 2 root     root     246 Sep  4 14:27 .drwxrwxr-x 4 ec2-user ec2-user  36 Sep  2 12:15 ..-rw-r--r-- 1 root     root      20 Sep  2 12:19 postgres.dump.20200902_121924.gz-rw-r--r-- 1 root     root     39K Sep  2 12:20 postgres.dump.20200902_122035.gz-rw-r--r-- 1 root     root     39K Sep  2 13:03 postgres.dump.20200902_130302.gz-rw-r--r-- 1 root     root     39K Sep  2 14:29 postgres.dump.20200902_142929.gz-rw-r--r-- 1 root     root     39K Sep  2 14:31 postgres.dump.20200902_143147.gz-rw-r--r-- 1 root     root     39K Sep  2 14:35 postgres.dump.20200902_143507.gz

Then, launch the restoration by providing the filename:

./manage.sh restore-postgres postgres.dump.20200902_143507.gz

Message Broker#

Backup the broker manually#

./manage.sh backup-broker

You can also specify that you don't want to rotate backup file with this new backup:

./manage.sh backup-broker --no-rotate

Restore a backup#

First, list the backup and choose the backup you want to restore:

ls -alh backup/brokertotal 8.0Mdrwxr-xr-x 2 root     root      132 Sep  2 12:36 .drwxrwxr-x 4 ec2-user ec2-user   36 Sep  2 12:15 ..-rw-r--r-- 1 root     root     2.8M Sep  2 12:29 broker.dump.20200902_122945.tar.gz-rw-r--r-- 1 root     root     2.6M Sep  2 12:30 broker.dump.20200902_123020.tar.gz-rw-r--r-- 1 root     root     2.7M Sep  2 12:36 broker.dump.20200902_123642.tar.gz

Then, launch the restoration by providing the filename:

./manage.sh restore-broker broker.dump.20200902_123642.tar.gz

Management audit log#

All management operations are logged in ${HOME}/gitguardian/ops-logs directory.