MinIO su RHEL/Rocky 9 + OADP Backup & Restore su OpenShift
📦 MinIO su RHEL/Rocky 9 + OADP Backup & Restore su OpenShift
Guida completa per installare MinIO su VM RHEL/Rocky 9 (binario o container Podman con systemd) e configurare OpenShift API for Data Protection (OADP) per backup e restore di:
- Namespace
- PV / PVC
- CRD
Senza ACM, focalizzata su OCP.
📑 Indice
- Requisiti
- MinIO come binario
- MinIO come container (Podman)
- Podman → systemd
- Configurazione MinIO (bucket)
- Installazione OADP
- Configurazione OADP + MinIO
- Backup via CRD
- Restore via CRD
- Debug & troubleshooting
1. Requisiti
- VM RHEL 9 o Rocky 9 (root)
- OpenShift Container Platform 4.x
occonfigurato- Porte 9000 / 9001 raggiungibili dal cluster
2. MinIO come binario
wget https://dl.min.io/server/minio/release/linux-amd64/miniochmod +x miniomv minio /usr/local/bin/minio
mkdir -p /opt/minio/data
export MINIO_ROOT_USER=miniorootexport MINIO_ROOT_PASSWORD=SuperStrongPass123!
minio server /opt/minio/data --address ":9000" --console-address ":9001"3. MinIO come container (Podman)
dnf install @container-tools -y
podman pull minio/minio
podman run -d --name minio -p 9000:9000 -p 9001:9001 -e MINIO_ROOT_USER=minioroot -e MINIO_ROOT_PASSWORD=SuperStrongPass123! -v /opt/minio/data:/data minio/minio server /data --console-address ":9001"4. Podman → systemd
podman generate systemd --name minio --files --newmv container-minio.service /etc/systemd/system/
systemctl daemon-reexecsystemctl daemon-reloadsystemctl enable --now container-miniosystemctl status container-minioOpzionale hardening:
[Service]Restart=alwaysRestartSec=5LimitNOFILE=655365. Configurazione MinIO (bucket)
wget https://dl.min.io/client/mc/release/linux-amd64/mcchmod +x mcmv mc /usr/local/bin/mc
mc alias set local http://<MINIO_IP>:9000 minioroot SuperStrongPass123!mc mb local/oadp-backups6. Installazione OADP
- OperatorHub → OpenShift API for Data Protection
- Namespace:
openshift-adp
Verifica:
oc get pods -n openshift-adp7. Configurazione OADP + MinIO
Credenziali
[default]aws_access_key_id=miniorootaws_secret_access_key=SuperStrongPass123!oc create secret generic cloud-credentials -n openshift-adp --from-file=cloud=./credentials-minioDataProtectionApplication
apiVersion: oadp.openshift.io/v1alpha1kind: DataProtectionApplicationmetadata: name: oadp-minio namespace: openshift-adpspec: backupLocations: - velero: provider: aws objectStorage: bucket: oadp-backups prefix: velero config: s3Url: http://<MINIO_IP>:9000 s3ForcePathStyle: "true" region: us-east-1 credential: name: cloud-credentials key: cloud configuration: velero: defaultPlugins: - aws restic: enable: true8. Backup via CRD
Namespace + PV/PVC
apiVersion: velero.io/v1kind: Backupmetadata: name: demo-backup namespace: openshift-adpspec: includedNamespaces: - demo snapshotVolumes: true defaultVolumesToRestic: true ttl: 168hSolo CRD
apiVersion: velero.io/v1kind: Backupmetadata: name: crd-backup namespace: openshift-adpspec: includedResources: - customresourcedefinitions.apiextensions.k8s.io9. Restore via CRD
Restore completo
apiVersion: velero.io/v1kind: Restoremetadata: name: demo-restore namespace: openshift-adpspec: backupName: demo-backupRestore senza PV
apiVersion: velero.io/v1kind: Restoremetadata: name: demo-nopv namespace: openshift-adpspec: backupName: demo-backup restorePVs: falseNamespace remap
apiVersion: velero.io/v1kind: Restoremetadata: name: demo-remap namespace: openshift-adpspec: backupName: demo-backup namespaceMapping: demo: demo-restored10. Debug
oc describe backup demo-backup -n openshift-adpoc describe restore demo-restore -n openshift-adp
oc logs deploy/velero -n openshift-adp