本章将示範如何为你的备份用户在 OpenStack 上设置 OpenStack 的储存容器。
如果你未曾接触过 OpenStack,你应该先参考他们在 http://docs.openstack.org/ 的常规设置文档。
如果你已经有一个正在运行的 OpenStack,你可以按照我们的步骤来为你的备份用户设置存储。我们将指导你完成以下的步骤:
在完成这些步骤後,备份客户端便能够自动使用存储容器。
这是在下列实例中使用的 OpenStack 版本:
这是在下列实例中使用的值 Here are the values used in the following examples:
注: Keystone admin 令牌的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的变量名 "admin_token" 找到。
请在安装一个租户(项目),用户,角色和存储配额等之前把下列的变量在 bash 配置文件中配置好。
在 .bash_profile 中添加环境变量
例如 (/root/.bash_profile)---------------------------------------------------------------------------------------------------- : : 修剪 : : export OS_USERNAME=admin export OS_PASSWORD=admin export OS_TENANT_NAME=mybackup export OS_AUTH_URL=http://10.7.54.7:5000/v2.0 export OS_SERVICE_ENDPOINT=http://10.7.54.7:35357/v2.0 export OS_SERVICE_TOKEN=7b05dab9722d44e7b9a82dc0d1ff74ea : : 修剪 : : ----------------------------------------------------------------------------------------------------
请重新登录,配置文件方能生效。
注: OS_SERVICE_TOKEN 的值可以在 Keystone 配置文件 /etc/keystone/keystone.conf 中的变量名 "admin_token" 找到。
使用方法: keystone tenant-create --name <tenant-name> --description <tenant-description>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-create --name mybackup --description 'mybackup Project' WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | mybackup Project | | enabled | True | | id | b769bfb2de75490088d8af7b7483e8f8 | | name | mybackup | +-------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实租户(项目)的设置:
使用方法: keystone tenant-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+--------------------+---------+ | id | name | enabled | +----------------------------------+--------------------+---------+ | 6fe9e9d101df4b69944f7d4c40d15116 | admin | True | | 3880c8dbf75040e9b78a44b6becdcd78 | alt_demo | True | | b769bfb2de75490088d8af7b7483e8f8 | mybackup | True | | e43182f5ad57464e9d08052d872adf34 | demo | True | | ca35c74d6ec54dfabb0a1f9946d43da6 | services | True | +----------------------------------+--------------------+---------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除一个租户(项目):
使用方法: keystone tenant-delete <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone tenant-delete mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
警告: 由此租户(项目)建立的所有对象都将被删除;包括用户,角色,存储容器。由於指令执行时没有确认讯息,请小心处理此指令。
为 "mybackup" 租户建立一个名为 mybackup-role 的用户角色。
使用方法: keystone role-create --name <role-name>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-create --name mybackup-role WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 5973dc8f56b34c0ebc748c969b5ea20b | | name | mybackup-role | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实用户角色的设置:
使用方法: keystone role-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-----------------+ | id | name | +----------------------------------+-----------------+ | 464e592192554bdd8201b367997886f1 | ResellerAdmin | | e34c3a339a924180b07e2099842c727f | SwiftOperator | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 3e61686683c94fd9a24beab378dfef81 | admin | | 5973dc8f56b34c0ebc748c969b5ea20b | mybackup-role | +----------------------------------+-----------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除用户角色:
使用方法: keystone role-delete <role>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone role-delete mybackup-role WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
建立一个新用户,例如, user1,而其默认租户(项目)已在上一步建立为 mybackup。 建议为每个备份用户建立的新用户。
使用方法: keystone user-create --name <user-name> --tenant <tenant> --pass <user password> --email <user email>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-create --name user1 --tenant mybackup --pass abc123$% --email user1@abc.com WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | user1@abc.com | | enabled | True | | id | df2a64b224ec4d298c4d32661738194d | | name | user1 | | tenantId | b769bfb2de75490088d8af7b7483e8f8 | +----------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实用户的设置:
使用方法: keystone user-list
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+------------+---------+------------------------+ | id | name | enabled | email | +----------------------------------+------------+---------+------------------------+ | 70a0cf53001d4798b02aae61e935e5df | admin | True | test@test.com | | 1b763f0cc253419597f7aae76041c39b | alt_demo | True | | | 8d21745db067410ba44f11400adc8a50 | ceilometer | True | ceilometer@localhost | | e370793a075148609116cc35ba01c216 | cinder | True | cinder@localhost | | e7cc62d800f349fc92100521f184ccec | demo | True | | | 30786a08d6004ab28556acae5ee20d56 | glance | True | glance@localhost | | 578a16a390b14da3a9cf2f158535e353 | neutron | True | neutron@localhost | | fd73f4613ed54710a82c6a90fbfb8ff8 | nova | True | nova@localhost | | 516ea23e239d48cdba8708754e0115c1 | swift | True | swift@localhost | | df2a64b224ec4d298c4d32661738194d | user1 | True | user1@abc.com | +----------------------------------+------------+---------+------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想更新一个用户的密码:
使用方法: keystone user-password-update --pass <new password> <user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-password-update --pass 123456 user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想更新一个用户资料:
使用方法: keystone user-update --name <new user-name> --email <new email> --enabled <true|false> <existing-user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-update --name user2 --email user2@abc.com --enabled true user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). User has been updated. [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除一个用户:
使用方法: keystone user-delete <user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-delete user1 WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
映射 user1 於上一步中建立的角色。
使用方法: keystone user-role-add --user <user> --role <role> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-add --user user1 --role mybackup-role --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实该用户的角色设置:
使用方法: keystone user-role-list --user <user> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-list --user user1 --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+-------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------------+----------------------------------+----------------------------------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 | | 5973dc8f56b34c0ebc748c969b5ea20b | mybackup | df2a64b224ec4d298c4d32661738194d | b769bfb2de75490088d8af7b7483e8f8 | +----------------------------------+-------------+----------------------------------+----------------------------------+ [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除该用户的角色:
使用方法: keystone user-role-remove --user <user> --role <role> --tenant <tenant>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# keystone user-role-remove --user user1 --role mybackup-role --tenant mybackup WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). [root@os ~]# ----------------------------------------------------------------------------------------------------
管理员需要为不同的备份用户建立存储容器来存储该用户的数据。建议你使用用户名称为 mybackup 租户(项目)的容器名称,并授予该用户可以在容器中有读/写权限。 这样就简化了备份用户在备份客户端存储目标的设置。
使用方法: swift post <container name> -r $OS_TENANT_NAME:<user> -w $OS_TENANT_NAME:<user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift post user1 -r $OS_TENANT_NAME:user1 -w $OS_TENANT_NAME:user1 [root@os ~]# ----------------------------------------------------------------------------------------------------
请以下面的指令核实存储容器设置:
使用方法: swift stat <user>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift stat user1 Account: AUTH_49f2482ecff9431bae1d32fa2a004026 Container: user1 Objects: 0 Bytes: 0 Read ACL: mybackup:user1 Write ACL: mybackup:user1 Sync To: Sync Key: Accept-Ranges: bytes X-Timestamp: 1412578586.50844 Content-Type: text/plain; charset=utf-8 [root@os ~]# ----------------------------------------------------------------------------------------------------
如果你想删除一个存储容器:
使用方法: swift delete <container>
例如---------------------------------------------------------------------------------------------------- [root@os ~]# swift delete user1 1390527034510/files/2014-10-21-12-00-00/437b40c7/5e7e48e1/_$folder$ 1390527034510/files/2014-10-20-12-00-00/_$folder$ : : : 修剪 : : : ----------------------------------------------------------------------------------------------------
警告:上传到这个存储容器中的所有档案将被删除。由於指令执行时没有确认讯息,请小心处理此指令。