LogoLogo
T4O-4.3
T4O-4.3
  • About Trilio for OpenStack
  • Trilio for OpenStack Architecture
  • Trilio 4.3 Release Notes
    • T4O 4.3.0 (GA)
    • T4O 4.3.1
    • T4O 4.3.2
  • Deployment Guide
    • Compatibility Matrix
    • Requirements
    • Trilio network considerations
    • Preparing the installation
    • Spinning up the Trilio VM
    • Installing Trilio Components
      • Installing on RHOSP
      • Installing on Canonical OpenStack
      • Installing on Kolla Openstack
      • Installing on Ansible Openstack
      • Installing on TripleO Train
    • Configuring Trilio
    • Apply the Trilio license
    • Advanced Ceph configurations
      • Additions for multiple CEPH configurations
      • Additions for multiple Ceph users
    • Post Installation Health-Check
    • Uninstall Trilio
      • Uninstalling from RHOSP
      • Uninstalling from Canonical OpenStack
      • Uninstalling from Kolla OpenStack
      • Uninstalling from Ansible OpenStack
    • Upgrade Trilio
      • Upgrading on RHOSP
      • Upgrading on Canonical OpenStack
      • Upgrading on Kolla OpenStack
      • Upgrading on Ansible OpenStack
      • Upgrading on TripleO Train [CentOS7]
      • Upgrade Trilio Appliance
    • Upgrade OpenStack
      • TrilioVault Upgrade Upon RHOSP cloud Upgrade
    • Workload Encryption with Barbican
    • Multi-IP NFS Backup target mapping file configuration
    • Enabling T4O 4.1 or older backups when using NFS backup target
    • Install workloadmgr CLI client
    • Switch Backup Target on Kolla-ansible
    • Switch NFS Backing file
  • Trilio Appliance Administration Guide
    • Set Trilio GUI login banner
    • Trilio Appliance Dashboard
    • Set network accessibility of Trilio GUI
    • Reconfigure the Trilio Cluster
    • Change the Trilio GUI password
    • Reset the Trilio GUI password
    • Reinitialize Trilio
    • Download Trilio logs
    • Change Certificates used by Trilio
    • Restart Trilio Services
    • Shutdown/Restart the Trilio cluster
    • Clean up Trilio database
  • User Guide
    • Workloads
    • Snapshots
    • Restores
    • File Search
    • Snapshot Mount
    • Schedulers
    • E-Mail Notifications
  • Admin Guide
    • Backups-Admin Area
    • Workload Policies
    • Workload Quotas
    • Managing Trusts
    • Workload Import & Migration
    • Disaster Recovery
      • Example runbook for Disaster Recovery using NFS
    • Migrating encrypted Workloads
    • Rebasing existing workloads
  • Troubleshooting
    • Frequently Asked Questions
    • General Troubleshooting Tips
    • Using the workloadmgr CLI tool on the Trilio Appliance
    • Healthcheck of Trilio
    • Important log files
  • API GUIDE
    • Workloads
    • Snapshots
    • Restores
    • File Search
    • Snapshot Mount
    • Schedulers
    • E-Mail Notification Settings
    • Workload Policies
    • Workload Quotas
    • Managing Trusts
    • Workload Import and Migration
Powered by GitBook
On this page
  • Same cloud - different owner
  • Different cloud

Was this helpful?

Export as PDF
  1. Admin Guide

Migrating encrypted Workloads

Same cloud - different owner

Migration within the same cloud to a different owner Cloud A — Domain A — Project A — User A => Cloud A — Domain A — Project A — User B Cloud A — Domain A — Project A — User A => Cloud A — Domain A — Project B — User B Cloud A — Domain A — Project A — User A =>Cloud A — Domain B — Project B — User B

Steps used:

  1. Create a secret for Project A in Domain A via User A.

  2. Create encrypted workload in Project A in Domain A via User A. Take snapshot.

  3. Reassign workload to new owner

  4. Load rc file of User A & provide read only rights through acl to the new owner

    openstack acl user add --user <userB_id> <secret_href> --insecure

Different cloud

Migration between clouds Cloud A — Domain A — Project A — User A => Cloud B — Domain B — Project B — User B

Steps used:

  1. Create a secret for Project A in Domain A via User A.

  2. Create an encrypted workload in Project A in Domain A via User A. Trigger snapshot.

  3. Reassign workload to Cloud B - Domain B — Project B — User B

  4. Load RC file of User B.

  5. Create a secret for Project B in Domain B via User B with the same payload used in Cloud A.

  6. Create token via “openstack token issue --insecure”

  7. Add migrated workload's metadata to the new secret (provide issued token to Auth-Token & workload id to matadata as below)

curl -i -X PUT \
   -H "X-Auth-Token:gAAAAABh0ttjiKRPpVNPBjRjZywzsgVton2HbMHUFrbTXDhVL1w2zCHF61erouo4ZUjGyHVoIQMG-NyGLdR7nexmgOmG7ed66LJ3IMVul1LC6CPzqmIaEIM48H0kc-BGvhV0pvX8VMZiozgFdiFnqYHPDvnLRdh7cK6_X5dw4FHx_XPmkhx7PsQ" \
   -H "Content-Type:application/json" \
   -d \
'{
  "metadata": {
      "workload_id": "c13243a3-74c8-4f23-b3ac-771460d76130",
      "workload_name": "workload-c13243a3-74c8-4f23-b3ac-771460d76130"
    }
}' \
 'https://kolla-victoria-ubuntu20-1.triliodata.demo:9311/v1/secrets/f3b2fce0-3c7b-4728-b178-7eb8b8ebc966/metadata'
 
 
curl -i -X GET \
   -H "X-Auth-Token:gAAAAABh0ttjiKRPpVNPBjRjZywzsgVton2HbMHUFrbTXDhVL1w2zCHF61erouo4ZUjGyHVoIQMG-NyGLdR7nexmgOmG7ed66LJ3IMVul1LC6CPzqmIaEIM48H0kc-BGvhV0pvX8VMZiozgFdiFnqYHPDvnLRdh7cK6_X5dw4FHx_XPmkhx7PsQ" \
 'https://kolla-victoria-ubuntu20-1.triliodata.demo:9311/v1/secrets/f3b2fce0-3c7b-4728-b178-7eb8b8ebc966/metadata'
PreviousExample runbook for Disaster Recovery using NFSNextRebasing existing workloads

Last updated 1 year ago

Was this helpful?