Setting up the installation variables

A script is used as part of the installation process for Container Backup Support. Set up the environment and installation variables that are used by the installation script.

You must set up the variables in the following two files:

baas-options.sh: Contains the variables that are used to configure the prerequisites for Container Backup Support. This file is used to replace the sample baas-options.sh file that is provided in the installation package.
baas-values.yaml: Contains the values that are used to install Container Backup Support or to update an existing configuration. This file is used to replace the sample baas-values.yaml file that is provided in the installation package.

Information is provided on how to set up the installation variables for installing Container Backup Support in an airgap environment or from the IBM® Helm Charts Repository that is linked to IBM Entitled Registry.

About the airgap environment: As used in this documentation, an airgap cluster is any Kubernetes or OpenShift® cluster that does not have internet access, and therefore cannot pull container images from a Docker registry. The airgap installation package includes the container images for Container Backup Support. During the installation, the container images are loaded by the docker load command and then tagged and pushed to the Docker registry that is specified in the baas-options.sh file. As a result, the container images can be pulled during the Helm installation.

To set up the variables in the baas-options.sh file, see Setting up installation variables in the baas-options.sh file.

To set up the configuration parameters in the baas-values.yaml file, see Setting up installation variables in the baas-values.yaml file.

Setting up installation variables in the baas-options.sh file

Set up the variables in the baas-options.sh file to configure the prerequisites for Container Backup Support. Use this file to replace the sample baas-options.sh file that is provided in the installation package.

Before you begin, create a directory in your home folder (~) for storing the baas-options.sh and baas-values.yaml files. Issue the following commands:

mkdir install_vars_dir
cd install_vars_dir

where install_vars_dir is the name of the directory that you created.

Obtain an entitlement key

If you plan to pull Container Backup Support images from the IBM Entitled Registry, you must obtain a key from the IBM Container Library. To obtain an entitlement key:

Log in to the IBM Container software library with the IBMid and password that is associated with the entitled software.
Click Get entitlement key.
In the Access your container software page, click Copy key to copy the generated entitlement key.
Save the key to a secure location for later use.

Set up the variables in baas-options.sh

Update the values in the following text block and save the text block to a file called baas-options.sh in the install_vars_dir directory that you created:

export DOCKER_REGISTRY_ADDRESS='your_docker_registry'
export DOCKER_REGISTRY_USERNAME='your_docker_username'
export DOCKER_REGISTRY_PASSWORD='your_docker_password'
export DOCKER_REGISTRY_NAMESPACE='your_docker_registry_namespace'
export SPP_ADMIN_USERNAME='your_protectplus_containers_admin_username'
export SPP_ADMIN_PASSWORD='your_protectplus_containers_admin_password'
export DATAMOVER_USERNAME='create_a_datamover_username'
export DATAMOVER_PASSWORD='create_a_datamover_password'
export MINIO_USERNAME='create_a_minio_username'
export MINIO_PASSWORD='create_a_minio_password'
export BAAS_VERSION='protectplus_version'

The following table contains the descriptions for the environment variables in the baas-options.sh file. You must enclose the values with single quotation marks ('').

Table 1. Installation variables in the baas-options.sh file
Environment variable	Description
DOCKER_REGISTRY_ADDRESS	The address of the Docker registry in your environment where container images are loaded. If you are pulling images from the IBM Entitled Registry, you must specify '`cp.icr.io/cp`'. The value for DOCKER_REGISTRY_ADDRESS must match the value for the imageRegistry parameter in the baas-values.yaml file.
DOCKER_REGISTRY_USERNAME	The user account for the Docker registry where container images are loaded. If you are pulling images from the IBM Entitled Registry, you must specify '`cp`'.
DOCKER_REGISTRY_PASSWORD	The user password for the Docker registry where the container images are loaded. To pull images from the IBM Entitled Registry, specify the entitlement key that you obtained from the IBM Container software library. You can avoid putting the password in the file by specifying an environment variable for any of the passwords. For example, ${DOCKERUSER_PW} or ${IBMCLOUD_API_KEY}.
DOCKER_REGISTRY_NAMESPACE	The namespace of the Docker registry where the container images are loaded. The namespace does not have to be created ahead of time. To pull images from the IBM Entitled Registry, you must specify '`sppc`'. The value for DOCKER_REGISTRY_NAMESPACE must match the value for the imageRegistryNamespace parameter in the baas-values.yaml file.
SPP_ADMIN_USERNAME	The user ID of the IBM Spectrum® Protect Plus containers administrator. The containers administrator is an IBM Spectrum Protect Plus administrator with the Containers Admin role.
SPP_ADMIN_PASSWORD	The IBM Spectrum Protect Plus password for the containers administrator. You can optionally specify an environment variable for the password. For example, ${PROTECTPLUS_ADMIN_PW}.
DATAMOVER_USERNAME	The user ID to create for use with the data mover. The value does not have to exist already. It is created for the installation. The data mover username must adhere to the rules for usernames and passwords for Red Hat® Enterprise Linux® (RHEL) 7 operating system. The rules are the same as the ones for creating a new user on RHEL 7. For example, the password and the username must not be the same.
DATAMOVER_PASSWORD	The user password to create for use with the data mover. The value does not have to exist already. It is created for the installation. The data mover password must adhere to the rules for usernames and passwords for RHEL 7. The rules are the same as the ones for creating a new user on RHEL 7. For example: The password must be at least 8 characters in length, and must contain letters and numbers. No dictionary words are allowed in the password. The password cannot be the same as the username.
MINIO_USERNAME	The username to create for the MinIO user. MinIO object storage is used to store backups of cluster and namespace resources. The value does not have to exist already. It is created for the installation.
MINIO_PASSWORD	The password to create for the MinIO user. The value does not have to exist already. It is created for the installation.
BAAS_VERSION	The version of IBM Spectrum Protect Plus that you are installing, for example, 10.1.8 or 10.1.8.`x`, where `x` specifies an interim fix (iFix).

Setting up installation variables in the baas-values.yaml file

Set up the variables that are used to install or update Container Backup Support in the baas-values.yaml file. Use this file to replace the sample baas-values.yaml file that is provided in the installation package.

Before you begin, create a directory in your home folder (~) for storing the baas-options.sh and baas-values.yaml files. Issue the following commands:

mkdir install_vars_dir
cd install_vars_dir

where install_vars_dir is the name of the directory that you created.

Set up the variables in baas-values.yaml

Update the values in the following text block and save the text block to a file called baas-values.yaml in the install_vars_dir directory that you created.

license: false | true
isOCP: false | true
clusterName: create_a_cluster_name
networkPolicy:
  clusterAPIServerips:
    - kubernetes_host_ip1
    - kubernetes_host_ip2
    - kubernetes_host_ip3
  clusterAPIServerport: your_cluster_api_port
  clusterCIDR: x.x.x.x/y
  isServerInstalledOnAnotherCluster: false 
SPPfqdn: your_protectplus_server_DNS_address
SPPips: your_protectplus_server_ip
SPPport: your_protectplus_server_port
productLoglevel: INFO | WARNING | ERROR | DEBUG
imageRegistry: your_docker_registry
imageRegistryNamespace: your_docker_registry_namespace
minioStorageClass: name_of_storageclass_to_use_with_minio
veleroNamespace: spp-velero

Ensure that the spacing is maintained as specified in the YAML file. Tabs are not allowed.

Configuring baas-values.yaml when IBM Spectrum Protect Plus server runs in a container environment: If the IBM Spectrum Protect Plus server is installed on an OpenShift cluster, ensure that you set the values for the isServerInstalledOnAnotherCluster, SPPfqdn, and SPPips accordingly. For the specifications of these parameters, see Table 2.

The following table contains the descriptions and default values for the configuration parameters in the baas-values.yaml file:

Table 2. Configuration parameters in the baas-values.yaml file
Parameter	Description	Default value
license	The product license for Container Backup Support. The English license file is located in the LICENSES/LICENSE-en directory, which is included in the installation package. Versions of the license in English and other languages are available in the "IBM Spectrum Protect Plus Capacity - Version 10.1.8" license agreements at License Information documents. Set the value to true to indicate that you have reviewed and agree to the license agreement.	false
isOCP	The type of cluster on which you are installing Container Backup Support. If you are installing the product on an OpenShift cluster, set the value to true. If you are installing the product on a Kubernetes cluster, set the value to false.	false
clusterName	The unique cluster name that is used to register the application host to the IBM Spectrum Protect Plus server. The cluster name can be any name of your choice, but it must be unique from the IBM Spectrum Protect Plus server.	None
clusterAPIServerips	The IP address for the cluster API server. To obtain the cluster API server address, issue the following command: For Kubernetes: `kubectl get endpoints -n default -o yaml kubernetes` For OpenShift: `oc get endpoints -n default -o yaml kubernetes` Use all of the provided addresses listed under the addresses field in the output, or add or remove IP addresses as needed. Specify multiple addresses as follows: `networkPolicy: clusterAPIServerips: - x.x.x.x - y.y.y.y - z.z.z.z`	`x.x.x.x`
clusterAPIServerport	The port address for the cluster API server. To obtain the cluster API server port, issue the following command: For Kubernetes: `kubectl get endpoints -n default -o yaml kubernetes` For OpenShift: `oc get endpoints -n default -o yaml kubernetes` Use the port number listed in the port field in the output.	6443
clusterCIDR	The Classless Inter-Domain Routing (CIDR) value for the cluster. To obtain the CIDR, issue the following command: For Kubernetes: `kubectl cluster-info dump \| grep -m 1 cluster-cidr` For OpenShift: `oc get network -o yaml \| grep -A1 clusterNetwork:` Use the displayed IP address as the cluster CIDR address. Tip for Kubernetes: If the command does not return the CIDR value, change the grep expression to look for the combination of "cluster" and "CIDR" and run the command again.	192.168.0.0/16
additionalAddresses	Enter a value for the dm.nfs.additionalAddresses field if the network environment contains routers, proxies, gateways, or Network Address Translation (NAT) devices between the cluster nodes and the IBM Spectrum Protect Plus vSnap server. This address is used for data transfer during backup and restore operations between the cluster and vSnap server. Enter the public facing addresses for the device. The vSnap server uses an IP filter to regulate data transfer. You can specify more than one address, which can be in IP address or CIDR format. The addresses must be on the allowlist. Otherwise, the addresses are rejected. You can specify multiple addresses as follows: `dm: nfs: additionalAddress: - x.x.x.x - y.y.y.y - z.z.z.z`	`x.x.x.x`
isServerInstalledOnAnotherCluster	For OpenShift environments, set the value to false regardless of whether the IBM Spectrum Protect Plus server is installed on the same cluster as Container Backup Support or on a separate cluster. If you are installing Container Backup Support on a Kubernetes cluster, or if the IBM Spectrum Protect Plus server is installed as a virtual appliance, set the value to false.	false
SPPfqdn	The DNS address for the IBM Spectrum Protect Plus server. You can specify an IP address or a fully qualified domain name (FQDN). If the IBM Spectrum Protect Plus server is installed as a virtual appliance and no DNS server is available, specify the IP address that is used for the SPPips parameter. If the IBM Spectrum Protect Plus server is installed in an OpenShift container environment, retrieve the DNS address by issuing the following command: `oc get route --namespace spp_server_namespace` where `spp_server_namespace` specifies the namespace in which the IBM Spectrum Protect Plus server is installed. The DNS address to use is listed in the `HOST/PORT` column in the command output. For example: `NAME HOST/PORT PATH SERVICES spp-rte my.plus.server.example / sppproxy`	None
SPPips	The IBM Spectrum Protect Plus server IP address. If the IBM Spectrum Protect Plus server is installed as a virtual appliance, specify an IP address. If the IBM Spectrum Protect Plus server is installed in an OpenShift container environment, obtain the IP address as follows: Begin with the FQDN of the route that was used in the description for the SPPfqdn parameter. Using the URL from the output of the oc get route query, run the nslookup command or any DNS tools to resolve the URL to the IP address of the route. You can use one of the following methods: Run the following command by using the example from the SPPfqdn description: `nslookup my.plus.server.example` For more reliable results, create the Kubernetes dnsutils pod and run a DNS lookup of the IP address from that pod. For more information, see Debugging DNS Resolution. For example, run the following command, where `my.plus.server.example` is the FQDN of the route: `kubectl exec -i -t dnsutils -- nslookup my.plus.server.example`	`x.x.x.x`
SPPport	The IBM Spectrum Protect Plus server port. You must set the port number to 443.	443
productLoglevel	The trace levels for troubleshooting issues with the Container Backup Support transaction manager, controller, and scheduler components. The following trace levels are available: INFO, WARNING, DEBUG, and ERROR.	`INFO`
imageRegistry	The address of the Docker registry in your environment where the container images are loaded. If you are pulling images from the IBM Entitled Registry, you must specify `cp.icr.io/cp`. The value for the imageRegistry parameter must match the value for the DOCKER_REGISTRY_ADDRESS variable in the baas-options.sh file.	`docker-repo-hostname`: 5000
imageRegistryNamespace	The namespace of the Docker registry where the container images are loaded. The namespace does not have to be created ahead of time. To pull images from the IBM Entitled Registry, you must specify `sppc`. The value for the imageRegistryNamespace parameter must match the value for the DOCKER_REGISTRY_NAMESPACE variable in the baas-options.sh file.	`baas`
minioStorageClass	The name of the storage class to use for the MinIO server. The MinIO server is used to store the backups of cluster and namespace resources. If you do not specify a value for this parameter, the default storage class of your cluster is used. Ensure that a default storage class is defined. Important: To safeguard resource snapshot backups in the case where the BaaS is uninstalled or has been reinstalled, set the storage class with a Reclaim Policy with the Retain value specified. Backups that have been transferred to the vSnap server are not affected. Certain upgrade scenarios may also lead to losing the minIO PVC content if the Reclaim Policy is not set to Retain.	None
veleroNamespace	Specify the namespace of the Velero installation that is dedicated to IBM Spectrum Protect Plus Container Backup Support, for example, `spp-velero`. If you do not specify a value for this parameter, Velero integration is unavailable and you can use Container Backup Support to protect only PVCs.	None

Examples of baas-options.sh files

The following table shows examples of the baas-options.sh file for installations in different environments.

Kubernetes installation with a Docker registry in an airgap environment OpenShift installation with the IBM Entitled Registry

Table 3. Examples of baas-options.sh files
Kubernetes installation with a Docker registry in an airgap environment	OpenShift installation with the IBM Entitled Registry
`export DOCKER_REGISTRY_ADDRESS='192.0.2.28:5000' export DOCKER_REGISTRY_USERNAME='dockeruser' export DOCKER_REGISTRY_PASSWORD=${DOCKER_PW} export DOCKER_REGISTRY_NAMESPACE='baas' export SPP_ADMIN_USERNAME='container-admin' export SPP_ADMIN_PASSWORD=${SPP_ADMIN_PW} export DATAMOVER_USERNAME='spectrum' export DATAMOVER_PASSWORD='Pr0tect!' export MINIO_USERNAME='spp-user' export MINIO_PASSWORD='aust1np0w3rs' export BAAS_VERSION='10.1.8'`	`export DOCKER_REGISTRY_ADDRESS='cp.icr.io/cp' export DOCKER_REGISTRY_USERNAME='cp' export DOCKER_REGISTRY_PASSWORD=${IBMCLOUD_API_KEY} export DOCKER_REGISTRY_NAMESPACE='sppc' export SPP_ADMIN_USERNAME='container-admin' export SPP_ADMIN_PASSWORD=${SPP_ADMIN_PW} export DATAMOVER_USERNAME='spectrum' export DATAMOVER_PASSWORD='Pr0tect!' export MINIO_USERNAME='spp-user' export MINIO_PASSWORD='aust1np0w3rs' export BAAS_VERSION='10.1.8'`

export DOCKER_REGISTRY_ADDRESS='192.0.2.28:5000'
export DOCKER_REGISTRY_USERNAME='dockeruser'
export DOCKER_REGISTRY_PASSWORD=${DOCKER_PW}
export DOCKER_REGISTRY_NAMESPACE='baas'
export SPP_ADMIN_USERNAME='container-admin'
export SPP_ADMIN_PASSWORD=${SPP_ADMIN_PW}
export DATAMOVER_USERNAME='spectrum'
export DATAMOVER_PASSWORD='Pr0tect!'
export MINIO_USERNAME='spp-user'
export MINIO_PASSWORD='aust1np0w3rs'
export BAAS_VERSION='10.1.8'

export DOCKER_REGISTRY_ADDRESS='cp.icr.io/cp'
export DOCKER_REGISTRY_USERNAME='cp'
export DOCKER_REGISTRY_PASSWORD=${IBMCLOUD_API_KEY}
export DOCKER_REGISTRY_NAMESPACE='sppc'
export SPP_ADMIN_USERNAME='container-admin'
export SPP_ADMIN_PASSWORD=${SPP_ADMIN_PW}
export DATAMOVER_USERNAME='spectrum'
export DATAMOVER_PASSWORD='Pr0tect!'
export MINIO_USERNAME='spp-user'
export MINIO_PASSWORD='aust1np0w3rs'
export BAAS_VERSION='10.1.8'

Examples of baas-values.yaml files

The following table shows examples of the baas-values.yaml file for installations in different environments.

Kubernetes installation with a Docker registry in an airgap environment OpenShift installation with the IBM Entitled Registry

Table 4. Examples of baas-values.yaml files
Kubernetes installation with a Docker registry in an airgap environment	OpenShift installation with the IBM Entitled Registry
`license: true isOCP: false clusterName: example-k8s-cluster networkPolicy: clusterAPIServerips: - 192.0.2.63 clusterAPIServerport: 6443 clusterCIDR: 192.168.0.0/16 isServerInstalledOnAnotherCluster: false SPPfqdn: my.ova.plus.server.example SPPips: 192.0.2.83 SPPport: 443 productLoglevel: INFO imageRegistry: 192.0.2.28:5000 imageRegistryNamespace: baas minioStorageClass: csi-rbd veleroNamespace: spp-velero`	`license: true isOCP: true clusterName: example-ocp-cluster networkPolicy: clusterAPIServerips: - 198.51.100.1 - 198.51.100.2 - 198.51.100.3 clusterAPIServerport: 6443 clusterCIDR: 198.51.100.0/24 isServerInstalledOnAnotherCluster: false SPPfqdn: my.ocp.plus.server.example SPPips: 198.51.100.12 SPPport: 443 productLoglevel: INFO imageRegistry: cp.icr.io/cp imageRegistryNamespace: sppc minioStorageClass: csi-rbd veleroNamespace: spp-velero`

license: true
isOCP: false
clusterName: example-k8s-cluster
networkPolicy:
  clusterAPIServerips:
    - 192.0.2.63
  clusterAPIServerport: 6443
  clusterCIDR: 192.168.0.0/16
  isServerInstalledOnAnotherCluster: false
SPPfqdn: my.ova.plus.server.example
SPPips: 192.0.2.83
SPPport: 443
productLoglevel: INFO
imageRegistry: 192.0.2.28:5000
imageRegistryNamespace: baas
minioStorageClass: csi-rbd
veleroNamespace: spp-velero

license: true
isOCP: true
clusterName: example-ocp-cluster
networkPolicy:
  clusterAPIServerips:
    - 198.51.100.1
    - 198.51.100.2
    - 198.51.100.3
  clusterAPIServerport: 6443
  clusterCIDR: 198.51.100.0/24
  isServerInstalledOnAnotherCluster: false
SPPfqdn: my.ocp.plus.server.example
SPPips: 198.51.100.12
SPPport: 443
productLoglevel: INFO
imageRegistry: cp.icr.io/cp
imageRegistryNamespace: sppc
minioStorageClass: csi-rbd
veleroNamespace: spp-velero