1 of 96

T4O-4.2

About Trilio for OpenStack

Trilio, by TrilioData, is a native OpenStack service that provides policy-based comprehensive backup and recovery for OpenStack workloads. The solution captures point-in-time workloads (Application, OS, Compute, Network, Configurations, Data and Metadata of an environment) as full or incremental snapshots. These snapshots can be held in a variety of storage environments including NFS AWS S3 compatible storage. With Trilio and its single click recovery, organizations can improve Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). With Trilio, IT departments are enabled to fully deploy OpenStack solutions and provide business assurance through enhanced data retention, protection and integrity.

With the use of Trilio’s VAST (Virtual Snapshot Technology), Enterprise IT and Cloud Service Providers can now deploy backup and disaster recovery as a service to prevent data loss or data corruption through point-in-time snapshots and seamless one-click recovery. Trilio takes point-in-time backup of the entire workload consisting of compute resources, network configurations and storage data as one unit. It also takes incremental backups that only captures the changes that were made since last backup. Incremental snapshots save time and storage space as the backup only includes changes since the last backup. The benefits of using VAST for backup and restore could be summarized as below:

Efficient capture and storage of snapshots. Since our full backups only include data that is committed to storage volume and the incremental backups only include changed blocks of data since last backup, our backup processes are efficient and storages backup images efficiently on the backup media
Faster and reliable recovery. When your applications become complex that snap multiple VMs and storage volumes, our efficient recovery process will bring your application from zero to operational with just click of button
Easy migration of workloads between clouds. Trilio captures all the details of your application and hence our migration includes your entire application stack without leaving any thing for guess work.
Through policy and automation lower the Total Cost of Ownership. Our tenant driven backup process and automation eliminates the need for dedicated backup administrators, there by improves your total cost of ownership.

Trilio for OpenStack Architecture

Backup-as-a-Service

Trilio is an add on service to OpenStack cloud infrastructure and provides backup and disaster recovery functions for tenant workloads. Trilio is very similar to other OpenStack services including nova, cinder, glance, etc and adheres to all tenets of OpenStack. It is a stateless service that scales with your cloud.

Deployment Guide

Requirements

Trilio has four main software components:

Trilio ships as a QCOW2 image. User can instantiate one or more VMs from the QCOW2 image on a standalone KVM boxes.
Trilio API is a python module that is an extension to nova api service. This module is installed on all OpenStack controller nodes
Trilio Datamover is a python module that is installed on every OpenStack compute nodes
Trilio horizon plugin is installed as an add on to horizon servers. This module is installed on every server that runs horizon service.

System requirements Trilio Appliance

The Trilio Appliance is not supported as instance inside Openstack.

The Trilio Appliance gets delivered as a qcow2 image, which gets attached to a virtual machine.

Trilio supports KVM-based hypervisors on x86 architectures, with the following properties:

Software

Supported

The recommended size of the VM for the Trilio Appliance is:

When running Trilio in production, a 3-node cluster of the Trilio appliance is recommended for high availability and load balancing.

Ressource

Value

The qcow2 image itself defines the 40GB disk size of the VM.

In the rare case of the Trilio Appliance database or log files getting larger than 40GB disk, contact or open a ticket with Trilio Customer Success to attach another drive to the Trilio Appliance.

Software Requirements

In addition to the Trilio Appliance does Trilio contain components, which are installed directly into the Openstack itself.

Each Openstack distribution comes with a set of supported operating systems. Please check the to see, which Openstack Distribution is supported with which Operating System.

Additionally, it is necessary to have the nfs-common packages installed on the compute nodes in case of using the NFS protocol for the backup target.

OpenStack Barbican for encryption

Since Trilio for OpenStack 4.2 is T4O capable of providing encrypted backups

The Trilio for OpenStack solution is leveraging the OpenStack Barbican service to provide encryption capabilities for its backups.

To be precise, T4O is using secrets provided by Barbican to encrypt and decrypt backups. Barbican is therefore required to utilize this feature.

Trilio network considerations

Trilio integrates natively with Openstack. This includes that Trilio communicates completely through APIs using the Openstack Endpoints. Trilio is also generating its own Openstack endpoints. In addition, is the Trilio appliance and the compute nodes writing to and reading from the backup target. These points affect the network planning for the Trilio installation.

Existing endpoints in Openstack

Openstack knows 3 types of endpoints:

Preparing the installation

It is recommended to think about the following elements prior to the installation of Trilio for Openstack.

Tenant Quotas

Trilio uses Cinder snapshots for calculating full and incremental backups. For full backups, Trilio creates Cinder snapshots for all the volumes in the backup job. It then leaves these Cinder snapshots behind for calculating the incremental backup image during next backup. During an incremental backup operation it creates new Cinder snapshots, calculates the changed blocks between the new snapshots and the old snapshots that were left behind during full/previous backups. It then deletes the old snapshots but leaves the newly created snapshots behind. So, it is important that each tenant who is availing Trilio backup functionality has sufficient Cinder snapshot quotas to accommodate these additional snapshots. The guideline is to add 2 snapshots for every volume that is added to backups to volume snapshot quotas for that tenant. You may also increase the volume quotas for the tenant by the same amount because Trilio briefly creates a volume from snapshot to read data from the snapshot for backup purposes. During a restore process, Trilio creates additional instances and Cinder volumes. To accommodate restore operations, a tenant should have sufficient quota for Nova instances and Cinder volumes. Otherwise restore operations will result in failures.

AWS S3 eventual consistency¶

AWS S3 object consistency model includes:

Read-after-write
Read-after-update
Read-after-delete

Each of them describes how an object will reach its consistent state after an object is created/updated or deleted. None of them provides strong consistency and there is a lag time for an object to reach the consistent state. Though Trilio employed mechanisms to work around the limitations of eventual consistency of AWS S3, when an object reach its consistency state is not deterministic. There is no official statement from AWS on how long it takes for an object to reach consistent state. However read-after-write has a shorter time to reach consistency compared to other IO patterns. Our solution is designed to maximize read-after-write IO pattern. The time in which an object reaches eventual consistency also depends on the AWS region. For example, aws-standard region does not have strong consistency model compared to us-east or us-west. We suggest to use these regions when creating s3 buckets for Trilio. Though read-after-update IO pattern is hard to avoid completely, we employed ample delays in accessing objects to accommodate larger durations for objects to get into consistent state. However in rare occasions, backups may still fail and need to restarted.

Trilio Cluster¶

Trilio can be deployed as a single node or a three node cluster. It is highly recommended that Trilio is deployed as three node cluster for fault tolerance and load balancing. Starting with 3.0 release, Trilio requires additional IP for cluster and is required for both single node and three node deployments. Cluster ip a.k.a virtual ip is used for managing cluster and is used to register Trilio service endpoint in the keystone sevice catalog.

Installing Trilio Components

Once the Trilio VM or the Cluster of Trilio VMs has been spun, the actual installation process can begin. This process contains of the following steps:

Install the Trilio dm-api service on the control plane
Install the Trilio datamover service on the compute plane
Install the Trilio Horizon plugin into the Horizon service

How these steps look in detail is depending on the Openstack distribution Trilio is installed in. Each supported Openstack distribution has its own deployment tools. Trilio is integrating into these deployment tools to provide a native integration from the beginning to the end.

Test text

Installing on Canonical OpenStack

Trilio and Canonical have started a partnership to ensure a native deployment of Trilio using JuJu Charms.

Those JuJu Charms are publicly available as Open Source Charms.

Trilio is providing the JuJu Charms to deploy Trilio 4.2 in Canonical OpenStack from Yoga release onwards only. JuJu Charms to deploy Trilio 4.2 in Canonical OpenStack up to wallaby release are developed and maintained by Canonical.

Apply the Trilio license

After the Trilio VM has been configured and all components are installed can the license be applied.

The license can be applied either through the admin-tab in Horizon or the CLI

Apply license through Horizon

To apply the license through Horizon follow these steps:

Advanced Ceph configurations

Ceph is the most common OpenSource solution to provide block storage through OpenStack Cinder.

Ceph is a very flexible solution. The possibilities of Ceph require additional steps to the Trilio solution.

Additions for multiple CEPH configurations

It is possible to configure Cinder to have multiple configurations and keyrings for CEPH.

In this case, the Trilio Datamover file needs to be extended with the CEPH information.

For Trilio to be able to work in such an environment it is required to put copies of each of these configurations and keyrings into a separate directory, which is then made known to the Trilio Datamover inside a [ceph] block in the tvault-contego.conf.

A tvault-contego.conf file with the extended [ceph] block would look like this.

[DEFAULT]

vault_storage_type = nfs
vault_storage_nfs_export = 192.168.1.34:/mnt/tvault/tvm5
vault_storage_nfs_options = nolock,soft,timeo=180,intr,lookupcache=none


vault_data_directory_old = /var/triliovault
vault_data_directory = /var/trilio/triliovault-mounts
log_file = /var/log/kolla/triliovault-datamover/tvault-contego.log
debug = False
verbose = True
max_uploads_pending = 3
max_commit_pending = 3

dmapi_transport_url = rabbit://openstack:[email protected]:5672,openstack:[email protected]:5672,openstack:[email protected]:5672//

[dmapi_database]
connection = mysql+pymysql://dmapi:x5nvYXnAn4rXmCHfWTK8h3wwShA4vxMq3gE2jH57@kolla-victoriaR-internal.triliodata.demo:3306/dmapi


[libvirt]
images_rbd_ceph_conf = /etc/ceph/ceph.conf
rbd_user = volumes

[ceph]
keyring_ext = .volumes.keyring
ceph_dir = /etc/ceph/directory1/,/etc/ceph/directory2/

[contego_sys_admin]
helper_command = sudo /usr/bin/privsep-helper


[conductor]
use_local = True

[oslo_messaging_rabbit]
ssl = false

[cinder]
http_retries = 10

Additions for multiple Ceph users

It is possible to configure Cinder and Ceph to use different Ceph users for different Ceph pools and Cinder volume types. Or to have the nova boot volumes and cinder block volumes controlled by different users.

In the case of multiple Ceph users, it is required to adopt the keyring extension in the tvault-contego.conf inside the Ceph block.

The following example will try all files with the extension keyring that are located inside /etc/ceph to access the Ceph cluster for a Trilio related task.

[DEFAULT]

vault_storage_type = nfs
vault_storage_nfs_export = 192.168.1.34:/mnt/tvault/tvm5
vault_storage_nfs_options = nolock,soft,timeo=180,intr,lookupcache=none


vault_data_directory_old = /var/triliovault
vault_data_directory = /var/trilio/triliovault-mounts
log_file = /var/log/kolla/triliovault-datamover/tvault-contego.log
debug = False
verbose = True
max_uploads_pending = 3
max_commit_pending = 3

dmapi_transport_url = rabbit://openstack:[email protected]:5672,openstack:[email protected]:5672,openstack:[email protected]:5672//

[dmapi_database]
connection = mysql+pymysql://dmapi:x5nvYXnAn4rXmCHfWTK8h3wwShA4vxMq3gE2jH57@kolla-victoriaR-internal.triliodata.demo:3306/dmapi


[libvirt]
images_rbd_ceph_conf = /etc/ceph/ceph.conf
rbd_user = volumes

[ceph]
keyring_ext = .keyring
ceph_dir = /etc/ceph/

[contego_sys_admin]
helper_command = sudo /usr/bin/privsep-helper


[conductor]
use_local = True

[oslo_messaging_rabbit]
ssl = false

[cinder]
http_retries = 10

Uninstall Trilio

The uninstallation of Trilio is depending on the Openstack Distribution it is installed in. The high-level process is the same for all Distributions.

Uninstall the Horizon Plugin or the Trilio Horizon container
Uninstall the datamover-api container
Uninstall the datamover
Delete the Trilio Appliance Cluster

Uninstalling from Canonical OpenStack

Trilio is not providing the JuJu Charms to deploy Trilio 4.1 in Canonical Openstack. At the time of release are the JuJu Charms not yet updated to Trilio 4.1. We will update this page once the Charms are available.

Uninstalling from Kolla OpenStack

Clean triliovault_datamover_api container

The container needs to be cleaned on all nodes where the triliovault_datamover_api container is running. The Kolla Openstack inventory file helps to identify the nodes with the service.

Following steps need to be done to clean the triliovault_datamover_api container:

Stop the triliovault_datamover_api container.

Remove the triliovault_datamover_api container.

Clean /etc/kolla/triliovault-datamover-api directory.

Clean log directory of triliovault_datamover_api container.

Clean triliovault_datamover container

The container needs to be cleaned on all nodes where the triliovault_datamover container is running. The Kolla Openstack inventory file helps to identify the nodes with the service.

Following steps need to be done to clean the triliovault_datamover container:

Stop the triliovault_datamover container.

Remove the triliovault_datamover container.

Clean /etc/kolla/triliovault-datamover directory.

Clean log directory of triliovault_datamover container.

Clean haproxy of Trilio Datamover API

The Trilio Datamover API entries need to be cleaned on all haproxy nodes. The Kolla Openstack inventory file helps to identify the nodes with the service.

Following steps need to be done to clean the haproxy container:

Clean Kolla Ansible deployment procedure

Delete all Trilio related entries from:

To cross-verify the uninstallation undo all steps done in and .

Trilio entries can be found in:

/usr/local/share/kolla-ansible/ansible/roles/ ➡️ There is a role triliovault
/etc/kolla/globals.yml➡️ Trilio entries had been appended at the end of the file
/etc/kolla/passwords.yml➡️

Revert to original Horizon container

Run deploy command to replace the Trilio Horizon container with original Kolla Ansible Horizon container.

Clean Keystone resources

Trilio created a dmapi service with dmapi user.

Clean Trilio database resources

Trilio Datamover API service has its own database in the Openstack database.

Delete dmapi database and user.

Destroy the Trilio VM Cluster

List all VMs running on the KVM node

Destroy the Trilio VMs

Undefine the Trilio VMs

Delete the TrlioVault VM disk from KVM Host storage

Uninstalling from Ansible OpenStack

Uninstall Trilio Services

The Trilio Ansible OpenStack playbook can be run to uninstall the Trilio services.

Destroy Trilio Datamover API container

To cleanly remove the Trilio Datamover API container run the following Ansible playbook.

Clean openstack_user_config.yml

Remove the tvault-dmapi_hosts and tvault_compute_hosts entries from /etc/openstack_deploy/openstack_user_config.yml

Remove Trilio haproxy settings in user_variables.yml

Remove Trilio Datamover API settings from /etc/openstack_deploy/user_variables.yml

Remove Trilio Datamover API inventory file

Remove Trilio Datamover API service endpoints

Delete Trilio Datamover API database and user

Go inside galera container.
Login as root user in mysql database engine.
Drop dmapi database.
Drop dmapi user

Remove dmapi rabbitmq user from rabbitmq container

Go inside rabbitmq container.
Delete dmapi user.
Delete dmapi vhost.

Clean haproxy

Remove /etc/haproxy/conf.d/datamover_service file.

Remove HAproxy configuration entry from /etc/haproxy/haproxy.cfg file.

Restart the HAproxy service.

Remove certificates from Compute nodes

Destroy the Trilio VM Cluster

List all VMs running on the KVM node

Destroy the Trilio VMs

Undefine the Trilio VMs

Delete the TrlioVault VM disk from KVM Host storage

Upgrade Trilio

Starting Trilio for Openstack 4.0 does Trilio for Openstack allow in-place upgrades.

The following versions can be upgraded to each other:

Old

New

Workload Encryption with Barbican

Learn about encrypting Trilio workloads with Barbican

Introduction

Integrating Trilio for OpenStack 4.2 with Barbican facilitates encryption support for the qcow2-data segment of Trilio backups. However, the JSON files housing the backed-up OpenStack metadata remain unencrypted.

This capability necessitates the presence of the OpenStack Barbican service. Absence of the Barbican service will result in the omission of encryption options for Workloads within the Horizon interface.

Trilio for OpenStack (T4O) 4.2 exclusively retrieves secrets from Barbican, without generating, modifying, or deleting any secrets within the Barbican platform.

Barbican secrets are indispensable for executing backups or restorations in encryption-enabled Workloads. The onus lies on the OpenStack project user to supply these secrets and guarantee their accurate availability.

Multi-IP NFS Backup target mapping file configuration

Introduction

Filename and location:

This file is used only when the user wants to configure 'multiple IP/endpoints based NFS share' as a backup target for Trilio. In all other cases like single IP NFS, S3 this file does not get used. Follow regular install doc.

If the user is using multiple-IP/endpoints based NFS share as a backup target for triliovault then triliovault mounts any one IP/endpoint on a given compute node for a given NFS share. Users can distribute NFS share IPs/endpoints across compute nodes.

'triliovault_nfs_map_input.yml' file is a tool that users can use to distribute/load balance NFS share endpoints across compute nodes in a given cloud.

Note: Two IPs/endpoints of same NFS share on single compute node is invalid scenario and not required because in backend it stores data at same place.

Examples

Using hostnames

Here, the User has ‘one’ NFS share exposed with three IP addresses. 192.168.1.34, 192.168.1.35, 192.168.1.33 Share directory path is: /var/share1

So, this NFS share supports the following full paths that clients can mount:

There are 32 compute nodes in the OpenStack cloud. 30 node hostnames have the following naming pattern

The remaining 2 node hostnames do not follow any format/pattern.

Now the mapping file will look like this

Using IPs

Compute node IP range used here: 172.30.3.11-40 and 172.30.4.40, 172.30.4.50 Total of 32 compute nodes

Other complex examples are available on github at

Getting the correct compute hostnames/IPs

RHOSP or TripleO

Use the following command to get compute hostnames. Check the ‘Name' column. Use these exact hostnames in 'triliovault_nfs_map_input.yml' file.

In the following command output, ‘overcloudtrain1-novacompute-0' and ‘overcloudtrain1-novacompute-1' are correct hostnames.

Run this command on undercloud by sourcing 'stackrc'.

Kolla-Ansible OpenStack

Compute hostnames/IPs should match in kolla-ansible inventory file and triliovault_nfs_map_input.yml.

If IP addresses are sued in kolla-ansible inventory file then the same IP addresses should be used in ‘triliovault_nfs_map_input.yml' file too. If the kolla-ansible deploy command looks like the following,

kolla-ansible -i multinode deploy

then, the inventory file is 'multinode'. Generally, it is available at “/root/multinode“.

OpenStack Ansible

Compute hostnames/IPs should match in the Openstack Ansible inventory file and triliovault_nfs_map_input.yml

If IP addresses have been used in the Openstack-ansible inventory file then you should use the same IP addresses in the ‘triliovault_nfs_map_input.yml' file too.

Generally inventory file available at /etc/openstack_deploy/openstack_user_config.yml

Openstack Ansible deploy command looks like following,

openstack-ansible os-tvault-install.yml

Openstack Ansible automatically picks up values that the user has set in the file openstack_user_config.yml

Enabling T4O 4.1 or older backups when using NFS backup target

Trilio for OpenStack is generating a base64 hash value for every NFS backup target connected to the T4O solution. This enables T4O to mount multiple NFS backup targets to the same T4O installation.

The mountpoints are generated utilizing a hash value inside the mountpoint, providing a unique mount for every NFS backup target.

This mountpoint is then used inside the incremental backups to point to the qcow2 backing files. The backing file path is required as a full path and can not be set as a relative path. This is a limitation of the qcow2 format.

T4O 4.2 has changed how the hash value gets calculated. T4O 4.1 and prior calculated the hash value out of the complete NFS path provided as shown in the example below.

T4O 4.2 is now only considering the NFS directory part for the hash value as shown below.

It is therefore necessary to make older backups taken by T4O 4.1 or prior available for TVO4.2 to restore.

This can be done by one of two methods:

Rebase all backups and change the backing file path
Make the old mount point available again and point it to the new one using mount bind

Rebase all backups

This method is taking a significant amount of time depending on the number of backups, that need to be rebased. It is therefore recommended to determine the required time through a test workload.

Trilio is providing a script, that is taking care of the rebase procedure. This script can be downloaded from the following location.

Copy and use the script from the Trilio appliance as the nova user.

The nova user is required, as this user owns the backup files, and using any other user will change the ownership and lead to unrestorable backups.

The script is requiring the complete path to the workload directory on the backup target.

This needs to be repeated until all workloads have been rebased.

Use mount bind with the old mount point

This method is a temporary solution, which is to be kept in place until all workloads have gone through a complete retention cycle.

Once all Workloads only contain backups created by T4O 4.2 it is no longer required to keep the mount bind active.

This method is generating a second mount point based on the old hash value calculation and then mounting the new mount point to the old one. By doing this mount bind both mount points will be available and point to the same backup target.

To use this method the following information needs to be available:

old mount path
new mount path

Examples of how to calculate the base64 hash value are shown below.

Old mountpoint hash value:

New mountpoint hash value:

The mount bind needs to be done for all Trilio appliances and Datamover services.

Trilio Appliance

To enable the mount bind on the Trilio appliance follow these steps:

Create the old mountpoint directory mkdir -p old_mount_path
run mount --bind command mount --bind <new_mount_path> <old_mount_path>
set permissions for mountpoint chmod 777 <old_mount_path>

It is recommended to use df -h to identify the current mountpoint as RHOSP, TripleO and Kolla Ansible OpenStack are using a different path than Ansible OpenStack or Canonical OpenStack.

An example is given below.

RHOSP/TripleO Datamover

The following steps need to be done on the overcloud compute node. They don't need to be done inside any container.

To enable the mount bind on the Trilio appliance follow these steps:

Create the old mountpoint directory mkdir -p old_mount_path
run mount --bind command mount --bind <new_mount_path> <old_mount_path>
set permissions for mountpoint chmod 777 <old_mount_path>

Kolla Ansible OpenStack Datamover

The following steps need to be done on the overcloud compute node. They don't need to be done inside any container.

To enable the mount bind on the Trilio appliance follow these steps:

Create the old mountpoint directory mkdir -p old_mount_path
run mount --bind command mount --bind <new_mount_path> <old_mount_path>
set permissions for mountpoint chmod 777 <old_mount_path>

Ansible OpenStack Datamover

The following steps need to be done on the overcloud compute node. They don't need to be done inside any container.

To enable the mount bind on the Trilio appliance follow these steps:

Create the old mountpoint directory mkdir -p old_mount_path
run mount --bind command mount --bind <new_mount_path> <old_mount_path>
set permissions for mountpoint chmod 777 <old_mount_path>

Canonical Openstack WLM & Datamover containers

Canonical OpenStack does the creation of the mountpoint and the mount bind through JuJu using the following commands.

To create the mountpoint, if it doesn't already exist:

To create the mount bind

Switch Backup Target on Kolla-ansible

Unmount old mount point

The first step is to remove the datamover container and to unmount the old mounts. This is necessary to make sure, that the new datamover container with the new backend target is not getting any interference from the old backup target.

Switch NFS Backing file

Trilio is using a base64 hash for the mount point of NFS Backup targets. This hash makes sure, that multiple NFS Shares can be used with the same Trilio installation.

This base64 hash is part of the Trilio incremental backups as an absolute path of the backing files. This requires the usage of mount bind during a DR scenario or quick migration scenario.

In the case that there is time for a thorough migration there is another option to change the backing file and make the Trilio backups available on a different NFS Share. This option is updating the backing file to the new NFS Share mount point.

Backing file change script

Trilio is providing a shell script for the purpose of changing the backing file. This script is used after the Trilio appliance has been reconfigured to use the new NFS share.

Trilio Appliance Administration Guide

Set Trilio GUI login banner

To configure the banner shown upon accessing the Trilio Appliance GUI do the following.

Login into Trilio Appliance console
edit the banner.yaml at /etc/tvault-config/banner.yaml
restart tvault-config service

The content of the banner.yaml looks as follows and can be edited as required:

Trilio Appliance Dashboard

The Trilio Appliance Dashboard gives an overview of the running services and their Status inside the Cluster. The dashboard can be accessed using the virtual IP.

If service status panels on the dashboard page are not visible then access the virtual IP on port 3001 (https://<T4O-VIP>:3001/) and accept the SSL exception, and then refresh the dashboard page.

The Trilio Appliance Dashboard gives an overview of the running services and their Status inside the Cluster. This dashboard is accessible through the virtual IP.

Reconfigure the Trilio Cluster

The Trilio appliance can be reconfigured at any time to adjust the Trilio cluster to any changes in the Openstack environment or the general backup solution.

To reconfigure the Trilio Cluster go to the "Configure". The configure page shows the current configuration of the TriloVault cluster.

The configuration page also gives access to the ansible playbooks of the last successful configuration.

To start the reconfiguration of the Trilio Cluster click "Reconfigure" at the end of the table.

Follow the guide afterwards.

Once the Trilio configurator has started, it needs to run through successfully to continue to use Trilio.

Change the Trilio GUI password

Change Trilio Dashboard password

To change the Trilio GUI password do:

Reset the Trilio GUI password

In case of the Trilio Dashboard being lost it can be resetted as long as SSH access to the appliance is available.

To reset the password to its default do the following:

The dashboard login will be reset to:

Reinitialize Trilio

The Trilio Appliance can be reinitialized, which will delete all workload related values from the Trilio database.

To reinitialize the Trilio Appliance do:

Login into the Trilio Dashboard
Click on "admin" in the upper right corner to open the submenu

Download Trilio logs

It is possible to download the Trilio logs directly through the Trilio web gui.

To download logs throught the Trilio web gui:

Login into the Trilio web gui
Go to "Logs"
Choose the log to be downloaded
- Each log for every Trilio Appliance can be downloaded seperatly
- or a zip of all logfiles can be created and downloaded

This will download the current log files. Already rotated logs need to be downloaded through SSH from the Trilio appliance directly. All logs, including rotated old logs, can be found at:

/var/log/workloadmgr/

Clean up Trilio database

The Trilio database is following an older OpenStack database schema. This schema is not forgetting anything and is instead setting the deleted flag for any data that is no longer valid/deleted.

This leads to ever-growing databases, which can lead to performance degradation.

To counter this a database clean-up and optimization tool has been made available.

User Guide

E-Mail Notifications

Definition

Trilio can notify users via E-Mail upon the completion of backup and restore jobs.

The E-Mail will be sent to the owner of the Workload.

Requirements to activate E-Mail Notifications

To use the E-mail notifications, two requirements need to be met.

Both requirements need to be set or configured by the Openstack Administrator. Please contact your Openstack Administrator to verify the requirements.

User E-Mail assigned

As the E-Mail will be sent to the owner of the Workload does the Openstack User, who created the workload, require to have an E-Mail address associated.

Trilio E-Mail Server configured

Trilio needs to know which E-Mail server to use, to send the E-mail notifications. Backup Administrators can do this in the "Backup Admin" area.

Activate/Deactivate the E-Mail Notifications

E-Mail notifications are activated tenant wide. To activate the E-Mail notification feature for a tenant follow these steps:

Login to Horizon
Navigate to the Backups
Navigate to Settings
Check/Uncheck the box for "Enable Email Alerts"

Example E-Mails

The following screenshots show example E-mails send by Trilio.

Admin Guide

Managing Trusts

Trilio is using the which enables the Trilio service user to act in the name of another Openstack user.

This system is used during all backup and restore features.

Openstack Administrators should never have the need to directly work with the trusts created.

The cloud-trust is created during the Trilio configuration and further trusts are created as necessary upon creating or modifying a workload.

Trusts can only be worked with via CLI

Disaster Recovery

Trilio Workloads are designed to allow a Desaster Recovery without the need to backup the Trilio database.

As long as the Trilio Workloads are existing on the Backup Target Storage and a Trilio installation has access to them, it is possible to restore the Workloads.

Disaster Recovery Process

Install and Trilio for the target cloud
Notify users to of Workloads being available

This procedure is designed to be applicable to all Openstack installations using Trilio. It is to be used as a starting point to develop the exact Desaster Recovery process of a specific environment.

In case that instead of noticing the users, the workloads shall be restored is it necessary to have an User in each Project, that has the necessary privileges to restore.

Mount-paths

Trilio incremental Snapshots involve a backing file to the prior backup taken, which makes every Trilio incremental backup a synthetic full backup.

Trilio is using qcow2 backing files for this feature:

As can be seen in the example is the backing file an absolute path, which makes it necessary, that this path exists so the backing files can be accessed.

Trilio is using the base64 hashing algorithm for the NFS mount-paths, to allow the configuration of multiple NFS Volumes at the same time. The hash value is calculated using the provided NFS path.

When the path of the backing file is not available on the Trilio appliance and Compute nodes, will the restores of incremental backups fail.

The tested and recommended method to make the backing files available is creating the required directory path and using mount --bind to make the path available for the backups.

Running the mount --bind command will make the necessary path available until the next reboot. If it is required to have access to the path beyond a reboot is it necessary to edit the fstab.

Migrating encrypted Workloads

Same cloud - different owner

Migration within the same cloud to a different owner Cloud A — Domain A — Project A — User A => Cloud A — Domain A — Project A — User B Cloud A — Domain A — Project A — User A => Cloud A — Domain A — Project B — User B Cloud A — Domain A — Project A — User A =>Cloud A — Domain B — Project B — User B

Steps used:

Rebasing existing workloads

The Trilio solution is using the qcow2 backing file to provide full synthetic backups.

Especially when the NFS backup target is used, there are scenarios at which this backing file needs to be updated to a new mount path.

To make this process easier and streamlined Trilio is providing the following rebase tool.

Troubleshooting

Frequently Asked Questions

Frequently Asked Questions about Trilio for OpenStack

1. Can Trilio for OpenStack restore instance UUIDs?

Answer: NO

Trilio for OpenStack does not restore Instance UUIDs (also known as Instance IDs). The only scenario where we do not modify the Instance UUID is during an Inplace Restore, where we only recover the data without creating new instances.

When Trilio for OpenStack restores virtual machines (VMs), it effectively creates new instances. This means that new Virtual Machine Instance UUIDs are generated for the restored VMs. We achieve this by orchestrating a call to Nova, which creates new VMs with new UUIDs.

General Troubleshooting Tips

Troubleshooting inside a complex environment like Openstack can be very time-consuming. The following tipps will help to speed up the troubleshooting process to identify root causes.

What is happening where

Openstack and Trilio are divided into multiple services. Each service has a very specific purpose that is called during a backup or recovery procedure. Knowing which service is doing what helps to understand where the error is happening, allowing more focused troubleshooting.

Trilio cluster

The Trilio Cluster is the Controller of Trilio. It receives all Workload related requests from the users.

Every task of a backup or restore process is triggered and managed from here. This includes the creation of the directory structure and initial metadata files on the Backup Target.

During a backup process

During a backup process is the Trilio cluster also responsible to gather the metadata about the backed up VMs and networks from the Openstack environment. It is sending API calls towards the Openstack endpoints on the configured endpoint type to fetch this information. Once the metadata has been received does the Trilio Cluster write it as json files on the Backup Target.

The Trilio cluster is also sending the Cinder Snapshot command.

During a restore process

During restore process is the Trilio cluster reading the VM metadata from its Database and is using the metadata to create the Shell for the restore. It is sending API calls to the Openstack environment to create the necessary resources.

dmapi

The dmapi service is the connector between the Trilio cluster and the datamover running on the compute nodes.

The purpose of the dmapi service is to identify which compute node is responsible for the current backup or restore task. To do so is the dmapi service connecting to the nova api database requesting the compute hose of a provided VM.

Once the compute host has been identified is the dmapi forwarding the command from the Trilio Cluster to the datamover running on the identified compute host.

datamover

The datamover is the Trilio service running on the compute nodes.

Each datamover is responsible for the VMs running on top of its compute node. A datamover can not work with VMs running on a different compute node.

The datamover is controlling the freeze and thaw of VMs as well as the actual movement of the data.

Everything on the Backup Target is happening as user nova

Trilio is reading and writing on the Backup Target as nova:nova.

The POSIX user-id and group-id of nova:nova need to be aligned between the Trilio Cluster and all compute nodes. Otherwise backup or restores may fail with permission or file not found issues.

Alternativ ways to achieve the goal are possible, as long as all required nodes can fully write and read as nova:nova on the Backup Target.

It is recommended to verify the required permissions on the Backup Target in case of any errors during the data transfer phase or in case of any file permission errors.

Input/Output Error with Cohesity NFS

On Cohesity NFS if an Input/Output error is observed, then increase the timeo and retrans parameter values in your NFS options.

Timeout receiving packet error in multipath iscsi environment

Logging inside all datamover containers and add uxsock_timeout with value as 60000 which is equals to 60 sec inside /etc/multipath.conf.Restart datamover container

Trilio Trustee Role

Trilio is using RBAC to allow the usage of Trilio features to users.

This trustee role is absolutely required and can not be overwritten using the admin role.

It is recommended to verify the assignment of the Trilio Trustee Role in case of any permission errors from Trilio during creation of Workloads, backups or restores.

Openstack Quotas

Trilio is creating Cinder Snapshots and temporary Cinder Volumes. The Openstack Quotas need to allow that.

Every disk that is getting backed up requires one temporary Cinder Volumes.

Every Cinder Volume that is getting backup requires two Cinder Snapshots. The second Cinder Snapshot is temporary to calculate the incremental.

Trilio Configurator

Once Trilio is configured use virtual IP to access its dashboard. If service status panels on the dashboard page are not visible then access the virtual IP on port 3001 (https://<T4O-VIP>:3001/) and accept the SSL exception, and then refresh the dashboard page.

Using the workloadmgr CLI tool on the Trilio Appliance

To use the workloadmgr CLI tool on the Trilio appliance it is only necessary to activate the virtual environment of the workloadmgr

An rc-file to authenticate against Openstack is required.

API GUIDE

Installing on TripleO Train

1. Prepare for deployment

1.1] Select 'backup target' type

Backup target storage is used to store backup images taken by Trilio and details needed for configuration:

The following backup target types are supported by Trilio

a) NFS

Need NFS share path

b) Amazon S3

- S3 Access Key - Secret Key - Region - Bucket name

c) Other S3 compatible storage (Like, Ceph based S3)

- S3 Access Key - Secret Key - Region - Endpoint URL (Valid for S3 other than Amazon S3) - Bucket name

1.2] Clone triliovault-cfg-scripts repository

The following steps are to be done on 'undercloud' node on an already installed RHOSP environment. The overcloud-deploy command has to be run successfully already and the overcloud should be available.

All commands need to be run as user 'stack' on undercloud node

TripleO CentOS8 is not supported anymore as CentOS Linux 8 has reached End of Life on December 31st,2021.

The following command clones the triliovault-cfg-scripts github repository.

Please note that the Trilio Appliance needs to get updated to the latest HF as well.

1.3] If the backup target type is 'Ceph based S3' with SSL:

If your backup target is ceph S3 with SSL and SSL certificates are self-signed or authorized by a private CA, then the user needs to provide a CA chain certificate to validate the SSL requests. For that, the user needs to rename his ca chain cert file to s3-cert.pem and copy it into the directory triliovault-cfg-scripts/redhat-director-scripts/redhat-director-scripts/<RHOSP_RELEASE_Directory/puppet/trilio/files

2] Upload Trilio puppet module

3] Update overcloud roles data file to include Trilio services

Trilio contains multiple services. Add these services to your roles_data.yaml.

In the case of uncustomized roles_data.yaml can the default file be found on the undercloud at:

/usr/share/openstack-tripleo-heat-templates/roles_data.yaml

Add the following services to the roles_data.yaml

All commands need to be run as user 'stack'

3.1] Add Trilio Datamover Api Service to role data file

This service needs to share the same role as the keystone and database service. In the case of the pre-defined roles will these services run on the role Controller. In the case of custom-defined roles, it is necessary to use the same role where OS::TripleO::Services::Keystone service is installed.

Add the following line to the identified role:

3.2] Add Trilio Datamover Service to role data file

This service needs to share the same role as the nova-compute service. In the case of the pre-defined roles will the nova-compute service run on the role Compute. In the case of custom-defined roles, it is necessary to use the role the nova-compute service is used.

Add the following line to the identified role:

3.3] Add Trilio Horizon Service role data file4] Prepare Trilio container images

This service needs to share the same role as the OpenStack Horizon server. In the case of the pre-defined roles, Horizon service runs on the role Controller. Add the following line to the identified role:

All commands need to be run as user 'stack'

Refer to the word <HOTFIX-TAG-VERSION> as 4.2.8 in the below sections

Trilio containers are pushed to 'Dockerhub'. Registry URL: 'docker.io'. Container pull URLs are given below.

CentOS7

There are two registry methods available in TripleO Openstack Platform.

Remote Registry
Local Registry

4.1] Remote Registry

Follow this section when 'Remote Registry' is used.

For this method, it is not necessary to pull the containers in advance. It is only necessary to populate the trilio_env.yaml file with the Trilio container URLs from the Dockerhub registry.

Populate the trilio_env.yaml with container URLs for:

Trilio Datamover container
Trilio Datamover api container
Trilio Horizon Plugin

trilio_env.yaml will be available in __triliovault-cfg-scripts/redhat-director-scripts/tripleo-train/environments

4.2] Local Registry

Follow this section when 'local registry' is used on the undercloud.

Run the following script. Script pulls the triliovault containers and updates the triliovault environment file with URLs.

The changes can be verified using the following commands.

5] Configure multi-IP NFS

This section is only required when the multi-IP feature for NFS is required.

This feature allows setting the IP to access the NFS Volume per datamover instead of globally.

On Undercloud node, change the directory

Edit file 'triliovault_nfs_map_input.yml' in the current directory and provide compute host and NFS share/IP map.

Get the compute hostnames from the following command. Check the 'Name' column. Use exact hostnames in 'triliovault_nfs_map_input.yml' file.

Run this command on undercloud by sourcing 'stackrc'.

Edit the input map file and fill in all the details. Refer to for details about the structure.

vi triliovault_nfs_map_input.yml

Update pyYAML on the undercloud node only

If pip isn't available please install pip on the undercloud.

Expand the map file to create a one-to-one mapping of the compute nodes and the NFS shares.

The result will be in file - 'triliovault_nfs_map_output.yml'

Validate output map file

Open file 'triliovault_nfs_map_output.yml

vi triliovault_nfs_map_output.yml

available in the current directory and validate that all compute nodes are covered with all the necessary NFS shares.

Append this output map file to 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Validate the changes in file triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml

Include the environment file (trilio_nfs_map.yaml) in overcloud deploy command with '-e' option as shown below.

Ensure that MultiIPNfsEnabled is set to true in trilio_env.yaml file and that NFS is used as the backup target.

6] Fill in Trilio environment details

Fill Trilio details in the file /home/stack/triliovault-cfg-scripts/redhat-director-scripts/tripleo-train/environments/trilio_env.yaml, triliovault environment file is self-explanatory. Fill in details of the backup target, verify image URLs, and other details.

NFS options for Cohesity NFS : nolock,soft,timeo=600,intr,lookupcache=none,nfsvers=3,retrans=10

7] Install Trilio on Overcloud

Use the following heat environment file and roles data file in overcloud deploy command

trilio_env.yaml: This environment file contains Trilio backup target details and Trilio container image locations
roles_data.yaml: This file contains overcloud roles data with Trilio roles added.
Use the correct trilio endpoint map file as per your keystone endpoint configuration. - Instead of tls-endpoints-public-dns.yaml this file, use ‘environments/trilio_env_tls_endpoints_public_dns.yaml’ - Instead of tls-endpoints-public-ip.yaml this file, use ‘environments/trilio_env_tls_endpoints_public_ip.yaml’ - Instead of tls-everywhere-endpoints-dns.yaml

Deploy command with triliovault environment file looks like the following.

Post deployment for multipath enabled environment, log into respective datamover container and add uxsock_timeout with value as 60000 (i.e. 60 sec) in /etc/multipath.conf. Restart datamover container

8] Verify the deployment

If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. Please recheck if you followed the complete documentation.

8.1] On the Controller node

Make sure Trilio dmapi and horizon containers are in a running state and no other Trilio container is deployed on controller nodes. When the role for these containers is not "controller" check on respective nodes according to configured roles_data.yaml.

Verify the haproxy configuration under:

8.2] On Compute node

Make sure Trilio datamover container is in running state and no other Trilio container is deployed on compute nodes.

8.3] On the node with Horizon service

Make sure horizon container is in running state. Please note that 'Horizon' container is replaced with Trilio Horizon container. This container will have the latest OpenStack horizon + Trilio's horizon plugin.

10] Troubleshooting for overcloud deployment failures

Trilio components will be deployed using puppet scripts.

In case of the overcloud deployment fails do the following command to provide the list of errors. The following document also provides valuable insights:

Configuring Trilio

Learn about configuring Trilio for OpenStack

The configuration process used by Trilio for OpenStack heavily utilizes Ansible scripts. In recent years, Ansible has emerged as a leading tool for configuration management, due to which Trilio makes extensive use of Ansible playbooks to effectively configure the Trilio cluster. To address any potential Trilio configuration issues, it's crucial for users to have a fundamental understanding of Ansible playbook output.

Given the inherent repeatability of Ansible modules, the Trilio configuration can be run as many times as needed to alter or reconfigure the Trilio cluster.

Upon booting the VM, direct your browser (preferably Chrome or Firefox) to the Trilio node's IP address. This will take you to the Trilio Dashboard, which houses the Trilio configurator.

The user is: admin The default password is: password

After the first login, you will be prompted to change the admin password.

Unlike previous versions of Trilio, the current version only requires you to configure the cluster once and the Trilio dashboard provides cluster-wide management capability.

Uploading the OpenStack certificate bundle

OpenStack endpoints can be configured to use TLS. In such a configuration the Trilio appliance needs to trust the certificates provided by the OpenStack endpoints.

To achieve this trust it is required to upload the OpenStack certificate bundle through the OS API certificate tab of the Trilio appliance Dashboard.

The certificate bundle is located on the controller nodes of the OpenStack installation.

The default paths for each distribution are as follows:

The uploaded certificates can be verified on the Trilio appliance at the following location.

Details needed for the Trilio Appliance

Once you log in to an unconfigured Trilio Appliance, the first page you encounter is the configurator. This tool needs specific details about the Trilio Appliance, OpenStack, and Backup Storage to proceed.

Trilio Cluster information

The Trilio Cluster must integrated into an existing OpenStack environment. The following fields ask for the details of your Trilio Cluster.

Controller Nodes
- This is the list of Trilio virtual appliance IP addresses along with their hostnames.
- Format: comma-separated list with pairs combined through '='

The Trilio Cluster supports only 1 node and 3 node clusters.

Virtual IP Address
- This is the Trilio cluster IP address which is mandatory
- Format: IP/Subnet
- Example: 172.20.4.150/24

The Virtual IP is mandatory even for single-node clusters and has to be different from any IP assigned to a Trilio Controller Node.

Name Server
- List of nameservers, primarily used to resolve OpenStack service endpoints.
- Format: comma-separated list
- example: 10.10.10.1,172.20.4.1

If defining OpenStack endpoint hostnames in the /etc/hosts file on the Trilio Applicance VM is preferred over a DNS solution you may set the nameserver to 0.0.0.0, the default gateway.

Domain Search Order
- The domain the Trilio Cluster will use.
- Format: comma-separated list
- example: trilio.io,trilio.demo

OpenStack Credentials information

The Trilio Appliance integrates with one OpenStack environment. The following fields ask for the information required to access and connect with the OpenStack Cluster.

Keystone URL
- The Keystone endpoint used to fetch authentication for configuration
- format: URL
- example: https://keystone.trilio.io:5000/v3

When FQDNs are used for the Keystone endpoints it is necessary to configure at least one DNS server before the configuration.

Absent a DNS server, the IPs should be defined in the /etc/hosts file on the Trilio Appliance, and the nameserver should be set to 0.0.0.0.

Otherwise, the validation of the Openstack Credentials will fail.

Domain ID
- domain the provided user and tenant are located in
- format: ID
- example: default

Trilio requires domain admin role access. To provide domain admin role to a user, the following command can be used:

openstack role add --domain <domain id> --user <username> admin

The Trilio configurator verifies after every entry if it is possible to login into Openstack using the provided credentials.

This verification will fail until all entries are set and correct.

When the verification is successful it is possible to choose the Admin tenant, the Region, and the Trustee role without error.

Admin Tenant
- The tenant to be used together with the provided user
- format: a pre-populated list
- example: admin

When leveraging OpenStack Barbican for protecting encrypted volumes and offering encrypted backups, it's essential that the Trustee Role is assigned as 'Creator' or a role that possesses equivalent permissions to the Creator role.

This is crucial because only the Creator role has the authority to create, read, and delete secrets within Barbican. The generation of encryption-enabled workloads would be unsuccessful if the Trustee Role does not possess the permissions associated with the 'Creator' role.

Backup Storage Configuration information

These fields request information about the backup target that the Trilio installation will use to store your backups.

OpenStack Distribution
- Select the Distribution of OpenStack for Trilio integration
- format: predefined list
- example: RHOSP

Some distributions of OpenStack require a special mount point to be used, so make the OpenStack Distribution selection carefully.

Backup Storage
- Defines the Backup Storage protocol to use
- format: predefined list of radio buttons
- example: NFS

Using the NFS protocol

NFS Export
- The path under which the NFS Volumes to be used can be found
- format: comma-separated list of NFS Volumes paths
- example: 10.10.2.20:/upstream,10.10.5.100:/nfs2

On Cohesity NFS if Input/Output errors are observed then try increasing timeout and retrans parameter value in NFS options

Please use the predefined NFS Options and only change them when it is know that changes are necessary.

Trilio is testing against the predefined NFS options.

Using the S3 protocol

S3 Compatible
- Switch between Amazon and other S3 compatible storage solutions
- format: predefined list
- example: Amazon S3

Using a Secured HTTPS Endpoint for Non-AWS S3 Storage

When using a secure HTTPS endpoint for non-AWS S3 storage (for example Ceph), you should validate the Certificate Authority (CA) by uploading the corresponding CA certificate. The certificate can be uploaded in the "OS API Certificate" section, under the "Upload Client Certificate" subsection, as explained in .

Workload Import

Check this box in case of reinitialization or reinstallation of the Trilio Appliance to import all matching Workloads located on the provided Backup Target.

Workloads that are not assigned to an existing tenant will fail to import and need to be manually once the configuration is done.

Advanced settings

At the end of the configurator is the option to activate advanced settings.

Activating this option provides the ability to configure the Keystone endpoints used for the Datamover API and Trilio.

Setup Trilio and Datamover API endpoints.

Trilio generates Keystone endpoints for 2 services. The Trilio Datamover API and the Trilio Workloadmanager.

OpenStack installations typically distribute endpoint types across various networks.

The advanced settings for both the Datamover API endpoints and TrilioWorkloadManager endpoints enable Trilio configuration options which allow the user to accommodate for such an environment.

IP addresses supplied in these fields are added as additional VIPs to the Trilio cluster.

Should a Fully Qualified Domain Name (FQDN) be used for those endpoints, the Trilio configurator will resolve the FQDN, subsequently identifying the associated IP addresses, which are then added as additional Virtual IP addresses (VIPs).

It is recommended to verify the Datamover API settings against the ones configured during the installation of the Trilio components.

Should these endpoints already exist in Keystone, their values will be prefilled and immutable. If changes are necessary, you must first remove the old Keystone endpoints.

Providing a URL with https activates the TLS enabled configuration, which requires the upload of certificates and the connected private key.

Set up an external database

Trilio allows the use of an external MySQL or MariaDB database.

This database needs to be prepared by creating the empty workloadmgr database, creating the workloadmgr user and setting the right permissions.

An example command to create this database would be:

Provide the connection string to the Trilio configurator.

The database value can only be set upon an initial configuration of the Trilio solution.

When the Cluster has been configured to use the internal database, then the connection string will not be shown in the next configuration attempt.

In the case of an external database, the connection string will be shown but is immutable.

Define the Trilio service user password

Trilio is using a service user that is located in the OpenStack service project.

The password for this service user will be generated randomly or can be defined in the advanced settings.

Starting the configurator

Once all entries have been set and all validations are error-free the configurator can be started.

Click Finish
Reconfirm in the pop-up that you want to start the configuration
Wait for the configurator to finish

Some elements of the configuration take longer than others. Even when it looks like the configurator is stuck, please wait till the configurator finishes. Should the configurator not be finished after 6 hours have elapsed, please contact Trilio Support for assistance.

The configurator utilizes Ansible and Trilio internal API calls during the configuration process

Following each configuration block or upon completion of the entire configurator process, you have the opportunity to examine the output generated by Ansible.

At the end of a successful configuration, the page will be forwarded to the configured VIP for the Trilio Appliance.

Restart Trilio Services

In complex environments it is sometimes necessary to restart a single service or the complete solution. Rarely is restarting the complete node, where a service is running possible or even the ideal solution.

This page describes the services running by Trilio and how to restart those.

Trilio Appliance Services

The Trilio Appliance is the controller of Trilio. Most services on the Appliance are running in a High Availability mode on a 3-node cluster.

wlm-api

The wlm-api service takes the API calls against the Trilio Appliance. It is running in active-active mode on all nodes of the Trilio cluster.

To restart the wlm-api service run on each Trilio node:

wlm-scheduler

The wlm-scheduler service is taking job requests and identifies which Trilio node should take the request. It is running in active-active mode on all nodes of the Trilio cluster.

To restart the wlm-scheduler service run on each Trilio node:

wlm-workloads

The wlm-workloads service is the task worker of Trilio executing all jobs given to the Trilio node. It is running in active-active mode on all nodes of the Trilio cluster.

To restart the wlm-workloads service run on each Trilio node:

wlm-cron

The wlm-cron service is responsible for starting scheduled Backups according to the configurtation of Tenant Workloads. It is running in active-passive mode and controlled by the pacemaker cluster.

To restart the wlm-workloads service run on the Trilio node with VIP assigned:

VIP resources

The Trilio appliance is running 1 to 4 virtual IPs on the Trilio cluster. These are controlled by the pacemaker cluster and provided through NGINX.

To restart these resources the pacemaker NGINX resource is getting restarted:

RabbitMQ

The Trilio cluster is using RabbitMQ as messaging service. It is running in active-active mode on all nodes of the Trilio cluster.

RabbitMQ is a complex system in itself. This guide will only provide the basic commands to do a restart of a node and check the health of the cluster afterward. For complete documentation of how to restart RabbitMQ, please follow the .

To restart a RabbitMQ node run on each Trilio node:

It is recommended to wait for the node to rejoin and sync with the cluster before restarting another RabbitMQ node.

When the complete cluster is getting stopped and restarted it is important to keep the order of nodes in mind. The last node to be stopped needs to be the first node to be started.

Galera Cluster (MariaDB)

The Galera Cluster is managing the Trilio MariaDB database. It is running in active-active mode on all nodes of the Trilio cluster.

Galera Cluster is a complex system in itself. This guide will only provide the basic commands to do a restart of a node and check the health of the cluster afterward. For complete documentation of how to restart Galera clusters, please follow the .

When restarting Galera two different use-cases need to be considered:

Restarting a single node
Restarting the whole cluster

Restarting a single node

A single node can be restarted without any issues. It will automatically rejoin the cluster and sync against the remaining nodes.

The following commands will gracefully stop and restart the mysqld service.

After a restart will the cluster start the syncing process. Don't restart node after node to reach a complete cluster restart.

Check the cluster health after the restart.

Restarting the complete cluster

Restarting a complete cluster requires some additional steps as the Galera cluster is basically destroyed once all nodes have been shut down. It needs to be rebuild afterwards.

First gracefully shutdown the Galera cluster on all nodes:

The second step is to identify the Galera node with the latest dataset. This can be achieved by reading the grastate.dat file on the Trilio nodes.

When this documentation is followed the last mysqld service that got shut down will be the one with the latest dataset.

The value to check for are the seqno.

The node with the highest seqno is the node that contains the latest data. This node will also contain safe_to_bootstrap: 1 to indicate that the Galera cluster can be rebuild from this node.

On the identified node the new cluster is getting generated with the following command:

Running galera_new_cluster on the wrong node will lead to data loss as this command will set the node the command is issued on as the first node of the cluster. All nodes which join afterward will sync against the data of this first node.

After the command has been issued is the mysqld service running on this node. Now the other nodes can be restarted one by one. The started nodes will automatically rejoin the cluster and sync against the master node. Once a synced status has been reached is each node a primary node in the cluster.

Check the Cluster health after all services are up again.

Verify Health of the Galera Cluster

Verify the cluster health by running the following commands inside each Trilio MariaDB. The values returned from these statements have to be the same for each node.

Canonical workloadmgr container services

Canonical Openstack is not using the Trilio Appliance. In Canonical environments is the Trilio controller unit part of the JuJu deployment as workloadmgr container.

To restart the services inside this container the following commands are to be issued.

Single Node deployment

HA deployment

On all nodes:

On a single node:

Trilio dmapi service

The Trilio dmapi service is running on the Openstack controller nodes. Depending on the Openstack Distribution Trilio is installed on different commands are issued to restart the dmapi service.

RHOSP13

RHOSP13 is running the Trilio services as docker containers. The dmapi service can be restarted by issuing the following command on the host running the dmapi service.

RHOSP16

RHOSP16 is running the Trilio services as docker containers. The dmapi service can be restarted by issuing the following command on the host running the dmapi service.

Canonical

Canonical is running the Trilio services in JuJu controlled LXD containers. The dmapi service can be restarted by issuing the following command from the MASS node.

Kolla-Ansible Openstack

Kolla-Ansible Openstack is running the Trilio services as docker containers. The dmapi service can be restarted by issuing the following command on the host running the dmapi service.

Ansible Openstack

Ansible Openstack is running the Trilio services as LXD containers. The dmapi service can be restarted by issuing the following command on the host running the dmapi service.

Trilio datamover service (tvault-contego)

The Trilio datamover service is running on the Openstack compute nodes. Depending on the Openstack Distribution Trilio is installed on different commands are issued to restart the datamover service.

RHOSP13

RHOSP13 is running the Trilio services as docker containers. The datamover service can be restarted by issuing the following command on the compute node.

RHOSP16

RHOSP16 is running the Trilio services as docker containers. The datamover service can be restarted by issuing the following command on the compute node.

Canonical

Canonical is running the Trilio services in JuJu controlled LXD containers. The datamover service can be restarted by issuing the following command from the MASS node.

Kolla-Ansible Openstack

Kolla-Ansible Openstack is running the Trilio services as docker containers. The dmapi service can be restarted by issuing the following command on the host running the dmapi service.

Ansible Openstack

Ansible Openstack is running the Trilio datamover service directly on the compute node. The datamover service can be restarted by issuing the following command on.

Upgrading on TripleO Train [CentOS7]

1. Generic Pre-requisites

Please ensure following points before starting the upgrade process:
1. Either 4.1 GA OR any hotfix patch against 4.1 should be already deployed for performing upgrades mentioned in the current document.
2. No snapshot OR restore to be running.
3. Global job scheduler should be disabled.
4. wlm-cron should be disabled (on primary T4O node).
  1. pcs resource disable wlm-cron
  2. Check : systemctl status wlm-cron OR pcs resource show wlm-cron
  3. Additional step : To ensure that cron is actually stopped, search for any lingering processes against wlm-cron and kill them. [Cmd : ps -ef | grep -i workloadmgr-cron]

2. [On Undercloud node] Clone triliovault repo and upload trilio puppet module

Run all the commands with 'stack' user

2.1 Clone the latest configuration scripts

2.2 Backup target is “Ceph based S3” with SSL

If the backup target is Ceph S3 with SSL and SSL certificates are self-signed or authorized by private CA, then the user needs to provide a CA chain certificate to validate the SSL requests. For that, user needs to rename his CA chain cert file to 's3-cert.pem' and copy it into directory - 'triliovault-cfg-scripts/redhat-director-scripts/redhat-director-scripts/puppet/trilio/files'.

2.3 Upload triliovault puppet module

3. Prepare Trilio container images

In this step, we are going to pull triliovault container images to the user’s registry.

Trilio containers are pushed to ‘Dockerhub'. The registry URL is ‘docker.io’. Following are the triliovault container pull URLs.

Refer to the word <HOTFIX-TAG-VERSION> as 4.2.8 in the below sections

3.1 Trilio container URLs

Trilio container URLs for TripleO Train CentOS7:

There are two registry methods available in the TripleO Openstack Platform.

Remote Registry
Local Registry

Identify which method you are using. Below we have explained all three methods to pull and configure trilioVault's container images for overcloud deployment.

3.2 Remote Registry

If you are using the 'Remote Registry' method follow this section. You don't need to pull anything. You just need to populate the following container URLs in trilio env yaml.

Populate 'environments/trilio_env.yaml' file with triliovault container urls. Changes look like the following.

3.3 Registry on Undercloud

If you are using 'local registry' on undercloud, follow this section.

Run the following script. Script pulls the triliovault containers and updates the triliovault environment file with URLs.

## Above script pushes trilio container images to undercloud registry and sets correct trilio images URLs in ‘environments/trilio_env.yaml’. Verify the changes using the following command.

4. Configure multi-IP NFS

This section is only required when the multi-IP feature for NFS is required.

This feature allows to set the IP to access the NFS Volume per datamover instead of globally.

On Undercloud node, change directory

Edit file 'triliovault_nfs_map_input.yml' in the current directory and provide compute host and NFS share/ip map.

Get the compute hostnames from the following command. Check ‘Name' column. Use exact hostnames in 'triliovault_nfs_map_input.yml' file.

Run this command on undercloud by sourcing 'stackrc'.

Edit input map file and fill all the details. Refer to the for details about the structure.

vi triliovault_nfs_map_input.yml

Update pyyaml on the undercloud node only

If pip isn't available please install pip on the undercloud.

Expand the map file to create a one-to-one mapping of the compute nodes and the nfs shares.

The result will be in file - 'triliovault_nfs_map_output.yml'

Validate output map file

Open file 'triliovault_nfs_map_output.yml

vi triliovault_nfs_map_output.yml

available in the current directory and validate that all compute nodes are covered with all the necessary NFS shares.

Append this output map file to 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Validate the changes in file 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Include the environment file (trilio_nfs_map.yaml) in overcloud deploy command with '-e' option as shown below.

Ensure that MultiIPNfsEnabled is set to true in trilio_env.yaml file and that nfs is used as backup target.

5. Fill in triliovault environment details

Refer old 'trilio_env.yaml' - (/home/stack/triliovault-cfg-scripts-old/redhat-director-scripts/tripleo-train/environments/trilio_env.yaml) file and update new trilio_env.yaml file.
Fill triliovault details in file - '/home/stack/triliovault-cfg-scripts/redhat-director-scripts/tripleo-train/environments/trilio_env.yaml', triliovault environment file is self explanatory. Fill details of backup target, verify image urls and other details.

For Cohesity NFS format for NFS options : nolock,soft,timeo=600,intr,lookupcache=none,nfsvers=3,retrans=10

6. roles_data.yaml file changes

A new separate triliovault service is introduced in Trilio 4.2 release for Trilio Horizon plugin. User need to add following service to roles_data.yaml file and this service need to be co-located with openstack horizon service.

OS::TripleO::Services::TrilioHorizon

7. Install Trilio on Overcloud

Use the following heat environment file and roles data file in overcloud deploy command

trilio_env.yaml: This environment file contains Trilio backup target details and Trilio container image locations
roles_data.yaml: This file contains overcloud roles data with Trilio roles added. This file need not be changed, you can use the old role_data.yaml file
Use the correct trilio endpoint map file as per your keystone endpoint configuration. - Instead of tls-endpoints-public-dns.yaml this file, use ‘environments/trilio_env_tls_endpoints_public_dns.yaml’ - Instead of tls-endpoints-public-ip.yaml this file, use ‘environments/trilio_env_tls_endpoints_public_ip.yaml’ - Instead of tls-everywhere-endpoints-dns.yaml

Deploy command with triliovault environment file looks like following.

8. Steps to verify correct deployment

8.1 On overcloud controller node(s)

Make sure Trilio dmapi and horizon containers(shown below) are in a running state and no other Trilio container is deployed on controller nodes. If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. You need to revisit the above steps

8.2 On overcloud compute node(s)

Make sure the Trilio datamover container (shown below) is in a running state and no other Trilio container is deployed on compute nodes. If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. You need to revisit the above steps.

8.3 On OpenStack node where OpenStack Horizon Service is running

Make sure the horizon container is in a running state. Please note that the 'Horizon' container is replaced with the Trilio Horizon container. This container will have the latest OpenStack horizon + Trilio's horizon plugin

9. Troubleshooting if any failures

Trilio components will be deployed using puppet scripts.

In case of the overcloud deployment failing do the following command provide the list of errors. The following document also provides valuable insights:

10. Known Issues/Limitations

10.1 Overcloud deploy fails with the following error. Valid for Train CentOS7 only.

This is not a Trilio issue. It’s a TripleO issue that is not fixed in Train Centos7. This is fixed in higher versions of TripleO.

Undercloud jobs puppet task ertmonger_certificate[haproxy-external-cert] fails with Unrecognized parameter or wrong value type

Workaround:

APPLY the fix directly on the setup. It's not merged in train centos7. PR: Need fix in on controller and compute nodes /usr/share/openstack-puppet/modules/certmonger/lib/puppet/provider/certmonger_certificate/certmonger_certificate.rb

11. Enable mount-bind for NFS

Note : Below mentioned steps required only if target backend is NFS.

Please referfor detailed steps to setup mount bind.

Upgrading on Canonical OpenStack

Learn about upgrading Trilio on Canonical OpenStack

Trilio supports the upgrade of charms and Trilio components from older releases (4.0 onwards) to the latest release. More information about the latest 4.2 Trilio charms for the Trilio-4.2 release can be found here.

The following charms exist:

trilio-wlm ➡️ Installs and manages Trilio Controller services.
trilio-dm-api ➡️Installs and manages the Trilio Datamover API service.
➡️ Installs and manages the Trilio Datamover service.
➡️ Installs and manages the Trilio Horizon Plugin.

The documentation of the charms can be found here:

The following steps have been tested and verified within Trilio environments. There have been cases where these steps updated all packages inside the LXC containers, leading to failures in basic OpenStack services.

It is recommended to run each of these steps in dry-run first.

When any other packages but Trilio packages are getting updated, stop the upgrade procedure and contact your Trilio customer success manager.

Upgrading the Trilio Charms

More detailed information about the latest 4.2 Trilio charms for the Trilio-4.2 release can be found .

Upgrading the Trilio Charms up to OpenStack Wallaby release

Follow the steps mentioned in this to upgrade the charms to the latest 4.2 charms before upgrading the Trilio packages.

Upgrading the Trilio Charms to OpenStack Yoga release onwards

Follow the steps mentioned below to upgrade the charms to the latest 4.2 charms before upgrading the Trilio packages.

General Prerequisites

No snapshot OR restore are to be running during this process.
Global job scheduler should be disabled

1. Upgrade juju charms

juju [-m <model>] upgrade-charm trilio-wlm --switch trilio-charmers-trilio-wlm-focal --channel latest/edge

juju [-m <model>] upgrade-charm trilio-horizon-plugin --switch trilio-charmers-trilio-horizon-plugin-focal --channel latest/edge

juju [-m <model>] upgrade-charm trilio-dm-api --switch trilio-charmers-trilio-dm-api-focal --channel latest/edge

juju [-m <model>] upgrade-charm trilio-data-mover --switch trilio-charmers-trilio-data-mover-focal --channel latest/edge

2. Wait till all trilio units are active/idle then Restart all the trilio services

juju [-m <model>] exec --application trilio-dm-api "sudo systemctl restart tvault-datamover-api"

juju [-m <model>] exec --application trilio-data-mover "sudo systemctl restart tvault-contego"

juju [-m <model>] exec --application trilio-horizon-plugin "sudo systemctl restart apache2"

3. Select Single Node or HA steps as appropriate to restart services

For setup with single node wlm unit

juju [-m <model>] exec --application trilio-wlm "sudo systemctl restart wlm-api wlm-scheduler wlm-workloads wlm-cron"

For setups with 3 node HA enabled wlm

juju [-m <model>] exec --application trilio-wlm "systemctl restart wlm-api wlm-scheduler wlm-workloads"

juju [-m <model>] exec --unit trilio-wlm/leader "sudo crm resource restart res_trilio_wlm_wlm_cron"

4. Ensure that wlm-cron is only running on a single Unit in the output of this command

juju [-m <model>] exec --application trilio-wlm "sudo systemctl status wlm-cron"

If wlm-cron is running in more than one unit, or nowhere at all, this can be fixed by following the below steps:

juju [-m <model>] exec --unit trilio-wlm/leader "sudo crm resource stop res_trilio_wlm_wlm_cron" juju [-m <model>] exec --application trilio-wlm "sudo systemctl stop wlm-cron" juju [-m <model>] exec --application trilio-wlm "sudo ps -ef | grep workloadmgr-cron | grep -v grep"

juju [-m <model>] exec --unit trilio-wlm/leader "sudo crm resource start res_trilio_wlm_wlm_cron" juju [-m <model>] exec --application trilio-wlm "sudo systemctl status wlm-cron"

wlm-cron service should only be running in a single Juju Unit and not running in the other two.

5. Check upgraded juju charm & trilio services

Check the trilio unit's status in juju status [-m <model>] | grep trilio output.

All the trilio units will be reporting the new juju charm version.

trilio-data-mover 4.2.64.26 active 3 trilio-charmers-trilio-data-mover-jammy latest/edge 4 no Unit is ready trilio-dm-api 4.2.64.2 active 1 trilio-charmers-trilio-dm-api-jammy latest/edge 2 no Unit is ready trilio-horizon-plugin 4.2.64.5 active 1 trilio-charmers-trilio-horizon-plugin-jammy latest/edge 4 no Unit is ready trilio-wlm 4.2.64.20 active 1 trilio-charmers-trilio-wlm-jammy latest/edge 3 no Unit is ready

6. Check that all Trilio services are running

juju [-m <model>] exec --application trilio-dm-api "sudo systemctl status tvault-datamover-api"

juju [-m <model>] exec --application trilio-data-mover "sudo systemctl status tvault-contego"

juju [-m <model>] exec --application trilio-horizon-plugin "sudo systemctl status apache2"

juju [-m <model>] exec --application trilio-wlm "sudo systemctl status wlm-api wlm-scheduler wlm-workloads wlm-cron"

Next move on the Updating the Trilio packages.

Upgrading the Trilio packages

Trilio is releasing hotfixes, which require updating the packages inside the containers. These hotfixes can not be installed using the Juju charms as they don't require an update to the charms.

Generic Prerequisites

Trilio packages can be upgraded after deployment. Trilio supports upgrade to the latest 4.2 releases from as old as the Trilio 4.0 release.
No snapshot OR restore are to be running during this process.
Global job scheduler should be disabled.
wlm-cron should be disabled ( Following sets of commands are to be run on MAAS node).

Stop the wlm-cron service

Ensure that no stale wlm-cron processes exist

If any stale process are found, they should be stopped manually.

Upgrade package on trilio units

The deployed Trilio version is controlled by the triliovault-pkg-source charm configuration option.

The gemfury repository should be accessible from all Trilio units. For each trilio charm, it should be pointing to the following Gemfury repository:

This can be checked via juju [-m ] config trilio-wlm triliovault-pkg-source command output.

The preferred, recommended, and tested method to update the packages is through the Juju command line.

Run the below commands from MAAS node

On Ubuntu Bionic environments

On other (not Ubuntu Bionic) environments

Check the trilio unit's status in `juju status [-m ] | grep trilio` output. All the trilio units will be with the new packages.

Update the DB schema

Run the below command to update the schema

Check the schema head with below command. It should point to latest schema head.

Enable mount-bind for NFS

T4O 4.2 is changing how the mount point is calculated. It is required to setup a mount bind to make T4O 4.1 or older backups available.

Please referfor detailed steps to set up the mount bind.

Post-Upgrade steps

If the trilio-wlm nodes are HA enabled:
1. Make sure the wlm-cron services are down after the pkg upgrade. Run the following command for the same:

Unset the cluster maintenance mode

Make sure the wlm-cron service up and running on any one node.

Set the Global Job Scheduler to the original state.

Troubleshooting

If any trilio unit gets into an error state with the message :

hook failed: "update-status"

One of the reasons could be the package installation did not finish correctly. One way to verify that is by logging into that unit and following the below steps;

Upgrading on RHOSP

0] Pre-requisites

Please ensure the following points are met before starting the upgrade process:

No Snapshot or Restore is running
Global job scheduler is disabled
wlm-cron is disabled on the Trilio Appliance

Deactivating the wlm-cron service

The following sets of commands will disable the wlm-cron service and verify that it is has been completely shut-down.

1] [On Undercloud node] Clone latest Trilio repository and upload Trilio puppet module

All commands need to be run as user 'stack' on undercloud node

1.1] Clone Trilio cfg scripts repository

Separate directories are created as per Redhat OpenStack release under 'triliovault-cfg-scripts/redhat-director-scripts/' directory. Use all scripts/templates from respective directory. For ex, if your RHOSP release is 13, then use scripts/templates from 'triliovault-cfg-scripts/redhat-director-scripts/rhosp13' directory only.

Available RHOSP_RELEASE___DIRECTORY values are:

rhosp13 rhosp16.1 rhosp16.2 rhosp17.0

1.2] If backup target type is 'Ceph based S3' with SSL:

If your backup target is ceph S3 with SSL and SSL certificates are self signed or authorized by private CA, then user needs to provide CA chain certificate to validate the SSL requests. For that, user needs to rename his ca chain cert file to 's3-cert.pem' and copy it into the puppet directory of the right release.

2] Upload Trilio puppet module

3] Update overcloud roles data file to include Trilio services

Trilio has two services as explained below. You need to add these two services to your roles_data.yaml. If you do not have customized roles_data file, you can find your default roles_data.yaml file at /usr/share/openstack-tripleo-heat-templates/roles_data.yaml on undercloud.

You need to find that role_data file and edit it to add the following Trilio services.

i) Trilio Datamover Api Service:

Service Entry in roles_data yaml: OS::TripleO::Services::TrilioDatamoverApi

This service needs to be co-located with database and keystone services. That said, you need to add this service on the same role as of keystone and database service.

Typically this service should be deployed on controller nodes where keystone and database runs. If you are using RHOSP's pre-defined roles, you need to addOS::TripleO::Services::TrilioDatamoverApiservice to Controller role.

ii) Trilio Datamover Service: Service Entry in roles_data yaml: OS::TripleO::Services::TrilioDatamover This service should be deployed on role where nova-compute service is running.

If you are using RHOSP's pre-defined roles, you need to add our OS::TripleO::Services::TrilioDatamover service to Compute role.

If you have defined your custom roles, then you need to identify the role name where in 'nova-compute' service is running and then you need to add 'OS::TripleO::Services::TrilioDatamover' service to that role.

iii) Trilio Horizon Service:

This service needs to share the same role as the OpenStack Horizon server. In the case of the pre-defined roles will the Horizon service run on the role Controller. Add the following to the identified role OS::TripleO::Services::TrilioHorizon

4] Prepare latest Trilio container images

All commands need to be run as user 'stack'

Trilio containers are pushed to 'RedHat Container Registry'. Registry URL is ''. The Trilio container URLs are as follows:

Refer to the word <HOTFIX-TAG-VERSION> as 4.2.8 in the below sections

4.1] available container images

RHOSP 13

RHOSP 16.1

RHOSP 16.2

RHOSP 17.0

There are three registry methods available in RedHat Openstack Platform.

Remote Registry
Local Registry
Satellite Server

4.2] Remote Registry

Please refer to the to see which containers are available.

Follow this section when 'Remote Registry' is used.

For this method it is not necessary to pull the containers in advance. It is only necessary to populate the trilio_env.yaml file with the Trilio container URLs from Redhat registry.

Populate the trilio_env.yaml with container URLs for:

Trilio Datamover container
Trilio Datamover api container
Trilio Horizon Plugin

trilio_env.yaml will be available in __triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments

Example

4.2] Local Registry

Please refer to the to see which containers are available.

Follow this section when 'local registry' is used on the undercloud.

In this case it is necessary to push the Trilio containers to the undercloud registry. Trilio provides shell scripts which will pull the containers from 'registry.connect.redhat.com' and push them to the undercloud and updates the trilio_env.yaml.

RHOSP13 example

RHOSP 16.1, RHOSP16.2 and RHOSP17.0 example

The changes can be verified using the following commands.

4.3] Red Hat Satellite Server

Please refer to the to see which containers are available.

Follow this section when a Satellite Server is used for the container registry.

Pull the Trilio containers on the Red Hat Satellite using the given

Populate the trilio_env.yaml with container urls.

RHOSP 13 example

RHOSP 16.1, RHOSP 16.2 and RHOSP 17.0

5. Verify Trilio environment details

It is recommended to re-populate the backup target details in the freshly downloaded trilio_env.yaml file. This will ensure that parameters that have been added since the last update/installation of Trilio are available and will be filled out too.

Locations of the trilio_env.yaml:

For more details about the trilio_env.yaml please check .

6] Configure multi-IP NFS

This section is only required when the multi-IP feature for NFS is required.

This feature allows to set the IP to access the NFS Volume per datamover instead of globally.

On Undercloud node, change directory

Edit file 'triliovault_nfs_map_input.yml' in the current directory and provide compute host and NFS share/ip map.

Get the compute hostnames from the following command. Check ‘Name' column. Use exact hostnames in 'triliovault_nfs_map_input.yml' file.

Run this command on undercloud by sourcing 'stackrc'.

Edit input map file and fill all the details. Refer to the for details about the structure.

vi triliovault_nfs_map_input.yml

Update pyyaml on the undercloud node only

If pip isn't available please install pip on the undercloud.

Expand the map file to create a one-to-one mapping of the compute nodes and the nfs shares.

The result will be in file - 'triliovault_nfs_map_output.yml'

Validate output map file

Open file 'triliovault_nfs_map_output.yml

vi triliovault_nfs_map_output.yml

available in the current directory and validate that all compute nodes are covered with all the necessary NFS shares.

Append this output map file to 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Validate the changes in file 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Include the environment file (trilio_nfs_map.yaml) in overcloud deploy command with '-e' option as shown below.

Ensure that MultiIPNfsEnabled is set to true in trilio_env.yaml file and that nfs is used as backup target.

7] Update Overcloud Trilio components

Use the following heat environment file and roles data file in overcloud deploy command:

trilio_env.yaml
roles_data.yaml
Use correct Trilio endpoint map file as per available Keystone endpoint configuration

To include new environment files use '-e' option and for roles data file use '-r' option. An example overcloud deploy command is shown below:

8] Verify deployment

If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. Please recheck if you followed the complete documentation.

8.1] On Controller node

8.2] On Compute node

Make sure Trilio datamover container is in running state and no other Trilio container is deployed on compute nodes.

8.3] On the node with Horizon service

Make sure horizon container is in running state. Please note that 'Horizon' container is replaced with Trilio Horizon container. This container will have latest OpenStack horizon + Trilio's horizon plugin.

If Trilio Horizon container is in restarted state on RHOSP 16.1.8/RHSOP 16.2.4 then use below workaroud

9] Enable mount-bind for NFS

T4O 4.2 has changed the calculation of the mount point. It is necessary to set up the mount-bind to make T4O 4.1 or older backups available for T4O 4.2

Please follow to set up the mount bind for RHOSP.

Upgrading on Kolla OpenStack

Trilio supports the upgrade of Trilio-Openstack components from any of the older releases (4.1 onwards) to the latest 4.2 hotfix releases without ripping up the older deployments.

Refer to the below-mentioned acceptable values for the placeholders kolla_base_distro and ** triliovault_tag** in this document as per the Openstack environment:

Openstack Version

triliovault_tag

kolla_base_distro

1] Pre-requisites

Please ensure the following points are met before starting the upgrade process:

Either 4.1 or 4.2 GA OR any hotfix patch against 4.1/4.2 should be already deployed
No Snapshot OR Restore is running
Global job scheduler should be disabled
wlm-cron is disabled on the primary Trilio Appliance

1.1] Deactivating the wlm-cron service

The following sets of commands will disable the wlm-cron service and verify that it has been completly shut-down.

2] Clone latest configuration scripts

Before the latest configuration script is loaded it is recommended to take a backup of the existing config scripts' folder & Trilio ansible roles. The following command can be used for this purpose:

Clone the latest configuration scripts of the required branch and access the deployment script directory for Kolla Ansible Openstack.

Copy the downloaded Trilio ansible role into the Kolla-Ansible roles directory.

3] Append Trilio variables

3.1] Clean old Trilio variables and append new Trilio variables

This step is not always required. It is recommended to comparetriliovault_globals.ymlwith the Trilio entries in the/etc/kolla/globals.ymlfile.

In case of no changes, this step can be skipped.

This is required, in case of some variable names changed, some new variables have been added, or old variables removed in the latest triliovault_globals.yml they need to be updated in /etc/kolla/globals.yml file.

3.2] Clean old Trilio passwords and append new Trilio password variables

This step is not always required. It is recommended to comparetriliovault_passwords.ymlwith the Trilio entries in the/etc/kolla/passwords.ymlfile.

In case of no changes, this step can be skipped.

This step is required, when some password variable names have been added, changed, or removed in the latest triliovault_passwords.yml. In this case, the /etc/kolla/passwords.yml needs to be updated.

3.3] Append triliovault_site.yml content to kolla ansible's site.yml

This step is not always required. It is recommended to comparetriliovault_site.ymlwith the Trilio entries in the/usr/local/share/kolla-ansible/ansible/site.ymlfile.

In case of no changes, this step can be skipped.

This is required because, in case of some variable names changed, some new variables have been added, or old variables removed in the latest triliovault_site.yml they need to be updated in /usr/local/share/kolla-ansible/ansible/site.yml file.

3.4] Append triliovault_inventory.txt to the kolla-ansible inventory file

This step is not always required. It is recommended to comparetriliovault_inventory.yml ith the Trilio entries in the/root/multinodefile.

In case of no changes, this step can be skipped.

By default, the triliovault-datamover-api service gets installed on ‘control' hosts and the trilio-datamover service gets installed on 'compute’ hosts. You can edit the T4O groups in the inventory file as per your cloud architecture.

T4O group names are ‘triliovault-datamover-api’ and ‘triliovault-datamover’

4] Configure multi-IP NFS as Trilio backup target

This step is only required when the multi-IP NFS feature is used to connect different datamovers to the same NFS volume through multiple IPs

On kolla-ansible server node, change directory

Edit file 'triliovault_nfs_map_input.yml' in the current directory and provide compute host and NFS share/ip map.

If IP addresses are used in the kolla-ansible inventory file then you should use same IP addresses in 'triliovault_nfs_map_input.yml' file too. If you used hostnames there then you need to use same hostnames here in nfs map input file.

Compute host names or IP addresses that you are using in nfs map input file here should match with kolla-ansible inventory file entries.

vi triliovault_nfs_map_input.yml

The triliovault_nfs_map_input.yml is explained .

Update PyYAML on the kolla-ansible server node only

Expand the map file to create a one-to-one mapping of compute and NFS share.

The result will be in file - 'triliovault_nfs_map_output.yml'

Validate output map file

Open file 'triliovault_nfs_map_output.yml

vi triliovault_nfs_map_output.yml

available in the current directory and validate that all compute nodes are covered with all necessary NFS shares.

Append this output map file to triliovault_globals.yml File Path: /home/stack/triliovault-cfg-scripts/kolla-ansible/ansible/triliovault_globals.yml

Ensure to set multi_ip_nfs_enabled in _`_triliovault_globals.yml` file to yes

A new parameter is added to triliovault_globals.yml , set this parameter value to 'yes' if backup target NFS supports multiple endpoints/IPs. File Path: '/home/stack/triliovault-cfg-scripts/kolla-ansible/ansible/triliovault_globals.yml’ multi_ip_nfs_enabled: 'yes'
Later append triliovault_globals.yaml file to /etc/kolla/globals.yml

5] Edit globals.yml to set T4O parameters

Edit /etc/kolla/globals.yml file to fill triliovault backup target and build details. You will find the triliovault related parameters at the end of globals.yml. The user needs to fill in details like triliovault build version, backup target type, backup target details, etc.

Following is the list of parameters that the user needs to edit.

Parameter

Defaults/choices

comments

6] Enable T4O Snapshot mount feature

This step is already part of the 4.2 GA installation procedure and should only be verified.

To enable Trilio's Snapshot mount feature it is necessary to make the Trilio Backup target available to the nova-compute and nova-libvirt containers.

Edit /usr/local/share/kolla-ansible/ansible/roles/nova-cell/defaults/main.yml and find nova_libvirt_default_volumes variable. Append the Trilio mount bind /var/trilio:/var/trilio:shared to the list of already existing volumes.

For a default Kolla installation, will the variable look as follows afterward:

Next, find the variable nova_compute_default_volumes in the same file and append the mount bind /var/trilio:/var/trilio:shared to the list.

After the change will the variable look for a default Kolla installation as follows:

In the case of using Ironic compute nodes one more entry needs to be adjusted in the same file. Find the variable nova_compute_ironic_default_volumes and append trilio mount /var/trilio:/var/trilio:shared to the list.

After the changes the variable will look like the following:

7] Pull containers in case of private repository

In case, the user doesn’t want to use the docker hub registry for triliovault containers during cloud deployment, then the user can pull triliovault images before starting cloud deployment and push them to other preferred registries.

Following are the triliovault container image URLs for 4.2 releases. Replace kolla_base_distro and triliovault_tag variables with their values.

This {{ kolla_base_distro }} variable can be either 'centos' or 'ubuntu' depends on your base OpenStack distro This {{ triliovault_tag }} is mentioned at the start of this document.

Trilio supports the Source-based containers from the OpenStack Yoga release **** onwards.

Below are the Source-based OpenStack deployment images

Below are the Binary-based OpenStack deployment images

8] Pull T4O container images

Activate the login into dockerhub for Trilio tagged containers.

Please get the Dockerhub login credentials from Trilio Sales/Support team

Run the below command from the directory with the multinode file tull pull the required images.

9] Run Kolla-Ansible upgrade command

Run the below command from the directory with the multinode file to start the upgrade process.

10] Verify Trilio deployment

Verify on the nodes that are supposed to run the Trilio containers, that those are available and healthy.

11] Advance settings/configuration for Trilio services

11.1] Customize HAproxy configuration parameters for Trilio datamover api service

Following are the default haproxy conf parameters set against triliovault datamover api service.

These values work best for triliovault dmapi service. It’s not recommended to change these parameter values. However, in some exceptional cases, If needed to change any of the above parameter values then same can be done on kolla-ansible server in the following file.

After editing, run kolla-ansible deploy command again to push these changes to openstack cloud.

Post kolla-ansible deploy, to verify the changes, please check following file, available on all controller/haproxy nodes.

12] Enable mound-bind for NFS

T4O 4.2 is changing the calculation for the mount point hash value when using NFS backups.

Please follow to ensure that Backups taken from T4O 4.1 or older can be used with T4O 4.2.

Installing on Kolla Openstack

This page lists all steps required to deploy Trilio components on Kolla-ansible deployed OpenStack cloud.

1] Plan for Deployment

Please ensure that the Trilio Appliance has been updated to the latest maintenance release before continuing the installation.

Refer to the below-mentioned acceptable values for the placeholders triliovault_tag and ``` **kolla_base_distro`** , in this document as per the Openstack environment:

Openstack Version

triliovault_tag

kolla_base_distro

1.1] Select backup target type

Backup target storage is used to store backup images taken by Trilio and details needed for configuration:

Following backup target types are supported by Trilio. Select one of them and get it ready before proceeding to the next step.

a) NFS

Need NFS share path

b) Amazon S3

- S3 Access Key - Secret Key - Region - Bucket name

c) Other S3 compatible storage (Like, Ceph based S3)

- S3 Access Key - Secret Key - Region - Endpoint URL (Valid for S3 other than Amazon S3) - Bucket name

2] Clone Trilio Deployment Scripts

Clone triliovault-cfg-scripts GitHub repository on Kolla ansible server at '/root' or any other directory of your preference. Afterwards, copy Trilio Ansible role into Kolla-ansible roles directory

3] Hook Trilio deployment scripts to Kolla-ansible deploy scripts

3.1] Add Trilio global variables to globals.yml

3.2] Add Trilio passwords to kolla passwords.yaml

Append triliovault_passwords.yml to /etc/kolla/passwords.yml. Passwords are empty. Set these passwords manually in the /etc/kolla/passwords.yml.

3.3] Append Trilio site.yml content to kolla ansible’s site.yml

3.4] Append triliovault_inventory.txt to your cloud’s kolla-ansible inventory file.

3.5] Configure multi-IP NFS

This step is only required when the multi-IP NFS feature is used to connect different datamovers to the same NFS volume through multiple IPs

On kolla-ansible server node, change directory

Edit file 'triliovault_nfs_map_input.yml' in the current directory and provide compute host and NFS share/ip map.

Compute host names or IP addresses that you are using in nfs map input file here should match with kolla-ansible inventory file entries.

vi triliovault_nfs_map_input.yml

The triliovault_nfs_map_imput.yml is explained .

Update PyYAML on the kolla-ansible server node only

Expand the map file to create one to one mapping of compute and nfs share.

Result will be in file - 'triliovault_nfs_map_output.yml'

Validate output map file

Open file 'triliovault_nfs_map_output.yml

vi triliovault_nfs_map_output.yml

available in the current directory and validate that all compute nodes are covered with all necessary nfs shares.

Append this output map file to 'triliovault_globals.yml' File Path: '/home/stack/triliovault-cfg-scripts/kolla-ansible/ansible/triliovault_globals.yml’

Ensure to set multi_ip_nfs_enabled in __ triliovault_globals.yml file to yes

4] Edit globals.yml to set Trilio parameters

Edit /etc/kolla/globals.yml file to fill Trilio backup target and build details. You will find the Trilio related parameters at the end of globals.yml file. Details like Trilio build version, backup target type, backup target details, etc need to be filled out.

Following is the list of parameters that the usr needs to edit.

Parameter

Defaults/choices

comments

In the case of a different registry than docker hub, Trilio containers need to be pulled from docker.io and pushed to preferred registries.

Following are the triliovault container image URLs for 4.2 releases**.** Replace kolla_base_distro and triliovault_tag variables with their values.\

This {{ kolla_base_distro }} variable can be either 'centos' or 'ubuntu' depends on your base OpenStack distro

Trilio supports the Source-based containers from the OpenStack Yoga release **** onwards.

Below are the Source-based OpenStack deployment images

Below are the Binary-based OpenStack deployment images

5] Enable Trilio Snapshot mount feature

To enable Trilio's Snapshot mount feature it is necessary to make the Trilio Backup target available to the nova-compute and nova-libvirt containers.

Edit /usr/local/share/kolla-ansible/ansible/roles/nova-cell/defaults/main.yml and find nova_libvirt_default_volumes variables. Append the Trilio mount bind /var/trilio:/var/trilio:shared to the list of already existing volumes.

For a default Kolla installation, will the variable look as follows afterward:

Next, find the variable nova_compute_default_volumes in the same file and append the mount bind /var/trilio:/var/trilio:shared to the list.

After the change will the variable look for a default Kolla installation as follows:

In case of using Ironic compute nodes one more entry need to be adjusted in the same file. Find the variable nova_compute_ironic_default_volumes and append trilio mount /var/trilio:/var/trilio:shared to the list.

After the changes the variable will looks like the following:

6] Pull Trilio container images

Activate the login into dockerhub for Trilio tagged containers.

Please get the Dockerhub login credentials from Trilio Sales/Support team

Pull the Trilio container images from the dockerhub based on the existing inventory file. In the example is the inventory file named multinode.

7] Deploy Trilio

All that is left, is to run the deploy command using the existing inventory file. In the example is the inventory file named 'multinode'.

This is just an example command. You need to use your cloud deploy command.

Post deployment for multipath enabled environment, log into respective datamover container and add uxsock_timeout with value as 60000 (i.e. 60 sec) in /etc/multipath.conf. Restart datamover container

8] Verify Trilio deployment

Verify on the nodes that are supposed to run the Trilio containers, that those are available and healthy.

The example is shown for 4.2.7 maintenance release from Kolla Victoria CentOS binary based setup.

The example is shown for 4.2.7 maintenance release from Kolla Yoga Ubuntu source based setup.

The example is shown for 4.2.7 maintenance release from Kolla Yoga Ubuntu binary based setup.

9] Troubleshooting Tips

9.1 ] Check Trilio containers and their startup logs

To see all TriloVault containers running on a specific node use the docker ps command.

To check the startup logs use the docker logs <container name> command.

9.2] Trilio Horizon tabs are not visible in Openstack

Verify that the Trilio Appliance is configured. The Horizon tabs are only shown, when a configured Trilio appliance is available.

Verify that the Trilio horizon container is installed and in a running state.

9.3] Trilio Service logs

Trilio datamover api service logs on datamover api node

Trilio datamover service logs on datamover node

10. Change the nova user id on the Trilio Nodes

Note: This step needs to be done on Trilio Appliance node. Not on OpenStack node.

Pre-requisite: You should have already launched Trilio appliance VM

In Kolla openstack distribution, 'nova' user id on nova-compute docker container is set to '42436'. The 'nova' user id on the Trilio nodes need to be set the same. Do the following steps on all Trilio nodes:

Download the shell script that will change the user id
Assign executable permissions
Execute the script
Verify that 'nova' user and group id has changed to '42436'

11. Advanced configurations - [Optional]

11.1] We are using cinder's ceph user for interacting with Ceph cinder storage. This user name is defined using parameter - 'ceph_cinder_user' in the file '/etc/kolla/globals.yaml'.

If user wants to edit this parameter value they can do it. Impact will be, cinder's ceph user and triliovault datamover's ceph user will be updated upon next kolla-ansible deploy command.

Installing on RHOSP

The Red Hat Openstack Platform Director is the supported and recommended method to deploy and maintain any RHOSP installation.

Trilio is integrating natively into the RHOSP Director. Manual deployment methods are not supported for RHOSP.

1. Prepare for deployment

1.1] Select 'backup target' type

Backup target storage is used to store backup images taken by Trilio and details needed for configuration:

Following backup target types are supported by Trilio

a) NFS

Need NFS share path

b) Amazon S3

- S3 Access Key - Secret Key - Region - Bucket name

c) Other S3 compatible storage (Like, Ceph based S3)

- S3 Access Key - Secret Key - Region - Endpoint URL (Valid for S3 other than Amazon S3) - Bucket name

1.2] Clone triliovault-cfg-scripts repository

All commands need to be run as user 'stack' on undercloud node

The following command clones the triliovault-cfg-scripts github repository.

Next access the Red Hat Director scripts according to the used RHOSP version.

RHOSP 13

RHOSP 16.1

RHOSP 16.2

RHOSP 17.0

The remaining documentation will use the following path for examples:

1.3] If backup target type is 'Ceph based S3' with SSL:

2] Upload trilio puppet module

The following commands upload the Trilio puppet module to the overcloud registry. The actual upload happens upon the next deployment.

Trilio puppet module is uploaded to overcloud as a swift deploy artifact with heat resource name 'DeployArtifactURLs'. If you check trilio's puppet module artifact file it looks like following.

Note: If your overcloud deploy command using any other deploy artifact through a environment file, then you need to merge trilio deploy artifact url and your url in single file.

How to check if your overcloud deploy environment files using deploy artifacts? You need to check string 'DeployArtifactURLs' in your environment files (only those mentioned in overcloud deploy command with -e option). If you find it any such environment file that is mentioned in overcloud dpeloy command with '-e' option then your deploy command is using deploy artifact.
In that case you need to merge all deploy artifacts in single file. Refer following steps.

Let's say, your artifact file path is "/home/stack/templates/user-artifacts.yaml" then refer following steps to merge both urls in single file and pass that new file to overcloud deploy command with '-e' option.

3] Update overcloud roles data file to include Trilio services

Trilio contains multiple services. Add these services to your roles_data.yaml.

In the case of uncustomized roles_data.yaml can the default file be found on the undercloud at:

/usr/share/openstack-tripleo-heat-templates/roles_data.yaml

Add the following services to the roles_data.yaml

All commands need to be run as user 'stack'

3.1] Add Trilio Datamover Api Service to role data file

This service needs to share the same role as the keystone and database service. In case of the pre-defined roles will these services run on the role Controller. In case of custom defined roles, it is necessary to use the same role where 'OS::TripleO::Services::Keystone' service installed.

Add the following line to the identified role:

3.2] Add Trilio Datamover Service to role data file

This service needs to share the same role as the nova-compute service. In case of the pre-defined roles will the nova-compute service run on the role Compute. In case of custom defined roles, it is necessary to use the role the nova-compute service is using.

Add the following line to the identified role:

3.3] Add Trilio Horizon Service role data file

This service needs to share the same role as the OpenStack Horizon server. In case of the pre-defined roles will the Horizon service run on the role Controller. Add the following line to the identified role:

4] Prepare Trilio container images

All commands need to be run as user 'stack'

Trilio containers are pushed to 'RedHat Container Registry'. Registry URL: 'registry.connect.redhat.com'. Container pull URLs are given below.

Please note that using the hotfix containers requires that the Trilio Appliance is getting upgraded to the desired hotfix level as well.

Refer to the word <HOTFIX-TAG-VERSION> as 4.2.8 in the below sections

RHOSP 13

RHOSP 16.1

RHOSP 16.2

RHOSP 17.0

There are three registry methods available in RedHat Openstack Platform.

Remote Registry
Local Registry
Satellite Server

4.1] Remote Registry

Follow this section when 'Remote Registry' is used.

In this method, container images gets downloaded directly on overcloud nodes during overcloud deploy/update command execution. User can set remote registry to redhat registry or any other private registry that he wants to use. User needs to provide credentials of the registry in 'containers-prepare-parameter.yaml' file.

Make sure other openstack service images are also using the same method to pull container images. If it's not the case you can not use this method.
Populate 'containers-prepare-parameter.yaml' with content like following. Important parameters are 'push_destination: false', ContainerImageRegistryLogin: true and registry credentials. Trilio container images are published to registry 'registry.connect.redhat.com'. Credentials of registry 'registry.redhat.io' will work for 'registry.connect.redhat.com' registry too.

Note: This file -'containers-prepare-parameter.yaml'

Redhat document for remote registry method: \

Note: File 'containers-prepare-parameter.yaml' gets created as output of command 'openstack tripleo container image prepare'. Refer above document by RedHat

3. Make sure you have network connectivity to above registries from all overcloud nodes. Otherwise image pull operation will fail.

4. User need to manually populate the trilio_env.yaml file with Trilio container image URLs as given below:

trilio_env.yaml file path:

At this step, you have configured Trilio image urls in the necessary environment file.

4.2] Local Registry

Follow this section when 'local registry' is used on the undercloud.

RHOSP13

RHOSP 16.1

RHOSP16.2

RHOSP17.0

At this step, you have downloaded triliovault container images and configured triliovault image urls in necessary environment file.

4.3] Red Hat Satellite Server

Follow this section when a Satellite Server is used for the container registry.

Pull the Trilio containers on the Red Hat Satellite using the given

Populate the trilio_env.yaml with container urls.

RHOSP 13

RHOSP 16.1

RHOSP16.2

RHOSP17.0

At this step, you have downloaded triliovault container images into RedHat sattelite server and configured triliovault image urls in necessary environment file.

5] Configure multi-IP NFS

This section is only required when the multi-IP feature for NFS is required.

This feature allows to set the IP to access the NFS Volume per datamover instead of globally.

On Undercloud node, change directory

Edit file 'triliovault_nfs_map_input.yml' in the current directory and provide compute host and NFS share/ip map.

Get the compute hostnames from the following command. Check ‘Name' column. Use exact hostnames in 'triliovault_nfs_map_input.yml' file.

Run this command on undercloud by sourcing 'stackrc'.

Edit input map file and fill all the details. Refer to the for details about the structure.

vi triliovault_nfs_map_input.yml

Update pyyaml on the undercloud node only

If pip isn't available please install pip on the undercloud.

Expand the map file to create a one-to-one mapping of the compute nodes and the nfs shares.

The result will be in file - 'triliovault_nfs_map_output.yml'

Validate output map file

Open file 'triliovault_nfs_map_output.yml

vi triliovault_nfs_map_output.yml

available in the current directory and validate that all compute nodes are covered with all the necessary NFS shares.

Append this output map file to 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Validate the changes in file 'triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/environments/trilio_nfs_map.yaml'

Include the environment file (trilio_nfs_map.yaml) in overcloud deploy command with '-e' option as shown below.

Ensure that MultiIPNfsEnabled is set to true in trilio_env.yaml file and that nfs is used as backup target.

6] Provide environment details in trilio-env.yaml

Provide backup target details and other necessary details in the provided environment file. This environment file will be used in the overcloud deployment to configure Trilio components. Container image names have already been populated in the preparation of the container images. Still it is recommended to verify the container URLs.

The following information are required additionally:

Network for the datamover api
datamover password
Backup target type {nfs/s3}
In case of NFS

NFS options for Cohesity NFS : nolock,soft,timeo=600,intr,lookupcache=none,nfsvers=3,retrans=10

In case of S3
- S3 type {amazon_s3/ceph_s3}
- S3 Access key
- S3 Secret key

Use ceph_s3 for any non-aws S3 backup targets.

7] Advanced Settings/Configuration

7.1] Haproxy customized configuration for Trilio dmapi service __

The existing default haproxy configuration works fine with most of the environments. Only when timeout issues with the dmapi are observed or other reasons are known, change the configuration as described here.

Following is the haproxy conf file location on haproxy nodes of the overcloud. Trilio datamover api service haproxy configuration gets added to this file.

Trilio datamover haproxy default configuration from the above file looks as follows:

The user can change the following configuration parameter values.

To change these default values, you need to do the following steps. i) On the undercloud node, open the following file for edit (Edit <RHOSP_RELEASE> with your cloud's release information. Valid values are - rhosp13, rhosp16, rhosp16.1)

For RHOSP13

For RHOSP16.1

For RHOSP16.2

For RHOSP17.0

ii) Search the following entries and edit as required

iii) Save the changes.

7.2] Configure Custom Volume/Directory Mounts for the Trilio Datamover Service

If the user wants to add one or more extra volume/directory mounts to the Trilio Datamover Service container, they can use the following heat environment file. A variable named 'TrilioDatamoverOptVolumes' is available in this file.

This variable 'TrilioDatamoverOptVolumes' accepts list of volume/bind mounts.
User needs to edit this file and add their volume mounts in below format.
For example:
In this volume mount "/mnt/dir2:/var/dir2", "/mnt/dir2" is a diretcory available on compute host and "/var/dir2" is the mount point inside datamover container.

Next, User needs to pass this file to overcloud deploy command with '-e' option Like below.

8] Deploy overcloud with trilio environment

Use the following heat environment file and roles data file in overcloud deploy command:

trilio_env.yaml
roles_data.yaml
Use correct Trilio endpoint map file as per available Keystone endpoint configuration

To include new environment files use '-e' option and for roles data file use '-r' option. An example overcloud deploy command is shown below:

Post deployment for multipath enabled environment, log into respective datamover container and add uxsock_timeout with value as 60000 (i.e. 60 sec) in /etc/multipath.conf. Restart datamover container

9] Verify deployment

If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. Please recheck if you followed the complete documentation.

9.1] On Controller node

Verify the haproxy configuration under:

9.2] On Compute node

Make sure Trilio datamover container is in running state and no other Trilio container is deployed on compute nodes.

9.3] On the node with Horizon service

If Trilio Horizon container is in restarted state on RHOSP 16.1.8/RHSOP 16.2.4 then use below workaroud

10] Troubleshooting for overcloud deployment failures

Trilio components will be deployed using puppet scripts.

oIn case of the overcloud deployment failing do the following command provide the list of errors. The following document also provides valuable insights:

Restores

Definition

A Restore is the workflow to bring back the backed up VMs from a Trilio Snapshot.

List of Restores

Using Horizon

To reach the list of Restores for a Snapshot follow these steps:

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to show

Using CLI

--snapshot_id <snapshot_id> ➡️ ID of the Snapshot to show the restores of

Restores overview

Using Horizon

To reach the detailed Restore overview follow these steps:

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to show

Details Tab

The Restore Details Tab shows the most important information about the Restore.

Name
Description
Restore Type
Status

The Restore Options are the restore.json provided to Trilio.

List of VMs restored
- restored VM Name
- restored VM Status
- restored VM ID

Misc Tab

The Misc tab provides additional Metadata information.

Creation Time
Restore ID
Snapshot ID containing the Restore
Workload

Using CLI

<restore_id> ➡️ ID of the restore to be shown
--output <output> ➡️ Option to get additional restore details, Specify --output metadata for restore metadata,--output networks --output subnets --output routers --output flavors

Delete a Restore

Once a Restore is no longer needed, it can be safely deleted from a Workload.

Deleting a Restore will only delete the Trilio information about this Restore. No Openstack resources are getting deleted.

Using Horizon

There are 2 possibilities to delete a Restore.

Possibility 1: Single Restore deletion through the submenu

To delete a single Restore through the submenu follow these steps:

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to delete

Possibility 2: Multiple Restore deletion through a checkbox in Snapshot overview

To delete one or more Restores through the Restore list do the following:

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to show

Using CLI

<restore_id> ➡️ ID of the restore to be deleted

Cancel a Restore

Ongoing Restores can be canceled.

Using Horizon

To cancel a Restore in Horizon follow these steps:

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to delete

Using CLI

<restore_id> ➡️ ID of the restore to be deleted

One Click Restore

The One Click Restore will bring back all VMs from the Snapshot in the same state as they were backed up. They will:

be located in the same cluster in the same datacenter
use the same storage domain
connect to the same network
have the same flavor

The user can't change any Metadata.

The One Click Restore requires, that the original VM's that have been backed up are deleted or otherwise lost. If even one VM is still existing, will the One Click Restore fail.

The One Click Restore will automatically update the Workload to protect the restored VMs.

Using Horizon

There are 2 possibilities to start a One Click Restore.

Possibility 1: From the Snapshot list

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to be restored

Possibility 2: From the Snapshot overview

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to be restored

Using CLI

<snapshot_id> ➡️ ID of the snapshot to restore.
--display-name <display-name> ➡️ Optional name for the restore.
--display-description <display-description> ➡️

Selective Restore

The Selective Restore is the most complex restore Trilio has to offer. It allows to adapt the restored VMs to the exact needs of the User.

With the selective restore the following things can be changed:

Which VMs are getting restored
Name of the restored VMs
Which networks to connect with
Which Storage domain to use

The Selective Restore is always available and doesn't have any prerequirements.

The Selective Restore will automatically update the Workload to protect the created instance in the case that the original instance is no longer existing.

Using Horizon

There are 2 possibilities to start a Selective Restore.

Possibility 1: From the Snapshot list

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to be restored

Possibility 2: From the Snapshot overview

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to be restored

Using CLI

<snapshot_id> ➡️ ID of the snapshot to restore.
--display-name <display-name> ➡️ Optional name for the restore.
--display-description <display-description> ➡️

Inplace Restore

The Inplace Restore covers those use cases, where the VM and its Volumes are still available, but the data got corrupted or needs to a rollback for other reasons.

It allows the user to restore only the data of a selected Volume, which is part of a backup.

The Inplace Restore only works when the original VM and the original Volume are still available and connected. Trilio is checking this by the saved Object-ID.

The Inplace Restore will not create any new RHV resources. Please use one of the other restore options if new Volumes or VMs are required.

Using Horizon

There are 2 possibilities to start an Inplace Restore.

Possibility 1: From the Snapshot list

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to be restored

Possibility 2: From the Snapshot overview

Login to Horizon
Navigate to Backups
Navigate to Workloads
Identify the workload that contains the Snapshot to be restored

Using CLI

<snapshot_id> ➡️ ID of the snapshot to restore.
--display-name <display-name> ➡️ Optional name for the restore.
--display-description <display-description> ➡️

required restore.json for CLI

The workloadmgr client CLI is using a restore.json file to define the restore parameters for the selective and the inplace restore.

An example for a selective restore of this restore.json is shown below. A detailed analysis and explanation is given afterwards.

The restore.json requires many information about the backed up resources. All required information can be gathered in the .

General required information

Before the exact details of the restore are to be provided it is necessary to provide the general metadata for the restore.

name➡️the name of the restore
description➡️the description of the restore
oneclickrestore <True/False>➡️

Selective Restore required information

The Selective Restore requires a lot of information to be able to execute the restore as desired.

Those information are divided into 3 components:

instances
restore_topology
networks_mapping

Information required in instances

This part contains all information about all instances that are part of the Snapshot to restore and how they are to be restored.

Even when VMs are not to be restored are they required inside the restore.json to allow a clean execution of the restore.

Each instance requires the following information

id ➡️ original id of the instance
include <True/False> ➡️ Set True when the instance shall be restored

All further information are only required, when the instance is part of the restore.

name ➡️ new name of the instance
availability_zone ➡️ Nova Availability Zone the instance shall be restored into. Leave empty for "Any Availability Zone"
Nics ➡️

To use the next free IP available in the set Nics to an empty list [ ]

Using an empty list for Nics combined with the Network Topology Restore, will the restore automatically restore the original IP address of the instance.

vdisks ➡️ List of all Volumes that are part of the instance. Each Volume requires the following information:
- id ➡️ Original ID of the Volume
- new_volume_type

The root disk needs to be at least as big as the root disk of the backed up instance was.

The following example describes a single instance with all values.

Information required in network topology restore or network mapping

Do not mix network topology restore together with network mapping.

To activate a network topology restore set:

To activate network mapping set:

When the network mapping is activated it is used, it is necessary to provide the mapping details, which are part of the networks_mapping block:

networks ➡️ list of snapshot_network and target_network pairs
- snapshot_network ➡️ the network backed up in the snapshot, contains the following:

Full selective restore example

Inplace Restore required information

The Inplace Restore requires less information thana selective restore. It only requires the base file with some information about the Instances and Volumes to be restored.

Information required in instances

id ➡️ ID of the instance inside the Snapshot
restore_boot_disk ➡️ Set to True if the boot disk of that VM shall be restored.

When the boot disk is at the same time a Cinder Disk, both values need to be set true.

include ➡️ Set to True if at least one Volume from this instance shall be restored
vdisks ➡️ List of disks, that are connected to the instance. Each disk contains:
- id

Network mapping information required

There are no network information required, but the field have to exist as empty value for the restore to work.

Full Inplace restore example

Example runbook for Disaster Recovery using NFS

This runbook will demonstrate how to set up Disaster Recovery with Trilio for a given scenario.

The chosen scenario is following an actively used Trilio customer environment.

Scenario

There are two Openstack clouds available "Openstack Cloud A" and Openstack Cloud B". "Openstack Cloud B" is the Disaster Recovery restore point of "Openstack Cloud A" and vice versa. Both clouds have an independent Trilio installation integrated. These Trilio installations are writing their Backups to NFS targets. "Trilio A" is writing to "NFS A1" and "Trilio B" is writing to "NFS B1". The NFS Volumes used are getting synced against another NFS Volume on the other side. "NFS A1" is syncing with "NFS B2" and "NFS B1" is syncing with "NFS A2". The syncing process is set up independently from Trilio and will always favor the newer dataset.

This scenario will cover the Disaster Recovery of a single Workload and a complete Cloud. All processes are done be the Openstack administrator.

Prerequisites for the Disaster Recovery process

This runbook will assume that the following is true:

"Openstack Cloud A" and "Openstack Cloud B" both have an active Trilio installation with a valid license
"Openstack Cloud A" and "Openstack Cloud B" have free resources to host additional VMs
"Openstack Cloud A" and "Openstack Cloud B" have Tenants/Projects available that are the designated restore points for Tenant/Projects of the other side

For ease of writing will this runbook assume from here on, that "Openstack Cloud A" is down and the Workloads are getting restored into "Openstack Cloud B".

In the case of the usage of shared Tenant networks, beyond the floating IP, the following additional requirement is needed: All Tenant Networks, Routers, Ports, Floating IPs, and DNS Zones are created

Disaster Recovery of a single Workload

A single Workload can do a Disaster Recovery in this Scenario, while both Clouds are still active. To do so the following high-level process needs to be followed:

Copy the Workload directories to the configured NFS Volume
Make the right Mount-Paths available
Reassign the Workload
Restore the Workload

Copy the Workload directories to the configured NFS Volume

This process only shows how to get a Workload from "Openstack Cloud A" to "Openstack Cloud B". The vice versa process is similar.

As only a single Workload is to be recovered it is more efficient to copy the data of that single Workload over to the "NFS B1" Volume, which is used by "Trilio B".

Mount "NFS B2" Volume to a Trilio VM

It is recommended to use the Trilio VM as a connector between both NFS Volumes, as the nova user is available on the Trilio VM.

Identify the Workload on the "NFS B2" Volume

Trilio Workloads are identified by their ID und which they are stored on the Backup Target. See below example:

In the case that the Workload ID is not known can available Metadata inside the Workload directories be used to identify the correct Workload.

Copy the Workload

The identified workload needs to be copied with all subdirectories and files. Afterward, it is necessary to adjust the ownership to nova:nova with the right permissions.

Make the Mount-Paths available

Trilio backups are using qcow2 backing files, which make every incremental backup a full synthetic backup. These backing files can be made visible using the qemu-img tool.

The MTAuMTAuMi4yMDovdXBzdHJlYW0= part of the backing file path is the base64 hash value, which will be calculated upon the configuration of a Trilio installation for each provided NFS-Share.

This hash value is calculated based on the provided NFS-Share path: <NFS_IP>/<path> If even one character in the NFS-Share path is different between the provided NFS-Share paths a completely different hash value is generated.

Workloads, that have been moved between NFS-Shares, require that their incremental backups can follow the same path as on their original Source Cloud. To achieve this it is necessary to create the mount path on all compute nodes of the Target Cloud.

Afterwards a mount bind is used to make the workloads data accessible over the old and the new mount path. The following example shows the process of how to successfully identify the necessary mount points and create the mount bind.

Identify the base64 hash values

The used hash values can be calculated using the base64 tool in any Linux distribution.

Create and bind the paths

Based on the identified base64 hash values the following paths are required on each Compute node.

/var/triliovault-mounts/MTAuMTAuMi4yMDovdXBzdHJlYW1fc291cmNl

and

/var/triliovault-mounts/MTAuMjAuMy4yMjovdXBzdHJlYW1fdGFyZ2V0

In the scenario of this runbook is the workload coming from the NFS_A1 NFS-Share, which means the mount path of that NFS-Share needs to be created and bound to the Target Cloud.

To keep the desired mount past a reboot it is recommended to edit the fstab of all compute nodes accordingly.

Reassign the workload

Trilio workloads have clear ownership. When a workload is moved to a different cloud it is necessary to change the ownership. The ownership can only be changed by Openstack administrators.

Add admin-user to required domains and projects

To fulfill the required tasks an admin role user is used. This user will be used until the workload has been restored. Therefore, it is necessary to provide this user access to the desired Target Project on the Target Cloud.

Discover orphaned Workloads from NFS-Storage of Target Cloud

Each Trilio installation maintains a database of workloads that are known to the Trilio installation. Workloads that are not maintained by a specific Trilio installation, are from the perspective of that installation, orphaned workloads. An orphaned workload is a workload accessible on the NFS-Share, that is not assigned to any existing project in the Cloud the Trilio installation is protecting.

List available projects on Target Cloud in the Target Domain

The identified orphaned workloads need to be assigned to their new projects. The following provides the list of all available projects viewable by the used admin-user in the target_domain.

List available users on the Target Cloud in the Target Project that have the right backup trustee role

To allow project owners to work with the workloads as well will they get assigned to a user with the backup trustee role that is existing in the target project.

Reassign the workload to the target project

Now that all informations have been gathered the workload can be reassigned to the target project.

Verify the workload is available at the desired target_project

After the workload has been assigned to the new project it is recommended to verify the workload is managed by the Target Trilio and is assigned to the right project and user.

Restore the workload

The reassigned workload can be restored using Horizon following the procedure described .

This runbook will continue on the CLI only path.

Prepare the selective restore by getting the snapshot information

To be able to do the necessary selective restore a few pieces of information about the snapshot to be restored are required. The following process will provide all necessary information.

List all Snapshots of the workload to restore to identify the snapshot to restore

Get Snapshot Details with network details for the desired snapshot

Get Snapshot Details with disk details for the desired Snapshot

Prepare the selective restore by creating the restore.json file

The selective restore is using a restore.json file for the CLI command. This restore.json file needs to be adjusted according to the desired restore.

Run the selective restore

To do the actual restore use the following command:

Verify the restore

To verify the success of the restore from a Trilio perspective the restore status is checked.

Clean up

After the Desaster Recovery Process has been successfully completed it is recommended to bring the TVM installation back into its original state to be ready for the next DR process.

Delete the workload

Delete the workload that got restored.

Remove the database entry

The Trilio database is following the Openstack standard of not deleting any database entries upon deletion of the cloud object. Any Workload, Snapshot or Restore, which gets deleted, is marked as deleted only.

To allow the Trilio installation to be ready for another disaster recovery it is necessary to completely delete the entries of the Workloads, which have been restored.

Trilio does provide and maintain a script to safely delete workload entries and all connected entities from the Trilio database.

This script can be found here:

Remove the admin user from the project

After all restores for the target project have been achieved it is recommended to remove the used admin user from the project again.

Disaster Recovery of a complete cloud

This Scenario will cover the Disaster Recovery of a full cloud. It is assumed that the source cloud is down or lost completly. To do the disaster recovery the following high-level process needs to be followed:

Reconfigure the Target Trilio installation
Make the right Mount-Paths available
Reassign the Workload
Restore the Workload

Reconfigure the Target Trilio installation

Before the Desaster Recovery Process can start is it necessary to make the backups to be restored available for the Trilio installation. The following steps need to be done to completely reconfigure the Trilio installation.

During the reconfiguration process will all backups of the Target Region be on hold and it is not recommended to create new Backup Jobs until the Desaster Recovery Process has finished and the original Trilio configuration has been restored.

Add NFS B2 to the Trilio Appliance Cluster

To add the NFS-Vol2 to the Trilio Appliance cluster the Trilio can either be to use both NFS Volumes or it is possible to edit the configuration file and then restart all services. This procedure describes how to edit the conf file and restart the services. This needs to be repeated on every Trilio Appliance.

Edit the workloadmgr.conf

Look for the line defining the NFS mounts

Add NFS B2 to that as comma-seperated list. Space is not necessary, but can be set.

Write and close the workloadmgr.conf

Restart the wlm-workloads service

Add NFS B2 to the Trilio Datamovers

Trilio is integrating natively into the Openstack deployment tools. When using the Red Hat director or JuJu charms it is recommended to adapt the environment files for these orchestrators and update the Datamovers through them.

To add the NFS B2 to the Trilio Datamovers manually the tvault-contego.conf file needs to be edited and the service restarted.

Edit the tvault-contego.conf

Look for the line defining the NFS mounts

Add NFS B2 to that as comma-seperated list. Space is not necessary, but can be set.

Write and close the tvault-contego.conf

Restart the tvault-contego service

Make the Mount-Paths available

Trilio backups are using qcow2 backing files, which make every incremental backup a full synthetic backup. These backing files can be made visible using the qemu-img tool.

The MTAuMTAuMi4yMDovdXBzdHJlYW0= part of the backing file path is the base64 hash value, which will be calculated upon the configuration of a Trilio installation for each provided NFS-Share.

Identify the base64 hash values

The used hash values can be calculated using the base64 tool in any Linux distribution.

Create and bind the paths

Based on the identified base64 hash values the following paths are required on each Compute node.

/var/triliovault-mounts/MTAuMTAuMi4yMDovdXBzdHJlYW1fc291cmNl

and

/var/triliovault-mounts/MTAuMjAuMy4yMjovdXBzdHJlYW1fdGFyZ2V0

In the scenario of this runbook is the workload coming from the NFS_A1 NFS-Share, which means the mount path of that NFS-Share needs to be created and bound to the Target Cloud.

To keep the desired mount past a reboot it is recommended to edit the fstab of all compute nodes accordingly.

Reassign the workload

Trilio workloads have clear ownership. When a workload is moved to a different cloud it is necessary to change the ownership. The ownership can only be changed by Openstack administrators.

Add admin-user to required domains and projects

Discover orphaned Workloads from NFS-Storage of Target Cloud

List available projects on Target Cloud in the Target Domain

The identified orphaned workloads need to be assigned to their new projects. The following provides the list of all available projects viewable by the used admin-user in the target_domain.

List available users on the Target Cloud in the Target Project that have the right backup trustee role

To allow project owners to work with the workloads as well will they get assigned to a user with the backup trustee role that is existing in the target project.

Reassign the workload to the target project

Now that all informations have been gathered the workload can be reassigned to the target project.

Verify the workload is available at the desired target_project

After the workload has been assigned to the new project it is recommended to verify the workload is managed by the Target Trilio and is assigned to the right project and user.

Restore the workload

The reassigned workload can be restored using Horizon following the procedure described .

This runbook will continue on the CLI only path.

Prepare the selective restore by getting the snapshot information

To be able to do the necessary selective restore a few pieces of information about the snapshot to be restored are required. The following process will provide all necessary information.

List all Snapshots of the workload to restore to identify the snapshot to restore

Get Snapshot Details with network details for the desired snapshot

Get Snapshot Details with disk details for the desired Snapshot

Prepare the selective restore by creating the restore.json file

The selective restore is using a restore.json file for the CLI command. This restore.json file needs to be adjusted according to the desired restore.

Run the selective restore

To do the actual restore use the following command:

Verify the restore

To verify the success of the restore from a Trilio perspective the restore status is checked.

Reconfigure the Target Trilio installation back to the original one

After the Desaster Recovery Process has finished it is necessary to return the Trilio installation to its original configuration. The following steps need to be done to completely reconfigure the Trilio installation.

Delete NFS B2 to the Trilio Appliance Cluster

Edit the workloadmgr.conf

Look for the line defining the NFS mounts

Delete NFS B2 from the comma-seperated list

Write and close the workloadmgr.conf

Restart the wlm-workloads service

Delete NFS B2 to the Trilio Datamovers

To add the NFS B2 to the Trilio Datamovers manually the tvault-contego.conf file needs to be edited and the service restarted.

Edit the tvault-contego.conf

Look for the line defining the NFS mounts

Add NFS B2 to that as comma-seperated list. Space is not necessary, but can be set.

Write and close the tvault-contego.conf

Restart the tvault-contego service

Clean up

After the Desaster Recovery Process has been successfully completed and the Trilio installation reconfigured to its original state, it is recommended to do the following additional steps to be ready for the next Disaster Recovery process.

Remove the database entry

To allow the Trilio installation to be ready for another disaster recovery it is necessary to completely delete the entries of the Workloads, which have been restored.

Trilio does provide and maintain a script to safely delete workload entries and all connected entities from the Trilio database.

This script can be found here:

Remove the admin user from the project

After all restores for the target project have been achieved it is recommended to remove the used admin user from the project again.