Backup configuration¶
MOSK provides support for the following backends for the Block Storage service (OpenStack Cinder):
Backend |
Support status |
---|---|
Ceph |
Full support, default |
NFS |
|
S3 |
|
In MOSK, Cinder backup is enabled and uses the Ceph back
end for Cinder by default. The backup configuration is stored
in the spec:features:cinder:backup
structure in the
OpenStackDeployment
custom resource. If necessary, you can disable
the backup feature in Cinder as follows:
kind: OpenStackDeployment
spec:
features:
cinder:
backup:
enabled: false
Using this structure, you can also configure another backup driver supported by MOSK for Cinder as described below. At any given time, only one backend can be enabled.
Configuring an NFS driver¶
Available since MOSK 23.2 TechPreview
MOSK supports NFS Unix authentication exclusively.
To use an NFS driver with MOSK, ensure you have
a preconfigured NFS server with an NFS share accessible to a Unix
Cinder user. This user must be the owner of the exported NFS folder,
and the folder must have the permission value set to 775
.
All Cinder services run with the same user by default. To obtain the Unix user ID:
kubectl -n openstack get pod -l application=cinder,component=api -o jsonpath='{.items[0].spec.securityContext.runAsUser}'
Note
The NFS server must be accessible through the network from all OpenStack control plane nodes of the cluster.
To enable the NFS storage for Cinder backup, configure the following
structure in the OpenStackDeployment
object:
spec:
features:
cinder:
backup:
drivers:
<BACKEND_NAME>:
type: nfs
enabled: true
backup_share: <URL_TO_NFS_SHARE>
You can specify the backup_share
parameter in following formats:
hostname:path
, ipv4addr:path
, or [ipv6addr]:path
.
For example: 1.2.3.4:/cinder_backup
.
Configuring an S3 driver¶
Available since MOSK 23.2 TechPreview
To use an S3 driver with MOSK, ensure you have a preconfigured S3 storage with a user account created for access.
Note
The S3 storage must be accessible through the network from all OpenStack control plane nodes of the cluster.
To enable the S3 storage for Cinder backup:
Create a dedicated secret in Kuberbetes to securely store the credentials required for accessing the S3 storage:
--- apiVersion: v1 kind: Secret metadata: labels: openstack.lcm.mirantis.com/osdpl_secret: "true" name: cinder-backup-s3-hidden namespace: openstack type: Opaque data: access_key: <ACCESS_KEY_FOR_S3_ACCOUNT> secret_key: <ACCESS_KEY_FOR_S3_ACCOUNT>
Configure the following structure in the
OpenStackDeployment
object:spec: features: cinder: backup: drivers: <BACKEND_NAME>: type: s3 enabled: true endpoint_url: <URL_TO_S3_STORAGE> store_bucket: <S3_BUCKET_NAME> store_access_key: value_from: secret_key_ref: key: access_key name: cinder-backup-s3-hidden store_secret_key: value_from: secret_key_ref: key: secret_key name: cinder-backup-s3-hidden