Merge pull request #71534 from CarmiWisemon/oadp3144-aws-sts

OADP 3144 - Installing OADP on an AWS STS cluster manually

Author: stevsmit

_topic_maps/_topic_map.yml

@@ -3088,6 +3088,11 @@ Topics:
     Topics:
     - Name: Backing up applications on ROSA STS using OADP
       File: oadp-rosa-backing-up-applications
+  - Name: OADP and AWS STS
+    Dir: aws-sts
+    Topics:
+    - Name: Backing up applications on AWS STS using OADP
+      File: oadp-aws-sts
   - Name: OADP 1.2 Data Mover
     Dir: installing
     Topics:

backup_and_restore/application_backup_and_restore/aws-sts/_attributes

@@ -0,0 +1 @@
+../../../_attributes/

backup_and_restore/application_backup_and_restore/aws-sts/images

@@ -0,0 +1 @@
+../../../images/

backup_and_restore/application_backup_and_restore/aws-sts/modules

@@ -0,0 +1 @@
+../../../modules

backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc

@@ -0,0 +1,43 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="oadp-aws-sts"]
+= Backing up applications on AWS STS using OADP
+include::_attributes/common-attributes.adoc[]
+:context: oadp-aws-sts-backing-up-applications
+
+toc::[]
+
+You install the {oadp-first} with {aws-first} by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v{velero-version}/[Velero {velero-version}].
+
+include::snippets/oadp-mtc-operator.adoc[]
+
+You configure {aws-short} for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
+
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+
+You can install {oadp-short} on an AWS {sts-first} (AWS STS) cluster manually. Amazon {aws-short} provides {aws-short} STS as a web service that enables you to request temporary, limited-privilege credentials for users. You use STS to provide trusted users with temporary access to resources via API calls, your {aws-short} console, or the {aws-short} command line interface (CLI).
+
+Before installing {oadp-first}, you must set up role and policy credentials for {oadp-short} so that it can use the {aws-full} API.
+
+This process is performed in the following two stages:
+
+. Prepare {aws-short} credentials.
+. Install the OADP Operator and give it an IAM role.
+
+include::modules/preparing-aws-sts-credentials-for-oadp.adoc[leveloffset=+1]
+
+include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
+
+include::modules/installing-oadp-aws-sts.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console]
+* xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#backing-up-applications[Backing up applications]
+
+[id="oadp-aws-sts-backing-up-and-cleaning"]
+== Backing up workload on OADP AWS STS, with an optional cleanup
+
+include::modules/performing-a-backup-oadp-aws-sts.adoc[leveloffset=+2]
+
+include::modules/cleanup-a-backup-oadp-aws-sts.adoc[leveloffset=+2]

backup_and_restore/application_backup_and_restore/aws-sts/snippets

@@ -0,0 +1 @@
+../../../snippets/

backup_and_restore/application_backup_and_restore/oadp-rosa/oadp-rosa-backing-up-applications.adoc

@@ -32,8 +32,8 @@ include::modules/installing-oadp-rosa-sts.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/operators/user-tasks#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console].
-* link:https://docs.openshift.com/container-platform/4.14/backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.html[Backing up applications]
+* xref:../../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-from-operatorhub-using-web-console_olm-installing-operators-in-namespace[Installing from OperatorHub using the web console].
+* xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#backing-up-applications[Backing up applications]
 
 [id="oadp-rosa-backing-up-and-cleaning"]
 == Example: Backing up workload on OADP ROSA STS, with an optional cleanup

modules/cleanup-a-backup-oadp-aws-sts.adoc

@@ -0,0 +1,104 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/oadp-aws-sts/oadp-aws-sts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="cleanup-a-backup-oadp-aws-sts_{context}"]
+= Cleaning up a cluster after a backup with OADP and AWS STS
+
+If you need to uninstall the {oadp-first} Operator together with the backups and the S3 bucket from this example, follow these instructions.
+
+.Procedure
+
+. Delete the workload by running the following command:
++
+[source,terminal]
+----
+$ oc delete ns hello-world
+----
+
+. Delete the Data Protection Application (DPA) by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete dpa ${CLUSTER_NAME}-dpa
+----
+
+. Delete the cloud storage by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete cloudstorage ${CLUSTER_NAME}-oadp
+----
+
++
+[IMPORTANT]
+====
+If this command hangs, you might need to delete the finalizer by running the following command:
+
+[source,terminal]
+----
+$ oc -n openshift-adp patch cloudstorage ${CLUSTER_NAME}-oadp -p '{"metadata":{"finalizers":null}}' --type=merge
+----
+====
+
+. If the Operator is no longer required, remove it by running the following command:
++
+[source,terminal]
+----
+$ oc -n openshift-adp delete subscription oadp-operator
+----
+
+. Remove the namespace from the Operator by running the following command:
++
+[source,terminal]
+----
+$ oc delete ns openshift-adp
+----
+
+. If the backup and restore resources are no longer required, remove them from the cluster by running the following command:
++
+[source,terminal]
+----
+$ oc delete backup hello-world
+----
+
+. To delete backup, restore and remote objects in {aws-short} S3, run the following command:
++
+[source,terminal]
+----
+$ velero backup delete hello-world
+----
+
+. If you no longer need the Custom Resource Definitions (CRD), remove them from the cluster by running the following command:
++
+[source,terminal]
+----
+$ for CRD in `oc get crds | grep velero | awk '{print $1}'`; do oc delete crd $CRD; done
+----
+
+. Delete the {aws-short} S3 bucket by running the following commands:
++
+[source,terminal]
+----
+$ aws s3 rm s3://${CLUSTER_NAME}-oadp --recursive
+----
++
+[source,terminal]
+----
+$ aws s3api delete-bucket --bucket ${CLUSTER_NAME}-oadp
+----
+
+. Detach the policy from the role by running the following command:
++
+[source,terminal]
+----
+$ aws iam detach-role-policy --role-name "${ROLE_NAME}"  --policy-arn "${POLICY_ARN}"
+----
+
+. Delete the role by running the following command:
++
+[source,terminal]
+----
+$ aws iam delete-role --role-name "${ROLE_NAME}"
+----