Backup and Restore
The SkySQL Backup service provides comprehensive Backup and Restore features through a secure API. We extend the automated nightly backups with a number of self service features. You can automatically create and store backups of your databases to ensure additional data safety or provide a robust disaster recovery solution. The backups are stored on reliable and secure cloud storage, ensuring they are readily available when needed. The backup process is seamless and does not affect the performance of your databases. SkySQL also offers the flexibility to customize your backup schedule according to your specific needs.
Here is the list of features offered:
-
Automatic nightly backups : Automated nightly backups include a full backup of every database in the service.
-
Secure On-demand or scheduled backups
-
Full (physical) backups : Full backups create a complete backup of the database server into a new backup folder. It uses mariabackup under the hood. Physical backups are performed by copying the individual data files or directories and the fastest way to do a backup.
-
Incremental backups : Incremental backups update a previous backup with whatever changes to the data have occurred since the backup.
-
Logical backups : Logical backups consist of the SQL statements necessary to restore the data, such as CREATE DATABASE, CREATE TABLE and INSERT. This is done using mariadb-dump(https://mariadb.com/kb/en/mariadb-dump/) and is the most flexible way to perform a backup and restore, and a good choice when the data size is relatively small.
-
Bring your own Bucket (BYOB) : you can backup or restore data to/from your own bucket in either GCP or AWS.
-
Backup your binlogs : Binlogs record database changes (data modifications, table structure changes) in a sequential, binary format. You can preserve binlogs for setting up replication or to recover to a certain point-in-time.
-
Point-in-time recovery : you can restore from a full or a logical backup and then use a binlog backup to restore to a point-in-time.
-
Secure backup/restores : Control backup/restore privileges by granting roles to users in SkySQL.
Pricing
while the daily automated backups are included the use of this API will incur nominal additional charges. Please contact info@skysql.com for details.
The following documentation describes the API for the SkySQL Backup Service. This can be used directly with any HTTP client.
Note
Please refer to the API docs (swagger) for the latest API. The information below might be slightly outdated.
Authentication
To authenticate with the API, do the following:
- Go to MariaDB ID: https://id.mariadb.com/account/api/ and generate an API key
- Add the value from the token field to an environment variable $JWT_TOKEN
- Use it on subsequent request, e.g:
curl --request GET 'https://api.skysql.com/skybackup/v1/backups/schedules' \\
--header "Authorization: Bearer $JWT_TOKEN"
Scheduling backups
Backups on large data sets can take time. You instruct the creation of a backup using a "schedule". You can either schedule a one-time backup (schedule now) or set up automatic backups using a cron schedule. A backup schedule results in a backup job which can be tracked using the status API. We support the following types of backups : full(physical), incremental(physical), binary log, and dump(logical).
Create a backup
To create a backup schedule, you need to have the "administrator" role. You can add members and configure roles using the SkySQL portal.
Full Backup
One-time Full
To create a full backup you need to make the following API call:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "full",
"schedule": "once",
"service_id": "dbtgf28044362"
}'
note that each launched database is tracked with a service ID in SkySQL. You can fetch the service ID from the Fully qualified domain name(FQDN) of your service. For instance in dbpgf17106534.sysp0000.db2.skysql.com, 'dbpgf17106534' is the service ID. You will find the FQDN in the Connect window
Typical API server response should look like:
{
"id": 253,
"service_id": "dbtgf28044362",
"schedule": "once",
"type": "full",
"status": "Scheduled",
"message": "Backup is scheduled."
}
you can fetch the Status of the backup using 'https://api.skysql.com/skybackup/v1/backups'. See the 'Backup Status' section for an example. The 'status' field will report Success or failure.
Schedule a backup job using Cron
To set up an automatic periodic full backup at 3 am UTC, you need to make the following API call:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "full",
"schedule": "0 3 * * *",
"service_id": "dbtgf28044362"
}'
For more information about cron schedules take a look at this document.
Incremental Backup
Incremental backups can be taken once you have full backup. Read here for more details.
One-time Incremental
To set up an one-time incremental backup, you need to make the following API call:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "incremental",
"schedule": "once",
"service_id": "dbtgf28044362"
}'
Cron Incremental
To set up an cron incremental backup, you need to make the following API call:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "incremental",
"schedule": "0 3 * * *",
"service_id": "dbtgf28044362"
}'
Binarylog Backup
One-time Binarylog
To set up an one-time binarylog backup:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "binarylog",
"schedule": "once",
"service_id": "dbtgf28044362"
}'
Schedule Binarylog backup
To set up an cron incremental backup:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "binarylog",
"schedule": "0 3 * * *",
"service_id": "dbtgf28044362"
}'
Take a Logical backup (Mariadb-dump)
One-time Dump
To set up an one-time dump backup:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "dump",
"schedule": "once",
"service_id": "dbtgf28044362"
}'
Schedule a Logical backup (Dump)
To set up an cron dump backup:
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"backup_type": "dump",
"schedule": "0 3 * * *",
"service_id": "dbtgf28044362"
}'
Scheduling Backups to your own bucket (external storage)
To set up an external storage backup, you need to make the following API call:
-
For GCP you need to create an service account key. Please follow the steps from this documentation. Once you have created the service account key you will need to base64 encode it. You can encode it directly from a command line itself. For example the execution of command
echo -n 'service-account-key' | base64
will produce something likec2VydmljZS1hY2NvdW50LWtleQ==
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer $JWT_TOKEN' \ --data '{ "backup_type": "full", "schedule": "0 2 * * *", "service_id": "dbtgf28044362", "external_storage": { "bucket": { "path": "s3://my_backup_bucket", "credentials": "c2VydmljZS1hY2NvdW50LWtleQ==" } } }'
The service account key will be in the following format:
{ "type": "service_account", "project_id": "XXXXXXX", "private_key_id": "XXXXXXX", "private_key": "-----BEGIN PRIVATE KEY-----XXXXX-----END PRIVATE KEY-----", "client_email": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX.iam.gserviceaccount.com", "client_id": "XXXXXXX", "auth_uri": "<https://accounts.google.com/o/oauth2/auth>", "token_uri": "<https://oauth2.googleapis.com/token>", "auth_provider_x509_cert_url": "<https://www.googleapis.com/oauth2/v1/certs>", "client_x509_cert_url": "<https://www.googleapis.com/robot/v1/metadata/x509/XXXXXXXXXXXXXX.iam.gserviceaccount.com>", "universe_domain": "googleapis.com" }
-
For AWS, you must provide your own credentials. These include the AWS access key associated with an IAM account and the bucket region. For more information about AWS credentials, please refer to the documentation. The required credentials are aws_access_key_id , aws_secret_access_key and region. For example your credentials should look like:
[default] aws_access_key_id = AKIAIOSFODNN7EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY region = us-west-2
You should encode your credentials base64 before passing it to the API. You can encode it directly from a command line itself. For example the execution of command
echo '[default]\naws_access_key_id = AKIAIOSFODNN7EXAMPLE\naws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\nregion = us-west-2' | base64
will produce the followingW2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQUlPU0ZPRE5ON0VYQU1QTEUKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gd0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQpyZWdpb24gPSB1cy13ZXN0LTIK
. Using encoded credentials you will be able to pass it to the API server. To initiate a new backup to your external storage you need to execute an API call to the backup service:```bash curl --location '<https://api.skysql.com/skybackup/v1/backups/schedules>' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer $JWT_TOKEN' \ --data '{ "backup_type": "full", "schedule": "0 2 ** *", "service_id": "dbtgf28044362", "external_storage": { "bucket": { "path": "s3://my_backup_bucket", "credentials": "W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQUlPU0ZPRE5ON0VYQU1QTEUKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gd0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQpyZWdpb24gPSB1cy13ZXN0LTIK" } } }'
Working with Backup Schedules
To get backup schedules inside the Organization :
curl --location '<https://api.skysql.com/skybackup/v1/backups/schedules>' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
Get all Backup Schedules per service
To get backup schedules for specific service :
curl --location '<https://api.skysql.com/skybackup/v1/backups/schedules?service_id=dbtgf28044362>' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
Get Backup Schedule by ID
To get specific backup schedule by id :
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules/200' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
Update Backup Schedule
In the following example, we update the backup schedule to 9 AM UTC. Remember, you cannot change the schedules for one-time backups. To update specific backup schedule you need to make the following API call:
curl --location --request PATCH '<https://api.skysql.com/skybackup/v1/backups/schedules/215>' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"schedule": "0 9 ** *"
}'
Delete Backup Schedule
To delete a backup schedule you need to provide the backup schedule id. Example of the api call below:
curl --location --request DELETE 'https://api.skysql.com/skybackup/v1/backups/schedules/215' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
Backup Status
The following API illustrates how to get the available backups and status of backup jobs .
List all backups inside the organization
Here is an example to fetch all the available Backups in your org:
curl --location 'https://api.skysql.com/skybackup/v1/backups' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
List all backups by service
To list all backups available for your service :
curl --location 'https://api.skysql.com/skybackup/v1/backups?service_id=dbtgf28216706' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
The typical response of either of two calls should look like:
{
"backups": [
{
"id": "eda3b72460c8c0d9d61a7f01b6a22e32:dbtgf28216706:tx-filip-mdb-ms-0",
"service_id": "dbtgf28216706",
"type": "full",
"method": "skybucket",
"server_pod": "tx-filip-mdb-ms-0",
"backup_size": 5327326,
"reference_full_backup": "",
"point_in_time": "2024-03-26 17:18:21",
"start_time": "2024-03-26T17:18:57Z",
"end_time": "2024-03-26T17:19:01Z",
"status": "Succeeded"
}
],
"backups_count": 1,
"pages_count": 1
}
The ** Backup id is the most important part of this data as you need to provide it in the restore api call** to schedule restore execution.
Restores
WARNING
restoring from a Backup will likely wipe out all data in your target DB service. If you aren't sure, first take a backup of the Db service where a restore is being performed. The DB being restored will also be stopped during a Restore. You will need restart it.
Creating Restore Job
Restore From Managed Storage
You can restore your database from the backup located in the default SkySQL managed backup storage. In this case, you need to provide the backup ID when making the restore API call. Here is an example:
curl --location 'https://api.skysql.com/skybackup/v1/restores' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN' \
--data '{
"key": "eda3b72460c8c0d9d61a7f01b6a22e32:dbtgf28216706:tx-filip-mdb-ms-0",
"service_id": "dbtgf28044362"
}'
Inside the service_id parameter of your restore API request, you need to provide the id of the service, where you want to restore your data.
Restore From your Bucket (External Storage)
You can restore your data from external storage. Your external storage bucket data should be created via one of the following tools: mariabackup, mysqldump
. Credentials to external storage access could be fetched from:
-
For GCP you need to create an service account key. Please follow the steps from this documentation. Once you have created the service account key you will need to base64 encode it. You can encode it directly from a command line itself. For example the execution of command
echo -n 'service-account-key' | base64
will produce the followingc2VydmljZS1hY2NvdW50LWtleQ==
curl --location 'https://api.skysql.com/skybackup/v1/backups/schedules' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer $JWT_TOKEN' \ --data '{ "backup_type": "full", "schedule": "0 2 * * *", "service_id": "dbtgf28044362", "external_storage": { "bucket": { "path": "s3://my_backup_bucket", "credentials": "c2VydmljZS1hY2NvdW50LWtleQ==" } } }'
The service account key will be in the following format:
{ "type": "service_account", "project_id": "XXXXXXX", "private_key_id": "XXXXXXX", "private_key": "-----BEGIN PRIVATE KEY-----XXXXX-----END PRIVATE KEY-----", "client_email": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX.iam.gserviceaccount.com", "client_id": "XXXXXXX", "auth_uri": "<https://accounts.google.com/o/oauth2/auth>", "token_uri": "<https://oauth2.googleapis.com/token>", "auth_provider_x509_cert_url": "<https://www.googleapis.com/oauth2/v1/certs>", "client_x509_cert_url": "<https://www.googleapis.com/robot/v1/metadata/x509/XXXXXXXXXXXXXX.iam.gserviceaccount.com>", "universe_domain": "googleapis.com" }
-
For AWS, you must provide your own credentials. These include the AWS access key associated with an IAM account and the bucket region. For more information about AWS credentials, please refer to the documentation. The required credentials are aws_access_key_id , aws_secret_access_key and region. For example your credentials should look like:
[default] aws_access_key_id = AKIAIOSFODNN7EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY region = us-west-2
You should encode your credentials base64 before passing it to the API. You can encode it directly from a command line itself. For example the execution of command
echo '[default]\naws_access_key_id = AKIAIOSFODNN7EXAMPLE\naws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\nregion = us-west-2' | base64
will produce the followingW2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQUlPU0ZPRE5ON0VYQU1QTEUKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gd0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQpyZWdpb24gPSB1cy13ZXN0LTIK
.
The following request demonstrates how to restore your data from an external storage:
{
"service_id": "dbtgf28044362",
"key": "/backup.tar.gz",
"external_source": {
"bucket": "gs://my_backup_bucket",
"method": "mariabackup",
"credentials" "W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQUlPU0ZPRE5ON0VYQU1QTEUKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gd0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQpyZWdpb24gPSB1cy13ZXN0LTIK"
}
}
In case your backup data is encrypted you need to pass encryption key as well:
{
"service_id": "dbtgf28044362",
"key": "/backup.tar.gz",
"external_source": {
"bucket": "gs://my_backup_bucket",
"method": "mariabackup",
"credentials": "W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQUtJQUlPU0ZPRE5ON0VYQU1QTEUKYXdzX3NlY3JldF9hY2Nlc3Nfa2V5ID0gd0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQpyZWdpb24gPSB1cy13ZXN0LTIK",
"encryption_key": "my_encryption_key"
}
}
Fetching Restore Job information
Get all Restores Schedules
In order to get all Restores scheduled in the past you need to make api call:
curl --location 'https://api.skysql.com/skybackup/v1/restores' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
Get Restore by ID
curl --location 'https://api.skysql.com/skybackup/v1/restores/12' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'
Typical response of those two apis should look like:
In case restore is in progress:
[
{
"id": 12,
"service_id": "dbtgf28216706",
"bucket": "gs://sky-syst0000-backup-us-84e9d84ecf265a/orgpxw1x",
"key": "eda3b72460c8c0d9d61a7f01b6a22e32:dbtgf28216706:tx-filip-mdb-ms-0",
"type": "physical",
"status": "Running",
"message": "server is not-ready"
}
]
In case restore completed:
[
{
"id": 13,
"service_id": "dbtgf28216706",
"bucket": "gs://sky-syst0000-backup-us-84e9d84ecf265a/orgpxw1x",
"key": "dda9b72460c9c0d9d61a7f01b6a33e39:dbtgf28216706:tx-filip-mdb-ms-0",
"type": "physical",
"status": "Succeeded",
"message": "Restore has succeeded!"
}
]
Delete Restore Schedules
You can delete older completed restore schedules. To clean up your auditing history you need to execute the following api call:
curl --location --request DELETE 'https://api.skysql.com/skybackup/v1/restores/12' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer $JWT_TOKEN'