From fa000786cf3c8c245c7c60f74dcb63f91b357c74 Mon Sep 17 00:00:00 2001 From: Shruti Deshpande Date: Thu, 5 Feb 2026 13:29:55 +0530 Subject: [PATCH] fix callouts and dita errors Signed-off-by: Shruti Deshpande --- .../overriding-kopia-algorithms.adoc | 2 +- .../oadp-kopia-algorithms-benchmarking.adoc | 112 +++++++---------- .../oadp-kopia-configuring-algorithms.adoc | 38 +++--- ...adp-usecase-kopia-override-algorithms.adoc | 117 +++++++++--------- 4 files changed, 118 insertions(+), 151 deletions(-) diff --git a/backup_and_restore/application_backup_and_restore/installing/overriding-kopia-algorithms.adoc b/backup_and_restore/application_backup_and_restore/installing/overriding-kopia-algorithms.adoc index 69058c10ddce..d0b35ec28cab 100644 --- a/backup_and_restore/application_backup_and_restore/installing/overriding-kopia-algorithms.adoc +++ b/backup_and_restore/application_backup_and_restore/installing/overriding-kopia-algorithms.adoc @@ -8,7 +8,7 @@ include::_attributes/common-attributes.adoc[] toc::[] [role="_abstract"] -You can override the default values of Kopia hashing, encryption, and splitter algorithms by using specific environment variables in the Data Protection Application (DPA). +Override the default values of Kopia hashing, encryption, and splitter algorithms by using specific environment variables in the Data Protection Application (DPA). // configuring the DPA with Kopia environment variables include::modules/oadp-kopia-configuring-algorithms.adoc[leveloffset=+1] diff --git a/modules/oadp-kopia-algorithms-benchmarking.adoc b/modules/oadp-kopia-algorithms-benchmarking.adoc index e6314d2a9d7a..c430a808dea2 100644 --- a/modules/oadp-kopia-algorithms-benchmarking.adoc +++ b/modules/oadp-kopia-algorithms-benchmarking.adoc @@ -7,7 +7,9 @@ = Benchmarking Kopia hashing, encryption, and splitter algorithms [role="_abstract"] -You can run Kopia commands to benchmark the hashing, encryption, and splitter algorithms. Based on the benchmarking results, you can select the most suitable algorithm for your workload. In this procedure, you run the Kopia benchmarking commands from a pod on the cluster. The benchmarking results can vary depending on CPU speed, available RAM, disk speed, current I/O load, and so on. +Run Kopia commands to benchmark the hashing, encryption, and splitter algorithms. Based on the benchmarking results, you can select the most suitable algorithm for your workload. You run the Kopia benchmarking commands from a pod on the cluster. The benchmarking results can vary depending on CPU speed, available RAM, disk speed, current I/O load, and so on. + +include::snippets/kopia-repo-config.adoc[] .Prerequisites @@ -15,14 +17,14 @@ You can run Kopia commands to benchmark the hashing, encryption, and splitter al * You have an application with persistent volumes running in a separate namespace. * You have run a backup of the application with Container Storage Interface (CSI) snapshots. -include::snippets/kopia-repo-config.adoc[] + .Procedure . Configure the `must-gather` pod as shown in the following example. Make sure you are using the `oadp-mustgather` image for {oadp-short} version 1.3 and later. + .Example pod configuration -+ + [source,yaml] ---- apiVersion: v1 @@ -39,19 +41,18 @@ spec: args: ["infinity"] ---- + -[NOTE] -===== The Kopia client is available in the `oadp-mustgather` image. -===== -+ + + . Create the pod by running the following command: + [source,terminal] ---- -$ oc apply -f # <1> +$ oc apply -f ---- -<1> Specify the name of the YAML file for the pod configuration. -+ +Replace `` with the name of the YAML file for the pod configuration. + + . Verify that the Security Context Constraints (SCC) on the pod is `anyuid`, so that Kopia can connect to the repository. + [source,terminal] @@ -60,43 +61,46 @@ $ oc describe pod/oadp-mustgather-pod | grep scc ---- + .Example output -+ + [source,terminal] ---- openshift.io/scc: anyuid ---- -+ + . Connect to the pod via SSH by running the following command: + [source,terminal] ---- $ oc -n openshift-adp rsh pod/oadp-mustgather-pod ---- -+ + . Connect to the Kopia repository by running the following command: + [source,terminal] ---- sh-5.1# kopia repository connect s3 \ - --bucket= \ # <1> - --prefix=velero/kopia/ \ # <2> - --password=static-passw0rd \ # <3> - --access-key="" \ # <4> - --secret-access-key="" \ # <5> - --endpoint= \ # <6> ----- -<1> Specify the object storage provider bucket name. -<2> Specify the namespace for the application. -<3> This is the Kopia password to connect to the repository. -<4> Specify the object storage provider access key. -<5> Specify the object storage provider secret access key. -<6> Specify the bucket endpoint. You do not need to specify the bucket endpoint, if you are using {aws-short} S3 as the storage provider. + --bucket= \ + --prefix=velero/kopia/ \ + --password=static-passw0rd \ + --access-key="" \ + --secret-access-key="" \ + --endpoint= +---- ++ +where: ++ +``:: Specifies the object storage provider bucket name. +``:: Specifies the namespace for the application. +`static-passw0rd`:: This is the Kopia password to connect to the repository. +``:: Specifies the object storage provider access key. +``:: Specifies the object storage provider secret access key. +``:: Specifies the bucket endpoint. You do not need to specify the bucket endpoint, if you are using {aws-short} S3 as the storage provider. + + -[NOTE] -==== + This is an example command. The command can vary based on the object storage provider. -==== -+ + + . To benchmark the hashing algorithm, run the following command: + [source,terminal] @@ -109,32 +113,11 @@ sh-5.1# kopia benchmark hashing ---- Benchmarking hash 'BLAKE2B-256' (100 x 1048576 bytes, parallelism 1) Benchmarking hash 'BLAKE2B-256-128' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'BLAKE2S-128' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'BLAKE2S-256' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'BLAKE3-256' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'BLAKE3-256-128' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'HMAC-SHA224' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'HMAC-SHA256' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'HMAC-SHA256-128' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'HMAC-SHA3-224' (100 x 1048576 bytes, parallelism 1) -Benchmarking hash 'HMAC-SHA3-256' (100 x 1048576 bytes, parallelism 1) - Hash Throughput ------------------------------------------------------------------ - 0. BLAKE3-256 15.3 GB / second - 1. BLAKE3-256-128 15.2 GB / second - 2. HMAC-SHA256-128 6.4 GB / second - 3. HMAC-SHA256 6.4 GB / second - 4. HMAC-SHA224 6.4 GB / second - 5. BLAKE2B-256-128 4.2 GB / second - 6. BLAKE2B-256 4.1 GB / second - 7. BLAKE2S-256 2.9 GB / second - 8. BLAKE2S-128 2.9 GB / second - 9. HMAC-SHA3-224 1.6 GB / second - 10. HMAC-SHA3-256 1.5 GB / second ------------------------------------------------------------------ + + Fastest option for this machine is: --block-hash=BLAKE3-256 ---- -+ + . To benchmark the encryption algorithm, run the following command: + [source,terminal] @@ -145,16 +128,12 @@ sh-5.1# kopia benchmark encryption .Example output [source,terminal] ---- -Benchmarking encryption 'AES256-GCM-HMAC-SHA256'... (1000 x 1048576 bytes, parallelism 1) -Benchmarking encryption 'CHACHA20-POLY1305-HMAC-SHA256'... (1000 x 1048576 bytes, parallelism 1) - Encryption Throughput ------------------------------------------------------------------ - 0. AES256-GCM-HMAC-SHA256 2.2 GB / second - 1. CHACHA20-POLY1305-HMAC-SHA256 1.8 GB / second ------------------------------------------------------------------ +Benchmarking encryption 'AES256-GCM-HMAC-SHA256' +Benchmarking encryption 'CHACHA20-POLY1305-HMAC-SHA256' + Fastest option for this machine is: --encryption=AES256-GCM-HMAC-SHA256 ---- -+ + . To benchmark the splitter algorithm, run the following command: + [source,terminal] @@ -169,13 +148,6 @@ splitting 16 blocks of 32MiB each, parallelism 1 DYNAMIC 747.6 MB/s count:107 min:9467 10th:2277562 25th:2971794 50th:4747177 75th:7603998 90th:8388608 max:8388608 DYNAMIC-128K-BUZHASH 718.5 MB/s count:3183 min:3076 10th:80896 25th:104312 50th:157621 75th:249115 90th:262144 max:262144 DYNAMIC-128K-RABINKARP 164.4 MB/s count:3160 min:9667 10th:80098 25th:106626 50th:162269 75th:250655 90th:262144 max:262144 -# ... -FIXED-512K 102.9 TB/s count:1024 min:524288 10th:524288 25th:524288 50th:524288 75th:524288 90th:524288 max:524288 -FIXED-8M 566.3 TB/s count:64 min:8388608 10th:8388608 25th:8388608 50th:8388608 75th:8388608 90th:8388608 max:8388608 ------------------------------------------------------------------ - 0. FIXED-8M 566.3 TB/s count:64 min:8388608 10th:8388608 25th:8388608 50th:8388608 75th:8388608 90th:8388608 max:8388608 - 1. FIXED-4M 425.8 TB/s count:128 min:4194304 10th:4194304 25th:4194304 50th:4194304 75th:4194304 90th:4194304 max:4194304 - # ... - 22. DYNAMIC-128K-RABINKARP 164.4 MB/s count:3160 min:9667 10th:80098 25th:106626 50th:162269 75th:250655 90th:262144 max:262144 + ---- diff --git a/modules/oadp-kopia-configuring-algorithms.adoc b/modules/oadp-kopia-configuring-algorithms.adoc index e5f3f5118de5..2401cad4098e 100644 --- a/modules/oadp-kopia-configuring-algorithms.adoc +++ b/modules/oadp-kopia-configuring-algorithms.adoc @@ -7,24 +7,21 @@ = Configuring the DPA to override Kopia hashing, encryption, and splitter algorithms [role="_abstract"] -You can use an {oadp-first} option to override the default Kopia algorithms for hashing, encryption, and splitter to improve Kopia performance or to compare performance metrics. You can set the following environment variables in the `spec.configuration.velero.podConfig.env` section of the DPA: +Configure the Data Protection Application (DPA) to override the default Kopia hashing, encryption, and splitter algorithms by setting environment variables in the Velero pod configuration. This helps you improve Kopia performance and compare performance metrics for your backup operations. -* `KOPIA_HASHING_ALGORITHM` -* `KOPIA_ENCRYPTION_ALGORITHM` -* `KOPIA_SPLITTER_ALGORITHM` +include::snippets/kopia-repo-config.adoc[] .Prerequisites * You have installed the {oadp-short} Operator. * You have created the secret by using the credentials provided by the cloud provider. -include::snippets/kopia-repo-config.adoc[] - .Procedure * Configure the DPA with the environment variables for hashing, encryption, and splitter as shown in the following example. + + -.Example DPA + [source,yaml] ---- apiVersion: oadp.openshift.io/v1alpha1 @@ -32,26 +29,29 @@ kind: DataProtectionApplication #... configuration: nodeAgent: - enable: true # <1> - uploaderType: kopia # <2> + enable: true + uploaderType: kopia velero: defaultPlugins: - openshift - aws - - csi #<3> + - csi defaultSnapshotMoveData: true podConfig: env: - name: KOPIA_HASHING_ALGORITHM - value: # <4> + value: - name: KOPIA_ENCRYPTION_ALGORITHM - value: # <5> + value: - name: KOPIA_SPLITTER_ALGORITHM - value: # <6> + value: ---- -<1> Enable the `nodeAgent`. -<2> Specify the `uploaderType` as `kopia`. -<3> Include the `csi` plugin. -<4> Specify a hashing algorithm. For example, `BLAKE3-256`. -<5> Specify an encryption algorithm. For example, `CHACHA20-POLY1305-HMAC-SHA256`. -<6> Specify a splitter algorithm. For example, `DYNAMIC-8M-RABINKARP`. ++ +where: + +`enable`:: Set to `true` to enable the `nodeAgent`. +`uploaderType`:: Specifies the uploader type as `kopia`. +`csi`:: Include the `csi` plugin. +``:: Specifies a hashing algorithm. For example, `BLAKE3-256`. +``:: Specifies an encryption algorithm. For example, `CHACHA20-POLY1305-HMAC-SHA256`. +``:: Specifies a splitter algorithm. For example, `DYNAMIC-8M-RABINKARP`. diff --git a/modules/oadp-usecase-kopia-override-algorithms.adoc b/modules/oadp-usecase-kopia-override-algorithms.adoc index a6cfc54fc657..f198e9a7bb82 100644 --- a/modules/oadp-usecase-kopia-override-algorithms.adoc +++ b/modules/oadp-usecase-kopia-override-algorithms.adoc @@ -7,7 +7,7 @@ = Use case for overriding Kopia hashing, encryption, and splitter algorithms [role="_abstract"] -The use case example demonstrates taking a backup of an application by using Kopia environment variables for hashing, encryption, and splitter. You store the backup in an {aws-short} S3 bucket. You then verify the environment variables by connecting to the Kopia repository. +Back up an application by using Kopia environment variables for hashing, encryption, and splitter. Store the backup in an {aws-short} S3 bucket and verify the environment variables by connecting to the Kopia repository. .Prerequisites @@ -26,7 +26,7 @@ The use case example demonstrates taking a backup of an application by using Kop apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: -name: # <1> +name: namespace: openshift-adp spec: backupLocations: @@ -34,13 +34,13 @@ backupLocations: velero: config: profile: default - region: # <2> + region: credential: key: cloud - name: cloud-credentials # <3> + name: cloud-credentials default: true objectStorage: - bucket: # <4> + bucket: prefix: velero provider: aws configuration: @@ -51,34 +51,37 @@ configuration: defaultPlugins: - openshift - aws - - csi # <5> + - csi defaultSnapshotMoveData: true podConfig: env: - name: KOPIA_HASHING_ALGORITHM - value: BLAKE3-256 # <6> + value: BLAKE3-256 - name: KOPIA_ENCRYPTION_ALGORITHM - value: CHACHA20-POLY1305-HMAC-SHA256 # <7> + value: CHACHA20-POLY1305-HMAC-SHA256 - name: KOPIA_SPLITTER_ALGORITHM - value: DYNAMIC-8M-RABINKARP # <8> ----- -<1> Specify a name for the DPA. -<2> Specify the region for the backup storage location. -<3> Specify the name of the default `Secret` object. -<4> Specify the AWS S3 bucket name. -<5> Include the `csi` plugin. -<6> Specify the hashing algorithm as `BLAKE3-256`. -<7> Specify the encryption algorithm as `CHACHA20-POLY1305-HMAC-SHA256`. -<8> Specify the splitter algorithm as `DYNAMIC-8M-RABINKARP`. + value: DYNAMIC-8M-RABINKARP +---- ++ +where: + +``:: Specifies a name for the DPA. +``:: Specifies the region for the backup storage location. +`cloud-credentials`:: Specifies the name of the default `Secret` object. +``:: Specifies the AWS S3 bucket name. +`csi`:: Include the `csi` plugin. +`BLAKE3-256`:: Specifies the hashing algorithm as `BLAKE3-256`. +`CHACHA20-POLY1305-HMAC-SHA256`:: Specifies the encryption algorithm as `CHACHA20-POLY1305-HMAC-SHA256`. +`DYNAMIC-8M-RABINKARP`:: Specifies the splitter algorithm as `DYNAMIC-8M-RABINKARP`. + . Create the DPA by running the following command: + [source,terminal] ---- -$ oc create -f # <1> +$ oc create -f ---- -<1> Specify the file name of the DPA you configured. +Replace `` with the file name of the DPA you configured. . Verify that the DPA has reconciled by running the following command: + @@ -86,10 +89,10 @@ $ oc create -f # <1> ---- $ oc get dpa -o yaml ---- -+ + . Create a backup CR as shown in the following example: + -.Example backup CR + [source,yaml] ---- apiVersion: velero.io/v1 @@ -99,26 +102,28 @@ metadata: namespace: openshift-adp spec: includedNamespaces: - - # <1> + - defaultVolumesToFsBackup: true ---- -<1> Specify the namespace for the application installed in the cluster. +Replace `` with the namespace for the application installed in the cluster. . Create a backup by running the following command: + [source,terminal] ---- -$ oc apply -f # <1> +$ oc apply -f ---- -<1> Specify the name of the backup CR file. -+ +Replace `` with the name of the backup CR file. + + . Verify that the backup completed by running the following command: + [source,terminal] ---- -$ oc get backups.velero.io -o yaml # <1> +$ oc get backups.velero.io -o yaml ---- -<1> Specify the name of the backup. +Replace `` with the name of the backup. + .Verification . Connect to the Kopia repository by running the following command: @@ -126,54 +131,44 @@ $ oc get backups.velero.io -o yaml # <1> [source,terminal] ---- $ kopia repository connect s3 \ - --bucket= \ # <1> - --prefix=velero/kopia/ \ # <2> - --password=static-passw0rd \ # <3> - --access-key="" \ # <4> - --secret-access-key="" \ # <5> ----- -<1> Specify the AWS S3 bucket name. -<2> Specify the namespace for the application. -<3> This is the Kopia password to connect to the repository. -<4> Specify the AWS S3 access key. -<5> Specify the AWS S3 storage provider secret access key. + --bucket= \ + --prefix=velero/kopia/ \ + --password=static-passw0rd \ + --access-key="" \ + --secret-access-key="" +---- + -[NOTE] -==== -If you are using a storage provider other than AWS S3, you will need to add `--endpoint`, the bucket endpoint URL parameter, to the command. -==== +where: + +``:: Specifies the AWS S3 bucket name. +``:: Specifies the namespace for the application. +`static-passw0rd`:: This is the Kopia password to connect to the repository. +``:: Specifies the AWS S3 access key. +``:: Specifies the AWS S3 storage provider secret access key. + + + +If you are using a storage provider other than AWS S3, you will need to add `--endpoint`, the bucket endpoint URL parameter, to the command. + + . Verify that Kopia uses the environment variables that are configured in the DPA for the backup by running the following command: + + [source,terminal] ---- $ kopia repository status ---- + + + .Example output [source,terminal] ---- -Config file: /../.config/kopia/repository.config - -Description: Repository in S3: s3.amazonaws.com -# ... -Storage type: s3 -Storage capacity: unbounded -Storage config: { - "bucket": , - "prefix": "velero/kopia//", - "endpoint": "s3.amazonaws.com", - "accessKeyID": , - "secretAccessKey": "****************************************", - "sessionToken": "" - } - -Unique ID: 58....aeb0 Hash: BLAKE3-256 Encryption: CHACHA20-POLY1305-HMAC-SHA256 Splitter: DYNAMIC-8M-RABINKARP Format version: 3 -# ... + ---- +