Tech ONTAP Blogs
Tech ONTAP Blogs
Customers are rapidly modernizing their applications by containerizing them. These container applications may be currently deployed in VMware environments. However, customers can find themselves in a situation where some of the applications running on VMs cannot be containerized for various reasons (may be because it is a third-party application which does not have a containerized version). OpenShift Virtualization provides a great solution for them, where they can run their containerized applications, as well as their VMs, on the same OpenShift Cluster and use a single management tool to manage both the containers as well the VMs. The VMs in OpenShift Virtualization use the same container paradigm and persistent storage paradigm, making the skillsets reusable.
In a previous video, I showed how to migrate a VM from VMware to OpenShift Virtualization platform using the Migration Toolkit for Virtualization (MTV). When you migrate the VMs, the storage for the VMs in VMware are moved to volumes in ONTAP storage integrated with NetApp Astra Trident. In this blog, I will show you how to protect the VM metadata and its disk data in persistent volumes by backing up the VM to Object Storage and restoring it when needed.
OpenShift API for Data Protection (OADP) can be used to perform Backup and Restore of VMs. Red Hat OpenShift has leveraged the use of the open-source plugin Velero, integrated with CSI storage drivers and exposing the Velero APIs for easy backup and restore, disaster recovery, and migration of Kubernetes cluster resources and persistent volumes.
In this blog, I will show you how to
Here is the architecture for this demonstration:
Prerequisites:
For the example in this blog,
1. Installing OADP operator
Installing the OADP operator is quite straightforward. Simply look for the operator in the OperatorHub and select it. Keep all the defaults and click on Install. The operator is installed in openshift-adp namespace.
Before configuring the Velero plugin (default used by OADP operator for backups and restores), two other configurations need to be completed:
a. Create a secret for the S3 user credentials
To create a secret from the web console, select Secrets, then click on Key/Value Secret. Provide the values for the credential name, key and the value as shown. Be sure to use the Access Key Id and Secret Access Key of your S3 user. Name the secret appropriately. In the sample below, a secret with ONTAP S3 user credentials named ontap-s3-credentials is created.
b. Enable CSI for Velero Snapshots
The Velero CSI plugins, to backup CSI backed PVCs, will choose the VolumeSnapshotClass in the cluster that has velero.io/csi-volumesnapshot-class label set on it. For this, you must
Ensure that the DataProtectionApplication is created and is in condition:Reconciled.
2. Configuring Velero for Backups
To configure Velero, select Installed Operators from the menu item under Operators, click on OADP operator, and then select the DataProtectionApplication tab. Click on Create DataProtectionApplication. In the form view, provide a name for the DataProtection Application or use the default name.
Here is a sample spec you can replace in the YAML view. ONTAP S3 (with its credentials and other access information as shown in the yaml) is configured as the default BackupLocation for velero. The backups will be stored in the folder velero/demobackup/.
DataProtectionApplication Custom Resource (CR) is created and is in condition:Reconciled. A corresponding BackupStorage location will be created as well and is in Available state.
3. Creating an On-Demand Backup of a VM
If you want to backup a VM when it is in the Running state, then you must install the QEMU guest agent on that virtual machine. If you install the VM using an existing template, then QEMU agent is installed automatically. QEMU allows the guest agent to quiesce in-flight data in the guest OS during the snapshot process, and avoid possible data corruption. If you do not have QEMU installed, you can stop the virtual machine before taking a backup.
To create an on-demand backup of the VM and its disks, click on Backup tab. This creates a Backup Custom Resource (CR). I have provided a sample yaml for the Backup CR. Using this yaml, a snapshot of the persistent volumes backing the disks will be created using the CSI. A backup of the VM along with the snapshot of its disks are stored in the backup location specified in the yaml. The backup will remain in the system for 30 days as specified in the ttl. Once the backup completes, its phase will show as completed. If you want to set additional parameters, review the documentation.
You can inspect the backup in the Object storage with the help of an S3 browser application. The velero bucket contains the folder demobackup in which the backups are placed.
4. Restoring a VM
To restore from the backup that you just created, you need to create a Restore Custom Resource (CR). You need to provide it a name, provide the name of the backup that you want to restore from and set the restorePVs to true, to restore its persistent disks. Additional parameters can be set as shown in the documentation. Click on Create button.
When the phase shows completed, you can see that the virtual machines have been restored to the state when the snapshot was taken. (If the backup was created with the VM in running state, restoring the VM from the backup will start the restored VM and bring it to a running state). The VM is restored to the same namespace.
5. Deleting the backups and restores
You can delete a Backup CR without deleting the Object Storage data by using the OC CLI tool.
oc delete backup <backup_CR_name> -n <velero_namespace>
If you want the delete the Backup CR and delete the associated object storage data, you can do so by using the Velero CLI tool. Download the CLI as given in the instructions in the Velero documentation.
Execute the following delete command using the Velero CLI
velero backup delete <backup_CR_name> -n <velero_namespace>
You can use OC command, UI, or the Velero CLI to delete the Restore CR.
oc delete backup <backup_CR_name> -n <velero_namespace>
velero restore delete restore --namespace openshift-adp
Summary:
In this blog you have seen a demonstration of how to install the OADP operator, configure Velero and perform a Backup and Restore of VMs in OpenShift Virtualization to ONTAP S3. For additional details about how to use NetApp StorageGRID S3 as the backupStorageLocation in Velero, how to create backups on a schedule, how to restore to a different namespace or to a different storage class, please refer to the NetApp Solutions documentation.