Synchronization of local MariaDB backups with a remote S3 storage¶
Available since MOSK 25.1 TechPreview
MOSK provides the capability to synchronize local MariaDB backups with a remote S3 storage. Distributing backups across multiple locations increases their safety. Optionally, backup archives stored in S3 can be encrypted on the server side.
To enable synchronization, you need to have a preconfigured S3 storage and a user account for access.
Limitations¶
Only one remote S3 storage can be configured
Disabling the S3 synchronization does not automatically remove the data
Enable the synchronization with the S3 storage¶
Verify that the S3 storage is accessible through the network from all OpenStack control plane nodes.
Create the secret to store credentials for access to the S3 storage:
--- apiVersion: v1 kind: Secret metadata: labels: openstack.lcm.mirantis.com/osdpl_secret: "true" name: mariadb-backup-s3-hidden namespace: openstack type: Opaque data: access_key: <ACCESS-KEY-FOR-S3-ACCOUNT> secret_key: <SECRET-KEY-FOR-S3-ACCOUNT> sse_kms_key_id: <SECRET-KEY-FOR-SERVER-SIDE-ENCRYPTION>
Enable synchronization by adding the following structure to the
OpenStackDeploymentcustom resource. For example, to use Ceph RadosGW as the S3 storage provider and enable server-side encryption for stored archives:spec: features: database: backup: enabled: true sync_remote: enabled: true remotes: << remote name >>: conf: type: s3 provider: Ceph endpoint: <URL-TO-S3-STORAGE> path: <BUCKET-NAME-FOR-BACKUPS-ON-S3-STORAGE> server_side_encryption: aws:kms access_key_id: value_from: secret_key_ref: key: access_key name: mariadb-backup-s3-hidden secret_access_key: value_from: secret_key_ref: key: secret_key name: mariadb-backup-s3-hidden sse_kms_key_id: value_from: secret_key_ref: key: sse_kms_key_id name: mariadb-backup-s3-hidden
Alternatively, you can set the
providerparameter toAWSif you prefer using AWS as a provider for S3 storage and omit theserver_side_encryptionandsse_kms_key_idparameters if encryption is not required.