Prerequisites for disaster recovery protection of discovered applications
This section provides instructions to guide you through the prerequisites for protecting discovered applications. This includes tasks such as assigning a data policy and initiating DR actions such as failover and relocate.
- Ensure that all the DR configurations have been installed on the Primary managed cluster and the Secondary managed cluster.
- Install the OADP 1.4 operator.Note: Any version before OADP 1.4 will not work for protecting discovered applications.
- On the Primary and Secondary managed cluster, navigate to
OperatorHub and use the keyword filter to search for
OADP
. - Click the OADP tile.
- Keep all default settings and click Install. Ensure that the operator
resources are installed in the
openshift-adp
project.Note: If OADP 1.4 is installed after DR configuration has been completed then theramen-dr-cluster-operator
pods on the Primary managed cluster and the Secondary managed cluster in namespaceopenshift-dr-system
must be restarted (deleted and recreated).
- On the Primary and Secondary managed cluster, navigate to
OperatorHub and use the keyword filter to search for
- [Optional] Add CACertificates to
ramen-hub-operator-config
ConfigMap.Configure network (SSL) access between the primary and secondary clusters so that metadata can be stored on the alternate cluster in a Multicloud Gateway (MCG) object bucket using a secure transport protocol and in the Hub cluster for verifying access to the object buckets.Note: If all of your OpenShift clusters are deployed using a signed and valid set of certificates for your environment then this section can be skipped.If you are using self-signed certificates, then you have already created a ConfigMap nameduser-ca-bundle
in theopenshift-config
namespace and added this ConfigMap to the default Proxy cluster resource.-
Find the encoded value for the CACertificates.
oc get configmap user-ca-bundle -n openshift-config -o jsonpath="{['data']['ca-bundle\.crt']}" |base64 -w 0
- Add this base64 encoded value to the configmap
ramen-hub-operator-config
on the Hub cluster. Example below shows where to add CACertificates.oc edit configmap ramen-hub-operator-config -n openshift-operators
[...] ramenOpsNamespace: openshift-dr-ops s3StoreProfiles: - s3Bucket: odrbucket-36bceb61c09c s3CompatibleEndpoint: https://s3-openshift-storage.apps.hyper3.vmw.ibmfusion.eu s3ProfileName: s3profile-hyper3-ocs-storagecluster s3Region: noobaa s3SecretRef: name: 60f2ea6069e168346d5ad0e0b5faa59bb74946f caCertificates: {input base64 encoded value here} - s3Bucket: odrbucket-36bceb61c09c s3CompatibleEndpoint: https://s3-openshift-storage.apps.hyper4.vmw.ibmfusion.eu s3ProfileName: s3profile-hyper4-ocs-storagecluster s3Region: noobaa s3SecretRef: name: cc237eba032ad5c422fb939684eb633822d7900 caCertificates: {input base64 encoded value here}
-
- Verify that there are DR secrets created in the OADP operator default
namespace
openshift-adp
on the Primary managed cluster and the Secondary managed cluster. The DR secrets that were created when the first DRPolicy was created, will be similar to the secrets below. The DR secret name is preceded with the letterv
.oc get secrets -n openshift-adp
NAME TYPE DATA AGE v60f2ea6069e168346d5ad0e0b5faa59bb74946f Opaque 1 3d20h vcc237eba032ad5c422fb939684eb633822d7900 Opaque 1 3d20h [...]
Note: There will be one DR created secret for each managed cluster in theopenshift-adp
namespace. - Verify if the Data Protection Application (DPA) is already installed on each managed cluster in
the OADP namespace
openshift-adp
. If not already created then follow the next step to create this resource.- Create the DPA by copying the following YAML definition content to
dpa.yaml
.apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: labels: app.kubernetes.io/component: velero name: velero namespace: openshift-adp spec: backupImages: false configuration: nodeAgent: enable: false uploaderType: restic velero: defaultPlugins: - openshift - aws noDefaultBackupLocation: true
- Create the DPA
resource.
oc create -f dpa.yaml -n openshift-adp
dataprotectionapplication.oadp.openshift.io/velero created
- Verify that the OADP resources are created and are in
Running
state.oc get pods,dpa -n openshift-adp
NAME READY STATUS RESTARTS AGE pod/openshift-adp-controller-manager-7b64b74fcd-msjbs 1/1 Running 0 5m30s pod/velero-694b5b8f5c-b4kwg 1/1 Running 0 3m31s NAME AGE dataprotectionapplication.oadp.openshift.io/velero 3m31s
- Create the DPA by copying the following YAML definition content to