This page describes how to schedule backups for Cassandra without the Cloud Storage.
In this method, backups are stored on a remote server specified by you instead of a Cloud Storage bucket. Apigee uses
SSH to communicate with the remote server.
You must schedule the backups as cron jobs. Once a backup schedule
has been applied to your hybrid cluster, a Kubernetes backup job is
periodically executed according to the schedule in the runtime plane. The job triggers a
backup script on each Cassandra node in your hybrid cluster that collects all the
data on the node, creates an archive (compressed) file of the data, and sends the archive
to the server specified in your overrides.yaml file.
The following steps include common examples for completing specific tasks, like creating an SSH
key pair. Use the methods that are appropriate to your installation.
Designate a Linux or Unix server for your backups. This server must be reachable using SSH from
your Apigee hybrid runtime plane. It must have enough storage for your backups.
Set up an SSH server on the server, or ensure that it has a secure SSH server configured.
Create an SSH key pair and store the private key file in a path that is accessible from your hybrid
runtime plane. You must use a blank password for your key pair or the backup will fail. For example:
Where: exampleuser@example.com is a string.
Any string that follows -C in the ssh-keygen
command becomes a comment included in the newly created ssh
key. The input string can be any string. When you use an account name
in the form of exampleuser@example.com, you can quickly
identify which account goes with the key.
Create a user account on the backup server with the name apigee. Make sure
the new apigee user has a home directory under /home.
On the backup server, create an .ssh directory in the new /home/apigee
directory.
Copy the public key (ssh_key.pub in the previous example) into a file named
authorized_keys in the new /home/apigee/.ssh directory. For example:
cd /home/apigee
mkdir .sshcd .sshvi authorized_keys
On your backup server, create a backup directory within the /home/apigee/
directory. The backup directory can be any directory as long as the apigee user has access
to it. For example:
cd /home/apigee
mkdir cassandra-backup
Test the connection. You need to make sure that your Cassandra pods can connect to your
backup server using SSH:
Log into the shell of your Cassandra pod. For example:
The name of the backup directory on your backup server. This must be a directory within
home/apigee (the backup directory is named cassandra_backup
in the step where you created the backup directory).
backup:cloudProvider
GCP/HYBRID
For a Cloud Storage backup, set the property to GCP. For example,
cloudProvider: "GCP".
For a remote server backup, set the property to HYBRID. For example,
cloudProvider: "HYBRID".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis documentation outlines the process for scheduling Cassandra backups to a remote server using SSH, rather than Cloud Storage, for Apigee hybrid deployments.\u003c/p\u003e\n"],["\u003cp\u003eSetting up the server involves designating a Linux or Unix server, ensuring it has a secure SSH server, creating an SSH key pair with a blank password, and establishing a user account for backups.\u003c/p\u003e\n"],["\u003cp\u003eThe backup schedule and destination are configured within the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file, including specifying the private key file path, backup server IP, storage directory, and the \u003ccode\u003eHYBRID\u003c/code\u003e cloud provider setting.\u003c/p\u003e\n"],["\u003cp\u003eBackups are configured as \u003ccode\u003ecron\u003c/code\u003e jobs, which, when applied, trigger a Kubernetes job to run a backup script on each Cassandra node, and the frequency of the backups should be adjusted so as not to fill the allocated storage.\u003c/p\u003e\n"],["\u003cp\u003eApplying the backup configuration to an existing cluster will cause a rolling restart of Cassandra pods, and it is recommended that a retention policy for the backup files be established.\u003c/p\u003e\n"]]],[],null,["# Scheduling backups in a remote server\n\n| You are currently viewing version 1.9 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis page describes how to schedule backups for Cassandra without the Cloud Storage.\nIn this method, backups are stored on a remote server specified by you instead of a Cloud Storage bucket. Apigee uses\nSSH to communicate with the remote server.\n\nYou must schedule the backups as `cron` jobs. Once a backup schedule\nhas been applied to your hybrid cluster, a Kubernetes backup job is\nperiodically executed according to the schedule in the runtime plane. The job triggers a\nbackup script on each Cassandra node in your hybrid cluster that collects all the\ndata on the node, creates an archive (compressed) file of the data, and sends the archive\nto the server specified in your `overrides.yaml` file.\n| **Note:**\n|\n| - You must ensure there is enough space on the file system for the backups, and adjust the frequency of the backups to avoid unnecessarily filling the allotted storage space. Apigee does not dictate a retention policy for the backup files. You may want to create a retention policy for files appropriate to your installation.\n| - Applying backup configuration on the existing cluster will rolling restart Cassandra pods.\n\n\nThe following steps include common examples for completing specific tasks, like creating an SSH\nkey pair. Use the methods that are appropriate to your installation.\n\n\nThe procedure has the following parts:\n\n- [Set up the server and SSH](#server-ssh)\n- [Set the schedule and destination for backup](#overrides-backup)\n\n### Set up the server and SSH\n\n1. Designate a Linux or Unix server for your backups. This server must be reachable using SSH from your Apigee hybrid runtime plane. It must have enough storage for your backups.\n2. Set up an SSH server on the server, or ensure that it has a secure SSH server configured. **Caution:** For security purposes, make sure your SSH server is up to date.\n3. Create an SSH key pair and store the private key file in a path that is accessible from your hybrid runtime plane. **You must use a blank password for your key pair or the backup will fail** . For example: \n\n ssh-keygen -t rsa -b 4096 -C \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eexampleuser\u003c/span\u003e\u003cspan class=\"devsite-syntax-nv\"\u003e@example\u003c/span\u003e\u003cspan class=\"devsite-syntax-p\"\u003e.\u003c/span\u003e\u003cspan class=\"devsite-syntax-n\"\u003ecom\u003c/span\u003e\u003c/var\u003e\n Enter file in which to save the key (/Users/exampleuser/.ssh/id_rsa): $APIGEE_HOME/hybrid-files/certs/ssh_key\n Enter passphrase (empty for no passphrase):\n Enter same passphrase again:\n Your identification has been saved in ssh_key\n Your public key has been saved in ssh_key.pub\n The key fingerprint is:\n SHA256:DWKo334XMZcZYLOLrd/8HNpjTERPJJ0mc11UYmrPvSA exampleuser@example.com\n The key's randomart image is:\n +---[RSA 4096]----+\n | +. ++X|\n | . . o.=.*+|\n | . o . . o==o |\n | . . . =oo+o...|\n | . S +E oo .|\n | . . .. . o .|\n | . . . . o.. |\n | . ...o ++. |\n | .. .. +o+. |\n +----[SHA256]-----+\n\n\n Where: \u003cvar translate=\"no\"\u003eexampleuser@example.com\u003c/var\u003e is a string.\n Any string that follows `-C` in the `ssh-keygen`\n command becomes a comment included in the newly created `ssh`\n key. The input string can be any string. When you use an account name\n in the form of \u003cvar translate=\"no\"\u003eexampleuser@example.com\u003c/var\u003e, you can quickly\n identify which account goes with the key.\n4. Create a user account on the backup server with the name `apigee`. Make sure the new `apigee` user has a home directory under `/home`.\n5. On the backup server, create an `.ssh` directory in the new `/home/apigee` directory.\n6. Copy the public key (`ssh_key.pub` in the previous example) into a file named `authorized_keys` in the new `/home/apigee/.ssh` directory. For example: \n\n cd /home/apigee\n mkdir .ssh\n cd .ssh\n vi authorized_keys\n\n7. On your backup server, create a backup directory within the `/home/apigee/` directory. The backup directory can be any directory as long as the `apigee` user has access to it. For example: \n\n cd /home/apigee\n mkdir cassandra-backup\n\n8. Test the connection. You need to make sure that your Cassandra pods can connect to your backup server using SSH:\n 1. Log into the shell of your Cassandra pod. For example: \n\n ```\n kubectl exec -it -n apigee APIGEE_CASSANDRA_DEFAULT_0 -- /bin/bash\n ```\n\n\n Where \u003cvar translate=\"no\"\u003eAPIGEE_CASSANDRA_DEFAULT_0\u003c/var\u003e is the name of a Cassandra pod. Change this to\n the name of the pod you want to connect from.\n 2. Connect by SSH to your backup server, using the private SSH key mounted the Cassandra pod and server IP address: \n\n ```\n ssh -i /var/secrets/keys/key apigee@BACKUP_SERVER_IP\n ```\n | **Note:** You may see a warning at this point saying your server's fingerprint is unrecognized and asks if you would like to continue. You can continue at that prompt and verify the SSH configuration.\n\n### Set the schedule and destination for backup\n\n\nYou set the schedule and destination for backups in your `overrides.yaml` file.\n\n1. Add the following parameters to your `overrides.yaml` file:\n\n ### Parameters\n\n ```actionscript-3\n cassandra:\n backup:\n enabled: true\n keyFile: \"\u003cvar translate=\"no\"\u003ePATH_TO_PRIVATE_KEY_FILE\u003c/var\u003e\"\n server: \"\u003cvar translate=\"no\"\u003eBACKUP_SERVER_IP\u003c/var\u003e\"\n storageDirectory: \"/home/apigee/\u003cvar translate=\"no\"\u003eBACKUP_DIRECTORY\u003c/var\u003e\"\n cloudProvider: \"HYBRID\" # required verbatim \"HYBRID\" (all caps)\n schedule: \"\u003cvar translate=\"no\"\u003eSCHEDULE\u003c/var\u003e\"\n ```\n\n ### Example\n\n ```actionscript-3\n cassandra:\n backup:\n enabled: true\n keyFile: \"/Users/exampleuser/apigee-hybrid/hybrid-files/service-accounts/private.key\"\n server: \"34.56.78.90\"\n storageDirectory: \"/home/apigee/cassbackup\"\n cloudProvider: \"HYBRID\"\n schedule: \"0 2 * * *\"\n ```\n\n\n Where:\n\n2. Use `apigeectl` to apply the backup configuration to the storage scope of your cluster: \n\n ```\n $APIGEECTL_HOME/apigeectl apply --datastore -f YOUR_OVERRIDES_FILE\n ```\n\n\n Where \u003cvar translate=\"no\"\u003eYOUR_OVERRIDES_FILE\u003c/var\u003e is the path to the overrides file you just edited.\n3. Verify the backup job. For example: \n\n ```\n kubectl get cronjob -n apigee\n ``` \n\n ```component-pascal\n NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE\n apigee-cassandra-backup 33 * * * * False 0 \u003cnone\u003e 94s\n ```"]]