OpenShift APIs for Data Protection is an operator provided by Red Hat. It facilitates backup, recovery, and migration of applications, data, and Kubernetes resources in Red Hat OpenShift clusters. OpenShift APIs for Data Protection leverages Velero, an open source Kubernetes backup tool, and integrates it with cloud and storage providers to provide comprehensive data protection for Red Hat OpenShift Container Platform workloads.
In a few scenarios, when backing up a virtual machine (VM), you need pre-migration hooks inside the virtual machine to:
- Minimize the virtual machine size, save backup storage space, and purge unnecessary files such as log files.
- Get Postgres consistent point-in-time snapshot for KVM.
- Flush file system buffers.
- Trigger custom application scripts.
The classic OpenShift APIs for Data Protection hook solution (creating backup hooks) will not work for the guest VM since it can only run hooks inside a pod, but it does not have the permissions or configuration to log into the Kvirt guest VM to run the hook. This article describes how to execute operations before doing a VM backup with OpenShift APIs for Data Protection.
VM pre-freeze hooks during backup
It is possible to execute one or more scripts before the VM freezes. Failure or blocking of the script execution will not prevent the backup from being performed. Hence, scripts cannot be a condition to the backup.
How to add your scripts
The scripts will be automatically executed when located inside the virtual machine under /etc/qemu-ga/fsfreeze-hook.d.
The hook script logs will be written to /var/log/qga-fsfreeze-hook.log.
For example, say you need to purge files before VM backup. To do this, you will need to create hooks that run before the VM backup and perform the purge script to minimize the VM size before the backup.
The following steps will help you achieve this:
Log in to the VM.
The folder
/etc/qemu-gacontains:- Master script
fsfreeze-hookthat will trigger before VM freeze and will trigger scripts insidefsfreeze-hook.d. - A folder
fsfreeze-hook.dthat creates scripts and places them in this folder to run before freeze.
- Master script
- Add the following script
purge.shto delete the log files:
#!/bin/bash
# Path to the folder that contains the log files
DIR="root/my-app/logs"
if [ -d "$DIR" ];
then
rm -rf “$DIR”/*
fi- Ensure the created scripts are executable via
chmod +x purge.sh. - Ensure that the deleted files have write permissions for Linux and SELinux (see guidelines for SELinux below).
Important points
This documentation provides instructions on creating the VM backup with OADP. Likewise, these describe how to restore a VM with OADP.
Note that these permission rules on files need to exist:
- The script runs as Linux root user permissions.
- If SELinux is enabled, follow the rules to allow the script to perform activities on the files. Refer to this blog for more information.
- First, run
ausearchto generate SELinux denial module. - Run
semoduleto apply the policy (see how in this blog which contains examples). - To check the SELinux permissions:
- For the target file, use
ls -Zto see the SELinux user/role. - To understand the script's permissions, use
echo $(id -Z) >> logfile.logto print the permissions.
- For the target file, use
