Prerequisites for disaster recovery protection of discovered applications

This section provides instructions to guide you through the prerequisites for protecting discovered applications. This includes tasks such as assigning a data policy and initiating DR actions such as failover and relocate.

  1. Ensure that all the DR configurations have been installed on the Primary managed cluster and the Secondary managed cluster.
  2. Install the OADP 1.4 operator.
    Note: Any version before OADP 1.4 will not work for protecting discovered applications.
    1. On the Primary and Secondary managed cluster, navigate to OperatorHub and use the keyword filter to search for OADP.
    2. Click the OADP tile.
    3. Keep all default settings and click Install. Ensure that the operator resources are installed in the openshift-adp project.
      Note: If OADP 1.4 is installed after DR configuration has been completed then the ramen-dr-cluster-operator pods on the Primary managed cluster and the Secondary managed cluster in namespace openshift-dr-system must be restarted (deleted and recreated).
  3. [Optional] Add CACertificates to ramen-hub-operator-config ConfigMap.
    Configure network (SSL) access between the primary and secondary clusters so that metadata can be stored on the alternate cluster in a Multicloud Gateway (MCG) object bucket using a secure transport protocol and in the Hub cluster for verifying access to the object buckets.
    Note: If all of your OpenShift clusters are deployed using a signed and valid set of certificates for your environment then this section can be skipped.
    If you are using self-signed certificates, then you have already created a ConfigMap named user-ca-bundle in the openshift-config namespace and added this ConfigMap to the default Proxy cluster resource.
    1. Find the encoded value for the CACertificates.
      oc get configmap user-ca-bundle -n openshift-config -o jsonpath="{['data']['ca-bundle\.crt']}" |base64 -w 0
    2. Add this base64 encoded value to the configmap ramen-hub-operator-config on the Hub cluster. Example below shows where to add CACertificates.
      oc edit configmap ramen-hub-operator-config -n openshift-operators
      [...]
          ramenOpsNamespace: openshift-dr-ops
          s3StoreProfiles:
          - s3Bucket: odrbucket-36bceb61c09c
            s3CompatibleEndpoint: https://s3-openshift-storage.apps.hyper3.vmw.ibmfusion.eu
            s3ProfileName: s3profile-hyper3-ocs-storagecluster
            s3Region: noobaa
            s3SecretRef:
              name: 60f2ea6069e168346d5ad0e0b5faa59bb74946f
            caCertificates: {input base64 encoded value here}
          - s3Bucket: odrbucket-36bceb61c09c
            s3CompatibleEndpoint: https://s3-openshift-storage.apps.hyper4.vmw.ibmfusion.eu
            s3ProfileName: s3profile-hyper4-ocs-storagecluster
            s3Region: noobaa
            s3SecretRef:
              name: cc237eba032ad5c422fb939684eb633822d7900
            caCertificates: {input base64 encoded value here}
  4. Verify that there are DR secrets created in the OADP operator default namespace openshift-adp on the Primary managed cluster and the Secondary managed cluster. The DR secrets that were created when the first DRPolicy was created, will be similar to the secrets below. The DR secret name is preceded with the letter v.
    oc get secrets -n openshift-adp
    NAME                                       TYPE     DATA   AGE
    v60f2ea6069e168346d5ad0e0b5faa59bb74946f   Opaque   1      3d20h
    vcc237eba032ad5c422fb939684eb633822d7900   Opaque   1      3d20h
    [...]
    Note: There will be one DR created secret for each managed cluster in the openshift-adp namespace.
  5. Verify if the Data Protection Application (DPA) is already installed on each managed cluster in the OADP namespace openshift-adp. If not already created then follow the next step to create this resource.
    1. Create the DPA by copying the following YAML definition content to dpa.yaml.
      apiVersion: oadp.openshift.io/v1alpha1
      kind: DataProtectionApplication
      metadata:
        labels:
          app.kubernetes.io/component: velero
        name: velero
        namespace: openshift-adp
      spec:
        backupImages: false
        configuration:
          nodeAgent:
            enable: false
            uploaderType: restic
          velero:
            defaultPlugins:
              - openshift
              - aws
            noDefaultBackupLocation: true
    2. Create the DPA resource.
      oc create -f dpa.yaml -n openshift-adp
      dataprotectionapplication.oadp.openshift.io/velero created
    3. Verify that the OADP resources are created and are in Running state.
      oc get pods,dpa -n openshift-adp
      NAME                                                    READY   STATUS    RESTARTS   AGE
      pod/openshift-adp-controller-manager-7b64b74fcd-msjbs   1/1     Running   0          5m30s
      pod/velero-694b5b8f5c-b4kwg                             1/1     Running   0          3m31s
      
      
      NAME                                                 AGE
      dataprotectionapplication.oadp.openshift.io/velero   3m31s