Backup configuration

MOSK provides support for the following back ends for the Block Storage service (OpenStack Cinder):

Support status of storage back ends for Cinder

Back end

Support status

Ceph

Full support, default

NFS

  • TechPreview for Yoga and newer OpenStack releases

  • Available since MOSK 23.2

S3

  • TechPreview for Yoga and newer OpenStack releases

  • Available since MOSK 23.2

In MOSK, Cinder backup is enabled and uses the Ceph back end for Cinder by default. The backup configuration is stored in the spec:features:cinder:backup structure in the OpenStackDeployment custom resource. If necessary, you can disable the backup feature in Cinder as follows:

kind: OpenStackDeployment
spec:
  features:
    cinder:
      backup:
        enabled: false

Using this structure, you can also configure another backup driver supported by MOSK for Cinder as described below. At any given time, only one back end can be enabled.

Configuring an NFS driver

Available since MOSK 23.2 TechPreview

MOSK supports NFS Unix authentication exclusively. To use an NFS driver with MOSK, ensure you have a preconfigured NFS server with an NFS share accessible to a Unix Cinder user. This user must be the owner of the exported NFS folder, and the folder must have the permission value set to 775.

All Cinder services run with the same user by default. To obtain the Unix user ID:

kubectl -n openstack get pod -l application=cinder,component=api -o jsonpath='{.items[0].spec.securityContext.runAsUser}'

Note

The NFS server must be accessible through the network from all OpenStack control plane nodes of the cluster.

To enable the NFS storage for Cinder backup, configure the following structure in the OpenStackDeployment object:

spec:
  features:
    cinder:
      backup:
        drivers:
          <BACKEND_NAME>:
            type: nfs
            enabled: true
            backup_share: <URL_TO_NFS_SHARE>

You can specify the backup_share parameter in following formats: hostname:path, ipv4addr:path, or [ipv6addr]:path. For example: 1.2.3.4:/cinder_backup.

Configuring an S3 driver

Available since MOSK 23.2 TechPreview

To use an S3 driver with MOSK, ensure you have a preconfigured S3 storage with a user account created for access.

Note

The S3 storage must be accessible through the network from all OpenStack control plane nodes of the cluster.

To enable the S3 storage for Cinder backup:

  1. Create a dedicated secret in Kuberbetes to securely store the credentials required for accessing the S3 storage:

    ---
apiVersion: v1
kind: Secret
metadata:
  labels:
    openstack.lcm.mirantis.com/osdpl_secret: "true"
  name: cinder-backup-s3-hidden
  namespace: openstack
type: Opaque
data:
  access_key: <ACCESS_KEY_FOR_S3_ACCOUNT>
  secret_key: <ACCESS_KEY_FOR_S3_ACCOUNT>

  2. Configure the following structure in the OpenStackDeployment object:

    spec:
  features:
    cinder:
      backup:
        drivers:
          <BACKEND_NAME>:
            type: s3
            enabled: true
            endpoint_url: <URL_TO_S3_STORAGE>
            store_bucket: <S3_BUCKET_NAME>
            store_access_key:
              value_from:
                secret_key_ref:
                  key: access_key
                  name: cinder-backup-s3-hidden
            store_secret_key:
              value_from:
                secret_key_ref:
                  key: secret_key
                  name: cinder-backup-s3-hidden