Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch OVN backups to using Swift. #273

Closed
wants to merge 2 commits into from
Closed

Switch OVN backups to using Swift. #273

wants to merge 2 commits into from

Conversation

awfabian-rs
Copy link
Contributor

JIRA:OSPC-432

@awfabian-rs awfabian-rs marked this pull request as draft May 16, 2024 18:23
@awfabian-rs
Copy link
Contributor Author

awfabian-rs commented May 16, 2024
edited
Loading

The OVN pod doesn't have Python or a lot of tools. Perl looked like the best thing available for parsing the JSON to get the object-store URL out of the service catalog.

This switches to using Ceph's Swift API to using keystone and Swift.

I tried this out on my test cluster.

@awfabian-rs awfabian-rs force-pushed the OSPC-432 branch 3 times, most recently from 9b248fc to 056e6eb Compare May 20, 2024 19:43
@awfabian-rs
Move OVN backup stuff to a separate directory.
65adb24 
This helps make it easy to use:

commonLabels:
  app: ovn-backup

to label all of the resources in kustomization.yaml, and the backup
functionality started cluttering up the main directory.

JIRA:OSPC-432
@awfabian-rs awfabian-rs marked this pull request as ready for review May 20, 2024 19:50
@awfabian-rs
Copy link
Contributor Author

awfabian-rs commented May 20, 2024
edited
Loading

Please review and merge or request changes.

The OVN backup stuff started looking a little cluttered, so I put it in a subdirectory. That also helped me use:

commonLabels:
  app: ovn-backup

to label the resources, which let me do something like:

kubectl apply -k /opt/genestack/kustomize/ovn/ovn-backup \
--prune -l app=ovn-backup \
--prune-allowlist=core/v1/Secret \
--prune-allowlist=core/v1/ConfigMap

to apply changes without collecting old generated Secrets and ConfigMaps.

cloudnull
cloudnull suggested changes May 24, 2024
View reviewed changes
Copy link
Contributor

@cloudnull cloudnull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

qq - instead of using a set of scripts can we use the openstack client to upload the our backups?

@awfabian-rs awfabian-rs marked this pull request as draft May 31, 2024 19:28
@awfabian-rs
Copy link
Contributor Author

@cloudnull I mostly did it this way to avoid installing dependencies. From container images generally available, I could get one with the OpenStack command, or one with kubectl-ko to actually do the OVN backup, but not both. So I would need to download and install one or the other, which would put an additional point of failure in the backup process.

So, I see three options:

  1. do it with the scripts like this
  2. install the openstack command when the backup pod runs
  3. make a container image with the tools

3 seems like the cleanest and most logical option, but I don't think we have any really custom-built container images and a location for them set up yet.

Let me know how you think we should proceed here. We might already have a place for our own container images I don't know about yet!

@awfabian-rs
Copy link
Contributor Author

awfabian-rs commented Jun 10, 2024
edited
Loading

aedan, maybe the2hill, showed me this in the standup: https://github.com/rackerlabs/genestack/tree/main/Containerfiles

I think the entire process of getting an image there seems a bit involved for this.

Another option seems like running the OpenStack client in a separate container in the pod, and passing it through the /backup file system.

Also, I think we will ultimately end up wanting to use Swift tempauth for things like this, which I think might end up eliminating a lot of the need for the machinery of parsing a service catalog, since I think it just does authentication, gives you a token, and it doesn't give you a service catalog anyway.

This was referenced Jun 13, 2024
Closed
Merged
@awfabian-rs
Copy link
Contributor Author

closing in favor of #304

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cloudnull cloudnull cloudnull requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@awfabian-rs @cloudnull