expand/awx-on-k3s
1
0
Fork 0
mirror of https://github.com/Expand-sys/awx-on-k3s synced 2025-12-16 05:52:15 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #51 from kurokobo/backup-restore

Browse source 
feat: add example playbook to create backup
This commit is contained in:
kurokobo 2022-03-06 11:49:23 +09:00 committed by GitHub
commit 63da3b41b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 503 additions and 185 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

197
README.md
View file

@ -14,19 +14,13 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas
- [Environment](#environment)
- [References](#references)
- [Requirements](#requirements)
- [Procedure](#procedure)
- [Deployment Instruction](#deployment-instruction)
- [Prepare CentOS Stream 8 host](#prepare-centos-stream-8-host)
- [Install K3s](#install-k3s)
- [Install AWX Operator](#install-awx-operator)
- [Prepare required files](#prepare-required-files)
- [Deploy AWX](#deploy-awx)
- [Backing up and Restoring using AWX Operator](#backing-up-and-restoring-using-awx-operator)
- [Backing up using AWX Operator](#backing-up-using-awx-operator)
- [Prepare for Backup](#prepare-for-backup)
- [Invoke Manual Backup](#invoke-manual-backup)
- [Restoring using AWX Operator](#restoring-using-awx-operator)
- [Prepare for Restore](#prepare-for-restore)
- [Invoke Manual Restore](#invoke-manual-restore)
- [Back up and Restore AWX using AWX Operator](#back-up-and-restore-awx-using-awx-operator)
- [Additional Guides](#additional-guides)
## Environment
@ -57,7 +51,7 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas
- `/var/lib/rancher` will be created and consumed by K3s and related data like container images and overlayfs.
- `/data` will be created in this guide and used to store AWX-related databases and files.
## Procedure
## Deployment Instruction
### Prepare CentOS Stream 8 host
@ -166,7 +160,7 @@ Modify two `password`s in `base/kustomization.yaml`.
...
```
Prepare directories for Persistent Volumes defined in `base/pv.yaml`. These directories will be used to store your databases and project files.
Prepare directories for Persistent Volumes defined in `base/pv.yaml`. These directories will be used to store your databases and project files. Note that the size of the PVs and PVCs are specified in some of the files in this repository, but since their backends are `hostPath`, its value is just like a label and there is no actual capacity limitation.
```bash
sudo mkdir -p /data/postgres
@ -247,186 +241,19 @@ Now your AWX is available at `https://awx.example.com/` or the hostname you spec
At this point, however, AWX can be accessed via HTTP as well as HTTPS. If you want to redirect HTTP to HTTPS, see [📝Tips: Redirect HTTP to HTTPS](tips/https-redirection.md).
## Backing up and Restoring using AWX Operator
## Back up and Restore AWX using AWX Operator
The AWX Operator `0.10.0` or later has the ability to backup and restore AWX in easy way.
The AWX Operator `0.10.0` or later has the ability to back up and restore AWX in easy way.
### Backing up using AWX Operator
#### Prepare for Backup
Prepare directories for Persistent Volumes to store backup files that defined in `backup/pv.yaml`.
```bash
sudo mkdir -p /data/backup
```
Then deploy Persistent Volume and Persistent Volume Claim.
```bash
kubectl apply -k backup
```
#### Invoke Manual Backup
Modify the name of the AWXBackup object in `backup/awxbackup.yaml`.
```yaml
...
kind: AWXBackup
metadata:
name: awxbackup-2021-06-06 👈👈👈
namespace: awx
...
```
Then invoke backup by applying this manifest file.
```bash
kubectl apply -f backup/awxbackup.yaml
```
To monitor the progress of the deployment, check the logs of `deployments/awx-operator-controller-manager`:
```bash
kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
```
When the backup completes successfully, the logs end with:
```txt
$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
...
----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWXBackup, awxbackup-2021-06-06/awx) -----
PLAY RECAP *********************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
----------
```
This will create AWXBackup object in the namespace and also create backup files in the Persistent Volume. In this example those files are available at `/data/backup`.
```bash
$ kubectl -n awx get awxbackup
NAME AGE
awxbackup-2021-06-06 6m47s
```
```bash
$ ls -l /data/backup/
total 0
drwxr-xr-x. 2 root root 59 Jun 5 06:51 tower-openshift-backup-2021-06-06-10:51:49
$ ls -l /data/backup/tower-openshift-backup-2021-06-06-10\:51\:49/
total 736
-rw-r--r--. 1 root root 749 Jun 6 06:51 awx_object
-rw-r--r--. 1 root root 482 Jun 6 06:51 secrets.yml
-rw-------. 1 systemd-coredump root 745302 Jun 6 06:51 tower.db
```
Note that if you are using AWX Operator `0.12.0` or earlier, the contents of the Secret that passed through `ingress_tls_secret` parameter will not be included in this backup files. If necessary, get a dump of this Secret, or keep original certificate file and key file. In `0.13.0` or later, this secret is included in the backup file therefore you can ignore this step.
```bash
kubectl get secret awx-secret-tls -n awx -o yaml > awx-secret-tls.yaml
```
### Restoring using AWX Operator
To perfom restoration, you need to have AWX Operator running on Kubernetes. If you are planning to restore to a new environment, first prepare Kubernetes and AWX Operator by referring to the instructions on this page.
It is strongly recommended that the version of AWX Operator is the same as the version when the backup was taken. This is because the structure of the backup files differs between versions and may not be compatible. If you have upgraded AWX Operator after taking the backup, it is recommended to downgrade it for the restore. To deploy `0.13.0` or earlier version of AWX Operator, refer [📝Tips: Deploy older version of AWX Operator](tips/deploy-older-operator.md)
#### Prepare for Restore
If your PV, PVC, and Secret still exist, no preparation is required.
If you are restoring the entire AWX to a new environment, create the PVs and PVCs first to be restored.
```bash
sudo mkdir -p /data/postgres
sudo mkdir -p /data/projects
sudo chmod 755 /data/postgres
sudo chown 1000:0 /data/projects
```
Then deploy Persistent Volume and Persistent Volume Claim.
```bash
kubectl apply -k restore
```
#### Invoke Manual Restore
Modify the name of the AWXRestore object in `restore/awxrestore.yaml`.
```yaml
...
kind: AWXRestore
metadata:
name: awxrestore-2021-06-06 👈👈👈
namespace: awx
...
```
If you want to restore from AWXBackup object, specify its name in `restore/awxrestore.yaml`.
```yaml
...
# Parameters to restore from AWXBackup object
backup_pvc_namespace: awx
backup_name: awxbackup-2021-06-06 👈👈👈
...
```
If the AWXBackup object no longer exists, place the backup files and specify the name of the PVC and directory in `restore/awxrestore.yaml`.
```yaml
...
# Parameters to restore from existing files on PVC (without AWXBackup object)
backup_pvc_namespace: awx
backup_pvc: awx-backup-claim 👈👈👈
backup_dir: /backups/tower-openshift-backup-2021-06-06-10:51:49 👈👈👈
...
```
Then invoke restore by applying this manifest file.
```bash
kubectl apply -f restore/awxrestore.yaml
```
To monitor the progress of the deployment, check the logs of `deployments/awx-operator-controller-manager`:
```bash
kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
```
When the restore complete successfully, the logs end with:
```txt
$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
...
----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
PLAY RECAP *********************************************************************
localhost : ok=67 changed=0 unreachable=0 failed=0 skipped=41 rescued=0 ignored=0
----------
```
This will create AWXRestore object in the namespace, and now your AWX is restored.
```bash
$ kubectl -n awx get awxrestore
NAME AGE
awxrestore-2021-06-06 137m
```
Note that if you are using AWX Operator `0.12.0` or earlier, the Secret for TLS should be manually restored (or create newly using original certificate and key file). This step is not required for `0.13.0` or later.
```bash
kubectl apply -f awx-secret-tls.yaml
```
Refer [📁 **Back up AWX using AWX Operator**](backup) and [📁 **Restore AWX using AWX Operator**](restore) for details.
## Additional Guides
- [📁 **Back up AWX using AWX Operator**](backup)
- The guide to make backup of your AWX using AWX Operator.
- This guide includes not only the way to make backup manually, but also an example simple playbook for Ansible, which can be use with scheduling feature on AWX.
- [📁 **Restore AWX using AWX Operator**](restore)
- The guide to restore your AWX using AWX Operator.
- [📁 **Deploy Private Git Repository on Kubernetes**](git)
- The guide to use AWX with SCM. This repository includes the manifests to deploy [Gitea](https://gitea.io/en-us/).
- [📁 **Deploy Private Container Registry on Kubernetes**](registry)

100
backup/README.md Normal file
View file

@ -0,0 +1,100 @@
<!-- omit in toc -->
# Back up AWX using AWX Operator
The AWX Operator `0.10.0` or later has the ability to back up AWX in easy way.
This guide is specifically designed to use with the AWX which deployed using [the main guide on this repository](../README.md).
You can also refer [the official instructions](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for more information.
<!-- omit in toc -->
## Table of Contents
- [Instruction](#instruction)
- [Prepare for Backup](#prepare-for-backup)
- [Back up AWX manually](#back-up-awx-manually)
- [Appendix: Back up AWX using Ansible](#appendix-back-up-awx-using-ansible)
## Instruction
### Prepare for Backup
Prepare directories for Persistent Volumes to store backup files that defined in `backup/pv.yaml`. This guide use the `hostPath` based PV to make it easy to understand.
```bash
sudo mkdir -p /data/backup
```
Then deploy Persistent Volume and Persistent Volume Claim.
```bash
kubectl apply -k backup
```
### Back up AWX manually
Modify the name of the AWXBackup object in `backup/awxbackup.yaml`.
```yaml
...
kind: AWXBackup
metadata:
name: awxbackup-2021-06-06 👈👈👈
namespace: awx
...
```
Then invoke backup by applying this manifest file.
```bash
kubectl apply -f backup/awxbackup.yaml
```
To monitor the progress of the deployment, check the logs of `deployments/awx-operator-controller-manager`:
```bash
kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
```
When the backup completes successfully, the logs end with:
```txt
$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
...
----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWXBackup, awxbackup-2021-06-06/awx) -----
PLAY RECAP *********************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0
----------
```
This will create AWXBackup object in the namespace and also create backup files in the Persistent Volume. In this example those files are available at `/data/backup`.
```bash
$ kubectl -n awx get awxbackup
NAME AGE
awxbackup-2021-06-06 6m47s
```
```bash
$ ls -l /data/backup/
total 0
drwxr-xr-x. 2 root root 59 Jun 5 06:51 tower-openshift-backup-2021-06-06-10:51:49
$ ls -l /data/backup/tower-openshift-backup-2021-06-06-10\:51\:49/
total 736
-rw-r--r--. 1 root root 749 Jun 6 06:51 awx_object
-rw-r--r--. 1 root root 482 Jun 6 06:51 secrets.yml
-rw-------. 1 systemd-coredump root 745302 Jun 6 06:51 tower.db
```
Note that if you are using AWX Operator `0.12.0` or earlier, the contents of the Secret that passed through `ingress_tls_secret` parameter will not be included in this backup files. If necessary, get a dump of this Secret, or keep original certificate file and key file. In `0.13.0` or later, this secret is included in the backup file therefore you can ignore this step.
```bash
kubectl get secret awx-secret-tls -n awx -o yaml > awx-secret-tls.yaml
```
## Appendix: Back up AWX using Ansible
An example simple playbook for Ansible is also provided in this repository. This can be used with `ansible-playbook`, `ansible-runner`, and AWX. It can be also used with the scheduling feature on AWX too.
Refer [📁 **Appendix: Back up AWX using Ansible**](ansible) for details.

1
backup/ansible/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
artifacts

116
backup/ansible/README.md Normal file
View file

@ -0,0 +1,116 @@
<!-- omit in toc -->
# Appendix: Back up AWX using Ansible
An example simple playbook for Ansible is also provided in this repository. This can be used with `ansible-playbook`, `ansible-runner`, and AWX. It can be also used with the scheduling feature on AWX too.
<!-- omit in toc -->
## Table of Contents
- [Requirements](#requirements)
- [Variables](#variables)
- [Preparation](#preparation)
- [Prepare Service Account and API Token](#prepare-service-account-and-api-token)
- [Prepare Backup Storage](#prepare-backup-storage)
- [Use with Ansible](#use-with-ansible)
- [Use with Ansible Runner](#use-with-ansible-runner)
- [Use with AWX](#use-with-awx)
## Requirements
- Ansible collections
- [`kubernetes.core`](https://galaxy.ansible.com/kubernetes/core)
- Pip modules
- [Refer the `kubernetes.core.k8s` module documentation](https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#requirements)
## Variables
[This example playbook](project/backup.yml) is designed to allow you to customize your backup with variables.
| Variables | Description | Default |
| - | - | - |
| `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` |
| `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` |
| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/0.17.0/roles/backup) for acceptable fields. | `{'deployment_name':'awx','backup_pvc':'awx-backup-claim'}` |
| `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` |
| `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. **Note that the actual backup data will remain in the PVC after the `AWXBackup` resource is deleted.** | `30` |
## Preparation
### Prepare Service Account and API Token
Create a Service Account, Role, and RoleBinding to manage the `AWXBackup` resource.
```bash
# Specify NameSpace where your AWXBackup resources will be created.
$ NAMESPACE=awx
$ kubectl -n ${NAMESPACE} apply -f rbac/sa.yaml
serviceaccount/awx-backup created
role.rbac.authorization.k8s.io/awx-backup created
rolebinding.rbac.authorization.k8s.io/awx-backup created
```
Obtain the API Token which required to authenticate the Kubernetes API. This token will be used later.
```bash
$ SECRET=$(kubectl -n ${NAMESPACE} get sa awx-backup -o jsonpath='{.secrets[0].name}')
$ kubectl -n awx get secret ${SECRET} -o jsonpath='{.data.token}' | base64 -d
eyJhbGciOiJSUzI...hcGsPI5MzmaMHQvw
```
### Prepare Backup Storage
Since you have complete control over `spec` of `AWXBackup` via `awxbackup_spec` variables, whether or not this step is required depends on your environment. Check [the official documentation](https://github.com/ansible/awx-operator/tree/devel/roles/backup) and prepare as needed.
If your AWX was deployed by referring [the main guide on this repository](../../README.md), preparing backup storage by following [he basic backup guide](../README.md#prepare-for-backup) is good starting point.
## Use with Ansible
Export required environment variables.
```bash
export K8S_AUTH_VERIFY_SSL=no
export K8S_AUTH_HOST="https://<Your K3s Host>:6443/"
export K8S_AUTH_API_KEY="<Your API Token>"
```
```bash
# Modify variables using "-e" as needed
ansible-playbook project/backup.yml \
-e awxbackup_spec="{'deployment_name':'awx','backup_pvc':'awx-backup-claim'}" \
-e keep_days=90
```
## Use with Ansible Runner
Refer [the guide for Ansible Runner](../../runner) for the basic usage.
Modify following files as needed. Note that the EE `quay.io/ansible/awx-ee:latest` contains required modules and collections by default.
- [📝`env/settings`](env/settings): Configure your Execution Environment
- [📝`env/envvars`](env/envvars): Specify your K3s host and API Token
- [📝`env/extravars`](env/extravars): Modify variables
Then execute Ansible Runner.
```bash
ansible-runner run . -p backup.yml
```
## Use with AWX
This playbook can also be run through Job Templates on AWX. Schedules can be also set up in the Job Template to obtain periodic backups.
It is also possible to making the backup of the AWX itself where the Job Template for the backup is running on. In this case, the PostgreSQL will be dumped while the job is running, so complete logs of the job itself is not part of the backup. Therefore, after restoration, **the last backup job will be shown as failed** since the AWX can't determine the result of the job, but this can be safely ignored.
1. Add new Credential for your K3s host.
- Select `OpenShift or Kubernetes API Bearer Token` as Credential Type.
- Specify `https://<Your K3s Host>:6443/` as `OpenShift or Kubernetes API Endpoint`.
- Specify your API Token as `API authentication bearer token`.
- Toggle `Verify SSL` if needed.
2. Add new Project including the playbook.
- You can specify this repository (`https://github.com/kurokobo/awx-on-k3s.git`) directly, but use with caution. The playbook in this repository is subject to change without notice.
3. Add new Job Template which use the playbook.
- Select your `backup.yml` as `Playbook`.
- Select appropriate `Execution Environment`. The default `AWX EE (latest)` (`quay.io/ansible/awx-ee:latest`) contains required collections and modules by defaut, so it's good for the first choice.
- Specify `Variables` as needed.
4. (Optional) Add new Schedules for periodic backups.

4
backup/ansible/env/envvars vendored Normal file
View file

@ -0,0 +1,4 @@
---
K8S_AUTH_VERIFY_SSL: no
K8S_AUTH_HOST: https://<Your K3s Host>:6443/
K8S_AUTH_API_KEY: <Your API Token>

8
backup/ansible/env/extravars vendored Normal file
View file

@ -0,0 +1,8 @@
---
awxbackup_namespace: awx
awxbackup_name: awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}
awxbackup_spec:
deployment_name: awx
backup_pvc: awx-backup-claim
awxbackup_timeout: 600
awxbackup_keep_days: 30

4
backup/ansible/env/settings vendored Normal file
View file

@ -0,0 +1,4 @@
---
process_isolation: true
process_isolation_executable: docker
container_image: quay.io/ansible/awx-ee:latest

115
backup/ansible/project/backup.yml Normal file
View file

@ -0,0 +1,115 @@
---
- name: Backing up AWX using AWX Operator
gather_facts: no
hosts: localhost
tasks:
- name: Construct variables
block:
- name: Construct default variables
ansible.builtin.set_fact:
_awxbackup_default:
api_version: awx.ansible.com/v1beta1
kind: AWXBackup
namespace: awx
name: "awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}"
spec:
deployment_name: awx
backup_pvc: awx-backup-claim
timeout: 600
keep_days: 30
- name: Construct custom variables
ansible.builtin.set_fact:
_awxbackup_config:
api_version: "{{ awxbackup_api_version | default(_awxbackup_default.api_version, true) }}"
kind: "{{ awxbackup_kind | default(_awxbackup_default.kind, true) }}"
namespace: "{{ awxbackup_namespace | default(_awxbackup_default.namespace, true) }}"
name: "{{ awxbackup_name | default(_awxbackup_default.name, true) }}"
spec: "{{ awxbackup_spec | default(_awxbackup_default.spec, true) }}"
timeout: "{{ awxbackup_timeout | default(_awxbackup_default.timeout, true) }}"
keep_days: "{{ awxbackup_keep_days | default(_awxbackup_default.keep_days) }}"
- name: Print active variables
ansible.builtin.debug:
var: _awxbackup_config
- name: Construct manifest
block:
- name: Construct new manifest for AWXBackup resource
ansible.builtin.set_fact:
_awxbackup_manifest:
apiVersion: "{{ _awxbackup_config.api_version }}"
kind: "{{ _awxbackup_config.kind }}"
metadata:
name: "{{ _awxbackup_config.name }}"
namespace: "{{ _awxbackup_config.namespace }}"
spec: "{{ _awxbackup_config.spec }}"
- name: Print manifest to be created
ansible.builtin.debug:
var: _awxbackup_manifest
- name: Create new backup
block:
- name: Create new AWXBackup resource and wait for complete
kubernetes.core.k8s:
state: present
definition: "{{ _awxbackup_manifest }}"
wait: yes
wait_condition:
reason: "Successful"
status: "True"
type: "Running"
wait_timeout: "{{ _awxbackup_config.timeout | int }}"
register: _awxbackup_created
- name: Print created AWXBackup
ansible.builtin.debug:
var: _awxbackup_created_info
vars:
_awxbackup_created_info:
name: "{{ _awxbackup_created.result.metadata.name }}"
creation_timestamp: "{{ _awxbackup_created.result.metadata.creationTimestamp }}"
deploument_name: "{{ _awxbackup_created.result.spec.deployment_name }}"
backup_pvc: "{{ _awxbackup_created.result.status.backupClaim }}"
backup_directory: "{{ _awxbackup_created.result.status.backupDirectory }}"
rescue:
- name: Clean up failed AWXBackup resource
kubernetes.core.k8s:
state: absent
definition: "{{ _awxbackup_manifest }}"
wait: yes
- name: Force to fail if the backup was failed
ansible.builtin.fail:
- name: Creanup outdated backups
block:
- name: Store current datetime
ansible.builtin.set_fact:
_awxbackup_now: "{{ lookup('pipe', 'date +%s') }}"
- name: Gather existing backups
kubernetes.core.k8s_info:
namespace: "{{ _awxbackup_config.namespace }}"
api_version: "{{ _awxbackup_config.api_version }}"
kind: "{{ _awxbackup_config.kind }}"
register: _awxbackup_all_backups
- name: Remove outdated backups
kubernetes.core.k8s:
api_version: "{{ _awxbackup_config.api_version }}"
kind: "{{ _awxbackup_config.kind }}"
namespace: "{{ _awxbackup_config.namespace }}"
name: "{{ item.name }}"
state: absent
loop: "{{ _awxbackup_all_backups.resources }}"
loop_control:
label: "{{ item.name }}"
when: >
(_awxbackup_now | int)
- ((item.metadata.creationTimestamp | to_datetime('%Y-%m-%dT%H:%M:%S%z')).strftime('%s') | int)
> ((_awxbackup_config.keep_days | int) * 86400)
when: (_awxbackup_config.keep_days | int) > 0

32
backup/ansible/rbac/sa.yaml Normal file
View file

@ -0,0 +1,32 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-backup
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: awx-backup
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxbackups
- awxrestores
verbs:
- "*"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: awx-backup
subjects:
- kind: ServiceAccount
name: awx-backup
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: awx-backup

111
restore/README.md Normal file
View file

@ -0,0 +1,111 @@
<!-- omit in toc -->
# Restore AWX using AWX Operator
The AWX Operator `0.10.0` or later has the ability to restore AWX in easy way.
This guide is specifically designed to use with the AWX which deployed using [the main guide on this repository](../README.md).
You can also refer [the official instructions](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for more information.
<!-- omit in toc -->
## Table of Contents
- [Instruction](#instruction)
- [Prepare for Restore](#prepare-for-restore)
- [Restore Manually](#restore-manually)
## Instruction
To perfom restoration, you need to have AWX Operator running on Kubernetes. If you are planning to restore to a new environment, first prepare Kubernetes and AWX Operator by referring to [the instructions on the main guide](../README.md).
It is strongly recommended that the version of AWX Operator is the same as the version when the backup was taken. This is because the structure of the backup files differs between versions and may not be compatible. If you have upgraded AWX Operator after taking the backup, it is recommended to downgrade AWX Operator first before perfoming the restore. To deploy `0.13.0` or earlier version of AWX Operator, refer [📝Tips: Deploy older version of AWX Operator](../tips/deploy-older-operator.md)
### Prepare for Restore
If your PV, PVC, and Secret still exist, no preparation is required.
If you are restoring the entire AWX to a new environment, create the PVs and PVCs first to be restored.
```bash
sudo mkdir -p /data/postgres
sudo mkdir -p /data/projects
sudo chmod 755 /data/postgres
sudo chown 1000:0 /data/projects
```
Then deploy Persistent Volume and Persistent Volume Claim. It is recommended that making the size of PVs and PVCs same as the PVs which your AWX used when the backup was taken.
```bash
kubectl apply -k restore
```
### Restore Manually
Modify the name of the AWXRestore object in `restore/awxrestore.yaml`.
```yaml
...
kind: AWXRestore
metadata:
name: awxrestore-2021-06-06 👈👈👈
namespace: awx
...
```
If you want to restore from AWXBackup object, specify its name in `restore/awxrestore.yaml`.
```yaml
...
# Parameters to restore from AWXBackup object
backup_pvc_namespace: awx
backup_name: awxbackup-2021-06-06 👈👈👈
...
```
If the AWXBackup object no longer exists, place the backup files and specify the name of the PVC and directory in `restore/awxrestore.yaml`.
```yaml
...
# Parameters to restore from existing files on PVC (without AWXBackup object)
backup_pvc_namespace: awx
backup_pvc: awx-backup-claim 👈👈👈
backup_dir: /backups/tower-openshift-backup-2021-06-06-10:51:49 👈👈👈
...
```
Then invoke restore by applying this manifest file.
```bash
kubectl apply -f restore/awxrestore.yaml
```
To monitor the progress of the deployment, check the logs of `deployments/awx-operator-controller-manager`:
```bash
kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
```
When the restore complete successfully, the logs end with:
```txt
$ kubectl -n awx logs -f deployments/awx-operator-controller-manager -c awx-manager
...
----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
PLAY RECAP *********************************************************************
localhost : ok=67 changed=0 unreachable=0 failed=0 skipped=41 rescued=0 ignored=0
----------
```
This will create AWXRestore object in the namespace, and now your AWX is restored.
```bash
$ kubectl -n awx get awxrestore
NAME AGE
awxrestore-2021-06-06 137m
```
Note that if you are using AWX Operator `0.12.0` or earlier, the Secret for TLS should be manually restored (or create newly using original certificate and key file). This step is not required for `0.13.0` or later.
```bash
kubectl apply -f awx-secret-tls.yaml
```