trilio wlm #43

Supports: bionic focal groovy

Description

TrilioVault provides a backup and recovery solution that natively integrates with OpenStack Clouds. . This charm provides the TrilioVault Workload Manager Service which forms part of the TrilioVault solution.


Overview

This charm provides the TrilioVault Workload Manager Service which forms part of the TrilioVault Cloud Backup solution.

Usage

The TrilioVault Workload Manager Service relies on a database service, the Keystone identity service, and RabbitMQ messaging:

juju deploy trilio-wlm
juju deploy mysql
juju deploy rabbitmq-server
juju deploy keystone
juju add-relation trilio-wlm mysql
juju add-relation trilio-wlm rabbitmq-server
juju add-relation trilio-wlm keystone

TrilioVault will also need to be deployed with other services in order to provide a fully functional TrilioVault backup solution. Refer to the TrilioVault Data Protection section in the deployment guide for more information.

Creating trust with the Cloud Admin account

In order for TrilioVault to backup services running on the OpenStack Cloud application trust must be granted from the Trilio WLM service account to the Cloud Admin account using the Admin role. This is completed using the 'create-cloud-admin-trust' action post deployment:

juju run-action --wait trilio-wlm/leader create-cloud-admin-trust \
    password=<cloud admin password>

This allows the Trilio WLM service account to impersonate the Cloud Admin account in order to access full details of services being protected.

Trusts can be listed and managed using the 'openstack trust ...' set of OSC commands.

Installing a TrilioVault License

In order to operate TrilioVault a license for the deployment must be installed. Attach the license file provided by Trilio to the application:

juju attach-resource trilio-wlm license=mylicense.lic

and then execute the 'create-license' action:

juju run-action --wait trilio-wlm/leader create-license

The resource may be included as part of a bundle but the action must be run post deployment to complete configuration of the TrilioVault service.

Alternatively this may be completed via the Horizon plugin for TrilioVault in the OpenStack Dashboard.

Storage Options

TrilioVault supports NFS and S3 backends for storing workload backups. The storage type used by TrilioVault is determined by the value in the backup-target-type charm config option.

NFS

To configure the TrilioVault Workload Manager to store backups in an NFS share, set the backup-target-type option of the charm to nfs and set the nfs-shares option of the charm to specify a valid NFS share.

juju config trilio-wlm backup-target-type=nfs
juju config trilio-wlm nfs-shares=10.40.3.20:/srv/triliovault

Mount settings for the NFS shares can be configured using the nfs-options config option.

The TrilioVault Data Mover application will also need to be configured to use the same nfs-share.

S3

To configure the TrilioVault Workload Manager to store backups in an S3 share, set the backup-target-type option of the charm to s3 and set the following configuration options to provide information regarding the S3 service:

  • tv-s3-endpoint-url the URL of the s3 storage
  • tv-s3-secret-key the secret key for accessing the s3 storage
  • tv-s3-access-key the access key for accessing the s3 storage
  • tv-s3-region-name the region for accessing the s3 storage
  • tv-s3-bucket the s3 bucket to use to storage backups in
  • tv-s3-ssl-cert the SSL CA to use when connecting to the s3 service

    juju config trilio-wlm tv-s3-endpoint-url=http://s3.example.com/ juju config trilio-wlm tv-s3-secret-key=superSecretKey juju config trilio-wlm tv-s3-access-key=secretAccessKey juju config trilio-wlm tv-s3-region-name=RegionOne juju config trilio-wlm tv-s3-bucket=backups

Bugs

Please report bugs on Launchpad.


Configuration

action-managed-upgrade
(boolean) If True enables openstack upgrades for this charm via juju actions. You will still need to set openstack-origin to the new repository but instead of an upgrade running automatically across all units, it will wait for you to execute the openstack-upgrade action for this charm on each unit. If False it will revert to existing behavior of upgrading all units on config change.
backup-target-type
(string) Type of backup target. Valid types - nfs, s3
nfs
client-retry-limit
(int) This is the number of times wlm will try to connect to OpenStack services. This option is ignored if Trilio is before 4.1.94
3
debug
(boolean) Enable debug logging
dns-ha
(boolean) Use DNS HA with MAAS 2.0. Note if this is set do not set vip settings below.
haproxy-client-timeout
(int) Client timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
haproxy-connect-timeout
(int) Connect timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
haproxy-queue-timeout
(int) Queue timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 9000ms is used.
haproxy-server-timeout
(int) Server timeout configuration in ms for haproxy, used in HA configurations. If not provided, default value of 90000ms is used.
max-wait-for-upload
(int) The amount of time(in hrs) that snapshot upload operation should wait for the upload This option is ignored if Trilio is before 4.1.94
48
misfire-grace-time
(int) misfire_grace_time is the grace time in which the global job scheduler will consider to trigger the missed snapshots The value is in seconds This option is ignored if Trilio is before 4.1.94
600
nfs-options
(string) NFS Options
nolock,soft,timeo=180,intr,lookupcache=none
nfs-shares
(string) NFS Shares mount source path
openstack-origin
(string) Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry or a supported Ubuntu Cloud Archive (UCA) release pocket. . Supported UCA sources include: . cloud:<series>-<openstack-release> cloud:<series>-<openstack-release>/updates cloud:<series>-<openstack-release>/staging cloud:<series>-<openstack-release>/proposed . For series=Precise we support UCA for openstack-release= * icehouse . For series=Trusty we support UCA for openstack-release= * juno * kilo * ... . NOTE: updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.
cloud:bionic-train
os-admin-hostname
(string) The hostname or address of the admin endpoints created in the keystone identity provider. . This value will be used for admin endpoints. For example, an os-admin-hostname set to 'api-admin.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-admin.example.com:9696/
os-admin-network
(string) The IP address and netmask of the OpenStack Admin network (e.g., 192.168.0.0/24) . This network will be used for admin endpoints.
os-internal-hostname
(string) The hostname or address of the internal endpoints created in the keystone identity provider. . This value will be used for internal endpoints. For example, an os-internal-hostname set to 'api-internal.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-internal.example.com:9696/
os-internal-network
(string) The IP address and netmask of the OpenStack Internal network (e.g., 192.168.0.0/24) . This network will be used for internal endpoints.
os-public-hostname
(string) The hostname or address of the public endpoints created in the keystone identity provider. . This value will be used for public endpoints. For example, an os-public-hostname set to 'api-public.example.com' with ssl enabled will create the following endpoint for neutron-api: . https://api-public.example.com:9696/
os-public-network
(string) The IP address and netmask of the OpenStack Public network (e.g., 192.168.0.0/24) . This network will be used for public endpoints.
region
(string) OpenStack Region
RegionOne
ssl_ca
(string) TLS CA to use to communicate with other components in a deployment. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
ssl_cert
(string) TLS certificate to install and use for any listening services. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
ssl_key
(string) TLS key to use with certificate specified as ``ssl_cert``. . __NOTE__: This configuration option will take precedence over any certificates received over the ``certificates`` relation.
triliovault-pkg-source
(string) Repository address of triliovault packages
deb [trusted=yes] https://apt.fury.io/triliodata-4-0/ /
trustee-role
(string) Workload manager trustee role.
member
tv-s3-access-key
(string) S3 access key
tv-s3-bucket
(string) S3 bucket name
tv-s3-endpoint-url
(string) S3 endpoint URL
tv-s3-region-name
(string) S3 region name
tv-s3-secret-key
(string) S3 secret access key
tv-s3-ssl-cert
(string) SSL CA to use when connecting to S3
use-internal-endpoints
(boolean) Openstack mostly defaults to using public endpoints for internal communication between services. If set to True this option will configure services to use internal endpoints where possible.
use-syslog
(boolean) Setting this to True will allow supporting services to log to syslog.
verbose
(boolean) Enable verbose logging
vip
(string) Virtual IP(s) to use to front API services in HA configuration. If multiple networks are being used, a VIP should be provided for each network, separated by spaces.
vip_cidr
(int) Default CIDR netmask to use for HA vip when it cannot be automatically determined.
24
vip_iface
(string) Default network interface to use for HA vip when it cannot be automatically determined.
eth0
worker-multiplier
(float) The CPU core multiplier to use when configuring worker processes. By default, the number of workers for each daemon is set to twice the number of CPU cores a service unit has. This default value will be capped to 4 workers unless this configuration option is set.