Creating the backup and restore PVC

IBM Security QRadar® Suite Software provides backup and restore functions that require access to a Persistent Volume Claim (PVC). You can opt to create the PVC before installation; otherwise it is created automatically during installation.

Before you begin

  • The Red Hat OpenShift CLI client helps you develop, build, deploy, and run your applications on any Red Hat OpenShift or Kubernetes cluster. It also includes the administrative commands for managing a cluster under the adm subcommand.

    1. Download Red Hat OpenShift CLI 4.16 or 4.18 from https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.16/. The file to download is called openshift-client-<platform>-<version>.tar.gz.
    2. Extract the binary file that you downloaded by typing the following command, where <oc_cli_archive_file> is the name of the archive file that you downloaded.
      tar -xf <oc_cli_archive_file>
    3. Modify the permissions of the binary file by typing the following command, where <oc_cli_binary> is the name of the Red Hat OpenShift binary that you extracted from the archive.
      chmod 755 <oc_cli_binary>
    4. Move the binary file to the /usr/local/bin directory by typing the following command.
      mv <oc_cli_binary> /usr/local/bin/oc
      Tip: If this command returns a No such file or directory or Not a directory error message, create the /usr/local/bin directory by typing the following command.
      sudo mkdir /usr/local/bin
    5. Ensure that the Red Hat OpenShift CLI client is working by typing the following command.
      oc version
      Tip: MacOS users might see a message that this tool cannot be opened because it is from an unidentified developer. Close this message and go to System Preferences > Security & Privacy. On the General tab, click Open Anyway or Allow Anyway. Repeat the oc version command.

About this task

Before you deploy IBM Security QRadar Suite Software, consider whether you need to create a PVC for storage of backup data. This PVC must be created in a data store, for example Network File System, which is separate from the cluster. The data that is stored in the PVC must be encrypted and under access control. The storage class for the PVC and its size can be configured through a YAML file; for example, backup-pvc.yaml.

If you don't define the values, the PVC for Backup and Restore pod that is created automatically at installation defaults to use the overall storage class for IBM Security QRadar Suite Software and a size of 500 GB. For more information, see Storage requirements.

The procedure provides sample YAML code for creating your PVC. You can edit the sample code in a YAML file and then use the oc command to create the PVC.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a cluster administrator by typing one of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
    • Using a username and password.
      oc login <openshift_url> -u <cluster_admin_user> -p <cluster_admin_password>
    • Using a token.
      oc login --token=<token> --server=<openshift_url>
  2. Switch to your QRadar Suite Software namespace by typing the following command. 
    oc project <cp4s_namespace>

    For example, if your QRadar Suite Software namespace is cp4sexample, type the following command.

    oc project cp4sexample

    The following example output shows that you switched to the cp4sexample namespace.

    Now using project "cp4sexample" on server "https://example.com:6443".
  3. Create a file called backup-pvc.yaml, and paste the following text into the file. Replace <storage_class> with the storage class for your backup and restore PVC, and <storage_size> with the size of the PVC. 
    apiVersion: v1
kind: PersistentVolumeClaim
metadata:
# The name of the PVC must be as below and should not be changed.
 name: cp4s-backup-pv-claim
spec:
# Note the Storage Class Name here is an example of nfs-client
# however this may change depending on your environment and should be updated accordingly.
 storageClassName: <storage_class>  
 accessModes:
   - ReadWriteOnce
 resources:
   requests:
     storage: <storage_size>
    Important: The storageClassName must be confirmed correct for your environment.
  4. Edit the sample code file for your environment.
  5. Create the PVC by typing the following command. 
    oc create -f backup-pvc.yaml