-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OADP 3144 - Installing OADP on an AWS STS manually
oadp-3144:5/3 1255
- Loading branch information
1 parent
00b3e61
commit 9617ee6
Showing
13 changed files
with
756 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
backup_and_restore/application_backup_and_restore/aws-sts/_attributes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../_attributes/ |
1 change: 1 addition & 0 deletions
1
backup_and_restore/application_backup_and_restore/aws-sts/images
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../images/ |
1 change: 1 addition & 0 deletions
1
backup_and_restore/application_backup_and_restore/aws-sts/modules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../modules |
43 changes: 43 additions & 0 deletions
43
backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
:_mod-docs-content-type: ASSEMBLY | ||
[id="oadp-aws-sts"] | ||
= Backing up applications on AWS STS using OADP | ||
include::_attributes/common-attributes.adoc[] | ||
:context: oadp-aws-sts-backing-up-applications | ||
|
||
toc::[] | ||
|
||
You install the {oadp-first} with {aws-first} by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v{velero-version}/[Velero {velero-version}]. | ||
|
||
include::snippets/oadp-mtc-operator.adoc[] | ||
|
||
You configure {aws-short} for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator]. | ||
|
||
To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. | ||
|
||
You can install {oadp-short} on an AWS {sts-first} (AWS STS) cluster manually. Amazon {aws-short} provides {aws-short} STS as a web service that enables you to request temporary, limited-privilege credentials for users. You use STS to provide trusted users with temporary access to resources via API calls, your {aws-short} console, or the {aws-short} command line interface (CLI). | ||
|
||
Before installing {oadp-first}, you must set up role and policy credentials for {oadp-short} so that it can use the {aws-full} API. | ||
|
||
This process is performed in the following two stages: | ||
|
||
. Prepare {aws-short} credentials. | ||
. Install the OADP Operator and give it an IAM role. | ||
|
||
include::modules/preparing-aws-sts-credentials-for-oadp.adoc[leveloffset=+1] | ||
|
||
include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2] | ||
|
||
include::modules/installing-oadp-aws-sts.adoc[leveloffset=+1] | ||
|
||
[role="_additional-resources"] | ||
.Additional resources | ||
|
||
* xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console] | ||
* xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#backing-up-applications[Backing up applications] | ||
[id="oadp-aws-sts-backing-up-and-cleaning"] | ||
== Backing up workload on OADP AWS STS, with an optional cleanup | ||
|
||
include::modules/performing-a-backup-oadp-aws-sts.adoc[leveloffset=+2] | ||
|
||
include::modules/cleanup-a-backup-oadp-aws-sts.adoc[leveloffset=+2] |
1 change: 1 addition & 0 deletions
1
backup_and_restore/application_backup_and_restore/aws-sts/snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../snippets/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
// Module included in the following assemblies: | ||
// | ||
// * backup_and_restore/application_backup_and_restore/oadp-aws-sts/oadp-aws-sts.adoc | ||
|
||
:_mod-docs-content-type: PROCEDURE | ||
[id="cleanup-a-backup-oadp-aws-sts_{context}"] | ||
= Cleaning up a cluster after a backup with OADP and AWS STS | ||
|
||
If you need to uninstall the {oadp-first} Operator together with the backups and the S3 bucket from this example, follow these instructions. | ||
|
||
.Procedure | ||
|
||
. Delete the workload by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ oc delete ns hello-world | ||
---- | ||
|
||
. Delete the Data Protection Application (DPA) by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ oc -n openshift-adp delete dpa ${CLUSTER_NAME}-dpa | ||
---- | ||
|
||
. Delete the cloud storage by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ oc -n openshift-adp delete cloudstorage ${CLUSTER_NAME}-oadp | ||
---- | ||
|
||
+ | ||
[IMPORTANT] | ||
==== | ||
If this command hangs, you might need to delete the finalizer by running the following command: | ||
[source,terminal] | ||
---- | ||
$ oc -n openshift-adp patch cloudstorage ${CLUSTER_NAME}-oadp -p '{"metadata":{"finalizers":null}}' --type=merge | ||
---- | ||
==== | ||
|
||
. If the Operator is no longer required, remove it by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ oc -n openshift-adp delete subscription oadp-operator | ||
---- | ||
|
||
. Remove the namespace from the Operator by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ oc delete ns openshift-adp | ||
---- | ||
|
||
. If the backup and restore resources are no longer required, remove them from the cluster by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ oc delete backup hello-world | ||
---- | ||
|
||
. To delete backup, restore and remote objects in {aws-short} S3, run the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ velero backup delete hello-world | ||
---- | ||
|
||
. If you no longer need the Custom Resource Definitions (CRD), remove them from the cluster by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ for CRD in `oc get crds | grep velero | awk '{print $1}'`; do oc delete crd $CRD; done | ||
---- | ||
|
||
. Delete the {aws-short} S3 bucket by running the following commands: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ aws s3 rm s3://${CLUSTER_NAME}-oadp --recursive | ||
---- | ||
+ | ||
[source,terminal] | ||
---- | ||
$ aws s3api delete-bucket --bucket ${CLUSTER_NAME}-oadp | ||
---- | ||
|
||
. Detach the policy from the role by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ aws iam detach-role-policy --role-name "${ROLE_NAME}" --policy-arn "${POLICY_ARN}" | ||
---- | ||
|
||
. Delete the role by running the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ aws iam delete-role --role-name "${ROLE_NAME}" | ||
---- |
Oops, something went wrong.