T4O-5.1
Search
K

Migrating encrypted Workloads

Same cloud - different owner

Migration within the same cloud to a different owner Cloud A — Domain A — Project A — User A => Cloud A — Domain A — Project A — User B Cloud A — Domain A — Project A — User A => Cloud A — Domain A — Project B — User B Cloud A — Domain A — Project A — User A =>Cloud A — Domain B — Project B — User B
Steps used:
  1. 1.
    Create a secret for Project A in Domain A via User A.
  2. 2.
    Create encrypted workload in Project A in Domain A via User A. Take snapshot.
  3. 3.
    Reassign workload to new owner
  4. 4.
    Load rc file of User A & provide read only rights through acl to the new owner
    openstack acl user add --user <userB_id> <secret_href> --insecure

Different cloud

Migration between clouds Cloud A — Domain A — Project A — User A => Cloud B — Domain B — Project B — User B
Steps used:
  1. 1.
    Create a secret for Project A in Domain A via User A.
  2. 2.
    Create an encrypted workload in Project A in Domain A via User A. Trigger snapshot.
  3. 3.
    Reassign workload to Cloud B - Domain B — Project B — User B
  4. 4.
    Load RC file of User B.
  5. 5.
    Create a secret for Project B in Domain B via User B with the same payload used in Cloud A.
  6. 6.
    Create token via “openstack token issue --insecure”
  7. 7.
    Add migrated workload's metadata to the new secret (provide issued token to Auth-Token & workload id to matadata as below)
curl -i -X PUT \
-H "X-Auth-Token:gAAAAABh0ttjiKRPpVNPBjRjZywzsgVton2HbMHUFrbTXDhVL1w2zCHF61erouo4ZUjGyHVoIQMG-NyGLdR7nexmgOmG7ed66LJ3IMVul1LC6CPzqmIaEIM48H0kc-BGvhV0pvX8VMZiozgFdiFnqYHPDvnLRdh7cK6_X5dw4FHx_XPmkhx7PsQ" \
-H "Content-Type:application/json" \
-d \
'{
"metadata": {
"workload_id": "c13243a3-74c8-4f23-b3ac-771460d76130",
"workload_name": "workload-c13243a3-74c8-4f23-b3ac-771460d76130"
}
}' \
'https://kolla-victoria-ubuntu20-1.triliodata.demo:9311/v1/secrets/f3b2fce0-3c7b-4728-b178-7eb8b8ebc966/metadata'
curl -i -X GET \
-H "X-Auth-Token:gAAAAABh0ttjiKRPpVNPBjRjZywzsgVton2HbMHUFrbTXDhVL1w2zCHF61erouo4ZUjGyHVoIQMG-NyGLdR7nexmgOmG7ed66LJ3IMVul1LC6CPzqmIaEIM48H0kc-BGvhV0pvX8VMZiozgFdiFnqYHPDvnLRdh7cK6_X5dw4FHx_XPmkhx7PsQ" \
'https://kolla-victoria-ubuntu20-1.triliodata.demo:9311/v1/secrets/f3b2fce0-3c7b-4728-b178-7eb8b8ebc966/metadata'