本章將示範如何為你的備份用戶在 OpenStack 上設置 OpenStack 的儲存容器。
如果你未曾接觸過 OpenStack,你應該先參考他們在 http://docs.openstack.org/ 的常規設置文檔。
如果你已經有一個正在運行的 OpenStack,你可以按照我們的步驟來為你的備份用戶設置存儲。我們將指導你完成以下的步驟:
在完成這些步驟後,備份客戶端便能夠自動使用存儲容器。
這是在下列實例中使用的 OpenStack 版本:
這是在下列實例中使用的值 Here are the values used in the following examples:
注: Keystone admin 令牌的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的變量名 "admin_token" 找到。
請在安裝一個租戶(項目),用戶,角色和存儲配額等之前把下列的變量在 bash 配置文件中配置好。
在 .bash_profile 中添加環境變量
例如 (/root/.bash_profile)---------------------------------------------------------------------------------------------------- : : 修剪 : : export OS_USERNAME=admin export OS_PASSWORD=admin export OS_TENANT_NAME=mybackup export OS_AUTH_URL=http://10.7.54.7:5000/v2.0 export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0 export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea : : 修剪 : : ----------------------------------------------------------------------------------------------------
請重新登錄,配置文件方能生效。
注: OS_SERVICE_TOKEN 的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的變量名 "admin_token" 找到。
使用方法: keystone tenant-create --name <tenant-name> --description <tenant-description>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-create --name mybackup --description 'mybackup Project' WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | mybackup Project | | enabled | True | | id | b769bfb2de75490088d8af7b7483e8f8 | | name | mybackup | +-------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
請以下面的指令核實租戶(項目)的設置:
使用方法: keystone tenant-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+--------------------+---------+ | id | name | enabled | +----------------------------------+--------------------+---------+ | 6fe9e9d101df4b69944f7d4c40d15116 | admin | True | | 3880c8dbf75040e9b78a44b6becdcd78 | alt_demo | True | | b769bfb2de75490088d8af7b7483e8f8 | mybackup | True | | e43182f5ad57464e9d08052d872adf34 | demo | True | | ca35c74d6ec54dfabb0a1f9946d43da6 | services | True | +----------------------------------+--------------------+---------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想刪除一個租戶(項目):
使用方法: keystone tenant-delete <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-delete mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
警告: 由此租戶(項目)建立的所有對象都將被刪除;包括用戶,角色,存儲容器。由於指令執行時沒有確認訊息,請小心處理此指令。
為 "mybackup" 租戶建立一個名為 mybackup-role 的用戶角色。
使用方法: keystone role-create --name <role-name>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-create --name mybackup-role WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 5973dc8f56b34c0ebc748c969b5ea20b | | name | mybackup-role | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
請以下面的指令核實用戶角色的設置:
使用方法: keystone role-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+ | id | name | +----------------------------------+-----------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | | e34c3a339a924180b07e2099842c727f | SwiftOperator | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 3e61686683c94fd9a24beab378dfef81 | admin | | 5973dc8f56b34c0ebc748c969b5ea20b | mybackup-role | +----------------------------------+-----------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想刪除用戶角色:
使用方法: keystone role-delete <role>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-delete mybackup-role WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
建立一個新用戶,例如, user1,而其默認租戶(項目)已在上一步建立為 mybackup。 建議為每個備份用戶建立的新用戶。
使用方法: keystone user-create --name <user-name> --tenant <tenant> --pass <user password> --email <user email>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-create --name user1 --tenant mybackup --pass abc123$% --email user1@abc.com WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | user1@abc.com | | enabled | True | | id | df2a64b224ec4d298c4d32661738194d | | name | user1 | | tenantId | b769bfb2de75490088d8af7b7483e8f8 | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
請以下面的指令核實用戶的設置:
使用方法: keystone user-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+------------+---------+------------------------+ | id | name | enabled | email | +----------------------------------+------------+---------+------------------------+ | 70a0cf53001d4798b02aae61e935e5df | admin | True | test@test.com | | 1b763f0cc253419597f7aae76041c39b | alt_demo | True | | | 8d21745db067410ba44f11400adc8a50 | ceilometer | True | ceilometer@localhost | | e370793a075148609116cc35ba01c216 | cinder | True | cinder@localhost | | e7cc62d800f349fc92100521f184ccec | demo | True | | | 30786a08d6004ab28556acae5ee20d56 | glance | True | glance@localhost | | 578a16a390b14da3a9cf2f158535e353 | neutron | True | neutron@localhost | | fd73f4613ed54710a82c6a90fbfb8ff8 | nova | True | nova@localhost | | 516ea23e239d48cdba8708754e0115c1 | swift | True | swift@localhost | | df2a64b224ec4d298c4d32661738194d | user1 | True | user1@abc.com | +----------------------------------+------------+---------+------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想更新一個用戶的密碼:
使用方法: keystone user-password-update --pass <new password> <user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-password-update --pass 123456 user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想更新一個用戶資料:
使用方法: keystone user-update --name <new user-name> --email <new email> --enabled <true|false> <existing-user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-update --name user2 --email user2@abc.com --enabled true user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). User has been updated. [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想刪除一個用戶:
使用方法: keystone user-delete <user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-delete user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
映射 user1 於上一步中建立的角色。
使用方法: keystone user-role-add --user <user> --role <role> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-add --user user1 --role mybackup-role --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
請以下面的指令核實該用戶的角色設置:
使用方法: keystone user-role-list --user <user> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-list --user user1 --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------------+----------------------------------+----------------------------------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 | | 5973dc8f56b34c0ebc748c969b5ea20b | mybackup | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 | +----------------------------------+-------------+----------------------------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想刪除該用戶的角色:
使用方法: keystone user-role-remove --user <user> --role <role> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-remove --user user1 --role mybackup-role --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
管理員需要為不同的備份用戶建立存儲容器來存儲該用戶的數據。建議你使用用戶名稱為 mybackup 租戶(項目)的容器名稱,並授予該用戶可以在容器中有讀/寫權限。 這樣就簡化了備份用戶在備份客戶端存儲目標的設置。
使用方法: swift post <container name> -r $OS_TENANT_NAME:<user> -w $OS_TENANT_NAME:<user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user1 -r $OS_TENANT_NAME:user1 -w $OS_TENANT_NAME:user1 [root@os ~]# ----------------------------------------------------------------------------------------------------
請以下面的指令核實存儲容器設置:
使用方法: swift stat <user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat user1 Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Container: user1 Objects: 0 Bytes: 0 Read ACL: mybackup:user1 Write ACL: mybackup:user1 Sync To: Sync Key: Accept-Ranges: bytes X-Timestamp: 1412578586.50844 Content-Type: text/plain; charset=utf-8 [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想刪除一個存儲容器:
使用方法: swift delete <container>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift delete user1 1390527034510/files/2014-10-21-12-00-00/437b40c7/5e7e48e1/_$folder$ 1390527034510/files/2014-10-20-12-00-00/_$folder$ : : : 修剪 : : : ----------------------------------------------------------------------------------------------------
警告:上傳到這個存儲容器中的所有檔案將被刪除。由於指令執行時沒有確認訊息,請小心處理此指令。