Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 1. Virtualization

Manage OpenShift Virtualization virtual machine resources across all the clusters that Red Hat Advanced Cluster Management manages.

To view VirtualMachine resources across all the clusters that Red Hat Advanced Cluster Management for Kubernetes manages, use the Search service to list and filter the VirtualMachine resources created with the Red Hat OpenShift Virtualization. You can also enable the following actions from the Red Hat Advanced Cluster Management console on your VirtualMachine resources:

  • Start
  • Stop
  • Restart
  • Pause
  • Unpause

Required access: Cluster administrator

1.1.1. Prerequisites
Copy link

Confirm that the ManagedServiceAccount add-on is enabled. See ManagedServiceAccount add-on.

You can enable the virtual machine actions for Red Hat Advanced Cluster Management by adding the virtual-machine-preview=true annotation to the search operator. Run the following command to add the annotation: 

oc annotate search search-v2-operator -n open-cluster-management virtual-machine-preview='true'
Copy to Clipboard Toggle word wrap

You can verify that virtual machine actions for Red Hat Advanced Cluster Management are enabled by checking the search operator status: 

status:
  conditions:
    - lastTransitionTime: '2024-12-09T20:14:18Z'
      message: Virtual machine actions are enabled.
      reason: None
      status: 'True'
      type: VirtualMachineActionsReady
Copy to Clipboard Toggle word wrap

1.1.3. Disabling virtual machine actions
Copy link

To disable virtual machine actions for Red Hat Advanced Cluster Management, remove the virtual-machine-preview annotation by running the following command: 

oc annotate search search-v2-operator -n open-cluster-management virtual-machine-preview-
Copy to Clipboard Toggle word wrap

The virtual machine actions are disabled for Red Hat Advanced Cluster Management.

If you have the Observability service installed on your hub cluster, you can access the Observability fields on the Red Hat Advanced Cluster Management console to view your virtual machine metrics.

Access the Observability fields by completing the following steps:

  1. On the Red Hat Advanced Cluster Management console, go to the Virtual Machine page.

  2. Select the Observability dashboards link to launch the Grafana dashboard.

    1. Optional: Select the Observability metrics link in the Launch links table cell to launch the Grafana dashboard,
  3. From the Grafana dashboard, view the virtual machines and their individual metrics.

Use the Red Hat Advanced Cluster Management backup and restore component to install Red Hat Advanced Cluster Management policies that can be used to backup and restore the OpenShift Virtualization resources. With these policies, you can backup and restore virtual machines by using OpenShift APIS for Data Protection (OADP). After you back up the virtual machines, you can run and restore it on the hub cluster or managed clusters.

These Red Hat Advanced Cluster Management policies for OpenShift Virtualization support the following backup and restore storage options:

  • Container Storage Interface (CSI) backups
  • Container Storage Interface (CSI) backups with DataMover

They do not support the following options:

  • File system backup and restore
  • Volume snapshot backups and restores

To configure the policies, and either enable a backup schedule or run a restore operation for a virtual machine, complete the following sections:

1.3.1. Backing up and restoring a virtual machine
Copy link

You can back up virtual machines that run on a cluster or restore a virtual machine on a cluster by completing the following steps:

  1. Enable the backup component on the hub cluster by setting the cluster-backup parameter in MultiClusterHub to true.

  2. To place the policies on the cluster-name cluster, add the acm-virt-config label to the ManagedCluster resource by using the following YAML sample: 

    apiVersion: cluster.open-cluster-management.io/v1
kind: ManagedCluster
metadata:
 name: cluster-name
 labels:
   acm-virt-config: acm-dr-virt-config
    1
    Copy to Clipboard Toggle word wrap
    1
    The acm-dr-virt-config that passes through the label annotation, is a acm-virt-config ConfigMap. Read the acm-dr-virt-config ConfigMap section to understand how to configure OADP and backup storage location.

  3. Complete the following steps, depending on whether you want to backup or restore your virtual machine:

    1. Back up your virtual machine by adding the cluster.open-cluster-management.io/backup-vm to the kubevirt.io.VirtualMachine resource. Your kubevirt.io.VirtualMachine resource might resemble the following YAML sample: 
    apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: vm-name
  labels:
    cluster.open-cluster-management.io/backup-vm: daily_8am
    Copy to Clipboard Toggle word wrap
    1. Restore your virtual machine by updating the acm-dr-restore-config ConfigMap as described in the acm-dr-virt-restore-config section.

When you enable the backup operator, a set of Red Hat Advanced Cluster Management policies and ConfigMaps, get installed on the hub cluster. When you disable the policy or remove it from the cluster, all the resources the policy created gets removed. To learn more about the different types of policies available to you, complete the following sections:

1.3.2.1. Installation policy
Copy link

The acm-dr-virt-install installation policy installs OADP and configures the oadp.openshift.io.DataProtectionApplication resource on the cluster where this policy is placed. If the cluster is a hub cluster, it verifies that OADP is installed in the open-cluster-management-backup namespace and that the DataProtectionApplication resource exists and has the required configuration. The policy does not attempt to install OADP or create the DataProtectionApplication resource on the hub cluster.

When you enable the cluster-backup option on the MultiClusterHub resource, the backup chart installs the OADP. When you enable the cluster-backup-option, you create the DataProtectionApplication on the hub cluster.

See the following installation policy templates and descriptions:

  1. Installation policy templates
Expand

Template

Description

check-config-file

Verifies that the ConfigMap defined by the acm-virt-config label set on the ManagedCluster resource exists on the hub, in the open-cluster-management-backup namespace.

check-oadp-channel

Verifies if there is an OADP version installed on the cluster, and that it matches the version installed by the policy.

check-dpa-config

Verifies that the DataProtectionApplication resource exists, has the expected configuration, and has a status of Reconciled. Verifies that the BackupStorageLocation exists and has a status phase Available.

install-oadp-copy-config

Creates the namespace where OADP gets installed, if this namespace is not found. Copies the OADP secret and installs OADP, but only for managed clusters. Creates the DataProtectionApplication resource as defined by the acm-virt-config label, but only for the managed clusters. The user must manually create the OADP and DataPotectionApplication on the hub cluster.

1.3.2.2. Backup policy
Copy link

The acm-dr-virt-backup backup policy backs up the kubevirt.io.VirtualMachine resources that has the label, cluster.open-cluster-management.io/backup-vm: schedule_cron_name.

See the following backup policy templates and descriptions:

  1. Backup policy templates
Expand

Template

Description

check-cron-schedule-valid

Shows a violation error if there is any cron schedule name used by a virtual machine cluster.open-cluster-management.io/backup-vm label which is not found in the ConfigMap for the cron schedules. The name of the ConfigMap for the cron schedules is defined by the schedule_hub_config_name property and should be available under the open-cluster-management-backup namespace.

check-backup-status-completed

If the schedule is not paused, it verifies that the status is Enabled. Finds the latest backup generated by this schedule and verifies that the status is Completed. If any DataUpload has been created for this backup, the status is Completed. Shows a violation if any of these conditions are not True.

create-virt-backup

Creates velero schedules for all virtual machine resources with a cluster.open-cluster-management.io/backup-vm label. Creates one schedule for each cron job schedule found with the virtual machines label. Backs up the virtual machine sharing the same cron job schedule under the same backup. Creates the velero schedule resource only if the acm-dr-virt-install policy is compliant.

1.3.2.3. Restore policy
Copy link

The acm-dr-virt-restore restore policy restores the kubevirt.io.VirtualMachine resources by UID. The policy creates velero restore resources on clusters using the information from the ConfigMap identified by the restore_hub_config_name property from the acm-dr-virt-config ConfigMap.

See the following restore policy templates and descriptions:

  1. Restore policy templates
Expand

Template

Description

check-velero-restore-status

Verifies that the restore resource with the name defined by the clusterID_restoreName property exists and has a status of Completed.

create-velero-restore

If the clusterID_restoreName property value is not empty, and the clusterID matches this cluster UID, it creates a velero restore resources using the properties defined with the ConfigMap identified by the restore_hub_config_name . Creates the velero restore resource only if the acm-dr-virt-install policy is compliant.

1.3.3. Defining policies with ConfigMaps
Copy link

When you install the policies on the hub cluster, the following ConfigMaps are created on the hub cluster, in the open-cluster-management-backup namespace. When you place the virtualization policies on the hub or managed cluster, these ConfigMaps define the backup and restore configuration for the virtualization policies.

1.3.3.1. Defining the acm-dr-virt-config ConfigMap
Copy link

The acm-dr-virt-config ConfigMap defines the OADP configuration and other settings related to the backup or restore operation. You can use the name of this resource as the value for the acm-virt-config label which is set on the ManagedCluter where the policies are placed. You can also create a new ConfigMap that uses the acm-dr-virt-config as a sample, then use this new ConfigMap to place the virtualization policies on the cluster.

To place the virtualization policies on a managed cluster or hub cluster, complete the following steps:

  1. Use the acm-dr-virt-config or create a new ConfigMap on the hub cluster in the open-cluster-management-backup namespace, by using the acm-dr-virt-config ConfigMap as an example. For this example, the name is ConfigMap acm-dr-virt-config-new.

    1. Update the dpa_spec section to match the storage location where you want to store the backups created by OADP. This is a required update.
    2. Optional: Update other properties available with the acm-dr-virt-config-new ConfigMap, such as OADP version or channel.
  2. Add the acm-virt-config=acm-dr-virt-config-new label to the ManagedCluster resource. The value of the acm-virt-config label is the name of the ConfigMap that you created.

For an example of a ManagedCluster resource with a virtualization backup label set to use the acm-dr-virt-config-new ConfigMap, see the following YAML sample: 

apiVersion: cluster.open-cluster-management.io/v1
kind: ManagedCluster
metadata:
 name: managed-cluster-name
 labels:
   acm-virt-config: acm-dr-virt-config-new
Copy to Clipboard Toggle word wrap

To learn more, see the following tables:

  1. ConfigMap properties for the acm-dr-virt-install policy
Expand

Name

Description

Type

Default value

Optional

channel

The channel defaults to the supported OADP version, which is based on the version of the OpenShift Container Platform cluster. Use this property to overwrite the default value.

String

None

Yes

channelName

OADP channel name. Set this property for custom installation, for example: offline install.

String

redhat-oadp-operator

Yes

subscriptionSource

OADP subscription. Set this property for custom installation, for example: offline install.

String

redhat-operators

Yes

subscriptionSourceNamespace

OADP subscription source. Set this property for custom installation, for example: offline install.

String

openshift-marketplace

Yes

subscriptionStartingCSV

OADP subscription startingCSV.

String

None

Yes

subscriptionInstallPlanApproval

OADP install plan.

String

Automatic

Yes

backupNS

Namespace where OADP gets installed on the managed cluster.

String

None

No

credentials_hub_secret_name

Name of the OADP secret to be used on the managed cluster. A Secret with this name must exist on the hub cluster in the open-cluster-management-backup namespace. The install policy moves this secret to the hub cluster, under the specified backupNS namespace.

String

None

No

credentials_name

Name of the secret used by the OADP DataProtectionApplication resource on the managed cluster, when setting the velero credential name.

JSON

None

No

dpa_name

Name of the DataProtectionApplication resource that gets created on the managed cluster.

String

None

No

dpa_spec

Valid JSON defining the DataProtectionApplication spec when created on the managed cluster.

JSON

None

No

  1. ConfigMap properties for the acm-dr-virt-backup policy
Expand

Name

Description

Type

Default value

Optional

scheduleTTL

Backup expiration time.

String

24h0m0s

Yes

schedule_paused

Set to True to pause the virtualization backup schedule.

String

False

Yes

schedule_hub_config_name

Name of the ConfigMap used to define the valid cron jobs schedules. A ConfigMap with this name must exist on the hub cluster in the open-cluster-management-backup namespace.

String

None

Yes

  1. ConfigMap properties for the acm-dr-virt-restore policy
Expand

Name

Description

Type

Default value

Optional

restore_hub_config_name

Name of the ConfigMap used to define the restore operation. A ConfigMap with this name must exist on the hub cluster in the open-cluster-management-backup namespace

String

None

No

Use the acm-dr-virt-schedule-cron ConfigMap to define the valid cron job schedules to be used when scheduling a virtual machine backup. The acm-dr-virt-schedule-cron ConfigMap is created by the hub cluster backup component in the open-cluster-management-backup namespace and includes the following YAML: 

apiVersion: v1
kind: ConfigMap
    metadata:
        name: acm-dr-virt-schedule-cron
        namespace: open-cluster-management-backup
    data:
        hourly: "0 */1 * * *"
        every_2_hours: "0 */2 * * *"
        every_3_hours: "0 */3 * * *"
        every_4_hours: "0 */4 * * *"
        every_5_hours: "0 */5 * * *"
        every_6_hours: "0 */6 * * *"
        twice_a_day: "0 */12 * * *"
        daily_8am: "0 8 * * *"
        every_sunday: "0 0 * * 0"
Copy to Clipboard Toggle word wrap

You can use any of the schedules by the acm-dr-virt-schedule-cron ConfigMap to set the backup schedule for a kubevirt.io.VirtualMachine. For example, if you want to backup a virtual machine every day at 8am, add the following label to the virtual machine resource: 

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: vm-name
  labels:
    cluster.open-cluster-management.io/backup-vm: daily_8am
Copy to Clipboard Toggle word wrap

Since this acm-dr-virt-schedule-cron ConfigMap was created and is managed by the hub cluster backup component, you cannot change any of the existing cron properties or delete them. The properties are recreated when the content is reconciled. You can only add new properties to the existing ones. For example, if you want to create a cron job to run every Saturday, add the following label to the existing acm-dr-virt-schedule-cron properties: every_sunday: "0 0 * * SAT".

Use the acm-dr-virt-restore-config ConfigMap to define the restore operations to be implmented by the acm-dr-virt-restore policy. The ConfigMap is created by the hub backup component in the open-cluster-management-backup namespace.

For an example of a complete restore operation, see the following YAML sample: 

kind: ConfigMap
apiVersion: v1
metadata:
 name: acm-dr-virt-restore-config
 namespace: open-cluster-management-backup
data:
 2a054d24-3235-4249-9c81-f58ebc6110c7_backupName: acm-rho-virt-schedule-every-10-hours-20250120230438
1 

 2a054d24-3235-4249-9c81-f58ebc6110c7_restoreName: restore-20250120230438
2 

 2a054d24-3235-4249-9c81-f58ebc6110c7_vmsUID: 2a054d24-3235-4249-9c81-f58ebc6110c7
3
Copy to Clipboard Toggle word wrap
1
2a054d24-3235-4249-9c81-f58ebc6110c7 is the clusterId where the restore must be completed. acm-rho-virt-schedule-every-10-hours-20250120230438 is the name of the backup to be used for the restore operation.
2
restore-20250120230438 is the name of the restore resource created as a result of this restore operation.
3
2a054d24-3235-4249-9c81-f58ebc6110c7 is the UID of the VM backed up with the acm-rho-virt-schedule-every-10-hours-20250120230438 backup to be restored.

When you install virtualization policies for your restore operations, consider the following scenarios:

  • If you set the clusterID_restoreName property from the acm-dr-virt-restore-config ConfigMap to an empty value, then the restore resource created by the acm-dr-virt-restore policy on the cluster with clusterID gets deleted.
  • If you set the clusterID_restoreName property from the acm-dr-virt-restore-config ConfigMap to a non-empty value, then the acm-dr-virt-restore policy creates a velero Restore resource . This velero restore resource has a name that matches the clusterID_restoreName value. If the restore resource with this name is deleted from the restore cluster, the acm-dr-virt-restore policy recreates the resource which results in the restore operation running again.

  • Consider the following actions:

    • Do not delete the restore resource if you do not want to run the restore again.
    • Set the clusterID_restoreName to empty on the acm-dr-virt-restore-config ConfigMap as soon as the restore operation gets verified to be completed successfully. Doing this prevents you from having to rerun the restore operation if the acm-dr-virt-restore policy is disabled and enabled again. When the acm-dr-virt-restore policy is disabled, all resources created by it on the restore cluster get cleaned up and recreated when the policy is enabled again.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat