Backup & Restore spoke

Protect your data with application-centric backups. Use local snapshots for quick recovery or transfer backups to external object storage for safe keeping.

Before you begin

  • Install backup hub. For the procedure to install, see Backup & Restore hub.
  • Generate the YAML. This YAMLis required to establish mutual authentication between the two clusters. For the procedure to generate, see Establishing connection between hub and spoke.
  • When you add a Spoke to a Hub, the version of the Spoke must be the same version as the Hub.
  • Consider the following points before you begin installation:
    • Firewall ports required for Hub and Spoke architecture:
      • Hub
        Must be able to make a TCP connection to the Spoke cluster API address
      • Spoke
        • Must be able to make a TCP connection to the Hub cluster API address
        • Must be able to make a TCP connection address :443, where <kafka-route>:443 can be found by running the following command on the hub:
          oc get route -n ibm-bnr -l app=kafka-bridge-rbac-proxy
          Example output:
          NAME                       HOST/PORT                                                                                                         PATH            SERVICES                              PORT    TERMINATION      WILDCARD
kafka-bridge               kafka-bridge-ibm-bnr.bnr-98b7318c91b01bd72490e80cc2328915-0000.ca-tor.containers.appdomain.cloud   /loadbalancer   scalable-kafka-bridge-load-balancer   https   reencrypt/None   None
kafka-bridge-rbac-proxy    kafka-bridge-ibm-bnr.bnr-98b7318c91b01bd72490e80cc2328915-0000.ca-tor.containers.appdomain.cloud   /               kafka-bridge-rbac-proxy0              https   reencrypt        None
kafka-bridge-rbac-proxy1   kafka-bridge-ibm-bnr.bnr-98b7318c91b01bd72490e80cc2328915-0000.ca-tor.containers.appdomain.cloud   /bridge1        kafka-bridge-rbac-proxy1              https   reencrypt        None
kafka-bridge-rbac-proxy2   kafka-bridge-ibm-bnr.bnr-98b7318c91b01bd72490e80cc2328915-0000.ca-tor.containers.appdomain.cloud   /bridge2        kafka-bridge-rbac-proxy2              https   reencrypt        None
kafka-bridge-rbac-proxy3   kafka-bridge-ibm-bnr.bnr-98b7318c91b01bd72490e80cc2328915-0000.ca-tor.containers.appdomain.cloud   /bridge3        kafka-bridge-rbac-proxy3              https   reencrypt        None
      • A route on the host that creates a DNS address exists for the Kubernetes API, which is enabled by default during the installation of Red Hat® OpenShift®. Check whether it is available and is resolvable from the spoke containers. Format of the URL is api.<cluster-name>.<domain> but is changeable. This is port 443 on all control plane nodes.
      • A route to the Kafka Bridge creates a DNS address. Check whether it is available and is resolvable from the spoke containers. Uses port 443 on compute nodes. Run the following command and check the role in the output to know which nodes are compute nodes (needed for Kafka Bridge) and control plane nodes (for Kubernetes API connection):
        oc get nodes
        Example output: 
        NAME STATUS ROLES AGE VERSION
bootstrap.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61
master0.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61
master1.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61
master2.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61
worker0.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61
worker1.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61
worker3.ocpfsn.pok.stglabs.ibm.com Ready worker 2d2h v1.25.14+20cda61
        Alternatively, to check the roles from OpenShift console, do the following steps:
        1. Log in to the OpenShift console.
        2. Click Compute > Nodes menu.
        3. Check the role of the nodes.
      • The following command can be used to get the cluster API address of a cluster: 
        oc cluster-info
        For example:
        Kubernetes control plane is running at https://c109-e.us-east.containers.cloud.ibm.com:30363

Procedure

  1. Go to Services page in IBM Fusion user interface.
  2. In the Available section, click the Backup & Restore Agent tile.
  3. In the Backup & Restore page, go through the features and capabilities of the service and click Install.
  4. In the Install service window, select a Storage class that is used for the service.
    The internal data catalog requires a minimum of 200 GB for ReadWriteOnce storage so select a storage class that supports this criteria.
  5. Enter a connection snippet that is generated from the backup hub cluster.
    Important: When you install Spoke from the user interface, use the snippet. Use YAML option only when you do an automated deployment outside the IBM Fusion user interface.

    For more information about establishing connection between the Hub and Spoke, see Establishing connection between hub and spoke.

  6. Click Install.
    A validation is done to check whether the connection is possible. If connection failed message appears, check the message and take corrective action. The installation starts and a notification appears on the Services page. You can see the progress of the installation in the Services > Installed section. After the installation completes successfully, you can see the status as normal and a Get started link.

    After you enable the Backup & Restore, you can view the service version and health status. From the ellipsis menu, you can download logs and view documentation. After you successfully collect the logs, a success notification gets displayed. The notification disappears automatically after some time.

    The Backup & Restore menu in the spoke cluster includes the following sub-menus:
    • Topology
    • Backed up applications
    In case of other failures, go through the downloaded logs to understand the cause of the failure and fix the issue. For more information about service issues in IBM Fusion, see Backup & Restore service installation and upgrade issues.
  7. Validate the installation:
    Note: Ensure that the Backup & Restore IBM Fusion service is enabled before validation.
    Verify that the Backup & Restore IBM Fusion HCI service operators from the OpenShift Container Platform web console:
    1. Go to Installed operators from OpenShift Container Platform web console.
    2. Select the project as ibm-backup-restore.
    3. Verify that the following operators show the status as succeeded.
      • Red Hat Integration - AMQ Streams
      • IBM Fusion Backup & Restore Hub
      • IBM Fusion Backup & Restore Spoke
      • OADP Operator
    4. Alternatively, you can verify the status of operators by running the following oc command:
      Note: Note that more operators appear in the command line output than in the web console.
      oc get csv -n ibm-backup-restore
      A sample result of the oc command is as follows:
      NAME                              DISPLAY                               VERSION     REPLACES               PHASE
amqstreams.v2.3.0-1               Red Hat Integration - AMQ Streams               2.3.0-1   amqstreams.v2.3.0-0    Succeeded
guardian-dm-operator.v2.5.0       IBM Fusion Backup and Restore Data Mover        2.5.0                            Succeeded
guardian-dp-operator.v2.5.0       IBM Fusion Backup and Restore Data Protection   2.5.0                            Succeeded
guardian-mongo-operator.v2.5.0    IBM Fusion Backup and Restore Mongo             2.5.0                            Succeeded
ibm-dataprotectionagent.v2.5.0    IBM Fusion Backup and Restore Agent             2.5.0                            Succeeded
ibm-dataprotectionserver.v2.5.0   IBM Fusion Backup and Restore Server            2.5.0                            Succeeded
oadp-operator.v1.1.2              OADP Operator                                   1.1.2     oadp-operator.v1.1.1   Succeeded
redis-operator.v2.5.0             IBM Fusion Backup and Restore Redis             2.5.0                            Succeeded
      .Make sure that the status shows Succeeded.
    Verify the Backup & Restore pods from the OpenShift Container Platform console:
    1. Go to Workloads > Pods.
    2. Select the namespace, where you installed IBM Fusion Backup & Restore. In this case, select ibm-backup-restore namespace.

      It lists all the pods. Ensure that all pods are running.

    3. Verify whether the following pods are running successfully:
      amq-streams-cluster-operator
applicationsvc
backup-location-deployment
backup-service
backuppolicy-deployment
guardian-dm-controller-manager
guardian-dp-operator-controller-manager
guardian-kafka-cluster-entity-operator
guardian-kafka-cluster-kafka-0
guardian-kafka-cluster-kafka-1
guardian-kafka-cluster-kafka-2
guardian-kafka-cluster-zookeeper-0
guardian-kafka-cluster-zookeeper-1
guardian-kafka-cluster-zookeeper-2
guardian-minio-0
guardian-mongo-operator-controller-manager
ibm-dataprotectionagent-controller-manager            
ibm-dataprotectionserver-catalog-ibm-backup-restore
ibm-dataprotectionserver-controller-manager
ibm-backup-restoreagent-controller-manager
ibm-backup-restoreserver-controller-manager
job-manager
mongodb-0
mongodb-1
mongodb-2
mongodb-ab-0
openshift-adp-controller-manager
redis-master-0
redis-operator-controller-manager
redis-replicas-0
redis-replicas-1
redis-replicas-2
transaction-manager
velero
    4. Alternatively, you can verify the installation by running the following oc command:
      oc get pods -n ibm-backup-restore
      A sample result of the oc command is as follows:
      NAME                                                              READY   STATUS      R
amq-streams-cluster-operator-v2.3.0-1-7d6fb79d84-jdkfh            1/1     Running     0
applicationsvc-55c9b4d6c9-6hdv7                                   1/1     Running     0
b0f64f9161e0882f278dde2eaa1ea9677f4a230a29180fcf21fc665761hvvxz   0/1     Completed   0
backup-location-deployment-6b565b856c-j4vjc                       1/1     Running     0
backup-service-54bf9988f6-47bpv                                   1/1     Running     0
backuppolicy-deployment-b997cc9bf-dfwnh                           1/1     Running     0
bc6176f08ef686ccde24395724b77ea07a586a0bd1fa27ebfd5d704d0dxv9pl   0/1     Completed   0
e349f7c16f02ad6c0c31e41ba2fb1750d5154b58537224d239fe47508872cj5   0/1     Completed   0
f3dd0cbe8cb98614cf163fc5372733148236ea2bdeb5efc6a5d5afe4c085qlk   0/1     Completed   0
ff53c6d827e0fd610a4392c4f9411beb0c785572d2fca1bda57e208650bwv2m   0/1     Completed   0
ffacc5cdaa1e0aa4f3b3c0021f3c87931aa7422f8415303d95457febc8nmzk7   0/1     Completed   0
guardian-dm-controller-manager-64d57bf9ff-28dqj                   2/2     Running     0
guardian-dp-operator-controller-manager-6f6d55f6f7-fhndb          2/2     Running     0
guardian-kafka-cluster-entity-operator-b59d699f7-5qxt8            3/3     Running     0
guardian-kafka-cluster-kafka-0                                    1/1     Running     0
guardian-kafka-cluster-kafka-1                                    1/1     Running     0
guardian-kafka-cluster-kafka-2                                    1/1     Running     0
guardian-kafka-cluster-zookeeper-0                                1/1     Running     0
guardian-kafka-cluster-zookeeper-1                                1/1     Running     0
guardian-kafka-cluster-zookeeper-2                                1/1     Running     0
guardian-minio-0                                                  1/1     Running     0
guardian-mongo-operator-controller-manager-6f47776cb4-s6tkm       2/2     Running     0
ibm-dataprotectionagent-controller-manager-54d66f7975-lgdgh       2/2     Running     0
ibm-dataprotectionserver-catalog-ibm-backup-restore-k967t         1/1     Running     0
ibm-dataprotectionserver-controller-manager-749554d89f-q6gmx      2/2     Running     0
job-manager-859484bfc5-fzpt8                                      1/1     Running     0
mongodb-0                                                         2/2     Running     1
mongodb-1                                                         2/2     Running     1
mongodb-2                                                         2/2     Running     1
mongodb-ab-0                                                      1/1     Running     0
openshift-adp-controller-manager-59fb9f86f4-gdbhb                 1/1     Running     0
redis-master-0                                                    1/1     Running     0
redis-operator-controller-manager-647cf89ff7-wl8w2                2/2     Running     0
redis-replicas-0                                                  1/1     Running     0
redis-replicas-1                                                  1/1     Running     0
redis-replicas-2                                                  1/1     Running     0
transaction-manager-5d9b59cf9f-hdzjm                              2/2     Running     0
velero-777d65c9b7-455fv                                           1/1     Running     0
    Verify the Backup & Restore IBM Fusion service installation status from the OpenShift Container Platform web console:
    1. Go to Installed operators from OpenShift Container Platform web console.
    2. Select the namespace as ibm-backup-restore.
    3. Select IBM Fusion Backup & Restore server.
    4. Click the Data Protection server tab and select Data Protection server.
    5. Select the YAML tab.
    6. In the status section, makes sure the following:
      • HealthStatuses Shows the health status of all components listed. It may take 5 minutes or more for all components to show up as healthy.
      • Make sure the install status shows Complete and progressPercentage as 100.
    7. Alternatively, you can verify the installation status by running the following oc command:
      oc describe dataprotectionserver dataprotectionserver -n ibm-backup-restore
      A sample result of the oc command is as follows:
      Status:
  Health Statuses:
    Service Name:  applicationservice
    Status:        Healthy
    Service Name:  backuplocation
    Status:        Healthy
    Service Name:  backuppolicy
    Status:        Healthy
    Service Name:  backupservice
    Status:        Healthy
    Service Name:  jobmanager
    Status:        Healthy
    Service Name:  backupagent
    Status:        Healthy
    Service Name:  mongo
    Status:        Healthy
    Service Name:  redis
    Status:        Healthy
    Service Name:  kafka
    Status:        Healthy
  Install Status:
    Progress Percentage:  100
    Retry On Failure:     false
    Status:               Completed
  Installed Version:      2.5.0
  Upgrade In Progress:    false
  Upgrade Status:
    Retry On Failure:  false
    8. Check the status section at the end of the CR and make sure the following:
      • The Install Status section shows the status of the install along with the percentage complete.
      • The install status shows the install status as Completed when the installation is successfully completed.
      • The health status section lists and shows components health status as healthy.
      • Note: Individual component health statuses may show Unknown or Degraded for up to five minutes, and show a healthy status when installation is complete.

What to do next

  • You can set the configuration parameters in ConfigMap guardian-configmap to change defaults for IBM Fusion Backup & restore agent. For more information about the parameters, see Backup & restore configuration parameters.
  • Go to the Backup spoke cluster user interface > Overview page and click Launch Backup Hub to open the Backup hub.

    In the Backup & restore > Overview page, you have quick links to generate YAML, connect locations, create backup policies, and protect your applications.

  • You can now begin to protect your IBM Fusion applications.
    1. Add location to determine whether the network verification is needed. For the procedure to add a location, see Adding backup storage location.
    2. Creating backup policy.
    3. Assigning backup policy.