diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index d422fcdf03..8edd463150 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -2083,6 +2083,21 @@ Topics: # - Name: Application backup and restore # Dir: application_backup_and_restore # Topics: +# - Name: Installing OADP +# Dir: installing +# Topics: +# - Name: About installing OADP +# File: about-installing-oadp +# - Name: Installing OADP with AWS +# File: installing-oadp-aws +# - Name: Installing OADP with Azure +# File: installing-oadp-azure +# - Name: Installing OADP with GCP +# File: installing-oadp-gcp +# - Name: Installing OADP with MCG +# File: installing-oadp-mcg +# - Name: Installing OADP with OCS +# File: installing-oadp-ocs # - Name: Configuring OADP # File: configuring-oadp - Name: Control plane backup and restore diff --git a/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc b/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc new file mode 100644 index 0000000000..cb5dfc2f01 --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc @@ -0,0 +1,32 @@ +[id="about-installing-oadp"] += About installing OADP +include::modules/common-attributes.adoc[] +:context: about-installing-oadp + +toc::[] + +As a cluster administrator, you install the Openshift API for Data Protection (OADP) by installing the OADP Operator and then installing the Data Protection Application. The OADP Operator installs link:https://velero.io/docs/v1.7/[Velero 1.7]. + +To back up Kubernetes resources and internal images, you must have S3-compatible object storage, such as the following storage providers: + +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#installing-oadp-aws[Amazon Web Services] +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc#installing-oadp-azure[Microsoft Azure] +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc#installing-oadp-gcp[Google Cloud Platform] +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] + +:FeatureName: The CloudStorage API for S3 storage +include::modules/technology-preview.adoc[] + +To back up persistent volumes (PVs) with snapshots, your cloud provider must support either a native snapshot API or Container Snapshot Interface (CSI) snapshots, such as the following providers: + +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#installing-oadp-aws[Amazon Web Services] +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc#installing-oadp-azure[Microsoft Azure] +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc#installing-oadp-gcp[Google Cloud Platform] +* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc#oadp-about-vsl_installing-oadp-ocs[Ceph RBD or Ceph FS storage] + +If your cloud provider does not support snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. + +[discrete] +== Additional resources + +* Overview of backup storage locations and volume snapshot locations in the link:https://velero.io/docs/v1.7/locations/[Velero documentation] diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc new file mode 100644 index 0000000000..4441866870 --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc @@ -0,0 +1,32 @@ +[id="installing-oadp-aws"] += Installing the Openshift API for Data Protection with Amazon Web Services +include::modules/common-attributes.adoc[] +:context: installing-oadp-aws +:installing-oadp-aws: +:credentials: cloud-credentials +:provider: aws + +toc::[] + +You install the Openshift API for Data Protection (OADP) with Amazon Web Services (AWS) by installing the OADP Operator, configuring AWS for Velero, and then installing the Data Protection Application. + +:FeatureName: The CloudStorage API for S3 storage +include::modules/technology-preview.adoc[] + +To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. + +If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. + +include::modules/oadp-installing-operator.adoc[leveloffset=+1] +include::modules/migration-configuring-aws-s3.adoc[leveloffset=+1] + +[id="configuring-dpa-aws"] +== Configuring the Data Protection Application + +include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2] +include::modules/oadp-about-bsl.adoc[leveloffset=+2] +include::modules/oadp-about-vsl.adoc[leveloffset=+2] + +include::modules/oadp-installing-dpa.adoc[leveloffset=+1] + +:installing-oadp-aws!: diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc new file mode 100644 index 0000000000..c4f1e7c087 --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc @@ -0,0 +1,32 @@ +[id="installing-oadp-azure"] += Installing the Openshift API for Data Protection with Azure +include::modules/common-attributes.adoc[] +:context: installing-oadp-azure +:installing-oadp-azure: +:credentials: cloud-credentials-azure +:provider: azure + +toc::[] + +You install the Openshift API for Data Protection (OADP) with Microsoft Azure by installing the OADP Operator, configuring Azure for Velero, and then installing the Data Protection Application. + +:FeatureName: The CloudStorage API for S3 storage +include::modules/technology-preview.adoc[] + +To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. + +If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. + +include::modules/oadp-installing-operator.adoc[leveloffset=+1] +include::modules/migration-configuring-azure.adoc[leveloffset=+1] + +[id="configuring-dpa-azure"] +== Configuring the Data Protection Application + +include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2] +include::modules/oadp-about-bsl.adoc[leveloffset=+2] +include::modules/oadp-about-vsl.adoc[leveloffset=+2] + +include::modules/oadp-installing-dpa.adoc[leveloffset=+1] + +:installing-oadp-azure!: diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc new file mode 100644 index 0000000000..1d7629b13e --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc @@ -0,0 +1,32 @@ +[id="installing-oadp-gcp"] += Installing the Openshift API for Data Protection with Google Cloud Platform +include::modules/common-attributes.adoc[] +:context: installing-oadp-gcp +:installing-oadp-gcp: +:credentials: cloud-credentials-gcp +:provider: gcp + +toc::[] + +You install the Openshift API for Data Protection (OADP) with Google Cloud Platform (GCP) by installing the OADP Operator, configuring GCP for Velero, and then installing the Data Protection Application. + +:FeatureName: The CloudStorage API for S3 storage +include::modules/technology-preview.adoc[] + +To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. + +If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. + +include::modules/oadp-installing-operator.adoc[leveloffset=+1] +include::modules/migration-configuring-gcp.adoc[leveloffset=+1] + +[id="configuring-dpa-gcp"] +== Configuring the Data Protection Application + +include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2] +include::modules/oadp-about-bsl.adoc[leveloffset=+2] +include::modules/oadp-about-vsl.adoc[leveloffset=+2] + +include::modules/oadp-installing-dpa.adoc[leveloffset=+1] + +:installing-oadp-gcp!: diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc new file mode 100644 index 0000000000..d36a427c70 --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc @@ -0,0 +1,30 @@ +[id="installing-oadp-mcg"] += Installing the Openshift API for Data Protection with Google Cloud Platform +include::modules/common-attributes.adoc[] +:context: installing-oadp-mcg +:installing-oadp-mcg: +:credentials: cloud-credentials +:provider: aws + +toc::[] + +You install the Openshift API for Data Protection (OADP) with Multicloud Object Gateway (MCG) by installing the OADP Operator, retrieving the MCG credentials, and then installing the Data Protection Application. + +MCG is a component of OpenShift Container Storage (OCS). You can configure MCG as a backup location. + +To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. + +If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. + +include::modules/oadp-installing-operator.adoc[leveloffset=+1] +include::modules/migration-configuring-mcg.adoc[leveloffset=+1] + +[id="configuring-dpa-mcg"] +== Configuring the Data Protection Application + +include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2] +include::modules/oadp-about-bsl.adoc[leveloffset=+2] + +include::modules/oadp-installing-dpa.adoc[leveloffset=+1] + +:installing-oadp-mcg!: diff --git a/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc new file mode 100644 index 0000000000..d17e5d6f42 --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc @@ -0,0 +1,32 @@ +[id="installing-oadp-ocs"] += Installing the Openshift API for Data Protection with OpenShift Container Storage +include::modules/common-attributes.adoc[] +:context: installing-oadp-ocs +:installing-oadp-ocs: +:credentials: cloud-credentials-gcp +:provider: gcp + +toc::[] + +You install the Openshift API for Data Protection (OADP) with OpenShift Container Storage (OCS) by installing the OADP Operator, installing the Data Protection Application, and configuring the snapshot location. + +To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. + +You can configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] or any S3-compatible object storage as a backup location. + +You can configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc#oadp-about-vsl_installing-oadp-ocs[Ceph RBD or Ceph FS storage] as a snapshot location. + +If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. + +include::modules/oadp-installing-operator.adoc[leveloffset=+1] + +[id="configuring-dpa-ocs"] +== Configuring the Data Protection Application + +include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2] +include::modules/oadp-about-bsl.adoc[leveloffset=+2] +include::modules/oadp-about-vsl.adoc[leveloffset=+2] + +include::modules/oadp-installing-dpa.adoc[leveloffset=+1] + +:installing-oadp-ocs!: diff --git a/backup_and_restore/application_backup_and_restore/installing/modules b/backup_and_restore/application_backup_and_restore/installing/modules new file mode 120000 index 0000000000..36719b9de7 --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/installing/modules @@ -0,0 +1 @@ +../../modules/ \ No newline at end of file diff --git a/modules/migration-configuring-aws-s3.adoc b/modules/migration-configuring-aws-s3.adoc index 0c051b38f3..d53190b76f 100644 --- a/modules/migration-configuring-aws-s3.adoc +++ b/modules/migration-configuring-aws-s3.adoc @@ -2,48 +2,70 @@ // // * migrating_from_ocp_3_to_4/installing-3-4.adoc // * migration_toolkit_for_containers/installing-mtc.adoc -// * migration_toolkit_for_containers/installing-mtc-restricted.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc [id="migration-configuring-aws-s3_{context}"] -= Configuring Amazon Web Services S3 += Configuring Amazon Web Services -You can configure an Amazon Web Services (AWS) S3 storage bucket as a replication repository for the {mtc-full} ({mtc-short}). +ifdef::installing-3-4,installing-mtc[] +You configure Amazon Web Services (AWS) S3 object storage as a replication repository for the {mtc-full} ({mtc-short}). +endif::[] +ifdef::installing-oadp-aws[] +You configure Amazon Web Services (AWS) for the OpenShift API for Data Protection (OADP). +endif::[] .Prerequisites +* You must have the link:https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html[AWS CLI] installed. +ifdef::installing-3-4,installing-mtc[] * The AWS S3 storage bucket must be accessible to the source and target clusters. -* You must have the link:https://aws.amazon.com/cli/[AWS CLI] installed. * If you are using the snapshot copy method: ** You must have access to EC2 Elastic Block Storage (EBS). ** The source and target clusters must be in the same region. ** The source and target clusters must have the same storage class. ** The storage class must be compatible with snapshots. +endif::[] .Procedure +. Set the `BUCKET` variable: ++ +[source,terminal] +---- +$ BUCKET= +---- + +. Set the `REGION` variable: ++ +[source,terminal] +---- +$ REGION= +---- + . Create an AWS S3 bucket: + [source,terminal] ---- $ aws s3api create-bucket \ - --bucket \ <1> - --region <2> + --bucket $BUCKET \ + --region $REGION \ + --create-bucket-configuration LocationConstraint=$REGION <1> ---- -<1> Specify your S3 bucket name. -<2> Specify your S3 bucket region, for example, `us-east-1`. +<1> `us-east-1` does not support a `LocationConstraint`. If your region is `us-east-1`, omit `--create-bucket-configuration LocationConstraint=$REGION`. -. Create the IAM user `velero`: +. Create an IAM user: + [source,terminal] ---- -$ aws iam create-user --user-name velero +$ aws iam create-user --user-name velero <1> ---- +<1> If you want to use Velero to back up multiple clusters with multiple S3 buckets, create a unique user name for each cluster. -. Create an EC2 EBS snapshot policy: +. Create a `velero-policy.json` file: + [source,terminal] ---- -$ cat > velero-ec2-snapshot-policy.json < velero-policy.json < velero-ec2-snapshot-policy.json < velero-s3-policy.json < velero-s3-policy.json </*" <1> + "arn:aws:s3:::${BUCKET}/*" ] }, { "Effect": "Allow", "Action": [ - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:ListBucketMultipartUploads" + "s3:ListBucket" ], "Resource": [ - "arn:aws:s3:::" <1> + "arn:aws:s3:::${BUCKET}" ] } ] } EOF ---- -<1> To grant access to a single S3 bucket, specify the bucket name. To grant access to all AWS S3 buckets, specify `*` instead of a bucket name as in the following example: -+ -.Example output -[source,terminal] ----- -"Resource": [ - "arn:aws:s3:::*" ----- -. Attach the EC2 EBS policy to `velero`: +. Attach the policies to give the `velero` user the necessary permissions: + [source,terminal] ---- $ aws iam put-user-policy \ --user-name velero \ - --policy-name velero-ebs \ - --policy-document file://velero-ec2-snapshot-policy.json + --policy-name velero \ + --policy-document file://velero-policy.json ---- -. Attach the AWS S3 policy to `velero`: -+ -[source,terminal] ----- -$ aws iam put-user-policy \ - --user-name velero \ - --policy-name velero-s3 \ - --policy-document file://velero-s3-policy.json ----- - -. Create an access key for `velero`: +. Create an access key for the `velero` user: + [source,terminal] ---- $ aws iam create-access-key --user-name velero +---- ++ +.Example output ++ +[source,terminal] +---- { "AccessKey": { "UserName": "velero", "Status": "Active", "CreateDate": "2017-07-31T22:24:41.576Z", - "SecretAccessKey": , <1> - "AccessKeyId": <1> - } + "SecretAccessKey": , + "AccessKeyId": + } } ---- -<1> Record the `AWS_SECRET_ACCESS_KEY` and the `AWS_ACCESS_KEY_ID` for adding the AWS repository to the {mtc-short} web console. +ifdef::installing-3-4,installing-mtc[] ++ +Record the `AWS_SECRET_ACCESS_KEY` and the `AWS_ACCESS_KEY_ID`. You use the credentials to add AWS as a replication repository. +endif::[] +ifdef::installing-oadp-aws[] +. Create a `credentials-velero` file: ++ +[source,terminal,subs="attributes+"] +---- +$ cat << EOF > ./credentials-velero +[default] +aws_access_key_id= +aws_secret_access_key= +EOF +---- ++ +You use the `credentials-velero` file to create a `Secret` custom resource for AWS when you install the Data Protection Application. +endif::[] diff --git a/modules/migration-configuring-azure.adoc b/modules/migration-configuring-azure.adoc index f4def5cf50..bdd79b8fab 100644 --- a/modules/migration-configuring-azure.adoc +++ b/modules/migration-configuring-azure.adoc @@ -2,25 +2,38 @@ // // * migrating_from_ocp_3_to_4/installing-3-4.adoc // * migration_toolkit_for_containers/installing-mtc.adoc -// * migration_toolkit_for_containers/installing-mtc-restricted.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc [id="migration-configuring-azure_{context}"] -= Configuring Microsoft Azure Blob += Configuring Microsoft Azure -You can configure a Microsoft Azure Blob storage container as a replication repository for the {mtc-full} ({mtc-short}). +ifdef::installing-3-4,installing-mtc[] +You configure a Microsoft Azure Blob storage container as a replication repository for the {mtc-full} ({mtc-short}). +endif::[] +ifdef::installing-oadp-azure[] +You configure a Microsoft Azure for the OpenShift API for Data Protection (OADP). +endif::[] .Prerequisites -* You must have an link:https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=azure-portal[Azure storage account]. -* You must have the link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Azure CLI] installed. +* You must have the link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli[Azure CLI] installed. +ifdef::installing-3-4,installing-mtc[] * The Azure Blob storage container must be accessible to the source and target clusters. * If you are using the snapshot copy method: ** The source and target clusters must be in the same region. ** The source and target clusters must have the same storage class. ** The storage class must be compatible with snapshots. +endif::[] .Procedure +. Log in to Azure: ++ +[source,terminal] +---- +$ az login +---- + . Set the `AZURE_RESOURCE_GROUP` variable: + [source,terminal] @@ -32,7 +45,7 @@ $ AZURE_RESOURCE_GROUP=Velero_Backups + [source,terminal] ---- -$ az group create -n $AZURE_RESOURCE_GROUP --location <1> +$ az group create -n $AZURE_RESOURCE_GROUP --location CentralUS <1> ---- <1> Specify your location. @@ -40,7 +53,7 @@ $ az group create -n $AZURE_RESOURCE_GROUP --location <1> + [source,terminal] ---- -$ AZURE_STORAGE_ACCOUNT_ID=velerobackups +$ AZURE_STORAGE_ACCOUNT_ID="velero$(uuidgen | cut -d '-' -f5 | tr '[A-Z]' '[a-z]')" ---- . Create an Azure storage account: @@ -48,13 +61,13 @@ $ AZURE_STORAGE_ACCOUNT_ID=velerobackups [source,terminal] ---- $ az storage account create \ - --name $AZURE_STORAGE_ACCOUNT_ID \ - --resource-group $AZURE_RESOURCE_GROUP \ - --sku Standard_GRS \ - --encryption-services blob \ - --https-only true \ - --kind BlobStorage \ - --access-tier Hot + --name $AZURE_STORAGE_ACCOUNT_ID \ + --resource-group $AZURE_BACKUP_RESOURCE_GROUP \ + --sku Standard_GRS \ + --encryption-services blob \ + --https-only true \ + --kind BlobStorage \ + --access-tier Hot ---- . Set the `BLOB_CONTAINER` variable: @@ -74,21 +87,24 @@ $ az storage container create \ --account-name $AZURE_STORAGE_ACCOUNT_ID ---- +ifdef::installing-3-4,installing-mtc[] . Create a service principal and credentials for `velero`: + [source,terminal] ---- $ AZURE_SUBSCRIPTION_ID=`az account list --query '[?isDefault].id' -o tsv` \ AZURE_TENANT_ID=`az account list --query '[?isDefault].tenantId' -o tsv` \ - AZURE_CLIENT_SECRET=`az ad sp create-for-rbac --name "velero" --role "Contributor" --query 'password' -o tsv` \ - AZURE_CLIENT_ID=`az ad sp list --display-name "velero" --query '[0].appId' -o tsv` + AZURE_CLIENT_SECRET=`az ad sp create-for-rbac --name "velero" \ + --role "Contributor" --query 'password' -o tsv` \ + AZURE_CLIENT_ID=`az ad sp list --display-name "velero" \ + --query '[0].appId' -o tsv` ---- . Save the service principal credentials in the `credentials-velero` file: + [source,terminal] ---- -$ cat << EOF > ./credentials-velero +$ cat << EOF > ./credentials-velero AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} AZURE_TENANT_ID=${AZURE_TENANT_ID} AZURE_CLIENT_ID=${AZURE_CLIENT_ID} @@ -97,3 +113,34 @@ AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} AZURE_CLOUD_NAME=AzurePublicCloud EOF ---- ++ +You use the `credentials-velero` file to add Azure as a replication repository. +endif::[] +ifdef::installing-oadp-azure[] +. Obtain the storage account access key: ++ +[source,terminal] +---- +$ AZURE_STORAGE_ACCOUNT_ACCESS_KEY=`az storage account keys list \ + --account-name $AZURE_STORAGE_ACCOUNT_ID \ + --query "[?keyName == 'key1'].value" -o tsv` +---- + +. Create a `credentials-velero` file: ++ +[source,terminal,subs="attributes+"] +---- +$ cat << EOF > ./credentials-velero +AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID} +AZURE_TENANT_ID=${AZURE_TENANT_ID} +AZURE_CLIENT_ID=${AZURE_CLIENT_ID} +AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} +AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP} +AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_STORAGE_ACCOUNT_ACCESS_KEY} <1> +AZURE_CLOUD_NAME=AzurePublicCloud +EOF +---- +<1> Mandatory. You cannot back up internal images if the `credentials-velero` file contains only the service principal credentials. ++ +You use the `credentials-velero` file to create a `Secret` custom resource for Azure when you install the Data Protection Application. +endif::[] diff --git a/modules/migration-configuring-gcp.adoc b/modules/migration-configuring-gcp.adoc index 0c984d2896..a44cc25789 100644 --- a/modules/migration-configuring-gcp.adoc +++ b/modules/migration-configuring-gcp.adoc @@ -2,39 +2,37 @@ // // * migrating_from_ocp_3_to_4/installing-3-4.adoc // * migration_toolkit_for_containers/installing-mtc.adoc -// * migration_toolkit_for_containers/installing-mtc-restricted.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc [id="migration-configuring-gcp_{context}"] = Configuring Google Cloud Platform -You can configure a Google Cloud Platform (GCP) storage bucket as a replication repository for the {mtc-full} ({mtc-short}). +ifdef::installing-3-4,installing-mtc[] +You configure a Google Cloud Platform (GCP) storage bucket as a replication repository for the {mtc-full} ({mtc-short}). +endif::[] +ifdef::installing-oadp-gcp[] +You configure Google Cloud Platform (GCP) for the OpenShift API for Data Protection (OADP). +endif::[] .Prerequisites +* You must have the `gcloud` and `gsutil` CLI tools installed. See the link:https://cloud.google.com/sdk/docs/[Google cloud documentation] for details. + +ifdef::installing-3-4,installing-mtc[] * The GCP storage bucket must be accessible to the source and target clusters. -* You must have link:https://cloud.google.com/storage/docs/gsutil_install[`gsutil`] installed. * If you are using the snapshot copy method: ** The source and target clusters must be in the same region. ** The source and target clusters must have the same storage class. ** The storage class must be compatible with snapshots. +endif::[] .Procedure -. Log in to `gsutil`: +. Log in to GCP: + [source,terminal] ---- -$ gsutil init ----- -+ -.Example output -[source,terminal] ----- -Welcome! This command will take you through the configuration of gcloud. - -Your current configuration has been set to: [default] - -To continue, you must login. Would you like to login (Y/n)? +$ gcloud auth login ---- . Set the `BUCKET` variable: @@ -45,7 +43,7 @@ $ BUCKET= <1> ---- <1> Specify your bucket name. -. Create a storage bucket: +. Create the storage bucket: + [source,terminal] ---- @@ -56,27 +54,34 @@ $ gsutil mb gs://$BUCKET/ + [source,terminal] ---- -$ PROJECT_ID=`gcloud config get-value project` +$ PROJECT_ID=$(gcloud config get-value project) ---- -. Create a `velero` IAM service account: +. Create a service account: + [source,terminal] ---- $ gcloud iam service-accounts create velero \ - --display-name "Velero Storage" + --display-name "Velero service account" ---- -. Create the `SERVICE_ACCOUNT_EMAIL` variable: +. List your service accounts: + [source,terminal] ---- -$ SERVICE_ACCOUNT_EMAIL=`gcloud iam service-accounts list \ - --filter="displayName:Velero Storage" \ - --format 'value(email)'` +$ gcloud iam service-accounts list ---- -. Create the `ROLE_PERMISSIONS` variable: +. Set the `SERVICE_ACCOUNT_EMAIL` variable to match its `email` value: ++ +[source,terminal] +---- +$ SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \ + --filter="displayName:Velero service account" \ + --format 'value(email)') +---- + +. Attach the policies to give the `velero` user the necessary permissions: + [source,terminal] ---- @@ -123,5 +128,13 @@ $ gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET} [source,terminal] ---- $ gcloud iam service-accounts keys create credentials-velero \ - --iam-account $SERVICE_ACCOUNT_EMAIL + --iam-account $SERVICE_ACCOUNT_EMAIL ---- +ifdef::installing-3-4,installing-mtc[] ++ +You use the `credentials-velero` file to add GCP as a replication repository. +endif::[] +ifdef::installing-oadp-gcp[] ++ +You use the `credentials-velero` file to create a `Secret` custom resource for GCP when you install the Data Protection Application. +endif::[] diff --git a/modules/migration-configuring-mcg.adoc b/modules/migration-configuring-mcg.adoc index d3a3c6b014..e88e7cb88f 100644 --- a/modules/migration-configuring-mcg.adoc +++ b/modules/migration-configuring-mcg.adoc @@ -4,23 +4,46 @@ // * migrating_from_ocp_3_to_4/installing-restricted-3-4.adoc // * migration_toolkit_for_containers/installing-mtc.adoc // * migration_toolkit_for_containers/installing-mtc-restricted.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc [id="migration-configuring-mcg_{context}"] -= Configuring the Multicloud Object Gateway += Retrieving Multicloud Object Gateway credentials -You can configure the Multicloud Object Gateway (MCG) as a replication repository for the {mtc-full} ({mtc-short}). MCG is a component of OpenShift Container Storage. +ifdef::installing-3-4,installing-mtc[] +You must retrieve the Multicloud Object Gateway (MCG) credentials and S3 endpoint in order to configure MCG as a replication repository for the {mtc-full} ({mtc-short}). +endif::[] +You must retrieve the Multicloud Object Gateway (MCG) credentials in order to create a `Secret` custom resource (CR) for the OpenShift API for Data Protection (OADP). +ifdef::installing-oadp-mcg[] +endif::[] + +MCG is a component of OpenShift Container Storage. -ifdef::openshift-origin[] .Prerequisites - +ifdef::openshift-origin[] * Ensure that you have downloaded the link:https://console.redhat.com/openshift/install/pull-secret[pull secret from the Red Hat OpenShift Cluster Manager site] as shown in _Obtaining the installation program_ in the installation documentation for your platform. + If you have the pull secret, add the `redhat-operators` catalog to the OperatorHub custom resource (CR) as shown in _Configuring {product-title} to use Red Hat Operators_. endif::[] +* You must deploy OpenShift Container Storage by using the appropriate link:https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.8/[OpenShift Container Storage deployment guide]. .Procedure -. Deploy OpenShift Container Storage by using the appropriate link:https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.8/[OpenShift Container Storage deployment guide]. . Obtain the S3 endpoint, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_ACCESS_KEY` by running the link:https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.8/html-single/managing_hybrid_and_multicloud_resources/index#accessing-the-Multicloud-object-gateway-from-the-terminal_rhocs[`describe` command] on the `NooBaa` custom resource. +ifdef::installing-3-4,installing-mtc[] + -These values are required in order to add MCG as a replication repository to the {mtc-short} web console. +You use these credentials to add MCG as a replication repository. +endif::[] +ifdef::installing-oadp-mcg[] +. Create a `credentials-velero` file: ++ +[source,terminal] +---- +$ cat << EOF > ./credentials-velero +[default] +aws_access_key_id= +aws_secret_access_key= +EOF +---- ++ +You use the `credentials-velero` file to create a `Secret` object when you install the Data Protection Application. +endif::[] diff --git a/modules/migration-migrating-applications-api.adoc b/modules/migration-migrating-applications-api.adoc index 4c455f42f1..212ccd59af 100644 --- a/modules/migration-migrating-applications-api.adoc +++ b/modules/migration-migrating-applications-api.adoc @@ -25,7 +25,7 @@ spec: EOF ---- -. Create a `Secret` CR manifest for each remote cluster: +. Create a `Secret` object manifest for each remote cluster: + [source,yaml] ---- @@ -70,7 +70,7 @@ EOF <.> Specify the `Cluster` CR of the remote cluster. <.> Optional: For direct image migration, specify the exposed registry route. <.> SSL verification is enabled if `false`. CA certificates are not required or checked if `true`. -<.> Specify the `Secret` CR of the remote cluster. +<.> Specify the `Secret` object of the remote cluster. <.> Specify the URL of the remote cluster. . Verify that all clusters are in a `Ready` state: @@ -80,7 +80,7 @@ EOF $ oc describe cluster ---- -. Create a `Secret` CR manifest for the replication repository: +. Create a `Secret` object manifest for the replication repository: + [source,yaml] ---- diff --git a/modules/migration-mtc-cr-manifests.adoc b/modules/migration-mtc-cr-manifests.adoc index a436ccdbf7..31cc25617c 100644 --- a/modules/migration-mtc-cr-manifests.adoc +++ b/modules/migration-mtc-cr-manifests.adoc @@ -186,7 +186,7 @@ spec: <7> Set to `true` to restart the `Restic` pods on the source cluster after the `Stage` pods are created. <8> Remote cluster and direct image migration only: Specify the exposed secure registry path. <9> Remote cluster only: Specify the URL. -<10> Remote cluster only: Specify the name of the `Secret` CR. +<10> Remote cluster only: Specify the name of the `Secret` object. [id="mighook_{context}"] == MigHook @@ -355,10 +355,10 @@ spec: <2> Snapshot copy method only: Specify the storage provider. <3> AWS only: Specify the bucket name. <4> AWS only: Specify the bucket region, for example, `us-east-1`. -<5> Specify the name of the `Secret` CR that you created for the storage. +<5> Specify the name of the `Secret` object that you created for the storage. <6> AWS only: If you are using the AWS Key Management Service, specify the unique identifier of the key. <7> AWS only: If you granted public access to the AWS bucket, specify the bucket URL. <8> AWS only: Specify the AWS signature version for authenticating requests to the bucket, for example, `4`. <9> Snapshot copy method only: Specify the geographical region of the clusters. -<10> Snapshot copy method only: Specify the name of the `Secret` CR that you created for the storage. +<10> Snapshot copy method only: Specify the name of the `Secret` object that you created for the storage. <11> Set to `true` to validate the cluster. diff --git a/modules/migration-rolling-back-migration-cli.adoc b/modules/migration-rolling-back-migration-cli.adoc index a76de6884b..66c8b59d1f 100644 --- a/modules/migration-rolling-back-migration-cli.adoc +++ b/modules/migration-rolling-back-migration-cli.adoc @@ -13,7 +13,7 @@ You can roll back a migration by creating a `MigMigration` custom resource (CR) The following resources remain in the migrated namespaces for debugging after a failed direct volume migration (DVM): * Config maps (source and destination clusters) -* `Secret` CRs (source and destination clusters) +* `Secret` objects (source and destination clusters) * `Rsync` CRs (source cluster) These resources do not affect rollback. You can delete them manually. diff --git a/modules/migration-rolling-back-migration-manually.adoc b/modules/migration-rolling-back-migration-manually.adoc index 1f4ed0db36..77be4f85be 100644 --- a/modules/migration-rolling-back-migration-manually.adoc +++ b/modules/migration-rolling-back-migration-manually.adoc @@ -15,7 +15,7 @@ If you run the same migration plan successfully, the resources from the failed m The following resources remain in the migrated namespaces after a failed direct volume migration (DVM): * Config maps (source and destination clusters) -* `Secret` CRs (source and destination clusters) +* `Secret` objects (source and destination clusters) * `Rsync` CRs (source cluster) These resources do not affect rollback. You can delete them manually. diff --git a/modules/migration-rolling-back-migration-web-console.adoc b/modules/migration-rolling-back-migration-web-console.adoc index 11b915ff9d..809548b146 100644 --- a/modules/migration-rolling-back-migration-web-console.adoc +++ b/modules/migration-rolling-back-migration-web-console.adoc @@ -13,7 +13,7 @@ You can roll back a migration by using the {mtc-full} ({mtc-short}) web console. The following resources remain in the migrated namespaces for debugging after a failed direct volume migration (DVM): * Config maps (source and destination clusters) -* `Secret` CRs (source and destination clusters) +* `Secret` objects (source and destination clusters) * `Rsync` CRs (source cluster) These resources do not affect rollback. You can delete them manually. diff --git a/modules/oadp-about-bsl.adoc b/modules/oadp-about-bsl.adoc new file mode 100644 index 0000000000..c9c962dc22 --- /dev/null +++ b/modules/oadp-about-bsl.adoc @@ -0,0 +1,100 @@ +// Module included in the following assemblies: +// +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc + +[id="oadp-about-bsl_{context}"] += Configuring backup locations + +The OpenShift API for Data Protection (OADP) backs up Kubernetes objects and internal images by using Velero backups and storing them in backup locations, which are S3 storage endpoints. + +You configure backup locations in the `spec.backupLocations.velero` block of the `DataProtectionApplication` CR. + +[IMPORTANT] +==== +You must specify either a dedicated bucket for Velero or a bucket prefix, if the bucket is used for multiple purposes. +==== + +.Example `spec.backupLocations.velero` block +ifdef::installing-oadp-aws[] +[source,yaml,subs="attributes+"] +---- +spec: + backupLocations: + - name: default + velero: + provider: {provider} + default: true + credential: + key: cloud + name: {credentials} + config: + region: us-east-2 + profile: "default" + objectStorage: + bucket: my_bucket + prefix: velero +---- +endif::[] +ifdef::installing-oadp-azure[] +[source,yaml,subs="attributes+"] +---- +spec: + backupLocations: + - velero: + configuration: + resourceGroup: Velero_Backups + storageAccount: velerobackups + subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a + storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY + provider: {provider} + default: true + credential: + key: cloud + name: {credentials} + objectStorage: + bucket: my_bucket + prefix: velero +---- +endif::[] +ifdef::installing-oadp-gcp,installing-oadp-ocs[] +[source,yaml,subs="attributes+"] +---- +spec: + backupLocations: + - velero: + provider: {provider} + default: true + credential: + key: cloud + name: {credentials} + objectStorage: + bucket: my_bucket + prefix: velero +---- +endif::[] +ifdef::installing-oadp-mcg[] +[source,yaml,subs="attributes+"] +---- +spec: + backupLocations: + - velero: + config: + profile: "default" + region: minio + s3Url: https://www.example.com + insecureSkipTLSVerify: "true" + s3ForcePathStyle: "true" + provider: {provider} + default: true + credential: + key: cloud + name: {credentials} + objectStorage: + bucket: my_bucket + prefix: velero +---- +endif::[] diff --git a/modules/oadp-about-vsl.adoc b/modules/oadp-about-vsl.adoc new file mode 100644 index 0000000000..64777ff08e --- /dev/null +++ b/modules/oadp-about-vsl.adoc @@ -0,0 +1,105 @@ +// Module included in the following assemblies: +// +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc + +[id="oadp-about-vsl_{context}"] += Configuring snapshot locations + +The OpenShift API for Data Protection (OADP) backs up persistent volumes (PVs) by using snapshots. Snapshots are stored in snapshot locations, which are specified by the cloud provider parameters. + +[IMPORTANT] +==== +The PVs and the snapshot locations must be in the same region. See the link:https://velero.io/docs/v1.7/locations/#limitations--caveats[Velero documentation] for a comprehensive list of limitations. +==== + +ifdef::installing-oadp-aws,installing-oadp-azure,installing-oadp-gcp[] +You configure snapshot locations in the `spec.snapshotLocations.velero` block of the `DataProtectionApplication` custom resource manifest. +endif::[] + +ifdef::installing-oadp-aws[] +.Example `spec.snapshotLocations.velero` block +[source,yaml] +---- +spec: + snapshotLocations: + - name: default + velero: + provider: aws + config: + region: us-west-2 + profile: "default" +---- +endif::[] +ifdef::installing-oadp-azure[] +.Example `spec.volumeSnapshotLocations` block +[source,yaml] +---- +spec: + snapshotLocations: + - velero: + name: default + provider: azure + config: + resourceGroup: Velero_Backups + subscriptionId: 53b8f551-f0fc-4bea-8cba-6d1fefd54c8a + incremental: true +---- +endif::[] +ifdef::installing-oadp-gcp[] +.Example `spec.snapshotLocations.velero` block +[source,yaml] +---- +spec: + snapshotLocations: + - velero: + provider: gcp + default: true + config: + project: my_project + snapshotLocation: us-west1 +---- +endif::[] +ifdef::installing-oadp-ocs[] +You configure snapshot locations in the `VolumeSnapshotClass` custom resource (CR) manifest. + +You can use Ceph RBD for `RWO` access or Ceph FS for `RWX` access. + +.Example `VolumeSnapshotClass` CR manifest for Ceph RBD +[source,yaml] +---- +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +deletionPolicy: Retain +metadata: + name: ocs-storagecluster-ceph-rbd-snapshot + labels: + velero.io/csi-volumesnapshot-class: "true" + snapshotter: openshift-storage.rbd.csi.ceph.com +driver: openshift-storage.rbd.csi.ceph.com +parameters: + clusterID: openshift-storage + csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/snapshotter-secret-namespace: openshift-storage +---- + +.Example `VolumeSnapshotClass` CR manifest for Ceph FS +[source,yaml] +---- +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: ocs-storagecluster-ceph-cephfs-snapshot + labels: + velero.io/csi-volumesnapshot-class: "true" +snapshotter: openshift-storage.cephfs.csi.ceph.com +driver: openshift-storage.cephfs.csi.ceph.com +deletionPolicy: Retain +parameters: + clusterID: openshift-storage + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage +---- +endif::[] diff --git a/modules/oadp-configuring-default-plug-ins.adoc b/modules/oadp-configuring-default-plug-ins.adoc new file mode 100644 index 0000000000..cfe83b199a --- /dev/null +++ b/modules/oadp-configuring-default-plug-ins.adoc @@ -0,0 +1,80 @@ +// Module included in the following assemblies: +// +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc + +[id="oadp-configuring-default-plug-ins_{context}"] += Configuring default plug-ins + +You configure default plug-ins in the `spec.configuration.velero.defaultPlugins` block of the `DataProtectionApplication` CR. + +ifdef::installing-oadp-ocs[] +The `csi` plug-in backs up and restores snapshots on persistent volume claims (PVCs) that support Container Storage Interface (CSI) snapshots, for example Ceph RBD or Ceph FS. The `csi` plug-in uses the link:https://velero.io/docs/main/csi/[Velero CSI beta snapshot APIs]. +endif::[] + +.Example `spec.configuration.velero.defaultPlugins` block + +ifdef::installing-oadp-aws[] +[source,yaml] +---- +spec: + configuration: + velero: + defaultPlugins: + - openshift <.> + - aws +---- +endif::[] +ifdef::installing-oadp-azure[] +[source,yaml] +---- +spec: + configuration: + velero: + defaultPlugins: + - openshift <.> + - azure +---- +endif::[] +ifdef::installing-oadp-gcp[] +[source,yaml] +---- +spec: + configuration: + velero: + defaultPlugins: + - openshift <.> + - gcp +---- +endif::[] +ifdef::installing-oadp-mcg[] +[source,yaml] +---- +spec: + configuration: + velero: + defaultPlugins: + - openshift <.> + - aws +---- +endif::[] +ifdef::installing-oadp-ocs[] +[source,yaml] +---- +spec: + configuration: + velero: + defaultPlugins: + - openshift <.> + - csi + featureFlags: + - EnableCSI <.> +---- +endif::[] +<.> The `openshift` plug-in is mandatory in order to back up and restore namespaces on an {product-title} cluster. +ifdef::installing-oadp-ocs[] +<.> Mandatory if you use the `csi` default plug-in. +endif::[] diff --git a/modules/oadp-installing-dpa.adoc b/modules/oadp-installing-dpa.adoc new file mode 100644 index 0000000000..5564c673bb --- /dev/null +++ b/modules/oadp-installing-dpa.adoc @@ -0,0 +1,274 @@ +// Module included in the following assemblies: +// +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc + +[id="oadp-installing-dpa_{context}"] += Installing the Data Protection Application + +You install the Data Protection Application (DPA) by creating an instance of the `DataProtectionApplication` API. + +If you are not using snapshots to back up persistent volumes (PVs) or if your storage is NFS, you can create backups with link:https://restic.net/[Restic]. Restic is installed by default. Restic deploys a daemon set, which means that an environment with many nodes will have a lot of `Restic` pods running. You can disable the Restic installation by setting `spec.configuration.restic.enable` to `false`. + +.Prerequisites + +* You must install the OADP Operator. +* You must configure object storage for Velero. +* You must create a `credentials-velero` file for the object storage. +* If you use snapshots to back up PVs, your cloud provider must support either a native snapshot API or Container Snapshot Interface (CSI) snapshots. + +.Procedure + +. Create a `Secret` object called `{credentials}` in the `openshift-adp` project: ++ +[source,terminal,subs="attributes+"] +---- +$ oc create secret generic {credentials} -n openshift-adp --from-file cloud=credentials-velero +---- + +. Click *Operators* -> *Installed Operators* and select the OADP Operator. +. Under *Provided APIs*, click *Create instance* in the *DataProtectionApplication* box. + +. Click *YAML View* and update the parameters of the `DataProtectionApplication` manifest: +ifdef::installing-oadp-aws[] ++ +[source,yaml,subs="attributes+"] +---- +apiVersion: oadp.openshift.io/v1alpha1 +kind: DataProtectionApplication +metadata: + name: + namespace: openshift-adp +spec: + configuration: + velero: + defaultPlugins: + - openshift + - aws + restic: + enable: true <.> + backupLocations: + - name: default + velero: + provider: {provider} + default: true + objectStorage: + bucket: <.> + prefix: <.> + config: + region: + profile: "default" + credential: + key: cloud + name: {credentials} + snapshotLocations: + - name: default + velero: + provider: aws + config: + region: <.> + profile: "default" +---- +endif::[] +ifdef::installing-oadp-azure[] ++ +[source,yaml,subs="attributes+"] +---- +apiVersion: oadp.openshift.io/v1alpha1 +kind: DataProtectionApplication +metadata: + name: + namespace: openshift-adp +spec: + configuration: + velero: + defaultPlugins: + - azure + - openshift + restic: + enable: true <.> + backupLocations: + - velero: + configuration: + resourceGroup: <.> + storageAccount: <.> + subscriptionId: <.> + storageAccountKeyEnvVar: AZURE_STORAGE_ACCOUNT_ACCESS_KEY + credential: + key: cloud + name: {credentials} + provider: azure + default: true + objectStorage: + bucket: <.> + prefix: <.> + snapshotLocations: + - velero: + config: + resourceGroup: + subscriptionId: + incremental: true + name: default + provider: {provider} +---- +endif::[] +ifdef::installing-oadp-gcp[] ++ +[source,yaml,subs="attributes+"] +---- +apiVersion: oadp.openshift.io/v1alpha1 +kind: DataProtectionApplication +metadata: + name: + namespace: openshift-adp +spec: + configuration: + velero: + defaultPlugins: + - gcp + - openshift + restic: + enable: true <.> + backupLocations: + - velero: + provider: {provider} + default: true + credential: + key: cloud + name: {credentials} + objectStorage: + bucket: <.> + prefix: <.> + snapshotLocations: + - velero: + provider: gcp + default: true + config: + project: + snapshotLocation: <.> +---- +endif::[] +ifdef::installing-oadp-mcg[] ++ +[source,yaml,subs="attributes+"] +---- +apiVersion: oadp.openshift.io/v1alpha1 +kind: DataProtectionApplication +metadata: + name: + namespace: openshift-adp +spec: + configuration: + velero: + defaultPlugins: + - aws + - openshift + restic: + enable: true <.> + backupLocations: + - velero: + config: + profile: "default" + region: minio + s3Url: + insecureSkipTLSVerify: "true" + s3ForcePathStyle: "true" + provider: {provider} + default: true + credential: + key: cloud + name: {credentials} + objectStorage: + bucket: <.> + prefix: <.> +---- +endif::[] +ifdef::installing-oadp-ocs[] ++ +[source,yaml,subs="attributes+"] +---- +apiVersion: oadp.openshift.io/v1alpha1 +kind: DataProtectionApplication +metadata: + name: + namespace: openshift-adp +spec: + configuration: + velero: + defaultPlugins: + - gcp <.> + - csi <.> + - openshift + featureFlags: + - EnableCSI <.> + restic: + enable: true <.> + backupLocations: + - velero: + provider: {provider} <.> + default: true + credential: + key: cloud + name: {credentials} + objectStorage: + bucket: <.> + prefix: <.> +---- +<.> Specify the default plug-in for the backup provider, for example, `gcp`, if it exists. +<.> Specify the `csi` default plug-in if you use CSI snapshots to back up PVs. The volume locations are configured in the `VolumeSnapshotClass` manifest. +<.> Mandatory for CSI. +endif::[] +<.> Set to `false` to disable the Restic installation. You configure Restic for backups by adding `spec.defaultVolumesToRestic: true` to the `Backup` CR. +ifdef::installing-oadp-ocs[] +<.> Specify the backup provider. +endif::[] +ifdef::installing-oadp-azure[] +<.> Specify the Azure resource group. +<.> Specify the Azure storage account ID. +<.> Specify the Azure subscription ID. +endif::[] +<.> Specify a bucket as the backup storage location. If the bucket is not a dedicated bucket for Velero backups, you must specify a prefix. +<.> Specify a prefix for Velero backups, for example, `velero`, if the bucket is used for multiple purposes. +ifdef::installing-oadp-aws,installing-oadp-gcp[] +<.> The snapshot location must be in the same region as your PVs. +endif::[] + +. Click *Create*. +. Verify the installation by viewing the OADP resources: ++ +[source,terminal] +---- +$ oc get all -n openshift-adp +---- ++ +.Example output ++ +---- +NAME READY STATUS RESTARTS AGE +pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s +pod/oadp-velero-sample-1-aws-registry-5d6968cbdd-d5w9k 1/1 Running 0 95s +pod/restic-9cq4q 1/1 Running 0 94s +pod/restic-m4lts 1/1 Running 0 94s +pod/restic-pv4kr 1/1 Running 0 95s +pod/velero-588db7f655-n842v 1/1 Running 0 95s + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 8443/TCP 2m8s +service/oadp-velero-sample-1-aws-registry-svc ClusterIP 172.30.130.230 5000/TCP 95s + +NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE +daemonset.apps/restic 3 3 3 3 3 96s + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s +deployment.apps/oadp-velero-sample-1-aws-registry 1/1 1 1 96s +deployment.apps/velero 1/1 1 1 96s + +NAME DESIRED CURRENT READY AGE +replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s +replicaset.apps/oadp-velero-sample-1-aws-registry-5d6968cbdd 1 1 1 96s +replicaset.apps/velero-588db7f655 1 1 1 96s +---- diff --git a/modules/oadp-installing-operator.adoc b/modules/oadp-installing-operator.adoc new file mode 100644 index 0000000000..1a03ee5154 --- /dev/null +++ b/modules/oadp-installing-operator.adoc @@ -0,0 +1,26 @@ +// Module included in the following assemblies: +// +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc +// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc + +[id="oadp-installing-operator_{context}"] += Installing the OADP Operator + +You install the Openshift API for Data Protection (OADP) Operator on {product-title} {product-version} by using Operator Lifecycle Manager (OLM). + +The OADP Operator installs link:https://velero.io/docs/v1.7/[Velero 1.7]. + +.Prerequisites + +* You must be logged in as a user with `cluster-admin` privileges. + +.Procedure + +. In the {product-title} web console, click *Operators* -> *OperatorHub*. +. Use the *Filter by keyword* field to find the *OADP Operator*. +. Select the *OADP Operator* and click *Install*. +. Click *Install* to install the Operator in the `openshift-adp` project. +. Click *Operators* -> *Installed Operators* to verify the installation.