diff --git a/backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc b/backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc index 86755d430c90..3436cec472ec 100644 --- a/backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc +++ b/backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc @@ -14,14 +14,14 @@ You configure {aws-short} for Velero, create a default `Secret`, and then instal To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details. -You can install {oadp-short} on an AWS {sts-first} (AWS STS) cluster manually. Amazon {aws-short} provides {aws-short} STS as a web service that enables you to request temporary, limited-privilege credentials for users. You use STS to provide trusted users with temporary access to resources via API calls, your {aws-short} console or the {aws-short} command line interface (CLI). +You can install {oadp-short} on an AWS {sts-first} (AWS STS) cluster manually. Amazon {aws-short} provides {aws-short} STS as a web service that enables you to request temporary, limited-privilege credentials for users. You use STS to provide trusted users with temporary access to resources via API calls, your {aws-short} console, or the {aws-short} command line interface (CLI). Before installing {oadp-first}, you must set up role and policy credentials for {oadp-short} so that it can use the {aws-full} API. This process is performed in the following two stages: -. Prepare {aws-short} credentials -. Install the OADP Operator and give it an IAM role +. Prepare {aws-short} credentials. +. Install the OADP Operator and give it an IAM role. include::modules/preparing-aws-sts-credentials-for-oadp.adoc[leveloffset=+1] @@ -32,11 +32,11 @@ include::modules/installing-oadp-aws-sts.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources -* xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console]. +* xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console] * xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#backing-up-applications[Backing up applications] [id="oadp-aws-sts-backing-up-and-cleaning"] -== Example: Backing up workload on OADP AWS STS, with an optional cleanup +== Backing up workload on OADP AWS STS, with an optional cleanup include::modules/performing-a-backup-oadp-aws-sts.adoc[leveloffset=+2] diff --git a/modules/cleanup-a-backup-oadp-aws-sts.adoc b/modules/cleanup-a-backup-oadp-aws-sts.adoc index 7cba8fa822f6..2bfd10c58ee5 100644 --- a/modules/cleanup-a-backup-oadp-aws-sts.adoc +++ b/modules/cleanup-a-backup-oadp-aws-sts.adoc @@ -32,7 +32,7 @@ $ oc -n openshift-adp delete cloudstorage ${CLUSTER_NAME}-oadp ---- + -[WARNING] +[IMPORTANT] ==== If this command hangs, you might need to delete the finalizer by running the following command: @@ -49,7 +49,7 @@ $ oc -n openshift-adp patch cloudstorage ${CLUSTER_NAME}-oadp -p '{"metadata":{" $ oc -n openshift-adp delete subscription oadp-operator ---- -. Remove the namespace from the Operator: +. Remove the namespace from the Operator by running the following command: + [source,terminal] ---- @@ -63,7 +63,7 @@ $ oc delete ns openshift-adp $ oc delete backup hello-world ---- -. To delete backup, restore and remote objects in {aws-short} S3 run the following command: +. To delete backup, restore and remote objects in {aws-short} S3, run the following command: + [source,terminal] ---- diff --git a/modules/installing-oadp-aws-sts.adoc b/modules/installing-oadp-aws-sts.adoc index d759cb31390c..cbcdeaf85d16 100644 --- a/modules/installing-oadp-aws-sts.adoc +++ b/modules/installing-oadp-aws-sts.adoc @@ -13,7 +13,7 @@ AWS Security Token Service (AWS STS) is a global web service that provides short Restic and Kopia are not supported in the OADP {aws-short} {sts-short} environment. Verify that the Restic and Kopia node agent is disabled. For backing up volumes, OADP on {aws-short} {sts-short} supports only native snapshots and Container Storage Interface (CSI) snapshots. -In an Amazon {aws-short} cluster that uses STS authentication, restoring backed-up data in a different {aws-short} region is not supported. +In an {aws-short} cluster that uses STS authentication, restoring backed-up data in a different {aws-short} region is not supported. The Data Mover feature is not currently supported in {aws-short} {sts-short} clusters. You can use native {aws-short} S3 tools for moving data. ==== @@ -219,7 +219,7 @@ $ cat << EOF | oc create -f - provider: aws EOF ---- -<1> Set this field to false if you do not want to use image backup. +<1> Set this field to `false` if you do not want to use image backup. <2> See the first note regarding the `nodeAgent` attribute. <3> The `credentialsFile` field is the mounted location of the bucket credential on the pod. <4> The `enableSharedConfig` field allows the `snapshotLocations` to share or reuse the credential defined for the bucket. diff --git a/modules/performing-a-backup-oadp-aws-sts.adoc b/modules/performing-a-backup-oadp-aws-sts.adoc index 47bafa8a66f3..a1403455eadb 100644 --- a/modules/performing-a-backup-oadp-aws-sts.adoc +++ b/modules/performing-a-backup-oadp-aws-sts.adoc @@ -60,7 +60,7 @@ $ cat << EOF | oc create -f - EOF ---- -. Wait until the backup is completed and then run the following command: +. Wait until the backup has completed and then run the following command: + [source,terminal] ---- diff --git a/modules/preparing-aws-sts-credentials-for-oadp.adoc b/modules/preparing-aws-sts-credentials-for-oadp.adoc index eed4aae6ab34..c976fe36b557 100644 --- a/modules/preparing-aws-sts-credentials-for-oadp.adoc +++ b/modules/preparing-aws-sts-credentials-for-oadp.adoc @@ -6,18 +6,18 @@ [id="preparing-aws-sts-credentials-for-oadp_{context}"] = Preparing AWS STS credentials for OADP -An {aws-full} account must be prepared and configured to accept an {oadp-first} installation. Prepare the {aws-short} credentials by following the proceeding steps. +An {aws-full} account must be prepared and configured to accept an {oadp-first} installation. Prepare the {aws-short} credentials by using the following procedure. .Procedure . Define the `cluster_name` environment variable by running the following command: + [source,terminal] ---- -$ export CLUSTER_NAME= <1> +$ export CLUSTER_NAME= <1> ---- <1> The variable can be set to any value. -. Retrieve all the details of the `cluster` such as the `AWS_ACCOUNT_ID, OIDC_ENDPOINT` by running the following command: +. Retrieve all of the details of the `cluster` such as the `AWS_ACCOUNT_ID, OIDC_ENDPOINT` by running the following command: + [source,terminal] ---- @@ -30,16 +30,17 @@ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o json export REGION=$(oc get infrastructures cluster -o jsonpath='{.status.platformStatus.aws.region}' --allow-missing-template-keys=false || echo us-east-2) export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials" ---- -. Create a temporary directory to store all the files by running the following command: +. Create a temporary directory to store all of the files by running the following command: + [source,terminal] ---- $ export SCRATCH="/tmp/${CLUSTER_NAME}/oadp" mkdir -p ${SCRATCH} ---- -. Display all the gathered details by running the following command: +. Display all of the gathered details by running the following command: + [source,terminal] ----