Using the legacy-aws Velero plugin

If you are using an AWS S3-compatible backup storage location, you might get a SignatureDoesNotMatch error while backing up your application. This error occurs because some backup storage locations still use the older versions of the S3 APIs, which are incompatible with the newer AWS SDK for Go V2. To resolve this issue, you can use the legacy-aws Velero plugin in the DataProtectionApplication custom resource (CR). The legacy-aws Velero plugin uses the older AWS SDK for Go V1, which is compatible with the legacy S3 APIs, ensuring successful backups.

Using the legacy-aws Velero plugin in the DataProtectionApplication CR

In the following use case, you configure the DataProtectionApplication CR with the legacy-aws Velero plugin and then back up an application.

Note

Depending on the backup storage location you choose, you can use either the legacy-aws or the aws plugin in your DataProtectionApplication CR. If you use both of the plugins in the DataProtectionApplication CR, the following error occurs: aws and legacy-aws can not be both specified in DPA spec.configuration.velero.defaultPlugins.

Prerequisites

• You have installed the OADP Operator.

• You have configured an AWS S3-compatible object storage as a backup location.

• You have an application with a database running in a separate namespace.

Procedure

1. Configure the DataProtectionApplication CR to use the legacy-aws Velero plugin as shown in the following example:

   apiVersion: oadp.openshift.io/v1alpha1
   kind: DataProtectionApplication
   metadata:
     name: oadp-backup
     namespace: openshift-adp
   spec:
     configuration:
       nodeAgent:
         enable: true
         uploaderType: kopia
       velero:
         defaultPlugins:
           - legacy-aws
           - openshift
           - csi
         defaultSnapshotMoveData: true
     backupLocations:
       - velero:
           config:
             profile: "default"
             region: noobaa
             s3Url: https://s3.openshift-storage.svc
             s3ForcePathStyle: "true"
             insecureSkipTLSVerify: "true"
           provider: aws
           default: true
           credential:
             key: cloud
             name:  cloud-credentials
           objectStorage:
             bucket: <bucket_name>
             prefix: oadp

   where:

   legacy-aws

   Specifies to use the legacy-aws plugin.

   <bucket_name>

   Specifies the bucket name.

2. Create the DataProtectionApplication CR by running the following command:

   $ oc apply -f <dpa_filename>

3. Verify that the DataProtectionApplication CR is created successfully by running the following command. In the example output, you can see the status object has the type field set to Reconciled and the status field set to "True". That status indicates that the DataProtectionApplication CR is successfully created.

   $ oc get dpa -o yaml

   Example output

   apiVersion: v1
   items:
   - apiVersion: oadp.openshift.io/v1alpha1
     kind: DataProtectionApplication
     metadata:
       namespace: openshift-adp
       #...#
     spec:
       backupLocations:
       - velero:
           config:
             #...#
     status:
       conditions:
       - lastTransitionTime: "20....9:54:02Z"
         message: Reconcile complete
         reason: Complete
         status: "True"
         type: Reconciled
   kind: List
   metadata:
     resourceVersion: ""

4. Verify that the backup storage location (BSL) is available by running the following command:

   $ oc get backupstoragelocations.velero.io -n openshift-adp

   You should see an output similar to the following example:

   NAME           PHASE       LAST VALIDATED   AGE   DEFAULT
   dpa-sample-1   Available   3s               15s   true

5. Configure a Backup CR as shown in the following example:

   apiVersion: velero.io/v1
   kind: Backup
   metadata:
     name: test-backup
     namespace: openshift-adp
   spec:
     includedNamespaces:
     - <application_namespace>

   where:

   <application_namespace>

   Specifies the namespace for the application to back up.

6. Create the Backup CR by running the following command:

   $ oc apply -f <backup_cr_filename>

Verification

• Verify that the backup object is in the Completed phase by running the following command. For more details, see the example output.

  $ oc describe backups.velero.io test-backup -n openshift-adp

  Example output

  Name:         test-backup
  Namespace:    openshift-adp
  # ....#
  Status:
    Backup Item Operations Attempted:  1
    Backup Item Operations Completed:  1
    Completion Timestamp:              2024-09-25T10:17:01Z
    Expiration:                        2024-10-25T10:16:31Z
    Format Version:                    1.1.0
    Hook Status:
    Phase:  Completed
    Progress:
      Items Backed Up:  34
      Total Items:      34
    Start Timestamp:    2024-09-25T10:16:31Z
    Version:            1
  Events:               <none>