Role - backup_and_restore

Role Documentation

Welcome to the “backup_and_restore” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “backup_and_restore” role.

# All variables intended for modification should be placed in this file.
tripleo_backup_and_restore_hide_sensitive_logs: '{{ hide_sensitive_logs | default(true)
  }}'
tripleo_backup_and_restore_debug: '{{ ((ansible_verbosity | int) >= 2) | bool }}'

# Set the container command line entry-point
tripleo_container_cli: "{{ container_cli | default('podman') }}"
# Stop and start all running services before backup is ran.
tripleo_backup_and_restore_service_manager: true

# If this is false, backup of the overcloud is taken by stopping it completely. Enable it to do a
# backup stopping only one node at a time, maintaining the controller active during the backup duration.
tripleo_backup_and_restore_enable_snapshots: true

# Set the name of the mysql container
tripleo_backup_and_restore_mysql_container: mysql

# Default name for the Undercloud mysql DB backup file
tripleo_backup_and_restore_mysql_backup_file: openstack-backup-mysql.sql

# Default name for the Undercloud mysql DB grants file
tripleo_backup_and_restore_mysql_grants_file: openstack-backup-mysql-grants.sql

# All variables within this role should have a prefix of "tripleo_backup_and_restore"
# By default this should be the Undercloud node
tripleo_backup_and_restore_server: 192.168.24.1
tripleo_backup_and_restore_shared_storage_folder: /ctl_plane_backups
tripleo_backup_and_restore_shared_storage_subfolders: []
tripleo_backup_and_restore_clients_nets: [192.168.24.0/24, 10.0.0.0/24, 172.16.0.0/24]
tripleo_backup_and_restore_rear_simulate: false
tripleo_backup_and_restore_using_uefi_bootloader: 0
tripleo_backup_and_restore_exclude_paths_common: [/data/*, /tmp/*, '{{ tripleo_backup_and_restore_shared_storage_folder
    }}/*']
tripleo_backup_and_restore_exclude_paths_controller_non_bootstrapnode: false
tripleo_backup_and_restore_exclude_paths_controller: [/var/lib/mysql/*]
tripleo_backup_and_restore_exclude_paths_compute: [/var/lib/nova/instances/*]
tripleo_backup_and_restore_hiera_config_file: /etc/puppet/hiera.yaml

# This var is a dictionary of the configuration of the /etc/rear/local.conf
# The key:value will be interpreted as key=value on the configuration file.
# To set that the value is a string, it needs to be single quoted followed by
# double quoted as it will be interpreted by BASH.
tripleo_backup_and_restore_local_config:
  ISO_DEFAULT: '"automatic"'
  OUTPUT: ISO
  BACKUP: NETFS
  BACKUP_PROG_COMPRESS_OPTIONS: ( --gzip)
  BACKUP_PROG_COMPRESS_SUFFIX: '".gz"'
  OUTPUT_URL: '{{ tripleo_backup_and_restore_output_url }}'
  ISO_PREFIX: '{{ tripleo_backup_and_restore_hostname.stdout }}'
  BACKUP_URL: '{{ tripleo_backup_and_restore_backup_url }}'

# This var is used to define the commands to be run for preparing the network
# during the restoration phase. Because ReaR does not support ovs, it is required
# to setup the network for connecting to the backup node.
# This is configured on /etc/rear/local.conf
# as an example
# ('ip l a br-ex type bridge' 'ip l s ens3 up' 'ip l s br-ex up' 'ip l s ens3 master br-ex' 'dhclient br-ex')
tripleo_backup_and_restore_network_preparation_commands: ()

# This var is a dictionary of the configuration of the /etc/rear/rescue.conf
# The key:value will be interpreted as key=value on the configuration file.
# To set that the value is a string, it needs to be single quoted followed by
# double quoted as it will be interpreted by BASH.
tripleo_backup_and_restore_rescue_config: {}

tripleo_backup_and_restore_output_url: nfs://{{ tripleo_backup_and_restore_server
  }}/ctl_plane_backups
tripleo_backup_and_restore_backup_url: nfs://{{ tripleo_backup_and_restore_server
  }}/ctl_plane_backups

# Ceph authentication backup file
tripleo_backup_and_restore_ceph_auth_file: ceph_auth_export.bak

# Ceph backup file
tripleo_backup_and_restore_ceph_backup_file: /var/lib/ceph.tar.gz

# Ceph directory to back up
tripleo_backup_and_restore_ceph_path: /var/lib/ceph

# If there is a firewalld active, setup the zone where the NFS server ports need to be opened
tripleo_backup_and_restore_firewalld_zone: libvirt

# The ReaR rpm installs a cronjob at 1:30 each day by default. This variable deactivate that behaviour.
tripleo_backup_and_restore_remove_default_cronjob: true

# Skip the ping test to the server on rear setup
tripleo_backup_and_restore_skip_server_test: false

# How many seconds do we want to wait fir pcs cluster stop to finish
tripleo_backup_and_restore_pcs_timeout: 3600

# Date argument to get the string of the backup
tripleo_backup_and_restore_date_argument: '%Y%m%d%H%M'

# Enable historical backups
tripleo_backup_and_restore_historical: true

# Cron programming, by default, run cron weekly at midnight on Sundays
tripleo_backup_and_restore_cron: 0 0 * * 0

# The user that will run the backup command. If empty, root will run the backup command
tripleo_backup_and_restore_cron_user: stack

# Any extra parameters that will be added to the backup command when it is executed by cron
tripleo_backup_and_restore_cron_extra: ''

# The role which handles the ceph on the controllers
tripleo_backup_and_restore_ceph_mon_role: ceph_mon

# The cephadm path
tripleo_backup_and_restore_cephadm_path: /usr/sbin/cephadm

# The partition (/dev/whatever) that contain the /boot and /boot/efi contents
# but that are not mounted. These variables should only contain the last part
# of the partition (the whatever), i.e: sda2, sda1, vda2, sdb3, sdc1...
tripleo_backup_and_restore_boot_mount: replaceme
tripleo_backup_and_restore_boot_efi_mount: replaceme

# The name of the node to restore
tripleo_backup_and_restore_overcloud_restore_name: undercloud

# Ironic images path
tripleo_backup_and_restore_ironic_images_path: /var/lib/ironic/images

# Restore retries
tripleo_backup_and_restore_restore_retries: 300

# Restore delay
tripleo_backup_and_restore_restore_delay: 10

# Ironic ubdirectory where the kernel and initrd are uploaded
backup_and_restore_history_path: ''

Role Variables: redhat.yml

# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.

# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('-', '_') }}"

tripleo_backup_and_restore_rear_packages:
- rear
- syslinux
- genisoimage
- nfs-utils
- lftp
tripleo_backup_and_restore_nfs_packages:
- nfs-utils
tripleo_backup_and_restore_uefi_packages:
- dosfstools
- efibootmgr
- grub2-efi-x64-modules

Molecule Scenarios

Molecule is being used to test the “backup_and_restore” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Driver: delegated
Molecule Options
managed: false
login_cmd_template: >-
  ssh
  -o UserKnownHostsFile=/dev/null
  -o StrictHostKeyChecking=no
  -o Compression=no
  -o TCPKeepAlive=yes
  -o VerifyHostKeyDNS=no
  -o ForwardX11=no
  -o ForwardAgent=no
  {instance}
ansible_connection_options:
  ansible_connection: ssh
Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example default playbook
- name: Converge
  become: true
  hosts: all
  roles:
  - role: backup_and_restore
    tripleo_backup_and_restore_server: localhost
    tripleo_backup_and_restore_rear_simulate: true
    tripleo_backup_and_restore_hiera_config_file: '{{ ansible_user_dir }}/hiera.yaml'

Usage

This Ansible role allows to do the following tasks:

  1. Install an NFS server.

  2. Install ReaR.

  3. Perform a ReaR backup.

This example is meant to describe a very simple use case in which the user needs to create a set of recovery images from the control plane nodes.

First, the user needs to have access to the environment Ansible inventory.

We will use the tripleo-ansible-inventory command to generate the inventory file.

tripleo-ansible-inventory \
  --ansible_ssh_user heat-admin \
  --static-yaml-inventory ~/tripleo-inventory.yaml

In this particular case, we don’t have an additional NFS server to store the backups from the control plane nodes, so, we will install the NFS server in the Undercloud node (but any other node can be used as the NFS storage backend).

First, we need to create an Ansible playbook to specify that we will install the NFS server in the Undercloud node.

cat <<'EOF' > ~/bar_nfs_setup.yaml
# Playbook
# We will setup the NFS node in the Undercloud node
# (we don't have any other place at the moment to do this)
- become: true
  hosts: undercloud
  name: Setup NFS server for ReaR
  roles:
  - role: backup_and_restore
EOF

Then, we will create another playbook to determine the location in which we will like to install ReaR.

cat <<'EOF' > ~/bar_rear_setup.yaml
# Playbook
# We install and configure ReaR in the control plane nodes
# As they are the only nodes we will like to backup now.
- become: true
  hosts: Controller
  name: Install ReaR
  roles:
  - role: backup_and_restore
EOF

Now we create the playbook to create the actual backup.

cat <<'EOF' > ~/bar_rear_create_restore_images.yaml
# Playbook
# We run ReaR in the control plane nodes.
- become: true
  hosts: ceph_mon
  name: Backup ceph authentication
  tasks:
    - name: Backup ceph authentication role
      include_role:
        name: backup_and_restore
        tasks_from: ceph_authentication
      tags:
      -  bar_create_recover_image

- become: true
  hosts: Controller
  name: Create the recovery images for the control plane
  roles:
  - role: backup_and_restore
EOF

The last step is to run the previously create playbooks filtering by the corresponding tag.

First, we configure the NFS server.

# Configure NFS server in the Undercloud node
ansible-playbook \
    -v -i ~/tripleo-inventory.yaml \
    --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \
    --become \
    --become-user root \
    --tags bar_setup_nfs_server \
    ~/bar_nfs_setup.yaml

Then, we install ReaR in the desired nodes.

# Configure ReaR in the control plane
ansible-playbook \
    -v -i ~/tripleo-inventory.yaml \
    --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \
    --become \
    --become-user root \
    --tags bar_setup_rear \
    ~/bar_rear_setup.yaml

Lastly, we execute the actual backup step. With or without ceph.

# Create recovery images of the control plane
ansible-playbook \
    -v -i ~/tripleo-inventory.yaml \
    --extra="ansible_ssh_common_args='-o StrictHostKeyChecking=no'" \
    --become \
    --become-user root \
    --tags bar_create_recover_image \
    ~/bar_rear_create_restore_images.yaml