Deploy Freezer
Freezer is a disaster recovery and backup-as-a-service component for OpenStack. It provides a way to back up various resources, such as virtual machine instances, databases, and file systems.
It allows users to schedule backups, restore data, and manage the lifecycle of their backups to ensure data protection and business continuity within an OpenStack cloud.
This document outlines the deployment of OpenStack Freezer using Genestack.
Create secrets
Information about the secrets used
Manual secret generation is only required if you haven't run the
create-secrets.sh
script located in /opt/genestack/bin
.
Example secret generation
kubectl --namespace openstack \
create secret generic freezer-db-password \
--type Opaque \
--from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
kubectl --namespace openstack \
create secret generic freezer-admin \
--type Opaque \
--from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
Run the package deployment
Run the Freezer deployment Script /opt/genestack/bin/install-freezer.sh
#!/bin/bash
GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides"
SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/freezer"
BASE_OVERRIDES="/opt/genestack/base-helm-configs/freezer/freezer-helm-overrides.yaml"
# Read freezer version from helm-chart-versions.yaml
VERSION_FILE="/etc/genestack/helm-chart-versions.yaml"
if [ ! -f "$VERSION_FILE" ]; then
echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE"
exit 1
fi
# Extract freezer version using grep and sed
FREEZER_VERSION=$(grep 'freezer:' "$VERSION_FILE" | sed 's/.*freezer: *//')
if [ -z "$FREEZER_VERSION" ]; then
echo "Error: Could not extract freezer version from $VERSION_FILE"
exit 1
fi
HELM_CMD="helm upgrade --install freezer openstack-helm/freezer --version ${FREEZER_VERSION} \
--namespace=openstack \
--timeout 120m"
HELM_CMD+=" -f ${BASE_OVERRIDES}"
# Append YAML files from the directories
for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do
if compgen -G "${dir}/*.yaml" > /dev/null; then
for yaml_file in "${dir}"/*.yaml; do
HELM_CMD+=" -f ${yaml_file}"
done
fi
done
HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.identity.auth.freezer.password=\"$(kubectl --namespace openstack get secret freezer-admin -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.identity.auth.test.password=\"$(kubectl --namespace openstack get secret freezer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.oslo_db.auth.freezer.password=\"$(kubectl --namespace openstack get secret freezer-db-password -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\""
HELM_CMD+=" --set conf.freezer.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\""
HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh"
HELM_CMD+=" --post-renderer-args freezer/overlay"
helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm
helm repo update
HELM_CMD+=" $@"
echo "Executing Helm command:"
echo "${HELM_CMD}"
eval "${HELM_CMD}"
Tip
You may need to provide custom values to configure your OpenStack services.
For a simple single region or lab deployment you can supply an additional
overrides flag using the example found at
base-helm-configs/aio-example-openstack-overrides.yaml
.