Install from source¶
This section describes how to install and configure the Data Protection service from source.
Prerequisites¶
Before you install and configure Data Protection service, you must create a database, service credentials, and API endpoints. Data Protection service also requires additional information in the Identity service.
To create the database, complete these steps:
Use the database access client to connect to the database server as the
rootuser:$ mysql -u root -pCreate the
karbordatabase:CREATE DATABASE karbor;Grant proper access to the
karbordatabase:GRANT ALL PRIVILEGES ON karbor.* TO 'karbor'@'localhost' IDENTIFIED BY 'KARBOR_DBPASS'; GRANT ALL PRIVILEGES ON karbor.* TO 'karbor'@'%' IDENTIFIED BY 'KARBOR_DBPASS';
Replace
KARBOR_DBPASSwith a suitable password.Exit the database access client.
Source the
admincredentials to gain access to admin-only CLI commands:$ . admin-openrcTo create the service credentials, complete these steps:
Create the
karboruser:$ openstack user create --domain default --password-prompt karbor User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | e0353a670a9e496da891347c589539e9 | | enabled | True | | id | ca2e175b851943349be29a328cc5e360 | | name | karbor | +-----------+----------------------------------+
Add the
adminrole to thekarboruser:$ openstack role add --project service --user karbor adminNote
This command provides no output.
Create the
karborservice entities:$ openstack service create --name karbor --description "Application Data Protection Service" data-protect +-------------+-------------------------------------+ | Field | Value | +-------------+-------------------------------------+ | description | Application Data Protection Service | | enabled | True | | id | 727841c6f5df4773baa4e8a5ae7d72eb | | name | karbor | | type | data-protect | +-------------+-------------------------------------+
Create the Data Protection service API endpoints:
$ openstack endpoint create --region RegionOne data-protect public http://controller:8799/v1/%\(project_id\)s +--------------+------------------------------------------+ | Field | Value | +--------------+------------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | karbor | | service_type | data-protect | | url | http://controller:8799/v1/%(project_id)s | +--------------+------------------------------------------+ $ openstack endpoint create --region RegionOne data-protect internal http://controller:8799/v1/%\(project_id\)s +--------------+------------------------------------------+ | Field | Value | +--------------+------------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | karbor | | service_type | data-protect | | url | http://controller:8799/v1/%(project_id)s | +--------------+------------------------------------------+ $ openstack endpoint create --region RegionOne data-protect admin http://controller:8799/v1/%\(project_id\)s +--------------+------------------------------------------+ | Field | Value | +--------------+------------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | karbor | | service_type | data-protect | | url | http://controller:8799/v1/%(project_id)s | +--------------+------------------------------------------+
Install the services¶
Retrieve and install karbor with required packages:
git clone https://git.openstack.org/openstack/karbor
cd karbor
sudo pip install -e .
python setup.py install
This procedure installs the karbor python library and the following
executables:
karbor-wsgi: karbor wsgi scriptkarbor-api: karbor api scriptkarbor-protection: karbor protection scriptkarbor-operationengine: karbor operationengine scriptkarbor-manage: karbor manage script
Generate sample configuration file karbor.conf.sample:
#use tox
tox -egenconfig
#or direct run oslo-config-generator
oslo-config-generator --config-file etc/oslo-config-generator/karbor.conf
Generate sample policy file policy.yaml.sample:
#use tox
tox -egenpolicy
#or direct run oslopolicy-sample-generator
oslopolicy-sample-generator --config-file=etc/karbor-policy-generator.conf
Install sample configuration files:
mkdir /etc/karbor
cp etc/api-paste.ini /etc/karbor
cp etc/karbor.conf.sample /etc/karbor/karbor.conf
cp etc/policy.yaml.sample /etc/karbor/policy.yaml
cp -r etc/providers.d /etc/karbor
Create the log directory:
mkdir /var/log/karbor
Note
Karbor provides more preconfigured providers with different bank and protection plugins (such as EISOO, S3, File system, Cinder snapshot plugin, and more). If these were available for your environment, you can consult these provider configuration files for reference, or use them as-is, by copying the configuration files from ‘devstack/providers.d’ to ‘/etc/karbor/providers.d’. By default, karbor use ‘OS Infra Provider with swift bank’.
Install the client¶
Retrieve and install karbor client:
git clone https://git.openstack.org/openstack/python-karborclient.git
cd python-karborclient
python setup.py install
Configure components¶
Add system user:
groupadd karbor useradd karbor -g karbor -d /var/lib/karbor -s /sbin/nologin
Edit the
/etc/karbor/karbor.conffile and complete the following actions:In the
[database]section, configure database access:[database] ... connection = mysql+pymysql://karbor:KARBOR_DBPASS@controller/karbor
Replace
KARBOR_DBPASSwith the password you chose for the Data Protection database.In the
[DEFAULT]section, configureRabbitMQmessage queue access:[DEFAULT] ... transport_url = rabbit://openstack:RABBIT_PASS@controller:5672
Replace
RABBIT_PASSwith the password you chose for theopenstackaccount inRabbitMQ.In the
[keystone_authtoken],[trustee],[clients_keystone], and[karbor_client]sections, configure Identity service access:[keystone_authtoken] ... www_authenticate_uri = http://keystone1.example.com/identity auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = karbor password = KARBOR_PASS [trustee] ... auth_type = password auth_url = http://controller/identity_admin username = karbor password = KARBOR_PASS user_domain_name = default [clients_keystone] ... auth_uri = http://controller/identity_admin [karbor_client] ... version = 1 service_type = data-protect service_name = karbor
Replace
KARBOR_PASSwith the password you chose for thekarboruser in the Identity service.
Populate the Data Protection database:
# su -s /bin/sh -c "karbor-manage db sync" karbor
Note
Ignore any deprecation messages in this output.
Finalize installation¶
You can start karbor services directly from command line by executing
karbor-api, karbor-protection and karbor-operationengine.
