Restoring virtual machines

You restore an OpenShift API for Data Protection (OADP) Backup custom resource (CR) by creating a Restore CR.

You can add hooks to the Restore CR to run commands in init containers, before the application container starts, or in the application container itself.

Creating a Restore CR

You restore a Backup custom resource (CR) by creating a Restore CR.

Prerequisites

  • You must install the OpenShift API for Data Protection (OADP) Operator.

  • The DataProtectionApplication CR must be in a Ready state.

  • You must have a Velero Backup CR.

  • The persistent volume (PV) capacity must match the requested size at backup time. Adjust the requested size if needed.

Procedure

  1. Create a Restore CR, as in the following example:

    1. apiVersion: velero.io/v1
    2. kind: Restore
    3. metadata:
    4.   name: <restore>
    5.   namespace: openshift-adp
    6. spec:
    7.   backupName: <backup> (1)
    8.   includedResources: [] (2)
    9.   excludedResources:
    10.   - nodes
    11.   - events
    12.   - events.events.k8s.io
    13.   - backups.velero.io
    14.   - restores.velero.io
    15.   - resticrepositories.velero.io
    16.   restorePVs: true (3)
    1Name of the Backup CR.
    2Optional: Specify an array of resources to include in the restore process. Resources might be shortcuts (for example, po for pods) or fully-qualified. If unspecified, all resources are included.
    3Optional: The restorePVs parameter can be set to false to turn off restore of PersistentVolumes from VolumeSnapshot of Container Storage Interface (CSI) snapshots or from native snapshots when VolumeSnapshotLocation is configured.

  2. Verify that the status of the Restore CR is Completed by entering the following command:

    1. $ oc get restore -n openshift-adp <restore> -o jsonpath='{.status.phase}'

  3. Verify that the backup resources have been restored by entering the following command:

    1. $ oc get all -n <namespace> (1)
    1Namespace that you backed up.

  4. If you use Restic to restore DeploymentConfig objects or if you use post-restore hooks, run the dc-restic-post-restore.sh cleanup script by entering the following command:

    1. $ bash dc-restic-post-restore.sh <restore-name>

    During the restore process, the OADP Velero plug-ins scale down the DeploymentConfig objects and restore the pods as standalone pods. This is done to prevent the cluster from deleting the restored DeploymentConfig pods immediately on restore and to allow Restic and post-restore hooks to complete their actions on the restored pods. The cleanup script shown below removes these disconnected pods and scales any DeploymentConfig objects back up to the appropriate number of replicas.

    dc-restic-post-restore.sh cleanup script

    1. #!/bin/bash
    2. set -e
    4. # if sha256sum exists, use it to check the integrity of the file
    5. if command -v sha256sum >/dev/null 2>&1; then
    6.   CHECKSUM_CMD="sha256sum"
    7. else
    8.   CHECKSUM_CMD="shasum -a 256"
    9. fi
    11. label_name () {
    12.     if [ "${#1}" -le "63" ]; then
    13.     echo $1
    14.     return
    15.     fi
    16.     sha=$(echo -n $1|$CHECKSUM_CMD)
    17.     echo "${1:0:57}${sha:0:6}"
    18. }
    20. OADP_NAMESPACE=${OADP_NAMESPACE:=openshift-adp}
    22. if [[ $# -ne 1 ]]; then
    23.     echo "usage: ${BASH_SOURCE} restore-name"
    24.     exit 1
    25. fi
    27. echo using OADP Namespace $OADP_NAMESPACE
    28. echo restore: $1
    30. label=$(label_name $1)
    31. echo label: $label
    33. echo Deleting disconnected restore pods
    34. oc delete pods -l oadp.openshift.io/disconnected-from-dc=$label
    36. for dc in $(oc get dc --all-namespaces -l oadp.openshift.io/replicas-modified=$label -o jsonpath='{range .items[*]}{.metadata.namespace}{","}{.metadata.name}{","}{.metadata.annotations.oadp\.openshift\.io/original-replicas}{","}{.metadata.annotations.oadp\.openshift\.io/original-paused}{"\n"}')
    37. do
    38.     IFS=',' read -ra dc_arr <<< "$dc"
    39.     if [ ${#dc_arr[0]} -gt 0 ]; then
    40.     echo Found deployment ${dc_arr[0]}/${dc_arr[1]}, setting replicas: ${dc_arr[2]}, paused: ${dc_arr[3]}
    41.     cat <<EOF | oc patch dc  -n ${dc_arr[0]} ${dc_arr[1]} --patch-file /dev/stdin
    42. spec:
    43.   replicas: ${dc_arr[2]}
    44.   paused: ${dc_arr[3]}
    45. EOF
    46.     fi
    47. done

Creating restore hooks

You create restore hooks to run commands in a container in a pod by editing the Restore custom resource (CR).

You can create two types of restore hooks:

  • An init hook adds an init container to a pod to perform setup tasks before the application container starts.

    If you restore a Restic backup, the restic-wait init container is added before the restore hook init container.

  • An exec hook runs commands or scripts in a container of a restored pod.

Procedure

  • Add a hook to the spec.hooks block of the Restore CR, as in the following example:

    1. apiVersion: velero.io/v1
    2. kind: Restore
    3. metadata:
    4.   name: <restore>
    5.   namespace: openshift-adp
    6. spec:
    7.   hooks:
    8.     resources:
    9.       - name: <hook_name>
    10.         includedNamespaces:
    11.         - <namespace> (1)
    12.         excludedNamespaces:
    13.         - <namespace>
    14.         includedResources:
    15.         - pods (2)
    16.         excludedResources: []
    17.         labelSelector: (3)
    18.           matchLabels:
    19.             app: velero
    20.             component: server
    21.         postHooks:
    22.         - init:
    23.             initContainers:
    24.             - name: restore-hook-init
    25.               image: alpine:latest
    26.               volumeMounts:
    27.               - mountPath: /restores/pvc1-vm
    28.                 name: pvc1-vm
    29.               command:
    30.               - /bin/ash
    31.               - -c
    32.             timeout: (4)
    33.         - exec:
    34.             container: <container> (5)
    35.             command:
    36.             - /bin/bash (6)
    37.             - -c
    38.             - "psql < /backup/backup.sql"
    39.             waitTimeout: 5m (7)
    40.             execTimeout: 1m (8)
    41.             onError: Continue (9)
    1Optional: Array of namespaces to which the hook applies. If this value is not specified, the hook applies to all namespaces.
    2Currently, pods are the only supported resource that hooks can apply to.
    3Optional: This hook only applies to objects matching the label selector.
    4Optional: Timeout specifies the maximum length of time Velero waits for initContainers to complete.
    5Optional: If the container is not specified, the command runs in the first container in the pod.
    6This is the entrypoint for the init container being added.
    7Optional: How long to wait for a container to become ready. This should be long enough for the container to start and for any preceding hooks in the same container to complete. If not set, the restore process waits indefinitely.
    8Optional: How long to wait for the commands to run. The default is 30s.
    9Allowed values for error handling are Fail and Continue:

    • Continue: Only command failures are logged.

    • Fail: No more restore hooks run in any container in any pod. The status of the Restore CR will be PartiallyFailed.