Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Installing the Migration Toolkit for Containers

You can install the Migration Toolkit for Containers (MTC) on OpenShift Container Platform 3 and on OpenShift Container Platform 4.5 clusters.

Important

You must install the same MTC version on all clusters.

By default, the MTC web console and the Migration Controller pod run on the target cluster. You can configure the Migration Controller custom resource manifest to run the MTC web console and the Migration Controller pod on a source cluster or on a remote cluster.

After you have installed MTC, you must configure an object storage to use as a replication repository.

You can install the MTC Operator on OpenShift Container Platform 4 by using the OpenShift Container Platform web console.

Prerequisites

  • You must be logged in as a user with cluster-admin privileges on all clusters.

Procedure

  1. In the OpenShift Container Platform web console, click Operators OperatorHub.
  2. Use the Filter by keyword field to find the Migration Toolkit for Containers Operator.

  3. Select the Migration Toolkit for Containers Operator and click Install.

    Note

    Do not change the subscription approval option to Automatic. The Migration Toolkit for Containers version must be the same on the source and the target clusters.

  4. Click Install.

    On the Installed Operators page, the Migration Toolkit for Containers Operator appears in the openshift-migration project with the status Succeeded.

  5. Click Migration Toolkit for Containers Operator.
  6. Under Provided APIs, locate the Migration Controller tile, and click Create Instance.

  7. If you do not want to run the MTC web console and the Migration Controller pod on the cluster, update the following parameters in the migration-controller custom resource manifest: 

    spec:
...
  migration_controller: false
  migration_ui: false
...
  deprecated_cors_configuration: true
    1
    Copy to Clipboard Toggle word wrap
    1
    This parameter is required only for OpenShift Container Platform 4.1.
  8. Click Create.
  9. Click Workloads Pods to verify that the MTC pods are running.

You can install the Migration Toolkit for Containers Operator manually on OpenShift Container Platform 3.7, 3.9, 3.10, or 3.11.

Important

You must install the same MTC version on the OpenShift Container Platform 3 and 4 clusters.

To ensure that you have the latest version on the OpenShift Container Platform 3 cluster, download the operator.yml and controller-3.yml files when you are ready to create and run the migration plan.

Prerequisites

  • You must be logged in as a user with cluster-admin privileges on all clusters.
  • You must have access to registry.redhat.io.
  • You must have podman installed.
  • The cluster on which you are installing MTC must be OpenShift Container Platform 3.7, 3.9, 3.10, or 3.11.
  • You must create an image stream secret and copy it to each node in the cluster.

Procedure

  1. Log in to registry.redhat.io with your Red Hat Customer Portal credentials: 

    $ sudo podman login registry.redhat.io
    Copy to Clipboard Toggle word wrap

  2. Download the operator.yml file: 

    $ sudo podman cp $(sudo podman create \
  registry.redhat.io/rhmtc/openshift-migration-rhel7-operator:v1.4):/operator.yml ./
    Copy to Clipboard Toggle word wrap

  3. Download the controller-3.yml file: 

    $ sudo podman cp $(sudo podman create \
  registry.redhat.io/rhmtc/openshift-migration-rhel7-operator:v1.4):/controller-3.yml ./
    Copy to Clipboard Toggle word wrap
  4. Log in to your OpenShift Container Platform 3 cluster.

  5. Verify that the cluster can authenticate with registry.redhat.io: 

    $ oc run test --image registry.redhat.io/ubi8 --command sleep infinity
    Copy to Clipboard Toggle word wrap

  6. Create the Migration Toolkit for Containers Operator object: 

    $ oc create -f operator.yml
    Copy to Clipboard Toggle word wrap

    Example output

    namespace/openshift-migration created
rolebinding.rbac.authorization.k8s.io/system:deployers created
serviceaccount/migration-operator created
customresourcedefinition.apiextensions.k8s.io/migrationcontrollers.migration.openshift.io created
role.rbac.authorization.k8s.io/migration-operator created
rolebinding.rbac.authorization.k8s.io/migration-operator created
clusterrolebinding.rbac.authorization.k8s.io/migration-operator created
deployment.apps/migration-operator created
Error from server (AlreadyExists): error when creating "./operator.yml":
rolebindings.rbac.authorization.k8s.io "system:image-builders" already exists
    1 
    
Error from server (AlreadyExists): error when creating "./operator.yml":
rolebindings.rbac.authorization.k8s.io "system:image-pullers" already exists
    Copy to Clipboard Toggle word wrap

    1
    You can ignore Error from server (AlreadyExists) messages. They are caused by the Migration Toolkit for Containers Operator creating resources for earlier versions of OpenShift Container Platform 3 that are provided in later releases.

  7. Create the MigrationController object: 

    $ oc create -f controller-3.yml
    Copy to Clipboard Toggle word wrap

  8. Verify that the MTC pods are running: 

    $ oc get pods -n openshift-migration
    Copy to Clipboard Toggle word wrap

4.3. Configuring a replication repository
링크 복사

You must configure an object storage to use as a replication repository. The Migration Toolkit for Containers (MTC) copies data from the source cluster to the replication repository, and then from the replication repository to the target cluster.

MTC supports the file system and snapshot data copy methods for migrating data from the source cluster to the target cluster. You can select a method that is suited for your environment and is supported by your storage provider.

All clusters must have uninterrupted network access to the replication repository.

If you use a proxy server with an internally hosted replication repository, you must ensure that the proxy allows access to the replication repository.

The following storage providers are supported:

  • Multi-Cloud Object Gateway (MCG)
  • Amazon Web Services (AWS) S3
  • Google Cloud Platform (GCP)
  • Microsoft Azure Blob
  • Generic S3 object storage, for example, Minio or Ceph S3

Additional resources

4.3.1. Configuring Multi-Cloud Object Gateway
링크 복사

You can install the OpenShift Container Storage Operator and configure a Multi-Cloud Object Gateway (MCG) storage bucket as a replication repository for the Migration Toolkit for Containers (MTC).

4.3.1.1. Installing the OpenShift Container Storage Operator
링크 복사

You can install the OpenShift Container Storage Operator from OperatorHub.

Procedure

  1. In the OpenShift Container Platform web console, click Operators OperatorHub.
  2. Use Filter by keyword (in this case, OCS) to find the OpenShift Container Storage Operator.
  3. Select the OpenShift Container Storage Operator and click Install.
  4. Select an Update Channel, Installation Mode, and Approval Strategy.

  5. Click Install.

    On the Installed Operators page, the OpenShift Container Storage Operator appears in the openshift-storage project with the status Succeeded.

4.3.1.2. Creating the Multi-Cloud Object Gateway storage bucket
링크 복사

You can create the Multi-Cloud Object Gateway (MCG) storage bucket’s custom resources (CRs).

Procedure

  1. Log in to the OpenShift Container Platform cluster: 

    $ oc login
    Copy to Clipboard Toggle word wrap

  2. Create the NooBaa CR configuration file, noobaa.yml, with the following content: 

    apiVersion: noobaa.io/v1alpha1
kind: NooBaa
metadata:
  name: <noobaa>
  namespace: openshift-storage
spec:
 dbResources:
   requests:
     cpu: 0.5
    1 
    
     memory: 1Gi
 coreResources:
   requests:
     cpu: 0.5
    2 
    
     memory: 1Gi
    Copy to Clipboard Toggle word wrap
    1 2
    For a very small cluster, you can change the value to 0.1.

  3. Create the NooBaa object: 

    $ oc create -f noobaa.yml
    Copy to Clipboard Toggle word wrap

  4. Create the BackingStore CR configuration file, bs.yml, with the following content: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: <mcg_backing_store>
  namespace: openshift-storage
spec:
  pvPool:
    numVolumes: 3
    1 
    
    resources:
      requests:
        storage: <volume_size>
    2 
    
    storageClass: <storage_class>
    3 
    
  type: pv-pool
    Copy to Clipboard Toggle word wrap
    1
    Specify the number of volumes in the persistent volume pool.
    2
    Specify the size of the volumes, for example, 50Gi.
    3
    Specify the storage class, for example, gp2.

  5. Create the BackingStore object: 

    $ oc create -f bs.yml
    Copy to Clipboard Toggle word wrap

  6. Create the BucketClass CR configuration file, bc.yml, with the following content: 

    apiVersion: noobaa.io/v1alpha1
kind: BucketClass
metadata:
  labels:
    app: noobaa
  name: <mcg_bucket_class>
  namespace: openshift-storage
spec:
  placementPolicy:
    tiers:
    - backingStores:
      - <mcg_backing_store>
      placement: Spread
    Copy to Clipboard Toggle word wrap

  7. Create the BucketClass object: 

    $ oc create -f bc.yml
    Copy to Clipboard Toggle word wrap

  8. Create the ObjectBucketClaim CR configuration file, obc.yml, with the following content: 

    apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
  name: <bucket>
  namespace: openshift-storage
spec:
  bucketName: <bucket>
    1 
    
  storageClassName: <storage_class>
  additionalConfig:
    bucketclass: <mcg_bucket_class>
    Copy to Clipboard Toggle word wrap
    1
    Record the bucket name for adding the replication repository to the MTC web console.

  9. Create the ObjectBucketClaim object: 

    $ oc create -f obc.yml
    Copy to Clipboard Toggle word wrap

  10. Watch the resource creation process to verify that the ObjectBucketClaim status is Bound: 

    $ watch -n 30 'oc get -n openshift-storage objectbucketclaim migstorage -o yaml'
    Copy to Clipboard Toggle word wrap

    This process can take five to ten minutes.

  11. Obtain and record the following values, which are required when you add the replication repository to the MTC web console:

    • S3 endpoint: 

      $ oc get route -n openshift-storage s3
      Copy to Clipboard Toggle word wrap

    • S3 provider access key: 

      $ oc get secret -n openshift-storage migstorage \
  -o go-template='{{ .data.AWS_ACCESS_KEY_ID }}' | base64 --decode
      Copy to Clipboard Toggle word wrap

    • S3 provider secret access key: 

      $ oc get secret -n openshift-storage migstorage \
  -o go-template='{{ .data.AWS_SECRET_ACCESS_KEY }}' | base64 --decode
      Copy to Clipboard Toggle word wrap

4.3.2. Configuring Amazon Web Services S3
링크 복사

You can configure an Amazon Web Services (AWS) S3 storage bucket as a replication repository for the Migration Toolkit for Containers (MTC).

Prerequisites

  • The AWS S3 storage bucket must be accessible to the source and target clusters.
  • You must have the AWS CLI installed.

  • If you are using the snapshot copy method:

    • You must have access to EC2 Elastic Block Storage (EBS).
    • The source and target clusters must be in the same region.
    • The source and target clusters must have the same storage class.
    • The storage class must be compatible with snapshots.

Procedure

  1. Create an AWS S3 bucket: 

    $ aws s3api create-bucket \
    --bucket <bucket> \
    1 
    
    --region <bucket_region>
    2
    Copy to Clipboard Toggle word wrap
    1
    Specify your S3 bucket name.
    2
    Specify your S3 bucket region, for example, us-east-1.

  2. Create the IAM user velero: 

    $ aws iam create-user --user-name velero
    Copy to Clipboard Toggle word wrap

  3. Create an EC2 EBS snapshot policy: 

    $ cat > velero-ec2-snapshot-policy.json <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVolumes",
                "ec2:DescribeSnapshots",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:CreateSnapshot",
                "ec2:DeleteSnapshot"
            ],
            "Resource": "*"
        }
    ]
}
EOF
    Copy to Clipboard Toggle word wrap

  4. Create an AWS S3 access policy for one or for all S3 buckets: 

    $ cat > velero-s3-policy.json <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket>/*"
    1 
    
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket>"
    2 
    
            ]
        }
    ]
}
EOF
    Copy to Clipboard Toggle word wrap
    1 2
    To grant access to a single S3 bucket, specify the bucket name. To grant access to all AWS S3 buckets, specify * instead of a bucket name as in the following example:

    Example output

    "Resource": [
    "arn:aws:s3:::*"
    Copy to Clipboard Toggle word wrap

  5. Attach the EC2 EBS policy to velero: 

    $ aws iam put-user-policy \
  --user-name velero \
  --policy-name velero-ebs \
  --policy-document file://velero-ec2-snapshot-policy.json
    Copy to Clipboard Toggle word wrap

  6. Attach the AWS S3 policy to velero: 

    $ aws iam put-user-policy \
  --user-name velero \
  --policy-name velero-s3 \
  --policy-document file://velero-s3-policy.json
    Copy to Clipboard Toggle word wrap

  7. Create an access key for velero: 

    $ aws iam create-access-key --user-name velero
{
  "AccessKey": {
        "UserName": "velero",
        "Status": "Active",
        "CreateDate": "2017-07-31T22:24:41.576Z",
        "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>,
    1 
    
        "AccessKeyId": <AWS_ACCESS_KEY_ID>
    2 
    
    }
}
    Copy to Clipboard Toggle word wrap
    1 2
    Record the AWS_SECRET_ACCESS_KEY and the AWS_ACCESS_KEY_ID for adding the AWS repository to the MTC web console.

4.3.3. Configuring Google Cloud Platform
링크 복사

You can configure a Google Cloud Platform (GCP) storage bucket as a replication repository for the Migration Toolkit for Containers (MTC).

Prerequisites

  • The GCP storage bucket must be accessible to the source and target clusters.
  • You must have gsutil installed.

  • If you are using the snapshot copy method:

    • The source and target clusters must be in the same region.
    • The source and target clusters must have the same storage class.
    • The storage class must be compatible with snapshots.

Procedure

  1. Log in to gsutil: 

    $ gsutil init
    Copy to Clipboard Toggle word wrap

    Example output

    Welcome! This command will take you through the configuration of gcloud.

Your current configuration has been set to: [default]

To continue, you must login. Would you like to login (Y/n)?
    Copy to Clipboard Toggle word wrap

  2. Set the BUCKET variable: 

    $ BUCKET=<bucket>
    1
    Copy to Clipboard Toggle word wrap
    1
    Specify your bucket name.

  3. Create a storage bucket: 

    $ gsutil mb gs://$BUCKET/
    Copy to Clipboard Toggle word wrap

  4. Set the PROJECT_ID variable to your active project: 

    $ PROJECT_ID=`gcloud config get-value project`
    Copy to Clipboard Toggle word wrap

  5. Create a velero IAM service account: 

    $ gcloud iam service-accounts create velero \
    --display-name "Velero Storage"
    Copy to Clipboard Toggle word wrap

  6. Create the SERVICE_ACCOUNT_EMAIL variable: 

    $ SERVICE_ACCOUNT_EMAIL=`gcloud iam service-accounts list \
  --filter="displayName:Velero Storage" \
  --format 'value(email)'`
    Copy to Clipboard Toggle word wrap

  7. Create the ROLE_PERMISSIONS variable: 

    $ ROLE_PERMISSIONS=(
    compute.disks.get
    compute.disks.create
    compute.disks.createSnapshot
    compute.snapshots.get
    compute.snapshots.create
    compute.snapshots.useReadOnly
    compute.snapshots.delete
    compute.zones.get
)
    Copy to Clipboard Toggle word wrap

  8. Create the velero.server custom role: 

    $ gcloud iam roles create velero.server \
    --project $PROJECT_ID \
    --title "Velero Server" \
    --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
    Copy to Clipboard Toggle word wrap

  9. Add IAM policy binding to the project: 

    $ gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
    --role projects/$PROJECT_ID/roles/velero.server
    Copy to Clipboard Toggle word wrap

  10. Update the IAM service account: 

    $ gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
    Copy to Clipboard Toggle word wrap

  11. Save the IAM service account keys to the credentials-velero file in the current directory: 

    $ gcloud iam service-accounts keys create credentials-velero \
  --iam-account $SERVICE_ACCOUNT_EMAIL
    Copy to Clipboard Toggle word wrap

4.3.4. Configuring Microsoft Azure Blob
링크 복사

You can configure a Microsoft Azure Blob storage container as a replication repository for the Migration Toolkit for Containers (MTC).

Prerequisites

  • You must have an Azure storage account.
  • You must have the Azure CLI installed.
  • The Azure Blob storage container must be accessible to the source and target clusters.

  • If you are using the snapshot copy method:

    • The source and target clusters must be in the same region.
    • The source and target clusters must have the same storage class.
    • The storage class must be compatible with snapshots.

Procedure

  1. Set the AZURE_RESOURCE_GROUP variable: 

    $ AZURE_RESOURCE_GROUP=Velero_Backups
    Copy to Clipboard Toggle word wrap

  2. Create an Azure resource group: 

    $ az group create -n $AZURE_RESOURCE_GROUP --location <CentralUS>
    1
    Copy to Clipboard Toggle word wrap
    1
    Specify your location.

  3. Set the AZURE_STORAGE_ACCOUNT_ID variable: 

    $ AZURE_STORAGE_ACCOUNT_ID=velerobackups
    Copy to Clipboard Toggle word wrap

  4. Create an Azure storage account: 

    $ az storage account create \
  --name $AZURE_STORAGE_ACCOUNT_ID \
  --resource-group $AZURE_RESOURCE_GROUP \
  --sku Standard_GRS \
  --encryption-services blob \
  --https-only true \
  --kind BlobStorage \
  --access-tier Hot
    Copy to Clipboard Toggle word wrap

  5. Set the BLOB_CONTAINER variable: 

    $ BLOB_CONTAINER=velero
    Copy to Clipboard Toggle word wrap

  6. Create an Azure Blob storage container: 

    $ az storage container create \
  -n $BLOB_CONTAINER \
  --public-access off \
  --account-name $AZURE_STORAGE_ACCOUNT_ID
    Copy to Clipboard Toggle word wrap

  7. Create a service principal and credentials for velero: 

    $ AZURE_SUBSCRIPTION_ID=`az account list --query '[?isDefault].id' -o tsv` \
  AZURE_TENANT_ID=`az account list --query '[?isDefault].tenantId' -o tsv` \
  AZURE_CLIENT_SECRET=`az ad sp create-for-rbac --name "velero" --role "Contributor" --query 'password' -o tsv` \
  AZURE_CLIENT_ID=`az ad sp list --display-name "velero" --query '[0].appId' -o tsv`
    Copy to Clipboard Toggle word wrap

  8. Save the service principal credentials in the credentials-velero file: 

    $ cat << EOF  > ./credentials-velero
AZURE_SUBSCRIPTION_ID=${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID=${AZURE_TENANT_ID}
AZURE_CLIENT_ID=${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET}
AZURE_RESOURCE_GROUP=${AZURE_RESOURCE_GROUP}
AZURE_CLOUD_NAME=AzurePublicCloud
EOF
    Copy to Clipboard Toggle word wrap
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat