How to setup OpenStack storage for backup users?

Introduction:

This chapter will show you how to setup the storage in the OpenStack for your backup users to backup on OpenStack storage container.

If you are new to OpenStack, you should check with their documentation on general setup available at http://docs.openstack.org/

If you already have a running OpenStack, you can follow our steps to setup the storage for your backup users. Our steps will guide you to complete the followings:

After you have completed these steps, the backup client will be able to use the containers automatically.



Assumptions:

Here are the OpenStack version used in the following examples:


Here are the values used in the following examples:


Note: The value of the Keystone admin token can be found in the variable name "admin_token" defined inside the keystone configuration file at /etc/keystone/keystone.conf .



Requirements and preparations:

Please setup the following variables in bash profile before you setup a tenant (project), user, roles and storage quota etc.

Add the environment variable in the .bash_profile

Example (/root/.bash_profile)
----------------------------------------------------------------------------------------------------
    :
    :
  Trimmed
    :
    :
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=mybackup
export OS_AUTH_URL=http://10.7.54.7:5000/v2.0
export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0
export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea
    :
    :
  Trimmed
    :
    :
----------------------------------------------------------------------------------------------------

Please login again for profile to take effect.

Note: The value of the OS_SERVICE_TOKEN can be found in the variable name "admin_token" defined inside the keystone configuration file at /etc/keystone/keystone.conf .



Setup:

Step 1: Create a tenant (project) for "mybackup"

Usage: keystone tenant-create --name <tenant-name> --description <tenant-description>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-create --name mybackup --description 'mybackup Project'
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |        mybackup Project          |
|   enabled   |               True               |
|      id     | b769bfb2de75490088d8af7b7483e8f8 |
|     name    |             mybackup             |
+-------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


Please verify the tenant (project) setup by the following command:

Usage: keystone tenant-list

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+--------------------+---------+
|                id                |        name        | enabled |
+----------------------------------+--------------------+---------+
| 6fe9e9d101df4b69944f7d4c40d15116 |       admin        |   True  |
| 3880c8dbf75040e9b78a44b6becdcd78 |      alt_demo      |   True  |
| b769bfb2de75490088d8af7b7483e8f8 |      mybackup      |   True  |
| e43182f5ad57464e9d08052d872adf34 |        demo        |   True  |
| ca35c74d6ec54dfabb0a1f9946d43da6 |      services      |   True  |
+----------------------------------+--------------------+---------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to remove a tenant (project):

Usage: keystone tenant-delete <tenant>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-delete mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------

Warning: Any objects created under this tenant (project) will be removed; including users, roles, container storages. As there is no confirmation in the command line, please handle this command with care.





Step 2: Create a user role

Create a role called mybackup-role for all users who use the "mybackup" tenant.

Usage: keystone role-create --name <role-name>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-create --name mybackup-role 
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 5973dc8f56b34c0ebc748c969b5ea20b |
|   name   |          mybackup-role           |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


Please verify the role setup by the following command:

Usage: keystone role-list

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-----------------+
|                id                |       name      |
+----------------------------------+-----------------+
| 464e592192554bdd8201b367997886f1 |  ResellerAdmin  |
| e34c3a339a924180b07e2099842c727f |  SwiftOperator  |
| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_    |
| 3e61686683c94fd9a24beab378dfef81 |      admin      |
| 5973dc8f56b34c0ebc748c969b5ea20b |  mybackup-role  |
+----------------------------------+-----------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to remove the role:

Usage: keystone role-delete <role>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-delete mybackup-role
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




Step 3: Create a new user

Create a new user eg. user1, whose default tenant (project) is mybackup that was created in previous step. It is recommended to create a new user for each backup user.

Usage: keystone user-create --name <user-name> --tenant <tenant> --pass <user password> --email <user email>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-create --name user1 --tenant mybackup --pass abc123$% --email user1@abc.com
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |          user1@abc.com           |
| enabled  |               True               |
|    id    | df2a64b224ec4d298c4d32661738194d |
|   name   |              user1               |
| tenantId | b769bfb2de75490088d8af7b7483e8f8 |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


Please verify the user setup by the following command:

Usage: keystone user-list

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+------------+---------+------------------------+
|                id                |    name    | enabled |         email          |
+----------------------------------+------------+---------+------------------------+
| 70a0cf53001d4798b02aae61e935e5df |   admin    |   True  |     test@test.com      |
| 1b763f0cc253419597f7aae76041c39b |  alt_demo  |   True  |                        |
| 8d21745db067410ba44f11400adc8a50 | ceilometer |   True  |  ceilometer@localhost  |
| e370793a075148609116cc35ba01c216 |   cinder   |   True  |    cinder@localhost    |
| e7cc62d800f349fc92100521f184ccec |    demo    |   True  |                        |
| 30786a08d6004ab28556acae5ee20d56 |   glance   |   True  |    glance@localhost    |
| 578a16a390b14da3a9cf2f158535e353 |  neutron   |   True  |   neutron@localhost    |
| fd73f4613ed54710a82c6a90fbfb8ff8 |    nova    |   True  |     nova@localhost     |
| 516ea23e239d48cdba8708754e0115c1 |   swift    |   True  |    swift@localhost     |
| df2a64b224ec4d298c4d32661738194d |   user1    |   True  |     user1@abc.com      |
+----------------------------------+------------+---------+------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to update the user's password:

Usage: keystone user-password-update --pass <new password> <user>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-password-update --pass 123456 user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to update the user details:

Usage: keystone user-update --name <new user-name> --email <new email> --enabled <true|false> <existing-user>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-update --name user2 --email user2@abc.com --enabled true user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
User has been updated.
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to remove a user:

Usage: keystone user-delete <user>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-delete user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




Step 4: Create a user role for backup client and map a user to it

Map the user1 with the role created in previous step.

Usage: keystone user-role-add --user <user> --role <role> --tenant <tenant>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-add --user user1 --role mybackup-role --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


Please verify the role setup on user1 by the following command:

Usage: keystone user-role-list --user <user> --tenant <tenant>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-list --user user1 --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-------------+----------------------------------+----------------------------------+
|                id                |     name    |             user_id              |            tenant_id             |
+----------------------------------+-------------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab |   _member_  | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 |  
| 5973dc8f56b34c0ebc748c969b5ea20b |   mybackup  | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 |
+----------------------------------+-------------+----------------------------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to remove the assigned user role:

Usage: keystone user-role-remove --user <user> --role <role> --tenant <tenant>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-remove --user user1 --role mybackup-role --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




Step 5: Setup a container

Administrator is required to setup containers for different backup users to store their data. You are recommended to use the user name as the container name in the mybackup tenant (project), and grant read/write access of this container to this user. This is because, it simplifies the backup client destination setup for backup users.

Usage: swift post <container name> -r $OS_TENANT_NAME:<user> -w $OS_TENANT_NAME:<user>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post user1 -r $OS_TENANT_NAME:user1 -w $OS_TENANT_NAME:user1
[root@os ~]#
----------------------------------------------------------------------------------------------------


Please verify the container setup by the following command:

Usage: swift stat <user>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# swift stat user1
       Account: AUTH_49f2482ecff9431bae1d32fa2a004026
     Container: user1
       Objects: 0
         Bytes: 0
      Read ACL: mybackup:user1
     Write ACL: mybackup:user1
       Sync To:
      Sync Key:
 Accept-Ranges: bytes
   X-Timestamp: 1412578586.50844
  Content-Type: text/plain; charset=utf-8
[root@os ~]#
----------------------------------------------------------------------------------------------------


If you want to remove a container:

Usage: swift delete <container>

Example
----------------------------------------------------------------------------------------------------
[root@os ~]# swift delete user1
1390527034510/files/2014-10-21-12-00-00/437b40c7/5e7e48e1/_$folder$
1390527034510/files/2014-10-20-12-00-00/_$folder$
    :
    :
    :
  Trimmed
    :
    :
    :
----------------------------------------------------------------------------------------------------


Warning: Any files uploaded to this container will be removed. As there is no confirmation in the command line, please handle this command with care.





Related topics