To test restoring Cloud Pak for Data to a
different cluster, you must first prepare the target cluster.
Before you begin
The target cluster must meet the following requirements.
- For environments that use a private container registry, such as air-gapped environments, ensure
that the target cluster has the same image content source policy as the source cluster. For more
information about configuring the image content source policy, see Configuring an image content source policy.
- Ensure that the target cluster is able to pull software images. For more information, see Updating the global image pull secret.
About this task
In a test scenario, the target cluster is passive, and data protection is not active on the
cluster. Data protection is active only on the source cluster, which is the active cluster. When you
prepare the target cluster, you point the IBM Spectrum® Protect Plus Backup as a Service (BaaS) agent in
the target cluster to the IBM
Spectrum Protect Plus
server on the source cluster.
Procedure
-
Install IBM® Storage
Fusion 2.5.2, which
includes IBM
Spectrum Protect Plus. For information
about installing IBM Storage
Fusion, see Deploying IBM Storage
Fusion.
- Check that the
backup and restore recipe fusion-cr-backup exists for the IBM Storage
Fusion project (namespace) .
- Set the
PROJECT_FUSION
environment variable to the IBM Storage
Fusion project name.
export PROJECT_FUSION=<fusion-namespace>
- To check whether the fusion-cr-backup recipe exists, run the
following command:
oc get frcpe -A
If the recipe exists, the command returns output like the following example, where the IBM Storage
Fusion project name is
ibm-spectrum-fusion-ns:
NAMESPACE NAME AGE
ibm-spectrum-fusion-ns fusion-cr-backup 46h
- If the recipe does not exist, restart the
spp-dp-controller-manager pod within the IBM Storage
Fusion project.
For example:
oc delete pod -n ${PROJECT_FUSION} spp-dp-controller-manager-66ccbd968d-7bg7j
The recipe is automatically created when the spp-dp-controller-manager pod
restarts.
To check that the
spp-dp-controller-manager pod restarted, run the
oc get pod
command:
oc get pod -n ${PROJECT_FUSION}
Then rerun oc get frcpe -A
again to verify that the
fusion-cr-backup recipe now exists.
- Install the Cloud Pak for Data command line interface, which includes
the Cloud Pak for Data
OADP backup and restore
utility.
- Install
cpdbr services.
This step creates the permissions and role bindings that are needed for the restore operation to
succeed. The cpdbr service, deployment, and pod are not installed.
Note: Run the cpdbr installation commands in the IBM Cloud Pak for Data control plane project and in the Cloud Pak for Data operators project even though those projects do
not yet exist in the target cluster. Do not manually create these projects on the target cluster.
These projects are created during the restore process.
The following message appears when the installation commands have completed.
spp cpdbr roles and bindings installed
- Create the same storage classes that were used in the source
cluster.
Remember: Cloud Pak for Data must be deployed
on either Red Hat
OpenShift Data Foundation or IBM Storage
Scale storage.
- Confirm the storage classes.
For
example,
oc get sc ibm-spectrum-scale-sc
- Check whether the output has the same name and provisioner in both places.
For
example,
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
ibm-spectrum-scale-sc (default) spectrumscale.csi.ibm.com Delete Immediate true 40d
- Modify the BaaS agent to point to the IBM
Spectrum Protect Plus server on the source cluster.
- In the BaaS project, edit the ibmsppcs custom resource:
oc edit ibmsppc -n baas ibmsppc-entitled-registry
- Update the following variables:
- Replace the
baasadmin
and baaspassword
values in the
baas-secret
secret with the corresponding values from the source cluster.
- On the source cluster, run the following
command:
oc get secret -n baas baas-secret -o yaml
- On the target cluster, edit the baas-secret and modify the
baasadmin
and baaspassword
values to match the source
cluster:oc edit secret -n baas baas-secret
For
more information about updating baas-secret, see Updating your credentials after installation on Red Hat
OpenShift.
- On the target cluster, delete the existing IBM
Spectrum Protect Plus server certificate secret
baas-spp-server-cert:
oc delete secret -n baas baas-spp-server-cert
- Create a new baas-spp-server-cert
secret.
- On the source cluster, get the base64 value of the certificate for the IBM
Spectrum Protect Plus
route:
openssl x509 -in <(openssl s_client -connect <spp_fqdn>:443 -prexit 2>/dev/null) | base64 --wrap=0
- Create the baas-spp-server-cert yaml file with the following
configuration:
apiVersion: v1
kind: Secret
metadata:
name: baas-spp-server-cert
namespace: baas
type: Opaque
data:
tls.crt: <base64-encoded certificate>
- Create the certificate on the target cluster by applying the
yaml:
oc apply -f <baas-spp-server-cert yaml file>
For more information, see Importing the IBM
Spectrum Protect Plus certificate.
- On the target cluster, get the details that are needed to register the target cluster
BaaS agent by running the following commands.
- Host
address:
oc get route -n baas baas-spp-agent-route
- User ID and password:
oc extract secret/baas-secret --keys=datamoveruser,datamoverpassword --to=- -n baas
- CA certificate for the BaaS agent, using the host
address:
openssl x509 -in <(openssl s_client -connect <host_address>:443 -prexit 2>/dev/null)
- In IBM
Spectrum Protect Plus on the
source cluster, register the target BaaS agent to the server.
- Go to .
- Select Manage cluster and then click Add
cluster.
- Add the Host address, User ID, and password from the previous step.
- For certificate, select Copy and paste, provide a name for the
certificate, and paste the certificate from the previous step.
- Click Create to create the certificate.
The certificate is now
available to use.
- Select Use existing certificate and select the certificate that you just
created.
- Leave additional options as default.
- Register the BaaS agent by clicking Save.
- For the new managed cluster, validate that the BaaS agent was successfully registered by running
the Test and Inventory actions.