The configuration diagram of the Pod arrangement and backup repository, which are prerequisites for the backup function to perform disaster recovery using the backup/restore method, is shown below.
In FEPCluster to get a backup, specify the object storage as the backup data storage destination with spec.fepChildCrVal.backup.pgbackrestParams.
Specify object storage that is in an area that is considered safe for the scope of the expected disaster.
The definition of the FEPCluster custom resource is not inherited when performing disaster recovery.
We recommend that you save your production environment FEPCluster custom resource definitions in case of a disaster.
Describes the procedure for restoring to an OCP environment different from the restore source using the backup data stored in the object storage.
Storing CA Files (Root Certificates)
If you want to use a non-default root certificate for object storage connections, register it in ConfigMap.
$ oc create configmap storage-cacert --from-file=ca.crt=storage-ca.pem -n my-namespace
Storing GCS Repository Key
When using the parameter (repo-gcs-key) of pgBackRest, register the GCS repository key in Secret.
$ oc create secret generic storage-key-secret --from-file=key.json=storage-key.json -n my-namespace
In addition to the FEPCluster settings, specify the Restore settings below.
FEPCluster Custom Resource Example
apiVersion: fep.fujitsu.io/v1
kind: FEPCluster
metadata:
…
spec:
fepChildCrVal:
restore:
pgbackrestParams: |
repo1-type=s3
repo1-path=/backup/cluster1
repo1-s3-bucket=sample-bucket
repo1-s3-endpoint=s3.ap-northeast-1.amazonaws.com
repo1-s3-region=ap-northeast-1
repo1-storage-ca-file=/pgbackrest/storage-certs/ca.crt
pgbackrestKeyParams: |
repo1-s3-key=SAMPLEKEY
repo1-s3-key-secret=SAMPLESECRET
caName:
- storage-cacert
…When using object storage GCS as a backup repository, specify as follows.
For repoKeySecretName, specify the Secret created in "Storing GCS Repository Key". Also, specify service for gcs-key-type.
apiVersion: fep.fujitsu.io/v1
kind: FEPCluster
metadata:
…
spec:
fepChildeCrVal:
backup:
pgbackrestParams: |
repo1-type=gcs
repo1-path=/backup-ct/test2
repo1-gcs-bucket=dbaas-gcs
repo1-gcs-endpoint=localhost
repo1-storage-ca-file=/pgbackrest/storage-certs/ca.crt
repo1-gcs-key=/pgbackrest/storage-key/key.json
repo1-gcs-key-type=service
caName:
- storage-cacert
repoKeySecretName:
- storage-key-secret
…Setting value
Field | Default | Details |
|---|---|---|
spec.fepChildCrVal.restore | Define when restoring by specifying the backup data stored in the object storage. | |
spec.fepChildCrVal.restore.pgbackrestParams | Optional "|" is fixed, and the following lines specify the parameters to set in pgbackrest.conf. If you want to use a root certificate other than the default, specify the following: Register the CA file in ConfigMap and specify the ConfigMap name in spec.fepChildCrVal.restore.caName. | |
spec.fepChildCrVal.restore.pgbackrestKeyParams | Optional "|" is fixed, and the following lines specify the parameters to set in pgbackrest.conf. The value described by this parameter is masked with *****. Specify the parameter you want to mask, such as a password. | |
spec.fepChildCrVal.restore.caName | Optional Specify when you use a CA file other than the system default. Specify the name of the created ConfigMap in list format. The specified ConfigMap will be mounted in /pgbackrest/storage-certs. | |
spec.fepChildCrVal.restore.mcSpec.limits | cpu: 200m memory: 300Mi | Optional CPU and memory allocated to the container performing the restore. |
spec.fepChildCrVal.restore.mcSpec.requests | cpu: 100m memory: 200Mi | Optional CPU and memory allocated to the container performing the restore. |
spec.fepChildCrVal.restore.restoretype | latest | Optional Restore Type (latest or PITR) |
spec.fepChildCrVal.restore.restoredate | Optional Specify the date to restore when spec.fepChildCrVal.restore.restoretype is "PITR". | |
spec.fepChildCrVal.restore.restoretime | Optional Specify the time to restore when spec.fepChildCrVal.restore.restoretype is "PITR". | |
spec.fepChildCrVal.restore.image | Optional Image of the container to perform the restore. It is omitted by default. In this case, the URL for image is obtained from the operator container environment. | |
spec.fepChildCrVal.restore.imagePullPolicy | IfNotPresent | Optional |