Backing up virtual machines

You back up virtual machines (VMs) by creating an OpenShift API for Data Protection (OADP) Backup custom resource (CR).

The Backup CR performs the following actions:

OADP provides backup hooks to freeze the VM file system before the backup operation and unfreeze it when the backup is complete.

The kubevirt-controller creates the virt-launcher pods with annotations that enable Velero to run the virt-freezer binary before and after the backup operation.

The freeze and unfreeze APIs are subresources of the VM snapshot API. See About virtual machine snapshots for details.

You can add hooks to the Backup CR to run commands on specific VMs before or after the backup operation.

You schedule a backup by creating a Schedule CR instead of a Backup CR.

Creating a Backup CR

You back up Kubernetes images, internal images, and persistent volumes (PVs) by creating a Backup custom resource (CR).

Prerequisites

  • You must install the OpenShift API for Data Protection (OADP) Operator.

  • The DataProtectionApplication CR must be in a Ready state.

  • Backup location prerequisites:

    • You must have S3 object storage configured for Velero.

    • You must have a backup location configured in the DataProtectionApplication CR.

  • Snapshot location prerequisites:

    • Your cloud provider must have a native snapshot API or support Container Storage Interface (CSI) snapshots.

    • For CSI snapshots, you must create a VolumeSnapshotClass CR to register the CSI driver.

    • You must have a volume location configured in the DataProtectionApplication CR.

Procedure

  1. Retrieve the backupStorageLocations CRs:

    1. $ oc get backupStorageLocations

    Example output

    1. NAME PHASE LAST VALIDATED AGE DEFAULT
    2. velero-sample-1 Available 11s 31m
  2. Create a Backup CR, as in the following example:

    1. apiVersion: velero.io/v1
    2. kind: Backup
    3. metadata:
    4. name: <backup>
    5. labels:
    6. velero.io/storage-location: default
    7. namespace: openshift-adp
    8. spec:
    9. hooks: {}
    10. includedNamespaces:
    11. - <namespace> (1)
    12. includeClusterResources: true
    13. storageLocation: <velero-sample-1> (2)
    14. ttl: 720h0m0s
    1Specify an array of namespaces to back up.
    2Specify the name of the backupStorageLocations CR.
  3. Verify that the status of the Backup CR is Completed:

    1. $ oc get backup -n openshift-adp <backup> -o jsonpath='{.status.phase}'

Backing up persistent volumes with CSI snapshots

You back up persistent volumes with Container Storage Interface (CSI) snapshots by editing the VolumeSnapshotClass custom resource (CR) of the cloud storage before you create the Backup CR.

Prerequisites

  • The cloud provider must support CSI snapshots.

  • You must enable CSI in the DataProtectionApplication CR.

Procedure

  • Add the metadata.labels.velero.io/csi-volumesnapshot-class: "true" key-value pair to the VolumeSnapshotClass CR:

    1. apiVersion: snapshot.storage.k8s.io/v1
    2. kind: VolumeSnapshotClass
    3. metadata:
    4. name: <volume_snapshot_class_name>
    5. labels:
    6. velero.io/csi-volumesnapshot-class: "true"
    7. driver: <csi_driver>
    8. deletionPolicy: Retain

You can now create a Backup CR.

Backing up applications with Restic

You back up Kubernetes resources, internal images, and persistent volumes with Restic by editing the Backup custom resource (CR).

You do not need to specify a snapshot location in the DataProtectionApplication CR.

Prerequisites

  • You must install the OpenShift API for Data Protection (OADP) Operator.

  • You must not disable the default Restic installation by setting spec.configuration.restic.enable to false in the DataProtectionApplication CR.

  • The DataProtectionApplication CR must be in a Ready state.

Procedure

  • Edit the Backup CR, as in the following example:

    1. apiVersion: velero.io/v1
    2. kind: Backup
    3. metadata:
    4. name: <backup>
    5. labels:
    6. velero.io/storage-location: default
    7. namespace: openshift-adp
    8. spec:
    9. defaultVolumesToRestic: true (1)
    10. ...
    1Add defaultVolumesToRestic: true to the spec block.

Creating backup hooks

You create backup hooks to run commands in a container in a pod by editing the Backup custom resource (CR).

Pre hooks run before the pod is backed up. Post hooks run after the backup.

Procedure

  • Add a hook to the spec.hooks block of the Backup CR, as in the following example:

    1. apiVersion: velero.io/v1
    2. kind: Backup
    3. metadata:
    4. name: <backup>
    5. namespace: openshift-adp
    6. spec:
    7. hooks:
    8. resources:
    9. - name: <hook_name>
    10. includedNamespaces:
    11. - <namespace> (1)
    12. excludedNamespaces:
    13. - <namespace>
    14. includedResources:
    15. - pods (2)
    16. excludedResources: []
    17. labelSelector: (3)
    18. matchLabels:
    19. app: velero
    20. component: server
    21. pre: (4)
    22. - exec:
    23. container: <container> (5)
    24. command:
    25. - /bin/uname (6)
    26. - -a
    27. onError: Fail (7)
    28. timeout: 30s (8)
    29. post: (9)
    30. ...
    1Array of namespaces to which the hook applies. If this value is not specified, the hook applies to all namespaces.
    2Currently, pods are the only supported resource.
    3Optional: This hook only applies to objects matching the label selector.
    4Array of hooks to run before the backup.
    5Optional: If the container is not specified, the command runs in the first container in the pod.
    6Array of commands that the hook runs.
    7Allowed values for error handling are Fail and Continue. The default is Fail.
    8Optional: How long to wait for the commands to run. The default is 30s.
    9This block defines an array of hooks to run after the backup, with the same parameters as the pre-backup hooks.

Scheduling backups

You schedule backups by creating a Schedule custom resource (CR) instead of a Backup CR.

Prerequisites

  • You must install the OpenShift API for Data Protection (OADP) Operator.

  • The DataProtectionApplication CR must be in a Ready state.

Procedure

  1. Retrieve the backupStorageLocations CRs:

    1. $ oc get backupStorageLocations

    Example output

    1. NAME PHASE LAST VALIDATED AGE DEFAULT
    2. velero-sample-1 Available 11s 31m
  2. Create a Schedule CR, as in the following example:

    1. $ cat << EOF | oc apply -f -
    2. apiVersion: velero.io/v1
    3. kind: Schedule
    4. metadata:
    5. name: <schedule>
    6. namespace: openshift-adp
    7. spec:
    8. schedule: 0 7 * * * (1)
    9. template:
    10. hooks: {}
    11. includedNamespaces:
    12. - <namespace> (2)
    13. storageLocation: <velero-sample-1> (3)
    14. includeClusterResources: true
    15. defaultVolumesToRestic: true (4)
    16. ttl: 720h0m0s
    17. EOF
    1cron expression to schedule the backup, for example, 0 7 * to perform a backup every day at 7:00.
    2Array of namespaces to back up.
    3Name of the backupStorageLocations CR.
    4Optional: Add the defaultVolumesToRestic: true key-value pair if you are backing up volumes with Restic.
  3. Verify that the status of the Schedule CR is Completed after the scheduled backup runs:

    1. $ oc get schedule -n openshift-adp <schedule> -o jsonpath='{.status.phase}'

Additional resources