This is a cache of https://docs.openshift.com/container-platform/4.16/backup_and_restore/application_backup_and_restore/installing/configuring-oadp-multiple-bsl.html. It is a snapshot of the page at 2024-11-23T10:18:29.661+0000.
Configuring OADP with multiple backup storage locations - OADP Application backup and restore | Backup and restore | OpenShift Container Platform 4.16
×

You can configure one or more backup storage locations (BSLs) in the Data Protection Application (DPA). You can also select the location to store the backup in when you create the backup. With this configuration, you can store your backups in the following ways:

  • To different regions

  • To a different storage provider

OADP supports multiple credentials for configuring more than one BSL, so that you can specify the credentials to use with any BSL.

Configuring the DPA with more than one BSL

You can configure the DPA with more than one BSL and specify the credentials provided by the cloud provider.

Prerequisites
  • You must install the OADP Operator.

  • You must create the secrets by using the credentials provided by the cloud provider.

Procedure
  1. Configure the DPA with more than one BSL. See the following example.

    Example DPA
    apiVersion: oadp.openshift.io/v1alpha1
    kind: DataProtectionApplication
    #...
    backupLocations:
      - name: aws (1)
        velero:
          provider: aws
          default: true (2)
          objectStorage:
            bucket: <bucket_name> (3)
            prefix: <prefix> (4)
          config:
            region: <region_name> (5)
            profile: "default"
          credential:
            key: cloud
            name: cloud-credentials (6)
      - name: odf (7)
        velero:
          provider: aws
          default: false
          objectStorage:
            bucket: <bucket_name>
            prefix: <prefix>
          config:
            profile: "default"
            region: <region_name>
            s3Url: <url> (8)
            insecureSkipTLSVerify: "true"
            s3ForcePathStyle: "true"
          credential:
            key: cloud
            name: <custom_secret_name_odf> (9)
    #...
    1 Specify a name for the first BSL.
    2 This parameter indicates that this BSL is the default BSL. If a BSL is not set in the Backup CR, the default BSL is used. You can set only one BSL as the default.
    3 Specify the bucket name.
    4 Specify a prefix for Velero backups; for example, velero.
    5 Specify the AWS region for the bucket.
    6 Specify the name of the default secret object that you created.
    7 Specify a name for the second BSL.
    8 Specify the URL of the S3 endpoint.
    9 Specify the correct name for the secret; for example, custom_secret_name_odf. If you do not specify a secret name, the default name is used.
  2. Specify the BSL to be used in the backup CR. See the following example.

    Example backup CR
    apiVersion: velero.io/v1
    kind: Backup
    # ...
    spec:
      includedNamespaces:
      - <namespace> (1)
      storageLocation: <backup_storage_location> (2)
      defaultVolumesToFsBackup: true
    1 Specify the namespace to back up.
    2 Specify the storage location.

OADP use case for two BSLs

In this use case, you configure the DPA with two storage locations by using two cloud credentials. You back up an application with a database by using the default BSL. OADP stores the backup resources in the default BSL. You then backup the application again by using the second BSL.

Prerequisites
  • You must install the OADP Operator.

  • You must configure two backup storage locations: AWS S3 and Multicloud Object Gateway (MCG).

  • You must have an application with a database deployed on a Red Hat OpenShift cluster.

Procedure
  1. Create the first secret for the AWS S3 storage provider with the default name by running the following command:

    $ oc create secret generic cloud-credentials -n openshift-adp --from-file cloud=<aws_credentials_file_name> (1)
    1 Specify the name of the cloud credentials file for AWS S3.
  2. Create the second secret for MCG with a custom name by running the following command:

    $ oc create secret generic mcg-secret -n openshift-adp --from-file cloud=<MCG_credentials_file_name> (1)
    1 Specify the name of the cloud credentials file for MCG. Note the name of the mcg-secret custom secret.
  3. Configure the DPA with the two BSLs as shown in the following example.

    Example DPA
    apiVersion: oadp.openshift.io/v1alpha1
    kind: DataProtectionApplication
    metadata:
      name: two-bsl-dpa
      namespace: openshift-adp
    spec:
      backupLocations:
      - name: aws
        velero:
          config:
            profile: default
            region: <region_name> (1)
          credential:
            key: cloud
            name: cloud-credentials
          default: true
          objectStorage:
            bucket: <bucket_name> (2)
            prefix: velero
          provider: aws
      - name: mcg
        velero:
          config:
            insecureSkipTLSVerify: "true"
            profile: noobaa
            region: <region_name> (3)
            s3ForcePathStyle: "true"
            s3Url: <s3_url> (4)
          credential:
            key: cloud
            name: mcg-secret (5)
          objectStorage:
            bucket: <bucket_name_mcg> (6)
            prefix: velero
          provider: aws
      configuration:
        nodeAgent:
          enable: true
          uploaderType: kopia
        velero:
          defaultPlugins:
          - openshift
          - aws
    1 Specify the AWS region for the bucket.
    2 Specify the AWS S3 bucket name.
    3 Specify the region, following the naming convention of the documentation of MCG.
    4 Specify the URL of the S3 endpoint for MCG.
    5 Specify the name of the custom secret for MCG storage.
    6 Specify the MCG bucket name.
  4. Create the DPA by running the following command:

    $ oc create -f <dpa_file_name> (1)
    1 Specify the file name of the DPA you configured.
  5. Verify that the DPA has reconciled by running the following command:

    $ oc get dpa -o yaml
  6. Verify that the BSLs are available by running the following command:

    $ oc get bsl
    Example output
    NAME   PHASE       LAST VALIDATED   AGE     DEFAULT
    aws    Available   5s               3m28s   true
    mcg    Available   5s               3m28s
  7. Create a backup CR with the default BSL.

    In the following example, the storageLocation field is not specified in the backup CR.

    Example backup CR
    apiVersion: velero.io/v1
    kind: Backup
    metadata:
      name: test-backup1
      namespace: openshift-adp
    spec:
      includedNamespaces:
      - <mysql_namespace> (1)
      defaultVolumesToFsBackup: true
    1 Specify the namespace for the application installed in the cluster.
  8. Create a backup by running the following command:

    $ oc apply -f <backup_file_name> (1)
    1 Specify the name of the backup CR file.
  9. Verify that the backup completed with the default BSL by running the following command:

    $ oc get backup <backup_name> -o yaml (1)
    1 Specify the name of the backup.
  10. Create a backup CR by using MCG as the BSL. In the following example, note that the second storageLocation value is specified at the time of backup CR creation.

    Example backup CR
    apiVersion: velero.io/v1
    kind: Backup
    metadata:
      name: test-backup1
      namespace: openshift-adp
    spec:
      includedNamespaces:
      - <mysql_namespace> (1)
      storageLocation: mcg (2)
      defaultVolumesToFsBackup: true
    1 Specify the namespace for the application installed in the cluster.
    2 Specify the second storage location.
  11. Create a second backup by running the following command:

    $ oc apply -f <backup_file_name> (1)
    1 Specify the name of the backup CR file.
  12. Verify that the backup completed with the storage location as MCG by running the following command:

    $ oc get backup <backup_name> -o yaml (1)
    1 Specify the name of the backup.