From 0b7d1fe87c432303b38e2e4a1920b57e1ab0f0e2 Mon Sep 17 00:00:00 2001 From: Valentina Ashirova Date: Tue, 9 Dec 2025 15:03:27 +0100 Subject: [PATCH] OADP-7028: Prepare OADP 1.5 RNs for DITA --- _topic_maps/_topic_map.yml | 4 +- .../release-notes/oadp-1-4-release-notes.adoc | 40 ----- .../release-notes/oadp-1-5-release-notes.adoc | 18 +- .../release-notes/oadp-upgrade-notes-1-5.adoc | 27 +++ modules/changes-from-oadp-1-4-to-1-5.adoc | 2 +- modules/oadp-1-4-0-release-notes.adoc | 64 ------- modules/oadp-1-4-1-release-notes.adoc | 141 ---------------- modules/oadp-1-4-2-release-notes.adoc | 67 -------- modules/oadp-1-4-3-release-notes.adoc | 26 --- modules/oadp-1-4-4-release-notes.adoc | 16 -- modules/oadp-1-5-0-release-notes.adoc | 159 +++++++++--------- modules/oadp-1-5-1-release-notes.adoc | 118 ++++++------- modules/oadp-1-5-2-release-notes.adoc | 14 +- ...dp-backing-up-dpa-configuration-1-4-0.adoc | 19 --- .../oadp-upgrading-oadp-operator-1-4-0.adoc | 16 -- modules/oadp-verifying-upgrade-1-4-0.adoc | 73 -------- modules/oadp-verifying-upgrade-1-5-0.adoc | 8 +- release_notes/addtl-release-notes.adoc | 2 +- 18 files changed, 172 insertions(+), 642 deletions(-) delete mode 100644 backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc create mode 100644 backup_and_restore/application_backup_and_restore/release-notes/oadp-upgrade-notes-1-5.adoc delete mode 100644 modules/oadp-1-4-0-release-notes.adoc delete mode 100644 modules/oadp-1-4-1-release-notes.adoc delete mode 100644 modules/oadp-1-4-2-release-notes.adoc delete mode 100644 modules/oadp-1-4-3-release-notes.adoc delete mode 100644 modules/oadp-1-4-4-release-notes.adoc delete mode 100644 modules/oadp-backing-up-dpa-configuration-1-4-0.adoc delete mode 100644 modules/oadp-upgrading-oadp-operator-1-4-0.adoc delete mode 100644 modules/oadp-verifying-upgrade-1-4-0.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index aa9e8c59389e..c37429ab4e82 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -3675,8 +3675,8 @@ Topics: Topics: - Name: OADP 1.5 release notes File: oadp-1-5-release-notes - - Name: OADP 1.4 release notes - File: oadp-1-4-release-notes + - Name: Upgrading OADP 1.4 to 1.5 + File: oadp-upgrade-notes-1-5 - Name: OADP performance Dir: oadp-performance Topics: diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc deleted file mode 100644 index 406998d09bf6..000000000000 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc +++ /dev/null @@ -1,40 +0,0 @@ -:_mod-docs-content-type: ASSEMBLY -[id="oadp-1-4-release-notes"] -= OADP 1.4 release notes -include::_attributes/common-attributes.adoc[] -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: oadp-1-4-release-notes - -toc::[] - -[role="_abstract"] -The release notes for {oadp-first} describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. - -[NOTE] -==== -For additional information about {oadp-short}, see link:https://access.redhat.com/articles/5456281[{oadp-first} FAQs] -==== - -include::modules/oadp-1-4-4-release-notes.adoc[leveloffset=+1] -include::modules/oadp-1-4-3-release-notes.adoc[leveloffset=+1] -include::modules/oadp-1-4-2-release-notes.adoc[leveloffset=+1] - -[role="_additional-resources"] -.Additional resources -* xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-deleting-backups.adoc#oadp-about-kopia-repo-maintenance_deleting-backups[About Kopia repository maintenance] - -include::modules/oadp-1-4-1-release-notes.adoc[leveloffset=+1] -include::modules/oadp-1-4-0-release-notes.adoc[leveloffset=+1] -include::modules/oadp-backing-up-dpa-configuration-1-4-0.adoc[leveloffset=+3] -include::modules/oadp-upgrading-oadp-operator-1-4-0.adoc[leveloffset=+3] - -[role="_additional-resources"] -.Additional resources -* xref:../../../operators/admin/olm-upgrading-operators.adoc#olm-changing-update-channel_olm-upgrading-operators[Updating installed Operators] - -[id="oadp-converting-dpa-to-new-version-1-4-0_{context}"] -=== Converting DPA to the new version - -To upgrade from OADP 1.3 to 1.4, no Data Protection Application (DPA) changes are required. - -include::modules/oadp-verifying-upgrade-1-4-0.adoc[leveloffset=+2] diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-5-release-notes.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-5-release-notes.adoc index 5bf167955fb8..2601b4cbb610 100644 --- a/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-5-release-notes.adoc +++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-1-5-release-notes.adoc @@ -9,11 +9,11 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] [role="_abstract"] -The release notes for {oadp-first} describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. +The release notes for {oadp-first} 1.5 describe new features and enhancements, deprecated features, product recommendations, known issues, and resolved issues. [NOTE] ==== -For additional information about {oadp-short}, see link:https://access.redhat.com/articles/5456281[{oadp-first} FAQs] +For additional information about {oadp-short}, see link:https://access.redhat.com/articles/5456281[{oadp-first} FAQ]. ==== include::modules/oadp-1-5-3-release-notes.adoc[leveloffset=+1] @@ -23,17 +23,3 @@ include::modules/oadp-1-5-2-release-notes.adoc[leveloffset=+1] include::modules/oadp-1-5-1-release-notes.adoc[leveloffset=+1] include::modules/oadp-1-5-0-release-notes.adoc[leveloffset=+1] - -[id="upgrade-notes-1-5_{context}"] -== Upgrading OADP 1.4 to 1.5 - -[NOTE] -==== -Always upgrade to the next minor version. Do not skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-short} 1.1 to 1.3, upgrade first to 1.2, and then to 1.3. -==== - -include::modules/changes-from-oadp-1-4-to-1-5.adoc[leveloffset=+2] -include::modules/oadp-backing-up-dpa-configuration-1-5-0.adoc[leveloffset=+2] -include::modules/oadp-upgrading-oadp-operator-1-5-0.adoc[leveloffset=+2] -include::modules/converting-dpa-to-the-new-version-for-oadp-1-5-0.adoc[leveloffset=+2] -include::modules/oadp-verifying-upgrade-1-5-0.adoc[leveloffset=+2] diff --git a/backup_and_restore/application_backup_and_restore/release-notes/oadp-upgrade-notes-1-5.adoc b/backup_and_restore/application_backup_and_restore/release-notes/oadp-upgrade-notes-1-5.adoc new file mode 100644 index 000000000000..df6f2585dddb --- /dev/null +++ b/backup_and_restore/application_backup_and_restore/release-notes/oadp-upgrade-notes-1-5.adoc @@ -0,0 +1,27 @@ +:_mod-docs-content-type: ASSEMBLY + +[id="upgrade-notes-1-5_{context}"] += Upgrading OADP 1.4 to 1.5 +include::_attributes/common-attributes.adoc[] +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: oadp-upgrade-notes-1-5 + +toc::[] + +[role="_abstract"] +Learn how to upgrade your existing {oadp-short} 1.4 installation to {oadp-short} 1.5. + +[NOTE] +==== +Always upgrade to the next minor version. Do not skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-short} 1.1 to 1.3, upgrade first to 1.2, and then to 1.3. +==== + +include::modules/changes-from-oadp-1-4-to-1-5.adoc[leveloffset=+1] + +include::modules/oadp-backing-up-dpa-configuration-1-5-0.adoc[leveloffset=+1] + +include::modules/oadp-upgrading-oadp-operator-1-5-0.adoc[leveloffset=+1] + +include::modules/converting-dpa-to-the-new-version-for-oadp-1-5-0.adoc[leveloffset=+1] + +include::modules/oadp-verifying-upgrade-1-5-0.adoc[leveloffset=+1] diff --git a/modules/changes-from-oadp-1-4-to-1-5.adoc b/modules/changes-from-oadp-1-4-to-1-5.adoc index 5d3e57247049..139ea5a81c5d 100644 --- a/modules/changes-from-oadp-1-4-to-1-5.adoc +++ b/modules/changes-from-oadp-1-4-to-1-5.adoc @@ -7,7 +7,7 @@ = Changes from OADP 1.4 to 1.5 [role="_abstract"] -The Velero server has been updated from version 1.14 to 1.16. +The Velero server has been updated from version 1.14 to 1.16. This changes the following: diff --git a/modules/oadp-1-4-0-release-notes.adoc b/modules/oadp-1-4-0-release-notes.adoc deleted file mode 100644 index b9478ded11b6..000000000000 --- a/modules/oadp-1-4-0-release-notes.adoc +++ /dev/null @@ -1,64 +0,0 @@ -:_newdoc-version: 2.18.3 -:_template-generated: 2024-06-28 -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: REFERENCE - -[id="oadp-1-4-0-release-notes_{context}"] -= OADP 1.4.0 release notes - -The {oadp-first} 1.4.0 release notes lists resolved issues and known issues. - -[id="resolved-issues-1-4-0_{context}"] -== Resolved issues - -.Restore works correctly in {product-title} 4.16 - -Previously, while restoring the deleted application namespace, the restore operation partially failed with the `resource name may not be empty` error in {product-title} 4.16. -With this update, restore works as expected in {product-title} 4.16. -link:https://issues.redhat.com/browse/OADP-4075[OADP-4075] - -.Data Mover backups work properly in the {product-title} 4.16 cluster - -Previously, Velero was using the earlier version of SDK where the `Spec.SourceVolumeMode` field did not exist. As a consequence, Data Mover backups failed in the {product-title} 4.16 cluster on the external snapshotter with version 4.2. -With this update, external snapshotter is upgraded to version 7.0 and later. As a result, backups do not fail in the {product-title} 4.16 cluster. -link:https://issues.redhat.com/browse/OADP-3922[OADP-3922] - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12438505[OADP 1.4.0 resolved issues] in Jira. - -[id="known-issues-1-4-0_{context}"] -== Known issues - -.Backup fails when checksumAlgorithm is not set for MCG - -While performing a backup of any application with Noobaa as the backup location, if the `checksumAlgorithm` configuration parameter is not set, backup fails. To fix this problem, if you do not provide a value for `checksumAlgorithm` in the Backup Storage Location (BSL) configuration, an empty value is added. -The empty value is only added for BSLs that are created using Data Protection Application (DPA) custom resource (CR), and this value is not added if BSLs are created using any other method. -link:https://issues.redhat.com/browse/OADP-4274[OADP-4274] - -For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/issues/?filter=12438506[OADP 1.4.0 known issues] in Jira. - -[id="upgrade-notes-1-4-0_{context}"] -== Upgrade notes - -[NOTE] -==== -Always upgrade to the next minor version. *Do not* skip versions. To update to a later version, upgrade only one channel at a time. For example, to upgrade from {oadp-first} 1.1 to 1.3, upgrade first to 1.2, and then to 1.3. -==== - -[id="changes-oadp-1-3-to-1-4_{context}"] -=== Changes from OADP 1.3 to 1.4 - -The Velero server has been updated from version 1.12 to 1.14. Note that there are no changes in the Data Protection Application (DPA). - -This changes the following: - -* The `velero-plugin-for-csi` code is now available in the Velero code, which means an `init` container is no longer required for the plugin. - -* Velero changed client Burst and QPS defaults from 30 and 20 to 100 and 100, respectively. - -* The `velero-plugin-for-aws` plugin updated default value of the `spec.config.checksumAlgorithm` field in `BackupStorageLocation` objects (BSLs) from `""` (no checksum calculation) to the `CRC32` algorithm. The checksum algorithm types are known to work only with AWS. -Several S3 providers require the `md5sum` to be disabled by setting the checksum algorithm to `""`. Confirm `md5sum` algorithm support and configuration with your storage provider. -+ -In OADP 1.4, the default value for BSLs created within DPA for this configuration is `""`. This default value means that the `md5sum` is not checked, which is consistent with OADP 1.3. For BSLs created within DPA, update it by using the `spec.backupLocations[].velero.config.checksumAlgorithm` field in the DPA. If your BSLs are created outside DPA, you can update this configuration by using `spec.config.checksumAlgorithm` in the BSLs. diff --git a/modules/oadp-1-4-1-release-notes.adoc b/modules/oadp-1-4-1-release-notes.adoc deleted file mode 100644 index d0182c7aa690..000000000000 --- a/modules/oadp-1-4-1-release-notes.adoc +++ /dev/null @@ -1,141 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: REFERENCE - -[id="oadp-1-4-1-release-notes_{context}"] -= OADP 1.4.1 release notes - -The {oadp-first} 1.4.1 release notes lists new features, resolved issues and bugs, and known issues. - -[id="new-features-1-4-1_{context}"] -== New features - -.New DPA fields to update client qps and burst - -You can now change Velero Server Kubernetes API queries per second and burst values by using the new Data Protection Application (DPA) fields. The new DPA fields are `spec.configuration.velero.client-qps` and `spec.configuration.velero.client-burst`, which both default to 100. -link:https://issues.redhat.com/browse/OADP-4076[OADP-4076] - -.Enabling non-default algorithms with Kopia - -With this update, you can now configure the hash, encryption, and splitter algorithms in Kopia to select non-default options to optimize performance for different backup workloads. - -To configure these algorithms, set the `env` variable of a `velero` pod in the `podConfig` section of the DataProtectionApplication (DPA) configuration. If this variable is not set, or an unsupported algorithm is chosen, Kopia will default to its standard algorithms. -link:https://issues.redhat.com/browse/OADP-4640[OADP-4640] - - -[id="resolved-issues-1-4-1_{context}"] -== Resolved issues - -.Restoring a backup without pods is now successful - -Previously, restoring a backup without pods and having `StorageClass VolumeBindingMode` set as `WaitForFirstConsumer`, resulted in the `PartiallyFailed` status with an error: `fail to patch dynamic PV, err: context deadline exceeded`. -With this update, patching dynamic PV is skipped and restoring a backup is successful without any `PartiallyFailed` status. -link:https://issues.redhat.com/browse/OADP-4231[OADP-4231] - - -.PodVolumeBackup CR now displays correct message - -Previously, the `PodVolumeBackup` custom resource (CR) generated an incorrect message, which was: `get a podvolumebackup with status "InProgress" during the server starting, mark it as "Failed"`. -With this update, the message produced is now: -[source,text] ----- -found a podvolumebackup with status "InProgress" during the server starting, -mark it as "Failed". ----- -link:https://issues.redhat.com/browse/OADP-4224[OADP-4224] - -.Overriding imagePullPolicy is now possible with DPA - -Previously, {oadp-short} set the `imagePullPolicy` parameter to `Always` for all images. -With this update, {oadp-short} checks if each image contains `sha256` or `sha512` digest, then it sets `imagePullPolicy` to `IfNotPresent`; otherwise `imagePullPolicy` is set to `Always`. You can now override this policy by using the new `spec.containerImagePullPolicy` DPA field. -link:https://issues.redhat.com/browse/OADP-4172[OADP-4172] - -.OADP Velero can now retry updating the restore status if initial update fails - -Previously, {oadp-short} Velero failed to update the restored CR status. This left the status at `InProgress` indefinitely. Components which relied on the backup and restore CR status to determine the completion would fail. -With this update, the restore CR status for a restore correctly proceeds to the `Completed` or `Failed` status. -link:https://issues.redhat.com/browse/OADP-3227[OADP-3227] - -.Restoring BuildConfig Build from a different cluster is successful without any errors - -Previously, when performing a restore of the `BuildConfig` Build resource from a different cluster, the application generated an error on TLS verification to the internal image registry. The resulting error was `failed to verify certificate: x509: certificate signed by unknown authority` error. -With this update, the restore of the `BuildConfig` build resources to a different cluster can proceed successfully without generating the `failed to verify certificate` error. -link:https://issues.redhat.com/browse/OADP-4692[OADP-4692] - -.Restoring an empty PVC is successful - -Previously, downloading data failed while restoring an empty persistent volume claim (PVC). It failed with the following error: -[source,text] ----- -data path restore failed: Failed to run kopia restore: Unable to load - snapshot : snapshot not found ----- -With this update, the downloading of data proceeds to correct conclusion when restoring an empty PVC and the error message is not generated. -link:https://issues.redhat.com/browse/OADP-3106[OADP-3106] - -.There is no Velero memory leak in CSI and DataMover plugins - -Previously, a Velero memory leak was caused by using the CSI and DataMover plugins. When the backup ended, the Velero plugin instance was not deleted and the memory leak consumed memory until an `Out of Memory` (OOM) condition was generated in the Velero pod. With this update, there is no resulting Velero memory leak when using the CSI and DataMover plugins. -link:https://issues.redhat.com/browse/OADP-4448[OADP-4448] - -.Post-hook operation does not start before the related PVs are released - -Previously, due to the asynchronous nature of the Data Mover operation, a post-hook might be attempted before the Data Mover persistent volume claim (PVC) releases the persistent volumes (PVs) of the related pods. This problem would cause the backup to fail with a `PartiallyFailed` status. -With this update, the post-hook operation is not started until the related PVs are released by the Data Mover PVC, eliminating the `PartiallyFailed` backup status. -link:https://issues.redhat.com/browse/OADP-3140[OADP-3140] - -.Deploying a DPA works as expected in namespaces with more than 37 characters - -When you install the OADP Operator in a namespace with more than 37 characters to create a new DPA, labeling the "cloud-credentials" Secret fails and the DPA reports the following error: ----- -The generated label name is too long. ----- -With this update, creating a DPA does not fail in namespaces with more than 37 characters in the name. -link:https://issues.redhat.com/browse/OADP-3960[OADP-3960] - -.Restore is successfully completed by overriding the timeout error - -Previously, in a large scale environment, the restore operation would result in a `Partiallyfailed` status with the error: `fail to patch dynamic PV, err: context deadline exceeded`. -With this update, the `resourceTimeout` Velero server argument is used to override this timeout error resulting in a successful restore. -link:https://issues.redhat.com/browse/OADP-4344[OADP-4344] - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12442016[OADP 1.4.1 resolved issues] in Jira. - -[id="known-issues-1-4-1_{context}"] -== Known issues - -.Cassandra application pods enter into the `CrashLoopBackoff` status after restoring OADP - -After {oadp-short} restores, the Cassandra application pods might enter `CrashLoopBackoff` status. To work around this problem, delete the `StatefulSet` pods that are returning the error `CrashLoopBackoff` state after restoring {oadp-short}. The `StatefulSet` controller then recreates these pods and it runs normally. -link:https://issues.redhat.com/browse/OADP-4407[OADP-4407] - -.Deployment referencing ImageStream is not restored properly leading to corrupted pod and volume contents - -During a File System Backup (FSB) restore operation, a `Deployment` resource referencing an `ImageStream` is not restored properly. The restored pod that runs the FSB, and the `postHook` is terminated prematurely. - -During the restore operation, the {ocp} controller updates the `spec.template.spec.containers[0].image` field in the `Deployment` resource with an updated `ImageStreamTag` hash. The update triggers the rollout of a new pod, terminating the pod on which `velero` runs the FSB along with the post-hook. - -For more information about image stream trigger, see xref:../../../openshift_images/triggering-updates-on-imagestream-changes.adoc#triggering-updates-on-imagestream-changes[Triggering updates on image stream changes]. - -The workaround for this behavior is a two-step restore process: - -. Perform a restore excluding the `Deployment` resources, for example: -+ -[source,terminal] ----- -$ velero restore create \ - --from-backup \ - --exclude-resources=deployment.apps ----- - -. Once the first restore is successful, perform a second restore by including these resources, for example: -+ -[source,terminal] ----- -$ velero restore create \ - --from-backup \ - --include-resources=deployment.apps ----- -link:https://issues.redhat.com/browse/OADP-3954[OADP-3954] \ No newline at end of file diff --git a/modules/oadp-1-4-2-release-notes.adoc b/modules/oadp-1-4-2-release-notes.adoc deleted file mode 100644 index 086797f3bdbd..000000000000 --- a/modules/oadp-1-4-2-release-notes.adoc +++ /dev/null @@ -1,67 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: REFERENCE - -[id="oadp-1-4-2-release-notes_{context}"] -= {oadp-short} 1.4.2 release notes - -The {oadp-first} 1.4.2 release notes lists new features, resolved issues and bugs, and known issues. - -[id="new-features-1-4-2_{context}"] -== New features - -.Backing up different volumes in the same namespace by using the VolumePolicy feature is now possible - -With this release, Velero provides resource policies to back up different volumes in the same namespace by using the `VolumePolicy` feature. The supported `VolumePolicy` feature to back up different volumes includes `skip`, `snapshot`, and `fs-backup` actions. -link:https://issues.redhat.com/browse/OADP-1071[OADP-1071] - -.File system backup and data mover can now use short-term credentials - -File system backup and data mover can now use short-term credentials such as {aws-short} {sts-first} and {gcp-short} WIF. With this support, backup is successfully completed without any `PartiallyFailed` status. -link:https://issues.redhat.com/browse/OADP-5095[OADP-5095] - -[id="resolved-issues-1-4-2_{context}"] -== Resolved issues - -.DPA now reports errors if VSL contains an incorrect provider value - -Previously, if the provider of a Volume Snapshot Location (VSL) spec was incorrect, the Data Protection Application (DPA) reconciled successfully. With this update, DPA reports errors and requests for a valid provider value. -link:https://issues.redhat.com/browse/OADP-5044[OADP-5044] - -.Data Mover restore is successful irrespective of using different OADP namespaces for backup and restore - -Previously, when backup operation was executed by using {oadp-short} installed in one namespace but was restored by using {oadp-short} installed in a different namespace, the Data Mover restore failed. With this update, Data Mover restore is now successful. -link:https://issues.redhat.com/browse/OADP-5460[OADP-5460] - -.SSE-C backup works with the calculated MD5 of the secret key - -Previously, backup failed with the following error: -[source,terminal] ----- -Requests specifying Server Side Encryption with Customer provided keys must provide the client calculated MD5 of the secret key. ----- -With this update, missing Server-Side Encryption with Customer-Provided Keys (SSE-C) base64 and MD5 hash are now fixed. As a result, SSE-C backup works with the calculated MD5 of the secret key. In addition, incorrect `errorhandling` for the `customerKey` size is also fixed. -link:https://issues.redhat.com/browse/OADP-5388[OADP-5388] - -For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12452476[OADP 1.4.2 resolved issues] in Jira. - - -[id="known-issues-1-4-2_{context}"] -== Known issues - -.The nodeSelector spec is not supported for the Data Mover restore action - -When a Data Protection Application (DPA) is created with the `nodeSelector` field set in the `nodeAgent` parameter, Data Mover restore partially fails instead of completing the restore operation. -link:https://issues.redhat.com/browse/OADP-5260[OADP-5260] - -.The S3 storage does not use proxy environment when TLS skip verify is specified - -In the image registry backup, the S3 storage does not use the proxy environment when the `insecureSkipTLSVerify` parameter is set to `true`. -link:https://issues.redhat.com/browse/OADP-3143[OADP-3143] - -.Kopia does not delete artifacts after backup expiration - -Even after you delete a backup, Kopia does not delete the volume artifacts from the `${bucket_name}/kopia/${namespace}` on the S3 location after backup expired. For more information, see "About Kopia repository maintenance". -link:https://issues.redhat.com/browse/OADP-5131[OADP-5131] \ No newline at end of file diff --git a/modules/oadp-1-4-3-release-notes.adoc b/modules/oadp-1-4-3-release-notes.adoc deleted file mode 100644 index cdf4677725b9..000000000000 --- a/modules/oadp-1-4-3-release-notes.adoc +++ /dev/null @@ -1,26 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: REFERENCE - -[id="oadp-1-4-3-release-notes_{context}"] -= {oadp-short} 1.4.3 release notes - -The {oadp-first} 1.4.3 release notes lists the following new feature. - -[id="new-features-1-4-3_{context}"] -== New features - -.Notable changes in the `kubevirt` velero plugin in version 0.7.1 - -With this release, the `kubevirt` velero plugin has been updated to version 0.7.1. Notable improvements include the following bug fix and new features: - -* Virtual machine instances (VMIs) are no longer ignored from backup when the owner VM is excluded. -* Object graphs now include all extra objects during backup and restore operations. -* Optionally generated labels are now added to new firmware Universally Unique Identifiers (UUIDs) during restore operations. -* Switching VM run strategies during restore operations is now possible. -* Clearing a MAC address by label is now supported. -* The restore-specific checks during the backup operation are now skipped. -* The `VirtualMachineClusterInstancetype` and `VirtualMachineClusterPreference` custom resource definitions (CRDs) are now supported. -//link:https://issues.redhat.com/browse/OADP-5551[OADP-5551] \ No newline at end of file diff --git a/modules/oadp-1-4-4-release-notes.adoc b/modules/oadp-1-4-4-release-notes.adoc deleted file mode 100644 index 37a5ce11e404..000000000000 --- a/modules/oadp-1-4-4-release-notes.adoc +++ /dev/null @@ -1,16 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: REFERENCE - -[id="oadp-1-4-4-release-notes_{context}"] -= {oadp-short} 1.4.4 release notes - -{oadp-first} 1.4.4 is a Container Grade Only (CGO) release, which is released to refresh the health grades of the containers. No code was changed in the product itself compared to that of {oadp-short} 1.4.3. - -[id="known-issues-1-4-4_{context}"] -== Known issues - -.Issue with restoring stateful applications -When you restore a stateful application that uses the `azurefile-csi` storage class, the restore operation remains in the `Finalizing` phase. link:https://issues.redhat.com/browse/OADP-5508[(OADP-5508)] \ No newline at end of file diff --git a/modules/oadp-1-5-0-release-notes.adoc b/modules/oadp-1-5-0-release-notes.adoc index 6fe83d73eedb..a75a2cb40d2a 100644 --- a/modules/oadp-1-5-0-release-notes.adoc +++ b/modules/oadp-1-5-0-release-notes.adoc @@ -6,46 +6,43 @@ [id="oadp-1-5-0-release-notes_{context}"] = OADP 1.5.0 release notes -The {oadp-first} 1.5.0 release notes lists resolved issues and known issues. +[role="_abstract"] +The {oadp-first} 1.5.0 release notes list new features, resolved issues, known issues, deprecated features, and Technology Preview features. [id="new-features-1-5-0_{context}"] == New features -.OADP 1.5.0 introduces a new Self-Service feature - +OADP 1.5.0 introduces a new Self-Service feature:: {oadp-short} 1.5.0 introduces a new feature named {oadp-short} Self-Service, enabling namespace admin users to back up and restore applications on the {product-title}. In the earlier versions of {oadp-short}, you needed the cluster-admin role to perform {oadp-short} operations such as backing up and restoring an application, creating a backup storage location, and so on. - ++ From {oadp-short} 1.5.0 onward, you do not need the cluster-admin role to perform the backup and restore operations. You can use {oadp-short} with the namespace admin role. The namespace admin role has administrator access only to the namespace the user is assigned to. You can use the Self-Service feature only after the cluster administrator installs the {oadp-short} Operator and provides the necessary permissions. - ++ link:https://issues.redhat.com/browse/OADP-4001[OADP-4001] -.Collecting logs with the `must-gather` tool has been improved with a Markdown summary - +Collecting logs with the `must-gather` tool has been improved with a Markdown summary:: You can collect logs, and information about {oadp-first} custom resources by using the `must-gather` tool. The `must-gather` data must be attached to all customer cases. This tool generates a Markdown output file with the collected information, which is located in the `must-gather` logs clusters directory. - ++ link:https://issues.redhat.com/browse/OADP-5384[OADP-5384] -.`dataMoverPrepareTimeout` and `resourceTimeout` parameters are now added to `nodeAgent` within the DPA - +`dataMoverPrepareTimeout` and `resourceTimeout` parameters are now added to `nodeAgent` within the DPA:: The `nodeAgent` field in Data Protection Application (DPA) now includes the following parameters: * `dataMoverPrepareTimeout`: Defines the duration the `DataUpload` or `DataDownload` process will wait. The default value is 30 minutes. * `resourceTimeout`: Sets the timeout for resource processes not addressed by other specific timeout parameters. The default value is 10 minutes. ++ link:https://issues.redhat.com/browse/OADP-3736[OADP-3736] -.Use the `spec.configuration.nodeAgent` parameter in DPA for configuring `nodeAgent` daemon set - +Use the `spec.configuration.nodeAgent` parameter in DPA for configuring `nodeAgent` daemon set:: Velero no longer uses the `node-agent-config` config map for configuring the `nodeAgent` daemon set. With this update, you must use the new `spec.configuration.nodeAgent` parameter in a Data Protection Application (DPA) for configuring the `nodeAgent` daemon set. - ++ link:https://issues.redhat.com/browse/OADP-5042[OADP-5042] -.Configuring DPA with the backup repository configuration config map is now possible - +Configuring DPA with the backup repository configuration config map is now possible:: With Velero 1.15 and later, you can now configure the total size of a cache per repository. This prevents pods from being removed due to running out of ephemeral storage. See the following new parameters added to the `NodeAgentConfig` field in DPA: * `cacheLimitMB`: Sets the local data cache size limit in megabytes. @@ -54,10 +51,10 @@ With Velero 1.15 and later, you can now configure the total size of a cache per ** `fastGC: 12 hours` ** `eagerGC: 6 hours` ++ link:https://issues.redhat.com/browse/OADP-5900[OADP-5900] -.Enhancing the node-agent security - +Enhancing the node-agent security:: With this update, the following changes are added: * A new `configuration` option is now added to the `velero` field in DPA. @@ -74,145 +71,140 @@ With this update, the following changes are added: ** `tmp/credentials` * Uses the `SeccompProfileTypeRuntimeDefault` option for the `SeccompProfile` parameter. ++ link:https://issues.redhat.com/browse/OADP-5031[OADP-5031] -.Adds DPA support for parallel item backup - +Adds DPA support for parallel item backup:: By default, only one thread processes an item block. Velero 1.16 supports a parallel item backup, where multiple items within a backup can be processed in parallel. - ++ You can use the optional Velero server parameter `--item-block-worker-count` to run additional worker threads to process items in parallel. To enable this in OADP, set the `dpa.Spec.Configuration.Velero.ItemBlockWorkerCount` parameter to an integer value greater than zero. ++ [NOTE] ==== Running multiple full backups in parallel is not yet supported. ==== - ++ link:https://issues.redhat.com/browse/OADP-5635[OADP-5635] -.OADP logs are now available in the JSON format - +OADP logs are now available in the JSON format:: With the of release {oadp-short} 1.5.0, the logs are now available in the JSON format. It helps to have pre-parsed data in their Elastic logs management system. - ++ link:https://issues.redhat.com/browse/OADP-3391[OADP-3391] -.The `oc get dpa` command now displays `RECONCILED` status - +The `oc get dpa` command now displays `RECONCILED` status:: With this release, the `oc get dpa` command now displays `RECONCILED` status instead of displaying only `NAME` and `AGE` to improve user experience. For example: - ++ [source,terminal] ---- $ oc get dpa -n openshift-adp NAME RECONCILED AGE velero-sample True 2m51s ---- - ++ link:https://issues.redhat.com/browse/OADP-1338[OADP-1338] [id="resolved-issues-1-5-0_{context}"] == Resolved issues -.Containers now use `FallbackToLogsOnError` for `terminationMessagePolicy` - +Containers now use `FallbackToLogsOnError` for `terminationMessagePolicy`:: With this release, the `terminationMessagePolicy` field can now set the `FallbackToLogsOnError` value for the {oadp-first} Operator containers such as `operator-manager`, `velero`, `node-agent`, and `non-admin-controller`. - ++ This change ensures that if a container exits with an error and the termination message file is empty, {OCP-short} uses the last portion of the container logs output as the termination message. - ++ link:https://issues.redhat.com/browse/OADP-5183[OADP-5183] -.Namespace admin can now access the application after restore - -Previously, the namespace admin could not execute an application after the restore operation with the following errors: +Namespace admin can now access the application after restore:: +Previously, the namespace admin could not execute an application after the restore operation. ++ +-- +The execution failed with the following errors: * `exec operation is not allowed because the pod's security context exceeds your permissions` * `unable to validate against any security context constraint` * `not usable by user or serviceaccount, provider restricted-v2` - +-- ++ With this update, this issue is now resolved and the namespace admin can access the application successfully after the restore. - ++ link:https://issues.redhat.com/browse/OADP-5611[OADP-5611] -.Specifying status restoration at the individual resource instance level using the annotation is now possible - +Specifying status restoration at the individual resource instance level using the annotation is now possible:: Previously, status restoration was only configured at the resource type using the `restoreStatus` field in the `Restore` custom resource (CR). - ++ With this release, you can now specify the status restoration at the individual resource instance level using the following annotation: - ++ [source,terminal] ---- metadata: annotations: velero.io/restore-status: "true" ---- - ++ link:https://issues.redhat.com/browse/OADP-5968[OADP-5968] -.Restore is now successful with `excludedClusterScopedResources` - +Restore is now successful with `excludedClusterScopedResources`:: Previously, on performing the backup of an application with the `excludedClusterScopedResources` field set to `storageclasses`, `Namespace` parameter, the backup was successful but the restore partially failed. With this update, the restore is successful. - ++ link:https://issues.redhat.com/browse/OADP-5239[OADP-5239] -.Backup is completed even if it gets restarted during the `waitingForPluginOperations` phase - +Backup is completed even if it gets restarted during the `waitingForPluginOperations` phase:: Previously, a backup was marked as failed with the following error message: ++ [Source,terminal] ---- failureReason: found a backup with status "InProgress" during the server starting, mark it as "Failed" ---- - ++ With this update, the backup is completed if it gets restarted during the `waitingForPluginOperations` phase. - ++ link:https://issues.redhat.com/browse/OADP-2941[OADP-2941] -.Error messages are now more informative when the` disableFsbackup` parameter is set to `true` in DPA - +Error messages are now more informative when the` disableFsbackup` parameter is set to `true` in DPA:: Previously, when the `spec.configuration.velero.disableFsBackup` field from a Data Protection Application (DPA) was set to `true`, the backup partially failed with an error, which was not informative. - ++ This update makes error messages more useful for troubleshooting issues. For example, error messages indicating that `disableFsBackup: true` is the issue in a DPA or not having access to a DPA if it is for non-administrator users. - ++ link:https://issues.redhat.com/browse/OADP-5952[OADP-5952] -.Handles AWS STS credentials in the parseAWSSecret - +Handles AWS STS credentials in the parseAWSSecret:: Previously, AWS credentials using STS authentication were not properly validated. - ++ With this update, the `parseAWSSecret` function detects STS-specific fields, and updates the `ensureSecretDataExists` function to handle STS profiles correctly. - ++ link:https://issues.redhat.com/browse/OADP-6105[OADP-6105] -.The `repositoryMaintenance` job affinity config is available to configure - +The `repositoryMaintenance` job affinity config is available to configure:: Previously, the new configurations for repository maintenance job pod affinity was missing from a DPA specification. - ++ With this update, the `repositoryMaintenance` job affinity config is now available to map a `BackupRepository` identifier to its configuration. - ++ link:https://issues.redhat.com/browse/OADP-6134[OADP-6134] -.The `ValidationErrors` field fades away once the CR specification is correct - +The `ValidationErrors` field fades away once the CR specification is correct:: Previously, when a schedule CR was created with a wrong `spec.schedule` value and the same was later patched with a correct value, the `ValidationErrors` field still existed. Consequently, the `ValidationErrors` field was displaying incorrect information even though the spec was correct. - ++ With this update, the `ValidationErrors` field fades away once the CR specification is correct. - ++ link:https://issues.redhat.com/browse/OADP-5419[OADP-5419] -.The `volumeSnapshotContents` custom resources are restored when the `includedNamesapces` field is used in `restoreSpec` - +The `volumeSnapshotContents` custom resources are restored when the `includedNamesapces` field is used in `restoreSpec`:: Previously, when a restore operation was triggered with the `includedNamespace` field in a restore specification, restore operation was completed successfully but no `volumeSnapshotContents` custom resources (CR) were created and the PVCs were in a `Pending` status. - ++ With this update, `volumeSnapshotContents` CR are restored even when the `includedNamesapces` field is used in `restoreSpec`. As a result, an application pod is in a `Running` state after restore. - ++ link:https://issues.redhat.com/browse/OADP-5939[OADP-5939] -.OADP operator successfully creates bucket on top of AWS - +OADP Operator successfully creates bucket on top of AWS:: Previously, the container was configured with the `readOnlyRootFilesystem: true` setting for security, but the code attempted to create temporary files in the `/tmp` directory using the `os.CreateTemp()` function. Consequently, while using the AWS STS authentication with the Cloud Credential Operator (CCO) flow, {oadp-short} failed to create temporary files that were required for AWS credential handling with the following error: ++ [source,terminal] ---- ERROR unable to determine if bucket exists. {"error": "open /tmp/aws-shared-credentials1211864681: read-only file system"} ---- ++ With this update, the following changes are added to address this issue: * A new `emptyDir` volume named `tmp-dir` to the controller pod specification. @@ -221,6 +213,7 @@ With this update, the following changes are added to address this issue: * Replaced the deprecated `ioutil.TempFile()` function with the recommended `os.CreateTemp()` function. * Removed the unnecessary `io/ioutil` import, which is no longer needed. ++ link:https://issues.redhat.com/browse/OADP-6019[OADP-6019] For a complete list of all issues resolved in this release, see the list of link:https://issues.redhat.com/issues/?filter=12462673[OADP 1.5.0 resolved issues] in Jira. @@ -229,16 +222,18 @@ For a complete list of all issues resolved in this release, see the list of link [id="known-issues-1-5-0_{context}"] == Known issues -.Kopia does not delete all the artifacts after backup expiration - +Kopia does not delete all the artifacts after backup expiration:: Even after deleting a backup, Kopia does not delete the volume artifacts from the `${bucket_name}/kopia/${namespace}` on the S3 location after the backup expired. Information related to the expired and removed data files remains in the metadata. ++ +-- To ensure that {oadp-first} functions properly, the data is not deleted, and it exists in the `/kopia/` directory, for example: * `kopia.repository`: Main repository format information such as encryption, version, and other details. * `kopia.blobcfg`: Configuration for how data blobs are named. * `kopia.maintenance`: Tracks maintenance owner, schedule, and last successful build. * `log`: Log blobs. - +-- ++ link:https://issues.redhat.com/browse/OADP-5131[OADP-5131] For a complete list of all known issues in this release, see the list of link:https://issues.redhat.com/issues/?filter=12472334[OADP 1.5.0 known issues] in Jira. @@ -246,20 +241,18 @@ For a complete list of all known issues in this release, see the list of link:ht [id="deprecated-features-1-5-0_{context}"] == Deprecated features -.The `configuration.restic` specification field has been deprecated - -With {oadp-first} 1.5.0, the `configuration.restic` specification field has been deprecated. Use the `nodeAgent` section with the `uploaderType` field for selecting `kopia` or `restic` as a `uploaderType`. Note that, Restic is deprecated in {oadp-first} 1.5.0. - +The `configuration.restic` specification field has been deprecated:: +With {oadp-first} 1.5.0, the `configuration.restic` specification field has been deprecated. Use the `nodeAgent` section with the `uploaderType` field for selecting `kopia` or `restic` as a `uploaderType`. Note that Restic is deprecated in {oadp-first} 1.5.0. ++ link:https://issues.redhat.com/browse/OADP-5158[OADP-5158] [id="technoloy-preview-1-5-0_{context}"] -== Technology Preview - -.Support for HyperShift hosted OpenShift clusters is available as a Technology Preview +== Technology Preview features +Support for HyperShift hosted OpenShift clusters is available as a Technology Preview:: {oadp-short} can support and facilitate application migrations within HyperShift hosted {OCP-short} clusters as a Technology Preview. It ensures a seamless backup and restore operation for applications in hosted clusters. - ++ For more information about the support scope of Red{nbsp}Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope]. - ++ link:https://issues.redhat.com/browse/OADP-3930[OADP-3930] diff --git a/modules/oadp-1-5-1-release-notes.adoc b/modules/oadp-1-5-1-release-notes.adoc index 1257c3e5d1f5..6425f378e1a1 100644 --- a/modules/oadp-1-5-1-release-notes.adoc +++ b/modules/oadp-1-5-1-release-notes.adoc @@ -8,33 +8,35 @@ = OADP 1.5.1 release notes [role="_abstract"] -The {oadp-first} 1.5.1 release notes lists new features, resolved issues, known issues, and deprecated features. +The {oadp-first} 1.5.1 release notes list new features, resolved issues, known issues, and deprecated features. [id="new-features-1-5-1_{context}"] == New features -*`CloudStorage` API is fully supported* - +`CloudStorage` API is fully supported:: The `CloudStorage` API feature, available as a Technology Preview before this update, is fully supported from {oadp-short} 1.5.1. The `CloudStorage` API automates the creation of a bucket for object storage. - ++ link:https://issues.redhat.com/browse/OADP-3307[OADP-3307] -*New `DataProtectionTest` custom resource is available* - -The `DataProtectionTest` (DPT) is a custom resource (CR) that provides a framework to validate your {oadp-short} configuration. The DPT CR checks and reports information for the following parameters: +New `DataProtectionTest` custom resource is available:: +The `DataProtectionTest` (DPT) is a custom resource (CR) that provides a framework to validate your {oadp-short} configuration. ++ +-- +The DPT CR checks and reports information for the following parameters: * The upload performance of the backups to the object storage. * The Container Storage Interface (CSI) snapshot readiness for persistent volume claims. * The storage bucket configuration, such as encryption and versioning. - +-- ++ Using this information in the DPT CR, you can ensure that your data protection environment is properly configured and performing according to the set configuration. - ++ Note that you must configure `STORAGE_ACCOUNT_ID` when using DPT with {oadp-short} on Azure. - ++ link:https://issues.redhat.com/browse/OADP-6300[OADP-6300] -*New node agent load affinity configurations are available* +New node agent load affinity configurations are available:: * *Node agent load affinity:* You can schedule the node agent pods on specific nodes by using the `spec.podConfig.nodeSelector` object of the `DataProtectionApplication` (DPA) custom resource (CR). You can add more restrictions on the node agent pods scheduling by using the `nodeagent.loadAffinity` object in the DPA spec. * *Repository maintenance job affinity configurations:* You can use the repository maintenance job affinity configurations in the `DataProtectionApplication` (DPA) custom resource (CR) only if you use Kopia as the backup repository. @@ -42,129 +44,111 @@ link:https://issues.redhat.com/browse/OADP-6300[OADP-6300] You have the option to configure the load affinity at the global level affecting all repositories, or for each repository. You can also use a combination of global and per-repository configuration. * *Velero load affinity:* You can use the `podConfig.nodeSelector` object to assign the Velero pod to specific nodes. You can also configure the `velero.loadAffinity` object for pod-level affinity and anti-affinity. ++ link:https://issues.redhat.com/browse/OADP-5832[OADP-5832] -*Node agent load concurrency is available* - +Node agent load concurrency is available:: With this update, users can control the maximum number of node agent operations that can run simultaneously on each node within their cluster. It also enables better resource management, optimizing backup and restore workflows for improved performance and a more streamlined experience. [id="resolved-issues-1-5-1_{context}"] == Resolved issues -*`DataProtectionApplicationSpec` overflowed annotation limit, causing potential misconfiguration in deployments* - +`DataProtectionApplicationSpec` overflowed annotation limit, causing potential misconfiguration in deployments:: Before this update, the `DataProtectionApplicationSpec` used deprecated `PodAnnotations`, which led to an annotation limit overflow. This caused potential misconfigurations in deployments. In this release, we have added `PodConfig` for annotations in pods deployed by the Operator, ensuring consistent annotations and improved manageability for end users. As a result, deployments should now be more reliable and easier to manage. - ++ link:https://issues.redhat.com/browse/OADP-6454[OADP-6454] -*Root file system for {oadp-short} controller manager is now read-only* - +Root file system for {oadp-short} controller manager is now read-only:: Before this update, the `manager` container of the `openshift-adp-controller-manager-*` pod was configured to run with a writable root file system. As a consequence, this could allow for tampering with the container's file system or the writing of foreign executables. With this release, the container's security context has been updated to set the root file system to read-only while ensuring necessary functions that require write access, such as the Kopia cache, continue to operate correctly. As a result, the container is hardened against potential threats. -*`nonAdmin.enable: false` in multiple DPAs no longer causes reconcile issues* - +`nonAdmin.enable: false` in multiple DPAs no longer causes reconcile issues:: Before this update, when a user attempted to create a second non-admin `DataProtectionApplication` (DPA) on a cluster where one already existed, the new DPA failed to reconcile. With this release, the restriction on Non-Admin Controller installation to one per cluster has been removed. As a result, users can install multiple Non-Admin Controllers across the cluster without encountering errors. - ++ link:https://issues.redhat.com/browse/OADP-6500[OADP-6500] -*{oadp-short} supports self-signed certificates* - +{oadp-short} supports self-signed certificates:: Before this update, using a self-signed certificate for backup images with a storage provider such as Minio resulted in an `x509: certificate signed by unknown authority` error during the backup process. With this release, certificate validation has been updated to support self-signed certificates in {oadp-short}, ensuring successful backups. - ++ link:https://issues.redhat.com/browse/OADP-641[OADP-641] -*`velero describe` includes `defaultVolumesToFsBackup`* - +`velero describe` includes `defaultVolumesToFsBackup`:: Before this update, the `velero describe` output command omitted the `defaultVolumesToFsBackup` flag. This affected the visibility of backup configuration details for users. With this release, the `velero describe` output includes the `defaultVolumesToFsBackup` flag information, improving the visibility of backup settings. - ++ link:https://issues.redhat.com/browse/OADP-5762[OADP-5762] -*DPT CR no longer fail when `s3Url` is secured* - +DPT CR no longer fail when `s3Url` is secured:: Before this update, `DataProtectionTest` (DPT) failed to run when `s3Url` was secured due to an unverified certificate because the DPT CR lacked the ability to skip or add the caCert in the spec field. As a consequence, data upload failure occurred due to an unverified certificate. With this release, DPT CR has been updated to accept and skip CA cert in spec field, resolving SSL verification errors. As a result, DPT no longer fails when using secured `s3Url`. - ++ link:https://issues.redhat.com/browse/OADP-6235[OADP-6235] -*Adding a backupLocation to DPA with an existing backupLocation name is not rejected* - +Adding a backupLocation to DPA with an existing backupLocation name is not rejected:: Before this update, adding a second `backupLocation` with the same name in `DataProtectionApplication` (DPA) caused {oadp-short} to enter an invalid state, leading to Backup and Restore failures due to Velero's inability to read Secret credentials. As a consequence, Backup and Restore operations failed. With this release, the duplicate `backupLocation` names in DPA are no longer allowed, preventing Backup and Restore failures. As a result, duplicate `backupLocation` names are rejected, ensuring seamless data protection. - ++ link:https://issues.redhat.com/browse/OADP-6459[OADP-6459] [id="known-issues-1-5-1_{context}"] == Known issues -*The restore fails for backups created on OpenStack using the Cinder CSI driver* - +The restore fails for backups created on OpenStack using the Cinder CSI driver:: When you start a restore operation for a backup that was created on an OpenStack platform using the Cinder Container Storage Interface (CSI) driver, the initial backup only succeeds after the source application is manually scaled down. The restore job fails, preventing you from successfully recovering your application's data and state from the backup. No known workaround exists. - ++ link:https://issues.redhat.com/browse/OADP-5552[OADP-5552] -*Datamover pods scheduled on unexpected nodes during backup if the `nodeAgent.loadAffinity` parameter has many elements* - +Datamover pods scheduled on unexpected nodes during backup if the `nodeAgent.loadAffinity` parameter has many elements:: Due to an issue in Velero 1.14 and later, the {oadp-short} node-agent only processes the first `nodeSelector` element within the `loadAffinity` array. As a consequence, if you define multiple `nodeSelector` objects, all objects except the first are ignored, potentially causing datamover pods to be scheduled on unexpected nodes during a backup. - ++ To work around this problem, consolidate all required `matchExpressions` from multiple `nodeSelector` objects into the first `nodeSelector` object. As a result, all node affinity rules are correctly applied, ensuring datamover pods are scheduled to the appropriate nodes. - ++ link:https://issues.redhat.com/browse/OADP-6469[OADP-6469] -*{oadp-short} Backup fails when using CA certificates with aliased command* - +{oadp-short} Backup fails when using CA certificates with aliased command:: The CA certificate is not stored as a file on the running Velero container. As a consequence, the user experience degraded due to missing `caCert` in Velero container, requiring manual setup and downloads. To work around this problem, manually add cert to the Velero deployment. For instructions, see link:https://access.redhat.com/articles/5456281#using-cacert-with-velero-command-aliased-via-velero-deployment-48[Using cacert with velero command aliased via velero deployment]. - ++ link:https://issues.redhat.com/browse/OADP-4668[OADP-4668] -*The `nodeSelector` spec is not supported for the Data Mover restore action* - +The `nodeSelector` spec is not supported for the Data Mover restore action:: When a Data Protection Application (DPA) is created with the `nodeSelector` field set in the `nodeAgent` parameter, Data Mover restore partially fails instead of completing the restore operation. No known workaround exists. - ++ link:https://issues.redhat.com/browse/OADP-4743[OADP-4743] -*Image streams backups are partially failing when the DPA is configured with `caCert`* - +Image streams backups are partially failing when the DPA is configured with `caCert`:: An unverified certificate in the S3 connection during backups with `caCert` in `DataProtectionApplication` (DPA) causes the `ocp-django` application's backup to partially fail and result in data loss. No known workaround exists. - ++ link:https://issues.redhat.com/browse/OADP-4817[OADP-4817] -*Kopia does not delete cache on worker node* - +Kopia does not delete cache on worker node:: When the `ephemeral-storage` parameter is configured and running file system restore, the cache is not automatically deleted from the worker node. As a consequence, the `/var` partition overflows during backup restore, causing increased storage usage and potential resource exhaustion. To work around this problem, restart the node agent pod, which clears the cache. As a result, cache is deleted. - ++ link:https://issues.redhat.com/browse/OADP-4855[OADP-4855] -*{gcp-short} VSL backups fail with Workload Identity because of invalid project configuration* - +{gcp-short} VSL backups fail with Workload Identity because of invalid project configuration:: When performing a `volumeSnapshotLocation` (VSL) backup on {gcp-short} Workload Identity, the Velero {gcp-short} plugin creates an invalid API request if the {gcp-short} project is also specified in the `snapshotLocations` configuration of `DataProtectionApplication` (DPA). As a consequence, the {gcp-short} API returns a `RESOURCE_PROJECT_INVALID` error, and the backup job finishes with a `PartiallyFailed` status. No known workaround exists. - ++ link:https://issues.redhat.com/browse/OADP-6697[OADP-6697] -*VSL backups fail for `CloudStorage` API on AWS with STS* - +VSL backups fail for `CloudStorage` API on AWS with STS:: The `volumeSnapshotLocation` (VSL) backup fails because of missing the `AZURE_RESOURCE_GROUP` parameter in the credentials file, even if `AZURE_RESOURCE_GROUP` is already mentioned in the `DataProtectionApplication` (DPA) config for VSL. No known workaround exists. - ++ link:https://issues.redhat.com/browse/OADP-6676[OADP-6676] -*Backups of applications with `ImageStreams` fail on Azure with STS* - +Backups of applications with `ImageStreams` fail on Azure with STS:: When backing up applications that include image stream resources on an Azure cluster using STS, the {oadp-short} plugin incorrectly attempts to locate a secret-based credential for the container registry. As a consequence, the required secret is not found in the STS environment, causing the `ImageStream` custom backup action to fail. This results in the overall backup status marked as `PartiallyFailed`. No known workaround exists. - ++ link:https://issues.redhat.com/browse/OADP-6675[OADP-6675] -*DPA reconciliation fails for `CloudStorageRef` configuration* - +DPA reconciliation fails for `CloudStorageRef` configuration:: When a user creates a bucket and uses the `backupLocations.bucket.cloudStorageRef` configuration, bucket credentials are not present in the `DataProtectionApplication` (DPA) custom resource (CR). As a result, the DPA reconciliation fails even if bucket credentials are present in the `CloudStorage` CR. To work around this problem, add the same credentials to the `backupLocations` section of the DPA CR. - ++ link:https://issues.redhat.com/browse/OADP-6669[OADP-6669] [id="deprecated-features-1-5-1_{context}"] == Deprecated features -*The `configuration.restic` specification field has been deprecated* - +The `configuration.restic` specification field has been deprecated:: With {oadp-short} 1.5.0, the `configuration.restic` specification field has been deprecated. Use the `nodeAgent` section with the `uploaderType` field for selecting `kopia` or `restic` as a `uploaderType`. Note that Restic is deprecated in {oadp-short} 1.5.0. - ++ link:https://issues.redhat.com/browse/OADP-5158[OADP-5158] diff --git a/modules/oadp-1-5-2-release-notes.adoc b/modules/oadp-1-5-2-release-notes.adoc index 236695e31da1..8c7e0067f771 100644 --- a/modules/oadp-1-5-2-release-notes.adoc +++ b/modules/oadp-1-5-2-release-notes.adoc @@ -8,22 +8,24 @@ = OADP 1.5.2 release notes [role="_abstract"] -The {oadp-first} 1.5.2 release notes lists resolved issues. +The {oadp-first} 1.5.2 release notes list resolved issues. [id="resolved-issues-1-5-2_{context}"] == Resolved issues -*Self-signed certificate for internal image backup should not break other BSLs* - -Before this update, {oadp-short} would only process the first custom CA certificate found among all backup storage locations (BSLs) and apply it globally. This behavior prevented multiple BSLs with different CA certificates from working correctly. +Self-signed certificate for internal image backup should not break other BSLs:: +Before this update, {oadp-short} would only process the first custom CA certificate found among all backup storage locations (BSLs) and apply it globally. This behavior prevented multiple BSLs with different CA certificates from working correctly. Additionally, system-trusted certificates were not included, causing failures when connecting to standard services. ++ +-- With this update, {oadp-short} now: * Concatenates all unique CA certificates from {aws-short} BSLs into a single bundle. * Includes system-trusted certificates automatically. * Enables multiple BSLs with different custom CA certificates to operate simultaneously. * Only processes CA certificates when image backup is enabled (default behavior). - +-- ++ This enhancement improves compatibility for environments using multiple storage providers with different certificate requirements, particularly when backing up internal images to {aws-short} S3-compatible storage with self-signed certificates. - ++ link:https://issues.redhat.com/browse/OADP-6765[OADP-6765] diff --git a/modules/oadp-backing-up-dpa-configuration-1-4-0.adoc b/modules/oadp-backing-up-dpa-configuration-1-4-0.adoc deleted file mode 100644 index ebd6bad90bd9..000000000000 --- a/modules/oadp-backing-up-dpa-configuration-1-4-0.adoc +++ /dev/null @@ -1,19 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: PROCEDURE - -[id="oadp-backing-up-dpa-configuration-1-4-0_{context}"] -= Backing up the DPA configuration - -You must back up your current `DataProtectionApplication` (DPA) configuration. - -.Procedure -* Save your current DPA configuration by running the following command: -+ -.Example command -[source,terminal] ----- -$ oc get dpa -n openshift-adp -o yaml > dpa.orig.backup ----- \ No newline at end of file diff --git a/modules/oadp-upgrading-oadp-operator-1-4-0.adoc b/modules/oadp-upgrading-oadp-operator-1-4-0.adoc deleted file mode 100644 index 034913fc5b4e..000000000000 --- a/modules/oadp-upgrading-oadp-operator-1-4-0.adoc +++ /dev/null @@ -1,16 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-1-4-release-notes.adoc - -:_mod-docs-content-type: PROCEDURE - -[id="oadp-upgrading-dpa-operator-1-4-0_{context}"] -= Upgrading the OADP Operator - -Use the following procedure when upgrading the {oadp-first} Operator. - -.Procedure - -. Change your subscription channel for the OADP Operator from `stable-1.3` to `stable-1.4`. -. Wait for the Operator and containers to update and restart. - diff --git a/modules/oadp-verifying-upgrade-1-4-0.adoc b/modules/oadp-verifying-upgrade-1-4-0.adoc deleted file mode 100644 index d34757845f28..000000000000 --- a/modules/oadp-verifying-upgrade-1-4-0.adoc +++ /dev/null @@ -1,73 +0,0 @@ -// Module included in the following assemblies: -// -// * backup_and_restore/oadp-release-notes-1-4.adoc - -:_mod-docs-content-type: PROCEDURE - -[id="verifying-upgrade-1-4-0_{context}"] -= Verifying the upgrade - -Use the following procedure to verify the upgrade. - -.Procedure - -. Verify the installation by viewing the {oadp-first} resources by running the following command: -+ -[source,terminal] ----- -$ oc get all -n openshift-adp ----- -+ -.Example output -+ ----- -NAME READY STATUS RESTARTS AGE -pod/oadp-operator-controller-manager-67d9494d47-6l8z8 2/2 Running 0 2m8s -pod/restic-9cq4q 1/1 Running 0 94s -pod/restic-m4lts 1/1 Running 0 94s -pod/restic-pv4kr 1/1 Running 0 95s -pod/velero-588db7f655-n842v 1/1 Running 0 95s - -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/oadp-operator-controller-manager-metrics-service ClusterIP 172.30.70.140 8443/TCP 2m8s - -NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE -daemonset.apps/restic 3 3 3 3 3 96s - -NAME READY UP-TO-DATE AVAILABLE AGE -deployment.apps/oadp-operator-controller-manager 1/1 1 1 2m9s -deployment.apps/velero 1/1 1 1 96s - -NAME DESIRED CURRENT READY AGE -replicaset.apps/oadp-operator-controller-manager-67d9494d47 1 1 1 2m9s -replicaset.apps/velero-588db7f655 1 1 1 96s ----- - -. Verify that the `DataProtectionApplication` (DPA) is reconciled by running the following command: -+ -[source,terminal] ----- -$ oc get dpa dpa-sample -n openshift-adp -o jsonpath='{.status}' ----- -.Example output -[source,yaml] -+ ----- -{"conditions":[{"lastTransitionTime":"2023-10-27T01:23:57Z","message":"Reconcile complete","reason":"Complete","status":"True","type":"Reconciled"}]} ----- - -. Verify the `type` is set to `Reconciled`. - -. Verify the backup storage location and confirm that the `PHASE` is `Available` by running the following command: -+ -[source,terminal] ----- -$ oc get backupstoragelocations.velero.io -n openshift-adp ----- -.Example output -[source,yaml] -+ ----- -NAME PHASE LAST VALIDATED AGE DEFAULT -dpa-sample-1 Available 1s 3d16h true ----- diff --git a/modules/oadp-verifying-upgrade-1-5-0.adoc b/modules/oadp-verifying-upgrade-1-5-0.adoc index 6830d1bc0ad8..759441706553 100644 --- a/modules/oadp-verifying-upgrade-1-5-0.adoc +++ b/modules/oadp-verifying-upgrade-1-5-0.adoc @@ -19,7 +19,7 @@ $ oc get dpa dpa-sample -n openshift-adp ---- + .Example output -+ +[source,terminal] ---- NAME RECONCILED AGE dpa-sample True 2m51s @@ -38,7 +38,7 @@ $ oc get all -n openshift-adp ---- + .Example output -+ +[source,terminal] ---- NAME READY STATUS RESTARTS AGE pod/node-agent-9pjz9 1/1 Running 0 3d17h @@ -78,9 +78,9 @@ In {oadp-short} 1.4.0 and {oadp-short} 1.3.0 version, the `node-agent` pods are ---- $ oc get backupstoragelocations.velero.io -n openshift-adp ---- -.Example output -[source,yaml] + +.Example output +[source,terminal] ---- NAME PHASE LAST VALIDATED AGE DEFAULT dpa-sample-1 Available 1s 3d16h true diff --git a/release_notes/addtl-release-notes.adoc b/release_notes/addtl-release-notes.adoc index fc48f6a831de..13eccc394577 100644 --- a/release_notes/addtl-release-notes.adoc +++ b/release_notes/addtl-release-notes.adoc @@ -67,7 +67,7 @@ xref:../observability/network_observability/network-observability-operator-relea xref:../security/nbde_tang_server_operator/nbde-tang-server-operator-release-notes.adoc#nbde-tang-server-operator-release-notes[Network-bound Disk Encryption (NBDE) Tang Server Operator] O:: -xref:../backup_and_restore/application_backup_and_restore/release-notes/oadp-1-4-release-notes.adoc#oadp-1-4-release-notes[{oadp-first}] +xref:../backup_and_restore/application_backup_and_restore/release-notes/oadp-1-5-release-notes.adoc#oadp-1-5-release-notes[{oadp-first}] + link:https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/#Release%20Notes[{openshift-dev-spaces-productname}] +