Merge pull request #41678 from apinnick/CNV13698-backup-restore-oadp-plugin

CNV-13698: CNV OADP integration

Author: apinnick

_topic_maps/_topic_map.yml

@@ -3223,6 +3223,17 @@ Topics:
   - Name: Collecting OpenShift Virtualization data for Red Hat Support
     File: virt-collecting-virt-data
     Distros: openshift-enterprise
+- Name: Backup and restore
+  Dir: backup_restore
+  Topics:
+  - Name: Backup and restore overview
+    File: virt-backup-restore-overview
+  - Name: Installing and configuring OADP
+    File: virt-installing-configuring-oadp
+  - Name: Backing up virtual machines
+    File: virt-backing-up-vms
+  - Name: Restoring virtual machines
+    File: virt-restoring-vms
 #  - Name: Collecting OKD Virtualization data for community report
 #    File: virt-collecting-virt-data
 #    Distros: openshift-origin

backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc

@@ -29,9 +29,9 @@ To back up PVs with snapshots, you must have a cloud provider that supports eith
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc#installing-oadp-gcp[Google Cloud Platform]
 * CSI snapshot-enabled cloud provider, such as xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc#installing-oadp-ocs[OpenShift Container Storage]
 
-If your cloud provider does not support snapshots or if your storage is NFS, you can back up applications with xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic].
+If your cloud provider does not support snapshots or if your storage is NFS, you can back up applications with xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic backups] on object storage.
 
-You create a `Secret` object for your storage provider credentials and then you install the Data Protection Application.
+You create a default `Secret` and then you install the Data Protection Application.
 
 [discrete]
 [role="_additional-resources"]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc

@@ -10,23 +10,22 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You install the OpenShift API for Data Protection (OADP) with Amazon Web Services (AWS) by installing the OADP Operator, configuring AWS for Velero, and then installing the Data Protection Application.
+You install the Openshift API for Data Protection (OADP) with Amazon Web Services (AWS) by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v1.7/[Velero 1.7].
 
-:FeatureName: The `CloudStorage` API for S3 storage
-include::snippets/technology-preview.adoc[]
+You configure AWS for Velero, create a default `Secret`, and then install the Data Protection Application.
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-aws-s3.adoc[leveloffset=+1]
-
-include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
+include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
 include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 
 [id="configuring-dpa-aws"]
 == Configuring the Data Protection Application
 
-You can configure Velero resource allocations and enable self-signed CA certificates.
+You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.
 
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc

@@ -10,23 +10,22 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You install the OpenShift API for Data Protection (OADP) with Microsoft Azure by installing the OADP Operator, configuring Azure for Velero, and then installing the Data Protection Application.
+You install the Openshift API for Data Protection (OADP) with Microsoft Azure by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v1.7/[Velero 1.7].
 
-:FeatureName: The `CloudStorage` API for S3 storage
-include::snippets/technology-preview.adoc[]
+You configure Azure for Velero, create a default `Secret`, and then install the Data Protection Application.
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-azure.adoc[leveloffset=+1]
-
-include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
+include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
 include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 
 [id="configuring-dpa-azure"]
 == Configuring the Data Protection Application
 
-You can configure Velero resource allocations and enable self-signed CA certificates.
+You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.
 
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc

@@ -10,23 +10,22 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You install the OpenShift API for Data Protection (OADP) with Google Cloud Platform (GCP) by installing the OADP Operator, configuring GCP for Velero, and then installing the Data Protection Application.
+You install the Openshift API for Data Protection (OADP) with Google Cloud Platform (GCP) by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v1.7/[Velero 1.7].
 
-:FeatureName: The `CloudStorage` API for S3 storage
-include::snippets/technology-preview.adoc[]
+You configure GCP for Velero, create a default `Secret`, and then install the Data Protection Application.
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-gcp.adoc[leveloffset=+1]
-
-include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
+include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
 include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 
 [id="configuring-dpa-gcp"]
 == Configuring the Data Protection Application
 
-You can configure Velero resource allocations and enable self-signed CA certificates.
+You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.
 
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc

@@ -10,29 +10,27 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You install the OpenShift API for Data Protection (OADP) with Multicloud Object Gateway (MCG) by installing the OADP Operator, creating a `Secret` object, and then installing the Data Protection Application.
+You install the Openshift API for Data Protection (OADP) with Multicloud Object Gateway (MCG) by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v1.7/[Velero 1.7].
 
-MCG is a component of OpenShift Container Storage (OCS). You configure MCG as a backup location in the `DataProtectionApplication` custom resource (CR).
+You configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] as a backup location.
 
 :FeatureName: The `CloudStorage` API for S3 storage
 include::snippets/technology-preview.adoc[]
 
-If your cloud provider has a native snapshot API, configure a snapshot location. If your cloud provider does not support snapshots or if your storage is NFS, you can create backups with Restic.
-
-You do not need to specify a snapshot location in the `DataProtectionApplication` CR for Restic or Container Storage Interface (CSI) snapshots.
+You create a `Secret` for the backup location and then you install the Data Protection Application.
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
 
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-mcg.adoc[leveloffset=+1]
-
-include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
+include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
 include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 
 [id="configuring-dpa-mcg"]
 == Configuring the Data Protection Application
 
-You can configure Velero resource allocations and enable self-signed CA certificates.
+You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.
 
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc

@@ -10,33 +10,26 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You install the OpenShift API for Data Protection (OADP) with OpenShift Container Storage (OCS) by installing the OADP Operator and configuring a backup location and a snapshot location. Then, you install the Data Protection Application.
+You install the Openshift API for Data Protection (OADP) with OpenShift Container Storage (OCS) by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v1.7/[Velero 1.7].
 
-You can configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] or any S3-compatible object storage as a backup location in the `DataProtectionApplication` custom resource (CR).
+You can configure xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway] or any S3-compatible object storage as a backup location.
 
 :FeatureName: The `CloudStorage` API for S3 storage
 include::snippets/technology-preview.adoc[]
 
-If the cloud provider has a native snapshot API, you can configure cloud storage as a snapshot location in the `DataProtectionApplication` CR. You do not need to specify a snapshot location for Restic or Container Storage Interface (CSI) snapshots.
+You create a `Secret` for the backup location and then you install the Data Protection Application.
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
 
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
-
-[NOTE]
-====
-After you install the OADP Operator, you configure object storage as a backup location and cloud storage as a snapshot location, if the cloud provider supports a native snapshot API.
-
-If the cloud provider does not support snapshots or if your storage is NFS, you can create backups with xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic]. Restic does not require a snapshot location.
-====
-
-include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]
+include::modules/oadp-creating-default-secret.adoc[leveloffset=+2]
 include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
 
 [id="configuring-dpa-ocs"]
 == Configuring the Data Protection Application
 
-You can configure Velero resource allocations and enable self-signed CA certificates.
+You can configure the Data Protection Application by setting Velero resource allocations or enabling self-signed CA certificates.
 
 include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
 include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]

modules/oadp-about-backup-snapshot-locations-secrets.adoc

@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc
+// * backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc
+// * virt/backup_restore/virt-installing-configuring-oadp.adoc
+
+:_content-type: CONCEPT
+[id="oadp-about-backup-snapshot-locations_{context}"]
+= About backup and snapshot locations and their secrets
+
+You specify backup and snapshot locations and their secrets in the `DataProtectionApplication` custom resource (CR).
+
+[id="backup-locations_{context}"]
+[discrete]
+== Backup locations
+
+You specify S3-compatible object storage, such as Multicloud Object Gateway, Noobaa, or Minio, as a backup location.
+
+Velero backs up {product-title} resources, Kubernetes objects, and internal images as an archive file on object storage.
+
+[id="snapshot-locations_{context}"]
+[discrete]
+== Snapshot locations
+
+ifdef::installing-oadp-aws,installing-oadp-azure,installing-oadp-gcp,installing-oadp-mcg,installing-oadp-ocs[]
+If you use your cloud provider's native snapshot API to back up persistent volumes, you must specify the cloud provider as the snapshot location.
+endif::[]
+ifdef::virt-installing-configuring-oadp[]
+If you use your cloud provider's native snapshot API to back up virtual machine disks, you must specify the cloud provider as the snapshot location.
+endif::[]
+
+If you use Container Storage Interface (CSI) snapshots, you do not need to specify a snapshot location because you will create a `VolumeSnapshotClass` CR to register the CSI driver.
+
+If you use Restic, you do not need to specify a snapshot location because Restic backs up the file system on object storage.
+
+[id="secrets_{context}"]
+[discrete]
+== Secrets
+
+If the backup and snapshot locations use the same credentials or if you do not require a snapshot location, you create a default `Secret`.
+
+If the backup and snapshot locations use different credentials, you create two secret objects:
+
+* Custom `Secret` for the backup location, which you specify in the `DataProtectionApplication` CR.
+* Default `Secret` for the snapshot location, which is not referenced in the `DataProtectionApplication` CR.
+
+[IMPORTANT]
+====
+The Data Protection Application requires a default `Secret`. Otherwise, the installation will fail.
+
+If you do not want to specify backup or snapshot locations during the installation, you can create a default `Secret` with an empty `credentials-velero` file.
+====

modules/oadp-backing-up-pvs-csi.adoc

@@ -6,7 +6,7 @@
 [id="oadp-backing-up-pvs-csi_{context}"]
 = Backing up persistent volumes with CSI snapshots
 
-You back up persistent volumes with Container Storage Interface (CSI) snapshots by creating a `VolumeSnapshotClass` custom resource (CR) to register the CSI driver before you create the `Backup` CR.
+You back up persistent volumes with Container Storage Interface (CSI) snapshots by editing the `VolumeSnapshotClass` custom resource (CR) of the cloud storage before you create the `Backup` CR.
 
 .Prerequisites
 
@@ -15,44 +15,8 @@ You back up persistent volumes with Container Storage Interface (CSI) snapshots
 
 .Procedure
 
-* Create a `VolumeSnapshotClass` CR, as in the following examples:
+* Add the `metadata.labels.velero.io/csi-volumesnapshot-class: "true"` key-value pair to the `VolumeSnapshotClass` CR:
 +
-.Ceph RBD
-[source,yaml,subs="attributes+"]
-----
-apiVersion: snapshot.storage.k8s.io/v1
-kind: VolumeSnapshotClass
-deletionPolicy: Retain
-metadata:
-  name: <volume_snapshot_class_name>
-  labels:
-    velero.io/csi-volumesnapshot-class: "true"
-    snapshotter: openshift-storage.rbd.csi.ceph.com
-driver: openshift-storage.rbd.csi.ceph.com
-parameters:
-  clusterID: openshift-storage
-  csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner
-  csi.storage.k8s.io/snapshotter-secret-namespace: openshift-storage
-----
-+
-.Ceph FS
-[source,yaml,subs="attributes+"]
-----
-apiVersion: snapshot.storage.k8s.io/v1
-kind: VolumeSnapshotClass
-metadata:
-  name: <volume_snapshot_class_name>
-  labels:
-    velero.io/csi-volumesnapshot-class: "true"
-driver: openshift-storage.cephfs.csi.ceph.com
-deletionPolicy: Retain
-parameters:
-  clusterID: openshift-storage
-  csi.storage.k8s.io/snapshotter-secret-name: rook-csi-cephfs-provisioner
-  csi.storage.k8s.io/snapshotter-secret-namespace: openshift-storage
-----
-+
-.Other cloud providers
 [source,yaml,subs="attributes+"]
 ----
 apiVersion: snapshot.storage.k8s.io/v1