This chapter will show you how to setup the storage quota in the OpenStack for your backup users.
If you are new to OpenStack, you should check with their documentation on general setup available at http://docs.openstack.org/
If you already have a running OpenStack, you can follow our steps to setup the storage quota.
Here are the OpenStack version used in the following examples:
Here are the values used in the following examples:
Note: The value of the Keystone admin token can be found in the variable name "admin_token" defined inside the keystone configuration file at /etc/keystone/keystone.conf .
Please setup the following variables in bash profile and filters in the proxy-server.conf before you setup a tenant (project), user, roles and storage quota etc.
Step 1: Add the environment variable in the .bash_profile---------------------------------------------------------------------------------------------------- : : Trimmed : : export OS_USERNAME=admin export OS_PASSWORD=admin export OS_TENANT_NAME=mybackup export OS_AUTH_URL=http://10.7.54.7:5000/v2.0 export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0 export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea : : Trimmed : : ----------------------------------------------------------------------------------------------------
Please login again for profile to take effect.
Note: The value of the OS_SERVICE_TOKEN can be found in the variable name "admin_token" defined inside the keystone configuration file at /etc/keystone/keystone.conf .
Edit the file proxy-server.conf , add the contents that are highlighted in red in the below example.
Example (/etc/swift/proxy-server.conf)---------------------------------------------------------------------------------------------------- : : : Trimmed : : : [pipeline:main] pipeline = healthcheck cache authtoken keystone container-quotas account-quotas proxy-server : : : Trimmed : : : [filter:keystone] use = egg:swift#keystoneauth operator_roles = admin, SwiftOperator, ResellerAdmin is_admin = true [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas ----------------------------------------------------------------------------------------------------
Restart the proxy service after you have modified the config file /etc/swift/proxy-server.conf .
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift-init proxy restart Signal proxy-server pid: 13453 signal: 15 proxy-server (13453) appears to have stopped Starting proxy-server...(/etc/swift/proxy-server.conf) WARNING: SSL should only be enabled for testing purposes. Use external SSL termination for a production deployment. [root@os ~]# ----------------------------------------------------------------------------------------------------
Create a role called ResellerAdmin for user that can change the quota of an account. You need to create a role with keystone and add this to your admin user.
Usage: keystone role-create --name <role-name>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-create --name ResellerAdmin WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 464e592192554bdd8201b367997886f1 | | name | ResellerAdmin | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the role setup by the following command:
Usage: keystone role-list
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+ | id | name | +----------------------------------+-----------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | | e34c3a339a924180b07e2099842c727f | SwiftOperator | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 3e61686683c94fd9a24beab378dfef81 | admin | +----------------------------------+-----------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove the role:
Usage: keystone role-delete <role>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-delete ResellerAdmin WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Usage: keystone user-role-add --user <user> --role <role> --tenant <tenant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-add --user admin --role ResellerAdmin --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the setup by the following command:
Usage: keystone user-role-list --user <user> --tenant <tenant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-list --user admin --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-----------------+----------------------------------+----------------------------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | 70a0cf53001d4798b02aae61e935e5df | 49f2482ecff9431bae1d32fa2a004026 | | 3e61686683c94fd9a24beab378dfef81 | admin | 70a0cf53001d4798b02aae61e935e5df | 49f2482ecff9431bae1d32fa2a004026 | +----------------------------------+-----------------+----------------------------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove the assigned role:
Usage: keystone user-role-remove --user <user> --role <role> --tentant <tentant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-remove --user admin --role ResellerAdmin --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
In this example, we will apply 10GB for this tenant (project). All containers within this project will share this quota.
Usage: swift post -m quota-bytes:<value>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift post -m quota-bytes:10737418240 [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the storage quota setup by the following command:
Usage: swift stat
Example
---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Containers: 4 Objects: 260 Bytes: 694896 Meta Quota-Bytes: 10737418240 X-Timestamp: 1412574345.10669 Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove a storage quota for this tenant (project):
Usage: swift post -m quota-bytes:
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift post -m quota-bytes: [root@os ~]# ----------------------------------------------------------------------------------------------------
To setup a storage quota for this user to use this container, eg: applying 2GB for user1
Usage: swift post <container name> -H "X-Container-Meta-Quota-Bytes: <size in bytes>"
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user1 -H "X-Container-Meta-Quota-Bytes: 2147483648" [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the container quota setup:
Usage: swift stat <container name>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat user1 Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Container: user1 Objects: 0 Bytes: 0 Read ACL: mybackup:user1 Write ACL: mybackup:user1 Sync To: Sync Key: Meta Quota-Bytes: 2147483648 Accept-Ranges: bytes X-Timestamp: 1412578586.50844 Content-Type: text/plain; charset=utf-8 [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove a storage quota for a user:
Usage: swift post <container name> -H "X-Container-Meta-Quota-Bytes:"
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user6 -H "X-Container-Meta-Quota-Bytes:" [root@os ~]# ----------------------------------------------------------------------------------------------------