This section describes how to install and configure the Data Protection service from source.
Before you install and configure Data Protection service, you must create a database, service credentials, and API endpoints. Data Protection service also requires additional information in the Identity service.
To create the database, complete these steps:
Use the database access client to connect to the database
server as the root
user:
$ mysql -u root -p
Create the karbor
database:
CREATE DATABASE karbor;
Grant proper access to the karbor
database:
GRANT ALL PRIVILEGES ON karbor.* TO 'karbor'@'localhost' IDENTIFIED BY 'KARBOR_DBPASS';
GRANT ALL PRIVILEGES ON karbor.* TO 'karbor'@'%' IDENTIFIED BY 'KARBOR_DBPASS';
Replace KARBOR_DBPASS
with a suitable password.
Exit the database access client.
Source the admin
credentials to gain access to
admin-only CLI commands:
$ . admin-openrc
To create the service credentials, complete these steps:
Create the karbor
user:
$ openstack user create --domain default --password-prompt karbor
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | karbor |
+-----------+----------------------------------+
Add the admin
role to the karbor
user:
$ openstack role add --project service --user karbor admin
Note
This command provides no output.
Create the karbor
service entities:
$ openstack service create --name karbor --description "Application Data Protection Service" data-protect
+-------------+-------------------------------------+
| Field | Value |
+-------------+-------------------------------------+
| description | Application Data Protection Service |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | karbor |
| type | data-protect |
+-------------+-------------------------------------+
Create the Data Protection service API endpoints:
$ openstack endpoint create --region RegionOne data-protect public http://controller:8799/v1/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | karbor |
| service_type | data-protect |
| url | http://controller:8799/v1/%(project_id)s |
+--------------+------------------------------------------+
$ openstack endpoint create --region RegionOne data-protect internal http://controller:8799/v1/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | karbor |
| service_type | data-protect |
| url | http://controller:8799/v1/%(project_id)s |
+--------------+------------------------------------------+
$ openstack endpoint create --region RegionOne data-protect admin http://controller:8799/v1/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | karbor |
| service_type | data-protect |
| url | http://controller:8799/v1/%(project_id)s |
+--------------+------------------------------------------+
Retrieve and install karbor with required packages:
git clone https://git.openstack.org/openstack/karbor
cd karbor
sudo pip install -e .
python setup.py install
This procedure installs the karbor
python library and the following
executables:
karbor-wsgi
: karbor wsgi scriptkarbor-api
: karbor api scriptkarbor-protection
: karbor protection scriptkarbor-operationengine
: karbor operationengine scriptkarbor-manage
: karbor manage scriptGenerate sample configuration file karbor.conf.sample:
#use tox
tox -egenconfig
#or direct run oslo-config-generator
oslo-config-generator --config-file etc/oslo-config-generator/karbor.conf
Generate sample policy file policy.yaml.sample:
#use tox
tox -egenpolicy
#or direct run oslopolicy-sample-generator
oslopolicy-sample-generator --config-file=etc/karbor-policy-generator.conf
Install sample configuration files:
mkdir /etc/karbor
cp etc/api-paste.ini /etc/karbor
cp etc/karbor.conf.sample /etc/karbor/karbor.conf
cp etc/policy.yaml.sample /etc/karbor/policy.yaml
cp -r etc/providers.d /etc/karbor
Create the log directory:
mkdir /var/log/karbor
Note
Karbor provides more preconfigured providers with different bank and protection plugins (such as EISOO, S3, File system, Cinder snapshot plugin, and more). If these were available for your environment, you can consult these provider configuration files for reference, or use them as-is, by copying the configuration files from ‘devstack/providers.d’ to ‘/etc/karbor/providers.d’. By default, karbor use ‘OS Infra Provider with swift bank’.
Retrieve and install karbor client:
git clone https://git.openstack.org/openstack/python-karborclient.git
cd python-karborclient
python setup.py install
Add system user:
groupadd karbor
useradd karbor -g karbor -d /var/lib/karbor -s /sbin/nologin
Edit the /etc/karbor/karbor.conf
file and complete the following
actions:
In the [database]
section, configure database access:
[database]
...
connection = mysql+pymysql://karbor:KARBOR_DBPASS@controller/karbor
Replace KARBOR_DBPASS
with the password you chose for the
Data Protection database.
In the [DEFAULT]
section,
configure RabbitMQ
message queue access:
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672
Replace RABBIT_PASS
with the password you chose for the
openstack
account in RabbitMQ
.
In the [keystone_authtoken]
, [trustee]
,
[clients_keystone]
, and [karbor_client]
sections,
configure Identity service access:
[keystone_authtoken]
...
www_authenticate_uri = http://keystone1.example.com/identity
auth_url = http://controller/identity_admin
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = karbor
password = KARBOR_PASS
[trustee]
...
auth_type = password
auth_url = http://controller/identity_admin
username = karbor
password = KARBOR_PASS
user_domain_name = default
[clients_keystone]
...
auth_uri = http://controller/identity_admin
[karbor_client]
...
version = 1
service_type = data-protect
service_name = karbor
Replace KARBOR_PASS
with the password you chose for the
karbor
user in the Identity service.
Populate the Data Protection database:
# su -s /bin/sh -c "karbor-manage db sync" karbor
Note
Ignore any deprecation messages in this output.
You can start karbor services directly from command line by executing
karbor-api
, karbor-protection
and karbor-operationengine
.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.