Preparing the Cloud Pak for Data volume backup and restore utility

This information shows you how to plan and prepare to use the IBM Cloud Pak® for Data volume backup and restore utility.

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

To do the following tasks, run the following command to log in to the cluster:

Log in to Red Hat® OpenShift® Container Platform as a user with sufficient permissions to complete the task.
${OC_LOGIN}
Remember: OC_LOGIN is an alias for the oc login command.

Backup and restore utility PVC

The Cloud Pak for Data volume backup and restore utility requires a shared volume PersistentVolumeClaim (PVC) to be created and bounded for use in its initialization command. You can create a PVC from a PersistentVolume (PV) or from a storage class. Ensure that the PV is a shared volume with the ReadWriteMany access mode.

Creating a PVC from a PV on an NFS file system

The following example creates a yaml file that is named pv.yaml on an external NFS server where /exports is the shared NFS drive. You use this yaml file to create a PV that is named pv0001.

cat <<EOF > pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv0001
spec:
  capacity:
    storage: 50Gi
  accessModes:
  - ReadWriteMany
  nfs:
    path: /exports
    server: <IP address>
  persistentVolumeReclaimPolicy: Retain
EOF

Then, create a yaml file that is named cpdbr-pvc.yaml. You use this yaml file to create a PVC that is named cpdbr-pvc. The PVC is bound to the pv0001 PV.

cat <<EOF > cpdbr-pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpdbr-pvc 
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
  volumeName: "pv0001"
EOF

Run the following commands to create the PV and PVC.

oc apply -f pv.yaml
oc apply -f ./cpdbr-pvc.yaml -n ${PROJECT_CPD_INST_OPERANDS}
Note: Make sure that the shared NFS drive and the file system backup and restore utility PVC have sufficient space to back up all PVCs that are bound to your services.
Creating a PVC from a storage class

The following example creates yaml file that is named cpdbr-pvc.yaml. You use this yaml file to create an NFS volume that is named cpdbr-pvc. The PVC is created by using the storage class managed-nfs-storage.

cat <<EOF > cpdbr-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpdbr-pvc 
spec:
  storageClassName: managed-nfs-storage 
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 200Gi
EOF

For more information about storage classes that Cloud Pak for Data supports, see Storage considerations.

Run the following command to create the NFS volume.

oc apply -f cpdbr-pvc.yaml -n ${PROJECT_CPD_INST_OPERANDS}

Repository secret

If you are backing up and restoring volumes to and from a separate PVC or object store, you must create a repository secret that is named cpdbr-repo-secret before you can initialize the utility.

For a PVC, provide the following credential for the secret:

RESTIC_PASSWORD
The restic password to use to create the repository.

For example,

# setup the repository secret for PVC
echo -n 'restic' > RESTIC_PASSWORD
oc create secret generic -n zen cpdbr-repo-secret \
    --from-file=./RESTIC_PASSWORD

For S3 object storage, provide the following credentials for the secret:

RESTIC_PASSWORD
The restic password to use to create the repository.
AWS_ACCESS_KEY_ID
Amazon Web Services access key ID.
AWS_SECRET_ACCESS_KEY
Amazon Web Services secret access key.
CA_CERT_DATA
Object storage's Certificate Authority (CA) certificate bundle (PEM format).

Provide this information if the object storage uses a custom CA bundle (for example, a self-signed certificate).

For example,

# setup the repository secret for S3
echo -n 'restic' > RESTIC_PASSWORD
echo -n 'minio' > AWS_ACCESS_KEY_ID
echo -n 'minio123' > AWS_SECRET_ACCESS_KEY
cat /path/to/public.crt > CA_CERT_DATA

oc create secret generic -n Project cpdbr-repo-secret \
    --from-file=./RESTIC_PASSWORD \
    --from-file=./AWS_ACCESS_KEY_ID \
    --from-file=./AWS_SECRET_ACCESS_KEY \
    --from-file=./CA_CERT_DATA

cpdbr image

The Cloud Pak for Data volume backup and restore utility requires the cpdbr image. The image is available for x86_64 and ppc64le clusters.

The Cloud Pak for Data volume backup and restore utility is not supported on IBM Z®, Linux®, and LinuxONE systems.

If your cluster pulls images from a private container registry or if your cluster is in a restricted network, the image must be pushed to the private container registry so that users can run backup and restore commands against the cluster. The image is automatically mirrored when you mirror the Cloud Pak for Data (cpd_platform) images. For more information, see Moving images for cpd-cli plug-ins to a private container registry.

What to do next

Install the cpd-cli utility, which includes the Cloud Pak for Data volume backup and restore utility. For details, see Installing the IBM Cloud Pak for Data command-line interface.