diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 6e8ec74748..f568157f0d 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -3234,12 +3234,6 @@ Topics: Topics: - Name: OADP 1.4 release notes File: oadp-1-4-release-notes - - Name: OADP 1.3 release notes - File: oadp-release-notes-1-3 - - Name: OADP 1.2 release notes - File: oadp-release-notes-1-2 - - Name: OADP 1.1 release notes - File: oadp-release-notes-1-1 - Name: OADP features and plugins File: oadp-features-plugins - Name: Installing and configuring OADP diff --git a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc index bd24894654..b062af11a6 100644 --- a/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc +++ b/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc @@ -10,10 +10,6 @@ toc::[] Frequent backups might consume storage on the backup storage location. Check the frequency of backups, retention time, and the amount of data of the persistent volumes (PVs) if using non-local backups, for example, S3 buckets. Because all taken backup remains until expired, also check the time to live (TTL) setting of the schedule. -[NOTE] -==== -There might be known issues with supported storage classes, for example, CSI backups might fail due to a Ceph limitation. For more information, see xref:../../../backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc#known-issues_oadp-release-notes[Known issues]. -==== You can back up applications by creating a `Backup` custom resource (CR). For more information, see xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-creating-backup-cr.adoc#oadp-creating-backup-cr-doc[Creating a Backup CR]. diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc index 5e095379e0..71a959c41a 100644 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc +++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc @@ -9,9 +9,15 @@ toc::[] The release notes for {oadp-first} describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. +[NOTE] +==== +For additional information about {oadp-short}, see link:https://access.redhat.com/articles/5456281[{oadp-first} FAQs] +==== + include::modules/oadp-1-4-0-release-notes.adoc[leveloffset=+1] include::modules/oadp-backing-up-dpa-configuration-1-4-0.adoc[leveloffset=+3] include::modules/oadp-upgrading-oadp-operator-1-4-0.adoc[leveloffset=+3] + [role="_additional-resources"] .Additional resources * xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators] @@ -21,7 +27,4 @@ include::modules/oadp-upgrading-oadp-operator-1-4-0.adoc[leveloffset=+3] To upgrade from OADP 1.3 to 1.4, no Data Protection Application (DPA) changes are required. -[id="verifying-upgrade-1-4-0_{context}"] -=== Verifying the upgrade - -Verify the installation by following steps from the xref:../../../backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc#verifying-upgrade-1-2-0_oadp-release-notes[Verifying the upgrade] section. \ No newline at end of file +include::modules/oadp-verifying-upgrade-1-4-0.adoc[leveloffset=+2] diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc deleted file mode 100644 index 6f5ce41a5f..0000000000 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-1.adoc +++ /dev/null @@ -1,26 +0,0 @@ -:_mod-docs-content-type: ASSEMBLY -[id="oadp-release-notes-1-1"] -= OADP 1.1 release notes -include::_attributes/common-attributes.adoc[] -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: oadp-release-notes - -toc::[] - -The release notes for OpenShift API for Data Protection (OADP) 1.1 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. - -include::modules/oadp-release-notes-1-1-8.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-7.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-6.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-5.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-4.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-3.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-2.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-1-1.adoc[leveloffset=+1] diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc deleted file mode 100644 index 872a299385..0000000000 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-2.adoc +++ /dev/null @@ -1,33 +0,0 @@ -:_mod-docs-content-type: ASSEMBLY -[id="oadp-release-notes-1-2"] -= OADP 1.2 release notes -include::_attributes/common-attributes.adoc[] -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: oadp-release-notes - -toc::[] - -The release notes for OpenShift API for Data Protection (OADP) 1.2 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. - -include::modules/oadp-release-notes-1-2-5.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-2-4.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-2-3.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-2-2.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-2-1.adoc[leveloffset=+1] - -include::modules/oadp-release-notes-1-2-0.adoc[leveloffset=+1] -include::modules/oadp-backing-up-dpa-configuration-1-2-0.adoc[leveloffset=+3] -include::modules/oadp-upgrading-oadp-operator-1-2-0.adoc[leveloffset=+3] -[role="_additional-resources"] -.Additional resources - -* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#migration-configuring-aws-s3_installing-oadp-aws[Configuring Amazon Web Services] -* xref:../../../backup_and_restore/application_backup_and_restore/installing/oadp-using-data-mover-for-csi-snapshots-doc.adoc#oadp-using-data-mover-for-csi-snapshots-doc[Using Data Mover for CSI snapshots] -* xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators] - -include::modules/oadp-converting-to-new-dpa-1-2-0.adoc[leveloffset=+3] -include::modules/oadp-verifying-upgrade-1-2-0.adoc[leveloffset=+3] diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-3.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-3.adoc deleted file mode 100644 index 7fae5d6357..0000000000 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-release-notes-1-3.adoc +++ /dev/null @@ -1,23 +0,0 @@ -:_mod-docs-content-type: ASSEMBLY -[id="oadp-release-notes"] -= OADP 1.3 release notes -include::_attributes/common-attributes.adoc[] -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: oadp-release-notes - -toc::[] - -The release notes for OpenShift API for Data Protection (OADP) describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. - -include::modules/oadp-release-notes-1-3-2.adoc[leveloffset=+1] -include::modules/oadp-release-notes-1-3-1.adoc[leveloffset=+1] -include::modules/oadp-release-notes-1-3-0.adoc[leveloffset=+1] -include::modules/oadp-upgrade-from-oadp-data-mover-1-2-0.adoc[leveloffset=+3] -include::modules/oadp-backing-up-dpa-configuration-1-3-0.adoc[leveloffset=+3] -include::modules/oadp-upgrading-oadp-operator-1-3-0.adoc[leveloffset=+3] -[role="_additional-resources"] -.Additional resources -* xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators] - -include::modules/oadp-converting-dpa-to-new-version-1-3-0.adoc[leveloffset=+3] -include::modules/oadp-verifying-upgrade-1-3-0.adoc[leveloffset=+3] diff --git a/modules/oadp-1-4-0-release-notes.adoc b/modules/oadp-1-4-0-release-notes.adoc index fbb73fb688..919159e595 100644 --- a/modules/oadp-1-4-0-release-notes.adoc +++ b/modules/oadp-1-4-0-release-notes.adoc @@ -22,7 +22,7 @@ link:https://issues.redhat.com/browse/OADP-4075[OADP-4075] .Data Mover backups work properly in the {product-title} 4.16 cluster -Previously, Velero was using the earlier version of SDK where the `Spec.SourceVolumeMode` field did not exist. As a consequence, Data Mover backups failed in the {product-title} 4.16 cluster on the external snapshotter with version 4.2. +Previously, Velero was using the earlier version of SDK where the `Spec.SourceVolumeMode` field did not exist. As a consequence, Data Mover backups failed in the {product-title} 4.16 cluster on the external snapshotter with version 4.2. With this update, external snapshotter is upgraded to version 7.0 and later. As a result, backups do not fail in the {product-title} 4.16 cluster. link:https://issues.redhat.com/browse/OADP-3922[OADP-3922] @@ -60,7 +60,7 @@ This changes the following: * Velero changed client Burst and QPS defaults from 30 and 20 to 100 and 100, respectively. -* The `velero-plugin-for-aws` plugin updated default value of the `spec.config.checksumAlgorithm` field in `BackupStorageLocation` objects (BSLs) from `""` (no checksum calculation) to the `CRC32` algorithm. For more information, see link:https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/release-1.10/backupstoragelocation.md[Velero plugins for AWS Backup Storage Location]. The checksum algorithm types are known to work only with AWS. -Several S3 providers require the `md5sum` to be disabled by setting the checksum algorithm to `""`. Confirm `md5sum` algorithm support and configuration with your storage provider. +* The `velero-plugin-for-aws` plugin updated default value of the `spec.config.checksumAlgorithm` field in `BackupStorageLocation` objects (BSLs) from `""` (no checksum calculation) to the `CRC32` algorithm. The checksum algorithm types are known to work only with AWS. +Several S3 providers require the `md5sum` to be disabled by setting the checksum algorithm to `""`. Confirm `md5sum` algorithm support and configuration with your storage provider. + -In OADP 1.4, the default value for BSLs created within DPA for this configuration is `""`. This default value means that the `md5sum` is not checked, which is consistent with OADP 1.3. For BSLs created within DPA, update it by using the `spec.backupLocations[].velero.config.checksumAlgorithm` field in the DPA. If your BSLs are created outside DPA, you can update this configuration by using `spec.config.checksumAlgorithm` in the BSLs. \ No newline at end of file +In OADP 1.4, the default value for BSLs created within DPA for this configuration is `""`. This default value means that the `md5sum` is not checked, which is consistent with OADP 1.3. For BSLs created within DPA, update it by using the `spec.backupLocations[].velero.config.checksumAlgorithm` field in the DPA. If your BSLs are created outside DPA, you can update this configuration by using `spec.config.checksumAlgorithm` in the BSLs. diff --git a/modules/oadp-release-notes-1-1-1.adoc b/modules/oadp-release-notes-1-1-1.adoc deleted file mode 100644 index 509634591a..0000000000 --- a/modules/oadp-release-notes-1-1-1.adoc +++ /dev/null @@ -1,37 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-1_{context}"] -= OADP 1.1.1 release notes - -The OADP 1.1.1 release notes include product recommendations and descriptions of known issues. - -== Product recommendations - -Before you install OADP 1.1.1, it is recommended to either install VolSync 0.5.1 or to upgrade to it. - -== Known issues - -This release has the following known issues: - -* Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) -+ -The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list]. -+ -It is advised to upgrade to OADP 1.1.7 or 1.2.3, which resolve this issue. -+ -For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)]. -+ - - -* OADP currently does not support backup and restore of AWS EFS volumes using restic in Velero (link:https://issues.redhat.com/browse/OADP-778[*OADP-778*]). - -* CSI backups might fail due to a Ceph limitation of `VolumeSnapshotContent` snapshots per PVC. -+ -You can create many snapshots of the same persistent volume claim (PVC) but cannot schedule periodic creation of snapshots: -+ -** For CephFS, you can create up to 100 snapshots per PVC. -** For RADOS Block Device (RBD), you can create up to 512 snapshots for each PVC. (link:https://issues.redhat.com/browse/OADP-804[*OADP-804*]) and (link:https://issues.redhat.com/browse/OADP-975[*OADP-975*]) -+ -For more information, see https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.11/html/managing_and_allocating_storage_resources/volume-snapshots_rhodf[Volume Snapshots]. diff --git a/modules/oadp-release-notes-1-1-2.adoc b/modules/oadp-release-notes-1-1-2.adoc deleted file mode 100644 index 5ebb7257d3..0000000000 --- a/modules/oadp-release-notes-1-1-2.adoc +++ /dev/null @@ -1,56 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-2_{context}"] -= OADP 1.1.2 release notes - -The OADP 1.1.2 release notes include product recommendations, a list of fixed bugs and descriptions of known issues. - -[id="product-recommendations_{context}"] -== Product recommendations - -.VolSync - -To prepare for the upgrade from VolSync 0.5.1 to the latest version available from the VolSync *stable* channel, you must add this annotation in the `openshift-adp` namespace by running the following command: - -[source,terminal] ----- -$ oc annotate --overwrite namespace/openshift-adp volsync.backube/privileged-movers='true' ----- - -.Velero - -In this release, Velero has been upgraded from version 1.9.2 to version link:https://github.com/vmware-tanzu/velero/releases/tag/v1.9.5[1.9.5]. - -.Restic - -In this release, Restic has been upgraded from version 0.13.1 to version link:https://github.com/restic/restic/releases/tag/v0.14.0[0.14.0]. - -[id="fixed-bugs_{context}"] -== Resolved issues - -The following issues have been resolved in this release: - -* link:https://issues.redhat.com/browse/OADP-1150[OADP-1150] -* link:https://issues.redhat.com/browse/OADP-290[OADP-290] -* link:https://issues.redhat.com/browse/OADP-1056[OADP-1056] - -[id="known-issues_{context}"] -== Known issues - -This release has the following known issues: - -* OADP currently does not support backup and restore of AWS EFS volumes using restic in Velero (link:https://issues.redhat.com/browse/OADP-778[*OADP-778*]). - -* CSI backups might fail due to a Ceph limitation of `VolumeSnapshotContent` snapshots per PVC. -+ -You can create many snapshots of the same persistent volume claim (PVC) but cannot schedule periodic creation of snapshots: -+ --- -** For CephFS, you can create up to 100 snapshots per PVC. (link:https://issues.redhat.com/browse/OADP-804[*OADP-804*]) -** For RADOS Block Device (RBD), you can create up to 512 snapshots for each PVC. (link:https://issues.redhat.com/browse/OADP-975[*OADP-975*]) --- -+ -For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.11/html/managing_and_allocating_storage_resources/volume-snapshots_rhodf[Volume Snapshots]. diff --git a/modules/oadp-release-notes-1-1-3.adoc b/modules/oadp-release-notes-1-1-3.adoc deleted file mode 100644 index 74df038ab5..0000000000 --- a/modules/oadp-release-notes-1-1-3.adoc +++ /dev/null @@ -1,26 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-3_{context}"] -= OADP 1.1.3 release notes - -The OADP 1.1.3 release notes lists any new features, resolved issues and bugs, and known issues. - -[id="new-features1.1.3_{context}"] -== New features - -This version of OADP is a service release. No new features are added to this version. - -[id="resolved-issues1.1.3_{context}"] -== Resolved issues - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12418876[OADP 1.1.3 resolved issues] in Jira. - -[id="known-issues1.1.3_{context}"] -== Known issues - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-1057?filter=12421175[OADP 1.1.3 known issues] in Jira. - - diff --git a/modules/oadp-release-notes-1-1-4.adoc b/modules/oadp-release-notes-1-1-4.adoc deleted file mode 100644 index 0c97f602dd..0000000000 --- a/modules/oadp-release-notes-1-1-4.adoc +++ /dev/null @@ -1,67 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-4_{context}"] -= OADP 1.1.4 release notes - -The OADP 1.1.4 release notes lists any new features, resolved issues and bugs, and known issues. - -[id="new-features1.1.4_{context}"] -== New features - -This version of OADP is a service release. No new features are added to this version. - -[id="resolved-issues1.1.4_{context}"] -== Resolved issues - -.Add support for all the velero deployment server arguments - -In previous releases of OADP, OADP did not facilitate the support of all the upstream Velero server arguments. This issue has been resolved in OADP 1.1.4 and all the upstream Velero server arguments are supported. link:https://issues.redhat.com/browse/OADP-1557[OADP-1557] - - -.Data Mover can restore from an incorrect snapshot when there was more than one VSR for the restore name and pvc name - -In previous releases of OADP, OADP Data Mover could restore from an incorrect snapshot if there was more than one Volume Snapshot Restore (VSR) resource in the cluster for the same Velero `restore` name and PersistentVolumeClaim (pvc) name. link:https://issues.redhat.com/browse/OADP-1822[OADP-1822] - - -.Cloud Storage API BSLs need OwnerReference - -In previous releases of OADP, ACM BackupSchedules failed validation because of a missing `OwnerReference` on Backup Storage Locations (BSLs) created with `dpa.spec.backupLocations.bucket`. link:https://issues.redhat.com/browse/OADP-1511[OADP-1511] - - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/browse/OADP-1557?filter=12420906[OADP 1.1.4 resolved issues] in Jira. - -//// -The following issues have been resolved in this release: - -* link:https://issues.redhat.com/browse/OADP-1557[OADP-1557] -* link:https://issues.redhat.com/browse/OADP-1822[OADP-1822] -* link:https://issues.redhat.com/browse/OADP-1511[OADP-1511] -* link:https://issues.redhat.com/browse/OADP-1642[OADP-1642] -* link:https://issues.redhat.com/browse/OADP-1398[OADP-1398] -* link:https://issues.redhat.com/browse/OADP-1267[OADP-1267] -* link:https://issues.redhat.com/browse/OADP-1390[OADP-1390] -* link:https://issues.redhat.com/browse/OADP-1650[OADP-1650] -* link:https://issues.redhat.com/browse/OADP-1487[OADP-1487] -//// - -[id="known-issues1.1.4_{context}"] -== Known issues - -This release has the following known issues: - -.OADP backups might fail because a UID/GID range might have changed on the cluster - -OADP backups might fail because a UID/GID range might have changed on the cluster where the application has been restored, with the result that OADP does not back up and restore {product-title} UID/GID range metadata. To avoid the issue, if the backed application requires a specific UUID, ensure the range is available when restored. An additional workaround is to allow OADP to create the namespace in the restore operation. - -.A restoration might fail if ArgoCD is used during the process due to a label used by ArgoCD - -A restoration might fail if ArgoCD is used during the process due to a label used by ArgoCD, `app.kubernetes.io/instance`. This label identifies which resources ArgoCD needs to manage, which can create a conflict with OADP's procedure for managing resources on restoration. To work around this issue, set `.spec.resourceTrackingMethod` on the ArgoCD YAML to `annotation+label` or `annotation`. If the issue continues to persist, then disable ArgoCD before beginning to restore, and enable it again when restoration is finished. - -.OADP Velero plugins returning "received EOF, stopping recv loop" message - -Velero plugins are started as separate processes. When the Velero operation has completed, either successfully or not, they exit. Therefore if you see a `received EOF, stopping recv loop` messages in debug logs, it does not mean an error occurred. The message indicates that a plugin operation has completed. link:https://issues.redhat.com/browse/OADP-2176[OADP-2176] - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-1057?filter=12420908[OADP 1.1.4 known issues] in Jira. diff --git a/modules/oadp-release-notes-1-1-5.adoc b/modules/oadp-release-notes-1-1-5.adoc deleted file mode 100644 index bb702ba488..0000000000 --- a/modules/oadp-release-notes-1-1-5.adoc +++ /dev/null @@ -1,27 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-5_{context}"] -= OADP 1.1.5 release notes - -The OADP 1.1.5 release notes lists any new features, resolved issues and bugs, and known issues. - -[id="new-features1.1.5_{context}"] -== New features - -This version of OADP is a service release. No new features are added to this version. - -[id="resolved-issues1.1.5_{context}"] -== Resolved issues - -// as there are only CVEs listed, I think I am ok to go with just a filter -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12418875[OADP 1.1.5 resolved issues] in Jira. - - -[id="known-issues1.1.5_{context}"] -== Known issues - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-1057?filter=12421178[OADP 1.1.5 known issues] in Jira. - diff --git a/modules/oadp-release-notes-1-1-6.adoc b/modules/oadp-release-notes-1-1-6.adoc deleted file mode 100644 index 58fc9829a5..0000000000 --- a/modules/oadp-release-notes-1-1-6.adoc +++ /dev/null @@ -1,31 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-6_{context}"] -= OADP 1.1.6 release notes - -The OADP 1.1.6 release notes lists any new features, resolved issues and bugs, and known issues. - -[id="resolved-issues1.1.6_{context}"] -== Resolved issues - -.Restic restore partially failing due to Pod Security standard - -OCP 4.14 introduced pod security standards that meant the `privileged` profile is `enforced`. In previous releases of OADP, this profile caused the pod to receive `permission denied` errors. This issue was caused because of the restore order. The pod was created before the security context constraints (SCC) resource. As this pod violated the pod security standard, the pod was denied and subsequently failed. link:https://issues.redhat.com/browse/OADP-2420[OADP-2420] - - -.Restore partially failing for job resource - -In previous releases of OADP, the restore of job resource was partially failing in OCP 4.14. This issue was not seen in older OCP versions. The issue was caused by an additional label being to the job resource, which was not present in older OCP versions. link:https://issues.redhat.com/browse/OADP-2530[OADP-2530] - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12420897[OADP 1.1.6 resolved issues] in Jira. - - -[id="known-issues1.1.6_{context}"] -== Known issues - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-2688?filter=12421263[OADP 1.1.6 known issues] in Jira. - - diff --git a/modules/oadp-release-notes-1-1-7.adoc b/modules/oadp-release-notes-1-1-7.adoc deleted file mode 100644 index 8d73f8c4c3..0000000000 --- a/modules/oadp-release-notes-1-1-7.adoc +++ /dev/null @@ -1,32 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-7_{context}"] -= OADP 1.1.7 release notes - -The OADP 1.1.7 release notes lists any resolved issues and known issues. - - -[id="resolved-issues1.1.7_{context}"] -== Resolved issues - -The following highlighted issues are resolved in OADP 1.1.7: - -.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) - -In previous releases of OADP 1.1, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list]. - -For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)]. - -For a complete list of all issues resolved in the release of OADP 1.1.7, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.1.7 resolved issues] in Jira. - - -[id="known-issues1.1.7_{context}"] -== Known issues - -There are no known issues in the release of OADP 1.1.7. - - - diff --git a/modules/oadp-release-notes-1-1-8.adoc b/modules/oadp-release-notes-1-1-8.adoc deleted file mode 100644 index 47a39ca58b..0000000000 --- a/modules/oadp-release-notes-1-1-8.adoc +++ /dev/null @@ -1,16 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-1.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-1-8_{context}"] -= {oadp-short} 1.1.8 release notes - -The {oadp-first} 1.1.8 release notes lists any known issues. There are no resolved issues in this release. - -[id="known-issues1-1-8_{context}"] -== Known issues - -For a complete list of all known issues in {oadp-short} 1.1.8, see the list of link:https://issues.redhat.com/issues/?filter=12435971[OADP 1.1.8 known issues] in Jira. - -// filter - project = OADP AND issuetype = Bug AND status not in (Verified, "Release Pending", Closed) AND affectedVersion in ("OADP 1.1.0", "OADP 1.1.1", "OADP 1.1.2", "OADP 1.1.3", "oadp 1.1.4", "oadp 1.1.5", "OADP 1.1.6", "OADP 1.1.7", "OADP 1.1.8") AND component not in (Documentation, "Migration QE Infra", QE-Task) ORDER BY priority DESC, Rank DESC diff --git a/modules/oadp-release-notes-1-2-0.adoc b/modules/oadp-release-notes-1-2-0.adoc deleted file mode 100644 index dbf4ca14d4..0000000000 --- a/modules/oadp-release-notes-1-2-0.adoc +++ /dev/null @@ -1,82 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-2.adoc - -:_mod-docs-content-type: REFERENCE -[id="oadp-release-notes-1-2-0_{context}"] -= OADP 1.2.0 release notes - -The OADP 1.2.0 release notes include information about new features, bug fixes, and known issues. - -[id="new-features_{context}"] -== New features - -.Resource timeouts -The new `resourceTimeout` option specifies the timeout duration in minutes for waiting on various Velero resources. This option applies to resources such as Velero CRD availability, `volumeSnapshot` deletion, and backup repository availability. The default duration is 10 minutes. - -.AWS S3 compatible backup storage providers -You can back up objects and snapshots on AWS S3 compatible providers. - - -[id="new-features-tech-preview-1-2-0_{context}"] -=== Technical preview features - -.Data Mover -The OADP Data Mover enables you to back up Container Storage Interface (CSI) volume snapshots to a remote object store. When you enable Data Mover, you can restore stateful applications using CSI volume snapshots pulled from the object store in case of accidental cluster deletion, cluster failure, or data corruption. - -:FeatureName: OADP Data Mover -include::snippets/technology-preview.adoc[] - -[id="fixed-bugs-1-2-0_{context}"] -== Resolved issues - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12418878[OADP 1.2.0 resolved issues] in Jira. - -[id="known-issues-1-2-0_{context}"] -== Known issues - -The following issues have been highlighted as known issues in the release of OADP 1.2.0: - -.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) - -The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption. - -It is advised to upgrade to OADP 1.2.3, which resolves this issue. - -For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)]. - -.An incorrect hostname can be created when changing a hostname in a generated route. - -By default, the {product-title} cluster makes sure that the `openshift.io/host.generated: true` annotation is turned on and fills in the field for both the routes that are generated and those that are not generated. - -You cannot modify the value for the `.spec.host` field based on the base domain name of your cluster in the generated and non-generated routes. - -If you modify the value for the `.spec.host` field, it is not possible to restore the default value that was generated by the {product-title} cluster. After you restore your {product-title} cluster, the Operator resets the value for the field. - -[id="Upgrade-notes-1-2-0_{context}"] -== Upgrade notes - -[NOTE] -==== -Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, then to 1.3. -==== - -[id="changes-oadp-1-1-to-1-2_{context}"] -=== Changes from OADP 1.1 to 1.2 - -The Velero server was updated from version 1.9 to 1.11. - -In OADP 1.2, the `DataProtectionApplication` (DPA) configuration `dpa.spec.configuration.velero.args` has the following changes: - -* The `default-volumes-to-restic` field was renamed to `default-volumes-to-fs-backup`. If you use `dpa.spec.configuration.velero.args`, you must add it again with the new name to your DPA after upgrading OADP. - -* The `restic-timeout` field was renamed to `fs-backup-timeout`. If you use `dpa.spec.configuration.velero.args`, you must add it again with the new name to your DPA after upgrading OADP. - -* The `restic` daemon set was renamed to `node-agent`. OADP automatically updates the name of the daemon set. - -* The custom resource definition `resticrepositories.velero.io` was renamed to `backuprepositories.velero.io`. - -* The custom resource definition `resticrepositories.velero.io` can be removed from the cluster. - -[id="upgrade-steps-1-2-0_{context}"] -== Upgrading steps diff --git a/modules/oadp-release-notes-1-2-1.adoc b/modules/oadp-release-notes-1-2-1.adoc deleted file mode 100644 index 41e7d5e428..0000000000 --- a/modules/oadp-release-notes-1-2-1.adoc +++ /dev/null @@ -1,46 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-2.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-2-1_{context}"] -= OADP 1.2.1 release notes - - -[id="new-features-1-2-1_{context}"] -== New features - -There are no new features in the release of {oadp-first} 1.2.1. - -// :FeatureName: OADP Data Mover -// include::snippets/technology-preview.adoc[] - -[id="resolved-issues-1-2-1_{context}"] -== Resolved issues - -For a complete list of all issues resolved in the release of OADP 1.2.1, see the list of link:https://issues.redhat.com/issues/?filter=12417849[OADP 1.2.1 resolved issues] in Jira. - -// Jira filter - project = OADP AND issuetype = Bug AND status in (Verified, "Release Pending", Closed) AND priority in (Blocker, Critical, Major) AND fixVersion = "OADP 1.2.1" AND component != Documentation - -[id="known-issues-1-2-1_{context}"] -== Known issues - -The following issues have been highlighted as known issues in the release of OADP 1.2.1: - -.DataMover Restic retain and prune policies do not work as expected - -The retention and prune features provided by VolSync and Restic are not working as expected. Because there is no working option to set the prune interval on VolSync replication, you have to manage and prune remotely stored backups on S3 storage outside of OADP. For more details, see: - -* link:https://issues.redhat.com/browse/OADP-2052[OADP-2052] -* link:https://issues.redhat.com/browse/OADP-2048[OADP-2048] -* link:https://issues.redhat.com/browse/OADP-2175[OADP-2175] -* link:https://issues.redhat.com/browse/OADP-1690[OADP-1690] - -:FeatureName: OADP Data Mover -include::snippets/technology-preview.adoc[] - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-2257?filter=12418892[OADP 1.2.1 known issues] in Jira. - -// Jira filter - project = OADP AND issuetype = Bug AND status not in (Verified, "Release Pending", Closed) AND affectedVersion = "OADP 1.2.1" -// or -// project = OADP AND issuetype = Bug AND status not in (Verified, "Release Pending", Closed) AND (affectedVersion <= "OADP 1.2.1" and affectedVersion >= "OADP 1.2.0") diff --git a/modules/oadp-release-notes-1-2-2.adoc b/modules/oadp-release-notes-1-2-2.adoc deleted file mode 100644 index 853b73e05a..0000000000 --- a/modules/oadp-release-notes-1-2-2.adoc +++ /dev/null @@ -1,89 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-2.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-2-2_{context}"] -= OADP 1.2.2 release notes - - -[id="new-features-1-2-2_{context}"] -== New features - -There are no new features in the release of {oadp-first} 1.2.2. - -// :FeatureName: OADP Data Mover -// include::snippets/technology-preview.adoc[] - -[id="resolved-issues-1-2-2_{context}"] -== Resolved issues - -The following highlighted issues are resolved in OADP 1.2.2: - - -.Restic restore partially failed due to a Pod Security standard - -In previous releases of OADP 1.2, {OCP} 4.14 enforced a pod security admission (PSA) policy that hindered the readiness of pods during a Restic restore process. - -This issue has been resolved in the release of OADP 1.2.2, and also OADP 1.1.6. Therefore, it is recommended that users upgrade to these releases. - -For more information, see link:https://docs.openshift.com/container-platform/4.14/backup_and_restore/application_backup_and_restore/troubleshooting.html#oadp-restic-restore-failing-psa-policy_oadp-troubleshooting[Restic restore partially failing on OCP 4.14 due to changed PSA policy]. link:https://issues.redhat.com/browse/OADP-2094[(OADP-2094)] - - -.Backup of an app with internal images partially failed with plugin panicked error - -In previous releases of OADP 1.2, the backup of an application with internal images partially failed with plugin panicked error returned. The backup partially fails with this error in the Velero logs: - -[source,terminal] ----- -time="2022-11-23T15:40:46Z" level=info msg="1 errors encountered backup up item" backup=openshift-adp/django-persistent-67a5b83d-6b44-11ed-9cba-902e163f806c logSource="/remote-source/velero/app/pkg/backup/backup.go:413" name=django-psql-persistent -time="2022-11-23T15:40:46Z" level=error msg="Error backing up item" backup=openshift-adp/django-persistent-67a5b83d-6b44-11ed-9cba-902e163f8 ----- - -This issue has been resolved in OADP 1.2.2. link:https://issues.redhat.com/browse/OADP-1057[(OADP-1057)]. - - -.ACM cluster restore was not functioning as expected due to restore order - -In previous releases of OADP 1.2, ACM cluster restore was not functioning as expected due to restore order. ACM applications were removed and re-created on managed clusters after restore activation. link:https://issues.redhat.com/browse/OADP-2505[(OADP-2505)] - - -.VM's using filesystemOverhead failed when backing up and restoring due to volume size mismatch - -In previous releases of OADP 1.2, due to storage provider implementation choices, whenever there was a difference between the application persistent volume claims (PVCs) storage request and the snapshot size of the same PVC, VM's using filesystemOverhead failed when backing up and restoring. This issue has been resolved in the Data Mover of OADP 1.2.2. link:https://issues.redhat.com/browse/OADP-2144[(OADP-2144)] - - -.OADP did not contain an option to set VolSync replication source prune interval - -In previous releases of OADP 1.2, there was no option to set the VolSync replication source `pruneInterval`. link:https://issues.redhat.com/browse/OADP-2052[(OADP-2052)] - - -.Possible pod volume backup failure if Velero was installed in multiple namespaces - -In previous releases of OADP 1.2, there was a possibility of pod volume backup failure if Velero was installed in multiple namespaces. link:https://issues.redhat.com/browse/OADP-2409[(OADP-2409)] - - -.Backup Storage Locations moved to unavailable phase when VSL uses custom secret - -In previous releases of OADP 1.2, Backup Storage Locations moved to unavailable phase when Volume Snapshot Location used custom secret. link:https://issues.redhat.com/browse/OADP-1737[(OADP-1737)] - - -For a complete list of all issues resolved in the release of OADP 1.2.2, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.2.2 resolved issues] in Jira. - - -[id="known-issues-1-2-2_{context}"] -== Known issues - -The following issues have been highlighted as known issues in the release of OADP 1.2.2: - -.Must-gather command fails to remove ClusterRoleBinding resources - -The `oc adm must-gather` command fails to remove `ClusterRoleBinding` resources, which are left on cluster due to admission webhook. Therefore, requests for the removal of the `ClusterRoleBinding` resources are denied. link:https://issues.redhat.com/browse/OADP-2773[(OADP-27730)] - -[source,terminal] ----- -admission webhook "clusterrolebindings-validation.managed.openshift.io" denied the request: Deleting ClusterRoleBinding must-gather-p7vwj is not allowed ----- - - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/browse/OADP-2773?filter=12422263[OADP 1.2.2 known issues] in Jira. diff --git a/modules/oadp-release-notes-1-2-3.adoc b/modules/oadp-release-notes-1-2-3.adoc deleted file mode 100644 index 677ceab2a7..0000000000 --- a/modules/oadp-release-notes-1-2-3.adoc +++ /dev/null @@ -1,45 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-2.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-2-3_{context}"] -= OADP 1.2.3 release notes - - -[id="new-features-1-2-3_{context}"] -== New features - -There are no new features in the release of {oadp-first} 1.2.3. - -// :FeatureName: OADP Data Mover -// include::snippets/technology-preview.adoc[] - -[id="resolved-issues-1-2-3_{context}"] -== Resolved issues - -The following highlighted issues are resolved in OADP 1.2.3: - - -.Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) - -In previous releases of OADP 1.2, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. For a list of all OADP issues associated with this CVE, see the following link:https://issues.redhat.com/browse/OADP-2868?filter=12421248[Jira list]. - -For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)]. - - -For a complete list of all issues resolved in the release of OADP 1.2.3, see the list of link:https://issues.redhat.com/browse/OADP-2094?filter=12422262[OADP 1.2.3 resolved issues] in Jira. - - -[id="known-issues-1-2-3_{context}"] -== Known issues - -The {oadp-short} 1.2.3 has the following known issue: - -.Data Protection Application (DPA) does not reconcile when the credentials secret is updated - -Currently, the {oadp-short} Operator does not reconcile when you update the `cloud-credentials` secret. This occurs because there are no {oadp-short} specific labels or owner references on the `cloud-credentials` secret. If you create a `cloud-credentials` secret with incorrect credentials, such as empty data, the Operator reconciles and creates a Backup Storage Location (BSL) and registry deployment with the empty data. As a result, when you update the `cloud-credentials` secret with the correct credentials, the Operator does not immediately reconcile to catch the new credentials. - -Workaround: Update to {oadp-short} 1.3. - -link:https://issues.redhat.com/browse/OADP-3327[(OADP-3327)] diff --git a/modules/oadp-release-notes-1-2-4.adoc b/modules/oadp-release-notes-1-2-4.adoc deleted file mode 100644 index f63adab2fc..0000000000 --- a/modules/oadp-release-notes-1-2-4.adoc +++ /dev/null @@ -1,30 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-2.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-2-4_{context}"] -= OADP 1.2.4 release notes - -{oadp-first} 1.2.4 is a Container Grade Only (CGO) release, released to refresh the health grades of the containers, with no changes to any code in the product itself compared to that of {oadp-short} 1.2.3. - - -[id="resolved-issues-1-2-4_{context}"] -== Resolved issues - -There are no resolved issues in {oadp-short} 1.2.4. - - -[id="known-issues-1-2-4_{context}"] -== Known issues - -The {oadp-short} 1.2.4 has the following known issue: - -.Data Protection Application (DPA) does not reconcile when the credentials secret is updated - -Currently, the {oadp-short} Operator does not reconcile when you update the `cloud-credentials` secret. This occurs because there are no {oadp-short} specific labels or owner references on the `cloud-credentials` secret. If you create a `cloud-credentials` secret with incorrect credentials, such as empty data, the Operator reconciles and creates a Backup Storage Location (BSL) and registry deployment with the empty data. As a result, when you update the `cloud-credentials` secret with the correct credentials, the Operator does not immediately reconcile to catch the new credentials. - -Workaround: Update to {oadp-short} 1.3. - -link:https://issues.redhat.com/browse/OADP-3327[(OADP-3327)] - diff --git a/modules/oadp-release-notes-1-2-5.adoc b/modules/oadp-release-notes-1-2-5.adoc deleted file mode 100644 index c93974eea6..0000000000 --- a/modules/oadp-release-notes-1-2-5.adoc +++ /dev/null @@ -1,47 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-2.adoc - -:_mod-docs-content-type: REFERENCE -[id="migration-oadp-release-notes-1-2-5_{context}"] -= OADP 1.2.5 release notes - -{oadp-first} 1.2.5 is a Container Grade Only (CGO) release, released to refresh the health grades of the containers, with no changes to any code in the product itself compared to that of {oadp-short} 1.2.4. - -[id="resolved-issues-1-2-5_{context}"] -== Resolved issues - -// There are no resolved issues in {oadp-short} 1.2.5. - -.CVE-2023-2431: `oadp-velero-plugin-for-microsoft-azure-container`: Bypass of seccomp profile enforcement - -A flaw was found in Kubernetes, which impacts earlier versions of {oadp-short}. This flaw arises when Kubernetes allows a local authenticated attacker to bypass security restrictions, caused by a flaw when using the localhost type for a `seccomp` profile but specifying an empty profile field. An attacker can bypass the `seccomp` profile enforcement by sending a specially crafted request. This flaw has been resolved in {oadp-short} 1.2.5. - -For more details, see link:https://access.redhat.com/security/cve/CVE-2023-2431[(CVE-2023-2431)]. - -.CSI restore ended with 'PartiallyFailed' status and PVCs not created - -CSI restore ended with `PartiallyFailed` status. PVCs are not created, pod are in `Pending` status. This issue has been resolved in {oadp-short} 1.2.5. - -link:https://issues.redhat.com/browse/OADP-1956[(OADP-1956)] - -.PodVolumeBackup fails on completed pod volumes - -In earlier versions of {oadp-short} 1.2, when there is a completed pod that mounted volumes in a namespace used by the Restic `podvolumebackup` or Velero backup, the backup does not complete successfully. This occurs when `defaultVolumesToFsBackup` is set to `true`. This issue has been resolved in {oadp-short} 1.2.5. - -link:https://issues.redhat.com/browse/OADP-1870[(OADP-1870)] - - -[id="known-issues-1-2-5_{context}"] -== Known issues - -// The {oadp-short} 1.2.5 has the following known issue: - -.Data Protection Application (DPA) does not reconcile when the credentials secret is updated - -Currently, the {oadp-short} Operator does not reconcile when you update the `cloud-credentials` secret. This occurs because there are no {oadp-short} specific labels or owner references on the `cloud-credentials` secret. If you create a `cloud-credentials` secret with incorrect credentials, such as empty data, the Operator reconciles and creates a backup storage location (BSL) and registry deployment with the empty data. As a result, when you update the `cloud-credentials` secret with the correct credentials, the {oadp-short} Operator does not immediately reconcile to catch the new credentials. - -Workaround: Update to {oadp-short} 1.3. - -link:https://issues.redhat.com/browse/OADP-3327[(OADP-3327)] - diff --git a/modules/oadp-release-notes-1-3-0.adoc b/modules/oadp-release-notes-1-3-0.adoc deleted file mode 100644 index a9008a2e27..0000000000 --- a/modules/oadp-release-notes-1-3-0.adoc +++ /dev/null @@ -1,153 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-3.adoc - -:_mod-docs-content-type: REFERENCE -[id="oadp-release-notes-1-3-0_{context}"] -= OADP 1.3.0 release notes - -The {oadp-first} 1.3.0 release notes lists new features, resolved issues and bugs, and known issues. - -[id="new-features-1-3-0_{context}"] -== New features - -.Velero built-in DataMover - -:FeatureName: Velero built-in DataMover -include::snippets/technology-preview.adoc[] - -OADP 1.3 includes a built-in Data Mover that you can use to move Container Storage Interface (CSI) volume snapshots to a remote object store. The built-in Data Mover allows you to restore stateful applications from the remote object store if a failure, accidental deletion, or corruption of the cluster occurs. It uses Kopia as the uploader mechanism to read the snapshot data and to write to the Unified Repository. - -.Backing up applications with File System Backup: Kopia or Restic - -Velero’s File System Backup (FSB) supports two backup libraries: the Restic path and the Kopia path. - -Velero allows users to select between the two paths. - -For backup, specify the path during the installation through the `uploader-type` flag. The valid value is either `restic` or `kopia`. This field defaults to `kopia` if the value is not specified. The selection cannot be changed after the installation. - -.GCP Cloud authentication - -Google Cloud Platform (GCP) authentication enables you to use short-lived Google credentials. - -GCP with Workload Identity Federation enables you to use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This eliminates the maintenance and security risks associated with service account keys. - -.AWS ROSA STS authentication - -You can use {oadp-first} with {product-rosa} (ROSA) clusters to backup and restore application data. - -ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to speed up the building and delivering of differentiating experiences to your customers. - -You can subscribe to the service directly from your AWS account. - -After the clusters are created, you can operate your clusters by using the OpenShift web console. The ROSA service also uses OpenShift APIs and command-line interface (CLI) tools. - -[id="resolved-issues-1-3-0_{context}"] -== Resolved issues - -.ACM applications were removed and re-created on managed clusters after restore -Applications on managed clusters were deleted and re-created upon restore activation. {oadp-full} (OADP 1.2) backup and restore process is faster than the older versions. The OADP performance change caused this behavior when restoring ACM resources. Therefore, some resources were restored before other resources, which caused the removal of the applications from managed clusters. -link:https://issues.redhat.com/browse/OADP-2686[OADP-2686] - - -.Restic restore was partially failing due to Pod Security standard - -During interoperability testing, {product-title} 4.14 had the pod Security mode set to `enforce`, which caused the pod to be denied. This was caused due to the restore order. The pod was getting created before the security context constraints (SCC) resource, since the pod violated the `podSecurity` standard, it denied the pod. When setting the restore priority field on the Velero server, restore is successful. link:https://issues.redhat.com/browse/OADP-2688[OADP-2688] - -.Possible pod volume backup failure if Velero is installed in several namespaces - -There was a regression in Pod Volume Backup (PVB) functionality when Velero was installed in several namespaces. The PVB controller was not properly limiting itself to PVBs in its own namespace. -link:https://issues.redhat.com/browse/OADP-2308[OADP-2308] - -.OADP Velero plugins returning "received EOF, stopping recv loop" message - -In OADP, Velero plugins were started as separate processes. When the Velero operation completes, either successfully or not, they exit. Therefore, if you see a `received EOF, stopping recv loop` messages in debug logs, it does not mean an error occurred, it means that a plugin operation has completed. link:https://issues.redhat.com/browse/OADP-2176[OADP-2176] - -.CVE-2023-39325 Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) -In previous releases of OADP, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption. - -For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)] - - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12422837[OADP 1.3.0 resolved issues] in Jira. - -[id="known-issues-1-3-0_{context}"] -== Known issues - -.CSI plugin errors on nil pointer when csiSnapshotTimeout is set to a short duration -The CSI plugin errors on nil pointer when `csiSnapshotTimeout` is set to a short duration. Sometimes it succeeds to complete the snapshot within a short duration, but often it panics with the backup `PartiallyFailed` with the following error: `plugin panicked: runtime error: invalid memory address or nil pointer dereference`. - -.Backup is marked as PartiallyFailed when volumeSnapshotContent CR has an error -If any of the `VolumeSnapshotContent` CRs have an error related to removing the `VolumeSnapshotBeingCreated` annotation, it moves the backup to the `WaitingForPluginOperationsPartiallyFailed` phase. link:https://issues.redhat.com/browse/OADP-2871[OADP-2871] - -.Performance issues when restoring 30,000 resources for the first time -When restoring 30,000 resources for the first time, without an existing-resource-policy, it takes twice as long to restore them, than it takes during the second and third try with an existing-resource-policy set to `update`. link:https://issues.redhat.com/browse/OADP-3071[OADP-3071] - -.Post restore hooks might start running before Datadownload operation has released the related PV -Due to the asynchronous nature of the Data Mover operation, a post-hook might be attempted before the related pods persistent volumes (PVs) are released by the Data Mover persistent volume claim (PVC). - - -.GCP-Workload Identity Federation VSL backup PartiallyFailed -VSL backup `PartiallyFailed` when GCP workload identity is configured on GCP. - - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/issues/?filter=12422838[OADP 1.3.0 known issues] in Jira. - -[id="upgrade-notes-1-3-0_{context}"] -== Upgrade notes - -[NOTE] -==== -Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, and then to 1.3. -==== - -[id="changes-oadp-1-2-to-1-3_{context}"] -=== Changes from OADP 1.2 to 1.3 - -The Velero server has been updated from version 1.11 to 1.12. - -{oadp-first} 1.3 uses the Velero built-in Data Mover instead of the VolumeSnapshotMover (VSM) or the Volsync Data Mover. - -This changes the following: - -* The `spec.features.dataMover` field and the VSM plugin are not compatible with OADP 1.3, and you must remove the configuration from the `DataProtectionApplication` (DPA) configuration. - -* The Volsync Operator is no longer required for Data Mover functionality, and you can remove it. - -* The custom resource definitions `volumesnapshotbackups.datamover.oadp.openshift.io` and `volumesnapshotrestores.datamover.oadp.openshift.io` are no longer required, and you can remove them. - -* The secrets used for the OADP-1.2 Data Mover are no longer required, and you can remove them. - -OADP 1.3 supports Kopia, which is an alternative file system backup tool to Restic. - -* To employ Kopia, use the new `spec.configuration.nodeAgent` field as shown in the following example: -+ -.Example -[source,yaml] ----- -spec: - configuration: - nodeAgent: - enable: true - uploaderType: kopia -# ... ----- - -* The `spec.configuration.restic` field is deprecated in OADP 1.3 and will be removed in a future version of OADP. To avoid seeing deprecation warnings, remove the `restic` key and its values, and use the following new syntax: -+ -.Example -[source,yaml] ----- -spec: - configuration: - nodeAgent: - enable: true - uploaderType: restic -# ... ----- - -[NOTE] -==== -In a future OADP release, it is planned that the `kopia` tool will become the default `uploaderType` value. -==== - diff --git a/modules/oadp-release-notes-1-3-1.adoc b/modules/oadp-release-notes-1-3-1.adoc deleted file mode 100644 index e9c5a614ef..0000000000 --- a/modules/oadp-release-notes-1-3-1.adoc +++ /dev/null @@ -1,86 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-3.adoc - -:_mod-docs-content-type: REFERENCE -[id="oadp-release-notes-1-3-1_{context}"] -= OADP 1.3.1 release notes - -The {oadp-first} 1.3.1 release notes lists new features and resolved issues. - -[id="new-features-1-3-1_{context}"] -== New features - -.OADP 1.3.0 Data Mover is now fully supported - -The OADP built-in Data Mover, introduced in OADP 1.3.0 as a Technology Preview, is now fully supported for both containerized and virtual machine workloads. - -[id="resolved-issues-1-3-1_{context}"] -== Resolved issues - -.{ibm-cloud-name} Object Storage is now supported as a backup storage provider - -{ibm-cloud-name} Object Storage is one of the AWS S3 compatible backup storage providers, which was unsupported previously. -With this update, {ibm-cloud-name} Object Storage is now supported as an AWS S3 compatible backup storage provider. - -link:https://issues.redhat.com/browse/OADP-3788[OADP-3788] - -.OADP operator now correctly reports the missing region error - -Previously, when you specified `profile:default` without specifying the `region` in the AWS Backup Storage Location (BSL) configuration, the OADP operator failed to report the `missing region` error on the Data Protection Application (DPA) custom resource (CR). This update corrects validation of DPA BSL specification for AWS. As a result, the OADP Operator reports the `missing region` error. - -link:https://issues.redhat.com/browse/OADP-3044[OADP-3044] - -.Custom labels are not removed from the openshift-adp namespace - -Previously, the `openshift-adp-controller-manager` pod would reset the labels attached to the `openshift-adp` namespace. This caused synchronization issues for applications requiring custom labels such as Argo CD, leading to improper functionality. With this update, this issue is fixed and custom labels are not removed from the `openshift-adp` namespace. - -link:https://issues.redhat.com/browse/OADP-3189[OADP-3189] - -.OADP must-gather image collects CRDs - -Previously, the OADP `must-gather` image did not collect the custom resource definitions (CRDs) shipped by OADP. Consequently, you could not use the `omg` tool to extract data in the support shell. -With this fix, the `must-gather` image now collects CRDs shipped by OADP and can use the `omg` tool to extract data. - -link:https://issues.redhat.com/browse/OADP-3229[OADP-3229] - -.Garbage collection has the correct description for the default frequency value - -Previously, the `garbage-collection-frequency` field had a wrong description for the default frequency value. With this update, `garbage-collection-frequency` has a correct value of one hour for the `gc-controller` reconciliation default frequency. - -link:https://issues.redhat.com/browse/OADP-3486[OADP-3486] - -.FIPS Mode flag is available in OperatorHub - -By setting the `fips-compliant` flag to `true`, the FIPS mode flag is now added to the OADP Operator listing in OperatorHub. This feature was enabled in OADP 1.3.0 but did not show up in the Red Hat Container catalog as being FIPS enabled. - -link:https://issues.redhat.com/browse/OADP-3495[OADP-3495] - -.CSI plugin does not panic with a nil pointer when csiSnapshotTimeout is set to a short duration - -Previously, when the `csiSnapshotTimeout` parameter was set to a short duration, the CSI plugin encountered the following error: `plugin panicked: runtime error: invalid memory address or nil pointer dereference`. - -With this fix, the backup fails with the following error: `Timed out awaiting reconciliation of volumesnapshot`. - -link:https://issues.redhat.com/browse/OADP-3069[OADP-3069] - - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12432794[OADP 1.3.1 resolved issues] in Jira. - -[id="known-issues-1-3-1_{context}"] -== Known issues - -.Backup and storage restrictions for {sno-caps} clusters deployed on {ibm-power-name} and {ibm-z-name} platforms - -Review the following backup and storage related restrictions for {sno-caps} clusters that are deployed on {ibm-power-name} and {ibm-z-name} platforms: - -Storage:: Only NFS storage is currently compatible with {sno} clusters deployed on {ibm-power-name} and {ibm-z-name} platforms. -Backup:: Only the backing up applications with File System Backup such as `kopia` and `restic` are supported for backup and restore operations. - -link:https://issues.redhat.com/browse/OADP-3787[OADP-3787] - -.Cassandra application pods enter in the CrashLoopBackoff status after restoring OADP - -After OADP restores, the Cassandra application pods might enter in the `CrashLoopBackoff` status. To work around this problem, delete the `StatefulSet` pods with any error or the `CrashLoopBackoff` state after restoring OADP. The `StatefulSet` controller recreates these pods and it runs normally. - -link:https://issues.redhat.com/browse/OADP-3767[OADP-3767] diff --git a/modules/oadp-release-notes-1-3-2.adoc b/modules/oadp-release-notes-1-3-2.adoc deleted file mode 100644 index 471c43769d..0000000000 --- a/modules/oadp-release-notes-1-3-2.adoc +++ /dev/null @@ -1,64 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-3.adoc - -:_mod-docs-content-type: REFERENCE -[id="oadp-release-notes-1-3-2_{context}"] -= {oadp-short} 1.3.2 release notes - -The {oadp-first} 1.3.2 release notes list resolved issues and known issues. - -//[id="new-features-1-3-2_{context}"] -//== New features - - -[id="resolved-issues-1-3-2_{context}"] -== Resolved issues - -.DPA fails to reconcile if a valid custom secret is used for BSL - -DPA fails to reconcile if a valid custom secret is used for Backup Storage Location (BSL), but the default secret is missing. The workaround is to create the required default `cloud-credentials` initially. When the custom secret is re-created, it can be used and checked for its existence. - -link:https://issues.redhat.com/browse/OADP-3193[OADP-3193] - -.CVE-2023-45290: `oadp-velero-container`: Golang `net/http`: Memory exhaustion in `Request.ParseMultipartForm` - -A flaw was found in the `net/http` Golang standard library package, which impacts previous versions of {oadp-short}. When parsing a `multipart` form, either explicitly with `Request.ParseMultipartForm` or implicitly with `Request.FormValue`, `Request.PostFormValue`, or `Request.FormFile`, limits on the total size of the parsed form are not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing long lines to cause the allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. This flaw has been resolved in {oadp-short} 1.3.2. - -For more details, see link:https://access.redhat.com/security/cve/cve-2023-45290[CVE-2023-45290]. - -.CVE-2023-45289: `oadp-velero-container`: Golang `net/http/cookiejar`: Incorrect forwarding of sensitive headers and cookies on HTTP redirect - -A flaw was found in the `net/http/cookiejar` Golang standard library package, which impacts previous versions of {oadp-short}. When following an HTTP redirect to a domain that is not a subdomain match or exact match of the initial domain, an `http.Client` does not forward sensitive headers such as `Authorization` or `Cookie`. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. This flaw has been resolved in {oadp-short} 1.3.2. - -For more details, see link:https://access.redhat.com/security/cve/cve-2023-45289[CVE-2023-45289]. - -.CVE-2024-24783: `oadp-velero-container`: Golang `crypto/x509`: Verify panics on certificates with an unknown public key algorithm - -A flaw was found in the `crypto/x509` Golang standard library package, which impacts previous versions of {oadp-short}. Verifying a certificate chain that contains a certificate with an unknown public key algorithm causes `Certificate.Verify` to panic. This affects all `crypto/tls` clients and servers that set `Config.ClientAuth` to `VerifyClientCertIfGiven` or `RequireAndVerifyClientCert`. The default behavior is for TLS servers to not verify client certificates. This flaw has been resolved in {oadp-short} 1.3.2. - -For more details, see link:https://access.redhat.com/security/cve/cve-2024-24783[CVE-2024-24783]. - -.CVE-2024-24784: `oadp-velero-plugin-container`: Golang `net/mail`: Comments in display names are incorrectly handled - -A flaw was found in the `net/mail` Golang standard library package, which impacts previous versions of {oadp-short}. The `ParseAddressList` function incorrectly handles comments, text in parentheses, and display names. Because this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. This flaw has been resolved in {oadp-short} 1.3.2. - -For more details, see link:https://access.redhat.com/security/cve/cve-2024-24784[CVE-2024-24784]. - -.CVE-2024-24785: `oadp-velero-container`: Golang: html/template: errors returned from `MarshalJSON` methods may break template escaping - -A flaw was found in the `html/template` Golang standard library package, which impacts previous versions of {oadp-short}. If errors returned from `MarshalJSON` methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the HTML/template package, allowing subsequent actions to inject unexpected content into the templates. This flaw has been resolved in {oadp-short} 1.3.2. - -For more details, see link:https://access.redhat.com/security/cve/cve-2024-24785[CVE-2024-24785]. - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12436254[OADP 1.3.2 resolved issues] in Jira. - - -[id="known-issues-1-3-2_{context}"] -== Known issues - -.Cassandra application pods enter into the `CrashLoopBackoff` status after restoring OADP - -After {oadp-short} restores, the Cassandra application pods might enter in the `CrashLoopBackoff` status. To work around this problem, delete the `StatefulSet` pods that are returning an error or the `CrashLoopBackoff` state after restoring {oadp-short}. The `StatefulSet` controller recreates these pods and it runs normally. - -link:https://issues.redhat.com/browse/OADP-3767[OADP-3767] diff --git a/modules/oadp-verifying-upgrade-1-2-0.adoc b/modules/oadp-verifying-upgrade-1-4-0.adoc similarity index 96% rename from modules/oadp-verifying-upgrade-1-2-0.adoc rename to modules/oadp-verifying-upgrade-1-4-0.adoc index e323e17af2..21123b7904 100644 --- a/modules/oadp-verifying-upgrade-1-2-0.adoc +++ b/modules/oadp-verifying-upgrade-1-4-0.adoc @@ -1,10 +1,10 @@ // Module included in the following assemblies: // -// * backup_and_restore/oadp-release-notes-1-2.adoc +// * backup_and_restore/oadp-release-notes-1-4.adoc :_mod-docs-content-type: PROCEDURE -[id="verifying-upgrade-1-2-0_{context}"] +[id="verifying-upgrade-1-4-0_{context}"] = Verifying the upgrade Use the following procedure to verify the upgrade.