This chapter will show you how to setup the storage in the OpenStack for your backup users to backup on OpenStack storage container.
If you are new to OpenStack, you should check with their documentation on general setup available at http://docs.openstack.org/
If you already have a running OpenStack, you can follow our steps to setup the storage for your backup users. Our steps will guide you to complete the followings:
After you have completed these steps, the backup client will be able to use the containers automatically.
Here are the OpenStack version used in the following examples:
Here are the values used in the following examples:
Note: The value of the Keystone admin token can be found in the variable name "admin_token" defined inside the keystone configuration file at /etc/keystone/keystone.conf .
Please setup the following variables in bash profile before you setup a tenant (project), user, roles and storage quota etc.
Add the environment variable in the .bash_profile
Example (/root/.bash_profile)---------------------------------------------------------------------------------------------------- : : Trimmed : : export OS_USERNAME=admin export OS_PASSWORD=admin export OS_TENANT_NAME=mybackup export OS_AUTH_URL=http://10.7.54.7:5000/v2.0 export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0 export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea : : Trimmed : : ----------------------------------------------------------------------------------------------------
Please login again for profile to take effect.
Note: The value of the OS_SERVICE_TOKEN can be found in the variable name "admin_token" defined inside the keystone configuration file at /etc/keystone/keystone.conf .
Usage: keystone tenant-create --name <tenant-name> --description <tenant-description>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-create --name mybackup --description 'mybackup Project' WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | mybackup Project | | enabled | True | | id | b769bfb2de75490088d8af7b7483e8f8 | | name | mybackup | +-------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the tenant (project) setup by the following command:
Usage: keystone tenant-list
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+--------------------+---------+ | id | name | enabled | +----------------------------------+--------------------+---------+ | 6fe9e9d101df4b69944f7d4c40d15116 | admin | True | | 3880c8dbf75040e9b78a44b6becdcd78 | alt_demo | True | | b769bfb2de75490088d8af7b7483e8f8 | mybackup | True | | e43182f5ad57464e9d08052d872adf34 | demo | True | | ca35c74d6ec54dfabb0a1f9946d43da6 | services | True | +----------------------------------+--------------------+---------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove a tenant (project):
Usage: keystone tenant-delete <tenant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-delete mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Warning: Any objects created under this tenant (project) will be removed; including users, roles, container storages. As there is no confirmation in the command line, please handle this command with care.
Create a role called mybackup-role for all users who use the "mybackup" tenant.
Usage: keystone role-create --name <role-name>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-create --name mybackup-role WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 5973dc8f56b34c0ebc748c969b5ea20b | | name | mybackup-role | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the role setup by the following command:
Usage: keystone role-list
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+ | id | name | +----------------------------------+-----------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | | e34c3a339a924180b07e2099842c727f | SwiftOperator | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 3e61686683c94fd9a24beab378dfef81 | admin | | 5973dc8f56b34c0ebc748c969b5ea20b | mybackup-role | +----------------------------------+-----------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove the role:
Usage: keystone role-delete <role>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-delete mybackup-role WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Create a new user eg. user1, whose default tenant (project) is mybackup that was created in previous step. It is recommended to create a new user for each backup user.
Usage: keystone user-create --name <user-name> --tenant <tenant> --pass <user password> --email <user email>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-create --name user1 --tenant mybackup --pass abc123$% --email user1@abc.com WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | user1@abc.com | | enabled | True | | id | df2a64b224ec4d298c4d32661738194d | | name | user1 | | tenantId | b769bfb2de75490088d8af7b7483e8f8 | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the user setup by the following command:
Usage: keystone user-list
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+------------+---------+------------------------+ | id | name | enabled | email | +----------------------------------+------------+---------+------------------------+ | 70a0cf53001d4798b02aae61e935e5df | admin | True | test@test.com | | 1b763f0cc253419597f7aae76041c39b | alt_demo | True | | | 8d21745db067410ba44f11400adc8a50 | ceilometer | True | ceilometer@localhost | | e370793a075148609116cc35ba01c216 | cinder | True | cinder@localhost | | e7cc62d800f349fc92100521f184ccec | demo | True | | | 30786a08d6004ab28556acae5ee20d56 | glance | True | glance@localhost | | 578a16a390b14da3a9cf2f158535e353 | neutron | True | neutron@localhost | | fd73f4613ed54710a82c6a90fbfb8ff8 | nova | True | nova@localhost | | 516ea23e239d48cdba8708754e0115c1 | swift | True | swift@localhost | | df2a64b224ec4d298c4d32661738194d | user1 | True | user1@abc.com | +----------------------------------+------------+---------+------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to update the user's password:
Usage: keystone user-password-update --pass <new password> <user>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-password-update --pass 123456 user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to update the user details:
Usage: keystone user-update --name <new user-name> --email <new email> --enabled <true|false> <existing-user>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-update --name user2 --email user2@abc.com --enabled true user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). User has been updated. [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove a user:
Usage: keystone user-delete <user>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-delete user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Map the user1 with the role created in previous step.
Usage: keystone user-role-add --user <user> --role <role> --tenant <tenant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-add --user user1 --role mybackup-role --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the role setup on user1 by the following command:
Usage: keystone user-role-list --user <user> --tenant <tenant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-list --user user1 --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------------+----------------------------------+----------------------------------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 | | 5973dc8f56b34c0ebc748c969b5ea20b | mybackup | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 | +----------------------------------+-------------+----------------------------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove the assigned user role:
Usage: keystone user-role-remove --user <user> --role <role> --tenant <tenant>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-remove --user user1 --role mybackup-role --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
Administrator is required to setup containers for different backup users to store their data. You are recommended to use the user name as the container name in the mybackup tenant (project), and grant read/write access of this container to this user. This is because, it simplifies the backup client destination setup for backup users.
Usage: swift post <container name> -r $OS_TENANT_NAME:<user> -w $OS_TENANT_NAME:<user>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user1 -r $OS_TENANT_NAME:user1 -w $OS_TENANT_NAME:user1 [root@os ~]# ----------------------------------------------------------------------------------------------------
Please verify the container setup by the following command:
Usage: swift stat <user>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat user1 Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Container: user1 Objects: 0 Bytes: 0 Read ACL: mybackup:user1 Write ACL: mybackup:user1 Sync To: Sync Key: Accept-Ranges: bytes X-Timestamp: 1412578586.50844 Content-Type: text/plain; charset=utf-8 [root@os ~]# ----------------------------------------------------------------------------------------------------
If you want to remove a container:
Usage: swift delete <container>
Example---------------------------------------------------------------------------------------------------- [root@os ~]# swift delete user1 1390527034510/files/2014-10-21-12-00-00/437b40c7/5e7e48e1/_$folder$ 1390527034510/files/2014-10-20-12-00-00/_$folder$ : : : Trimmed : : : ----------------------------------------------------------------------------------------------------
Warning: Any files uploaded to this container will be removed. As there is no confirmation in the command line, please handle this command with care.