Restoring vault#
Pre-requisites#
Unseal keys and root token for the snapshot
Project admin access to the namespace being restored (referred to as
${VAULT_NS}
in this doc)Vault CLI
Kustomize CLI
OC CLI
Steps#
Retrieve the most recent Vault Snapshot from one of the following locations:
Snapshot Backup S3 bucket on Smaug Cluster. Use this s3 endpoint: s3-openshift-storage.apps.smaug.na.operate-first.cloud
Snapshot Backup PVC here. You can use this pod to access the pvc.
Login to an OCP cluster
Go to operate-first/apps
Find the overlay needing to be deployed
Navigate to this cluster overlay and run
kustomize build . | oc -n ${VAULT_NS} apply -f -
Follow the instructions here, ignoring the
helm install..
portionUse
http://opf-vault-0.opf-vault-internal:8200
when joiningopf-vault-1
andopv-vault-0
So far we’ve installed a new Vault instance, to restore an instance from our old backup:
Login to the new instance:
vault login -address=$VAULT_ADDR
, use the root token to log inFollow the instructions here to restore the snapshot
Login to each pod again and unseal using the unseal keys for the snapshot vault.