Setting up the installation variables
A script is used as part of the installation process for Container Backup Support. Set up the environment and installation variables that are used by the installation script.
- baas-options.sh
- Contains the variables that are used to configure the prerequisites for Container Backup Support. This file is used to replace the sample baas-options.sh file that is provided in the installation package.
- baas-values.yaml
- Contains the values that are used to install Container Backup Support or to update an existing configuration. This file is used to replace the sample baas-values.yaml file that is provided in the installation package.
Information is provided on how to set up the installation variables for installing Container Backup Support in an airgap environment or from the IBM® Helm Charts Repository that is linked to IBM Entitled Registry.
To set up the variables in the baas-options.sh file, see Setting up installation variables in the baas-options.sh file.
To set up the configuration parameters in the baas-values.yaml file, see Setting up installation variables in the baas-values.yaml file.
Setting up installation variables in the baas-options.sh file
Set up the variables in the baas-options.sh file to configure the prerequisites for Container Backup Support. Use this file to replace the sample baas-options.sh file that is provided in the installation package.
mkdir install_vars_dir
cd install_vars_dir
where
install_vars_dir is the name of the directory that you created.Obtain an entitlement key
- Log in to the IBM Container software library with the IBMid and password that are associated with the entitled software.
- Click Get entitlement key.
- In the Access your container software page, click Copy key to copy the generated entitlement key.
- Save the key to a secure location for later use.
Set up the variables in baas-options.sh
export DOCKER_REGISTRY_ADDRESS='your_docker_registry'
export DOCKER_REGISTRY_USERNAME='your_docker_username'
export DOCKER_REGISTRY_PASSWORD='your_docker_password'
export DOCKER_REGISTRY_NAMESPACE='your_docker_registry_namespace'
export SPP_ADMIN_USERNAME='your_protectplus_containers_admin_username'
export SPP_ADMIN_PASSWORD='your_protectplus_containers_admin_password'
export DATAMOVER_USERNAME='create_a_datamover_username'
export DATAMOVER_PASSWORD='create_a_datamover_password'
export PVC_NAMESPACES_TO_PROTECT='ns1 ns2'
export MINIO_USERNAME='create_a_minio_username'
export MINIO_PASSWORD='create_a_minio_password'
export BAAS_VERSION='protectplus_version'
The following table contains the descriptions for the environment variables in the
baas-options.sh file. You must enclose the values with single quotation marks
(''
).
Environment variable | Description |
---|---|
DOCKER_REGISTRY_ADDRESS | The address of the Docker registry in your environment where container images are
loaded. If you are pulling images from the IBM Entitled Registry, you must specify 'cp.icr.io/cp'. The value for DOCKER_REGISTRY_ADDRESS must match the value for the imageRegistry parameter in the baas-values.yaml file. |
DOCKER_REGISTRY_USERNAME | The user account for the Docker registry where container images are loaded. If you are pulling images from the IBM Entitled Registry, you must specify 'cp'. |
DOCKER_REGISTRY_PASSWORD | The user password for the Docker registry where the container images are loaded. To pull images from the IBM Entitled Registry, specify the entitlement key that you obtained from the IBM Container software library. You can avoid putting the password in the file by specifying an environment variable for any of the passwords. For example, ${DOCKERUSER_PW} or ${IBMCLOUD_API_KEY}. |
DOCKER_REGISTRY_NAMESPACE | The namespace of the Docker registry where the container images are loaded. The namespace
does not have to be created ahead of time. To pull images from the IBM Entitled Registry, you must specify 'sppc'. The value for DOCKER_REGISTRY_NAMESPACE must match the value for the imageRegistryNamespace parameter in the baas-values.yaml file. |
SPP_ADMIN_USERNAME | The user ID of the IBM Spectrum® Protect
Plus containers
administrator. The containers administrator is an IBM Spectrum Protect Plus administrator with the Containers Admin role. |
SPP_ADMIN_PASSWORD | The IBM Spectrum Protect
Plus password for the containers
administrator. You can optionally specify an environment variable for the password. For example, ${PROTECTPLUS_ADMIN_PW}. |
DATAMOVER_USERNAME | The user ID to create for use with the data mover. The value does not have to exist already.
It is created for the installation. The data mover username must adhere to the rules for usernames and passwords for Red Hat® Enterprise Linux® (RHEL) 7 operating system. The rules are the same as the ones for creating a new user on RHEL 7. For example, the password and the username must not be the same. |
DATAMOVER_PASSWORD | The user password to create for use with the data mover. The value does not have to exist
already. It is created for the installation. The data mover password must adhere to the rules for
usernames and passwords for RHEL 7. The rules are the same as the ones for creating a new user on
RHEL 7. For example:
|
PVC_NAMESPACES_TO_PROTECT | The list of namespaces that contain the persistent volume claims (PVCs) that you want to
protect. Separate the namespaces with intervening spaces. For example: 'namespace1
namespace2 'Use the PVC_NAMESPACES_TO_PROTECT variable when you plan to pull images from an external Docker registry or repository. To obtain the values for this variable, determine the PVCs that you want to protect by issuing the following command:
Identify the PVCs that you want to protect and specify the unique set of namespaces that are associated with the PVCs. During the installation process, an image pull secret for the registry is created automatically in each namespace that is specified in PVC_NAMESPACES_TO_PROTECT. If you add PVCs in a namespace that is not initially specified by PVC_NAMESPACES_TO_PROTECT, you must manually create the pull secret in the new namespace. To create the image pull secret manually, issue the following commands: For
Kubernetes:
For
OpenShift:
where namepace_for_baas specifies the namespace that Container Backup Support is installed in, and pvc_namespace specifies the namespace for the PVC. |
MINIO_USERNAME | The username to create for the MinIO user. MinIO object storage is used to store backups of cluster and namespace resources. The value does not have to exist already. It is created for the installation. |
MINIO_PASSWORD | The password to create for the MinIO user. The value does not have to exist already. It is created for the installation. |
BAAS_VERSION | The version of IBM Spectrum Protect Plus that you are installing, for example, 10.1.7, 10.1.7.1, or 10.1.7.2. |
Setting up installation variables in the baas-values.yaml file
Set up the variables that are used to install or update Container Backup Support in the baas-values.yaml file. Use this file to replace the sample baas-values.yaml file that is provided in the installation package.
mkdir install_vars_dir
cd install_vars_dir
where
install_vars_dir is the name of the directory that you created.Set up the variables in baas-values.yaml
license: false | true
isOCP: false | true
clusterName: create_a_cluster_name
networkPolicy:
clusterAPIServerips:
- kubernetes_host_ip1
- kubernetes_host_ip2
- kubernetes_host_ip3
clusterAPIServerport: your_cluster_api_port
clusterCIDR: x.x.x.x/y
isServerInstalledOnAnotherCluster: false | true
SPPfqdn: your_protectplus_server_DNS_address
SPPips: your_protectplus_server_ip
SPPport: your_protectplus_server_port
productLoglevel: INFO | WARNING | ERROR | DEBUG
imageRegistry: your_docker_registry
imageRegistryNamespace: your_docker_registry_namespace
minioStorageClass: name_of_storageclass_to_use_with_minio
veleroNamespace: spp-velero
Ensure that the spacing is maintained as specified in the YAML file. Tabs are not allowed.
The following table contains the descriptions and default values for the configuration parameters in the baas-values.yaml file:
Parameter | Description | Default value |
---|---|---|
license | The product license for Container Backup Support. The
English license file is located in the LICENSES/LICENSE-en directory, which is
included in the installation package. Versions of the license in English and other languages are
available in the "IBM Spectrum Protect
Plus Capacity - Version
10.1.7" license agreements at License Information documents. Set the value to true to indicate that you have reviewed and agree to the license agreement. |
false |
isOCP | The type of cluster on which you are installing Container Backup Support. If you are installing the product on an OpenShift cluster, set the value to true. If you are installing the product on a Kubernetes cluster, set the value to false. |
false |
clusterName | The unique cluster name that is used to register the application host to the IBM Spectrum Protect Plus server. The cluster name can be any name of your choice, but it must be unique from the IBM Spectrum Protect Plus server. | None |
clusterAPIServerips | The IP address for the cluster API server. To obtain the cluster API server address, issue
the following command: For Kubernetes:
For OpenShift:
Use all of the provided
addresses listed under the addresses field in the output, or add or remove IP
addresses as needed. Specify multiple addresses as
follows:
|
x.x.x.x |
clusterAPIServerport | The port address for the cluster API server. To obtain the cluster API server port, issue the
following command: For Kubernetes:
For OpenShift:
Use the port number listed in the port field in the output. |
6443 |
clusterCIDR | The Classless Inter-Domain Routing (CIDR) value for the cluster. To obtain the CIDR, issue
the following command: For Kubernetes:
For OpenShift:
Use the displayed IP address as the cluster CIDR address. Tip for Kubernetes: If the
command does not return the CIDR value, change the grep expression to look for
the combination of "cluster" and "CIDR" and run the command again.
|
192.168.0.0/16 |
isServerInstalledOnAnotherCluster | Specifies whether the IBM Spectrum Protect
Plus server is
installed on another OpenShift Cluster. If you are installing the product on a Kubernetes cluster, or if the IBM Spectrum Protect Plus server is installed as a virtual appliance, set the value to false. If you are installing the product on an OpenShift cluster and the IBM Spectrum Protect Plus server is installed on the same cluster, set the value to false. If you are installing the product on an OpenShift cluster and the IBM Spectrum Protect Plus server is installed on a separate OpenShift cluster, set the value to true. Then, refer to SPPips to set the value for the SPPips parameter. |
false |
SPPfqdn | The DNS address for the IBM Spectrum Protect
Plus server.
You can specify an IP address or a fully qualified domain name. If the IBM Spectrum Protect Plus server is installed as a virtual appliance and no DNS server is available, specify the IP address that is used for the SPPips parameter. If the IBM Spectrum Protect
Plus server is
installed in an OpenShift container environment,
retrieve the DNS address by issuing the following
command:
where
spp_server_namespace specifies the namespace in which the IBM Spectrum Protect
Plus server is installed. The DNS address to use is
listed in the HOST/PORT column in the command output. For
example:
|
None |
SPPips | The IBM Spectrum Protect
Plus server IP
address. If the IBM Spectrum Protect Plus server is installed as a virtual appliance, specify an IP address. For installation on an OpenShift cluster and the IBM Spectrum Protect
Plus server
is running on the same cluster: Retrieve the cluster IP address that is associated with the
sppproxy service from the cluster that is hosting the IBM Spectrum Protect
Plus server:
where
spp_server_namespace specifies the namespace in which the IBM Spectrum Protect
Plus server is installed. The IP address to use for
the SPPips parameter is listed in the CLUSTER-IP
column of the command output. For
example:
For
installation on an OpenShift cluster and the IBM Spectrum Protect
Plus server is running on a different OpenShift cluster: Retrieve the IP addresses from the
OpenShift cluster that is hosting the IBM Spectrum Protect
Plus
server:
The
output contains a range of IP addresses of nodes that the IBM Spectrum Protect
Plus server containers can run on. For
example:
For clusters of 254 nodes or less, set SPPips to x.y.z.0, where "x.y.z" represents the first three shared values of the IP addresses (for example, 203.0.113.0). The value is converted to Classless Inter-Domain Routing (CIDR) notation during the installation. For clusters of 255 or more nodes, enter the appropriate CIDR IP address of your cluster without the CIDR block. Then, in the values.yaml file, edit the networkPolicy.otherClusterCIDRBlock field to change the CIDR block from "/24" to an appropriate smaller value. The smaller the CIDR block, the larger the range of IP addresses that are covered. The default CIDR block is "/24", which covers 256 addresses. For more information, see Classless Inter-Domain Routing. |
x.x.x.x |
SPPport | The IBM Spectrum Protect Plus server port. You must set the port number to 443. | 443 |
productLoglevel | The trace levels for troubleshooting issues with the Container Backup Support transaction manager, controller, and scheduler components. The following trace levels are available: INFO, WARNING, DEBUG, and ERROR. | INFO |
imageRegistry | The address of the Docker registry in your environment where the container images are
loaded. If you are pulling images from the IBM Entitled Registry, you must specify cp.icr.io/cp. The value for the imageRegistry parameter must match the value for the DOCKER_REGISTRY_ADDRESS variable in the baas-options.sh file. |
docker-repo-hostname: 5000 |
imageRegistryNamespace | The namespace of the Docker registry where the container images are loaded. The namespace
does not have to be created ahead of time. To pull images from the IBM Entitled Registry, you must specify sppc. The value for the imageRegistryNamespace parameter must match the value for the DOCKER_REGISTRY_NAMESPACE variable in the baas-options.sh file. |
baas |
minioStorageClass | The name of the storage class to use for the MinIO server. The MinIO server is used to store
the backups of cluster and namespace resources. If you do not specify a value for this parameter, the default storage class of your cluster is used. Ensure that a default storage class is defined. Important: To safeguard resource snapshot backups in the case where the BaaS is
uninstalled or has been reinstalled, set the storage class with a Reclaim
Policy with the Retain value specified. Backups that have been
transferred to the vSnap server are not affected. Certain upgrade scenarios may also lead to losing
the minIO PVC content if the Reclaim Policy is not set to
Retain.
|
None |
veleroNamespace | Specify the namespace of the Velero installation that is dedicated to IBM Spectrum Protect
Plus
Container Backup Support, for example,
spp-velero .If you do not specify a value for this parameter, Velero integration is unavailable and you can use Container Backup Support to protect only PVCs. |
None |
Examples of baas-options.sh files
The following table shows examples of the baas-options.sh file for installations in different environments.
Kubernetes installation with a Docker registry in an airgap environment | OpenShift installation with the IBM Entitled Registry |
---|---|
|
|
Examples of baas-values.yaml files
The following table shows examples of the baas-values.yaml file for installations in different environments.
Kubernetes installation with a Docker registry in an airgap environment | OpenShift installation with the IBM Entitled Registry |
---|---|
|
|