Veritas NetBackup™ for OpenStack Administrator's Guide
- Introduction
- Deploying OpenStack plug-in for NetBackup
- Configuring NetBackup for OpenStack
- Performing backups and restores of OpenStack
- Troubleshooting
- Index
Adding OpenStack credentials in NetBackup
To establish a seamless communication between OpenStack and NetBackup for backup and restore operations, you must add and update OpenStack credentials in the NetBackup master server.
You need to first create a credentials file for storing the Keystone and project information. This file is used as an input when you run the tpconfig command to add credentials in NetBackup master server.
You can use the following backup host deployment models to protect OpenStack:
For more information, See Managing backup hosts.
The credential file differs based on the backup host deployment model.
In this deployment model, backup hosts are deployed for each tenant or project.
To create a credentials file for storing and entering Keystone and project information
- Login to the NetBackup master server.
- On the OpenStack server, use the following steps to get the information that you need to create the credential file:
cat ~/keystonerc_admin
unset OS_SERVICE_TOKEN export OS_USERNAME=admin1 export OS_PASSWORD='aae1113cd1482a' export OS_REGION_NAME=RegionOne export OS_AUTH_URL=http://10.217.34.248:5000/v3 export PS1='[\u@\h \W(keystone_admin)]\$ ' export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_IDENTITY_API_VERSION=3
You required the following variables:
OS_USERNAME
OS_PASSWORD
OS_USER_DOMAIN_NAME
OS_AUTH_URL
OS_PROJECT_NAME
OS_PROJECT_DOMAIN_NAME
ProjectUUID
For ProjectUUID: openstack project list | grep OS_PROJECT_NAME | awk '{print $2}'
The output will be ProjectUUID of the PROJECT.
IPAddress
Get IP Address of the OpenStack Controller Node. The IP address is used in credential file and in policy as name of client.
EndPoint
This value is required for communication. EndPoint examples are internal, public, admin.
Sample credential file format for local admin backup host deployment:
{ "IPAddress_management_interface":"EndPoint", "IPAddress_volume_api_version":"3", "IPAddress_ep_keystone":"OS_AUTH_URL", "IPAddress_os_access_protocol":"http://", "IPAddress_domain_id":"OS_PROJECT_DOMAIN_NAME", "IPAddress_auth_sub_url":"auth/tokens", "IPAddress_ProjectUUID ": {"keystone_user":"OS_USERNAME","keystone_password":"OS_PASSWORD","keystone_user_domain_name":"OS_USER_DOMAIN_NAME", "project_domain_name":"OS_PROJECT_DOMAIN_NAME", "project_name":"OS_PROJECT_NAME","user_role":"member"}, "IPAddress_admin": {"keystone_user":"OS_USERNAME","keystone_password":"OS_PASSWORD","keystone_user_domain_name":"OS_USER_DOMAIN_NAME", "project_domain_name":"OS_PROJECT_DOMAIN_NAME", "project_name":"OS_PROJECT_NAME","user_role":"member"} }Sample values for the variables:
IPAddress = 10.217.34.248 EndPoint = internal ProjectUUID = 9c43b3b5d55c414497fb46f7141c604d OS_AUTH_URL = http://10.217.34.248:5000/v3 OS_PROJECT_DOMAIN_NAME = Default OS_USERNAME = admin OS_PASSWORD = aaeaa1113cd1482a OS_USER_DOMAIN_NAME = Default OS_PROJECT_DOMAIN_NAME = Default
Sample credential file using the sample values for local admin backup host deployment:
{ "10.217.34.248_management_interface":"internal", "10.217.34.248_volume_api_version":"3", "10.217.34.248_ep_keystone":"http://10.217.34.248:5000/v3", "10.217.34.248_os_access_protocol":"http://", "10.217.34.248_domain_id":"default", "10.217.34.248_auth_sub_url":"auth/tokens", "10.217.34.248_9c43b3b5d55c414497fb46f7141c604d": {"keystone_user":"admin","keystone_password":"aaeaa1113cd1482a","keystone_user_domain_name":"Default", "project_domain_name":"Default", "project_name":"admin"}, "10.217.34.248_admin": {"keystone_user":"admin","keystone_password":"aaeaa1113cd1482a","keystone_user_domain_name":"Default", "project_domain_name":"Default", "project_name":"admin"} }Add the credentials file in the
/usr/openv/var/globalfolder on your NetBackup master server.
- Whitelist the file path of the creds file. Run the following command:
bpsetconfig -h masterserver
BPCD_WHITELIST_PATH = /usr/openv/var/global/
For UNIX: <ctl-z>
For Windows: <ctl-d>
The BPCD_WHITELIST_PATH = install_dir\NetBackup\var\global\ entry is set in
bp.conffile.Note:
Whitelisting is not required for media server to be able to use as backup host.
In this deployment model, all the backup hosts are part of a single tenant or project.
To create a credentials file for storing and entering Keystone and project information
- Login to the NetBackup master server.
- On the OpenStack server, use the following steps to get the information that you need to create the credential file:
You required the following variables:
OS_USERNAME
OS_PASSWORD
OS_PROJECT_NAME
OS_PROJECT_DOMAIN_NAME
ProjectUUID
For ProjectUUID: openstack project list | grep OS_PROJECT_NAME | awk '{print $2}'
The output will be ProjectUUID of the PROJECT.
IPAddress
Get IP Address of the OpenStack Controller Node. The IP address is used in credential file and in policy as name of client.
Sample credential file format for global admin backup host deployment:
{ " IPAddress _g_backup_admin_name":"GA_USERNAME", " IPAddress _g_backup_admin_domain_name":"GA_PROJECT_DOMAIN_NAME", " IPAddress _g_backup_admin_password":"GA_PASSWORD ", " IPAddress _g_backup_admin_project_name":"GA_PROJECT_NAME", " IPAddress _g_backup_admin_project_id":"ProjectUUID ", " IPAddress _g_backup_admin_project_domain_name":"GA_PROJECT_DOMAIN_NAME ", "IPAddress_management_interface":"EndPoint", "IPAddress_volume_api_version":"3", "IPAddress_ep_keystone":"OS_AUTH_URL", "IPAddress_os_access_protocol":"http://", "IPAddress_domain_id":"OS_PROJECT_DOMAIN_NAME", "IPAddress_auth_sub_url":"auth/tokens", "IPAddress_ProjectUUID ": {"keystone_user":"OS_USERNAME","keystone_password":"OS_PASSWORD","keystone_user_domain_name":"OS_USER_DOMAIN_NAME", "project_domain_name":"OS_PROJECT_DOMAIN_NAME", "project_name":"OS_PROJECT_NAME","user_role":"member"}, "IPAddress_admin": {"keystone_user":"OS_USERNAME","keystone_password":"OS_PASSWORD","keystone_user_domain_name":"OS_USER_DOMAIN_NAME", "project_domain_name":"OS_PROJECT_DOMAIN_NAME", "project_name":"OS_PROJECT_NAME","user_role":"member"} }Sample values for the variables:
IPAddress = 10.217.34.248 EndPoint = internal ProjectUUID = 9c43b3b5d55c414497fb46f7141c604d OS_AUTH_URL = http://10.217.34.248:5000/v3 OS_PROJECT_DOMAIN_NAME = Default OS_USERNAME = admin OS_PASSWORD = aaeaa1113cd1482a OS_USER_DOMAIN_NAME = Default
Sample credential file using the sample values for global admin backup host deployment:
{ "10.217.34.248_g_backup_admin_name":"admin", "10.217.34.248_g_backup_admin_domain_name":"Default", "10.217.34.248_g_backup_admin_password":"aaeaa1113cd1482a", "10.217.34.248_g_backup_admin_project_name":"admin", "10.217.34.248_g_backup_admin_project_id":"9a6de296541c4a62891dbea0b2aeed05", "10.217.34.248_g_backup_admin_project_domain_name":"Default", "10.217.34.248_management_interface":"internal", "10.217.34.248_volume_api_version":"3", "10.217.34.248_ep_keystone":"http://10.217.34.248:5000/v3", "10.217.34.248_os_access_protocol":"http://", "10.217.34.248_domain_id":"default", "10.217.34.248_auth_sub_url":"auth/tokens", "10.217.34.248_9a6de296541c4a62891dbea0b2aeed05": {"keystone_user":"admin","keystone_password":"aaeaa1113cd1482a","keystone_user_domain_name":"Default", "project_domain_name":"Default", "project_name":"admin", "backuptime_az":"nova"}, "10.217.34.248_admin": {"keystone_user":"admin","keystone_password":"aaeaa1113cd1482a","keystone_user_domain_name":"Default", "project_domain_name":"Default", "project_name":"admin", "backuptime_az":"nova"}, "10.217.34.248_12c3cbcaf92b4e13a8c3bb4f74efe513": {"keystone_user":"demo","keystone_password":"5a7499ff22f04729","keystone_user_domain_name":"Default", "project_domain_name":"Default", "project_name":"demo", "backuptime_az":"nova", "user_role":"member"}, "10.217.34.248_demo": {"keystone_user":"demo","keystone_password":"5a7499ff22f04729","keystone_user_domain_name":"Default", "project_domain_name":"Default", "project_name":"demo", "backuptime_az":"nova", "user_role":"member"} }Add the credentials file in the
/usr/openv/var/globalfolder on your NetBackup master server.
- Whitelist the file path of the creds file. Run the following command:
bpsetconfig -h masterserver
BPCD_WHITELIST_PATH = /usr/openv/var/global/
For UNIX: <ctl-z>
For Windows: <ctl-d>
The BPCD_WHITELIST_PATH = install_dir\NetBackup\var\global\ entry is set in
bp.conffile.Note:
Whitelisting is not required for media server to be able to use as backup host.
To add credentials in NetBackup
- Run tpconfig command from the following directory paths:
On UNIX systems, /usr/openv/volmgr/bin/
On Windows systems, install_path\Volmgr\bin\
- Run the ./tpconfig -add -application_server_user_id user ID -application_type openstack -application_server IP Address -password password -application_server_conf /path to creds file -requiredport Port Number
Ensure that the host name of the backup host is the same as the display name of the backup host used in OpenStack.
- Run the tpconfig -dappservers command to verify if the NetBackup master server has the OpenStack credentials added.
The following entry is added in the existing global admin entries when the credential file is added.
"user_role":"admin"
This entry is optional for admin users but required for non-admin users.
You can mix the two backup host deployment models and create a hybrid deployment model. In this hybrid model, you can have a global admin credentials in credential file and few tenants without member_role users. In that case, they will be admin of that project.
The backup administrator role lets the user run backup and restore jobs. Use this role to create a user who can be the backup administrator of a given tenant or project. You can also use this role to create users of the type global admin.
Note:
Backup admin is a recommended role but is not mandatory to protect OpenStack.