Backing up data from your storage system by using IBM Storage Fusion recipes

From 24.0.0-IF001 for Content services and Workflow automation, you can use IBM Storage Fusion recipes to back up and restore data from your storage systems to maintain and migrate data between environments. Save time and resources and avoid any potential data loss by using the recipes.

By regularly backing up your data, you can improve/ensure the availability and integrity of your data. Recipes help you to quickly recover from any disaster or outage, and make sure that your data is backed up regularly.

Important: Make sure that the production storage that is hosting Cloud Pak for Business Automation is Kubernetes Container Storage Interface (CSI)-compatible.

Before you begin

Make sure that you meet the following software requirements for backing up data from the storage system by using IBM Storage Fusion recipes:
  • IBM Storage Fusion 2.8.x
  • IBM Cloud Pak® for Business Automation services: IBM FileNet® Content Manager, IBM Business Automation Workflow Runtime, IBM Business Automation Workflow Authoring.
    • Recipes are available for three different installations:
      • FileNet Content Manager is installed with an external database, without extra features or customization, such as custom certificates.
      • Business Automation Workflow Authoring is installed with an external database, without extra features or customization, such as custom certificates.
      • Business Automation Workflow Runtime is installed with an external database, without extra features or customization, such as custom certificates.
  • Cloud Pak for Business Automation Fusion scripts and recipes:
Install a jq bastion host where the Fusion script is run:
  • For Mac:
    brew install jq
  • For Linux:
    sudo apt update
    sudo apt install jq

Procedure

Do the following steps to back up data from the storage system:

  1. Install Storage Fusion 2.8.x.
    1. Obtain the entitlement key.
    2. Create an image pull secret.
    3. Install the IBM Storage Fusion operator.
      The instructions differ based on the type of Red Hat® OpenShift® Container Platform deployment. This is an example for On-premises VMware.
    4. Deploy a Fusion Backup and Restore service.
  2. Configure general Backup and Restore (from the IBM Storage Fusion user interface).
    1. Create a backup storage location to store the backup data.
      This location can be any s3 compatible storage or Microsoft Azure Blob storage.
  3. Configure Cloud Pak for Business Automation and IBM Fusion specific backup and restore.
    1. Export the Cloud Pak for Business Automation namespace to the NAMESPACE variable.
      For example:
      export NAMESPACE=<namespace>
    2. Apply the labels to select the resources in the recipe.

      Browse to the location where you downloaded the cert-kubernetes package and change directory to the FusionRecipes folder.

      Verify that you are in the Fusion Recipes folder by issuing a pwd command that must have a path similar to: cert-kubernetes-24.0.0-IF001/FusionRecipes

      Go to the namespace for the operator.
      oc project ${NAMESPACE}
      If IBM Business Automation Workflow is installed, update the Cloud Pak for Business Automation namespace in the labels_baw_template.sh script by running the following commands:
      awk -v CP4BA_NAMESPACE="$NAMESPACE" '{gsub(/\$REPLACE_NAMESPACE/, CP4BA_NAMESPACE)}1' scripts/labels_baw_template.sh > scripts/labels_baw.sh 
      chmod +x ./scripts/labels_baw.sh
      ./scripts/labels_baw.sh
      If FileNet Content Manager is installed, you can run the labels_fncm.sh script directly.
      ./scripts/labels_fncm.sh
    3. Update the cluster role in the transaction-manager-ibm-backup-restore so you can check the custom resource, such as Ready status. This step is needed during a restore on the target cluster (that is, when you do a restore).
      If Business Automation Workflow is installed, run the following command.
      oc get clusterrole transaction-manager-ibm-backup-restore -o json | jq '.rules += [{"verbs":["get","list"],"apiGroups":["icp4a.ibm.com"],"resources":["icp4aclusters"]}]' | oc apply -f -
      If FileNet Content Manager is installed, run the following command.
      oc get clusterrole transaction-manager-ibm-backup-restore -o json | jq '.rules += [{"verbs":["get","list"],"apiGroups":["icp4a.ibm.com"],"resources":["contents"]}]' | oc apply -f -
    4. Edit the Fusion application to include these namespaces under the includedNamespaces: openshift-config, openshift-marketplace
      oc edit fapp $NAMESPACE -n ibm-spectrum-fusion-ns
      spec:
        enableDR: false
        includedNamespaces:
        - <NAMESPACE>
        - openshift-marketplace
        - openshift-config
    5. Create the resources for the Zen service backup.
      Get the storage classes to update in yamls/zen/zen5-backup-pvc.yaml.
      oc get sc
      Update the storage class in yamls/zen/zen5-backup-pvc.yaml.
      Apply the following resources:
      oc apply -f yamls/zen/zen5-backup-pvc.yaml -n $NAMESPACE 
      oc apply -f yamls/zen/zen5-br-scripts-cm.yaml -n $NAMESPACE
      oc apply -f yamls/zen/zen5-backup-deployment.yaml -n $NAMESPACE
      oc apply -f yamls/zen/zen5-role.yaml -n $NAMESPACE
      oc apply -f yamls/zen/zen5-sa.yaml -n $NAMESPACE
      oc apply -f yamls/zen/zen5-rolebinding.yaml -n $NAMESPACE
    6. Run the script to update the labels in the recipe if you updated the database name during installation. For example, db-name=${ICN_DB_NAME}, db-name={BAW_DB_NAME}, db-name={BAS_DB_NAME}.
      chmod +x ./scripts/update_labels.sh
      Go to the namespace for the operator.
      oc project ${NAMESPACE}
      ./scripts/update_labels.sh
    7. Update the Cloud Pak for Business Automation namespace in the following recipes and then apply.
      Important: If you want to use the PostgreSQL based common services recipes, use -v1.
      If FileNet Content Manager is installed:
      awk -v CP4BA_NAMESPACE="$NAMESPACE" '{gsub(/\$REPLACE_NAMESPACE/, CP4BA_NAMESPACE)}1' cp4ba-fncm-backup-restore-template.yaml > cp4ba-fncm-backup-restore.yaml
      oc apply -f cp4ba-fncm-backup-restore.yaml
      If Business Automation Workflow Authoring is installed, run the following commands:
      awk -v CP4BA_NAMESPACE="$NAMESPACE" '{gsub(/\$REPLACE_NAMESPACE/, CP4BA_NAMESPACE)}1' cp4ba-baw-authorize-backup-restore-template.yaml > cp4ba-baw-authorize-backup-restore.yaml
      oc apply -f cp4ba-baw-authorize-backup-restore.yaml 
      If Business Automation Workflow Runtime is installed, run the following commands:
      awk -v CP4BA_NAMESPACE="$NAMESPACE" '{gsub(/\$REPLACE_NAMESPACE/, CP4BA_NAMESPACE)}1' cp4ba-baw-runtime-backup-restore-template.yaml > cp4ba-baw-runtime-backup-restore.yaml
      oc apply -f cp4ba-baw-runtime-backup-restore.yaml 
    8. Create a backup policy by using the Fusion user interface (UI) or the command-line interface (CLI). However, the result is the same if you use either Fusion UI or CLI to create the backup policy.
      This policy defines:
      • The frequency of the backup that shows how often it runs.
      • Retention that shows how long backups are kept.
      • Location of the backups that shows the backup storage location that is configured in the previous step.
      From the Fusion UI, click Backup and restore > Policies > Add policy. Enter the details and click Create policy.
      From the CLI:
      • Get the Fusion <POLICY_NAME> <FBSL_NAME> <RETENTION_PERIOD> <RETENTION_UNIT>
        oc get fbp -A 
      • Get the Fusion backup storage location.
        oc get fbsl -n ibm-spectrum-fusion-ns
      • Run the following script:

        /scripts/setup/fbackup_policy.sh <POLICY_NAME> <FBSL_NAME> <RETENTION_PERIOD> <RETENTION_UNIT> <CRON_EXPRESSION> <TIMEZONE>

        For example:

        ./scripts/setup/fbackup_policy.sh baw-runtime-policy my-bucket 10 days "00 0 1 * *" UTC
    9. Assign a backup policy to the Cloud Pak for Business Automation application from the Fusion UI and update the policy assignment from the CLI.
      Note: Cloud Pak for Business Automation is installed in the $NAMESPACE namespace. So, $NAMESPACE is the application that needs to be protected.
      From the Fusion UI, click Back up and restore > Backed up applications > Protect apps > Select a cluster > Select application > Next > Select a backup policy > Assign.
      Optional: From the CLI, check whether the policy assignment is created.
      oc get fpa -A
      Update the policy assignment (patch the recipe for FileNet Content Manager, Business Automation Workflow Authoring, or Business Automation Workflow Runtime). For example:
      oc -n ibm-spectrum-fusion-ns patch policyassignment baw-authoring-baw-authoring-policy-apps.ocp4xdcd.cp.fyre.ibm.com --type merge -p '{"spec":{"recipe":{"name":"cp4ba-baw-authorize-backup-restore-recipe", "namespace":"ibm-spectrum-fusion-ns"}}}'
      From the CLI:
      • Get the Fusion <POLICY_ASSIGNMENT_NAME> <APPLICATION> <BACKUP_POLICY> <FBSL_NAME> <RECIPE_NAME>
        oc get fpa -A
      • Create the backup policy assignment with the custom recipe. /scripts/setup/fbackuppolicy_assignment.sh <POLICY_ASSIGNMENT_NAME> <APPLICATION> <BACKUP_POLICY> <FBSL_NAME> <RECIPE_NAME>
        For example:
        ./scripts/setup/fbackuppolicy_assignment.sh baw-runtime-fpa baw-runtime baw-runtime-policy my-bucket cp4ba-baw-runtime-backup-restore-recipe 
    10. Initiate a backup from the Fusion UI.
      From the Fusion UI, click UI > Back up and restore > Backed up applications > click backed up application > Actions > Backup now.