Install from source

This section describes how to install and configure the Data Protection service from source.

Prerequisites

Before you install and configure Data Protection service, you must create a database, service credentials, and API endpoints. Data Protection service also requires additional information in the Identity service.

  1. To create the database, complete these steps:

    • Use the database access client to connect to the database server as the root user:

      $ mysql -u root -p
      
    • Create the karbor database:

      CREATE DATABASE karbor;
      
    • Grant proper access to the karbor database:

      GRANT ALL PRIVILEGES ON karbor.* TO 'karbor'@'localhost' IDENTIFIED BY 'KARBOR_DBPASS';
      GRANT ALL PRIVILEGES ON karbor.* TO 'karbor'@'%' IDENTIFIED BY 'KARBOR_DBPASS';
      

      Replace KARBOR_DBPASS with a suitable password.

    • Exit the database access client.

  2. Source the admin credentials to gain access to admin-only CLI commands:

    $ . admin-openrc
    
  3. To create the service credentials, complete these steps:

    • Create the karbor user:

      $ openstack user create --domain default --password-prompt karbor
      User Password:
      Repeat User Password:
      +-----------+----------------------------------+
      | Field     | Value                            |
      +-----------+----------------------------------+
      | domain_id | e0353a670a9e496da891347c589539e9 |
      | enabled   | True                             |
      | id        | ca2e175b851943349be29a328cc5e360 |
      | name      | karbor                           |
      +-----------+----------------------------------+
      
    • Add the admin role to the karbor user:

      $ openstack role add --project service --user karbor admin
      

      Note

      This command provides no output.

    • Create the karbor service entities:

      $ openstack service create --name karbor --description "Application Data Protection Service" data-protect
      +-------------+-------------------------------------+
      | Field       | Value                               |
      +-------------+-------------------------------------+
      | description | Application Data Protection Service |
      | enabled     | True                                |
      | id          | 727841c6f5df4773baa4e8a5ae7d72eb    |
      | name        | karbor                              |
      | type        | data-protect                        |
      +-------------+-------------------------------------+
      
  4. Create the Data Protection service API endpoints:

    $ openstack endpoint create --region RegionOne data-protect public http://controller:8799/v1/%\(project_id\)s
    +--------------+------------------------------------------+
    | Field        | Value                                    |
    +--------------+------------------------------------------+
    | enabled      | True                                     |
    | id           | 3f4dab34624e4be7b000265f25049609         |
    | interface    | public                                   |
    | region       | RegionOne                                |
    | region_id    | RegionOne                                |
    | service_id   | 727841c6f5df4773baa4e8a5ae7d72eb         |
    | service_name | karbor                                   |
    | service_type | data-protect                             |
    | url          | http://controller:8799/v1/%(project_id)s |
    +--------------+------------------------------------------+
    
    $ openstack endpoint create --region RegionOne data-protect internal http://controller:8799/v1/%\(project_id\)s
    +--------------+------------------------------------------+
    | Field        | Value                                    |
    +--------------+------------------------------------------+
    | enabled      | True                                     |
    | id           | 3f4dab34624e4be7b000265f25049609         |
    | interface    | internal                                 |
    | region       | RegionOne                                |
    | region_id    | RegionOne                                |
    | service_id   | 727841c6f5df4773baa4e8a5ae7d72eb         |
    | service_name | karbor                                   |
    | service_type | data-protect                             |
    | url          | http://controller:8799/v1/%(project_id)s |
    +--------------+------------------------------------------+
    
    $ openstack endpoint create --region RegionOne data-protect admin http://controller:8799/v1/%\(project_id\)s
    +--------------+------------------------------------------+
    | Field        | Value                                    |
    +--------------+------------------------------------------+
    | enabled      | True                                     |
    | id           | 3f4dab34624e4be7b000265f25049609         |
    | interface    | admin                                    |
    | region       | RegionOne                                |
    | region_id    | RegionOne                                |
    | service_id   | 727841c6f5df4773baa4e8a5ae7d72eb         |
    | service_name | karbor                                   |
    | service_type | data-protect                             |
    | url          | http://controller:8799/v1/%(project_id)s |
    +--------------+------------------------------------------+
    

Install the services

Retrieve and install karbor with required packages:

git clone https://git.openstack.org/openstack/karbor
cd karbor
sudo pip install -e .
python setup.py install

This procedure installs the karbor python library and the following executables:

  • karbor-wsgi: karbor wsgi script

  • karbor-api: karbor api script

  • karbor-protection: karbor protection script

  • karbor-operationengine: karbor operationengine script

  • karbor-manage: karbor manage script

Generate sample configuration file karbor.conf.sample:

#use tox
tox -egenconfig
#or direct run oslo-config-generator
oslo-config-generator --config-file etc/oslo-config-generator/karbor.conf

Generate sample policy file policy.yaml.sample:

#use tox
tox -egenpolicy
#or direct run oslopolicy-sample-generator
oslopolicy-sample-generator --config-file=etc/karbor-policy-generator.conf

Install sample configuration files:

mkdir /etc/karbor
cp etc/api-paste.ini /etc/karbor
cp etc/karbor.conf.sample /etc/karbor/karbor.conf
cp etc/policy.yaml.sample /etc/karbor/policy.yaml
cp -r etc/providers.d /etc/karbor

Create the log directory:

mkdir /var/log/karbor

Note

Karbor provides more preconfigured providers with different bank and protection plugins (such as EISOO, S3, File system, Cinder snapshot plugin, and more). If these were available for your environment, you can consult these provider configuration files for reference, or use them as-is, by copying the configuration files from ‘devstack/providers.d’ to ‘/etc/karbor/providers.d’. By default, karbor use ‘OS Infra Provider with swift bank’.

Install the client

Retrieve and install karbor client:

git clone https://git.openstack.org/openstack/python-karborclient.git
cd python-karborclient
python setup.py install

Configure components

  1. Add system user:

    groupadd karbor
    useradd karbor -g karbor -d /var/lib/karbor -s /sbin/nologin
    
  1. Edit the /etc/karbor/karbor.conf file and complete the following actions:

    • In the [database] section, configure database access:

      [database]
      ...
      connection = mysql+pymysql://karbor:KARBOR_DBPASS@controller/karbor
      

      Replace KARBOR_DBPASS with the password you chose for the Data Protection database.

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
      ...
      transport_url = rabbit://openstack:RABBIT_PASS@controller:5672
      

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [keystone_authtoken], [trustee], [clients_keystone], and [karbor_client] sections, configure Identity service access:

      [keystone_authtoken]
      ...
      www_authenticate_uri = http://keystone1.example.com/identity
      auth_url = http://controller/identity_admin
      auth_type = password
      project_domain_name = default
      user_domain_name = default
      project_name = service
      username = karbor
      password = KARBOR_PASS
      
      [trustee]
      ...
      auth_type = password
      auth_url = http://controller/identity_admin
      username = karbor
      password = KARBOR_PASS
      user_domain_name = default
      
      [clients_keystone]
      ...
      auth_uri = http://controller/identity_admin
      
      [karbor_client]
      ...
      version = 1
      service_type = data-protect
      service_name = karbor
      

      Replace KARBOR_PASS with the password you chose for the karbor user in the Identity service.

  2. Populate the Data Protection database:

    # su -s /bin/sh -c "karbor-manage db sync" karbor
    

    Note

    Ignore any deprecation messages in this output.

Finalize installation

You can start karbor services directly from command line by executing karbor-api, karbor-protection and karbor-operationengine.