Difference between revisions of "stoney backup: OpenLDAP directory data organisation"
[unchecked revision] | [unchecked revision] |
(→Backup Account) |
(→Backup Account) |
||
Line 492: | Line 492: | ||
sstNotificationWarningMediumChange: FALSE | sstNotificationWarningMediumChange: FALSE | ||
sstNotificationWarningMediumAdd: FALSE | sstNotificationWarningMediumAdd: FALSE | ||
− | |||
sstUseSelfcare: FALSE | sstUseSelfcare: FALSE | ||
sstUseSSH: TRUE | sstUseSSH: TRUE |
Revision as of 14:13, 8 August 2013
Contents
- 1 Abstract
- 2 Data Organisation
- 3 Backup
- 3.1 Backup Configuration
- 3.2 Backup Account
- 3.3 Provisioning
- 4 Links
Abstract
This document describes the OpenLDAP directory data organisation for the stoney cloud (Online) Backup service.
Data Organisation
The following chapters explain the data organisation of the stoney cloud OpenLDAP directory, in this case we looking at the (Online) Backup service.
Backup
The following LDIF shows the backup entry of the whole OpenLDAP directory tree for the stoney cloud:
dn: ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: organizationalUnit objectclass: top ou: backup
Backup Configuration
The sub tree for the configuration of the (online) backup service:
dn: ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: configuration description: The sub tree for the configuration of the (online) backup service.
Backup rsnapshot Provisioning Daemon
The sub tree for the configuration of the prov-backup-rsnapshot daemon:
dn: ou=prov-backup-rsnapshot,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstServiceConfigurationObjectClass ou: prov-backup-rsnapshot description: The sub tree for the configuration of the prov-backup-rsnapshot daemon. sstIsActive: TRUE
The following table describes the different attributes:
Attribute | |
|
Description |
description | |
|
The description of the leaf. |
sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). |
Legend:
- x: Mandatory in all cases.
Backup Reseller
The sub tree for the reseller specific (online) backup service settings:
dn: ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: reseller description: The sub tree for the reseller specific (online) backup service settings.
The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.
dn: uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: sstReseller objectclass: sstServiceConfigurationObjectClass uid: 4000000 o: Reseller Ltd. description: The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000. sstIsActive: TRUE sstIsDefault: TRUE
Backup Reseller Billing
The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:
dn: ou=billing,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: TBD ou: billing description: The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000. TBD: Der Aufbau sollte so sein, dass er hierarchische Informationen abbilden könnte. Oder wir machen den normalen Billing Tree, den wir ursprünglich vorgeshene haben.
Backup Reseller Settings
The sub tree for the default quota values for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:
dn: ou=settings,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstBackup ou: settings description: The sub tree for the default settings of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000. loginShell: /bin/sh shadowMax: 99999 shadowWarning: 7 shadowFlag: 134539460 sstVolumeCapacityDefault: 1 sstVolumeCapacityMin: 1 sstVolumeCapacityMax: 5 sstVolumeCapacityStep: 1 sstQuotaChange: FALSE sstBackupWarningDays: 1 sstBackupWarningNumbers: 0 sstBackupWarningOn: TRUE sstNotificationWarningLevel: 85 sstNotificationWarningMedium: mail sstNotificationWarningMediumChange: FALSE sstNotificationWarningMediumAdd: FALSE mail: support@stepping-stone.ch sstBackupIntervalHourly: 0 sstBackupIntervalDaily: 7 sstBackupIntervalWeekly: 4 sstBackupIntervalMonthly: 3 sstBackupIntervalYearly: 0 sstUseSelfcare: FALSE sstUseSSH: TRUE sstIsActive: TRUE
MAY Attribute
sstNotificationWarning: quota sstNotificationWarning: schedule sstNotificationWarning: unsuccessful
The following table describes the different attributes:
Attribute | |
|
Description |
description | |
|
The description of the leaf. |
sstVolumeCapacityDefault | |
|
|
sstVolumeCapacityMin | |
|
|
sstVolumeCapacityMax | |
|
|
sstVolumeCapacityStep | |
|
|
sstNotificationWarningLevel | |
|
The quota notification level in percent, when the owner of the backup needs to warned. A value between 0 and 100. The default is 85 percent. |
sstNotificationWarningMedium | |
|
The notification warning medium, either mail or sms. Default would normally be mail. |
|
|
The notification warning medium, either mail or sms. Default is mail. | |
mobileTelephoneNumber | |
|
If sstNotificationWarningMedium ist set to sms, this attribute must contain a mobile number. This attribute is normally not used.
|
Legend:
- x: Mandatory in all cases.
Backup Reseller Templates
This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:
dn: ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: templates description: This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
Backup Reseller Quota Templates
This sub tree contains the quota templates for the (online) backup service:
dn: ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstTemplateSetup ou: quota description: This sub tree contains the quota templates for the (online) backup service. The leaf contains the information about the sender and default recipient of the mails sent. sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch> sstMailTo: Support stepping stone GmbH <support@stepping-stone.ch>
Backup Reseller Quota Templates for de-CH
The Swiss German template looks as follows:
{$salutation} {$surname} Ihr Online Backup Konto {$uid} ist zu {$percent}% voll. - Sie verwenden {$size} von {$quota} Gigabyte. - Grösse des aktuellen Backups: {$backup_size} Gigabyte - Grösse der Iterationen (Snapshots): {$snapshot_size} Gigabyte. Daher lassen sich neue oder geänderte Daten nicht mehr sichern und Sie verlieren die Möglichkeit auf das Backup dieser Daten zurückzugreifen. Um die weitere Sicherung Ihrer Daten zu garantieren, bieten sich folgende Möglichkeiten an. Mehr Speicherplatz bestellen: Geben Sie dazu bitte Ihre Online Backup Konto ID (7-stellige Nummer) und die gewünschte neue Backup-Grösse an. Für mögliche Angebote und deren Preise siehe http://www.stepping-stone.ch/produkte/online-backup/ Dateien / Verzeichnisse ausschliessen: Schliessen Sie unkritische Daten aus Ihrem Backup aus. Diese werden anschliessend nicht mehr gesichert und belegen somit keinen neuen Speicherplatz auf Ihrem Konto. Für Fragen stehen wir Ihnen gerne zur Verfügung. Freundliche Grüsse Ihr Support-Team der stepping stone GmbH -- stepping stone GmbH Neufeldstrasse 9 CH-3012 Bern Telefon: +41 31 332 53 63 www.stepping-stone.ch support@stepping-stone.ch
Before saving the template in the OpenLDAP directory, you need to encode the template into base64. Save the above template into a file called quota_de-CH.txt
. Then execute the following command:
base64 quota_de-CH.txt
The result will look as follows:
eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHIgT25saW5lIEJhY2t1cCBLb250byB7JHVpZH0g aXN0IHp1IHskcGVyY2VudH0lIHZvbGwuCi0gU2llIHZlcndlbmRlbiB7JHNpemV9IHZvbiB7JHF1 b3RhfSBHaWdhYnl0ZS4KLSBHcsO2c3NlIGRlcyBha3R1ZWxsZW4gQmFja3VwczogeyRiYWNrdXBf c2l6ZX0gR2lnYWJ5dGUKLSBHcsO2c3NlIGRlciBJdGVyYXRpb25lbiAoU25hcHNob3RzKTogeyRz bmFwc2hvdF9zaXplfSBHaWdhYnl0ZS4KCkRhaGVyIGxhc3NlbiBzaWNoIG5ldWUgb2RlciBnZcOk bmRlcnRlIERhdGVuIG5pY2h0IG1laHIgc2ljaGVybiB1bmQgU2llCnZlcmxpZXJlbiBkaWUgTcO2 Z2xpY2hrZWl0IGF1ZiBkYXMgQmFja3VwIGRpZXNlciBEYXRlbiB6dXLDvGNrenVncmVpZmVuLgoK VW0gZGllIHdlaXRlcmUgU2ljaGVydW5nIElocmVyIERhdGVuIHp1IGdhcmFudGllcmVuLCBiaWV0 ZW4gc2ljaApmb2xnZW5kZSBNw7ZnbGljaGtlaXRlbiBhbi4KCk1laHIgU3BlaWNoZXJwbGF0eiBi ZXN0ZWxsZW46CkdlYmVuIFNpZSBkYXp1IGJpdHRlIElocmUgT25saW5lIEJhY2t1cCBLb250byBJ RCAoNy1zdGVsbGlnZSBOdW1tZXIpIHVuZApkaWUgZ2V3w7xuc2NodGUgbmV1ZSBCYWNrdXAtR3LD tnNzZSBhbi4gRsO8ciBtw7ZnbGljaGUgQW5nZWJvdGUgdW5kIGRlcmVuClByZWlzZSBzaWVoZSBo dHRwOi8vd3d3LnN0ZXBwaW5nLXN0b25lLmNoL3Byb2R1a3RlL29ubGluZS1iYWNrdXAvCgpEYXRl aWVuIC8gVmVyemVpY2huaXNzZSBhdXNzY2hsaWVzc2VuOgpTY2hsaWVzc2VuIFNpZSB1bmtyaXRp c2NoZSBEYXRlbiBhdXMgSWhyZW0gQmFja3VwIGF1cy4gRGllc2Ugd2VyZGVuCmFuc2NobGllc3Nl bmQgbmljaHQgbWVociBnZXNpY2hlcnQgdW5kIGJlbGVnZW4gc29taXQga2VpbmVuIG5ldWVuClNw ZWljaGVycGxhdHogYXVmIElocmVtIEtvbnRvLgoKCkbDvHIgRnJhZ2VuIHN0ZWhlbiB3aXIgSWhu ZW4gZ2VybmUgenVyIFZlcmbDvGd1bmcuCgoKRnJldW5kbGljaGUgR3LDvHNzZQpJaHIgU3VwcG9y dC1UZWFtIGRlciBzdGVwcGluZyBzdG9uZSBHbWJICgotLSAKc3RlcHBpbmcgc3RvbmUgR21iSApO ZXVmZWxkc3RyYXNzZSA5IApDSC0zMDEyIEJlcm4gClRlbGVmb246ICs0MSAzMSAzMzIgNTMgNjMg Cnd3dy5zdGVwcGluZy1zdG9uZS5jaCAKc3VwcG9ydEBzdGVwcGluZy1zdG9uZS5jaAo=
The resulting LDIF looks as follows (make sure, that you add two colons after sstMailTemplate to tell the OpenLDAP server, that the content is encoded in base64):
dn: ou=de-CH,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstTemplateLanguage ou: de-CH sstMailTemplate: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHIgT25saW5lIEJhY2t1cCBLb250byB7JHVpZH0g aXN0IHp1IHskcGVyY2VudH0lIHZvbGwuCi0gU2llIHZlcndlbmRlbiB7JHNpemV9IHZvbiB7JHF1 b3RhfSBHaWdhYnl0ZS4KLSBHcsO2c3NlIGRlcyBha3R1ZWxsZW4gQmFja3VwczogeyRiYWNrdXBf c2l6ZX0gR2lnYWJ5dGUKLSBHcsO2c3NlIGRlciBJdGVyYXRpb25lbiAoU25hcHNob3RzKTogeyRz bmFwc2hvdF9zaXplfSBHaWdhYnl0ZS4KCkRhaGVyIGxhc3NlbiBzaWNoIG5ldWUgb2RlciBnZcOk bmRlcnRlIERhdGVuIG5pY2h0IG1laHIgc2ljaGVybiB1bmQgU2llCnZlcmxpZXJlbiBkaWUgTcO2 Z2xpY2hrZWl0IGF1ZiBkYXMgQmFja3VwIGRpZXNlciBEYXRlbiB6dXLDvGNrenVncmVpZmVuLgoK VW0gZGllIHdlaXRlcmUgU2ljaGVydW5nIElocmVyIERhdGVuIHp1IGdhcmFudGllcmVuLCBiaWV0 ZW4gc2ljaApmb2xnZW5kZSBNw7ZnbGljaGtlaXRlbiBhbi4KCk1laHIgU3BlaWNoZXJwbGF0eiBi ZXN0ZWxsZW46CkdlYmVuIFNpZSBkYXp1IGJpdHRlIElocmUgT25saW5lIEJhY2t1cCBLb250byBJ RCAoNy1zdGVsbGlnZSBOdW1tZXIpIHVuZApkaWUgZ2V3w7xuc2NodGUgbmV1ZSBCYWNrdXAtR3LD tnNzZSBhbi4gRsO8ciBtw7ZnbGljaGUgQW5nZWJvdGUgdW5kIGRlcmVuClByZWlzZSBzaWVoZSBo dHRwOi8vd3d3LnN0ZXBwaW5nLXN0b25lLmNoL3Byb2R1a3RlL29ubGluZS1iYWNrdXAvCgpEYXRl aWVuIC8gVmVyemVpY2huaXNzZSBhdXNzY2hsaWVzc2VuOgpTY2hsaWVzc2VuIFNpZSB1bmtyaXRp c2NoZSBEYXRlbiBhdXMgSWhyZW0gQmFja3VwIGF1cy4gRGllc2Ugd2VyZGVuCmFuc2NobGllc3Nl bmQgbmljaHQgbWVociBnZXNpY2hlcnQgdW5kIGJlbGVnZW4gc29taXQga2VpbmVuIG5ldWVuClNw ZWljaGVycGxhdHogYXVmIElocmVtIEtvbnRvLgoKCkbDvHIgRnJhZ2VuIHN0ZWhlbiB3aXIgSWhu ZW4gZ2VybmUgenVyIFZlcmbDvGd1bmcuCgoKRnJldW5kbGljaGUgR3LDvHNzZQpJaHIgU3VwcG9y dC1UZWFtIGRlciBzdGVwcGluZyBzdG9uZSBHbWJICgotLSAKc3RlcHBpbmcgc3RvbmUgR21iSApO ZXVmZWxkc3RyYXNzZSA5IApDSC0zMDEyIEJlcm4gClRlbGVmb246ICs0MSAzMSAzMzIgNTMgNjMg Cnd3dy5zdGVwcGluZy1zdG9uZS5jaCAKc3VwcG9ydEBzdGVwcGluZy1zdG9uZS5jaAo=
Backup Reseller Quota Templates for en-GB (Fallback Template)
The British English template looks as follows:
{$salutation} {$surname} Your Online Backup account {$uid} is full by {$percent}%. - You are using {$size} of {$quota} Gigabyte. - Size of current backup: {$backup_size} Gigabyte - Size of iterations (snapshots): {$snapshot_size} Gigabyte. Therefore new or changed files won't be saved anymore and you loose the ability to restore them from your backup. In order to assure an uninterrupted backup service, consider one of the following possibilities. Increase your Online Backup storage amount: Increase the storage capabilities of your Online Backup account by ordering more space. Please provide us with your Online Backup account ID (7-digit number) and the desired backup size. For possible offers and their prices see: http://www.stepping-stone.ch/en/products/online-backup/ Exclude files / directories: Exclude non-critical data from your backup. Those won't be backed up any more and won't use additional space within your account. If you have any further questions do not hesitate to contact us. Best regards your stepping stone GmbH support team -- stepping stone GmbH Neufeldstrasse 9 CH-3012 Bern Telefon: +41 31 332 53 63 www.stepping-stone.ch support@stepping-stone.ch
Before saving the template in the OpenLDAP directory, you need to encode the template into base64. Save the above template into a file called quota_en-GB.txt
. Then execute the following command:
base64 quota_en-GB.txt
The result will look as follows:
eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIE9ubGluZSBCYWNrdXAgYWNjb3VudCB7JHVp ZH0gaXMgZnVsbCBieSB7JHBlcmNlbnR9JS4KLSBZb3UgYXJlIHVzaW5nIHskc2l6ZX0gb2YgeyRx dW90YX0gR2lnYWJ5dGUuCi0gU2l6ZSBvZiBjdXJyZW50IGJhY2t1cDogeyRiYWNrdXBfc2l6ZX0g R2lnYWJ5dGUKLSBTaXplIG9mIGl0ZXJhdGlvbnMgKHNuYXBzaG90cyk6IHskc25hcHNob3Rfc2l6 ZX0gR2lnYWJ5dGUuCgpUaGVyZWZvcmUgbmV3IG9yIGNoYW5nZWQgZmlsZXMgd29uJ3QgYmUgc2F2 ZWQgYW55bW9yZSBhbmQgeW91IGxvb3NlIHRoZQphYmlsaXR5IHRvIHJlc3RvcmUgdGhlbSBmcm9t IHlvdXIgYmFja3VwLgoKCkluIG9yZGVyIHRvIGFzc3VyZSBhbiB1bmludGVycnVwdGVkIGJhY2t1 cCBzZXJ2aWNlLCBjb25zaWRlciBvbmUgb2YgdGhlCmZvbGxvd2luZyBwb3NzaWJpbGl0aWVzLgoK SW5jcmVhc2UgeW91ciBPbmxpbmUgQmFja3VwIHN0b3JhZ2UgYW1vdW50OgpJbmNyZWFzZSB0aGUg c3RvcmFnZSBjYXBhYmlsaXRpZXMgb2YgeW91ciBPbmxpbmUgQmFja3VwIGFjY291bnQgYnkKb3Jk ZXJpbmcgbW9yZSBzcGFjZS4gUGxlYXNlIHByb3ZpZGUgdXMgd2l0aCB5b3VyIE9ubGluZSBCYWNr dXAgYWNjb3VudApJRCAoNy1kaWdpdCBudW1iZXIpIGFuZCB0aGUgZGVzaXJlZCBiYWNrdXAgc2l6 ZS4KRm9yIHBvc3NpYmxlIG9mZmVycyBhbmQgdGhlaXIgcHJpY2VzIHNlZToKaHR0cDovL3d3dy5z dGVwcGluZy1zdG9uZS5jaC9lbi9wcm9kdWN0cy9vbmxpbmUtYmFja3VwLwoKRXhjbHVkZSBmaWxl cyAvIGRpcmVjdG9yaWVzOgpFeGNsdWRlIG5vbi1jcml0aWNhbCBkYXRhIGZyb20geW91ciBiYWNr dXAuIFRob3NlIHdvbid0IGJlIGJhY2tlZCB1cCBhbnkKbW9yZSBhbmQgd29uJ3QgdXNlIGFkZGl0 aW9uYWwgc3BhY2Ugd2l0aGluIHlvdXIgYWNjb3VudC4KCgpJZiB5b3UgaGF2ZSBhbnkgZnVydGhl ciBxdWVzdGlvbnMgZG8gbm90IGhlc2l0YXRlIHRvIGNvbnRhY3QgdXMuCgoKQmVzdCByZWdhcmRz CnlvdXIgc3RlcHBpbmcgc3RvbmUgR21iSCBzdXBwb3J0IHRlYW0KCi0tIApzdGVwcGluZyBzdG9u ZSBHbWJICk5ldWZlbGRzdHJhc3NlIDkgCkNILTMwMTIgQmVybiAKVGVsZWZvbjogKzQxIDMxIDMz MiA1MyA2MyAKd3d3LnN0ZXBwaW5nLXN0b25lLmNoIApzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNo Cg==
The resulting LDIF looks as follows (make sure, that you add two colons after sstMailTemplate to tell the OpenLDAP server, that the content is encoded in base64):
dn: ou=en-GB,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: sstTemplateLanguage objectclass: top objectclass: organizationalUnit ou: en-GB sstIsDefault: TRUE sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIE9ubGluZSBCYWNrdXAgYWNjb3VudCB7JHVp ZH0gaXMgZnVsbCBieSB7JHBlcmNlbnR9JS4KLSBZb3UgYXJlIHVzaW5nIHskc2l6ZX0gb2YgeyRx dW90YX0gR2lnYWJ5dGUuCi0gU2l6ZSBvZiBjdXJyZW50IGJhY2t1cDogeyRiYWNrdXBfc2l6ZX0g R2lnYWJ5dGUKLSBTaXplIG9mIGl0ZXJhdGlvbnMgKHNuYXBzaG90cyk6IHskc25hcHNob3Rfc2l6 ZX0gR2lnYWJ5dGUuCgpUaGVyZWZvcmUgbmV3IG9yIGNoYW5nZWQgZmlsZXMgd29uJ3QgYmUgc2F2 ZWQgYW55bW9yZSBhbmQgeW91IGxvb3NlIHRoZQphYmlsaXR5IHRvIHJlc3RvcmUgdGhlbSBmcm9t IHlvdXIgYmFja3VwLgoKCkluIG9yZGVyIHRvIGFzc3VyZSBhbiB1bmludGVycnVwdGVkIGJhY2t1 cCBzZXJ2aWNlLCBjb25zaWRlciBvbmUgb2YgdGhlCmZvbGxvd2luZyBwb3NzaWJpbGl0aWVzLgoK SW5jcmVhc2UgeW91ciBPbmxpbmUgQmFja3VwIHN0b3JhZ2UgYW1vdW50OgpJbmNyZWFzZSB0aGUg c3RvcmFnZSBjYXBhYmlsaXRpZXMgb2YgeW91ciBPbmxpbmUgQmFja3VwIGFjY291bnQgYnkKb3Jk ZXJpbmcgbW9yZSBzcGFjZS4gUGxlYXNlIHByb3ZpZGUgdXMgd2l0aCB5b3VyIE9ubGluZSBCYWNr dXAgYWNjb3VudApJRCAoNy1kaWdpdCBudW1iZXIpIGFuZCB0aGUgZGVzaXJlZCBiYWNrdXAgc2l6 ZS4KRm9yIHBvc3NpYmxlIG9mZmVycyBhbmQgdGhlaXIgcHJpY2VzIHNlZToKaHR0cDovL3d3dy5z dGVwcGluZy1zdG9uZS5jaC9lbi9wcm9kdWN0cy9vbmxpbmUtYmFja3VwLwoKRXhjbHVkZSBmaWxl cyAvIGRpcmVjdG9yaWVzOgpFeGNsdWRlIG5vbi1jcml0aWNhbCBkYXRhIGZyb20geW91ciBiYWNr dXAuIFRob3NlIHdvbid0IGJlIGJhY2tlZCB1cCBhbnkKbW9yZSBhbmQgd29uJ3QgdXNlIGFkZGl0 aW9uYWwgc3BhY2Ugd2l0aGluIHlvdXIgYWNjb3VudC4KCgpJZiB5b3UgaGF2ZSBhbnkgZnVydGhl ciBxdWVzdGlvbnMgZG8gbm90IGhlc2l0YXRlIHRvIGNvbnRhY3QgdXMuCgoKQmVzdCByZWdhcmRz CnlvdXIgc3RlcHBpbmcgc3RvbmUgR21iSCBzdXBwb3J0IHRlYW0KCi0tIApzdGVwcGluZyBzdG9u ZSBHbWJICk5ldWZlbGRzdHJhc3NlIDkgCkNILTMwMTIgQmVybiAKVGVsZWZvbjogKzQxIDMxIDMz MiA1MyA2MyAKd3d3LnN0ZXBwaW5nLXN0b25lLmNoIApzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNo Cg==
Backup Reseller Schedule Templates
This sub tree contains the schedule templates for the (online) backup service:
dn: ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstTemplateSetup ou: schedule description: This sub tree contains the schedule templates for the (online) backup service. The leaf contains the information about the sender and default recipient of the mails sent. sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch> sstMailTo: Support stepping stone GmbH <support@stepping-stone.ch>
Backup Reseller Schedule Templates for de-CH
dn: ou=de-CH,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstTemplateLanguage ou: de-CH sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHJlIE1haWxib3ggKHskcmV jaXBpZW50fSkgYmVs ZWd0IG1vbWVudGFuIG1laHIgYWxzIHskcGVyY2VudH0lIGRlcyB2ZXJmw 7xnYmFyZW4KU3BlaWNo ZXJwbGF0ei4KVW0gZGVuIHdlaXRlcmVuIEVtcGZhbmcgdW5kIFZlcnN hbmQgenUgZ2FyYW50aWVy ZW4sIGzDtnNjaGVuIFNpZSBiaXR0ZQpuaWNodCBtZWhyIGJlbsO2d GlndGUgRS1NYWlscywgenVt IEJlaXNwaWVsIGFsbGUgaW4gSWhyZW0gIlNwYW0iIE9yZG5lci4 KCkZhbGxzIFNpZSBrZWluZSBF LU1haWxzIGzDtnNjaGVuIHdvbGxlbiBvZGVyIGvDtm5uZW4sI GJpZXRldCBzaWNoIGRpZQpWZXJn csO2c3NlcnVuZyBJaHJlciBNYWlsYm94IGFuLgoKQmVpIEZ yYWdlbiB3ZW5kZW4gU2llIFNpY2gg Yml0dGUgYW4gdW5zZXJlbiBTdXBwb3J0OgpzdXBwb3J0Q HN0ZXBwaW5nLXN0b25lLmNoCgotLSAK c3RlcHBpbmcgc3RvbmUgR21iSApOZXVmZWxkc3RyYXN zZSA5CkNILTMwMTIgQmVybgoKVGVsZWZv bjogKzQxIDMxIDMzMiA1MyA2Mwp3d3cuc3RlcHBpb mctc3RvbmUuY2gKc3VwcG9ydEBzdGVwcGlu Zy1zdG9uZS5jaA==
Backup Reseller Schedule Templates for en-GB (Fallback Template)
dn: ou=en-GB,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstTemplateLanguage ou: en-GB sstIsDefault: TRUE sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIG1haWxib3ggKHskcmV jaXBpZW50fSkgaXMg bm93IG1vcmUgdGhhbiB7JHBlcmNlbnR9JSBmdWxsLgpTbyB0aGF0IHlvd SBjYW4gY29udGludWUg dG8gcmVjZWl2ZSBtYWlsIHlvdSBuZWVkIHRvIHJlbW92ZSBzb21lCm1 lc3NhZ2VzIGZyb20geW91 ciBtYWlsYm94LgpGb3IgZXhhbXBsZSBhbGwgbWVzc2FnZXMgaW5za WRlIHlvdXIgIlNwYW0iIGZv bGRlci4KCklmIHlvdSBkb24ndCB3YW50IHRvIGRlbGV0ZSBhbnk gbWVzc2FnZXMsIHlvdSBjYW4g b3JkZXIgbW9yZSBzcGFjZS4KCklmIHlvdSBoYXZlIGFueSBxd WVzdGlvbnMsIHBsZWFzZSBjb250 YWN0IG91ciBzdXBwb3J0OgpzdXBwb3J0QHN0ZXBwaW5nLXN 0b25lLmNoCgotLSAKc3RlcHBpbmcg c3RvbmUgR21iSApOZXVmZWxkc3RyYXNzZSA5CkNILTMwM TIgQmVybgoKVGVsZXBob25lOiArNDEg MzEgMzMyIDUzIDYzCnd3dy5zdGVwcGluZy1zdG9uZS5 jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25l LmNo
Backup Account
Each (Online) Backup service account has it's own change root (chroot, jail) directory. The following example shows the OpenLDAP directory entry for the (online) backup account with the uid number 3723707:
dn: uid=3723707,ou=backup,ou=services,dc=stoney-cloud,dc=org objectclass: top objectclass: account objectclass: posixAccount objectclass: shadowAccount objectclass: sstBackup objectclass: sstProvisioning objectclass: sstRelationship uid: 3723707 userPassword: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U uidNumber: 3723707 gidNumber: 3723707 cn: Michael Eichenberger gecos: Michael Eichenberger homeDirectory: /var/backup/7/707/723/3723707/chroot/./home/3723707 loginShell: /bin/sh shadowLastChange: 11108 shadowMax: 99999 shadowWarning: 7 shadowFlag: 134539460 sstBackupIntervalHourly: 0 sstBackupIntervalDaily: 7 sstBackupIntervalWeekly: 4 sstBackupIntervalMonthly: 3 sstBackupIntervalYearly: 0 sstBackupWarningDays: 1 sstBackupWarningNumbers: 0 sstBackupWarningOn: TRUE sstNotificationWarningLevel: 85 preferredLanguage: de-CH sstNotificationWarningMedium: mail sstNotificationWarningMediumChange: FALSE sstNotificationWarningMediumAdd: FALSE sstUseSelfcare: FALSE sstUseSSH: TRUE sstIsActive: TRUE sstQuota: 1 sstBackupSize: 0 sstIncrementSize: 0 sstProvisioningMode: add sstProvisioningExecutionDate: 0 sstProvisioningState: 0 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstBelongsToPersonUID: 4000002
The following table describes the different attributes:
Attribute | |
|
|
|
Description |
uid | |
|
|
|
The unique identifier (uid). This attribute is created by the selfcare interface by reading (and incrementing) the next free uid from "cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org". |
userPassword | |
|
|
|
Identifies the entry's password and encryption method in the following format: {encryption method}encrypted password . For example: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U. This password will be automatically set through the selfcare interface. Afterwords, the password can be changed by the user (including the reseller and customer).
|
uidNumber | |
|
|
|
Related to the /etc/shadow file, this attribute specifies the user's login ID. Is the same as the uid. For example: 3723707. |
gidNumber | |
|
|
|
Group ID number. Is the same as the uid. For example: 3723707. |
cn | |
|
|
|
This is a mandatory attribute which has the same content as the following gecos attribute. The selfcare interface makes sure, that this attribute is filled out correctly. |
gecos | |
|
|
|
Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of givenName and surname , for example Michael Eichenberger . These values are taken from the owners entry (ou=people). For a service account, the attribute sstDisplayName from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a IA5String (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc. The selfcare interface automatically creates the content of this attribute. The user (including the reseller and customer) can modify this attribute as desired (except for the IA5 restrictions).
|
homeDirectory | |
|
|
|
The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the account with the uid 3723707.
|
loginShell | |
|
|
|
The path to the login shell. The default is /bin/sh and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
shadowLastChange | |
|
|
|
Related to the /etc/shadow file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed). This attribute is created by the selfcare interface. |
shadowMax | |
|
|
|
Related to the /etc/shadow file, this attribute specifies the maximum number of days the password is valid. The default is 99999, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password. This attribute is created by the selfcare interface. The value is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
shadowWarning | |
|
|
|
Related to the /etc/shadow file, this attribute specifies the number of days before the password expires that the user is warned. The default is 7 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
shadowFlag | |
|
|
|
Related to the /etc/shadow file, this attribute is currently not used and is reserved for future use. The default is set to 134539460 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstBackupIntervalHourly | |
|
|
|
How many hourly backups do we want? The default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstBackupIntervalDaily | |
|
|
|
How many daily backups do we want? The default is 7 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstBackupIntervalWeekly | |
|
|
|
How many weekly backups do we want? The default is 4 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstBackupIntervalMonthly | |
|
|
|
How many monthly backups do we want? The default is 3 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstBackupIntervalYearly | |
|
|
|
How many yearly backups do we want? The default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstBackupWarningDays | |
|
|
|
If the attribute sstBackupWarningOn ist true, a non-successful backup notification warning is sent after X days of non-successful backups (where X is an integer number larger than zero). X is an integer number larger than 1. 0 means, the warning is turned off. The default is 1 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstBackupWarningNumbers | |
|
|
|
If the attribute sstBackupWarningOn ist true, a non-successful backup notification warning is sent after X non-successful backups. X is an integer number larger than 1. 0 means, the warning is turned off. The default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstBackupWarningOn | |
|
|
|
Is the non-successful backup notification warning turned on or not? Either true (yes) or false (no). Default is true (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
preferredLanguage | |
|
|
|
The notification language according to RFC 1766 (ISO 3166-1-alpha-2 code-ISO 639-1 Code. For example de-CH or en-GB. The content of this value is taken from the person entry from the attribute preferredLanguage . If the backup account belongs to a service, the user must be asked for the notification language.
|
sstNotificationWarningLevel | |
|
|
|
The quota notification level in percent, when the owner of the backup needs to warned. A value between 0 and 100. The default is 85 percent and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. |
sstNotificationWarningMedium | |
|
|
|
The notification medium, either sms (points to the multi-valued attribute mobileTelephoneNumber ) or mail (points to the multi-valued attribute mail ). Currently, only mail is supported. This is the default is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstNotificationWarningMediumChange | |
|
|
|
Can a user change the notification warning medium? Either TRUE (yes) or FALSE (no). The default is FALSE (no) and taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstNotificationWarningMediumAdd | |
|
|
|
Can a user add new notification warning mediums (mobileTelephoneNumber or mail ? Either TRUE (yes) or FALSE (no). The default is TRUE (yes) and taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. Currently, only adding new mail addresses are supported.
|
sstQuota | |
|
|
|
The filesystem quota in bytes. For example 104857600 equates to 100 Megabyte ( 104857600 / 1024 / 1024 = 100). |
sstQuotaChange | |
|
|
|
Can the user change the quota? Either TRUE (yes) or FALSE (no). Default is FALSE (no) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstBackupSize | |
|
|
|
The size of the actual backup in bytes. Default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. This attribute will be updated by the writeAccountSize.pl script, which is called during the daily backup run by the rsnapshotPostExecWrapper.sh script.
|
sstIncrementSize | |
|
|
|
The size of all the incremental backups combined in bytes. This attribute will be updated by the writeAccountSize.pl script, which is called during the daily backup run by the rsnapshotPostExecWrapper.sh script.
|
mobileTelephoneNumber | |
|
|
|
Multi-valued attribute with the mobile phone number(s) that is used for the notification of the user(s), if the attribute sstBackupWarningOn ist true and the attribute sstNotificationWarningMedium ist set to sms . Currently, only adding new mail addresses are supported, therefore this attribute is not used for the moment.
|
|
|
|
|
Multi-valued attribute with the E-Mail addresse(s) that is used for the notification of the user(s), if the attribute sstBackupWarningOn ist TRUE and the attribute sstNotificationWarningMedium ist set to mail . If sstNotificationWarningMediumAdd is set to TRUE and the backup service belongs to a personal account, the mail entry would be taken from the owners entry (ou=people). For a backup service belonging to another serviĉe, the selfcare would ask the user for the mail address.
| |
sstIsActive | |
|
|
|
Is the backup account active? Either TRUE (yes) or FALSE (no). Default is TRUE (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstUseSelfcare | |
|
|
|
Can the selfcare interface be used with the credentials of the backup account? Either TRUE (yes) or FALSE (no). Default is FALSE (no) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstUseSSH | |
|
|
|
Is the ssh service active for the backup account? Either TRUE (yes) or FALSE (no). Default is TRUE (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
|
sstProvisioningMode | |
|
|
|
The provisioning mode, either add , modify or delete . For a new account, this attribute must be set to add . See Provisioning for details.
|
sstProvisioningExecutionDate | |
|
|
|
The date the provisioning shall occur in the form of [YYYY][MM][DD] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details. |
sstProvisioningState | |
|
|
|
The provisioning state, either 0 or in the form of [YYYY][MM][DD]T[hh][mm][ss] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details. |
sstBelongsToResellerUID | |
|
|
|
Stores the reseller UID the leaf belongs to. |
sstBelongsToCustomerUID | |
|
|
|
Stores the customer UID the leaf belongs to. |
sstBelongsToPersonUID | |
|
|
|
Stores the person UID the leaf belongs to. |
sstBelongsToServiceUID | |
|
|
|
Stores the service UID the leaf belongs to. |
Legend:
- x: Mandatory in all cases.
- x1: Only show, if the number is larger than zero.
- x2: Only show, if the number is larger than zero.
- x3: Only show, if
sstNotificationWarningMedium
is set tomail
orsms
and the corresponding attributesmail
ormobileTelephoneNumber
are present. For example: ifsstNotificationWarningMedium: mail
, thenmail: mail@example.com
must be set before displaying the information. - x4: Either
sstBelongsToPersonUID
orsstBelongsToServiceUID
must bei set. - R: Reseller.
- C: Customer.
- P: Person.
- Welche Werte werden aus dem People Eintrag verwendet?
- mail -> cn
- gecos -> givenName surname
- preferredLanguage -> sstBackupWarningLanguage
- Welche Werte werden aus dem Service Eintrag verwendet (im Falle einer virtuellen Maschine oder einem dediziertem Server)?
- ??? -> cn
- gecos -> sstVirtualMachineName und/oder sstDisplayName
- Welche Werte werden automatisch generiert?
- Passwort
- Welche Werte werden konkret für den Service abgefragt?
- Quota, wobei die Default Quota pro Reseller als Default angezeigt wird.
- People Eintrag mit einem weiteren Flag ergänzen, welche mit dem sstIsActive kombiniert werden kann, damit er aktiv sein kann, aber nicht einloggen darf). Gilt jedoch nur für non-employees.
- sstUseSelfcare: false
- Wenn Reseller oder Customer sstUseSelfcare oder sstIsActive auf false gesetzt ist, dürfen die dazugehörigen Benutzer auch nicht einloggen.
- Wir nehmen nur die Sprachen, welche das Web Interface kann: de-CH und en-GB (oder müsste es mit Unterstrich sein?) -> CWI/MEI
- Sprachen-Fallback ist English.
- Platz für Iterationen ins Directory
- Braucht es noch mehr?
- Wrapper Script für Used Disk Space umstellen, so dass die Angaben aus dem Verzeichnis ausgelesen werden.
- Neue Attribute
- sstUseSSH: true
- sstUseSelfcare: false
- sstUseSelfcare kommt auch bei der Person hin (als MAY, jedch mandatory)
- Entscheid chroot-Umgebung. TMU/CAF/PKL/MEI
- chroot-Umgebung mit einer Kombination von busybox, Jailkit und dem täglich ablaufendem Backup-Script (als aufrufende Instanz)
- rsync vom Host (als static Binary)
- busybox vom Host (als static Binary)
- Verzicht auf Bind-Mount (.snapshots ist read only) -> CAF
- LDAP Struktur -> MEI/TMU
- Neuer Backup Server aufbauen (Gleicher Fingerprint) -> TMU/MEI
- Backup Script (prov-backup-rsnapshot) -> PKL
- SSHA Umstellung bei den Passwörtern -> MEI/CWI
Provisioning
Die Provisionierung benötigt die drei Attribute sstProvisioningMode und sstProvisioningState und sstProvisioningExecutionDate. Ablauf:
- sstProvisioningMode: Die Applikation Selfcare beschreibt das Attribut sstProvisioningMode mit den Werten add, modify der delete.
- sstProvisioningMode: add: Der Service soll hinzugefügt werden. Dieser Fall muss mehrmals nacheinander aufgerufen werden können. Beispiel: Bei Online Backup wurde die chroot-Umgebung bereits erstellt, dann müsste ein add nur noch kontrollieren, ob die chroot-Umgebung aktuell ist, falls nicht, müssten die entsprechenden Punkte aktualisiert werden.
- sstProvisioningMode: modify: Der Service soll modifiziert werden.
- sstProvisioningMode: delete: Der Service soll gelöscht werden.
- sstProvisioningExecutionDate: Die Applikation Selfcare beschreibt das Attribut sstProvisioningExecutionDate mit dem gewünschten Ausführungszeitpunkt. Zwei Fälle:
- 0: Dies bedeutet "sofort" und wird durch den Provisionierungs-Daemon provisioning.pl ausgewertet.
- [YYYY][MM][DD]: Das gewünschte Ausführungsdatum (ISO 8601). Muss mindestens ein Tag später als das aktuelle Datum sein, da diese Attribut durch ein alle 24 Stunden aufgerufenes Aufräum-Script gelesen wird. Der genaue Ausführungszeitpunkt kann somit nicht bestimmt werden (da abhängig vom Ausführungszeitpuntk der Aufräum-Scripts und der Anzahl anstehenden Aufgaben).
- sstProvisioningState: Die Applikation Selfcare oder der Provisionierungs-Daemon provisioning.pl beschreiben das Attribut sstProvisioningState:
- Keine Provisionierung nötig: Falls eine Änderung keine Provisionierung im Backend verlangt (zum Beispiel bei einer Passwört-Änderung), wird das Attribut sstProvisioningState direkt durch die Applikation Selfcare it dem aktuellen Datum und der aktuellen Zeit in Form von [YYYY][MM][DD]T[hh][mm][ss] ausfüllen (ISO 8601) beschrieben. In diesem Falle ignoriert der Provisionierungs-Daemon provisioning.pl die Modifikation.
- Provisionierung nötig: Falls eine Änderung eine Provisionierung im Backend verlangt (zum Beispiel bei einer Quota-Änderung), muss die Applikation Selfcare dieses Attribut auf den Wert 0 setzen. Nach der erfolgreichen Provisionierung muss Provisionierungs-Daemon provisioning.pl das Attribut sstProvisioningState mit dem aktuellen Datum und der aktuellen Zeit in Form von [YYYY][MM][DD]T[hh][mm][ss] ausfüllen (ISO 8601).
Die Applikation Selfcare darf erst dann wieder eine Modifikation durch einen Benutzer zulassen, wenn das Attribut sstProvisioningState einen gültigen Zeitstempel in der Form von [YYYY][MM][DD]T[hh][mm][ss] (ISO 8601) hat. Technisch gesehen muss der Provisionierungs-Daemon provisioning.pl im RefreshAndPersist Modus nur noch auf die LDAP-Mechanismen add und modify hören. Der LDAP-Mechanismus delete muss ignoriert werden.