Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Troubleshooting Central

Red Hat Advanced Cluster Security for Kubernetes 4.6

Troubleshooting Central

Red Hat OpenShift Documentation Team

Abstract

Use this guide to learn how to backup and restore Central database by using the roxctl CLI.

Central stores information about the following:

  • Activity observed in your clusters
  • Information retrieved from integrated image registries or Scanners
  • Red Hat Advanced Cluster Security for Kubernetes (RHACS) configuration

Backing up the Central database is critical to ensure data integrity and system reliability. Regular backups of the database, which contain the necessary configurations, resources, events, and certificates, protect against database failures, corruption, and accidental data loss.

You can use the roxctl CLI to back up and restore the Central database by using the backup command. This command requires an API token or your administrator password.

1.1. On-demand backups by using an API token
Copy link

You can back up the entire database of RHACS by using an API token.

Prerequisites

  • You have an API token with the Admin role.
  • You have installed the roxctl CLI.

Procedure

  1. Set the ROX_API_TOKEN and the ROX_ENDPOINT environment variables by running the following commands: 

    $ export ROX_API_TOKEN=<api_token>
    Copy to Clipboard Toggle word wrap 
    $ export ROX_ENDPOINT=<address>:<port_number>
    Copy to Clipboard Toggle word wrap

  2. Initiate a backup for Central by running the following command: 

    $ roxctl central backup
    1
    Copy to Clipboard Toggle word wrap
    1
    You can use the --output option to specify the backup file location.

    By default, the roxctl CLI saves the backup file in the directory where you run the command.

You can back up the entire database of RHACS by using your administrator password.

Prerequisites

  • You have the administrator password.
  • You have installed the roxctl CLI.

Procedure

  1. Set the ROX_ENDPOINT environment variable by running the following command: 

    $ export ROX_ENDPOINT=<address>:<port_number>
    Copy to Clipboard Toggle word wrap

  2. Initiate a backup for Central by running the following command: 

    $ roxctl -p <admin_password> central backup
    1
    Copy to Clipboard Toggle word wrap
    1
    For <admin_password>, specify the administrator password.

    By default, the roxctl CLI saves the backup file in the directory in which you run the command. You can use the --output option to specify the backup file location.

You can use the roxctl CLI to restore Red Hat Advanced Cluster Security for Kubernetes (RHACS) by using the restore command. This command requires an API token or your administrator password.

2.1. Restoring by using an API token
Copy link

You can restore the entire database of RHACS by using an API token.

Prerequisites

  • You have a RHACS backup file.
  • You have an API token with the administrator role.
  • You have installed the roxctl CLI.

Procedure

  1. Set the ROX_API_TOKEN and the ROX_ENDPOINT environment variables by running the following commands: 

    $ export ROX_API_TOKEN=<api_token>
    Copy to Clipboard Toggle word wrap 
    $ export ROX_ENDPOINT=<address>:<port_number>
    Copy to Clipboard Toggle word wrap

  2. Restore the Central database by running the following command: 

    $ roxctl central db restore <backup_file>
    1
    Copy to Clipboard Toggle word wrap
    1
    For <backup_file>, specify the name of the backup file that you want to restore.

2.2. Restoring by using the administrator password
Copy link

You can restore the entire database of RHACS by using your administrator password.

Prerequisites

  • You have a RHACS backup file.
  • You have the administrator password.
  • You have installed the roxctl CLI.

Procedure

  1. Set the ROX_ENDPOINT environment variable by running the following command: 

    $ export ROX_ENDPOINT=<address>:<port_number>
    Copy to Clipboard Toggle word wrap

  2. Restore the Central database by running the following command: 

    $ roxctl -p <admin_password> \
    1 
    
  central db restore <backup_file>
    2
    Copy to Clipboard Toggle word wrap
    1
    For <admin_password>, specify the administrator password.
    2
    For <backup_file>, specify the name of the backup file that you want to restore.

2.3. Resuming the restore operation
Copy link

If your connection is interrupted during a restore operation or you need to go offline, you can resume the restore operation.

  • If you do not have access to the machine running the resume operation, you can use the roxctl central db restore status command to check the status of an ongoing restore operation.
  • If the connection is interrupted, the roxctl CLI automatically attempts to restore a task as soon as the connection is available again. The automatic connection retries depend on the duration specified by the timeout option.
  • Use the --timeout option to specify the time in seconds, minutes or hours after which the roxctl CLI stops trying to resume a restore operation. If the option is not specified, the default timeout is 10 minutes.
  • If a restore operation gets stuck or you want to cancel it, use the roxctl central db restore cancel command to cancel a running restore operation.
  • If a restore operation is stuck, you have canceled it, or the time has expired, you can resume the previous restore by running the original command again.
Important
  • During interruptions, RHACS caches an ongoing restore operation for 24 hours. You can resume this operation by executing the original restore command again.
  • The --timeout option only controls the client-side connection retries and has no effect on the server-side restore cache of 24 hours.
  • You cannot resume restores across Central pod restarts.
  • If a restore operation is interrupted, you must restart it within 24 hours and before restarting Central, otherwise RHACS cancels the restore operation.

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat