TrilioVault for RHV, by Trilio Data, is a native RHV service that provides policy-based comprehensive backup and recovery for RHV workloads. The solution captures point-in-time workloads (Application, OS, Compute, Network, Configurations, Data, and Metadata of an environment) as full or incremental snapshots. A variety of storage environments can hold these Snapshots, including NFS and soon AWS S3 compatible storage. With TrilioVault and its single-click recovery, organizations can improve Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). TrilioVault enables IT departments to fully deploy RHV solutions and provide business assurance through enhanced data retention, protection, and integrity.

With the use of TrilioVault’s VAST (Virtual Snapshot Technology), Enterprise IT and Cloud Service Providers can now deploy backup and disaster recovery as a service to prevent data loss or data corruption through point-in-time snapshots and seamless one-click recovery. TrilioVault takes point-in-time backup of the entire workload consisting of computing resources, network configurations, and storage data as one unit. It also takes incremental backups that only capture the changes made since the last backup. Incremental snapshots save time and storage space as the backup only includes changes since the last backup. The summarized benefits of using VAST for backup and restore are:

1. Efficient capture and storage of snapshots. Since our full backups only include data that is committed to storage volume and the incremental backups include changed blocks of data since the last backup, our backup processes are efficient and storages backup images efficiently on the backup media.

2. Faster and reliable recovery. When your applications become complex that snap multiple VMs and storage volumes, our efficient recovery process brings your application from zero to operational with the click of a button.

3. Reliable and smooth migration of workloads between environments. TrilioVault captures all the details of your application, and hence our migration includes your entire application stack without leaving anything for guesswork.

4. Through policy and automation, lower the Total Cost of Ownership. Our role driven backup process and automation eliminates the need for dedicated backup administrators, thereby improves your total cost of ownership.

TrilioVault is built on the same architectural principles as modern analytical platforms such as Hadoop and other big data platforms. These platforms offer infinite scale without compromising on performance. TrilioVault's other attributes include agentless, natively integrated with RHV GUI, horizontally scalable, nondisruptive, and open universal backup schema.

Agentless

TrilioVault offers image-level backup, which backs up a given virtual machine physical disks as one file. Irrespective of the complexity of a VM or the applications running inside the VM, the user does not require any custom code, called agents, inside VM for TrilioVault to take VM backups. Agentless solutions are one of the highly desirable features because any solution that requires custom code to run in VM creates an operational nightmare.

Self-Service/UI Integrated

TrilioVault comes with a GUI plugin for RHV Manager, which provides seamless integration of TrilioVault functionality adjacent to virtual machines management. TrilioVault service authenticates users with OpenID tokens, so any user who logged in to RHV can use TrilioVault functionality without any out-of-band user management.

Scalable, Linear, Infinite Scale

Most backup solutions are built on client/server architectures, and hence, they invariably create performance and scale bottlenecks when the RHV cluster grows. Traditional backup solutions require constant tweaking to keep up with RHV cluster growth. TrilioVault is built on the same architectural principles as the RHV platform; hence, it grows with the RHV cluster without introducing scale and performance bottlenecks.

Nondisruptive

Deploying TrilioVault is nondisruptive to the RHV cluster or the virtual machines. Similarly, uninstalling TrilioVault is nondisruptive as well.

Open Universal Backup Schema

In the current world of multi-cloud environments, the backup images must be platform and vendor-neutral, so they are easily portable between clouds. TrilioVault saves backup images as QCOW2 images. QCOW2 is a standard format in KVM/RHV environments for virtual disks, and Linux comes with numerous tools to create and manage them. A backup image stored in QCOW2 format gives the user enormous flexibility on how these are leveraged for various use cases, including restoring backup images without TVM.

QCOW2 images also come with two important attributes that also make them ideal for storing backup images.

1. QCOW2s are sparse friendly. As a regular practice, users overprovision virtual disks to VMs. These virtual disks may be thick or thin-provisioned, but at any given time, applications only use a fraction of the virtual disk capacity. When taking image-level backups of virtual disks, backup solutions should only save the blocks that are allocated and not save blocks that are not allocated or used. For example, your virtual disks maybe a 1TB in capacity, but the applications utilized only 10GB of disk space. Since QCOW2 images are spare friendly, TrilioVault only stores the data. In the above example, the size of the QCOW2 image is 10GB

2. KVM/RHV supports virtual disk snapshots by a construct called overlay files. KVM/RHV creates a new disk snapshot, it creates a new qcow2 file called overlay file and is overlaid on the original qcow2 file. Any new writes are applied to overlay file, and any reads to old data is read from the older qcow2 file. TrilioVault leverages the same mechanism to store incremental backups. TrilioVault incremental backups are overlay files that include the data that is modified between the current backup process and the last good backup. Since the TrilioVault backup image structure on the backup media reflects what KVM/RHV natively represents, our process of creating backups and restores are highly efficient in terms of the amount of backup storage used and the network bandwidth utilization.

TrilioVault architecture reflects these principles.

As you can see from above the architecture diagram, TrilioVault does not require any media servers. Traditionally, media servers performs numerous bookkeeping operations of backup images, including pruning older backups, synthesizing full backups from existing backups, cataloging backup images and other operations. These are usually data intensive operations and as your RHV cluster grows, media servers need to scale in capacity to keep up with RHV growth. Scaling media servers may include trial and errors approaches and very difficult to calibrate correctly. TrilioVault employs data movers that are deployed on each RHV host that can horizontally scale with RHV, hence, there is no tuning to do when RHV cluster grows. Instead of centralizing media server functionality in to one appliance, all bookkeeping operations are performed with in the data mover in the context of current backup job. TrilioVault enhances operational efficiency of backups and recoveries and by not tieing the users to hardware licenses it also significantly improves the ROI and TCO of your investments.

TrilioVault Appliance

The TrilioVault Appliance is the controller of TrilioVault, called TVM.

The TVM is running and managing all backup and recovery jobs.

During a backup job is the TVM:

• Gathering the Metadata information generated of the VMs that are getting protected

• Writing the Metadata information onto the Backup Target

• Generating the RHV Snapshot

• Sending the data copy commands to the ovirt-imageio services

The TVM is available as qcow2 image and runs as VM on top of a KVM Hypervisor.

It is supported and recommended to run the TVM in the same RHV environment as a VM that the TVM protects.

RHV GUI integration

TrilioVault is natively integrated into the available RHV GUI, provides a new tab "Backup".

All functionalities of TrilioVault are accessible through the RHV GUI.

The RHV-Manager GUI integration is getting installed using Ansible-playbooks together with the ovirt-imageio-proxy extension.

Ovirt-imageio extensions

Ovirt-imageio is an RHV internal python service that allows the upload and download of disks into and out of RHV.

The default ovirt-imageio services only allow to move the disks through the RHV-M via https.

TrilioVault extends the ovirt-imageio functionality to provide movement of the disk data through NFS over the RHV Hosts themselves.

The ovirt-imageio extensions are getting installed using Ansible-playbooks.

Backup Target

TrilioVault is writing all Backups over the network using the NFS protocol to a provided Backup Target.

Any system utilizing the NFSv3 protocol is usable.

TrilioVault for RHV is integrating into the RHV-Manager to provide a seamless experience for RHV Administrators and Users for all their Backup & Recovery needs inside RHV.

For this purpose is TrilioVault extending the RHV-Manager GUI with a new tab "Backup", which contains the sub-tabs Workloads, Admin Panel and Reporting as shown in figure 1.

The integration of TrilioVault into the RHV-Manager contains the complete GUI. This GUI still requires Data that will be shown then.

The RHV-Manager is gathering the data shown in the GUI from the client-side. This means that next to the connection to the RHV-Manager there are also connections to the systems providing the data. For all normal RHV tabs and fields is this the RHV-Manager itself.

When accessing the TrilioVault tabs there will also be a connection build-up to the TrilioVault VM, to gather the data about Workloads, Snapshots, Restores, etc. Figure 2 visualizes this connection.

As can be seen, the TrilioVault VM provides its own certificate to the Client Browser. This connection is happening in the background of the browser. This means, that untrusted certificates can not be accepted through the browser upon opening the Backup tab in the RHV-M. The certificate for the GUI is coming from the RHV-Manager and has been accepted at this point already. The certificate for the data coming from the TrilioVault VM needs to be accepted separately.

Before installing TrilioVault it is therefore required to consider which certificates the TrilioVault VM will use and how they will be distributed to the Client Browser.

During configuration is the TrilioVault VM either able to generate its own self-signed certificate or a certificate and a private key can be provided.

When a self-signed certificate is chosen can the generated certificate be downloaded from the TrilioVault VM dashboard and then added as a trusted certificate to the Client system. Or it can be accepted through the browser itself by calling the TrilioVault VM API directly.

When a certificate is provided is the private key used with that certificate also required. This private key will be used to encrypt the communication between TrilioVault VM and the Client Browser. The provided certificate still needs to be trusted by the Client system.

TrilioVault data transfer related logs

/var/log/ovirt_celery/worker<x>.log

The worker logs contain the status of the disk transfer from the RHV Host to the backup target. Useful if the data transfer process gets stuck or errors in between.

RHV 4.3: /var/log/ovirt-imageio-daemon/daemon.log

RHV 4.4: /var/log/ovirt-imageio/daemon.log

The daemon.log contains all information about the actual connection between the RHV Host and the backup target. Useful to identify potential connection issues between the RHV Host and Backup target.

TrilioVault data transfer related logs

RHV 4.3: /var/log/ovirt-imageio-proxy/image-proxy.log

RHV 4.4: /var/log/ovirt-imageio/daemon.log

This log provides the used ticket number and RHV-Host for a backup transfer. It is helpful to identify the ticket numbers that are used in RHV to track a specific data transfer. It also shows any connection errors between the RHV-M and the RHV-Host.

Generally helpful RHV-Manager logs

TrilioVault is calling a lot of RHV APIs to read metadata, create RHV Snapshots and restore VMs. These tasks are done by RHV independently from TrilioVault and are logged in RHV logs.

/var/log/ovirt-engine/engine.log

This log is hard to read, but contains all tasks that the RHV-M is doing, including all Snapshot related tasks.

Additional logs that can be helpful during troubleshooting are:

/var/log/ovirt-engine/boot.log /var/log/ovirt-engine/console.log /var/log/ovirt-engine/ui.log

In case of the TrilioVault Dashboard being lost it can be resetted as long as SSH access to the appliance is available.

To reset the password to its default do the following:

[root@tvm ~]# source /home/rhv/myansible/bin/activate
(myansible) [root@tvm ~]# cd /opt/stack/workloadmgr/workloadmgr/tvault-config
(myansible) [root@tvm tvault-config]# python recreate_conf.py
(myansible) [root@tvm tvault-config]# systemctl restart tvault-config

The dashboard login will be reset to:

Username: admin
Password: password

TrilioVault allows to directly mount a Snapshot through the RHV-Manager.

This feature provides the capability to download any file from any Snapshot through the RHV-Manager independent of size.

Mounting a Snapshot

To mount a Snapshot follow these steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to show

4. Click the workload name to enter the Workload overview

Navigating the mounted Snapshot

A mounted Snapshot can be navigated like in any browser by clicking on files and folders.

Clicking on a directory will open that directory.

Clicking on a file will provide an overview about the metadata of this file including:

• Name

• Size

• Last Modified

• Last accessed

It is further possible to get a preview of the file directly from this overview or to download the file through the RHV-Manager.

TrilioVault for RHV allows extending the TrilioVault GUI login page with a customized banner text.

This banner can be customized in the following ways:

• Header

  • Text

  • Font Size

  • Font Color

• Content

  • Text

  • Font Size

  • Font Color

The banner will always be centered on the page with normal line breaks (no block style).

Set the banner

To set the banner do the following

1. Log into the TrilioVault Appliance GUI using the admin account

2. Click on admin in the upper right corner to open the submenu

3. Click on "Update Compliance Styles"

4. Edit the banner as required

TrilioVault for RHV contains the possibility to send E-Mails to a defined list of E-Mail addresses for any succeeded or failed backup or recovery process.

Enabling the email alert function

To enable the email alert function the following steps need to be done:

1. Login into RHV-Manager as a user with admin privileges

2. In the main menu click on Backup

3. In the Backup sub-menu click on Admin Panel

4. Move to Settings

5. Click Add/update email list

6. Add at least 1 email to the list

7. Click Save and enable alerts

Updating the email alert receiver list

To update the email alert receiver the following steps need to be done:

1. Login into RHV-Manager as a user with admin privileges

2. In the main menu click on Backup

3. In the Backup sub-menu click on Admin Panel

4. Move to Settings

Disabling the email alert function

To disable the email alert function the following steps need to be done:

1. Login into RHV-Manager as a user with admin privileges

2. In the main menu click on Backup

3. In the Backup sub-menu click on Admin Panel

4. Move to Settings

The Admin Panel gives Adminstrators a centralized overview of:

• Snapshots

• Storage usage

• protected vs unprotected VMs

In addition does it contain the functionalities to control:

TrilioVault Appliance logs used during configuration

The following logs contain all information gathered during the configuration of the TrilioVault Appliance

/var/log/workloadmgr/tvault-config.log

This log contains all information of pre-checks done, when filling out the configurator form.

Uninstalling TrilioVault is done in 2 easy steps, which leave only the already created backups behind.

Step 1: Uninstall RHV ovirt-imageio extension

To uninstall the ovirt-imageio extension do the following:

1. Login into the TrilioVault Appliance GUI

2. Go to "Configure RHV Host"

3. Upload the inventory file with the RHV hosts

4. Click Cleanup and wait for the Ansible playbook to finish

5. Go to "Configure RHV Manager"

6. Upload the inventory file with the RHV Manager

7. Click Cleanup and wait for the Ansible playbook to finish

Step 2: Destroy the TrilioVault Appliance

This guide assumes you are running the TrilioVault Appliance in a RHV environment

To destroy the TrilioVault Appliance do the following:

1. Login into the RHV-Manager

2. Navigate to Compute➡️Virtual Machines

3. Mark the TrilioVault Appliance in the list of VMs

4. Click "Shutdown" or "Power Off"

To gracefully shut down the TrilioVault Appliance the following steps are recommended.

Verify no snapshots or restores are running

It is recommended to check in the RHV-M backups tab, that no snapshots or restores are running.

Stop all TrilioVault processes

Main processes workloadmanager

The following commands will stop the main processes of the TrilioVault appliance.

Secondary processes MySQL and RabbitMQ

The TrilioVault solution is using MySQL and RabbitMQ. It is not required but recommended to gracefully stop these services too before restarting the Appliance.

Shutdown/Restart the Appliance

After the services have been stopped the Appliance can be restarted or shut down using standard Linux commands.

TrilioVault for RHV is integrating into the RHV Manager GUI and is using the RHV users with their assigned RHV roles.

TrilioVault is integrating its own RHV roles, which need to be assigned to users. Only users with the superuser role do not require a special TrilioVault role.

All TrilioVault roles only have the RHV Administration Portal login permissions. No further permissions inside RHV are required to fulfill the TrilioVault tasks. This is possible, as the TrilioVault Appliance is using the during configuration provided admin account to send any API commands towards the RHV API itself.

Backup User role: TrilioBackup

The TrilioBackup User role enables a user to:

• Create Workloads

• Modify Workloads

• Take Backups

• Cancel ongoing Backups

The TrilioBackup User role is not able to:

• Reset Workloads

• Start a Restore

• Delete a Restore

• Cancel an ongoing Restore

Restore User role: TrilioRestore

The TrilioRestore User role enables a user to:

• Restore Backups

• Delete Restores

• Cancel an ongoing Restore

• Do a File Search

The TrilioRestore User role is not able to:

• Create Workloads

• Modify Workloads

• Reset Workloads

• Take Backups

Reporting User role: TrilioMonitor

The TrilioMonitor User role enables a user to:

• Monitor the status of Backups and Restores

• Download a Report

The TrilioMonitor User role is not able to:

• Create Workloads

• Modify Workloads

• Reset Workloads

• Take Backups

Backup Administrator User Role: TrilioBackupAdministrator

The TrilioBackupAdministrator User role enables a user to:

• Create Workloads

• Modify Workloads

• Reset Workloads

• Take Backups

TrilioVault is a pure software solution and is composed of 4 elements:

1. TrilioVault Appliance (Virtual Machine)

2. TrilioVault RHV-M Web-GUI extension

3. TrilioVault ovirt-imageio-proxy extension

4. TrilioVault ovirt-imageio-daemon extension

System requirements TrilioVault Appliance

The TrilioVault Appliance gets delivered as a qcow2 image, which gets attached to a virtual machine.

Trilio supports only KVM based hypervisors and recommends to use the RHV Cluster as the hoster for the TrilioVault Appliance.

The recommended size of the VM for the TrilioVault Appliance is:

The qcow2 image itself defines the 40GB disk size of the VM.

System requirements TrilioVault ovirt-imageio extension

TrilioVault is extending the ovirt-imageio-proxy service running on the RHV-Manager and ovirt-imageio-daemon running on the RHV-Hosts.

These extensions do not have any hardware related requirements, but they require specific versions of the ovirt-imageio services.

Please check the for further information.

The TrilioVault Appliance is providing an account that allows doing the following through the console:

• Change network interface configuration

• Show logs on the TrilioVault Appliance

• Restart TrilioVault services on the TrilioVault Appliance

TrilioVault for RHV does provide the capabilties to take application consistent backups by utilizing the Qemu-Guest-Agent.

The Qemu-Guest-Agent

The Qemu-Guest-Agent is a component of the qemu hypervisor, which is used by RHV. RHV automatically builds all VMs to be prepared to use the Qemu-Guest-Agent.

The Qemu-Guest-Agent provides many capabilities, including the possibility to freeze and thaw Virtual Machines Filesystems.

Definition

The file search functionality allows the user to search for files and folders located on a chosen VM in a workload in one or more Backups.

Navigating to the file search tab

The TrilioVault Appliance is delivered as qcow2 image and runs as VM on top of a KVM Hypervisor.

Creation the TrilioVault VM

The creation of the TrilioVault VM works like for any other Virtual Machine inside RHV.

To create a new Virtual Machine, go to Compute ➡️ Virtual Machines.

The button "New" opens the window to define the VM.

The following instructions show the tested configuration for the TrilioVault Appliance.

After configuration, use the OK button to create the TrilioVault Appliance.

General Tab

Fill out the following details as necessary on the General tab:

• Cluster - Choose the RHV Cluster to host the TrilioVault VM

• Template - Blank

• Operating System - The TrilioVault VM runs CentOS 7. Red Hat Enterprise 7.x x64 is a valid option.

• Instance Type - Custom

Before moving to the next tab, attach the TrilioVault qcow2 image to the VM definition.

• Click Attach under Instance Images.

• Choose the TrilioVault qcow2 image

• Check the box for OS

System Tab

Under the System tab set the following:

• Memory size - 24576 MB / 24 GB

• Maximum memory - 24576 MB / 24 GB (RHV automatically first sets four times the Memory size)

• Physical Memory Guaranteed - 24576 MB / 24 GB (RHV automatically first sets the same value as Memory size)

• Total virtual CPUs - 4

• Nothing to set at the Advanced Parameters

• Leave Hardware Clock Timer Offset at 0

• Leave custom serial policy unchecked

Initial Run

Under the Initial Run tab set the following:

• Check "Use Cloud-Init/Sysprep"

• (Optional) Set VM Hostname

• (Optional) Check and set "Configure Time Zone"

• Open Authentication

Further Tabs

There are no TrilioVault specific configurations necessary in any further tab.

Starting the TrilioVault Appliance

After the creation of TrilioVault Appliance, the VM will automatically be put in a shutdown state.

Go to the overview of VMs in the RHV Manager (Compute ➡️ Virtual Machines), identify the TrilioVault Appliance VM in the list, mark it, and click the Run button to start it.

Configuring the TrilioVault network using the CLI service account

TrilioVault is providing a limited-service account for the TrilioVault Appliance. It is no longer necessary to have root access.

The default credentials of this account are:

Username: rhv_nw Password: OphaeHaet0

The rhv_nw account has permission to change the network interface files.

The network interface files are located under:

Use the vi editor to configure the network interface. TrilioVault's default interface is eth0, which is using the following file for its configuration:

Edit this file according to the attached network. A typical interface configuration looks as follows

Definition

A Snapshot is a single TrilioVault backup of a workload including all data and metadata. It contains the information of all VM's that are protected by the workload.

Creating a Snapshot

Snapshots are automatically created by the TrilioVault scheduler. If necessary or in case of deactivated scheduler is it possible to create a Snapshot on demand.

There are 2 possibilities to create a snapshot on demand.

Possibility 1: From the Backup overview

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that shall create a Snapshot

4. Click "Create Snapshot"

Possibility 2: From the Workload Snapshot list

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that shall create a Snapshot

4. Click the workload name to enter the Workload overview

Snapshot overview

Each Snapshot contains a lot of information about the backup. These information can be seen in the Snapshot overview.

To reach the Snapshot Overview follow these steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to show

4. Click the workload name to enter the Workload overview

Details Tab

The Snapshot Details Tab shows the most important information about the Snapshot.

• Snapshot Name / Description

• Snapshot Type

• Time Taken

• Size

Restores Tab

The Snapshot Restores Tab shows the list of Restores that have been started from the chosen Snapshot. It is possible to start Restores from here.

Misc. Tab

The Snapshot Miscellaneous Tab provides the remaining metadata information about the Snapshot.

• Creation Time

• Last Update time

• Snapshot ID

• Workload ID of the Workload containing the Snapshot

Delete Snapshots

Once a Snapshot is no longer needed, it can be safely deleted from a Workload.

There are 2 possibilities to delete a Snapshot.

Possibility 1: Single Snapshot deletion through the submenu

To delete a single Snapshot through the submenu follow these steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to show

4. Click the workload name to enter the Workload overview

Possibility 2: Multiple Snapshot deletion through checkbox in Snapshot overview

To delete one or more Snapshots through the Snapshot overview do the following:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to show

4. Click the workload name to enter the Workload overview

Definition

A workload is a backup job that protects one or more Virtual Machines according to a configured policy. There can be as many workloads as needed. But each VM can only be part of one Workload.

Create a Workload

To create a workload do the following steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Click "Create Workload"

4. Provide Workload Name and Workload Description on the first tab "Details"

The created Workload will be available after a few seconds and starts to take backups according to the provided schedule and policy.

Workload Overview

A workload contains many information, which can be seen in the workload overview.

To enter the workload overview do the following steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that shall create a Snapshot

4. Click the workload name to enter the Workload overview

Details Tab

The Workload Details tab provides you with the general most important information about the workload:

• Name

• Description

• List of protected VMs

Snapshots Tab

The Workload Snapshots Tab shows the list of all available Snapshots in the chosen Workload.

From here it is possible to work with the Snapshots, create Snapshots on demand and start Restores.

Policy Tab

The Workload Policy Tab shows gives an overview of the current configured scheduler and retention policy. The following elements are shown:

• Scheduler Enabled / Disabled

• Start Date / Time

• End Date / Time

• RPO

Filesearch Tab

The Workload Filesearch Tab provides access to the power search engine, which allows to find files and folders on Snapshots without the need of a restore.

Misc. Tab

The Workload Miscellaneous Tab shows the remaining metadata of the Workload. The following information are provided:

• Creation time

• last update time

• Workload ID

• Workload Type

Edit a Workload

Workloads can be modified in all components to match changing needs.

To edit a workload do the following steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload to be modified

4. Click the small arrow next to "Create Snapshot" to open the sub-menu

Delete a Workload

Once a workload is no longer needed it can be safely deleted.

To delete a workload do the following steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload to be deleted

4. Click the small arrow next to "Create Snapshot" to open the sub-menu

Reset a Workload

In rare cases it might be necessary to start a backup chain all over again, to ensure the quality of the created backups. To not recreate a Workload in such cases is it possible to reset a Workload.

The Workload reset will:

• Cancel all ongoing tasks

• Delete all existing RHV Snapshots from the protected VMs

• recalculate the next Snapshot time

• take a full backup at the next Snapshot

To reset a Workload do the following steps:

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload to be deleted

4. Click the small arrow next to "Create Snapshot" to open the sub-menu

TrilioVault for RHV integrates tightly into the RHV environment itself. This integration requires preparation before the installation starts.

Installing Redis

TrilioVault is capable of parallel disk transfer from multiple RHV-Hosts at the same time.

This capability is requiring a task queue system, Python Celery.

Python Celery requires a message broker system like RabbitMQ or Redis. TrilioVault uses the Redis message broker.

RHV does not include Redis, so installation is necessary.

The following steps install Redis:

1. Add the Fedora EPEL Repository# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

2. Install Redis # yum install redis

3. Start Redis # systemctl start redis.service

(CLI) Uploading the TrilioVault VM qcow2 disk to RHV

Trilio is providing a python script to upload the TrilioVault qcow2 image to RHV using the RHV Apis.

The provided script is an adaption of the opensource .

Trilio's changes are:

• compatibility for RHV 4.3 and RHV 4.4

• compatibility with Python 2.7 and Python 3.5+

The script can be downloaded here:

The recommended process for using this script is:

1. Upload the TrilioVault qcow2 image to the RHV-Manager VM

2. Upload the script to the RHV-Manager VM

3. Unpack the TrilioVault qcow2 image if necessary

4. Run the script

Command to upload the disk using the script

For Python 2:

For Python 3:

(GUI) Enabling Disk Upload through RHV Manager

Trilio delivers the TrilioVault Appliance as a qcow2 image.

Trilio supports that the TrilioVault Appliance is running on the same RHV Cluster it protects.

Uploading the qcow2 to the RHV Datastore is easy, but depending on the RHV usage so far, it might require the installation of additional certificates.

Verify the connection to the ovirt-imageio-proxy

RHV is using the ovirt-imageio-proxy service to upload and download images, snapshots, and disks through the RHV Manager.

The following steps verify the connection to the ovirt-imageio-proxy service.

1. Log in to the administrative portal of the RHV Manager

2. Go to Storage ➡️ Disks

3. Go to Upload ➡️ Start

Install the ovirt-engine certificate

When the Test-Connection to the ovirt-imageio-proxy is failing, a usual reason is the client system mistrusting the RHV-M due to a missing certificate.

The RHV-M does have two certificates, which can both be required to access the ovirt-imageio-proxy.

The first certificate is directly available for download from the error message in the window. The below URL shows the general path to the certificate. The downloaded certificate is the root certificate for the certificates used by the ovirt-imageio-proxy.

https:///ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA

Download and install this certificate according to the clients operating system and browser used.

Test the connection to the ovirt-imageio-proxy again after installation.

The second certificate is the actual certificate of the ovirt-imageio-proxy shown to the client system upon connection. The download is only possible from the RHV-M host system directly. The usual location of the certificate is:

/etc/pki/ovirt-engine/certs/imageio-proxy.cer

Install the certificate according to the client's operating system and browser used.

Test the connection to the ovirt-imageio-proxy again after installation.

(GUI) Uploading the TrilioVault VM qcow2 disk to RHV

The TrilioVault VM qcow2 image is a full operating system disk, that is getting attached to a VM running on the RHV-Cluster.

To be able to spin up the TrilioVault VM, upload the qcow2 disk into the RHV datadomain.

The following procedure uploads the qcow2 disk:

1. Go to Storage➡️Disk

2. Go to Upload➡️Start

3. Fill out the presented form and choose the path to the qcow2 image on the client system

To upgrade TrilioVault it is necessary to uninstall the old version of TrilioVault and install the new version.

This is done in a few easy steps.

1. Uninstall the old ovirt-imageio extensions

2. Delete or shutdown the old TrilioVault Appliance

3. (It might be necessary to again)

7. Import the workload from the Web UI of the Appliance once TrilioVault Appliance is configured

TrilioVault extends the ovirt-imageio services running on the RHV-Manager and the RHV hosts, to provide the parallel download of disks from multiple RHV hosts.

The imageio extensions are installed through the TrilioVault GUI using Ansible inventory files as input.

TrilioVault for RHV provides the capabilities to generate reports, to gain insights into the usage of TrilioVault over time and the stability of the service.

TrilioVault 4.1 is the fifth release of TrilioVault for Red Hat Virtualization.

It is aimed to provide Backup and Recovery for Red Hat Virtualization 4.3.x & 4.4.x. The full requirements can be found here.

TrilioVault for RHV 4.1 Features on a Glance

New Feature: Support for the S3 protocol as a possible backup target

The usage of Object Storages for Backup purposes is increasing worldwide and TrilioVault for RHV was the last product in the TrilioVault product line, which wasn't supporting the S3 protocol for backup targets.

TVR 4.1 is extending the possible backup targets to all S3 compatible storage solutions.

New Feature: Role-based access control for TrilioVault tasks

TrilioVault is integrating native into RHV and has so far required that the user has superuser privileges to be able to work with TrilioVault inside the RHV Manager GUI. This provided Backup administrators with far more permissions than they would require to work with TrilioVault.

TVR 4.1 is introducing role-based access control to TrilioVault features and tasks as follows:

• RHV superuser - Can do everything inside RHV including TrilioVault

• TrilioBackupAdministrator - Can use TrilioVault completly but can't do anything in RHV except login

• TrilioBackup - Can use all backup related features of TrilioVault but can't do anything in RHV except login

• TrilioRestore - Can use all restore releated features of TrilioVault but can't do anything in RHV except login

Enhancement: TrilioVault Appliance GUI revamp

The TriliioVault Appliance GUI has been completly revamped for quicker responses and easier usage.

Enhancement: Install TrilioVault components for RHV Host and RHV Manager from TrilioVault GUI

Accessing the TrilioVault appliance to edit inventory files and run Ansible playbooks was a working solution but didn't have a good usability value.

In TVR 4.1 the installation of the RHV Host and RHV Manager components is done through the TrilioVault Appliance GUI directly.

Enhancement: Live output ansible playbooks

When running the configurator the user needed to wait until a playbook had fully finished before the output could be reviewed.

In TVR 4.1 the output of the Ansible playbooks are shown live inside the TrilioVault Appliance GUI.

New Feature: TrilioVault Appliance GUI banner

In TVR 4.1 it is possible to set a banner that is shown on the login page of the TrilioVault Appliance.

Enhancement: Logging of the TrilioVault Appliance GUI admin user

TVR 4.1 is now logging the following events for the TrilioVault Appliance GUI admin user:

• Login

• Logout

• Password change

Any login attempts with a different user are also logged with the appropriate error message.

New Feature: Introduction of the TVR appliance SSH service user

All tasks that needed to be done directly on the TrilioVault appliance during installation, configuration or troubleshooting required the root user, which had far more priviliges than required.

TVR 4.1 is introducing the TVR service user rhv_nw who is capable of doing the following tasks on the TrilioVault Appliance directly:

• Change network interface configuration

• Show logs

• restart workloadmgr services

Known issues

NFSv4 not supported

TVR 4.1 is not supporting NFSv4. Backups taken using NFSv4 will fail with I/O errors.

Workaround is to enforce the usage of NFSv3 by adding vers=3 as NFS option.

Clicking download file multiple times after a file search creates error messages in wlm-api logs

It is possible to download smaller files directly after a file search. When the user is clicking the download button multiple times without waiting for the download window to appear the wlm-api logs are flooded with error messages.

TVR transfer daemon can be installed on RHV Manager

It is possible to accidently run the installation of the TVR daemon, that is supposed to run on the RHV Hosts only, against the RHV Manager.

The installation will succeed and backups might fail with the following error:

error while converting qcow2: Could not create file: Numerical result out of range\n'

Snapshot mount UI timing out on directories with over 100.000 files inside

It has been observed that while navigating through mounted Snapshots inside the RHV Manager the UI freezes when directories are accessed, which contain more than 100.000 files.

This might be observed with less files or much more files depending on the transfer speed between TrilioVault appliance and backup target.

Filesearch is erroring if no result is returned after 5 minutes

In case of Filesearch requiring more than 5 minutes the process fails and a SQL Server gone away error gets logged.

This can happen due to a huge amount of files needed to be searched, which is hitting the limit of the max_allowed_packet handled by MySQL. This value can be increased in /etc/my.cnf.d/server.conf as shown below.

Import workloads may show as failed but is not actually failed

It has been observed that during the import of many workloads at once that the TrilioVault Appliance GUI returns that the workload import failed, but it is actually ongoing in the background.

The workload import status can be tailed in the wlm-api log.

The wlm-api log is also showing the error message of the NGINX gateway failure (timeout), which is leading to the wrong error message on the GUI.

Manual cleanup of Trilio roles required

In case of TrilioVault being uninstalled in a environment are the TrilioVault roles created in RHV left behind and need to be deleted by an administrator manually.

Definition

A Restore is the workflow to bring back the backed up VMs from a TrilioVault Snapshot.

TrilioVault does offer 3 types of restores:

• One Click restore

• Selective restore

• InPlace restore

One Click Restore

The One Click Restore will bring back all VMs from the Snapshot in the same state as they were backed up. They will:

• be located in the same cluster in the same datacenter

• use the same storage domain

• connect to the same network

• have the same flavor

The user can't change any Metadata.

There are 2 possibilities to start a One Click Restore.

Possibility 1: From the Snapshot list

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to be restored

4. Click the workload name to enter the Workload overview

Possibility 2: From the Snapshot overview

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to be restored

4. Click the workload name to enter the Workload overview

Selective Restore

The Selective Restore is the most complex restore TrilioVault has to offer. It allows to adapt the restored VMs to the exact needs of the User.

With the selective restore the following things can be changed:

• Which VMs are getting restored

• Name of the restored VMs

• Which networks to connect with

• Which Storage domain to use

There are 2 possibilities to start a Selective Restore.

Possibility 1: From the Snapshot list

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to be restored

4. Click the workload name to enter the Workload overview

Possibility 2: From the Snapshot overview

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to be restored

4. Click the workload name to enter the Workload overview

Inplace Restore

The Inplace Restore covers those use cases, where the VM and its Volumes are still available, but the data got corrupted or needs to a rollback for other reasons.

It allows the user to restore only the data of a selected Volume, which is part of a backup.

There are 2 possibilities to start an Inplace Restore.

Possibility 1: From the Snapshot list

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to be restored

4. Click the workload name to enter the Workload overview

Possibility 2: From the Snapshot overview

1. Login to the RHV-Manager

2. Navigate to the Backup Tab

3. Identify the workload that contains the Snapshot to be restored

4. Click the workload name to enter the Workload overview

After the installation and configuration of TrilioVault for RHV did succeed the following steps can be done to verify that the TrilioVault installation is healthy.

Verify the TrilioVault Appliance services are up

TrilioVault is using 3 main services on the TrilioVault Appliance:

• wlm-api

• wlm-scheduler

• wlm-workloads

Those can be verified to be up and running using the systemctl status command.

Check the TrilioVault pacemaker and nginx cluster

The second component to check the TrilioVault Appliance's health is the nginx and pacemaker cluster.

Verify API connectivity from the RHV-Manager

The RHV-Manager is doing all API calls towards the TrilioVault Appliance. Therefore it is helpful to do a quick API connectivity check using curl.

The following curl command lists the available workload-types and verfifies that the connection is available and working:

Verify the ovirt-imageio services are up and running

TrilioVault is extending the already exiting ovirt-imageio services. The installation of these extensions does check if the ovirt-services come up. Still it is a good call to verify again afterwards:

RHV 4.3.X

On the RHV-Manager check the ovirt-imageio-proxy service:

On the RHV-Host check the ovirt-imageio-daemon service:

RHV 4.4.X

On the RHV-Manager check the ovirt-imageio-proxy service:

On the RHV-Host check the ovirt-imageio-daemon service:

Verify the NFS Volume is correctly mounted

TrilioVault mounts the NFS Backup Target to the TrilioVault Appliance and RHV-Hosts.

To verify those are correctly mounted it is recommended to do the following checks.

First df -h looking for /var/triliovault-mounts/<hash-value>

Secondly do a read / write / delete test as the user vdsm:kvm (uid = 36 / gid = 36) from the TrilioVault Appliance and the RHV-Host.

The TrilioVault Appliance requires configuration to work with the chosen RHV environment. A Web-UI provides access to the TrilioVault Appliance dashboard and configurator.

Accessing the TrilioVault Dashboard

Enter the TrilioVault IP or FQDN into the browser to reach the TrilioVault Appliance landing page.

User: admin Password: password

Details needed for the TrilioVault Appliance configurator

Upon login into the TrilioVault Appliance, the shown page is the configurator. The configurator requires some information about the TrilioVault Appliance, RHV and Backup Storage.

TrilioVault Nodes information

The TrilioVault Appliance needs to be integrated into an existing environment to be able to operate correctly. This block asks for information about the TrilioVault Appliance operating details.

• Virtual IP Address

  • The TrilioVault Appliance uses this IP address for all communication with RHV.

  • Format: IP/Netmask

• TVM Appliance IP

  • The first interface in the interface list of the TrilioVault Appliance will get this IP address assigned. Further is the TrilioVault Appliance hostname set.

  • Format: IP=hostname

• Name Servers

  • The DNS server the TrilioVault appliance will use.

  • Format: Comma separated list of IPs

  • Example: 8.8.8.8,10.10.10.10

RHV Credentials information

The TrilioVault appliance integrates with one RHV environment. This block asks for the information required to access and connect with the RHV Cluster.

• RHV Engine URL

  • URL of the RHV-Manager used to authenticate

  • Format: URL (FQDN and IP supported)

  • Example: https://rhv-manager.trilio.demo

• RHV Username

  • admin-user to authenticate against the RHV-Manager

  • Format: user@domain

  • Example: admin@internal

Backup Storage Configuration information

This block asks for the necessary details to configure the Backup Storage.

• Backup Storage

  • NFS or S3

In the case of NFS

• NFS Export

  • Full path to the NFS Volume used as Backup Storage

  • Format: Comma separated list of NFS paths

In the case of S3

• Amazon or Ceph or Local Ceph

  • Amazon expects to connect to AWS services

  • Ceph allows connecting to any S3 bucket that is either not using SSL or a trusted SSL certificate

TrilioVault Certificate information

TrilioVault is integrating into the RHV Cluster as an additional service, following the RHV communication paradigms. These require that the TrilioVault Appliance is using SSL and that the RHV-Manager does trust the TrilioVault Appliance.

TrilioVault offers to possibilities how these required certificates can be provided. Either TrilioVault generates a complete fresh self-signed certificate or a certificate is provided.

In both cases is the FQDN required, to which the certificate is pointing to.

Please see below example in case of a provided certificate.

• FQDN

  • FQDN to reach the TrilioVault Appliance

  • Format: FQDN

  • Example: rhv-tvm.trilio.demo

TrilioVault License

It is possible to directly provide the TrilioVault Appliance with the license file that is going to be used by it.

It is not necessary to provide the License file directly through the configurator. It is also possible to provide the license afterwards through the TrilioVault License tab in the TrilioVault dashboard.

The TrilioVault License tab can also be used to verify and update the currently installed license.

Submit and Configuration

After filling out every block of the configurator, hit the submit button to start the configuration.

The configurator asks one more time for confirmation before starting.

While the configurator is running the live output from the ansible playbooks is shown. Some of the tasks can take multiple minutes until they are finished without an update to the output.

Wait until the configurator has either finished or failed.