OADP 2419 Release Notes for OADP 1.3.0 & Upgrade notes for 1.2.0

Author: CarmiWisemon

backup_and_restore/application_backup_and_restore/oadp-release-notes.adoc

@@ -9,13 +9,32 @@ toc::[]
 
 The release notes for OpenShift API for Data Protection (OADP) describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues.
 
+include::modules/oadp-release-notes-1-3-0.adoc[leveloffset=+1]
+include::modules/oadp-upgrade-from-oadp-data-mover-1-2-0.adoc[leveloffset=+3]
+include::modules/oadp-backing-up-dpa-configuration-1-3-0.adoc[leveloffset=+3]
+include::modules/oadp-upgrading-oadp-operator-1-3-0.adoc[leveloffset=+3]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators]
+
+include::modules/oadp-converting-dpa-to-new-version-1-3-0.adoc[leveloffset=+3]
+include::modules/oadp-verifying-upgrade-1-3-0.adoc[leveloffset=+3]
+
 include::modules/oadp-release-notes-1-2-3.adoc[leveloffset=+1]
 
 include::modules/oadp-release-notes-1-2-2.adoc[leveloffset=+1]
 
 include::modules/oadp-release-notes-1-2-1.adoc[leveloffset=+1]
 
 include::modules/oadp-release-notes-1-2-0.adoc[leveloffset=+1]
+include::modules/oadp-backing-up-dpa-configuration-1-2-0.adoc[leveloffset=+3]
+include::modules/oadp-upgrading-oadp-operator-1-2-0.adoc[leveloffset=+3]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators]
+
+include::modules/oadp-converting-to-new-dpa-1-2-0.adoc[leveloffset=+3]
+include::modules/oadp-verifying-upgrade-1-2-0.adoc[leveloffset=+3]
 
 include::modules/oadp-release-notes-1-1-7.adoc[leveloffset=+1]
 

modules/oadp-backing-up-dpa-configuration-1-2-0.adoc

@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-backing-up-dpa-configuration-1-2-0_{context}"]
+= Backing up the DPA configuration
+
+You must back up your current `DataProtectionApplication` (DPA) configuration.
+
+.Procedure
+* Save your current DPA configuration by running the following command:
++
+.Example
+[source,terminal]
+----
+$ oc get dpa -n openshift-adp -o yaml > dpa.orig.backup
+----
+

modules/oadp-backing-up-dpa-configuration-1-3-0.adoc

@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-backing-up-dpa-configuration-1-3-0_{context}"]
+= Backing up the DPA configuration
+
+You must back up your current `DataProtectionApplication` (DPA) configuration.
+
+.Procedure
+* Save your current DPA configuration by running the following command:
++
+.Example
+[source,terminal]
+----
+$ oc get dpa -n openshift-adp -o yaml > dpa.orig.backup
+----

modules/oadp-converting-dpa-to-new-version-1-3-0.adoc

@@ -0,0 +1,55 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-converting-dpa-to-new-version-1-3-0_{context}"]
+= Converting DPA to the new version
+
+If you need to move backups off cluster with the Data Mover, reconfigure the `DataProtectionApplication` (DPA) manifest as follows.
+
+.Procedure
+. Click *Operators* → *Installed Operators* and select the OADP Operator.
+. In the *Provided APIs* section, click *View more*.
+. Click *Create instance* in the *DataProtectionApplication* box.
+. Click *YAML View* to display the current DPA parameters.
++
+.Example current DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    features:
+      dataMover:
+      enable: true
+      credentialName: dm-credentials
+    velero:
+      defaultPlugins:
+      - vsm
+      - csi
+      - openshift
+# ...
+----
+
+. Update the DPA parameters:
+* Remove the `features.dataMover` key and values from the DPA.
+* Remove the VolumeSnapshotMover (VSM) plugin.
+* Add the `nodeAgent` key and values.
++
+.Example updated DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: kopia
+    velero:
+      defaultPlugins:
+      - csi
+      - openshift
+# ...
+----
+
+. Wait for the DPA to reconcile successfully.

modules/oadp-converting-to-new-dpa-1-2-0.adoc

@@ -0,0 +1,51 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes.adoc
+
+:_mod-docs-content-type: PROCEDURE
+
+[id="oadp-converting-to-new-dpa-1-2-0_{context}"]
+= Converting DPA to the new version
+
+If you use the fields that were updated in the `spec.configuration.velero.args` stanza, you must configure your `DataProtectionApplication` (DPA) manifest to use the new parameter names.
+
+.Procedure
+
+. Click *Operators* → *Installed Operators* and select the OADP Operator.
+. Select *Provided APIs*, click *Create instance* in the *DataProtectionApplication* box.
+. Click *YAML View* to display the current DPA parameters.
++
+.Example current DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    velero:
+      args:
+        default-volumes-to-restic: true
+        default-restic-prune-frequency: 6000
+        restic-timeout: 600
+# ...
+----
+
+. Update the DPA parameters:
+. Update the DPA parameter names without changing their values:
+.. Change the `default-volumes-to-restic` key to `default-volumes-to-fs-backup`.
+.. Change the `default-restic-prune-frequency` key to `default-repo-maintain-frequency`.
+.. Change the `restic-timeout` key to `fs-backup-timeout`.
+
++
+.Example updated DPA
+[source,yaml]
+----
+spec:
+  configuration:
+    velero:
+      args:
+        default-volumes-to-fs-backup: true
+        default-repo-maintain-frequency: 6000
+        fs-backup-timeout: 600
+# ...
+----
+
+. Wait for the DPA to reconcile successfully.

modules/oadp-release-notes-1-2-0.adoc

@@ -3,7 +3,7 @@
 // * backup_and_restore/oadp-release-notes.adoc
 
 :_mod-docs-content-type: REFERENCE
-[id="migration-oadp-release-notes-1-2-0_{context}"]
+[id="oadp-release-notes-1-2-0_{context}"]
 = OADP 1.2.0 release notes
 
 The OADP 1.2.0 release notes include information about new features, bug fixes, and known issues.
@@ -43,3 +43,33 @@ The HTTP/2 protocol is susceptible to a denial of service attack because request
 It is advised to upgrade to OADP 1.2.3, which resolves this issue.
 
 For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)].
+
+[id="Upgrade-notes-1-2-0_{context}"]
+== Upgrade notes
+
+[NOTE]
+====
+Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, then to 1.3.
+====
+
+[id="changes-oadp-1-1-to-1-2_{context}"]
+=== Changes from OADP 1.1 to 1.2
+
+The Velero server was updated from version 1.9 to 1.11.
+
+In OADP 1.2, the `DataProtectionApplication` (DPA) configuration `spec.configuration.velero.args` has the following changes:
+
+* The `default-volumes-to-restic` field was renamed to `default-volumes-to-fs-backup`. If you use `spec.velero`, you must add it again with the new name to your DPA after upgrading OADP.
+
+* The `default-volumes-to-restic` field was renamed to `default-volumes-to-fs-backup`. If you use `spec.velero`, you must add it again with the new name to your DPA after upgrading OADP.
+
+* The `restic-timeout` field was renamed to `fs-backup-timeout`. If you use `spec.velero`, you must add it again with the new name to your DPA after upgrading OADP.
+
+* The `restic` daemon set was renamed to `node-agent`. OADP automatically updates the name of the daemon set.
+
+* The custom resource definition `resticrepositories.velero.io` was renamed to `backuprepositories.velero.io`.
+
+* The custom resource definition `resticrepositories.velero.io` can be removed from the cluster.
+
+[id="upgrade-steps-1-2-0_{context}"]
+=== Upgrading steps

modules/oadp-release-notes-1-3-0.adoc

@@ -0,0 +1,156 @@
+// Module included in the following assemblies:
+//
+// * backup_and_restore/oadp-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="oadp-release-notes-1-3-0_{context}"]
+= OADP 1.3.0 release notes
+
+The {oadp-first} 1.3.0 release notes lists new features, resolved issues and bugs, and known issues.
+
+[id="new-features-1-3-0_{context}"]
+== New features
+
+.Velero built-in DataMover
+
+OADP 1.3 includes a built-in Data Mover that you can use to move Container Storage Interface (CSI) volume snapshots to a remote object store. The built-in Data Mover allows you to restore stateful applications from the remote object store if a failure, accidental deletion, or corruption of the cluster occurs. It uses Kopia as the uploader mechanism to read the snapshot data and to write to the Unified Repository.
+
+
+:FeatureName: Velero built-in DataMover
+include::snippets/technology-preview.adoc[]
+
+.Backing up applications with File System Backup: Kopia or Restic
+
+Velero’s File System Backup (FSB) supports two backup libraries: the Restic path and the Kopia path.
+
+Velero allows users to select between the two paths.
+
+For backup, specify the path during the installation through the `uploader-type` flag. The valid value is either `restic` or `kopia`. This field defaults to `kopia` if the value is not specified. The selection cannot be changed after the installation.
+
+.GCP Cloud authentication
+
+Google Cloud Platform (GCP) authentication enables you to use short-lived Google credentials.
+
+GCP with Workload Identity Federation enables you to use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This eliminates the maintenance and security risks associated with service account keys.
+
+.AWS ROSA STS authentication
+
+You can use {oadp-first} with {product-rosa} (ROSA) clusters to backup and restore application data.
+
+ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to speed up the building and delivering of differentiating experiences to your customers.
+
+You can subscribe to the service directly from your AWS account.
+
+After the clusters are created, you can operate your clusters by using the OpenShift web console. The ROSA service also uses OpenShift APIs and command-line interface (CLI) tools.
+
+[id="resolved-issues-1-3-0_{context}"]
+== Resolved issues
+
+.ACM applications were removed and re-created on managed clusters after restore
+Applications on managed clusters were deleted and re-created upon restore activation. {oadp-full} (OADP 1.2) backup and restore process is faster than the older versions. The OADP performance change caused this behavior when restoring ACM resources. Therefore, some resources were restored before other resources, which caused the removal of the applications from managed clusters.
+link:https://issues.redhat.com/browse/OADP-2686[OADP-2686]
+
+
+.Restic restore was partially failing due to Pod Security standard
+
+During interoperability testing, {product-title} 4.14 had the pod Security mode set to `enforce`, which caused the pod to be denied. This was caused due to the restore order. The pod was getting created before the security context constraints (SCC) resource, since the pod violated the `podSecurity` standard, it denied the pod. When setting the restore priority field on the Velero server, restore is successful. link:https://issues.redhat.com/browse/OADP-2688[OADP-2688]
+
+.Possible pod volume backup failure if Velero is installed in several namespaces
+
+There was a regresssion in Pod Volume Backup (PVB) functionality when Velero was installed in several namespaces. The PVB controller was not properly limiting itself to PVBs in its own namespace.
+link:https://issues.redhat.com/browse/OADP-2308[OADP-2308]
+
+.OADP Velero plugins returning "received EOF, stopping recv loop" message
+
+In OADP, Velero plugins were started as separate processes. When the Velero operation completes, either successfully or not, they exit. Therefore, if you see a `received EOF, stopping recv loop` messages in debug logs, it does not mean an error occurred, it means that a plugin operation has completed. link:https://issues.redhat.com/browse/OADP-2176[OADP-2176]
+
+.CVE-2023-39325 Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
+In previous releases of OADP, the HTTP/2 protocol was susceptible to a denial of service attack because request cancellation could reset multiple streams quickly. The server had to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This resulted in a denial of service due to server resource consumption.
+
+For more information, see link:https://access.redhat.com/security/cve/cve-2023-39325[CVE-2023-39325 (Rapid Reset Attack)]
+
+
+For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12422837[OADP 1.3.0 resolved issues] in Jira.
+
+[id="known-issues-1-3-0_{context}"]
+== Known issues
+
+.CSI plugin errors on nil pointer when csiSnapshotTimeout is set to a short duration
+The CSI plugin errors on nil pointer when `csiSnapshotTimeout` is set to a short duration. Sometimes it succeeds to complete the snapshot within a short duration, but often it panics with the backup `PartiallyFailed` with the following error: `plugin panicked: runtime error: invalid memory address or nil pointer dereference`.
+
+.Backup is marked as PartiallyFailed when volumeSnapshotContent CR has an error
+If any of the `VolumeSnapshotContent` CRs have an error related to removing the `VolumeSnapshotBeingCreated` annotation, it moves the backup to the `WaitingForPluginOperationsPartiallyFailed` phase. link:https://issues.redhat.com/browse/OADP-2871[OADP-2871]
+
+.Performance issues when restoring 30,000 resources for the first time
+When restoring 30,000 resources for the first time, without an existing-resource-policy, it takes twice as long to restore them, than it takes during the second and third try with an existing-resource-policy set to `update`. link:https://issues.redhat.com/browse/OADP-3071[OADP-3071]
+
+.Post restore hooks might start running before Datadownload operation has released the related PV
+Due to the asynchronous nature of the Data Mover operation, a post-hook might be attempted before the related pods persistent volumes (PVs) are released by the Data Mover persistent volume claim (PVC).
+
+
+.GCP-Workload Identity Federation VSL backup PartiallyFailed
+VSL backup `PartiallyFailed` when GCP workload identity is configured on GCP.
+
+
+For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/issues/?filter=12422838[OADP 1.3.0 known issues] in Jira.
+
+[id="upgrade-notes-1-3-0_{context}"]
+== Upgrade notes
+
+[NOTE]
+====
+Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, and then to 1.3.
+====
+
+[id="changes-oadp-1-2-to-1-3_{context}"]
+=== Changes from OADP 1.2 to 1.3
+
+The Velero server has been updated from version 1.11 to 1.12.
+
+{oadp-first} 1.3 uses the Velero built-in Data Mover instead of the VolumeSnapshotMover (VSM) or the Volsync Data Mover.
+
+This changes the following:
+
+* The `spec.features.dataMover` field and the VSM plugin are not compatible with OADP 1.3, and you must remove the configuration from the `DataProtectionApplication` (DPA) configuration.
+
+* The Volsync Operator is no longer required for Data Mover functionality, and you can remove it.
+
+* The custom resource definitions `volumesnapshotbackups.datamover.oadp.openshift.io` and `volumesnapshotrestores.datamover.oadp.openshift.io` are no longer required, and you can remove them.
+
+* The secrets used for the OADP-1.2 Data Mover are no longer required, and you can remove them.
+
+OADP 1.3 supports Kopia, which is an alternative file system backup tool to Restic.
+
+* To employ Kopia, use the new `spec.configuration.nodeAgent` field as shown in the following example:
++
+.Example
+[source,yaml]
+----
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: kopia
+# ...
+----
+
+* The `spec.configuration.restic` field is deprecated in OADP 1.3 and will be removed in a future version of OADP. To avoid seeing deprecation warnings, remove the `restic` key and its values, and use the following new syntax:
++
+.Example
+[source,yaml]
+----
+spec:
+  configuration:
+    nodeAgent:
+      enable: true
+      uploaderType: restic
+# ...
+----
+
+[NOTE]
+====
+In OADP 1.4, the `kopia` will become the default `uploaderType` value.
+====
+
+[id="upgrade-steps-1-3-0_{context}"]
+=== Upgrading steps