如何为你的备份用户设置 OpenStack 储存?

简介:

本章将示範如何为你的备份用户在 OpenStack 上设置 OpenStack 的储存容器。

如果你未曾接触过 OpenStack,你应该先参考他们在 http://docs.openstack.org/ 的常规设置文档。

如果你已经有一个正在运行的 OpenStack,你可以按照我们的步骤来为你的备份用户设置存储。我们将指导你完成以下的步骤:

在完成这些步骤後,备份客户端便能够自动使用存储容器。



假设:

这是在下列实例中使用的 OpenStack 版本:


这是在下列实例中使用的值 Here are the values used in the following examples:


注: Keystone admin 令牌的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的变量名 "admin_token" 找到。



要求和准备:

请在安装一个租户(项目),用户,角色和存储配额等之前把下列的变量在 bash 配置文件中配置好。

在 .bash_profile 中添加环境变量

例如 (/root/.bash_profile)
----------------------------------------------------------------------------------------------------
    :
    :
  修剪
    :
    :
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=mybackup
export OS_AUTH_URL=http://10.7.54.7:5000/v2.0
export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0
export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea
    :
    :
  修剪
    :
    :
----------------------------------------------------------------------------------------------------

请重新登录,配置文件方能生效。

注: OS_SERVICE_TOKEN 的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的变量名 "admin_token" 找到。



配置:

步骤 1: 为 "mybackup" 建立一个租户(项目)

使用方法: keystone tenant-create --name <tenant-name> --description <tenant-description>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-create --name mybackup --description 'mybackup Project'
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |        mybackup Project          |
|   enabled   |               True               |
|      id     | b769bfb2de75490088d8af7b7483e8f8 |
|     name    |             mybackup             |
+-------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


请以下面的指令核实租户(项目)的设置:

使用方法: keystone tenant-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+--------------------+---------+
|                id                |        name        | enabled |
+----------------------------------+--------------------+---------+
| 6fe9e9d101df4b69944f7d4c40d15116 |       admin        |   True  |
| 3880c8dbf75040e9b78a44b6becdcd78 |      alt_demo      |   True  |
| b769bfb2de75490088d8af7b7483e8f8 |      mybackup      |   True  |
| e43182f5ad57464e9d08052d872adf34 |        demo        |   True  |
| ca35c74d6ec54dfabb0a1f9946d43da6 |      services      |   True  |
+----------------------------------+--------------------+---------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想删除一个租户(项目):

使用方法: keystone tenant-delete <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-delete mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------

警告: 由此租户(项目)建立的所有对象都将被删除;包括用户,角色,存储容器。由於指令执行时没有确认讯息,请小心处理此指令。





步骤 2: 用户角色

为 "mybackup" 租户建立一个名为 mybackup-role 的用户角色。

使用方法: keystone role-create --name <role-name>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-create --name mybackup-role 
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 5973dc8f56b34c0ebc748c969b5ea20b |
|   name   |          mybackup-role           |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


请以下面的指令核实用户角色的设置:

使用方法: keystone role-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-----------------+
|                id                |       name      |
+----------------------------------+-----------------+
| 464e592192554bdd8201b367997886f1 |  ResellerAdmin  |
| e34c3a339a924180b07e2099842c727f |  SwiftOperator  |
| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_    |
| 3e61686683c94fd9a24beab378dfef81 |      admin      |
| 5973dc8f56b34c0ebc748c969b5ea20b |  mybackup-role  |
+----------------------------------+-----------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想删除用户角色:

使用方法: keystone role-delete <role>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-delete mybackup-role
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




步骤 3: 建立一个新用户

建立一个新用户,例如, user1,而其默认租户(项目)已在上一步建立为 mybackup。 建议为每个备份用户建立的新用户。

使用方法: keystone user-create --name <user-name> --tenant <tenant> --pass <user password> --email <user email>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-create --name user1 --tenant mybackup --pass abc123$% --email user1@abc.com
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |          user1@abc.com           |
| enabled  |               True               |
|    id    | df2a64b224ec4d298c4d32661738194d |
|   name   |              user1               |
| tenantId | b769bfb2de75490088d8af7b7483e8f8 |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


请以下面的指令核实用户的设置:

使用方法: keystone user-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+------------+---------+------------------------+
|                id                |    name    | enabled |         email          |
+----------------------------------+------------+---------+------------------------+
| 70a0cf53001d4798b02aae61e935e5df |   admin    |   True  |     test@test.com      |
| 1b763f0cc253419597f7aae76041c39b |  alt_demo  |   True  |                        |
| 8d21745db067410ba44f11400adc8a50 | ceilometer |   True  |  ceilometer@localhost  |
| e370793a075148609116cc35ba01c216 |   cinder   |   True  |    cinder@localhost    |
| e7cc62d800f349fc92100521f184ccec |    demo    |   True  |                        |
| 30786a08d6004ab28556acae5ee20d56 |   glance   |   True  |    glance@localhost    |
| 578a16a390b14da3a9cf2f158535e353 |  neutron   |   True  |   neutron@localhost    |
| fd73f4613ed54710a82c6a90fbfb8ff8 |    nova    |   True  |     nova@localhost     |
| 516ea23e239d48cdba8708754e0115c1 |   swift    |   True  |    swift@localhost     |
| df2a64b224ec4d298c4d32661738194d |   user1    |   True  |     user1@abc.com      |
+----------------------------------+------------+---------+------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想更新一个用户的密码:

使用方法: keystone user-password-update --pass <new password> <user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-password-update --pass 123456 user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想更新一个用户资料:

使用方法: keystone user-update --name <new user-name> --email <new email> --enabled <true|false> <existing-user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-update --name user2 --email user2@abc.com --enabled true user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
User has been updated.
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想删除一个用户:

使用方法: keystone user-delete <user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-delete user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




步骤 4: 为备份客户端建立一个用户的角色并映射用户到备份客户端

映射 user1 於上一步中建立的角色。

使用方法: keystone user-role-add --user <user> --role <role> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-add --user user1 --role mybackup-role --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


请以下面的指令核实该用户的角色设置:

使用方法: keystone user-role-list --user <user> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-list --user user1 --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-------------+----------------------------------+----------------------------------+
|                id                |     name    |             user_id              |            tenant_id             |
+----------------------------------+-------------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab |   _member_  | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 |  
| 5973dc8f56b34c0ebc748c969b5ea20b |   mybackup  | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 |
+----------------------------------+-------------+----------------------------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想删除该用户的角色:

使用方法: keystone user-role-remove --user <user> --role <role> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-remove --user user1 --role mybackup-role --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




步骤 5: 建立存储容器

管理员需要为不同的备份用户建立存储容器来存储该用户的数据。建议你使用用户名称为 mybackup 租户(项目)的容器名称,并授予该用户可以在容器中有读/写权限。 这样就简化了备份用户在备份客户端存储目标的设置。

使用方法: swift post <container name> -r $OS_TENANT_NAME:<user> -w $OS_TENANT_NAME:<user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post user1 -r $OS_TENANT_NAME:user1 -w $OS_TENANT_NAME:user1
[root@os ~]#
----------------------------------------------------------------------------------------------------


请以下面的指令核实存储容器设置:

使用方法: swift stat <user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift stat user1
       Account: AUTH_49f2482ecff9431bae1d32fa2a004026
     Container: user1
       Objects: 0
         Bytes: 0
      Read ACL: mybackup:user1
     Write ACL: mybackup:user1
       Sync To:
      Sync Key:
 Accept-Ranges: bytes
   X-Timestamp: 1412578586.50844
  Content-Type: text/plain; charset=utf-8
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想删除一个存储容器:

使用方法: swift delete <container>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift delete user1
1390527034510/files/2014-10-21-12-00-00/437b40c7/5e7e48e1/_$folder$
1390527034510/files/2014-10-20-12-00-00/_$folder$
    :
    :
    :
  修剪
    :
    :
    :
----------------------------------------------------------------------------------------------------

警告:上传到这个存储容器中的所有档案将被删除。由於指令执行时没有确认讯息,请小心处理此指令。





相关主题