Using IBM Storage Protect as a backup storage location

Backup OpenShift® Container Platform applications to an IBM Storage Protect server and optionally make a copy of the data on tape.

Before you begin

Ensure that you have IBM Storage Protect 8.1.18 server or higher.

Before you implement this solution, see IBM Storage Protect documentation to understand expected recovery time of data from tape based on the total amount of managed data on the tape.

About this task

If the IBM Storage Protect server already has an object agent defined, you must recreate the object agent to ensure that the public certificate is generated correctly. To recreate the object agent, you must do the following steps to remove the current object agent:

  1. From the IBM Storage Protect server, issue the command delete server <object_agent_name>.
  2. Uninstall the IBM Storage Protect object agent on the system by using the ibmspecified command from the delete server output.
  3. Delete the object agent directory under the server instance directory on the machine that hosts the IBM Storage Protect installation.
  4. Proceed with the steps in the procedure to define the IBM Storage Protect object agent.

Procedure

  1. Configure the object agent service on the IBM Storage Protect server.
    1. Run the following command on IBM Storage Protect server:
      setopt objectagentsancertificate yes
      Note:
      • If you are using a self-signed certificate, then you need this step to allow the object agent to create a self-signed certificate with the Subject Alternate Name (SAN).
      • If you are using a CA-signed certificate, then this step is not required.
    2. Create the object agent service by using the DEFINE SERVER command.
      For details about the command, see IBM Storage Protect 8.1.18 documentation.
      Note: If you are using a self-signed certificate, then you must ibmspecify the HLAddress in dotted decimal format.
    3. Configure an object client as documented in IBM Storage Protect documentation.
    4. Create an object storage bucket. You can create a bucket either by using the S3 API or by using the following MinIO client command:
      mc mb
  2. Configure a backup location from the IBM Storage Fusion interface.
    1. Location name is any name of your choice.
    2. Location type is S3 Compliant.
    3. Endpoint is the URL using the dotted IP address of the object agent client, which was configured on the IBM Storage Protect server.
    4. Bucket is the bucket that was configured on the IBM Storage Protect server.
    5. Access key and Secret key are the keys that were generated when the object client was created on the IBM Storage Protect server.
    6. Secret name for certificate to create a secret to store the IBM Storage Protect public certificate as documented in the Adding a location or Adding a backup storage location.

    After the backup location is created, create a backup policy using the new backup location and assign one or more applications to the backup policy.

  3. Copy data to and from tape:
    1. Optionally, copy IBM ibmspectrum Protect data to tape:
      PROTECT STGPOOL
                Type=Local
      You can schedule this command to run periodically.
    2. To recover data that is no longer available in the primary storage pool, use the REPAIR STGPOOL command to recover the data from tape to the primary storage pool. For more information about the command, see IBM Storage Protect documentation.
    3. Initiate the restore request from IBM Storage Fusion.