Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Backing up the undercloud and the control plane nodes by using the Relax-and-Recover tool

You must back up your undercloud node and your control plane nodes when you upgrade or update your Red Hat Openstack Platform (RHOSP). You can backup your undercloud node and your control plane nodes using the Relax-and-Recover (ReaR) tool. To back up and restore your undercloud and your control plane nodes using the ReaR tool, you must complete the following procedures:

  1. Backing up the undercloud node
  2. Backing up the control plane nodes
  3. Restoring the undercloud and control plane nodes

To back up the undercloud node, you configure the backup node, install the Relax-and-Recover tool on the undercloud node, and then create the backup image. You can create backups as a part of your regular environment maintenance.

In addition, you must back up the undercloud node before performing updates or upgrades. You can use the backups to restore the undercloud node to its previous state if an error occurs during an update or upgrade.

2.1.1. Supported backup formats and protocols
Copy link

The undercloud and backup and restore process uses the open-source tool Relax-and-Recover (ReaR) to create and restore bootable backup images. ReaR is written in Bash and supports multiple image formats and multiple transport protocols.

The following list shows the backup formats and protocols that Red Hat OpenStack Platform supports when you use ReaR to back up and restore the undercloud and control plane.

Bootable media formats
  • ISO
File transport protocols
  • SFTP
  • NFS

2.1.2. Configuring the backup storage location
Copy link

Before you create a backup of the control plane nodes, configure the backup storage location in the bar-vars.yaml environment file. This file stores the key-value parameters that you want to pass to the backup execution.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Create the bar-vars.yaml file: 

    touch /home/stack/bar-vars.yaml
    Copy to Clipboard Toggle word wrap

  4. In the bar-vars.yaml file, configure the backup storage location:

    1. If you use an NFS server, add the following parameters and set the values of the IP address of your NFS server and backup storage folder: 

      tripleo_backup_and_restore_server: <ip_address>
tripleo_backup_and_restore_shared_storage_folder: <backup_dir>
      Copy to Clipboard Toggle word wrap
      • Replace <ip_address> and <backup_dir> with the values that apply to your environment. By default, the tripleo_backup_and_restore_server parameter value is 192.168.24.1.

    2. If you use an SFTP server, add the tripleo_backup_and_restore_output_url parameter and set the values of the URL and credentials of the SFTP server: 

      tripleo_backup_and_restore_output_url: sftp://<user>:<password>@<backup_node>/
tripleo_backup_and_restore_backup_url: iso:///backup/
      Copy to Clipboard Toggle word wrap

      Replace <user>, <password>, and <backup_node> with the backup node URL and credentials.

2.1.3. Optional: Configuring backup encryption
Copy link

You can encrypt backups as an additional security measure to protect sensitive data.

Procedure

  • In the bar-vars.yaml file, add the following parameters: 

    tripleo_backup_and_restore_crypt_backup_enabled: true
tripleo_backup_and_restore_crypt_backup_password: <password>
    Copy to Clipboard Toggle word wrap

    Replace <password> with the password you want to use to encrypt the backup.

You can install and configure a new NFS server to store the backup file. To install and configure an NFS server on the backup node, create an inventory file, create an SSH key, and run the openstack undercloud backup command with the NFS server options.

Important
  • If you previously installed and configured an NFS or SFTP server, you do not need to complete this procedure. You enter the server information when you set up ReaR on the node that you want to back up.
  • By default, the Relax and Recover (ReaR) IP address parameter for the NFS server is 192.168.24.1. You must add the parameter tripleo_backup_and_restore_server to set the IP address value that matches your environment.

Procedure

  1. On the undercloud node, source the undercloud credentials: 

    [stack@undercloud-0 ~]$ source stackrc
(undercloud) [stack@undercloud ~]$
    Copy to Clipboard Toggle word wrap

  2. On the undercloud node, create an inventory file for the backup node: 

    (undercloud) [stack@undercloud ~]$ cat <<'EOF'> ~/nfs-inventory.yaml
[BackupNode]
<backup_node> ansible_host=<ip_address> ansible_user=<user>
EOF
    Copy to Clipboard Toggle word wrap

    Replace <backup_node>, <ip_address>, and <user> with the values that apply to your environment.

  3. Copy the public SSH key from the undercloud node to the backup node. 

    (undercloud) [stack@undercloud ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub <backup_node>
    Copy to Clipboard Toggle word wrap

    Replace <backup_node> with the path and name of the backup node.

  4. Configure the NFS server on the backup node: 

    (undercloud) [stack@undercloud ~]$ openstack undercloud backup --setup-nfs --extra-vars /home/stack/bar-vars.yaml --inventory /home/stack/nfs-inventory.yaml
    Copy to Clipboard Toggle word wrap

2.1.5. Installing ReaR on the undercloud node
Copy link

Before you create a backup of the undercloud node, install and configure Relax and Recover (ReaR) on the undercloud.

Prerequisites

Procedure

  1. On the undercloud node, source the undercloud credentials: 

    [stack@undercloud-0 ~]$ source stackrc
    Copy to Clipboard Toggle word wrap

  2. If you have not done so before, extract the static ansible inventory file from the location in which it was saved during installation: 

    (undercloud) [stack@undercloud ~]$ cp ~/overcloud-deploy/<stack>/tripleo-ansible-inventory.yaml ~/tripleo-inventory.yaml
    Copy to Clipboard Toggle word wrap
    • Replace <stack> with the name of your stack. By default, the name of the stack is overcloud.

  3. Install ReaR on the undercloud node: 

    (undercloud) [stack@undercloud ~]$ openstack undercloud backup --setup-rear --extra-vars /home/stack/bar-vars.yaml --inventory /home/stack/tripleo-inventory.yaml
    Copy to Clipboard Toggle word wrap

  4. If your system uses the UEFI boot loader, perform the following steps on the undercloud node:

    1. Install the following tools: 

      $ sudo dnf install dosfstools efibootmgr
      Copy to Clipboard Toggle word wrap
    2. Enable UEFI backup in the ReaR configuration file located in /etc/rear/local.conf by replacing the USING_UEFI_BOOTLOADER parameter value 0 with the value 1 and adding UEFI_BOOTLOADER=/boot/efi/EFI/redhat/shimx64.efi.

You can include standalone undercloud database backups in your routine backup schedule to provide additional data security. A full backup of an undercloud node includes a database backup of the undercloud node. But if a full undercloud restoration fails, you might lose access to the database portion of the full undercloud backup. In this case, you can recover the database from a standalone undercloud database backup.

You can create a standalone undercloud database backup in conjunction with the ReaR tool and the Snapshot and Revert tool. However, it is recommended that you back up the entire undercloud. For more information about creating a backup of the undercloud node, see Creating a backup of the undercloud node.

Procedure

  • Create a database backup of the undercloud nodes: 

    openstack undercloud backup --db-only
    Copy to Clipboard Toggle word wrap

    The db backup file is stored in /home/stack with the name openstack-backup-mysql-<timestamp>.sql.

If you use an Open vSwitch (OVS) bridge in your environment, you must manually configure the OVS interfaces before you create a backup of the undercloud or control plane nodes. The restoration process uses this information to restore the network interfaces.

Procedure

  • In the /etc/rear/local.conf file, add the NETWORKING_PREPARATION_COMMANDS parameter in the following format: 

    NETWORKING_PREPARATION_COMMANDS=('<command_1>' '<command_2>' ...')
    Copy to Clipboard Toggle word wrap

  • Replace <command_1> and <command_2> with commands that configure the network interfaces. For example, you can add the ip link add br-ctlplane type bridge command to create the control plane bridge or add the ip link set eth0 up command to change the state of eth0 to up. You can add more commands to the parameter based on your network configuration.

    For example, if your undercloud has the following configuration: 

    $ ip -4 addr ls br-ctlplane
8: br-ctlplane: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet 172.16.9.1/24 brd 172.16.9.255 scope global br-ctlplane
valid_lft forever preferred_lft forever

$ sudo ovs-vsctl show
...
Bridge br-ctlplane
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port eth0
Interface eth0
Port br-ctlplane
Interface br-ctlplane
type: internal
Port phy-br-ctlplane
Interface phy-br-ctlplane
type: patch
options:

{peer=int-br-ctlplane}
...
    Copy to Clipboard Toggle word wrap

    The NETWORKING_PREPARATION_COMMANDS parameter is formatted as follows: 

    NETWORKING_PREPARATION_COMMANDS=('ip link add br-ctlplane type bridge' 'ip link set br-ctlplane up' 'ip link set eth0 up' 'ip link set eth0 master br-ctlplane' 'ip addr add 172.16.9.1/24 dev br-ctlplane')
    Copy to Clipboard Toggle word wrap

2.1.8. Creating a backup of the undercloud node
Copy link

To create a backup of the undercloud node, use the openstack undercloud backup command. You can then use the backup to restore the undercloud node to its previous state in case the node becomes corrupted or inaccessible. The backup of the undercloud node includes the backup of the database that runs on the undercloud node.

Important

Before you back up your undercloud node, stop the undercloud node and check that the file system is free of corruption. For example, disk corruption on the undercloud node prevents you from performing a backup of the node.

Note

It is recommended that you create a backup of the undercloud node by using the following procedure. However, if you completed Creating a standalone database backup of the undercloud nodes, you can skip this procedure.

Prerequisites

Procedure

  1. Log in to the undercloud as the stack user.

  2. Retrieve the MySQL root password: 

    [stack@undercloud ~]$ PASSWORD=$(sudo /bin/hiera -c /etc/puppet/hiera.yaml mysql::server::root_password)
    Copy to Clipboard Toggle word wrap

  3. Create a database backup of the undercloud node: 

    [stack@undercloud ~]$ sudo podman exec mysql bash -c "mysqldump -uroot -p$PASSWORD --opt --all-databases" | sudo tee /root/undercloud-all-databases.sql
    Copy to Clipboard Toggle word wrap

  4. On the undercloud node, source the undercloud credentials: 

    [stack@undercloud-0 ~]$ source stackrc
    Copy to Clipboard Toggle word wrap

  5. Create a backup of the undercloud node: 

    (undercloud) [stack@undercloud ~]$ openstack undercloud backup
--inventory /home/stack/tripleo-inventory.yaml
    Copy to Clipboard Toggle word wrap

You can schedule backups of the undercloud nodes with ReaR by using the Ansible backup-and-restore role. You can view the logs in the /var/log/rear-cron directory.

Prerequisites

Procedure

  1. To schedule a backup of your control plane nodes, run the following command. The default schedule is Sundays at midnight: 

    openstack undercloud backup --cron
    Copy to Clipboard Toggle word wrap

  2. Optional: Customize the scheduled backup according to your deployment:

    • To change the default backup schedule, pass a different cron schedule on the tripleo_backup_and_restore_cron parameter: 

      openstack undercloud backup --cron --extra-vars
'{"tripleo_backup_and_restore_cron": "0 0 * * 0"}'
      Copy to Clipboard Toggle word wrap

    • To define additional parameters that are added to the backup command when cron runs the scheduled backup, pass the tripleo_backup_and_restore_cron_extra parameter to the backup command, as shown in the following example: 

      openstack undercloud backup --cron --extra-vars '{"tripleo_backup_and_restore_cron_extra":"--extra-vars bar-vars.yaml --inventory /home/stack/tripleo-inventory.yaml"}'
      Copy to Clipboard Toggle word wrap

    • To change the default user that executes the backup, pass the tripleo_backup_and_restore_cron_user parameter to the backup command, as shown in the following example: 

      openstack undercloud backup --cron --extra-vars '{"tripleo_backup_and_restore_cron_user": "root"}
      Copy to Clipboard Toggle word wrap

To back up the control plane nodes, you configure the backup node, install the Relax-and-Recover tool on the control plane nodes, and create the backup image. You can create backups as a part of your regular environment maintenance.

In addition, you must back up the control plane nodes before performing updates or upgrades. You can use the backups to restore the control plane nodes to their previous state if an error occurs during an update or upgrade.

The backup process causes the failover of services that are managed by pacemaker. For this reason, you must run it during planned maintenance and expect some transactions to be lost.

2.2.1. Supported backup formats and protocols
Copy link

The undercloud and backup and restore process uses the open-source tool Relax-and-Recover (ReaR) to create and restore bootable backup images. ReaR is written in Bash and supports multiple image formats and multiple transport protocols.

The following list shows the backup formats and protocols that Red Hat OpenStack Platform supports when you use ReaR to back up and restore the undercloud and control plane.

Bootable media formats
  • ISO
File transport protocols
  • SFTP
  • NFS

You can install and configure a new NFS server to store the backup file. To install and configure an NFS server on the backup node, create an inventory file, create an SSH key, and run the openstack undercloud backup command with the NFS server options.

Important
  • If you previously installed and configured an NFS or SFTP server, you do not need to complete this procedure. You enter the server information when you set up ReaR on the node that you want to back up.
  • By default, the Relax and Recover (ReaR) IP address parameter for the NFS server is 192.168.24.1. You must add the parameter tripleo_backup_and_restore_server to set the IP address value that matches your environment.

Procedure

  1. On the undercloud node, source the undercloud credentials: 

    [stack@undercloud-0 ~]$ source stackrc
(undercloud) [stack@undercloud ~]$
    Copy to Clipboard Toggle word wrap

  2. On the undercloud node, create an inventory file for the backup node: 

    (undercloud) [stack@undercloud ~]$ cat <<'EOF'> ~/nfs-inventory.yaml
[BackupNode]
<backup_node> ansible_host=<ip_address> ansible_user=<user>
EOF
    Copy to Clipboard Toggle word wrap

    Replace <backup_node>, <ip_address>, and <user> with the values that apply to your environment.

  3. Copy the public SSH key from the undercloud node to the backup node. 

    (undercloud) [stack@undercloud ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub <backup_node>
    Copy to Clipboard Toggle word wrap

    Replace <backup_node> with the path and name of the backup node.

  4. Configure the NFS server on the backup node: 

    (undercloud) [stack@undercloud ~]$ openstack undercloud backup --setup-nfs --extra-vars /home/stack/bar-vars.yaml --inventory /home/stack/nfs-inventory.yaml
    Copy to Clipboard Toggle word wrap

2.2.3. Installing ReaR on the control plane nodes
Copy link

Before you create a backup of the control plane nodes, install and configure Relax and Recover (ReaR) on each of the control plane nodes.

Important

Due to a known issue, the ReaR backup of overcloud nodes continues even if a Controller node is down. Ensure that all your Controller nodes are running before you run the ReaR backup. A fix is planned for a later Red Hat OpenStack Platform (RHOSP) release. For more information, see BZ#2077335 - Back up of the overcloud ctlplane keeps going even if one controller is unreachable.

Prerequisites

Procedure

  1. On the undercloud node, source the undercloud credentials: 

    [stack@undercloud-0 ~]$ source stackrc
    Copy to Clipboard Toggle word wrap

  2. If you have not done so before, extract the static ansible inventory file from the location in which it was saved during installation: 

    (undercloud) [stack@undercloud ~]$ cp ~/overcloud-deploy/<stack>/tripleo-ansible-inventory.yaml ~/tripleo-inventory.yaml
    Copy to Clipboard Toggle word wrap
    • Replace <stack> with the name of your stack. By default, the name of the stack is overcloud.

  3. In the bar-vars.yaml file, configure the backup storage location:

    • If you installed and configured your own NFS server, add the tripleo_backup_and_restore_server parameter and set the value to the IP address of your NFS server: 

      tripleo_backup_and_restore_server: <ip_address>
tripleo_backup_and_restore_shared_storage_folder: <backup_dir>
      Copy to Clipboard Toggle word wrap
      • Replace <ip_address> and <backup_dir> with the values that apply to your environment. By default, the tripleo_backup_and_restore_server parameter value is 192.168.24.1.*

    • If you use an SFTP server, add the tripleo_backup_and_restore_output_url parameter and set the values of the URL and credentials of the SFTP server: 

      tripleo_backup_and_restore_output_url: sftp://<user>:<password>@<backup_node>/
tripleo_backup_and_restore_backup_url: iso:///backup/
      Copy to Clipboard Toggle word wrap

      Replace <user>, <password>, and <backup_node> with the backup node URL and credentials.

  4. Install ReaR on the control plane nodes: 

    (undercloud) [stack@undercloud ~]$ openstack overcloud backup --setup-rear --extra-vars /home/stack/bar-vars.yaml --inventory /home/stack/tripleo-inventory.yaml
    Copy to Clipboard Toggle word wrap

  5. If your system uses the UEFI boot loader, perform the following steps on the control plane nodes:

    1. Install the following tools: 

      $ sudo dnf install dosfstools efibootmgr
      Copy to Clipboard Toggle word wrap
    2. Enable UEFI backup in the ReaR configuration file located in /etc/rear/local.conf by replacing the USING_UEFI_BOOTLOADER parameter value 0 with the value 1 and adding UEFI_BOOTLOADER=/boot/efi/EFI/redhat/shimx64.efi.

If you use an Open vSwitch (OVS) bridge in your environment, you must manually configure the OVS interfaces before you create a backup of the undercloud or control plane nodes. The restoration process uses this information to restore the network interfaces.

Procedure

  • In the /etc/rear/local.conf file, add the NETWORKING_PREPARATION_COMMANDS parameter in the following format: 

    NETWORKING_PREPARATION_COMMANDS=('<command_1>' '<command_2>' ...')
    Copy to Clipboard Toggle word wrap

  • Replace <command_1> and <command_2> with commands that configure the network interfaces. For example, you can add the ip link add br-ctlplane type bridge command to create the control plane bridge or add the ip link set eth0 up command to change the state of eth0 to up. You can add more commands to the parameter based on your network configuration.

    For example, if your undercloud has the following configuration: 

    $ ip -4 addr ls br-ctlplane
8: br-ctlplane: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet 172.16.9.1/24 brd 172.16.9.255 scope global br-ctlplane
valid_lft forever preferred_lft forever

$ sudo ovs-vsctl show
...
Bridge br-ctlplane
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
datapath_type: system
Port eth0
Interface eth0
Port br-ctlplane
Interface br-ctlplane
type: internal
Port phy-br-ctlplane
Interface phy-br-ctlplane
type: patch
options:

{peer=int-br-ctlplane}
...
    Copy to Clipboard Toggle word wrap

    The NETWORKING_PREPARATION_COMMANDS parameter is formatted as follows: 

    NETWORKING_PREPARATION_COMMANDS=('ip link add br-ctlplane type bridge' 'ip link set br-ctlplane up' 'ip link set eth0 up' 'ip link set eth0 master br-ctlplane' 'ip addr add 172.16.9.1/24 dev br-ctlplane')
    Copy to Clipboard Toggle word wrap

To create a backup of the control plane nodes, use the openstack overcloud backup command. You can then use the backup to restore the control plane nodes to their previous state in case the nodes become corrupted or inaccessible. The backup of the control plane nodes includes the backup of the database that runs on the control plane nodes.

Important

Before you back up your control plane nodes, stop each control plane node and check that the file system is free of corruption. For example, disk corruption on the control plane nodes prevents you from performing a backup of the nodes.

Prerequisites

Procedure

  1. Locate the config-drive partition on each control plane node: 

    [stack@undercloud-0 ~]$ blkid -t LABEL="config-2" -odevice
    Copy to Clipboard Toggle word wrap

  2. On each control plane node, back up the config-drive partition of each node as the root user: 

    [root@controller-x ~]# dd if=<config_drive_partition> of=/mnt/config-drive
    Copy to Clipboard Toggle word wrap

    Replace <config_drive_partition> with the name of the config-drive partition that you located in step 1.

  3. On the undercloud node, source the undercloud credentials: 

    [stack@undercloud-0 ~]$ source stackrc
    Copy to Clipboard Toggle word wrap

  4. Create a backup of the control plane nodes: 

    (undercloud) [stack@undercloud ~]$ openstack overcloud backup --inventory /home/stack/tripleo-inventory.yaml
    Copy to Clipboard Toggle word wrap

    The backup process runs sequentially on each control plane node without disrupting the service to your environment.

You can schedule backups of the control plane nodes with ReaR by using the Ansible backup-and-restore role. You can view the logs in the /var/log/rear-cron directory.

Prerequisites

Procedure

  1. To schedule a backup of your control plane nodes, run the following command. The default schedule is Sundays at midnight: 

    openstack overcloud backup --cron
    Copy to Clipboard Toggle word wrap

  2. Optional: Customize the scheduled backup according to your deployment:

    • To change the default backup schedule, pass a different cron schedule on the tripleo_backup_and_restore_cron parameter: 

      openstack overcloud backup --cron --extra-vars
'{"tripleo_backup_and_restore_cron": "0 0 * * 0"}'
      Copy to Clipboard Toggle word wrap

    • To define additional parameters that are added to the backup command when cron runs the scheduled backup, pass the tripleo_backup_and_restore_cron_extra parameter to the backup command, as shown in the following example: 

      openstack overcloud backup --cron --extra-vars '{"tripleo_backup_and_restore_cron_extra":"--extra-vars bar-vars.yaml --inventory /home/stack/tripleo-inventory.yaml"}'
      Copy to Clipboard Toggle word wrap

    • To change the default user that executes the backup, pass the tripleo_backup_and_restore_cron_user parameter to the backup command, as shown in the following example: 

      openstack overcloud backup --cron --extra-vars '{"tripleo_backup_and_restore_cron_user": "root"}
      Copy to Clipboard Toggle word wrap

If your undercloud or control plane nodes become corrupted or if an error occurs during an update or upgrade, you can restore the undercloud or overcloud control plane nodes from a backup to their previous state. If the restore process fails to automatically restore the Galera cluster or nodes with colocated Ceph monitors, you can restore these components manually.

2.3.1. Restoring the undercloud node
Copy link

You can restore the undercloud node to its previous state using the backup ISO image that you created using ReaR. You can find the backup ISO images on the backup node. Burn the bootable ISO image to a DVD or download it to the undercloud node through Integrated Lights-Out (iLO) remote access.

Prerequisites

  • You have created a backup of the undercloud node. For more information, see Section 2.1.8, “Creating a backup of the undercloud node”.
  • You have access to the backup node.
  • If you use an OVS bridge for your network interfaces, you have access to the network configuration information that you set in the NETWORKING_PREPARATION_COMMANDS parameter. For more information, see see Section 2.1.7, “Configuring Open vSwitch (OVS) interfaces for backup”.

  • If you configured backup encryption, you must decrypt the backup before you begin the restoration process. Run the following decrypt step in the system where the backup file is located: 

    $ dd if=backup.tar.gz | /usr/bin/openssl des3 -d -k "<encryption key>" | tar -C <backup_location> -xzvf - '*.conf'
    Copy to Clipboard Toggle word wrap
    • Replace <encryption key> with your encryption key.
    • Replace <backup_location> with the folder in which you want to save the backup.tar.gz file, for example, /ctl_plane_backups/undercloud-0/.

Procedure

  1. Power off the undercloud node. Ensure that the undercloud node is powered off completely before you proceed.
  2. Boot the undercloud node with the backup ISO image.

  3. When the Relax-and-Recover boot menu displays, select Recover <undercloud_node>. Replace <undercloud_node> with the name of your undercloud node.

    Note

    If your system uses UEFI, select the Relax-and-Recover (no Secure Boot) option.

  4. Log in as the root user and restore the node:

    The following message displays: 

    Welcome to Relax-and-Recover. Run "rear recover" to restore your system!
RESCUE <undercloud_node>:~ # rear recover
    Copy to Clipboard Toggle word wrap

    When the undercloud node restoration process completes, the console displays the following message: 

    Finished recovering your system
Exiting rear recover
Running exit tasks
    Copy to Clipboard Toggle word wrap

  5. Power off the node: 

    RESCUE <undercloud_node>:~ #  poweroff
    Copy to Clipboard Toggle word wrap

    On boot up, the node resumes its previous state.

2.3.2. Restoring the control plane nodes
Copy link

If an error occurs during an update or upgrade, you can restore the control plane nodes to their previous state using the backup ISO image that you have created using ReaR.

To restore the control plane, you must restore all control plane nodes to ensure state consistency.

You can find the backup ISO images on the backup node. Burn the bootable ISO image to a DVD or download it to the undercloud node through Integrated Lights-Out (iLO) remote access.

Note

Red Hat supports backups of Red Hat OpenStack Platform with native SDNs, such as Open vSwitch (OVS) and the default Open Virtual Network (OVN). For information about third-party SDNs, refer to the third-party SDN documentation.

Prerequisites

Procedure

  1. Power off each control plane node. Ensure that the control plane nodes are powered off completely before you proceed.
  2. Boot each control plane node with the corresponding backup ISO image.

  3. When the Relax-and-Recover boot menu displays, on each control plane node, select Recover <control_plane_node>. Replace <control_plane_node> with the name of the corresponding control plane node.

    Note

    If your system uses UEFI, select the Relax-and-Recover (no Secure Boot) option.

  4. On each control plane node, log in as the root user and restore the node:

    The following message displays: 

    Welcome to Relax-and-Recover. Run "rear recover" to restore your system!
RESCUE <control_plane_node>:~ # rear recover
    Copy to Clipboard Toggle word wrap

    When the control plane node restoration process completes, the console displays the following message: 

    Finished recovering your system
Exiting rear recover
Running exit tasks
    Copy to Clipboard Toggle word wrap

  5. When the command line console is available, restore the config-drive partition of each control plane node: 

    # once completed, restore the config-drive partition (which is ISO9660)
RESCUE <control_plane_node>:~ $ dd if=/mnt/local/mnt/config-drive of=<config_drive_partition>
    Copy to Clipboard Toggle word wrap

  6. Power off the node: 

    RESCUE <control_plane_node>:~ #  poweroff
    Copy to Clipboard Toggle word wrap
  7. Set the boot sequence to the normal boot device. On boot up, the node resumes its previous state.

  8. To ensure that the services are running correctly, check the status of pacemaker. Log in to a Controller node as the root user and enter the following command: 

    # pcs status
    Copy to Clipboard Toggle word wrap
  9. To view the status of the overcloud, use the OpenStack Integration Test Suite (tempest). For more information, see Validating your OpenStack cloud with the Integration Test Suite (tempest).

Troubleshooting

  • Clear resource alarms that are displayed by pcs status by running the following command: 
 # pcs resource clean
Copy to Clipboard Toggle word wrap
  • Clear STONITH fencing action errors that are displayed by pcs status by running the following commands: 
# pcs resource clean
# pcs stonith history cleanup
Copy to Clipboard Toggle word wrap

2.3.3. Restoring the Galera cluster manually
Copy link

If the Galera cluster does not restore as part of the restoration procedure, you must restore Galera manually.

Note

In this procedure, you must perform some steps on one Controller node. Ensure that you perform these steps on the same Controller node as you go through the procedure.

Procedure

  1. On Controller-0, retrieve the Galera cluster virtual IP: 

    $ sudo hiera -c /etc/puppet/hiera.yaml mysql_vip
    Copy to Clipboard Toggle word wrap

  2. Disable the database connections through the virtual IP on all Controller nodes: 

    $ sudo iptables -I INPUT -p tcp --destination-port 3306 -d $MYSQL_VIP=<galera_cluster_vip> -j DROP
    Copy to Clipboard Toggle word wrap
    • Replace <galera_cluster_vip> with the IP address you retrieved in step 1.

  3. On Controller-0, retrieve the MySQL root password: 

    $ sudo hiera -c /etc/puppet/hiera.yaml mysql::server::root_password
    Copy to Clipboard Toggle word wrap

  4. On Controller-0, set the Galera resource to unmanaged mode: 

    $ sudo pcs resource unmanage galera-bundle
    Copy to Clipboard Toggle word wrap

  5. Stop the MySQL containers on all Controller nodes: 

    $ sudo podman container stop $(sudo podman container ls --all --format "{{.Names}}" --filter=name=galera-bundle)
    Copy to Clipboard Toggle word wrap

  6. Move the current directory on all Controller nodes: 

    $ sudo mv /var/lib/mysql /var/lib/mysql-save
    Copy to Clipboard Toggle word wrap

  7. Create the new directory /var/lib/mysq on all Controller nodes: 

    $ sudo mkdir /var/lib/mysql
$ sudo chown 42434:42434 /var/lib/mysql
$ sudo chcon -t container_file_t /var/lib/mysql
$ sudo chmod 0755 /var/lib/mysql
$ sudo chcon -r object_r /var/lib/mysql
$ sudo chcon -u system_u /var/lib/mysql
    Copy to Clipboard Toggle word wrap

  8. Start the MySQL containers on all Controller nodes: 

    $ sudo podman container start $(sudo podman container ls --all --format "{{ .Names }}" --filter=name=galera-bundle)
    Copy to Clipboard Toggle word wrap

  9. Create the MySQL database on all Controller nodes: 

    $ sudo podman exec -i $(sudo podman container ls --all --format "{{ .Names }}" \
      --filter=name=galera-bundle) bash -c "mysql_install_db --datadir=/var/lib/mysql --user=mysql --log_error=/var/log/mysql/mysql_init.log"
    Copy to Clipboard Toggle word wrap

  10. Start the database on all Controller nodes: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" \
      --filter=name=galera-bundle) bash -c "mysqld_safe --skip-networking --wsrep-on=OFF --log-error=/var/log/mysql/mysql_safe.log" &
    Copy to Clipboard Toggle word wrap

  11. Move the .my.cnf Galera configuration file on all Controller nodes: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" \
      --filter=name=galera-bundle) bash -c "mv /root/.my.cnf /root/.my.cnf.bck"
    Copy to Clipboard Toggle word wrap

  12. Reset the Galera root password on all Controller nodes: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}"  \
      --filter=name=galera-bundle) bash -c "mysql -uroot -e'use mysql;set password for root@localhost = password(\"$ROOTPASSWORD\");flush privileges;'"
    Copy to Clipboard Toggle word wrap

  13. Restore the .my.cnf Galera configuration file inside the Galera container on all Controller nodes: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}"   \
      --filter=name=galera-bundle) bash -c "mv /root/.my.cnf.bck /root/.my.cnf"
    Copy to Clipboard Toggle word wrap

  14. On Controller-0, copy the backup database files to /var/lib/MySQL: 

    $ sudo cp openstack-backup-mysql.sql /var/lib/mysql
$ sudo cp openstack-backup-mysql-grants.sql /var/lib/mysql
    Copy to Clipboard Toggle word wrap
    Note

    The path to these files is /home/tripleo-admin/.

  15. On Controller-0, restore the MySQL database: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}"    \
--filter=name=galera-bundle) bash -c "mysql -u root -p$ROOT_PASSWORD < \"/var/lib/mysql/$BACKUP_FILE\"  "

$ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}"    \
--filter=name=galera-bundle) bash -c "mysql -u root -p$ROOT_PASSWORD < \"/var/lib/mysql/$BACKUP_GRANT_FILE\"  "
    Copy to Clipboard Toggle word wrap

  16. Shut down the databases on all Controller nodes: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}"    \
      --filter=name=galera-bundle) bash -c "mysqladmin shutdown"
    Copy to Clipboard Toggle word wrap

  17. On Controller-0, start the bootstrap node: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}"  --filter=name=galera-bundle) \
        /usr/bin/mysqld_safe --pid-file=/var/run/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --datadir=/var/lib/mysql \
        --log-error=/var/log/mysql/mysql_cluster.log  --user=mysql --open-files-limit=16384 \
        --wsrep-cluster-address=gcomm:// &
    Copy to Clipboard Toggle word wrap

  18. Verification: On Controller-0, check the status of the cluster: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" \
         --filter=name=galera-bundle) bash -c "clustercheck"
    Copy to Clipboard Toggle word wrap

    Ensure that the following message is displayed: “Galera cluster node is synced”, otherwise you must recreate the node.

  19. On Controller-0, retrieve the cluster address from the configuration: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" \
--filter=name=galera-bundle) bash -c "grep wsrep_cluster_address /etc/my.cnf.d/galera.cnf" | awk '{print $3}'
    Copy to Clipboard Toggle word wrap

  20. On each of the remaining Controller nodes, start the database and validate the cluster:

    1. Start the database: 

      $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" \
      --filter=name=galera-bundle) /usr/bin/mysqld_safe --pid-file=/var/run/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock \
      --datadir=/var/lib/mysql --log-error=/var/log/mysql/mysql_cluster.log  --user=mysql --open-files-limit=16384 \
      --wsrep-cluster-address=$CLUSTER_ADDRESS &
      Copy to Clipboard Toggle word wrap

    2. Check the status of the MYSQL cluster: 

      $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" \
         --filter=name=galera-bundle) bash -c "clustercheck"
      Copy to Clipboard Toggle word wrap

      Ensure that the following message is displayed: “Galera cluster node is synced”, otherwise you must recreate the node.

  21. Stop the MySQL container on all Controller nodes: 

    $ sudo podman exec $(sudo podman container ls --all --format "{{ .Names }}" --filter=name=galera-bundle) \
        /usr/bin/mysqladmin -u root shutdown
    Copy to Clipboard Toggle word wrap

  22. On all Controller nodes, remove the following firewall rule to allow database connections through the virtual IP address: 

    $ sudo iptables -D INPUT -p tcp --destination-port 3306 -d <galera_cluster_vip> -j DROP
    Copy to Clipboard Toggle word wrap
    • Replace <galera_cluster_vip> with the IP address you retrieved in step 1.

  23. Restart the MySQL container on all Controller nodes: 

    $ sudo podman container restart $(sudo podman container ls --all --format  "{{ .Names }}" --filter=name=galera-bundle)
    Copy to Clipboard Toggle word wrap

  24. Restart the clustercheck container on all Controller nodes: 

    $ sudo podman container restart $(sudo podman container ls --all --format  "{{ .Names }}" --filter=name=clustercheck)
    Copy to Clipboard Toggle word wrap

  25. On Controller-0, set the Galera resource to managed mode: 

    $ sudo pcs resource manage galera-bundle
    Copy to Clipboard Toggle word wrap

Verification

  1. To ensure that services are running correctly, check the status of pacemaker: 

    $ sudo pcs status
    Copy to Clipboard Toggle word wrap
  2. To view the status of the overcloud, use the OpenStack Integration Test Suite (tempest). For more information, see Validating your OpenStack cloud with the Integration Test Suite (tempest).

  3. If you suspect an issue with a particular node, check the state of the cluster with clustercheck: 

    $ sudo podman exec clustercheck /usr/bin/clustercheck
    Copy to Clipboard Toggle word wrap

If the undercloud database does not restore as part of the undercloud restore process, you can restore the database manually. You can only restore the database if you previously created a standalone database backup.

Prerequisites

Procedure

  1. Log in to the director undercloud node as the root user.

  2. Stop all tripleo services: 

    [root@director ~]# systemctl  stop  tripleo_*
    Copy to Clipboard Toggle word wrap

  3. Ensure that no containers are running on the server by entering the following command: 

    [root@director ~]# podman ps
    Copy to Clipboard Toggle word wrap

    If any containers are running, enter the following command to stop the containers: 

    [root@director ~]# podman stop <container_name>
    Copy to Clipboard Toggle word wrap

  4. Create a backup of the current /var/lib/mysql directory and then delete the directory: 

    [root@director ~]# cp -a /var/lib/mysql /var/lib/mysql_bck
[root@director ~]# rm -rf /var/lib/mysql
    Copy to Clipboard Toggle word wrap

  5. Recreate the database directory and set the SELinux attributes for the new directory: 

    [root@director ~]# mkdir /var/lib/mysql
[root@director ~]# chown 42434:42434 /var/lib/mysql
[root@director ~]# chmod 0755 /var/lib/mysql
[root@director ~]# chcon -t container_file_t /var/lib/mysql
[root@director ~]# chcon -r object_r /var/lib/mysql
[root@director ~]# chcon -u system_u /var/lib/mysql
    Copy to Clipboard Toggle word wrap

  6. Create a local tag for the mariadb image. Replace <image_id> and <undercloud.ctlplane.example.com> with the values applicable in your environment: 

    [root@director ~]# podman images | grep mariadb
<undercloud.ctlplane.example.com>:8787/rh-osbs/rhosp16-openstack-mariadb                 	16.2_20210322.1   <image_id>   3 weeks ago   718 MB
    Copy to Clipboard Toggle word wrap 
    [root@director ~]# podman tag <image_id> mariadb
    Copy to Clipboard Toggle word wrap 
    [root@director ~]# podman images | grep maria
localhost/mariadb                                                                         	latest        	<image_id>   3 weeks ago   718 MB
<undercloud.ctlplane.example.com>:8787/rh-osbs/rhosp16-openstack-mariadb                 	16.2_20210322.1   <image_id>   3 weeks ago   718 MB
    Copy to Clipboard Toggle word wrap

  7. Initialize the /var/lib/mysql directory with the container: 

    [root@director ~]# podman run --net=host -v /var/lib/mysql:/var/lib/mysql localhost/mariadb mysql_install_db --datadir=/var/lib/mysql --user=mysql
    Copy to Clipboard Toggle word wrap
    Note

    You can ignore the following error messages, which are generated because the directories do not exist in the container image used in RHOSP. 

    chown: cannot access '/usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool': No such file or directory
Couldn't set an owner to '/usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool'.
It must be root, the PAM authentication plugin doesn't work otherwise.
    Copy to Clipboard Toggle word wrap

  8. Copy the database backup file that you want to import to the database: 

    [root@director ~]# cp /root/undercloud-all-databases.sql /var/lib/mysql
    Copy to Clipboard Toggle word wrap

  9. Start the database service to import the data: 

    [root@director ~]# podman run --net=host -dt -v /var/lib/mysql:/var/lib/mysql  localhost/mariadb  /usr/libexec/mysqld
    Copy to Clipboard Toggle word wrap

  10. Import the data and configure the max_allowed_packet parameter:

    1. Log in to the container and configure it: 

      [root@director ~]# podman exec -it <container_id> /bin/bash
    ()[mysql@5a4e429c6f40 /]$ mysql -u root -e "set global max_allowed_packet = 1073741824;"
    ()[mysql@5a4e429c6f40 /]$ mysql -u root < /var/lib/mysql/undercloud-all-databases.sql
    ()[mysql@5a4e429c6f40 /]$ mysql -u root -e 'flush privileges'
    ()[mysql@5a4e429c6f40 /]$ exit
    exit
      Copy to Clipboard Toggle word wrap

    2. Stop the container: 

      [root@director ~]# podman stop <container_id>
      Copy to Clipboard Toggle word wrap

    3. Check that no containers are running: 

      [root@director ~]# podman ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
[root@director ~]#
      Copy to Clipboard Toggle word wrap

  11. Restart all tripleo services: 

    [root@director ~]# systemctl start multi-user.target
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat