Backup & Restore spoke

Protect your data with application-centric backups. Use local snapshots for quick recovery or transfer backups to external object storage for safe keeping.

Before you begin

  • Important:
    • Backup & Restore 2.8.1 is not supported on OpenShift® Container Platform 4.16.
    • Download and run br_pre_install_patch281.sh before you install Backup & Restore Hub on any cluster. For additional information about the issue, see Fresh installation of Backup & Restore may hang or fail.

      This is applicable only for the installation of IBM Storage Fusion 2.8.1. Do not apply this patch if you are upgrading from a earlier version.

  • Install backup hub. For the procedure to install, see Backup & Restore hub.
  • Generate the YAML. This YAMLis required to establish mutual authentication between the two clusters. For the procedure to generate, see Establishing connection between hub and spoke.
  • When you add a Spoke to a Hub, the version of the Spoke must be the same version as the Hub.
  • Consider the following points before you begin installation:
    • Support for Backup & Restore service on Amazon web services ROSA is using native storage class - gp2-csi, gp3, and gp3-csi. The native storage classes gp2-csi, gp3 and gp3-csi are supported if you create a new class based on those that has volumeBindingMode Immediate. The gp3 and gp3-csi classes are clones of each other, one can be used as a base to create a new class with immediate binding.
    • Support for Backup & Restore service on Microsoft Azure ARO is using managed-csi storage class. The managed-csi storage class is CSI compliant, but does not have volumeBindingMode Immediate. You can create a new storage class based on managed-csi and set Immediate binding mode.
    • Firewall ports required for Hub and Spoke architecture:
      • Hub
        Must be able to make a TCP connection to the Spoke cluster API address
      • Spoke
        • Must be able to make a TCP connection to the Hub cluster API address
        • Must be able to make a TCP connection address <kafka-route>:443, where kafka-route can be found by running the following command on the hub:
          oc get route kafka-bridge-rbac-proxy -n ibm-backup-restore -o template --template
                    '{{.spec.host}}'
      • A route on the host that creates a DNS address exists for the Kubernetes API, which is enabled by default during the installation of Red Hat® OpenShift. Check whether it is available and is resolvable from the spoke containers. Format of the URL is api.<cluster-name>.<domain> but is changeable. This is port 443 on all control plane nodes.
      • A route to the Kafka Bridge creates a DNS address. Check whether it is available and is resolvable from the spoke containers. Uses port 443 on compute nodes. Run the following command and check the role in the output to know which nodes are compute nodes (needed for Kafka Bridge) and control plane nodes (for Kubernetes API connection):
        oc get nodes
        Example output:
        NAME STATUS ROLES AGE VERSION
        bootstrap.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61
        master0.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61
        master1.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61
        master2.ocpfsn.pok.stglabs.ibm.com Ready control-plane,master 3d19h v1.25.14+20cda61
        worker0.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61
        worker1.ocpfsn.pok.stglabs.ibm.com Ready worker 3d18h v1.25.14+20cda61
        worker3.ocpfsn.pok.stglabs.ibm.com Ready worker 2d2h v1.25.14+20cda61
        Alternatively, to check the roles from OpenShift console, do the following steps:
        1. Log in to the OpenShift console.
        2. Click Compute > Nodes menu.
        3. Check the role of the nodes.
      • The following command can be used to get the cluster API address of a cluster:
        oc cluster-info
        For example:
        Kubernetes control plane is running at https://c109-e.us-east.containers.cloud.ibm.com:30363

Procedure

  1. Go to Services page in IBM Storage Fusion user interface.
  2. In the Available section, click the Backup & Restore Agent tile.
  3. In the Backup & Restore page, go through the features and capabilities of the service and click Install.
  4. In the Install service window, select a Storage class that is used for the service.
    The internal data catalog requires a minimum of 200 GB for ReadWriteOnce storage so select a storage class that supports this criteria.
  5. Enter a connection snippet that is generated from the backup hub cluster.
    Important: When you install Spoke from the user interface, use the snippet. Use YAML option only when you do an automated deployment outside the IBM Storage Fusion user interface.
  6. Click Install.
    A validation is done to check whether the connection is possible. If connection failed message appears, check the message and take corrective action. The installation starts and a notification appears on the Services page. You can see the progress of the installation in the Services > Installed section. After the installation completes successfully, you can see the status as normal and a Get started link.

    After you enable the Backup & Restore, you can view the service version and health status. From the ellipsis menu, you can download logs and view documentation. After you successfully collect the logs, a success notification gets displayed. The notification disappears automatically after some time.

    The Backup & Restore menu in the spoke cluster includes the following sub-menus:
    • Topology
    • Backed up applications
    In case of other failures, go through the downloaded logs to understand the cause of the failure and fix the issue. For more information about service issues in IBM Storage Fusion, see Troubleshooting installation and upgrade issues in IBM Storage Fusion services.

What to do next

Important: Apply the mandatory IBM Storage Fusion 2.8.0 hotfix on top of 2.8.0 version. For more information about how to download the hotfix and the scope of issues covered in the hotfix, see IBM Storage Fusion 2.8.0 hotfix.
  • You can set the configuration parameters in ConfigMap guardian-configmap to change defaults for IBM Storage Fusion Backup & restore agent. For more information about the parameters, see Backup & restore configuration parameters.
  • Go to the Backup spoke cluster user interface > Overview page and click Launch Backup Hub to open the Backup hub.

    In the Backup & restore > Overview page, you have quick links to generate YAML, connect locations, create backup policies, and protect your applications.

  • You can now begin to protect your IBM Storage Fusion applications.
    1. Add location to determine whether the network verification is needed. For the procedure to add a location, see Adding backup storage location.
    2. Creating backup policy.
    3. Assigning backup policy.