Prerequisites for backup from snapshot and restore from backup operations
Verify that storage class added to storageMap is set with volume binding mode as Immediate. If the PVC volume binding mode is WaitForFirstConsumer then it affects the creation of the snapshot from the PVC. This situation can cause the backup jobs to fail.
Example: Run the command:# kubectl get sc
Each primary server which runs the backup from snapshot and restore from backup copy operations, needs to create a separate ConfigMap with the primary server's name.
In the following
configmap.yamlexample:backupserver.sample.domain.comandmediaserver.sample.domain.comare the host names of the NetBackup primary and media server.IP:
10.20.12.13and IP:10.21.12.13are the IP addresses of the NetBackup primary and media server.
apiVersion: v1 data: datamover.hostaliases: | 10.20.12.13=backupserver.sample.domain.com 10.21.12.13=mediaserver.sample.domain.com datamover.properties: | image=reg.domain.com/datamover/image:latest version: "1" kind: ConfigMap metadata: name: backupserver.sample.domain.com namespace: kops-nsCopy the
configmap.yamlfile details.Open the text editor and paste the
yamlfile details.Save the file with the
yamlfile extension to the home directory from where the Kubernetes clusters are accessible.
Specify
datamover.properties: image=reg.domain.com/datamover/image:latestwith correct data mover image.Specify
datamover.hostaliases, if the primary server and the media servers that are connected to the primary server have short names and host resolution failing from the data mover. Provide a mapping of all the host names to the IPs for the primary and the media servers.Create a secret as described in detail in the Point 6 in the Deploy service package on NetBackup Kubernetes operator section to use a private docker registry.
Once the secret is created, add the following attributes while creating a configmap.yaml file.
datamover.properties: | image=repo.azurecr.io/netbackup/datamover:10.0.0049 imagePullSecret=secret_name
Create the
configmap.yamlfile. Run the command: kubectl create -f configmap.yaml.If the Kubernetes operator is not able to resolve the primary server with the short names, refer to the following guidelines.
If you get the following message when you fetch the certificates:EXIT STATUS 8500: Connection with the web service was not established. Then, verify the host name resolution state from the
nbcertlogs.If the host name resolution fails, then update the
values.yamlfile withhostAliases.In the following
hostAliasesexample:backupserver.sample.domain.comandmediaserver.sample.domain.comare the host names of the NetBackup primary and media server.IP:
10.20.12.13and IP:10.21.12.13are the IP addresses of NetBackup primary and media server.
hostAliases: - hostnames: - backupserver.sample.domain.com ip: 10.20.12.13 - hostnames: - mediaserver.sample.domain.com ip: 10.21.12.13
Copy, paste the
hostAliasesexample details in the text editor and add to thehostAliasesin the deployment.Note:
The
hostAliasessection must be added in the default file./netbackupkops-helm-chart/values.yaml.hostAliasesexample:2104 hostAliases; - ip:10.15.206.7 hostnames: - lab02-linsvr-01.demo.sample.domain.com - lab02-linsvr-01 - ip:10.15.206.8 hostnames: - lab02-linsvr-02.demo.sample.domain.com - lab02-linsvr-02 imagePullSecrets: - name: {{ .values.netbackupKops.imagePullSecrets.name}}
To update TLS related configurations for nbcertcmdtool, update the configmap with name {{ .Release.Namespace }}-certconfigscript in
deployment.yamlfile with the required setting.For example:
To set TLS_MAX_VERSION, apiVersion: v1 data: nbcert.sh: | #!/bin/sh mkdir -p /usr/openv/kops mkdir -p /usr/openv/fingerprint-dir mkdir -p /usr/openv/tmp mkdir -p /usr/openv/netbackup/logs/nbcert mkdir -p /usr/openv/netbackup/logs/nbcert/nobody mkdir -p /usr/openv/var/global mkdir -p /usr/openv/var/vxss cp -r /nbcertcmdtool /usr/openv/nbcertcmdtool touch /usr/openv/var/global/nbcl.conf touch /usr/openv/netbackup/bp.conf chown -R nobody:nobody /usr/openv echo "CLIENT_KEEP_LOG_DAYS = 90" >> /usr/openv/netbackup/bp.conf echo "SERVICE_USER=nobody" >> /usr/openv/netbackup/bp.conf echo "MACHINE_NBU_TYPE = KUBERNETES_CLUSTER" >> /usr/openv/netbackup/bp.conf echo "TLS_MAX_VERSION = TLSv1.3" >> /usr/openv/netbackup/bp.conf kind: ConfigMap metadata: labels: component: netbackup name: {{ .Release.Namespace }}-certconfigscript namespace: {{ .Release.Namespace }}Create a secret with fingerprint and authorization token.
For more information about creating the secret and backupservercert, refer to the section Deploying certificates on NetBackup Kubernetes operator in the NetBackup for Kubernetes Administrator's Guide.
Create a backupservercert request to fetch certificates.
For more information, refer to Deploying certificates on NetBackup Kubernetes operatorin the NetBackup for Kubernetes Administrator's Guide.
For more information, refer to the NetBackup Security and Encryption Guide.
Note:
This step is mandatory to have successful backup from snapshot and restore from backup copies.