Restoring an online backup to the same cluster with the Cloud Pak for Data OADP backup and restore utility

Important: IBM Cloud Pak® for Data Version 4.7 will reach end of support (EOS) on 31 July, 2025. For more information, see the Discontinuance of service announcement for IBM Cloud Pak for Data Version 4.X.

Upgrade to IBM Software Hub Version 5.1 before IBM Cloud Pak for Data Version 4.7 reaches end of support. For more information, see Upgrading IBM Software Hub in the IBM Software Hub Version 5.1 documentation.

You can restore an IBM Cloud Pak for Data instance from an online backup on the same cluster with the OADP backup and restore utility.

Before you begin

Restoring Cloud Pak for Data from an online backup has the following requirements:

  • All services are installed at the same Cloud Pak for Data release.

    Online backup and restore of a deployment that is running service versions from different Cloud Pak for Data releases is not supported.

  • The Cloud Pak for Data control plane is installed in a single project (namespace).
  • The Cloud Pak for Data instance is installed in zero or more tethered projects.
  • The Cloud Pak for Data OADP backup and restore utility is installed and configured.

About this task

Permissions that you need for this task
Log on as a user with cluster administrator rights.

Cloud Pak for Data services that do not support online backup and restore might not be functional after a restore is completed. In these cases, the services must be cleaned up or deleted and re-installed. For more information, see Post-restore tasks after restoring a Cloud Pak for Data online backup.

You cannot restore a backup into a different project of the Cloud Pak for Data instance.

To restore a backup, you must run the Cloud Pak for Data OADP backup and restore utility in Kubernetes mode.

If running a restore command produces a Failed or PartiallyFailed error, you must clean up the Cloud Pak for Data instance and restart the restore process. For details about cleaning up a Cloud Pak for Data instance, see Preparing to restore Cloud Pak for Data.

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

Procedure

  1. Check for problems that will prevent a successful restore: 
    cpd-cli oadp restore precheck \
--backup-names=<backup_name1,backup_name2>
    This command checks for problems such as:
    • The OADP project does not exist.
    • A Velero instance is not running or its pod is not healthy.
    • The OADP backup storage location custom resource is not in the Available state.
    • The specified backup name does not exist.
    • The backup did not complete successfully or has errors or warnings.
    • Projects that are associated with the backup exist.

    For the complete list of checks that the command performs, see oadp restore precheck.

  2. Restore Cloud Pak for Data Persistent Volume Claims (PVCs) and volume data, providing the volume backup name and specifying a restore name: 
    cpd-cli oadp restore create <restore_name1> \
--from-backup=<volume_backup_name> \
--skip-hooks \
--log-level=debug \
--verbose
    Tip: If you are restoring Db2® or Watson Knowledge Catalog, add --scale-wait-timeout 15m to ensure that the restore command completes successfully.

Steps to restore the operator

  1. Restore Kubernetes resource definitions, projects, OperatorGroups, and permissions, providing the Kubernetes resources backup name and specifying a restore name: 
    cpd-cli oadp restore create <restore_name2> \
--from-backup=<kub_resource_backup> \
--include-resources='namespaces,operatorgroups,roles,rolebindings,serviceaccounts,securitycontextconstraints.security.openshift.io' \
--include-cluster-resources=true \
--skip-hooks \
--log-level=debug \
--verbose
  2. Restore Kubernetes CommonService custom resources, providing the Kubernetes resources backup name and specifying a restore name: 
    cpd-cli oadp restore create <restore_name3> \
--from-backup=<kub_resource_backup> \
--include-resources='namespacescopes,commonservices' \
--include-cluster-resources=true \
--skip-hooks \
--log-level=debug \
--verbose
    Note: If this command results in a PartiallyFailed restore status with an error such as in the following example, the error indicates that you are attempting the restore on a cluster where the Cloud Pak for Data operators visibility to the Cloud Pak for Data operand projects is not yet completed.
    Errors:
  Velero:     <none>
  Cluster:    <none>
  Namespaces:
    cpd-instance:  error restoring commonservices.operator.ibm.com/cpd-instance/common-service: admission webhook "ibm-common-service-validating-webhook.operator.ibm.com" denied the request: Services Namespace: cpd-instance is not allowed to be configured in namespace cpd-instance
  3. Restore the Kubernetes cpd-operators configmap resource, providing the Kubernetes resources backup name and specifying a restore name: 
    cpd-cli oadp restore create <restore_name4> \
--from-backup=<kub_resource_backup> \
--include-resources='configmaps' \
--selector 'app=cpd-operators-backup' \
--skip-hooks \
--log-level=debug \
--verbose
  4. Restore (recreate) operators: 
    ./cpd-operators.sh restore \
--foundation-namespace ${PROJECT_CPD_INST_OPERATORS} \
--operators-namespace ${PROJECT_CPD_INST_OPERATORS}
    Note: IBM Cloud Pak foundational services operators are installed in the same namespace as Cloud Pak for Data operators.

    This step restores the Operator CatalogSource, Subscription, OperandRequest, and NamespaceScope custom resources, which must be validated before you can continue with the restore process.

  5. Validate operator subscriptions and visibility.
    1. Query the status of the custom resources in the Cloud Pak for Data operator and operand projects: 
      oc get sub -n ${PROJECT_CPD_INST_OPERATORS} -o jsonpath="{range .items[*]}{.metadata.name}{' - currentCSV: '}{.status.currentCSV}{' - installedCSV: '}{.status.installedCSV}{'\n'}{end}"
oc get operandrequest -A
    2. Validate the restore of the Cloud Pak for Data operators visibility: 
      oc get nss -n ${PROJECT_CPD_INST_OPERATORS} common-service -o jsonpath='{.status.validatedMembers} {"\n"}'

      The output of this command must be an array that contains the ${PROJECT_CPD_INST_OPERATORS} and all operand projects.

Steps for restoring operands

  1. Restore the remaining Kubernetes custom resources, providing the Kubernetes resources backup name and specifying a restore name:
    Tip: Many of these Kubernetes resources were created in the restore (recreate) operators step.
    cpd-cli oadp restore create <restore_name5> \
--from-backup=<kub_resource_backup> \
--include-resources='secrets,configmaps,certificates.cert-manager.io,certificates.certmanager.k8s.io,issuers.cert-manager.io,issuers.certmanager.k8s.io,clusters.postgresql.k8s.enterprisedb.io' \
--include-cluster-resources=true \
--skip-hooks \
--log-level=debug \
--verbose

    This step restores the clusters.postgresql.k8s.enterprisedb.io custom resources in the Cloud Pak for Data instance project while the Cloud Pak for Data operators have visibility to the Cloud Pak for Data operand projects. Consequently, EDB Postgres clusters are recovered from the restored fenced off PVC and volume. EDB Postgres cluster recovery must reach a healthy state before proceeding with the later step on isolating operators from Cloud Pak for Data instance projects.

  2. Isolate operators from Cloud Pak for Data instance projects: 
    ./cpd-operators.sh isolate-namespacescope \
--foundation-namespace ${PROJECT_CPD_INST_OPERATORS} \
--operators-namespace ${PROJECT_CPD_INST_OPERATORS}
  3. Restore remaining Kubernetes custom resources except for resources that generate pods, providing the Kubernetes resources backup name and specifying a restore name: 
    cpd-cli oadp restore create <restore_name6> \
--from-backup=<kub_resource_backup> \
--exclude-resources='persistentvolumeclaims,operatorgroups,roles,rolebindings,serviceaccounts,secrets,configmaps,certificates.cert-manager.io,certificates.certmanager.k8s.io,issuers.cert-manager.io,issuers.certmanager.k8s.io,namespacescopes,commonservices,clusters.postgresql.k8s.enterprisedb.io,deploy,rs,dc,rc,sts,ds,cj,jobs,controllerrevisions,securitycontextconstraints.security.openshift.io' \
--include-cluster-resources=true \
--skip-hooks \
--log-level=debug \
--verbose
  4. Restore Kubernetes resources that generate pods, providing the Kubernetes resources backup name and specifying a restore name: 
    cpd-cli oadp restore create <restore_name7> \
--from-backup=<kub_resource_backup>  \
--include-resources='namespaces,deploy,rs,dc,rc,sts,ds,cj,jobs,controllerrevisions' \
--preworkloadhooks=true \
--posthooks=true \
--log-level=debug \
--verbose
    Note: This command outputs messages to check the workload status. However, some workloads will not be ready until you do the next step.
  5. Restore operators visibility to Cloud Pak for Data instance projects: 
    ./cpd-operators.sh restore-namespacescope \
--foundation-namespace ${PROJECT_CPD_INST_OPERATORS} \
--operators-namespace ${PROJECT_CPD_INST_OPERATORS}

Steps to manage restores

  1. To check the status of a restore, run the following command: 
    cpd-cli oadp restore status <restore_name> \
--details
  2. To view a list of existing restores, run the following command: 
    cpd-cli oadp restore list
  3. To view restore logs, run the following command: 
    cpd-cli oadp restore logs <restore_name>
  4. To delete a restore for cleanup purposes, run the following command: 
    cpd-cli oadp restore delete <restore_name>

What to do next

If your Cloud Pak for Data deployment has services that connect to an external database, and you followed the recommendation to back up the database at the same time that you back up Cloud Pak for Data, restore the database backup that was taken at the same time as the Cloud Pak for Data backup.