Before you begin
- You must have S3-compatible storage set up before you complete this task. For more information,
see Setting up S3-compatible object storage for backups.
- This task assumes that you have a workstation with the NetApp Trident Protect command-line interface (CLI)
plug-in. For more information, see Install the Trident Protect CLI
plugin in the NetApp Trident documentation:
Best practice: You can run the commands in
this task exactly as written if you set up environment variables. For instructions, see
Setting up
installation environment variables.
Ensure
that you source the environment variables before you run the commands in this task.
About this task
If you plan to use the NetApp Trident Protect, you must install the
OADP operator and configure a Data
Protection Application to connect to your S3-compatible object storage.
Procedure
-
Log in to Red Hat®
OpenShift Container Platform as a cluster
administrator.
${OC_LOGIN}
Remember:
OC_LOGIN is an alias for the oc login
command.
- Install NetApp Trident Protect.
For more
information, see
Install and configure Trident
Protect
in the
NetApp Trident documentation:
- Check the version of the following NetApp software is the same:
- To check the version of NetApp Trident, run:
oc get deploy trident-controller \
-n trident \
-o yaml | grep "image:" | grep "trident"
- To check the version of NetApp Trident Protect, run:
oc get cm trident-protect-env-config \
-n ${PROJECT_NETAPP_TRIDENT_PROTECT} \
-o jsonpath='{.data.TRIDENT_PROTECT_TAG}{"\n"}'
- To check the version of the NetApp Trident Protect CLI plug-in, run:
tridentctl-protect version
- Create a NetApp Trident Protect AppVault.
(An
AppVault is a bucket custom resource for
NetApp Trident Protect.) For more information on
creating an App Vault, see
Use Trident Protect AppVault
objects to manage buckets in the
NetApp Trident documentation:
Remember: Ensure that the AppVault name matches the value that you set for the NETAPP_TRIDENT_PROTECT_APP_VAULT environment variable in your installation
environment variables script.
- If the OADP operator is not installed, create the project
where you plan to install the OADP
operator:
oc new-project ${OADP_PROJECT}
- Annotate the OADP project:
oc annotate namespace ${OADP_PROJECT} openshift.io/node-selector=""
The annotation ensure that Kopia pods
can be scheduled on all nodes
- If the OADP
operator is not installed, install it.
For more information, see
Installing OADP:
- Configure the OADP operator.
For more information, see
Configuring OADP with AWS S3 compatible
storage:
- Install and configure the Data Protection Application (DPA) custom resource.
The YAML file in the following oc apply command shows the recommended DPA configuration.
Review the following guidance to determine if you need to adjust the contents of the YAML file
before you run the command:
cat << EOF | oc apply -f -
apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
name: dpa-sample
namespace: ${OADP_PROJECT}
spec:
backupImages: false
backupLocations:
- velero:
accessMode: ReadWrite
config:
region: ${REGION}
s3ForcePathStyle: "true" # Remove this line if you use AWS S3 object storage.
s3Url: ${S3_URL}
credential:
key: ${ACCESS_KEY_ID}
name: ${SECRET_ACCESS_KEY}
default: true
objectStorage:
bucket: ${BUCKET_NAME}
prefix: ${BUCKET_PREFIX}
provider: aws
configuration:
nodeAgent:
enable: true
podConfig:
resourceAllocations:
limits:
cpu: "${NODE_AGENT_POD_CPU_LIMIT}"
memory: 32Gi
requests:
cpu: 500m
memory: 256Mi
tolerations:
- effect: NoSchedule
key: icp4data
operator: Exists
timeout: 72h
uploaderType: kopia
defaultPlugins:
- aws
- openshift
- csi
velero:
customPlugins:
- image: icr.io/cpopen/cpfs/cpfs-oadp-plugins:latest
name: cpfs-oadp-plugin
- image: icr.io/cpopen/cpd/cpdbr-velero-plugin:${VERSION}
name: cpdbr-velero-plugin
- image: icr.io/cpopen/cpd/swhub-velero-plugin:${VERSION}
name: swhub-velero-plugin
- image: icr.io/db2u/db2u-velero-plugin:${VERSION}
name: db2u-velero-plugin
defaultPlugins:
- aws
- openshift
- csi
podConfig:
resourceAllocations:
limits:
cpu: "${KOPIA_POD_CPU_LIMIT}"
memory: 4Gi
requests:
cpu: 500m
memory: 256Mi
resourceTimeout: 60m
EOF
- If node agent backups or restores fail (indicated by pod volume timeout errors in the Kopia log), increase the node agent timeout
(
spec.configuration.nodeAgent.timeout). The default value is 72 hours
(72h).
- If node agent volume backups fail or hang on large volumes (indicated by node agent pod
containers restarting due to an
OOMKilled error), increase the node agent memory
limit (spec.configuration.nodeAgent.podConfig.resourceAllocations.limits.memory).
The default value is 32 gibibytes (32Gi)
- Confirm that the
velero and
node-agent pods are running in the ${OADP_PROJECT} project:
oc get pods \
-n ${OADP_PROJECT}
The node-agent
DaemonSet creates one node-agent pod for each worker node in the
cluster. For example, on a cluster with 9 nodes, ensure that there are 9 node-agent
pods:
NAME READY STATUS RESTARTS AGE
openshift-adp-controller-manager-678f6998bf-fnv8p 2/2 Running 0 55m
node-agent-455wd 1/1 Running 0 49m
node-agent-5g4n8 1/1 Running 0 49m
node-agent-6z9v2 1/1 Running 0 49m
node-agent-722x8 1/1 Running 0 49m
node-agent-c8qh4 1/1 Running 0 49m
node-agent-lcqqg 1/1 Running 0 49m
node-agent-v6gbj 1/1 Running 0 49m
node-agent-xb9j8 1/1 Running 0 49m
node-agent-zjngp 1/1 Running 0 49m
velero-7d847d5bb7-zm6vd 1/1 Running 0 49m
- Verify that the backup storage location
PHASE is
Available:
cpd-cli oadp backup-location list \
--namespace=${OADP_PROJECT}
For example:
NAME PROVIDER BUCKET PREFIX PHASE LAST VALIDATED ACCESS MODE
dpa-sample-1 aws ${BUCKET_NAME} ${BUCKET_PREFIX} Available <timestamp>
Setting up a client workstation
Preparing the cluster for IBM Software
Hub
Restore If you plan to restore IBM Software
Hub to a different cluster, you must also
complete this task on the target cluster.