1 of 70

T4O-4.0

About Trilio for Openstack

Trilio, by TrilioData, is a native OpenStack service that provides policy-based comprehensive backup and recovery for OpenStack workloads. The solution captures point-in-time workloads (Application, OS, Compute, Network, Configurations, Data and Metadata of an environment) as full or incremental snapshots. These snapshots can be held in a variety of storage environments including NFS AWS S3 compatible storage. With Trilio and its single click recovery, organizations can improve Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). With Trilio, IT departments are enabled to fully deploy OpenStack solutions and provide business assurance through enhanced data retention, protection and integrity.

With the use of Trilio’s VAST (Virtual Snapshot Technology), Enterprise IT and Cloud Service Providers can now deploy backup and disaster recovery as a service to prevent data loss or data corruption through point-in-time snapshots and seamless one-click recovery. Trilio takes point-in-time backup of the entire workload consisting of compute resources, network configurations and storage data as one unit. It also takes incremental backups that only captures the changes that were made since last backup. Incremental snapshots save time and storage space as the backup only includes changes since the last backup. The benefits of using VAST for backup and restore could be summarized as below:

Efficient capture and storage of snapshots. Since our full backups only include data that is committed to storage volume and the incremental backups only include changed blocks of data since last backup, our backup processes are efficient and storages backup images efficiently on the backup media
Faster and reliable recovery. When your applications become complex that snap multiple VMs and storage volumes, our efficient recovery process will bring your application from zero to operational with just click of button
Easy migration of workloads between clouds. Trilio captures all the details of your application and hence our migration includes your entire application stack without leaving any thing for guess work.
Through policy and automation lower the Total Cost of Ownership. Our tenant driven backup process and automation eliminates the need for dedicated backup administrators, there by improves your total cost of ownership.

Trilio for Openstack Architecture

Backup-as-a-Service

Trilio is an add on service to OpenStack cloud infrastructure and provides backup and disaster recovery functions for tenant workloads. Trilio is very similar to other openstack services including nova, cinder, glance, etc and adheres to all tenets of OpenStack. It is a stateless service that scales with your cloud.

Main Components

Trilio has four main software components:

Trilio ships as a QCOW2 image. User can instantiate one or more VMs from the QCOW2 image on a standalone KVM boxes.
Trilio API is a python module that is installed on all OpenStack controller nodes where the nova-api service is running.
Trilio Datamover is a python module that is installed on every OpenStack compute nodes

Service Endpoints

Trilio is both a provider and consumer into OpenStack ecosystem. It uses other OpenStack services such as nova, cinder, glance, neutron, and keystone and provides its own service to OpenStack tenants. To accomodate all possible OpenStack deployments, Trilio can be configured to use either public or internal URLs of services. Likewise Trilio provides its own public, internal and admin URLs.

Network Topology

This figure represents a typical network topology. Trilio exposes its public URL endpoint on public network and Trilio virtual appliances and data movers typically use either internal network or dedicated backup network for storing and retrieving backup images from backup store.

Trilio 4.0 Release Notes

Trilio release 4.0 introduces new features and capabilities including

Openstack Train support
Trilio Openstack Quota integration
Openstack CLI integration
CLI restore of networks only
CLI restore of security groups only
Disk integrity check after Snapshots
Performance Enhancements for big environments
Enablement of rolling upgrades

Trilio 4.0.92 is the GA release of Trilio 4.0 Trilio 4.0.115 is the first patch release of Trilio 4.0.

Openstack Train support

Trilio 4.0 continues to enable Openstack versions and Distributions, allowing Trilio customers to stay up to date with Openstack releases.

Trilio 4.0 introduces full support for Openstack Train over the four supported Distributions. In addition, does Trilio 4.0 of course support longterm releases, giving Openstack users of those releases the possibility to use the latest Trilio functionalities.

Trilio Openstack Quota integration

Trilio for Openstack integrates natively with Openstack and we are happy to announce, that Trilio made another important step.

With the possibility to create Project quotas for Workloads, VMs and Storage usage can Openstack administrators now clearly control how Trilio is used by any tenant.

Combining the Quota feature with the already available policies enables Openstack administrators to define exactly what an Openstack Project can do or can't do with Trilio.

Openstack CLI integration

Trilio has been using its very own Python based CLI client, the workloadmgr client.

This client has followed the Openstack standards for CLI clients and is now again following the established standards, which integrated all Python Openstack clients into a single Openstack Python CLI client.

Trilio 4.0 enables the usage of the Openstack client for the most common commands required during the daily work with Trilio.

CLI restore of networks and security groups only

Trilio restore possibilities allowed to restore any VM and its attached resources as required. Still it was always necessary to restore the complete VM to get the networks or security groups tied to that VM or backup.

Trilio 4.0 introduces the possibility to restore only the networks or security groups directly from the CLI.

Disk integrity check after a backup

Trilio always protected the integrity of any Snapshots. However, when Trilio identified a failure in the integrity did the backup job fail and not only was the Snapshot with a failed integrity lost but the following backups as well.

To overcome this limitation did Trilio enhance the already available disk integrity check and implemented it at the end of each Snapshot. When it is detected that a Snapshot disk integrity is not provided, will the next Snapshot automatically be a full Snapshot.

That way ensuring that future backups are again having a reliable disk integrity.

Performance enhancements for big environments

With the success of Trilio around the world was it only a question of time until Trilio would be tested against a real big environment with thousands of API calls per second.

We are happy to say that our solution did keep up to the task, but it still showed potential to improve even more. And that improvement comes with a small change on the Trilio Appliance, which allows the load-balancing of incoming API calls against a complete Trilio cluster, instead of a master node.

Enablement of rolling upgrades and updates

Trilio has been part of some Openstack environments for years, going through the process of updating and upgrading together with the environment and stand alone.

This upgrade process so far was always a complete uninstallation and reinstallation of the Trilio solution, which was very time consuming and frustrating for Openstack Administrators.

Trilio 4.0 changed the way the Trilio Appliance is build to allow to update and upgrade of the complete Trilio solution.

The exact process will be announced together with the first patch release of Trilio 4.0.

Known Issues

This release contains the following known issues which are tracked for a future update.

Workloadmgr Quota feature does not support RHOSP13 & Canonical Queens Horizon

The workloadmgr Quota feature is still fully supported through CLI.

[Openstack Ansible] snapshot mount failed with error 'Permission denied'

Observation:

It has been observed that on non-kolla, non-rhosp setups, such as openstack ansible, nova user id is not same as we consider as default(162).
Another observation is that, the id which is assigned to nova, was conflicting with id of system user in TVM, this created a situation where we had to redeploy Openstack.

Workaround:

Update permissions of /var/triliovault-mounts to 755

Snapshots are getting stuck when wlm-workloads service stops during a backup process

Observation:

When wlm-workloads service gets stopped on the node with an active snapshot process does the process get stuck without erroring.

Workaround:

Restart wlm-workloads service on Trilio cluster, snapshot will throw error.

[Volume Backup Exclude] Excluded Ceph Volume after restore not mountable or formatable

Observation:

VM Volumes stored on Ceph are successfully excluded from backup if desired
Restore does create empty Ceph Volume
created empty Ceph Volume is not attachable or formatable

Restored VMs have blank metadata config_drive attached

Observation:

For every restore will the metadata config_drive be set as blank value
No impact on restored VMs known

Workaround

delete metadata config_drive
or set desired value

Scheduler trust not getting imported together with workload

Observation:

Workload gets imported successfully
original User and Project still exist (ownership stays same)
All schedulers trusts are defined as disabled

Workaround:

Edit any (just 1) workload, modify the scheduler policy and submit
trust will be recreated

TVM reconfig fails when adding new Trilio VM to the cluster

Observation:

TVault re-configuration while adding nodes to existing TVM cluster fails at "Configuring Trilio Cluster"
Reason is that the prev mysql password was not working and mysql root access has be reset.

Workaround:

remove /root/.my.cnf file on already configured TVM and reconfigure it

Database does not sync after Trilio cluster gets new nodes

Observation:

After TVault re-configuration post addition of 2 more nodes to existing TVM cluster ("import workloads" was not seleted), the databases do not sync against already existing TVM.
It is expected that while adding the 2 new nodes, the db on node1 should get synced up with 2 new nodes and the existing workloads should be available post the reconfig on the new 3 node TVM cluster.

Workaround:

Run workload import from CLI

Workload scheduler gets disabled after primary node goes down

Observation:

Deactivating the primary node of a TVM cluster deactivates scheduler of associated workloads.

Workaround:

restart wlm-cron service on new primary node

[exclude_boot_disk] Data on boot disk gets backed up despite exclusion

Observation:

VM was set with metadata exclude_boot_disk_from_backup set to true
Restored instance showed, that data was backed up and restored

Post workload reassignment, scheduler trust gets disabled even if Established before reassignment

Observation:

Workload with scheduler trust established gets reassigned to new project
scheduler trust is getting disabled

Workaround:

Edit the workload to enable scheduler

Additional parameters required in rc file to run wlm commands from openstack cli

Observation:

using workloadmgr commands with Openstack CLI still requires OS_TENANT_ID and OS_USER_DOMAIN_ID

Workaround:

edit rc file and add required fields

Deployment Guide

Support Matrix

Trilio 4.0 GA

Openstack Distribution

NFS Support

S3 Support

Deployment

Requirements

Trilio has four main software components:

Trilio ships as a QCOW2 image. User can instantiate one or more VMs from the QCOW2 image on a standalone KVM boxes.
Trilio API is a python module that is an extension to nova api service. This module is installed on all OpenStack controller nodes
Trilio Datamover is a python module that is installed on every OpenStack compute nodes
Trilio horizon plugin is installed as an add on to horizon servers. This module is installed on every server that runs horizon service.

System requirements Trilio Appliance

The Trilio Appliance is not supported as an instance inside Openstack.

The Trilio Appliance gets delivered as a qcow2 image, which gets attached to a virtual machine.

Trilio supports KVM-based hypervisors on x86 architectures, with the following properties:

Software

Supported

The recommended size of the VM for the Trilio Appliance is:

When running Trilio in production, a 3-node cluster of the Trilio appliance is recommended for high availability and load balancing.

Ressource

Value

The qcow2 image itself defines the 40GB disk size of the VM.

In the rare case of the Trilio Appliance database or log files getting larger than 40GB disk, contact or open a ticket with Trilio Customer Success to attach another drive to the Trilio Appliance.

2.3. Software Requirements

In addition to the Trilio Appliance does Trilio contain components, which are installed directly into the Openstack itself.

Each Openstack distribution comes with a set of supported operating systems. Please check the to see, which Openstack Distribution is supported with which Operating System.

Additional it is necessary to have the nfs-common packages installed on the compute nodes in case of using the NFS protocol for the backup target.

Preparing the installation

It is recommended to think about the following elements prior to the installation of Trilio for Openstack.

Tenant Quotas

Trilio uses Cinder snapshots for calculating full and incremental backups. For full backups, Trilio creates Cinder snapshots for all the volumes in the backup job. It then leaves these Cinder snapshots behind for calculating the incremental backup image during next backup. During an incremental backup operation it creates new Cinder snapshots, calculates the changed blocks between the new snapshots and the old snapshots that were left behind during full/previous backups. It then deletes the old snapshots but leaves the newly created snapshots behind. So, it is important that each tenant who is availing Trilio backup functionality has sufficient Cinder snapshot quotas to accommodate these additional snapshots. The guideline is to add 2 snapshots for every volume that is added to backups to volume snapshot quotas for that tenant. You may also increase the volume quotas for the tenant by the same amount because Trilio briefly creates a volume from snapshot to read data from the snapshot for backup purposes. During a restore process, Trilio creates additional instances and Cinder volumes. To accommodate restore operations, a tenant should have sufficient quota for Nova instances and Cinder volumes. Otherwise restore operations will result in failures.

AWS S3 eventual consistency¶

AWS S3 object consistency model includes:

Read-after-write
Read-after-update
Read-after-delete

Each of them describes how an object will reach its consistent state after an object is created/updated or deleted. None of them provides strong consistency and there is a lag time for an object to reach the consistent state. Though Trilio employed mechanisms to work around the limitations of eventual consistency of AWS S3, when an object reach its consistency state is not deterministic. There is no official statement from AWS on how long it takes for an object to reach consistent state. However read-after-write has a shorter time to reach consistency compared to other IO patterns. Our solution is designed to maximize read-after-write IO pattern. The time in which an object reaches eventual consistency also depends on the AWS region. For example, aws-standard region does not have strong consistency model compared to us-east or us-west. We suggest to use these regions when creating s3 buckets for Trilio. Though read-after-update IO pattern is hard to avoid completely, we employed ample delays in accessing objects to accommodate larger durations for objects to get into consistent state. However in rare occasions, backups may still fail and need to restarted.

Trilio Cluster¶

Trilio can be deployed as a single node or a three node cluster. It is highly recommended that Trilio is deployed as three node cluster for fault tolerance and load balancing. Starting with 3.0 release, Trilio requires additional IP for cluster and is required for both single node and three node deployments. Cluster ip a.k.a virtual ip is used for managing cluster and is used to register Trilio service endpoint in the keystone sevice catalog.

Installing Trilio Components

Once the Trilio VM or the Cluster of Trilio VMs has been spun, the actual installation process can begin. This process contains of the following steps:

Install the Trilio dm-api service on the control plane
Install the Trilio datamover service on the compute plane
Install the Trilio Horizon plugin into the Horizon service

How these steps look in detail is depending on the Openstack distribution Trilio is installed in. Each supported Openstack distribution has its own deployment tools. Trilio is integrating into these deployment tools to provide a native integration from the beginning to the end.

Installing on Canonical Openstack Queens and Train

Trilio and Canonical have started a partnership to ensure a native deployment of Trilio using JuJu Charms.

Those JuJu Charms are publicly available as Open Source Charms.

The charms are currently listed as tech-preview. They will be fully supported by Canonical with the next charm release.

Canonical Openstack doesn't require the Trilio Cluster. The required services are installed and managed via JuJu Charms.

The following charms exist:

➡️ Installs and manages Trilio Controller services.
➡️Installs and manages the Trilio Datamover API service.
➡️

The documentation of the charms can be found here:

Installing on Kolla Train

Change the nova user id on the Trilio Nodes

In Kolla, 'nova' user id on nova-compute docker container is set to '42436'. The 'nova' user id on the Trilio nodes need to be set the same. Do the following steps on all compute nodes:

Download the shell script that will change the user id
Assign executable permissions
Execute the script
Verify that 'nova' user and group id has changed to '42436'

Deploy Trilio Datamover API on all Openstack controller nodes

Trilio Datamover Api container should be deployed on all nodes where nova_api container is running. In standard deployment, we can call these nodes as OpenStack controller nodes.

Pull TrilioVaullt Datamover API container image

The very first step is to pull the container image from docker.io.

Example command for train openstack on ubuntu platform with triliovault 4.0 GA release: docker pull docker.io/trilio/ubuntu-source-trilio-datamover-api:4.0.92-train

Create the Trilio Datamover API configuration

In this part of the process is the configuration file for the Trilio Datamover API created.

The following steps need to be done:

Create config directory
get default config file dmapi.conf
edit dmapi.conf

Create config directory for trilio-datamover-api service

Get the trilio-datamover-api default config file

Edit dmapi.conf

The dmapi.conf located in /etc/kolla/trilio-datamover-api/ needs to be edited to adjust to the Openstack environment.

Nearly all required values can be copied from the nova.conf located at: /etc/kolla/nova-api/

Follow comments inside the dmapi.conf to learn which parameters are the minimum needed.

An example dmapi.conf can be seen here:

Copy nova.conf of nova-api service to trilio-datamover-api directory

Create trilio-datamover-api log directory

For CentOS, we need nova user ownership on datamover api log directory where as for Ubuntu, we need dmapi user's ownership on datmover api log directory.

Add trilio-datamover-api to haproxy.cfg

Run trilio-datamover-api container

Now the trilio-datamover-api container can be deployed and started.

Verify deployment of trilio-datamover-api container

To verify the deployment was successful check the container status using docker ps.

Deploy Trilio Datamover container on all Compute nodes

Trilio Datamover container should be deployed on all nodes where nova_compute container is running. In standard deployment, we can call these nodes as openstack compute nodes.

At this stage it is necessary to know if the deployment shall use NFS or S3 protocol for the backup target.

Pull Trilio Datamover container

The very first step is to pull the container image from docker.io.

Example command for train openstack on ubuntu platform with Trilio 4.0 GA release: docker pull docker.io/trilio/ubuntu-source-trilio-datamover:4.0.92-train

Create the Trilio Datamover configuration

In this part of the process is the configuration file for the Trilio Datamover created.

The following steps need to be done:

Create config directory
copy nova.conf to config directory
get default config file tvault-contego.conf

Create service config directory for trilio-datamover service

Copy nova.conf of nova-compute service to trilio-datamover config directory

Get the trilio-datamover default config file

Edit tvault-contego.conf

Edit /etc/kolla/trilio-datamover/tvault-contego.conf config file to provide NFS/S3 details as per backup storage selected.

In case of NFS backup target, only nfs share details need to provided. No other conf parameters need to edit, unless you know the details of it.

Create trilio-datamover log directory

If Ceph is used for Nova/Cinder Storage

If ceph is getting used for cinder/nova, the correct permissions for ceph.conf and keyrings files need to be assigned. The trilio_datamover container will be using ceph.conf and keyring files with the 'nova' user.

If nova/cinder backend is ceph, you need to add ceph user and keyring details to /etc/kolla/trilio-datamover/tvault-contego.conf file. Add the following sections to the tvault-contego.conf file. In the provided example is ceph's 'cinder' user configured to use for trilio read/write operations.

Mount /etc/ceph on trilio_datamover container in read only mode. Check docker run command provided in the next step. The ceph user (example -'cinder') should have read and write permissions on ceph pool used for nova/cinder backend. Verify nova user (uid - 42436) on trilio_datamover container is able to read ceph user's keyring file and ceph.conf after mounting /etc/ceph on the container. Set appropriate permissions for /etc/ceph/ files on the host itself.

Run trilio-datamover container

If the cloud does not use 'ceph' storage for nova/cinder, remove '/etc/ceph' volume mount option from below commands.

Verify deployment of trilio-datamover container

To verify the deployment was successful check the container status using docker ps.

Installing Trilio Horizon plugin

Trilio Horizon plugin needs to be installed inside the OpenStack horizon container. Once installed, the Trilio dashboard will be visible in OpenStack Horizon.

The following steps need to be done:

Download installation shell script
Run the shell script
Edit Horizon settings

Download the installation shell script

To download the shell script directly into the Horizon container do:

Run the shell script and restart Horizon container

You have to run the script inside the Horizon container as root.

Run the shell script and restart horizon container. This will restart apache service, which may enforce a log out of the container.

Edit Horizon settings

The following line needs to be aded in 'local_settings' of Openstack's Horizon file to enable workloadmanager quota feature in the Horizon dashboard.

Restart the Horizon container

To enable the done changes restart the Horizon container

Known issues for Horizon plugin installation

If OpenStack is based on 'Centos' platform

This issue has not been observed in all CentOS based Kolla Train installations. Please verify before disabling grafana repository.

Grafana yum repository has an issue on the latest horizon containers of OpenStack (not Trilio). To confirm the issue, you can just run yum repolist, it will fail. Use the following command to disable the grafana repository.

If Openstack is based on Ubuntu platform

Trilio horizon install script will ask for horizon's openstack_dashboard directory path if it's not at the default location - /usr/shar/openstack-dashboard

For train ubuntu bionic, it's : /var/lib/kolla/venv/lib/python2.7/site-packages

If Trilio Horizon tabs are not accessible but Openstack Horizon works

If Trilio Horizon tabs are not accessible but OpenStack Horizon is working fine, make sure that endpoints for service 'TrilioVaultWLM' are created correctly. The root cause of this issue is typically, that SSL is enabled on all three endpoint types of 'TrilioVaultWLM' service.

If SSL is enable only on public 'keystone' service endpoints, then create 'TrilioVaultWLM' service endpoints in the same fashion. Endpoints for service 'TrilioVaultWLM' get created during step. If these endpoints need to be edited reconfigure the Trilio.

Enabling Snapshout Mount

To make 'snapshot mount' functionality work, the cloud administrator needs to complete the following steps.

Identify backup target mount point on Trilio VM
install nfs-common on nova_compute and nova_libvirt containers
Mount backup target nfs share on nova_compute and nova_libvirt containers

Identify backup target mount point in Trilio VM

The following command will provide the active mountpoint on the Trilio VM

This example gives the following information:

Backup target is NFS share: 192.168.1.33:/mnt/tvault Mountpoint is: /var/triliovault-mounts/MTkyLjE2OC4xLjMzOi9tbnQvdHZhdWx0

Install nfs-common on nova_compute and nova_libvirt containers

It is necessary to install nfs-common package on both nova_compute and nova_libvirt containers.

Mount the backup target nfs share on 'nova_compute' and 'nova_libvirt' container at exactly same mount point as done on triliovault VM.

Create the mountpoint directory as necessary.

Troubleshoot installation

If any triliovault container is stuck in restarting state the following logs can be checked.

Possible issues for trilio-datamover container failure are for example NFS mount issues or S3 credentials might be wrong. If it's Amazon S3, then network connectivity between compute node and AWS s3 is needed. The docker logs will clearly tell the exact error.

If the above logs do not help OR If containers running well but, backups fail, following service logs will help:

If the Trilio Horizon tabs are not visible on Openstack, verify the following:

Make sure trilio horizon plugin is installed on OpenStack horizon container
Trilio configuration step needs to be completed to see the triliovault dashboard on OpenStack
Make sure correct openstack_dashboard directory got provided and the triliovault horizon plugin files got successfully copied there.

Apply the Trilio license

After the Trilio VM has been configured and all components are installed can the license be applied.

The license can be applied either through the admin-tab in Horizon or the CLI

Apply license through Horizon

To apply the license through Horizon follow these steps:

Additions for multiple CEPH configurations

It is possible to configure Cinder to have multiple configurations and keyrings for CEPH.

In this case, the Trilio Datamover file needs to be extended with the CEPH information.

For Trilio to be able to work in such an environment it is required to put copies of each of these configurations and keyrings into a separate directory, which is then made known to the Trilio Datamover inside a [ceph] block in the tvault-contego.conf.

A tvault-contego.conf file with the extended [ceph] block would look like this.

[DEFAULT]

vault_storage_type = nfs
vault_storage_nfs_export = 192.168.1.34:/mnt/tvault/tvm5
vault_storage_nfs_options = nolock,soft,timeo=180,intr,lookupcache=none

vault_data_directory_old = /var/triliovault
vault_data_directory = /var/trilio/triliovault-mounts
log_file = /var/log/kolla/triliovault-datamover/tvault-contego.log
debug = False
verbose = True
max_uploads_pending = 3
max_commit_pending = 3

dmapi_transport_url = rabbit://openstack:[email protected]:5672,openstack:[email protected]:5672,openstack:[email protected]:5672//

[dmapi_database]
connection = mysql+pymysql://dmapi:x5nvYXnAn4rXmCHfWTK8h3wwShA4vxMq3gE2jH57@kolla-victoriaR-internal.triliodata.demo:3306/dmapi

[libvirt]
images_rbd_ceph_conf = /etc/ceph/ceph.conf
rbd_user = volumes

[ceph]
keyring_ext = .volumes.keyring
ceph_dir = /etc/ceph/directory1/,/etc/ceph/directory2/

[contego_sys_admin]
helper_command = sudo /usr/bin/privsep-helper

[conductor]
use_local = True

[oslo_messaging_rabbit]
ssl = false

[cinder]
http_retries = 10

Uninstall Trilio

You may want to decommission Trilio as a service for your OpenStack. In this approach, you may not have the need to keep backups that were created and you would like to do complete uninstall of the product.

Delete all instances of Trilio.
On nova controller node, uninstall tvault-contego-api module.
On each nova compute node, uninstall tvault-contego data mover.
Uninstall tvault-horizon-plugin from the horizon dashboard node
Login as Admin to horizon dashboard and delete triliovault user.
You can also clear all the contents from the NFS share or S3 bucket that is configured as backup target for Trilio.

Uninstall Trilio components in RHOSP16

To uninstall the Trilio components, you need modify the deploy command and update the cloud using the new command.

Remove the trilio_env_osp16.yaml and roles_data.yaml from overcloud deploy command and then run it. After the changes the overcloud deployment command will look like this:

Upgrade Trilio

Starting Trilio for Openstack 4.0 does Trilio for Openstack allow in-place upgrades.

The following versions can be upgraded to each other:

Old

New

The upgrade process contains upgrading the Trilio appliance and the Openstack components and is dependent on the underlying operating system.

Upgrade Trilio Appliance

Generic Pre-requisites

Please ensure to complete the upgrade of all the TVault components on Openstack controller & compute nodes before starting the rolling upgrade of TVM.
The mentioned gemfury repository should be accessible from TVault VM.
Please ensure the following points before starting the upgrade process:
- No snapshot OR restore to be running.
- Global job-scheduler should be disabled.
Take a backup of the conf files on all TVM nodes.

Activate the virtual environment on all TVM nodes.

Export new TVault version PYPI url:

Upgrade s3fuse/tvault-object-store

Run the following command on all TVM nodes to upgrade s3fuse and its dependent packages.

Upgrade tvault-configurator

Run the following command on all TVM nodes to upgrade tvault-configurator and its dependent packages.

Upgrade workloadmgr

Run the upgrade command on all TVM nodes to upgrade workloadmgr and its dependent packages (workloadmgrclient, contegoclient, etc)

Updating Config Parameters of specific services

Update wlm-cron service entries
- If Reconfigure is NOT planned, please perform following steps on all TVM nodes, else skip.
  - Update the following two parameters in wlm-cron.service systemd file (

Post Upgrade Steps

Restore the backed-up config files
Restart following services on all node(s) using respective commands
Enable Global Job Scheduler

Uploading the File Recovery Manager

Trilio allows you to view or download a file from the snapshot. Any changes to the files or directories when snapshot is mounted are temporary and are discarded when the snapshot is unmounted. Mounting is a faster way to restore a single or multiple files. To mount a snapshot follow these steps.

Trilio ships with a ubuntu based file manager image. This image includes a web based file manager application that helps with browsing and download files when snapshot is mounted. Before you create a File Manager instance, File Manager (a.k.a Recovery Manager) image needs to be uploaded to the Glance. The cloud administrator can upload the image to Glance and mark the image public so that every tenant will have access to the image. File Manager image includes a qemu guest agent. Trilio data mover communicates with the qemu agent to map backup images and discover file systems in the backup images. Since the file manager image includes qemu guest agent, the image should be uploaded to glance with property hw_qemu_guest_agent=yes so Nova will create a qmp channel when creating an instance from this image. Trilio horizon plugin uses a special property tvault_recovery_manager, when set to yes it will filter out instances that don’t have this property. If a tenant has a huge number of instances, setting this property on the image will help Trilio horizon plug-in present only the instances whose image has this property. In this release we only support launching File Manager instance with virtio bus so please set hw_disk_bus to virtio. Use the following command to upload the image to Glance and mark it as public image and set the property.

Trilio Appliance Administration Guide

Trilio Appliance Dashboard

The Trilio Appliance Dashboard gives an overview of the running services and their Status inside the Cluster.

It shows for each Trilio Appliance the Status of the following Trilio services:

wlm-workloads
wlm-scheduler
wlm-api

The wlm-scheduler and wlm-api run on only one Trilio appliance at all times. That they are shown inactive on other nodes is not an error

To give administrators an overview of the HA status, does the dashboard also show the service status for:

Pacemaker
RabbitMQ
MySQL Galeera Cluster

Reconfigure the Trilio Cluster

The Trilio appliance can be reconfigured at any time to adjust the Trilio cluster to any changes in the Openstack environment or the general backup solution.

To reconfigure the Trilio Cluster go to the "Configure". The configure page shows the current configuration of the TriloVault cluster.

The configuration page also gives access to the ansible playbooks of the last successful configuration.

To start the reconfiguration of the Trilio Cluster click "Reconfigure" at the end of the table.

Follow the guide afterwards.

Change the Trilio GUI password

To change the Trilio GUI password do:

Login into the Trilio Dashboard
Click on "admin" in the upper right corner to open the submenu
Choose "Reset Password"
Set the new Trilio password

Reset the Trilio GUI password

In case of the Trilio Dashboard being lost it can be resetted as long as SSH access to the appliance is available.

To reset the password to its default do the following:

[root@TVM1 ~]# source /home/stack/myansible/bin/activate
(myansible) [root@TVM1 ~]# cd /home/stack/myansible/lib/python3.6/site-packages/tvault_configurator
(myansible) [root@TVM1 tvault_configurator]# python recreate_conf.py
(myansible) [root@TVM1 tvault_configurator]# systemctl restart tvault-config

The dashboard login will be reset to:

Username: admin
Password: password

Reinitialize Trilio

The Trilio Appliance can be reinitialized, which will delete all workload related values from the Trilio database.

To reinitialize the Trilio Appliance do:

Login into the Trilio Dashboard
Click on "admin" in the upper right corner to open the submenu
Choose "Reinitialize"
Verify that you want to reinitialize the Trilio

Set the Trilio Openstack service password

Like all Openstack services is Trilio using a technical openstack user.

The password for this user can be changed through the Trilio web gui.

To change it use the Service Password option on the main menu.

User Guide

Schedulers

Definition

Every Workload has its own schedule. Those schedules can be activated, deactivated and modified.

A schedule is defined by:

Status (Enabled/Disabled)
Start Day/Time
End Day
Hrs between 2 snapshots

Disable a schedule

Using Horizon

To disable the scheduler of a single Workload in Horizon do the following steps:

Login to the Horizon
Navigate to Backups
Navigate to Workloads

Using CLI

--workloadid <workloadid> ➡️ Requires at least one workloadid, Specify an ID of the workload whose scheduler disables. Specify option multiple times to include multiple workloads. --workloadids <workloadid> --workloadids <workloadid>

Enable a schedule

Using Horizon

To disable the scheduler of a single Workload in Horizon do the following steps:

Login to the Horizon
Navigate to Backups
Navigate to Workloads

Using CLI

--workloadid <workloadid> ➡️ Requires at least one workloadid, Specify an ID of the workload whose scheduler disables. Specify option multiple times to include multiple workloads. --workloadids <workloadid> --workloadids <workloadid>

Modify a schedule

To modify a schedule the workload itself needs to be modified.

Please follow this procedure to .

Verify the scheduler trust is working

Trilio is using the which enables the Trilio service user to act in the name of another Openstack user.

This system is used during all backup and restore features.

Using Horizon

As a trust is bound to a specific user for each Workload does the Trilio Horizon plugin show the status of the Scheduler on the Workload list page.

Using CLI

<workload_id> ➡️ ID of the workload to validate

Admin Guide

Managing Trusts

Trilio is using the which enables the Trilio service user to act in the name of another Openstack user.

This system is used during all backup and restore features.

Openstack Administrators should never have the need to directly work with the trusts created.

Workload Import & Migration

Each Trilio Workload has a dedicated owner. The ownership of a Workload is defined by:

Openstack User - The Openstack User-ID is assigned to a Workload
Openstack Project - The Openstack Project-ID is assigned to a Workload

Disaster Recovery

Trilio Workloads are designed to allow a Desaster Recovery without the need to backup the Trilio database.

As long as the Trilio Workloads are existing on the Backup Target Storage and a Trilio installation has access to them, it is possible to restore the Workloads.

Disaster Recovery Process

and Trilio for the target cloud
Notify users to of Workloads being available

This procedure is designed to be applicable to all Openstack installations using Trilio. It is to be used as a starting point to develop the exact Desaster Recovery process of a specific environment.

In case that instead of noticing the users, the workloads shall be restored is it necessary to have an User in each Project, that has the necessary privileges to restore.

Mount-paths

Trilio incremental Snapshots involve a backing file to the prior backup taken, which makes every Trilio incremental backup a synthetic full backup.

Trilio is using qcow2 backing files for this feature:

As can be seen in the example is the backing file an absolute path, which makes it necessary, that this path exists so the backing files can be accessed.

Trilio is using the base64 hashing algorithm for the NFS mount-paths, to allow the configuration of multiple NFS Volumes at the same time. The hash value is calculated using the provided NFS path.

When the path of the backing file is not available on the Trilio appliance and Compute nodes, will the restores of incremental backups fail.

The tested and recommended method to make the backing files available is creating the required directory path and using mount --bind to make the path available for the backups.

Running the mount --bind command will make the necessary path available until the next reboot. If it is required to have access to the path beyond a reboot is it necessary to edit the fstab.

Troubleshooting

General Troubleshooting Tips

Troubleshooting inside a complex environment like Openstack can be very time-consuming. The following tipps will help to speed up the troubleshooting process to identify root causes.

What is happening where

Openstack and Trilio are divided into multiple services. Each service has a very specific purpose that is called during a backup or recovery procedure. Knowing which service is doing what helps to understand where the error is happening, allowing more focused troubleshooting.

Trilio cluster

The Trilio Cluster is the Controller of Trilio. It receives all Workload related requests from the users.

Every task of a backup or restore process is triggered and managed from here. This includes the creation of the directory structure and initial metadata files on the Backup Target.

During a backup process

During a backup process is the Trilio cluster also responsible to gather the metadata about the backed up VMs and networks from the Openstack environment. It is sending API calls towards the Openstack endpoints on the configured endpoint type to fetch this information. Once the metadata has been received does the Trilio Cluster write it as json files on the Backup Target.

The Trilio cluster is also sending the Cinder Snapshot command.

During a restore process

During restore process is the Trilio cluster reading the VM metadata from its Database and is using the metadata to create the Shell for the restore. It is sending API calls to the Openstack environment to create the necessary resources.

dmapi

The dmapi service is the connector between the Trilio cluster and the datamover running on the compute nodes.

The purpose of the dmapi service is to identify which compute node is responsible for the current backup or restore task. To do so is the dmapi service connecting to the nova api database requesting the compute hose of a provided VM.

Once the compute host has been identified is the dmapi forwarding the command from the Trilio Cluster to the datamover running on the identified compute host.

datamover

The datamover is the Trilio service running on the compute nodes.

Each datamover is responsible for the VMs running on top of its compute node. A datamover can not work with VMs running on a different compute node.

The datamover is controlling the freeze and thaw of VMs as well as the actual movement of the data.

Everything on the Backup Target is happening as user nova

Trilio is reading and writing on the Backup Target as nova:nova.

The POSIX user-id and group-id of nova:nova need to be aligned between the Trilio Cluster and all compute nodes. Otherwise backup or restores may fail with permission or file not found issues.

Alternativ ways to achieve the goal are possible, as long as all required nodes can fully write and read as nova:nova on the Backup Target.

It is recommended to verify the required permissions on the Backup Target in case of any errors during the data transfer phase or in case of any file permission errors.

Trilio Trustee Role

Trilio is using RBAC to allow the usage of Trilio features to users.

This trustee role is absolutely required and can not be overwritten using the admin role.

It is recommended to verify the assignment of the Trilio Trustee Role in case of any permission errors from Trilio during creation of Workloads, backups or restores.

Openstack Quotas

Trilio is creating Cinder Snapshots and temporary Cinder Volumes. The Openstack Quotas need to allow that.

Every disk that is getting backed up requires one temporary Cinder Volumes.

Every Cinder Volume that is getting backup requires two Cinder Snapshots. The second Cinder Snapshot is temporary to calculate the incremental.

Example RC file for workloadmgr CLI

unset OS_SERVICE_TOKEN
    export OS_USERNAME=user
    export OS_PASSWORD='password'
    export OS_REGION_NAME=RegionOne
    export OS_AUTH_URL=http://10.10.2.3:5000/v3
    export PS1='[\u@\h \W(keystone_user)]\$ '

export OS_PROJECT_NAME=user_project
export OS_PROJECT_ID=c76b3355a164498aa95ddbc960adc238
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3

Important log files

On the Trilio Nodes

The Trilio Cluster contains multiple log files.

The main log is workloadmgr-workloads.log, which contains all logs about ongoing and past Trilio backup and restore tasks. It can be found at:

/var/log/workloadmgr/workloadmgr-workloads.log

The next important log is the workloadmgr-api.log, which contains all logs about API calls received by the Trilio Cluster. It can be found at:

/var/log/workloadmgr/workloadmgr-api.log

The log for the remaining service is the workloadmgr-scheduler.log, which contains all logs about the internal job scheduling in the Trilio Cluster.

/var/log/workloadmgr/workloadmgr-scheulder.log

On the Controller node (nova-api extension)

The logs for the nova-api extension can be found here:

/var/log/nova/nova-api.log

On the Compute nodes (datamover)

The logs for the datamover can be found here:

/var/log/nova/tvault-contego.log

API GUIDE

Installing on Kolla Train

Change the nova user id on the Trilio Nodes

In Kolla, 'nova' user id on nova-compute docker container is set to '42436'. The 'nova' user id on the Trilio nodes need to be set the same. Do the following steps on all compute nodes:

Download the shell script that will change the user id
Assign executable permissions
Execute the script
Verify that 'nova' user and group id has changed to '42436'

Deploy Trilio Datamover API on all Openstack controller nodes

Trilio Datamover Api container should be deployed on all nodes where nova_api container is running. In standard deployment, we can call these nodes as OpenStack controller nodes.

Pull TrilioVaullt Datamover API container image

The very first step is to pull the container image from docker.io.

Example command for train openstack on ubuntu platform with triliovault 4.0 GA release: docker pull docker.io/trilio/ubuntu-source-trilio-datamover-api:4.0.92-train

Create the Trilio Datamover API configuration

In this part of the process is the configuration file for the Trilio Datamover API created.

The following steps need to be done:

Create config directory
get default config file dmapi.conf
edit dmapi.conf

Create config directory for trilio-datamover-api service

Get the trilio-datamover-api default config file

Edit dmapi.conf

The dmapi.conf located in /etc/kolla/trilio-datamover-api/ needs to be edited to adjust to the Openstack environment.

Nearly all required values can be copied from the nova.conf located at: /etc/kolla/nova-api/

Follow comments inside the dmapi.conf to learn which parameters are the minimum needed.

An example dmapi.conf can be seen here:

Copy nova.conf of nova-api service to trilio-datamover-api directory

Create trilio-datamover-api log directory

For CentOS, we need nova user ownership on datamover api log directory where as for Ubuntu, we need dmapi user's ownership on datmover api log directory.

Add trilio-datamover-api to haproxy.cfg

Run trilio-datamover-api container

Now the trilio-datamover-api container can be deployed and started.

Verify deployment of trilio-datamover-api container

To verify the deployment was successful check the container status using docker ps.

Deploy Trilio Datamover container on all Compute nodes

Trilio Datamover container should be deployed on all nodes where nova_compute container is running. In standard deployment, we can call these nodes as openstack compute nodes.

At this stage it is necessary to know if the deployment shall use NFS or S3 protocol for the backup target.

Pull Trilio Datamover container

The very first step is to pull the container image from docker.io.

Example command for train openstack on ubuntu platform with Trilio 4.0 GA release: docker pull docker.io/trilio/ubuntu-source-trilio-datamover:4.0.92-train

Create the Trilio Datamover configuration

In this part of the process is the configuration file for the Trilio Datamover created.

The following steps need to be done:

Create config directory
copy nova.conf to config directory
get default config file tvault-contego.conf

Create service config directory for trilio-datamover service

Copy nova.conf of nova-compute service to trilio-datamover config directory

Get the trilio-datamover default config file

Edit tvault-contego.conf

Edit /etc/kolla/trilio-datamover/tvault-contego.conf config file to provide NFS/S3 details as per backup storage selected.

In case of NFS backup target, only nfs share details need to provided. No other conf parameters need to edit, unless you know the details of it.

Create trilio-datamover log directory

If Ceph is used for Nova/Cinder Storage

Run trilio-datamover container

If the cloud does not use 'ceph' storage for nova/cinder, remove '/etc/ceph' volume mount option from below commands.

Verify deployment of trilio-datamover container

To verify the deployment was successful check the container status using docker ps.

Installing Trilio Horizon plugin

Trilio Horizon plugin needs to be installed inside the OpenStack horizon container. Once installed, the Trilio dashboard will be visible in OpenStack Horizon.

The following steps need to be done:

Download installation shell script
Run the shell script
Edit Horizon settings

Download the installation shell script

To download the shell script directly into the Horizon container do:

Run the shell script and restart Horizon container

You have to run the script inside the Horizon container as root.

Run the shell script and restart horizon container. This will restart apache service, which may enforce a log out of the container.

Edit Horizon settings

The following line needs to be aded in 'local_settings' of Openstack's Horizon file to enable workloadmanager quota feature in the Horizon dashboard.

Restart the Horizon container

To enable the done changes restart the Horizon container

Known issues for Horizon plugin installation

If OpenStack is based on 'Centos' platform

This issue has not been observed in all CentOS based Kolla Train installations. Please verify before disabling grafana repository.

If Openstack is based on Ubuntu platform

Trilio horizon install script will ask for horizon's openstack_dashboard directory path if it's not at the default location - /usr/shar/openstack-dashboard

For train ubuntu bionic, it's : /var/lib/kolla/venv/lib/python2.7/site-packages

If Trilio Horizon tabs are not accessible but Openstack Horizon works

Enabling Snapshout Mount

To make 'snapshot mount' functionality work, the cloud administrator needs to complete the following steps.

Identify backup target mount point on Trilio VM
install nfs-common on nova_compute and nova_libvirt containers
Mount backup target nfs share on nova_compute and nova_libvirt containers

Identify backup target mount point in Trilio VM

The following command will provide the active mountpoint on the Trilio VM

This example gives the following information:

Backup target is NFS share: 192.168.1.33:/mnt/tvault Mountpoint is: /var/triliovault-mounts/MTkyLjE2OC4xLjMzOi9tbnQvdHZhdWx0

Install nfs-common on nova_compute and nova_libvirt containers

It is necessary to install nfs-common package on both nova_compute and nova_libvirt containers.

Mount the backup target nfs share on 'nova_compute' and 'nova_libvirt' container at exactly same mount point as done on triliovault VM.

Create the mountpoint directory as necessary.

Troubleshoot installation

If any triliovault container is stuck in restarting state the following logs can be checked.

If the above logs do not help OR If containers running well but, backups fail, following service logs will help:

If the Trilio Horizon tabs are not visible on Openstack, verify the following:

Make sure trilio horizon plugin is installed on OpenStack horizon container
Trilio configuration step needs to be completed to see the triliovault dashboard on OpenStack
Make sure correct openstack_dashboard directory got provided and the triliovault horizon plugin files got successfully copied there.

Installing on RHOSP16.1

The Red Hat Openstack Platform Director is the supported and recommended method to deploy and maintain any RHOSP installation.

Trilio is integrating natively into the RHOSP Director. Manual deployment methods are not supported for RHOSP.

Prepare for deployment

Depending whether the RHOSP environment is already installed or is getting installed for the first time different steps are done to be able to deploy Trilio.

All commands need to be run as user 'stack'

The following command clones the Trilio configscripts github.

If your backup target is ceph S3 with SSL and SSL certificates are self signed or authorized by private CA, then user needs to provide CA chain certificate to validate the SSL requests. For that, user needs to rename his ca chain cert file to 's3-cert.pem' and copy it into directory - 'triliovault-cfg-scripts/redhat-director-scripts/redhat-director-scripts/puppet/trilio/files'

The following commands upload the Trilio puppet module to the overcloud registry. The actual upload happens upon the next deployment.

Update overcloud roles data file to include Trilio services

Trilio contains of multiple services. Add these services to your roles_data.yaml.

In case of uncostomized roles_data.yaml can the default file be found on the undercloud at:

/usr/share/openstack-tripleo-heat-templates/roles_data.yaml

Add the following services to the roles_data.yaml

Trilio Datamover Api Service

This service needs to share the same role as the nova-api service. In case of the pre-defined roles will the nova-api service run on the role Controller. In case of custom defined roles, it is necessary to use the role the nova-api service is using.

Add the following line to the identified role:

Trilio Datamover Service

This service needs to share the same role as the nova-compute service. In case of the pre-defined roles will the nova-compute service run on the role Compute. In case of custom defined roles, it is necessary to use the role the nova-compute service is using.

Add the following line to the identified role:

Prepare Trilio container images

All commands need to be run as user 'stack'

Trilio containers are pushed to 'RedHat Container Registry'. Registry URL: 'registry.connect.redhat.com'. Container pull urls are given below.

Trilio Datamover container: registry.connect.redhat.com/trilio/trilio-datamover:4.0.116-rhosp16.1 Trilio Datamover Api Container: registry.connect.redhat.com/trilio/trilio-datamover-api:4.0.116-rhosp16.1 Trilio horizon plugin: registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.0.116-rhosp16.1

There are three registry methods available in RedHat Openstack Platform.

Remote Registry
Local Registry
Satellite Server

Remote Registry

Follow this section when 'Remote Registry' is used.

For this method it is not necessary to pull the containers in advance. It is only necessary to populate the trilio_env.yaml file with the Trilio container URLs from Redhat registry.

Populate the trilio_env_osp16.yaml with container urls for:

Trilio Datamover container
Trilio Datamover api container
Trilio Horizon Plugin

trilio_env_osp16.yaml will be available in triliovault-cfg-scripts/redhat-director-scripts/

Local Registry

Follow this section when 'local registry' is used on the undercloud.

In this case it is necessary to pull the Trilio containers to the undercloud registry. Trilio provides shell scripts which will pull the containers from 'registry.connect.redhat.com' to the undercloud and updates the trilio_env_osp16.yaml with the values for the datamover and datamover api containers.

The script assumes that the undercloud container registry is running on port 8787. If the registry is running on a different port, the script needs to be adjusted manually.

The changes can be verified using the following commands.

Satellite Server

Follow this section when a Satellite Server is used for the container registry.

Pull the Trilio containers on the Red Hat Satellite using the given Red Hat registry URLs.

Populate the trilio_env_osp16.yaml with container urls for:

Trilio Datamover container
Trilio Datamover api container

Provide environment details in trilio-env_osp16.yaml

Provide backup target details and other necessary details in the provided environment file. This environment file will be used in the overcloud deployment to configure Trilio components. Container image names have already been populated in the preparation of the container images. Still it is recommended to verify the container URLs.

The following information are required additionally:

Network for the datamover api
Backup target type {nfs/s3}
In case of NFS

Deploy overcloud with trilio environment

Use the following heat environment file and roles data file in overcloud deploy command:

trilio_env_osp16.yaml
roles_data.yaml

To include new environment files use '-e' option and for roles data file use '-r' option. An example overcloud deploy command is shown below:

Verify deployment

If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. Please recheck if you followed the complete documentation.

On Controller node

Make sure Trilio dmapi and horizon containers are in a running state and no other Trilio container is deployed on controller nodes.

On Compute node

Make sure Trilio datamover container is in running state and no other Trilio container is deployed on compute nodes.

On the node with Horizon service

Make sure horizon container is in running state. Please note that 'Horizon' container is replaced with Trilio Horizon container. This container will have latest OpenStack horizon + Trilio's horizon plugin.

Configure Trilio Appliance

Once RHOSP16.1 Installation steps have completed successfully, follow the instructions below to now configure the Trilio Appliance.

Change the nova user id on the Trilio Nodes

In RHOSP, 'nova' user id on nova-compute docker container is set to '42436'. The 'nova' user id on the Trilio nodes need to be set the same. Do the following steps on all Trilio nodes:

Download the shell script that will change the user id
Assign executable permissions
Execute the script

Run the Trilio configurator

Follow .

Change the workloadmgr.conf to use the right mountpoint

It is necessary to first configure the Trilio appliance, before the steps of this section can be done.

RHOSP16 is using a different mount point in its datamover containers than other Openstack distribution. It is necessary to adjust the mountpoint of the Trilio Nodes to match this. If the mountpoints are not getting aligned, will files created by the datamover and read by the Trilio appliance not match in their paths and backup and restore processes will fail.

Please follow these steps to align the mountpoints:

Edit /etc/workloadmgr/workloadmgr.conf file
Set parameter 'vault_data_directory' to '/var/lib/nova/triliovault-mounts'
create the directory for the mountpoint

Troubleshooting for overcloud deployment failures

Trilio components will be deployed using puppet scripts.

In case of the overcloud deployment failing does the following command provide the list of errors:

Further commands that can help identifying any errors.

In case of the trilio datamover api container is failing to start or stuck in restart, check these logs:

In case of Trilio datamover container failing to start or being stuck in restart, check these logs:

Cinder backend is Ceph - additional steps

Add Ceph details to configuration file

If Cinder backend is Ceph it is necessary to manually add the ceph details to tvault-contego.conf on all compute nodes.

The file can be found here: /var/lib/config-data/puppet-generated/triliodm/etc/tvault-contego/tvault-contego.conf

Add the following information:

The same block of information can be found in the nova.conf file.

Restart the datamover container

Example runbook for Disaster Recovery using NFS

This runbook will demonstrate how to set up Disaster Recovery with Trilio for a given scenario.

The chosen scenario is following an actively used Trilio customer environment.

Scenario

There are two Openstack clouds available "Openstack Cloud A" and Openstack Cloud B". "Openstack Cloud B" is the Disaster Recovery restore point of "Openstack Cloud A" and vice versa. Both clouds have an independent Trilio installation integrated. These Trilio installations are writing their Backups to NFS targets. "Trilio A" is writing to "NFS A1" and "Trilio B" is writing to "NFS B1". The NFS Volumes used are getting synced against another NFS Volume on the other side. "NFS A1" is syncing with "NFS B2" and "NFS B1" is syncing with "NFS A2". The syncing process is set up independently from Trilio and will always favor the newer dataset.

This scenario will cover the Disaster Recovery of a single Workload and a complete Cloud. All processes are done be the Openstack administrator.

Prerequisites for the Disaster Recovery process

This runbook will assume that the following is true:

"Openstack Cloud A" and "Openstack Cloud B" both have an active Trilio installation with a valid license
"Openstack Cloud A" and "Openstack Cloud B" have free resources to host additional VMs
"Openstack Cloud A" and "Openstack Cloud B" have Tenants/Projects available that are the designated restore points for Tenant/Projects of the other side

For ease of writing will this runbook assume from here on, that "Openstack Cloud A" is down and the Workloads are getting restored into "Openstack Cloud B".

In the case of the usage of shared Tenant networks, beyond the floating IP, the following additional requirement is needed: All Tenant Networks, Routers, Ports, Floating IPs, and DNS Zones are created

Disaster Recovery of a single Workload

A single Workload can do a Disaster Recovery in this Scenario, while both Clouds are still active. To do so the following high-level process needs to be followed:

Copy the Workload directories to the configured NFS Volume
Make the right Mount-Paths available
Reassign the Workload

Copy the Workload directories to the configured NFS Volume

This process only shows how to get a Workload from "Openstack Cloud A" to "Openstack Cloud B". The vice versa process is similar.

As only a single Workload is to be recovered it is more efficient to copy the data of that single Workload over to the "NFS B1" Volume, which is used by "Trilio B".

Mount "NFS B2" Volume to a Trilio VM

It is recommended to use the Trilio VM as a connector between both NFS Volumes, as the nova user is available on the Trilio VM.

Identify the Workload on the "NFS B2" Volume

Trilio Workloads are identified by their ID und which they are stored on the Backup Target. See below example:

In the case that the Workload ID is not known can available Metadata inside the Workload directories be used to identify the correct Workload.

Copy the Workload

The identified workload needs to be copied with all subdirectories and files. Afterward, it is necessary to adjust the ownership to nova:nova with the right permissions.

Make the Mount-Paths available

Trilio backups are using qcow2 backing files, which make every incremental backup a full synthetic backup. These backing files can be made visible using the qemu-img tool.

The MTAuMTAuMi4yMDovdXBzdHJlYW0= part of the backing file path is the base64 hash value, which will be calculated upon the configuration of a Trilio installation for each provided NFS-Share.

This hash value is calculated based on the provided NFS-Share path: <NFS_IP>/<path> If even one character in the NFS-Share path is different between the provided NFS-Share paths a completely different hash value is generated.

Workloads, that have been moved between NFS-Shares, require that their incremental backups can follow the same path as on their original Source Cloud. To achieve this it is necessary to create the mount path on all compute nodes of the Target Cloud.

Afterwards a mount bind is used to make the workloads data accessible over the old and the new mount path. The following example shows the process of how to successfully identify the necessary mount points and create the mount bind.

Identify the base64 hash values

The used hash values can be calculated using the base64 tool in any Linux distribution.

Create and bind the paths

Based on the identified base64 hash values the following paths are required on each Compute node.

/var/triliovault-mounts/MTAuMTAuMi4yMDovdXBzdHJlYW1fc291cmNl

and

/var/triliovault-mounts/MTAuMjAuMy4yMjovdXBzdHJlYW1fdGFyZ2V0

In the scenario of this runbook is the workload coming from the NFS_A1 NFS-Share, which means the mount path of that NFS-Share needs to be created and bound to the Target Cloud.

To keep the desired mount past a reboot it is recommended to edit the fstab of all compute nodes accordingly.

Reassign the workload

Trilio workloads have clear ownership. When a workload is moved to a different cloud it is necessary to change the ownership. The ownership can only be changed by Openstack administrators.

Add admin-user to required domains and projects

To fulfill the required tasks an admin role user is used. This user will be used until the workload has been restored. Therefore, it is necessary to provide this user access to the desired Target Project on the Target Cloud.

Discover orphaned Workloads from NFS-Storage of Target Cloud

Each Trilio installation maintains a database of workloads that are known to the Trilio installation. Workloads that are not maintained by a specific Trilio installation, are from the perspective of that installation, orphaned workloads. An orphaned workload is a workload accessible on the NFS-Share, that is not assigned to any existing project in the Cloud the Trilio installation is protecting.

List available projects on Target Cloud in the Target Domain

The identified orphaned workloads need to be assigned to their new projects. The following provides the list of all available projects viewable by the used admin-user in the target_domain.

List available users on the Target Cloud in the Target Project that have the right backup trustee role

To allow project owners to work with the workloads as well will they get assigned to a user with the backup trustee role that is existing in the target project.

Reassign the workload to the target project

Now that all informations have been gathered the workload can be reassigned to the target project.

Verify the workload is available at the desired target_project

After the workload has been assigned to the new project it is recommended to verify the workload is managed by the Target Trilio and is assigned to the right project and user.

Restore the workload

The reassigned workload can be restored using Horizon following the procedure described .

This runbook will continue on the CLI only path.

Prepare the selective restore by getting the snapshot information

To be able to do the necessary selective restore a few pieces of information about the snapshot to be restored are required. The following process will provide all necessary information.

List all Snapshots of the workload to restore to identify the snapshot to restore

Get Snapshot Details with network details for the desired snapshot

Get Snapshot Details with disk details for the desired Snapshot

Prepare the selective restore by creating the restore.json file

The selective restore is using a restore.json file for the CLI command. This restore.json file needs to be adjusted according to the desired restore.

Run the selective restore

To do the actual restore use the following command:

Verify the restore

To verify the success of the restore from a Trilio perspective the restore status is checked.

Clean up

After the Desaster Recovery Process has been successfully completed it is recommended to bring the TVM installation back into its original state to be ready for the next DR process.

Delete the workload

Delete the workload that got restored.

Remove the database entry

The Trilio database is following the Openstack standard of not deleting any database entries upon deletion of the cloud object. Any Workload, Snapshot or Restore, which gets deleted, is marked as deleted only.

To allow the Trilio installation to be ready for another disaster recovery it is necessary to completely delete the entries of the Workloads, which have been restored.

Trilio does provide and maintain a script to safely delete workload entries and all connected entities from the Trilio database.

This script can be found here:

Remove the admin user from the project

After all restores for the target project have been achieved it is recommended to remove the used admin user from the project again.

Disaster Recovery of a complete cloud

This Scenario will cover the Disaster Recovery of a full cloud. It is assumed that the source cloud is down or lost completly. To do the disaster recovery the following high-level process needs to be followed:

Reconfigure the Target Trilio installation
Make the right Mount-Paths available
Reassign the Workload

Reconfigure the Target Trilio installation

Before the Desaster Recovery Process can start is it necessary to make the backups to be restored available for the Trilio installation. The following steps need to be done to completely reconfigure the Trilio installation.

During the reconfiguration process will all backups of the Target Region be on hold and it is not recommended to create new Backup Jobs until the Desaster Recovery Process has finished and the original Trilio configuration has been restored.

Add NFS B2 to the Trilio Appliance Cluster

To add the NFS-Vol2 to the Trilio Appliance cluster the Trilio can either be to use both NFS Volumes or it is possible to edit the configuration file and then restart all services. This procedure describes how to edit the conf file and restart the services. This needs to be repeated on every Trilio Appliance.

Edit the workloadmgr.conf

Look for the line defining the NFS mounts

Add NFS B2 to that as comma-seperated list. Space is not necessary, but can be set.

Write and close the workloadmgr.conf

Restart the wlm-workloads service

Add NFS B2 to the Trilio Datamovers

Trilio is integrating natively into the Openstack deployment tools. When using the Red Hat director or JuJu charms it is recommended to adapt the environment files for these orchestrators and update the Datamovers through them.

To add the NFS B2 to the Trilio Datamovers manually the tvault-contego.conf file needs to be edited and the service restarted.

Edit the tvault-contego.conf

Look for the line defining the NFS mounts

Add NFS B2 to that as comma-seperated list. Space is not necessary, but can be set.

Write and close the tvault-contego.conf

Restart the tvault-contego service

Make the Mount-Paths available

Trilio backups are using qcow2 backing files, which make every incremental backup a full synthetic backup. These backing files can be made visible using the qemu-img tool.

The MTAuMTAuMi4yMDovdXBzdHJlYW0= part of the backing file path is the base64 hash value, which will be calculated upon the configuration of a Trilio installation for each provided NFS-Share.

Identify the base64 hash values

The used hash values can be calculated using the base64 tool in any Linux distribution.

Create and bind the paths

Based on the identified base64 hash values the following paths are required on each Compute node.

/var/triliovault-mounts/MTAuMTAuMi4yMDovdXBzdHJlYW1fc291cmNl

and

/var/triliovault-mounts/MTAuMjAuMy4yMjovdXBzdHJlYW1fdGFyZ2V0

In the scenario of this runbook is the workload coming from the NFS_A1 NFS-Share, which means the mount path of that NFS-Share needs to be created and bound to the Target Cloud.

To keep the desired mount past a reboot it is recommended to edit the fstab of all compute nodes accordingly.

Reassign the workload

Trilio workloads have clear ownership. When a workload is moved to a different cloud it is necessary to change the ownership. The ownership can only be changed by Openstack administrators.

Add admin-user to required domains and projects

Discover orphaned Workloads from NFS-Storage of Target Cloud

List available projects on Target Cloud in the Target Domain

The identified orphaned workloads need to be assigned to their new projects. The following provides the list of all available projects viewable by the used admin-user in the target_domain.

List available users on the Target Cloud in the Target Project that have the right backup trustee role

To allow project owners to work with the workloads as well will they get assigned to a user with the backup trustee role that is existing in the target project.

Reassign the workload to the target project

Now that all informations have been gathered the workload can be reassigned to the target project.

Verify the workload is available at the desired target_project

After the workload has been assigned to the new project it is recommended to verify the workload is managed by the Target Trilio and is assigned to the right project and user.

Restore the workload

The reassigned workload can be restored using Horizon following the procedure described .

This runbook will continue on the CLI only path.

Prepare the selective restore by getting the snapshot information

To be able to do the necessary selective restore a few pieces of information about the snapshot to be restored are required. The following process will provide all necessary information.

List all Snapshots of the workload to restore to identify the snapshot to restore

Get Snapshot Details with network details for the desired snapshot

Get Snapshot Details with disk details for the desired Snapshot

Prepare the selective restore by creating the restore.json file

The selective restore is using a restore.json file for the CLI command. This restore.json file needs to be adjusted according to the desired restore.

Run the selective restore

To do the actual restore use the following command:

Verify the restore

To verify the success of the restore from a Trilio perspective the restore status is checked.

Reconfigure the Target Trilio installation back to the original one

After the Desaster Recovery Process has finished it is necessary to return the Trilio installation to its original configuration. The following steps need to be done to completely reconfigure the Trilio installation.

Delete NFS B2 to the Trilio Appliance Cluster

Edit the workloadmgr.conf

Look for the line defining the NFS mounts

Delete NFS B2 from the comma-seperated list

Write and close the workloadmgr.conf

Restart the wlm-workloads service

Delete NFS B2 to the Trilio Datamovers

To add the NFS B2 to the Trilio Datamovers manually the tvault-contego.conf file needs to be edited and the service restarted.

Edit the tvault-contego.conf

Look for the line defining the NFS mounts

Add NFS B2 to that as comma-seperated list. Space is not necessary, but can be set.

Write and close the tvault-contego.conf

Restart the tvault-contego service

Clean up

After the Desaster Recovery Process has been successfully completed and the Trilio installation reconfigured to its original state, it is recommended to do the following additional steps to be ready for the next Disaster Recovery process.

Remove the database entry

To allow the Trilio installation to be ready for another disaster recovery it is necessary to completely delete the entries of the Workloads, which have been restored.

Trilio does provide and maintain a script to safely delete workload entries and all connected entities from the Trilio database.

This script can be found here:

Remove the admin user from the project

After all restores for the target project have been achieved it is recommended to remove the used admin user from the project again.

T4O-4.0

About Trilio for Openstack

Trilio for Openstack Architecture

hashtagBackup-as-a-Service

hashtagMain Components

hashtagService Endpoints

hashtagNetwork Topology

Trilio 4.0 Release Notes

hashtagOpenstack Train support

hashtagTrilio Openstack Quota integration

hashtagOpenstack CLI integration

hashtagCLI restore of networks and security groups only

hashtagDisk integrity check after a backup

hashtagPerformance enhancements for big environments

hashtagEnablement of rolling upgrades and updates

hashtagKnown Issues

hashtagWorkloadmgr Quota feature does not support RHOSP13 & Canonical Queens Horizon

hashtag[Openstack Ansible] snapshot mount failed with error 'Permission denied'

hashtag[Volume Backup Exclude] Excluded Ceph Volume after restore not mountable or formatable

hashtagRestored VMs have blank metadata config_drive attached

hashtagScheduler trust not getting imported together with workload

hashtagTVM reconfig fails when adding new Trilio VM to the cluster

hashtagDatabase does not sync after Trilio cluster gets new nodes

hashtagWorkload scheduler gets disabled after primary node goes down

hashtag[exclude_boot_disk] Data on boot disk gets backed up despite exclusion

hashtagPost workload reassignment, scheduler trust gets disabled even if Established before reassignment

hashtagAdditional parameters required in rc file to run wlm commands from openstack cli

Deployment Guide

Support Matrix

hashtagTrilio 4.0 GA

Requirements

hashtagSystem requirements Trilio Appliance

hashtag2.3. Software Requirements

Preparing the installation

hashtagTenant Quotas

hashtagAWS S3 eventual consistency¶

hashtagTrilio Cluster¶

Installing Trilio Components

Installing on Canonical Openstack Queens and Train

Installing on Kolla Train

hashtagChange the nova user id on the Trilio Nodes

hashtagDeploy Trilio Datamover API on all Openstack controller nodes

hashtagPull TrilioVaullt Datamover API container image

hashtagCreate the Trilio Datamover API configuration

hashtagCreate config directory for trilio-datamover-api service

hashtagGet the trilio-datamover-api default config file

hashtagEdit dmapi.conf

hashtagCopy nova.conf of nova-api service to trilio-datamover-api directory

hashtagCreate trilio-datamover-api log directory

hashtagAdd trilio-datamover-api to haproxy.cfg

hashtagRun trilio-datamover-api container

hashtagVerify deployment of trilio-datamover-api container

hashtagDeploy Trilio Datamover container on all Compute nodes

hashtagPull Trilio Datamover container

hashtagCreate the Trilio Datamover configuration

hashtagCreate service config directory for trilio-datamover service

hashtagCopy nova.conf of nova-compute service to trilio-datamover config directory

hashtagGet the trilio-datamover default config file

hashtagEdit tvault-contego.conf

hashtagCreate trilio-datamover log directory

hashtagIf Ceph is used for Nova/Cinder Storage

hashtagRun trilio-datamover container

hashtagVerify deployment of trilio-datamover container

hashtagInstalling Trilio Horizon plugin

hashtagDownload the installation shell script

hashtagRun the shell script and restart Horizon container

hashtagEdit Horizon settings

hashtagRestart the Horizon container

hashtagKnown issues for Horizon plugin installation

hashtagIf OpenStack is based on 'Centos' platform

hashtagIf Openstack is based on Ubuntu platform

hashtagIf Trilio Horizon tabs are not accessible but Openstack Horizon works

hashtagEnabling Snapshout Mount

hashtagIdentify backup target mount point in Trilio VM

hashtagInstall nfs-common on nova_compute and nova_libvirt containers

hashtagMount backup target nfs share on nova_compute and nova_libvirt containers

hashtagTroubleshoot installation

Apply the Trilio license

hashtagApply license through Horizon

Additions for multiple CEPH configurations

Backup-as-a-Service

Main Components

Service Endpoints

Network Topology

Openstack Train support

Trilio Openstack Quota integration

Openstack CLI integration

CLI restore of networks and security groups only

Disk integrity check after a backup

Performance enhancements for big environments

Enablement of rolling upgrades and updates

Known Issues

Workloadmgr Quota feature does not support RHOSP13 & Canonical Queens Horizon

[Openstack Ansible] snapshot mount failed with error 'Permission denied'

[Volume Backup Exclude] Excluded Ceph Volume after restore not mountable or formatable

Restored VMs have blank metadata config_drive attached

Scheduler trust not getting imported together with workload

TVM reconfig fails when adding new Trilio VM to the cluster

Database does not sync after Trilio cluster gets new nodes

Workload scheduler gets disabled after primary node goes down

[exclude_boot_disk] Data on boot disk gets backed up despite exclusion

Post workload reassignment, scheduler trust gets disabled even if Established before reassignment

Additional parameters required in rc file to run wlm commands from openstack cli

Trilio 4.0 GA

System requirements Trilio Appliance

2.3. Software Requirements

Tenant Quotas

AWS S3 eventual consistency¶

Trilio Cluster¶

Change the nova user id on the Trilio Nodes

Deploy Trilio Datamover API on all Openstack controller nodes

Pull TrilioVaullt Datamover API container image

Create the Trilio Datamover API configuration

Create config directory for trilio-datamover-api service

Get the trilio-datamover-api default config file

Edit dmapi.conf

Copy nova.conf of nova-api service to trilio-datamover-api directory

Create trilio-datamover-api log directory

Add trilio-datamover-api to haproxy.cfg

Run trilio-datamover-api container

Verify deployment of trilio-datamover-api container

Deploy Trilio Datamover container on all Compute nodes

Pull Trilio Datamover container

Create the Trilio Datamover configuration

Create service config directory for trilio-datamover service

Copy nova.conf of nova-compute service to trilio-datamover config directory

Get the trilio-datamover default config file

Edit tvault-contego.conf

Create trilio-datamover log directory

If Ceph is used for Nova/Cinder Storage

Run trilio-datamover container

Verify deployment of trilio-datamover container

Installing Trilio Horizon plugin

Download the installation shell script

Run the shell script and restart Horizon container

Edit Horizon settings

Restart the Horizon container

Known issues for Horizon plugin installation

If OpenStack is based on 'Centos' platform

If Openstack is based on Ubuntu platform

If Trilio Horizon tabs are not accessible but Openstack Horizon works

Enabling Snapshout Mount

Identify backup target mount point in Trilio VM

Install nfs-common on nova_compute and nova_libvirt containers

Mount backup target nfs share on nova_compute and nova_libvirt containers

Troubleshoot installation

Apply license through Horizon

Uninstall Trilio components in RHOSP16

Generic Pre-requisites

Upgrade s3fuse/tvault-object-store

Upgrade tvault-configurator

Upgrade workloadmgr

Updating Config Parameters of specific services

Post Upgrade Steps

Definition

Disable a schedule

Using Horizon

Using CLI

Enable a schedule

Using Horizon