Changes - stoney cloud

stoney backup: OpenLDAP directory data organisation

13,449 bytes added, 12 June

/* Backup accounts - S3 bucket based backup account example */

== Backup accounts ==

The sub tree for the accounts of the (online) backup service:

dn: ou=accounts,ou=backup,ou=services,dc=stoney-cloud,dc=org

objectclass: top

=== Backup accounts - Posix account based backup account example ===

Each (Online) Backup service account has it's own change root (chroot, jail) directory. The following example shows the OpenLDAP directory entry for the (online) backup account with the uid number 3723707:

dn: uid=3723707,ou=accounts,ou=backup,ou=services,dc=stoney-cloud,dc=org

objectclass: top

=== Backup accounts - S3 bucket based backup account example ===

dn: uid=~~3723707~~4000907,ou=accounts,ou=backup,ou=services,dco=~~stoney~~stepping-~~cloud~~stone,dcc=~~org~~ch

objectclass: top

~~objectclass: account~~

~~objectclass: posixAccount~~

~~objectclass: shadowAccount~~

objectclass: sstS3Bucket

objectclass: sstProvisioning

objectclass: sstRelationship

uid: ~~3723707~~4000907~~userPassword~~sstDisplayName: ~~{SSHA}E/KLUgeAtApAPQ7mG2GMddCxTE9m9QOS~~Support stepping stone AG~~uidNumber~~description: ~~3723707gidNumber: 3723707cn: Michael Eichenbergergecos: Michael EichenbergerhomeDirectory: /home/3723707loginShell: /bin/shshadowLastChange: 11108shadowMax: 99999shadowWarning: 7shadowFlag: 134539460sstBackupIntervalHourly: 0sstBackupIntervalDaily: 7sstBackupIntervalWeekly: 4sstBackupIntervalMonthly: 3sstBackupIntervalYearly: 0sstBackupIterations: 99~~The leaf for the S3 bucket based backup account belonging to the user 'Support stepping stone AG'.

sstBackupWarningDays: 1

sstBackupWarningNumbers: 0

sstBackupWarningOn: TRUE

~~sstNotificationWarningLevel: 85~~

~~preferredLanguage: de-CH~~

sstNotificationWarningMedium: mail

~~sstUseSelfcare: FALSE~~

~~sstUseSSH: TRUE~~

sstIsActive: TRUE

sstBillable: FALSE

sstQuota: 10737418240

~~sstBackupSize~~sstS3BucketLifecycleDays: 01~~sstIncrementSize~~sstS3BucketWormDays: 01~~sstBackupLastSuccessfulBackup~~sstS3BucketWormMode: ~~computer~~COMPLIANCEsstAutoGrow:~~20130923T063554Z~~FALSEsstActionLevel: 90host: ~~sst~~ctrl-test-~~int~~vm-~~054~~043

sstProvisioningMode: add

sstProvisioningExecutionDate: 0

sstProvisioningState: 0

sstProvisioningReturnValue: 0

sstBelongsToResellerUID: 2000000

sstBelongsToCustomerUID: 3723426

sstBelongsToPersonUID: 1000482

</source>

With auto-grow:

dn: uid=4000907,ou=accounts,ou=backup,ou=services,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstS3Bucket

objectclass: sstProvisioning

objectclass: sstRelationship

uid: 4000907

sstDisplayName: Support stepping stone AG

description: The leaf for the S3 bucket based backup account belonging to the user 'Support stepping stone AG'.

sstBackupWarningDays: 1

sstBackupWarningNumbers: 0

sstBackupWarningOn: TRUE

sstNotificationWarningMedium: mail

preferredLanguage: de-CH

sstIsActive: TRUE

sstBillable: FALSE

sstQuota: 10737418240

sstS3BucketLifecycleDays: 1

sstS3BucketWormDays: 1

sstS3BucketWormMode: COMPLIANCE

sstAutoGrow: TRUE

sstActionLevel: 90

sstAutoGrowStepBytes: 1073741824

host: ctrl-test-vm-043

sstProvisioningMode: add

sstProvisioningExecutionDate: 0

sstProvisioningState: 0

sstProvisioningReturnValue: 0

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstBelongsToPersonUID: 4000002

~~sstBelongsToServiceUID: 4000003~~

</source>

|  style="text-align: left;" | uid

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | A unique integer value with 7 digits or more. For example: <code>4000003</code>.

|  style="text-align: left;" | sstDisplayName

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The human readable display name. Either the human readable server name the S3 bucket belongs to or the persons full name the S3 bucket belongs to.

For example: '''sst-int-001: stepping stone AG: AlmaLinux 9 (LBaaS 1 Active))''' or '''Support stepping stone AG'''.

|  style="text-align: left;" | description

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MAY

|  style="text-align: center;" | x

|  style="text-align: left;" | The description of the leaf.

For example: The leaf for the S3 bucket based backup account belonging to the user 'Support stepping stone AG'.

|  style="text-align: left;" | sstBackupWarningDays

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | If the attribute <code>sstBackupWarningOn</code> ist true, a non-successful backup notification warning is sent after X days of non-successful backups (where X is an integer number larger than zero). X is an integer number larger than 1. 0 means, the warning is turned off. The default is '''1''' and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.

|  style="text-align: left;" | sstBackupWarningNumbers

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | If the attribute <code>sstBackupWarningOn</code> ist true, a non-successful backup notification warning is sent after X non-successful backups. X is an integer number larger than 1. 0 means, the warning is turned off. The default is '''0''' and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.

|  style="text-align: left;" | sstBackupWarningOn

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | Is the non-successful backup notification warning turned on or not? Either <code>true</code> (yes) or <code>false</code> (no). Default is true (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.

|  style="text-align: left;" | sstNotificationWarningMedium

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The notification medium, either sms (points to the multi-valued attribute <code>mobileTelephoneNumber</code>) or mail (points to the multi-valued attribute <code>mail</code>). Currently, only mail is supported. This is the default is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.

|  style="text-align: left;" | sstQuota

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The S3 bucket quota in bytes. The value must be a multiple of 1073741824 bytes.

For example: '''10737418240''' (10 Gibibyte or 10 GiB).

|  style="text-align: left;" | sstS3BucketLifecycleDays

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | How long the modified items are kept in the S3 version history. Possible values are between 1 and 99. Default is 1.

For example: '''3''' (three days).

|  style="text-align: left;" | sstS3BucketWormDays

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | How long the S3 version history is delete protected (compliance mode). Possible values are between 1 and 99. Default is 1.

For example: '''3''' (three days).

|  style="text-align: left;" | sstS3BucketWormMode

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | S3 object lock provides two retention modes that apply different levels of protection to your objects. COMPLIANCE and GOVERNANCE. Default is COMPLIANCE.

For example: '''COMPLIANCE'''.

|  style="text-align: left;" | sstAutoGrow

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | Defines if the given quota must automatically expand (TRUE) or not (FALSE). Default is FALSE.

Example: '''FALSE'''

|  style="text-align: left;" | sstActionLevel

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The level in percent from which an action must be carried out.

For example: '''90''' (ninety percent).

|  style="text-align: left;" | sstBackupLastSuccessfulBackup

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MAY

|  style="text-align: center;" |

|  style="text-align: left;" | The date and time of the last successful backup in UTC, either 0 or in the form of hostname:[YYYY][MM][DD]T[hh][mm][ss]Z ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]).

For example: '''computer:20130923T063554Z''' or '''computer.example.com:20130923T063554Z'''.

|  style="text-align: left;" | preferredLanguage

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MAY

|  style="text-align: center;" |

|  style="text-align: left;" | The notification language according to [http://www.ietf.org/rfc/rfc1766.txt RFC 1766] ([http://www.iso.org/iso/english_country_names_and_code_elements ISO 3166-1-alpha-2 code]-[http://www.loc.gov/standards/iso639-2/php/code_list.php ISO 639-1 Code].

For example '''de-CH''' or '''en-GB'''.

The content of this value is taken from the person entry from the attribute <code>preferredLanguage</code>. If the backup account belongs to a service, the user must be asked for the notification language.

|  style="text-align: left;" | sstBillable

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MAY

|  style="text-align: center;" |

|  style="text-align: left;" |

|  style="text-align: left;" | sstAutoGrowStepPercentage

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MAY

|  style="text-align: center;" | x1

|  style="text-align: left;" | By how much must the quota be expanded in percent. Possible values are between 1 and 99.

For example: '''2''' (two percent).

|  style="text-align: left;" | sstAutoGrowStepBytes

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MAY

|  style="text-align: center;" | x1

|  style="text-align: left;" | By how much must the quota be expanded in bytes. The value must be a multiple of 1073741824 bytes.

For example: '''1073741824''' (1 Gibibyte or 1 GiB).

|  style="text-align: left;" | host

|  style="text-align: left;" | sstS3Bucket

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The host where the S3 bucket provisioning daemon runs.

|  style="text-align: center;" | MAY

|  style="text-align: center;" |

|  style="text-align: left;" | The UTC based cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] T[hh][mm][ss]Z ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For example: '''20201231T225959Z'''. Presuming the service owner is located in Bern Switzerland: Bern in winter follows Central European Time (CET), which is UTC+1. Let's confirm the conversion from 20201231T225959Z (UTC) to Bern's local time step-by-step. UTC Timestamp: 2020-12-31 at 22:59:59 UTC. Bern's Time Zone in Winter: Bern operates on CET (Central European Time) during winter, which is UTC+1. Conversion: Add 1 hour to the UTC time to convert to Bern local time. So, let's perform the conversion: UTC Time: 2020-12-31 22:59:59 Add 1 hour for CET: 2020-12-31 23:59:59 Thus, '''20201231T225959Z''' in Bern local time is '''2020-12-31 at 23:59:59'''. Due to backwards compatibility, [YYYY][MM][DD] ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]) is allowed. For example: '''20201231'''. It will be interpreted with Bern local time as '''2020-12-31 at 23:59:59'''.

The attribute <code>sstCancellationDate</code> is used in a logical AND combination with <code>sstIsActive</code>. With other words: Once the cancellation date has passed, it overrides the <code>sstIsActive</code> value.

|  style="text-align: left;" | sstProvisioningMode

|  style="text-align: left;" | sstProvisioning

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The provisioning mode. For a new account, this attribute must be set to <code>add</code>.

For example: <code>add</code>, <code>modify</code> or <code>delete</code>.

See the [[#Backup_Provisioning | backup provisioning]] section for details.

|  style="text-align: left;" | sstProvisioningExecutionDate

|  style="text-align: left;" | sstProvisioning

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The date the provisioning shall occur in the form of [YYYY][MM][DD]T[hh][mm][ss]Z ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For a new account, this attribute is normally set to '''0''' (the provisioning happens as quickly as possible).

For example: '''0''' or '''20201231T225959Z'''.

See the [[#Backup_Provisioning | backup provisioning]] section for details.

|  style="text-align: left;" | sstProvisioningState

|  style="text-align: left;" | sstProvisioning

|  style="text-align: center;" | MUST

|  style="text-align: center;" | x

|  style="text-align: left;" | The provisioning state, either '''0''' or in the form of [YYYY][MM][DD]T[hh][mm][ss]Z ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For a new account, this attribute must be set to '''0'''.

For example: '''0''' or '''20201231T225959Z'''.

You can use <code>date +%Y%m%dT%H%M%SZ</code> to create the time stamp in the form of [YYYY][MM][DD]T[hh][mm][ss]Z.

See the [[#Backup_Provisioning | backup provisioning]] section for details.

|  style="text-align: left;" | sstProvisioningReturnValue

|  style="text-align: left;" | sstProvisioning

|  style="text-align: center;" | MAY

|  style="text-align: center;" | x

|  style="text-align: left;" | The provisioning return value written by the S3 bucket provisioning daemon. '''0''' means success, '''>0''' means failure.

For example: '''0'''.

|  style="text-align: left;" | sstRelationship

|  style="text-align: center;" | MAY

|  style="text-align: center;" | x

|  style="text-align: left;" | Stores the UID of the service the leaf belongs to. This UID can be used to look up other information. A unique value with 7 digits or more. <code>4000123</code>.

Legend:* '''x''': Mandatory in all cases.* '''x1''': If <code>sstAutoGrow</s> is set to <code>TRUE</code>, either <code>sstAutoGrowStepPercentage</code> or <code>sstAutoGrowStepBytes</code> must be set. == Backup ~~Groups~~ groups ==

The sub tree for the groups of the (online) backup service:

<syntaxhighlight lang='ldif'>dn: ou=groups,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: groups description: The sub tree for the groups of the (online) backup service.</syntaxhighlight> === Backup groups - Posix account based backup group example ===<syntaxhighlight lang='ldif'>dn: cn=3723707,ou=groups,ou=backup,ou=services,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: posixGroupobjectclass: sstRelationshipcn: 3723707gidNumber: 3723707sstIsActive: TRUEsstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001sstBelongsToPersonUID: 4000002</syntaxhighlight>

=== Backup ~~Group Example ===~~ ~~dn: cn=3723707,ou=~~groups~~,ou=~~- S3 bucket based backup~~,ou~~group example =~~services,dc~~=~~stoney-cloud,dc~~=~~org~~ ~~objectclass: top~~ ~~objectclass: posixGroup~~ ~~objectclass: sstRelationship~~ ~~cn: 3723707~~ ~~gidNumber: 3723707~~ ~~sstIsActive: TRUE~~ ~~sstBelongsToResellerUID: 4000000~~ ~~sstBelongsToCustomerUID: 4000001~~ ~~sstBelongsToPersonUID: 4000002~~S3 buckets do not require a group.

== Backup Provisioning ==

Michael

SLB, editor, reviewer

3,407

edits