如何為你的 OpenStack 租戶(項目) 及用戶設置儲存配額?

簡介:

本章將示範如何為你的備份用戶在 OpenStack 上設置 OpenStack 的儲存配額。

如果你未曾接觸過 OpenStack,你應該先參考他們在 http://docs.openstack.org/ 的常規設置文檔。

如果你已經有一個正在運行的 OpenStack,你可以按照我們的步驟來設置儲存限額。



假設:

這是在下列實例中使用的 OpenStack 版本:


這是在下列實例中使用的值:


注: Keystone admin 令牌的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的變量名 "admin_token" 找到。



要求和準備:

請在安裝一個租戶(項目),用戶,角色和存儲配額等之前把下列的變量在 bash 配置文件及 proxy-server.conf 中的過濾器配置好。

步驟 1: 在 .bash_profile 中添加環境變量

例如 (/root/.bash_profile)
----------------------------------------------------------------------------------------------------
    :
    :
  修剪
    :
    :
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=mybackup
export OS_AUTH_URL=http://10.7.54.7:5000/v2.0
export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0
export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea
    :
    :
  修剪
    :
    :
----------------------------------------------------------------------------------------------------

請重新登錄,配置文件方能生效。

注: OS_SERVICE_TOKEN 的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的變量名 "admin_token" 找到。



步驟 2: 在 swift-proxy (/etc/swift/proxy-server.conf) 內啟用配額限制

在 proxy-server.conf 中編輯文件,添加在下面以 紅色 的例子。

例如 (/etc/swift/proxy-server.conf)
----------------------------------------------------------------------------------------------------
    :
    :
    :
  修剪
    :
    :
    :

[pipeline:main]
pipeline = healthcheck cache authtoken keystone container-quotas account-quotas proxy-server

    :
    :
    :
  修剪
    :
    :
    :

[filter:keystone]
use = egg:swift#keystoneauth
operator_roles = admin, SwiftOperator, ResellerAdmin
is_admin = true

[filter:container-quotas]
use = egg:swift#container_quotas

[filter:account-quotas]
use = egg:swift#account_quotas
----------------------------------------------------------------------------------------------------


步驟 3: 重新啟動代理服務

修改配置文件 /etc/swift/proxy-server.conf 後,重新啟動代理服務

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift-init proxy restart
Signal proxy-server  pid: 13453  signal: 15
proxy-server (13453) appears to have stopped
Starting proxy-server...(/etc/swift/proxy-server.conf)
WARNING: SSL should only be enabled for testing purposes. Use external SSL termination for a production deployment.

[root@os ~]#
----------------------------------------------------------------------------------------------------


步驟 4: 建立 ResellerAdmin 角色

建立一個名為 ResellerAdmin 的用戶,以改變帳戶配額之用。你需要用 keystone 來建立一個角色,並添加到你的管理員用戶。

使用方法: keystone role-create --name <role-name>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-create --name ResellerAdmin 
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 464e592192554bdd8201b367997886f1 |
|   name   |          ResellerAdmin           |
+----------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實用戶角色的設置:

使用方法: keystone role-list

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-----------------+
|                id                |       name      |
+----------------------------------+-----------------+
| 464e592192554bdd8201b367997886f1 |  ResellerAdmin  |
| e34c3a339a924180b07e2099842c727f |  SwiftOperator  |
| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_    |
| 3e61686683c94fd9a24beab378dfef81 |      admin      |
+----------------------------------+-----------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除用戶角色:

使用方法: keystone role-delete <role>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone role-delete ResellerAdmin
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


步驟 5: 授予 admin 擁有 ResellerAdmin 的角色

使用方法: keystone user-role-add --user <user> --role <role> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-add --user admin --role ResellerAdmin --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實設置:

使用方法: keystone user-role-list --user <user> --tenant <tenant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-list --user admin --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+-----------------+----------------------------------+----------------------------------+
|                id                |       name      |             user_id              |            tenant_id             |
+----------------------------------+-----------------+----------------------------------+----------------------------------+
| 464e592192554bdd8201b367997886f1 |  ResellerAdmin  | 70a0cf53001d4798b02aae61e935e5df | 49f2482ecff9431bae1d32fa2a004026 |
| 3e61686683c94fd9a24beab378dfef81 |      admin      | 70a0cf53001d4798b02aae61e935e5df | 49f2482ecff9431bae1d32fa2a004026 |
+----------------------------------+-----------------+----------------------------------+----------------------------------+
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除授予的角色:

使用方法: keystone user-role-remove --user <user> --role <role> --tentant <tentant>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# keystone user-role-remove --user admin --role ResellerAdmin --tenant mybackup
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
[root@os ~]#
----------------------------------------------------------------------------------------------------


步驟 6: 為這個租戶(項目)設置存儲配額:

在這個例子中,我們將套用10GB於這個租戶(項目)。該項目中的所有容器將分享這一個配額。

使用方法: swift post -m quota-bytes:<value>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post -m quota-bytes:10737418240
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實存儲配額的設置:

使用方法: swift stat

例如

----------------------------------------------------------------------------------------------------
[root@os ~]# swift stat
       Account: AUTH_49f2482ecff9431bae1d32fa2a004026
    Containers: 4
       Objects: 260
         Bytes: 694896
Meta Quota-Bytes: 10737418240
   X-Timestamp: 1412574345.10669
  Content-Type: text/plain; charset=utf-8
 Accept-Ranges: bytes
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除這個租戶(項目)的存儲配額:

使用方法: swift post -m quota-bytes:

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post -m quota-bytes:
[root@os ~]# 
----------------------------------------------------------------------------------------------------


步驟 7: 為此存儲容器設置存儲配額

為此用戶使用此容器時設置存儲配額,如: 套用 2GB 到 user1

使用方法: swift post <container name> -H "X-Container-Meta-Quota-Bytes: <size in bytes>"

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post user1 -H "X-Container-Meta-Quota-Bytes: 2147483648"
[root@os ~]#
----------------------------------------------------------------------------------------------------


請以下面的指令核實存儲配額的設置:

使用方法: swift stat <container name>

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift stat user1
       Account: AUTH_49f2482ecff9431bae1d32fa2a004026
     Container: user1
       Objects: 0
         Bytes: 0
      Read ACL: mybackup:user1
     Write ACL: mybackup:user1
       Sync To:
      Sync Key:
Meta Quota-Bytes: 2147483648
 Accept-Ranges: bytes
   X-Timestamp: 1412578586.50844
  Content-Type: text/plain; charset=utf-8
[root@os ~]#
----------------------------------------------------------------------------------------------------


如果你想刪除這個用戶的存儲配額:

使用方法: swift post <container name> -H "X-Container-Meta-Quota-Bytes:"

例如
----------------------------------------------------------------------------------------------------
[root@os ~]# swift post user6 -H "X-Container-Meta-Quota-Bytes:"
[root@os ~]#
----------------------------------------------------------------------------------------------------