Merge pull request #70486 from anarnold97/OADP-3365-Fix-issues-in-OADP-ROSA-docs

OADP-3365: Fix issues in OADP docs

Author: stevsmit

modules/installing-oadp-rosa-sts.adoc

@@ -36,9 +36,9 @@ The Data Mover feature is not currently supported in ROSA clusters. You can use
 [source,terminal]
 ----
 $ cat <<EOF > ${SCRATCH}/credentials
-[default]
-role_arn = ${ROLE_ARN}
-web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
+  [default]
+  role_arn = ${ROLE_ARN}
+  web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
 EOF
 ----
 
@@ -66,8 +66,6 @@ secret, you only need to supply the role ARN during the installation of OLM-mana
 The preceding secret is created automatically by CCO.
 ====
 
-. Install the OADP Operator:
-.. In the {product-title} web console, browse to *Operators* -> *OperatorHub*.
 . Install the OADP Operator:
 .. In the {product-title} web console, browse to *Operators* -> *OperatorHub*.
 .. Search for the *OADP Operator*.
@@ -78,19 +76,19 @@ The preceding secret is created automatically by CCO.
 [source,terminal]
 ----
 $ cat << EOF | oc create -f -
-apiVersion: oadp.openshift.io/v1alpha1
-kind: CloudStorage
-metadata:
-  name: ${CLUSTER_NAME}-oadp
-  namespace: openshift-adp
-spec:
-  creationSecret:
-    key: credentials
-    name: cloud-credentials
-  enableSharedConfig: true
-  name: ${CLUSTER_NAME}-oadp
-  provider: aws
-  region: $REGION
+  apiVersion: oadp.openshift.io/v1alpha1
+  kind: CloudStorage
+  metadata:
+    name: ${CLUSTER_NAME}-oadp
+    namespace: openshift-adp
+  spec:
+    creationSecret:
+      key: credentials
+      name: cloud-credentials
+    enableSharedConfig: true
+    name: ${CLUSTER_NAME}-oadp
+    provider: aws
+    region: $REGION
 EOF
 ----
 // bringing over from MOB docs
@@ -151,34 +149,34 @@ If the application or applications that are being backed up are all using persis
 [source,terminal]
 ----
 $ cat << EOF | oc create -f -
-apiVersion: oadp.openshift.io/v1alpha1
-kind: DataProtectionApplication
-metadata:
-  name: ${CLUSTER_NAME}-dpa
-  namespace: openshift-adp
-spec:
-  backupImages: false
-  features:
-    dataMover:
-      enable: false
-  backupLocations:
-  - bucket:
-      cloudStorageRef:
-        name: ${CLUSTER_NAME}-oadp
-      credential:
-        key: credentials
-        name: cloud-credentials
-      default: true
-      config:
-        region: ${REGION}
-  configuration:
-    velero:
-      defaultPlugins:
-      - openshift
-      - aws
-      - csi
-    restic:
-      enable: false
+  apiVersion: oadp.openshift.io/v1alpha1
+  kind: DataProtectionApplication
+  metadata:
+    name: ${CLUSTER_NAME}-dpa
+    namespace: openshift-adp
+  spec:
+    backupImages: false
+    features:
+      dataMover:
+        enable: false
+    backupLocations:
+    - bucket:
+        cloudStorageRef:
+          name: ${CLUSTER_NAME}-oadp
+        credential:
+          key: credentials
+          name: cloud-credentials
+        default: true
+        config:
+          region: ${REGION}
+    configuration:
+      velero:
+        defaultPlugins:
+        - openshift
+        - aws
+        - csi
+      restic:
+        enable: false
 EOF
 ----
 // . Create the `DataProtectionApplication` resource, which is used to configure the connection to the storage where the backups and volume snapshots are stored:
@@ -188,38 +186,38 @@ EOF
 [source,terminal]
 ----
 $ cat << EOF | oc create -f -
-apiVersion: oadp.openshift.io/v1alpha1
-kind: DataProtectionApplication
-metadata:
-  name: ${CLUSTER_NAME}-dpa
-  namespace: openshift-adp
-spec:
-  backupLocations:
-  - bucket:
-      cloudStorageRef:
-        name: ${CLUSTER_NAME}-oadp
-      credential:
-        key: credentials
-        name: cloud-credentials
-      default: true
-      config:
-        region: ${REGION}
-  configuration:
-    velero:
-      defaultPlugins:
-      - openshift
-      - aws
-    nodeAgent: <1>
-      enable: false
-      uploaderType: restic
-  snapshotLocations:
-    - velero:
+  apiVersion: oadp.openshift.io/v1alpha1
+  kind: DataProtectionApplication
+  metadata:
+    name: ${CLUSTER_NAME}-dpa
+    namespace: openshift-adp
+  spec:
+    backupLocations:
+    - bucket:
+        cloudStorageRef:
+          name: ${CLUSTER_NAME}-oadp
+        credential:
+          key: credentials
+          name: cloud-credentials
+        default: true
         config:
-          credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials <2>
-          enableSharedConfig: "true" <3>
-          profile: default <4>
-          region: ${REGION} <5>
-        provider: aws
+          region: ${REGION}
+    configuration:
+      velero:
+        defaultPlugins:
+        - openshift
+        - aws
+      nodeAgent: <1>
+        enable: false
+        uploaderType: restic
+    snapshotLocations:
+      - velero:
+          config:
+            credentialsFile: /tmp/credentials/openshift-adp/cloud-credentials-credentials <2>
+            enableSharedConfig: "true" <3>
+            profile: default <4>
+            region: ${REGION} <5>
+          provider: aws
 EOF
 ----
 <1> See the following note.

modules/performing-a-backup-oadp-rosa-sts.adoc

@@ -48,16 +48,16 @@ Hello OpenShift!
 [source,terminal]
 ----
 $ cat << EOF | oc create -f -
-apiVersion: velero.io/v1
-kind: Backup
-metadata:
-  name: hello-world
-  namespace: openshift-adp
-spec:
-  includedNamespaces:
-  - hello-world
-  storageLocation: ${CLUSTER_NAME}-dpa-1
-  ttl: 720h0m0s
+  apiVersion: velero.io/v1
+  kind: Backup
+  metadata:
+    name: hello-world
+    namespace: openshift-adp
+  spec:
+    includedNamespaces:
+    - hello-world
+    storageLocation: ${CLUSTER_NAME}-dpa-1
+    ttl: 720h0m0s
 EOF
 ----
 
@@ -98,13 +98,13 @@ $ oc delete ns hello-world
 [source,terminal]
 ----
 $ cat << EOF | oc create -f -
-apiVersion: velero.io/v1
-kind: Restore
-metadata:
-  name: hello-world
-  namespace: openshift-adp
-spec:
-  backupName: hello-world
+  apiVersion: velero.io/v1
+  kind: Restore
+  metadata:
+    name: hello-world
+    namespace: openshift-adp
+  spec:
+    backupName: hello-world
 EOF
 ----
 

modules/preparing-aws-credentials-for-oadp.adoc

@@ -19,16 +19,16 @@ Change the cluster name to match your ROSA cluster, and ensure you are logged in
 [source,terminal]
 ----
 $ export CLUSTER_NAME=my-cluster <1>
-export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
-export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
-export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
-export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-export CLUSTER_VERSION=$(rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.')
-export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
-export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
-mkdir -p ${SCRATCH}
-echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
-${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+  export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
+  export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
+  export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
+  export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+  export CLUSTER_VERSION=$(rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.')
+  export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
+  export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
+  mkdir -p ${SCRATCH}
+  echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
+  ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
 ----
 +
 <1> Replace `my-cluster` with your ROSA cluster name.
@@ -54,49 +54,49 @@ If the policy ARN is not found, the command creates the policy. If the policy AR
 [source,terminal]
 ----
 $ if [[ -z "${POLICY_ARN}" ]]; then
-cat << EOF > ${SCRATCH}/policy.json <1>
-{
-"Version": "2012-10-17",
-"Statement": [
+  cat << EOF > ${SCRATCH}/policy.json <1>
   {
-    "Effect": "Allow",
-    "Action": [
-      "s3:CreateBucket",
-      "s3:DeleteBucket",
-      "s3:PutBucketTagging",
-      "s3:GetBucketTagging",
-      "s3:PutEncryptionConfiguration",
-      "s3:GetEncryptionConfiguration",
-      "s3:PutLifecycleConfiguration",
-      "s3:GetLifecycleConfiguration",
-      "s3:GetBucketLocation",
-      "s3:ListBucket",
-      "s3:GetObject",
-      "s3:PutObject",
-      "s3:DeleteObject",
-      "s3:ListBucketMultipartUploads",
-      "s3:AbortMultipartUploads",
-      "s3:ListMultipartUploadParts",
-      "s3:DescribeSnapshots",
-      "ec2:DescribeVolumes",
-      "ec2:DescribeVolumeAttribute",
-      "ec2:DescribeVolumesModifications",
-      "ec2:DescribeVolumeStatus",
-      "ec2:CreateTags",
-      "ec2:CreateVolume",
-      "ec2:CreateSnapshot",
-      "ec2:DeleteSnapshot"
-    ],
-    "Resource": "*"
-  }
- ]}
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:CreateBucket",
+        "s3:DeleteBucket",
+        "s3:PutBucketTagging",
+        "s3:GetBucketTagging",
+        "s3:PutEncryptionConfiguration",
+        "s3:GetEncryptionConfiguration",
+        "s3:PutLifecycleConfiguration",
+        "s3:GetLifecycleConfiguration",
+        "s3:GetBucketLocation",
+        "s3:ListBucket",
+        "s3:GetObject",
+        "s3:PutObject",
+        "s3:DeleteObject",
+        "s3:ListBucketMultipartUploads",
+        "s3:AbortMultipartUploads",
+        "s3:ListMultipartUploadParts",
+        "s3:DescribeSnapshots",
+        "ec2:DescribeVolumes",
+        "ec2:DescribeVolumeAttribute",
+        "ec2:DescribeVolumesModifications",
+        "ec2:DescribeVolumeStatus",
+        "ec2:CreateTags",
+        "ec2:CreateVolume",
+        "ec2:CreateSnapshot",
+        "ec2:DeleteSnapshot"
+      ],
+      "Resource": "*"
+    }
+   ]}
 EOF
 
-POLICY_ARN=$(aws iam create-policy --policy-name "RosaOadpVer1" \
---policy-document file:///${SCRATCH}/policy.json --query Policy.Arn \
---tags Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-oadp Key=operator_name,Value=openshift-oadp \
---output text)
-fi
+  POLICY_ARN=$(aws iam create-policy --policy-name "RosaOadpVer1" \
+  --policy-document file:///${SCRATCH}/policy.json --query Policy.Arn \
+  --tags Key=rosa_openshift_version,Value=${CLUSTER_VERSION} Key=rosa_role_prefix,Value=ManagedOpenShift Key=operator_namespace,Value=openshift-oadp Key=operator_name,Value=openshift-oadp \
+  --output text)
+  fi
 ----
 +
 <1> `SCRATCH` is a name for a temporary directory created for the environment variables.
@@ -116,23 +116,23 @@ $ echo ${POLICY_ARN}
 [source,terminal]
 ----
 $ cat <<EOF > ${SCRATCH}/trust-policy.json
-{
-    "Version":2012-10-17",
-    "Statement": [{
-      "Effect": "Allow",
-      "Principal": {
-        "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT}"
-      },
-      "Action": "sts:AssumeRoleWithWebIdentity",
-      "Condition": {
-        "StringEquals": {
-          "${OIDC_ENDPOINT}:sub": [
-            "system:serviceaccount:openshift-adp:openshift-adp-controller-manager",
-            "system:serviceaccount:openshift-adp:velero"]
+  {
+      "Version":2012-10-17",
+      "Statement": [{
+        "Effect": "Allow",
+        "Principal": {
+          "Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_ENDPOINT}"
+        },
+        "Action": "sts:AssumeRoleWithWebIdentity",
+        "Condition": {
+          "StringEquals": {
+            "${OIDC_ENDPOINT}:sub": [
+              "system:serviceaccount:openshift-adp:openshift-adp-controller-manager",
+              "system:serviceaccount:openshift-adp:velero"]
+          }
         }
-      }
-    }]
-}
+      }]
+  }
 EOF
 ----