本章将示範如何为你的备份用户在 OpenStack 上设置 OpenStack 的储存配额。
如果你未曾接触过 OpenStack,你应该先参考他们在 http://docs.openstack.org/ 的常规设置文档。
如果你已经有一个正在运行的 OpenStack,你可以按照我们的步骤来设置储存限额。
这是在下列实例中使用的 OpenStack 版本:
这是在下列实例中使用的值:
注: Keystone admin 令牌的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的变量名 "admin_token" 找到。
请在安装一个租户(项目),用户,角色和存储配额等之前把下列的变量在 bash 配置文件及 proxy-server.conf 中的过滤器配置好。
步骤 1: 在 .bash_profile 中添加环境变量---------------------------------------------------------------------------------------------------- : : 修剪 : : export OS_USERNAME=admin export OS_PASSWORD=admin export OS_TENANT_NAME=mybackup export OS_AUTH_URL=http://10.7.54.7:5000/v2.0 export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0 export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea : : 修剪 : : ----------------------------------------------------------------------------------------------------
请重新登录,配置文件方能生效。
注: OS_SERVICE_TOKEN 的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的变量名 "admin_token" 找到。
在 proxy-server.conf 中编辑文件,添加在下面以 红色 的例子。
例如 (/etc/swift/proxy-server.conf)---------------------------------------------------------------------------------------------------- : : : 修剪 : : : [pipeline:main] pipeline = healthcheck cache authtoken keystone container-quotas account-quotas proxy-server : : : 修剪 : : : [filter:keystone] use = egg:swift#keystoneauth operator_roles = admin, SwiftOperator, ResellerAdmin is_admin = true [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas ----------------------------------------------------------------------------------------------------
修改配置文件 /etc/swift/proxy-server.conf 後,重新启动代理服务
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift-init proxy restart Signal proxy-server pid: 13453 signal: 15 proxy-server (13453) appears to have stopped Starting proxy-server...(/etc/swift/proxy-server.conf) WARNING: SSL should only be enabled for testing purposes. Use external SSL termination for a production deployment. [root@os ~]# ----------------------------------------------------------------------------------------------------
建立一个名为 ResellerAdmin 的用户,以改变帐户配额之用。你需要用 keystone 来建立一个角色,并添加到你的管理员用户。
使用方法: keystone role-create --name <role-name>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-create --name ResellerAdmin WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 464e592192554bdd8201b367997886f1 | | name | ResellerAdmin | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实用户角色的设置:
使用方法: keystone role-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+ | id | name | +----------------------------------+-----------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | | e34c3a339a924180b07e2099842c727f | SwiftOperator | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 3e61686683c94fd9a24beab378dfef81 | admin | +----------------------------------+-----------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除用户角色:
使用方法: keystone role-delete <role>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-delete ResellerAdmin WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
使用方法: keystone user-role-add --user <user> --role <role> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-add --user admin --role ResellerAdmin --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实设置:
使用方法: keystone user-role-list --user <user> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-list --user admin --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-----------------+----------------------------------+----------------------------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | 70a0cf53001d4798b02aae61e935e5df | 49f2482ecff9431bae1d32fa2a004026 | | 3e61686683c94fd9a24beab378dfef81 | admin | 70a0cf53001d4798b02aae61e935e5df | 49f2482ecff9431bae1d32fa2a004026 | +----------------------------------+-----------------+----------------------------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除授予的角色:
使用方法: keystone user-role-remove --user <user> --role <role> --tentant <tentant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-remove --user admin --role ResellerAdmin --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
在这个例子中,我们将套用10GB於这个租户(项目)。该项目中的所有容器将分享这一个配额。
使用方法: swift post -m quota-bytes:<value>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift post -m quota-bytes:10737418240 [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实存储配额的设置:
使用方法: swift stat
例如
---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Containers: 4 Objects: 260 Bytes: 694896 Meta Quota-Bytes: 10737418240 X-Timestamp: 1412574345.10669 Content-Type: text/plain; charset=utf-8 Accept-Ranges: bytes [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除这个租户(项目)的存储配额:
使用方法: swift post -m quota-bytes:
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift post -m quota-bytes: [root@os ~]# ----------------------------------------------------------------------------------------------------
为此用户使用此容器时设置存储配额,如: 套用 2GB 到 user1
使用方法: swift post <container name> -H "X-Container-Meta-Quota-Bytes: <size in bytes>"
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user1 -H "X-Container-Meta-Quota-Bytes: 2147483648" [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实存储配额的设置:
使用方法: swift stat <container name>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat user1 Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Container: user1 Objects: 0 Bytes: 0 Read ACL: mybackup:user1 Write ACL: mybackup:user1 Sync To: Sync Key: Meta Quota-Bytes: 2147483648 Accept-Ranges: bytes X-Timestamp: 1412578586.50844 Content-Type: text/plain; charset=utf-8 [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除这个用户的存储配额:
使用方法: swift post <container name> -H "X-Container-Meta-Quota-Bytes:"
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user6 -H "X-Container-Meta-Quota-Bytes:" [root@os ~]# ----------------------------------------------------------------------------------------------------