如何為你的備份用戶設置 OpenStack 儲存?

簡介:

本章將示範如何為你的備份用戶在 OpenStack 上設置 OpenStack 的儲存容器。

如果你未曾接觸過 OpenStack,你應該先參考他們在 http://docs.openstack.org/ 的常規設置文檔。

如果你已經有一個正在運行的 OpenStack,你可以按照我們的步驟來為你的備份用戶設置存儲。我們將指導你完成以下的步驟:

在完成這些步驟後,備份客戶端便能夠自動使用存儲容器。



假設:

這是在下列實例中使用的 OpenStack 版本:


這是在下列實例中使用的值 Here are the values used in the following examples:


注: Keystone admin 令牌的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的變量名 "admin_token" 找到。



要求和準備:

請在安裝一個租戶(項目),用戶,角色和存儲配額等之前把下列的變量在 bash 配置文件中配置好。

在 .bash_profile 中添加環境變量

例如 (/root/.bash_profile)
----------------------------------------------------------------------------------------------------
    :
    :
  修剪
    :
    :
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=mybackup
export OS_AUTH_URL=http://10.7.54.7:5000/v2.0
export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0
export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea
    :
    :
  修剪
    :
    :
----------------------------------------------------------------------------------------------------

請重新登錄,配置文件方能生效。

注: OS_SERVICE_TOKEN 的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的變量名 "admin_token" 找到。



配置:

步驟 1: 為 "mybackup" 建立一個租戶(項目)

使用方法: keystone tenant-create --name <tenant-name> --description <tenant-description>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-create --name mybackup --description 'mybackup Project'
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |        mybackup Project          |
|   enabled   |               True               |
|      id     | b769bfb2de75490088d8af7b7483e8f8 |
|     name    |             mybackup             |
+-------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實租戶(項目)的設置:

使用方法: keystone tenant-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+--------------------+---------+
|                id                |        name        | enabled |
+----------------------------------+--------------------+---------+
| 6fe9e9d101df4b69944f7d4c40d15116 |       admin        |   True  |
| 3880c8dbf75040e9b78a44b6becdcd78 |      alt_demo      |   True  |
| b769bfb2de75490088d8af7b7483e8f8 |      mybackup      |   True  |
| e43182f5ad57464e9d08052d872adf34 |        demo        |   True  |
| ca35c74d6ec54dfabb0a1f9946d43da6 |      services      |   True  |
+----------------------------------+--------------------+---------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除一個租戶(項目):

使用方法: keystone tenant-delete <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone tenant-delete mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------

警告: 由此租戶(項目)建立的所有對象都將被刪除;包括用戶,角色,存儲容器。由於指令執行時沒有確認訊息,請小心處理此指令。





步驟 2: 用戶角色

為 "mybackup" 租戶建立一個名為 mybackup-role 的用戶角色。

使用方法: keystone role-create --name <role-name>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-create --name mybackup-role 
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 5973dc8f56b34c0ebc748c969b5ea20b |
|   name   |          mybackup-role           |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實用戶角色的設置:

使用方法: keystone role-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-----------------+
|                id                |       name      |
+----------------------------------+-----------------+
| 464e592192554bdd8201b367997886f1 |  ResellerAdmin  |
| e34c3a339a924180b07e2099842c727f |  SwiftOperator  |
| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_    |
| 3e61686683c94fd9a24beab378dfef81 |      admin      |
| 5973dc8f56b34c0ebc748c969b5ea20b |  mybackup-role  |
+----------------------------------+-----------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除用戶角色:

使用方法: keystone role-delete <role>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-delete mybackup-role
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




步驟 3: 建立一個新用戶

建立一個新用戶,例如, user1,而其默認租戶(項目)已在上一步建立為 mybackup。 建議為每個備份用戶建立的新用戶。

使用方法: keystone user-create --name <user-name> --tenant <tenant> --pass <user password> --email <user email>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-create --name user1 --tenant mybackup --pass abc123$% --email user1@abc.com
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |          user1@abc.com           |
| enabled  |               True               |
|    id    | df2a64b224ec4d298c4d32661738194d |
|   name   |              user1               |
| tenantId | b769bfb2de75490088d8af7b7483e8f8 |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實用戶的設置:

使用方法: keystone user-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+------------+---------+------------------------+
|                id                |    name    | enabled |         email          |
+----------------------------------+------------+---------+------------------------+
| 70a0cf53001d4798b02aae61e935e5df |   admin    |   True  |     test@test.com      |
| 1b763f0cc253419597f7aae76041c39b |  alt_demo  |   True  |                        |
| 8d21745db067410ba44f11400adc8a50 | ceilometer |   True  |  ceilometer@localhost  |
| e370793a075148609116cc35ba01c216 |   cinder   |   True  |    cinder@localhost    |
| e7cc62d800f349fc92100521f184ccec |    demo    |   True  |                        |
| 30786a08d6004ab28556acae5ee20d56 |   glance   |   True  |    glance@localhost    |
| 578a16a390b14da3a9cf2f158535e353 |  neutron   |   True  |   neutron@localhost    |
| fd73f4613ed54710a82c6a90fbfb8ff8 |    nova    |   True  |     nova@localhost     |
| 516ea23e239d48cdba8708754e0115c1 |   swift    |   True  |    swift@localhost     |
| df2a64b224ec4d298c4d32661738194d |   user1    |   True  |     user1@abc.com      |
+----------------------------------+------------+---------+------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想更新一個用戶的密碼:

使用方法: keystone user-password-update --pass <new password> <user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-password-update --pass 123456 user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想更新一個用戶資料:

使用方法: keystone user-update --name <new user-name> --email <new email> --enabled <true|false> <existing-user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-update --name user2 --email user2@abc.com --enabled true user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
User has been updated.
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除一個用戶:

使用方法: keystone user-delete <user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-delete user1
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




步驟 4: 為備份客戶端建立一個用戶的角色並映射用戶到備份客戶端

映射 user1 於上一步中建立的角色。

使用方法: keystone user-role-add --user <user> --role <role> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-add --user user1 --role mybackup-role --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實該用戶的角色設置:

使用方法: keystone user-role-list --user <user> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-list --user user1 --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-------------+----------------------------------+----------------------------------+
|                id                |     name    |             user_id              |            tenant_id             |
+----------------------------------+-------------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab |   _member_  | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 |  
| 5973dc8f56b34c0ebc748c969b5ea20b |   mybackup  | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 |
+----------------------------------+-------------+----------------------------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除該用戶的角色:

使用方法: keystone user-role-remove --user <user> --role <role> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-remove --user user1 --role mybackup-role --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------




步驟 5: 建立存儲容器

管理員需要為不同的備份用戶建立存儲容器來存儲該用戶的數據。建議你使用用戶名稱為 mybackup 租戶(項目)的容器名稱,並授予該用戶可以在容器中有讀/寫權限。 這樣就簡化了備份用戶在備份客戶端存儲目標的設置。

使用方法: swift post <container name> -r $OS_TENANT_NAME:<user> -w $OS_TENANT_NAME:<user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post user1 -r $OS_TENANT_NAME:user1 -w $OS_TENANT_NAME:user1
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實存儲容器設置:

使用方法: swift stat <user>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift stat user1
       Account: AUTH_49f2482ecff9431bae1d32fa2a004026
     Container: user1
       Objects: 0
         Bytes: 0
      Read ACL: mybackup:user1
     Write ACL: mybackup:user1
       Sync To:
      Sync Key:
 Accept-Ranges: bytes
   X-Timestamp: 1412578586.50844
  Content-Type: text/plain; charset=utf-8
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除一個存儲容器:

使用方法: swift delete <container>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift delete user1
1390527034510/files/2014-10-21-12-00-00/437b40c7/5e7e48e1/_$folder$
1390527034510/files/2014-10-20-12-00-00/_$folder$
    :
    :
    :
  修剪
    :
    :
    :
----------------------------------------------------------------------------------------------------

警告:上傳到這個存儲容器中的所有檔案將被刪除。由於指令執行時沒有確認訊息,請小心處理此指令。





相關主題