[unchecked revision]

Revision as of 10:06, 7 August 2013

Abstract

This document describes the OpenLDAP directory data organisation for the stoney cloud (Online) Backup service.

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory, in this case we looking at the (Online) Backup service.

Backup

The following LDIF shows the backup entry of the whole OpenLDAP directory tree for the stoney cloud:

dn: ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: backup

Backup Configuration

The sub tree for the configuration of the (online) backup service:

dn: ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: configuration
description: The sub tree for the configuration of the (online) backup service.

Backup rsnapshot Provisioning Daemon

The sub tree for the configuration of the prov-backup-rsnapshot daemon:

dn: ou=prov-backup-rsnapshot,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstServiceConfigurationBackupObjectClass
ou: prov-backup-rsnapshot
description: The sub tree for the configuration of the prov-backup-rsnapshot daemon.
sstIsActive: TRUE

The following table describes the different attributes:

Attribute	Existence	Mandatory	Description
description	MAY	x	The description of the leaf.
sstIsActive	MAY	x	Is the entry active? Either true (yes) or false (no).

Legend:

x: Mandatory in all cases.

Backup Reseller

The sub tree for the reseller specific (online) backup service settings:

dn: ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: reseller
description: The sub tree for the reseller specific (online) backup service settings.

The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.

dn: uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: TBD
uid: 4000000
description: The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.
sstIsActive: true

Wollen wir ein Attribut hinzufügen, welches aussagt, dass dies die Default Einstellungen für den (Online) Backup Service sind?

sstIsDefault: true

Backup Reseller Billing

The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=billing,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: TBD
ou: billing
description: The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
TBD: Der Aufbau sollte so sein, dass er hierarchische Informationen abbilden könnte. Oder wir machen den normalen Billing Tree, den wir ursprünglich vorgeshene haben.

Backup Reseller Settings

The sub tree for the default quota values for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=settings,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: TBD
ou: settings
description: The sub tree for the default quota values for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
sstVolumeCapacityDefault: 1 Gigabyte TBD
sstVolumeCapacityMin: 1 Gigabyte TBD
sstVolumeCapacityMax: 500 Gigabyte TBD
sstVolumeCapacityStep: 1 Gigabyte TBD
sstNotificationWarningLevel: 85
sstNotificationWarningMedium: sstBackupWarningMail TBD (wahrscheinlich mail statt sstBackupWarningMail, muss gesetzt sein, wenn sstNotificationWarningMedium auf mail gesetzt ist)
sstBackupWarningMail: support@stepping-stone.ch TBD (wahrscheinlich mail statt sstBackupWarningMail, muss gesetzt sein, wenn sstNotificationWarningMedium auf mail gesetzt ist)

Folgende Attribute Fehlen:

Kann der Benutzer seine eignene E-Mail Adresse hinzufügen (für die Notifikation)?
Kann der Benutzer seine eignene Händynummer hinzufügen (für die Notifikation)?
Kann der Benutzer seine eigene Quota anpassen?
Sieht der Benutzer die Preise vom Online Backup?
sstUseSelfcare: false
sstUseSSH: true
sstIsActive: true

The following table describes the different attributes:

Attribute	Existence	Mandatory	Description
description	MAY	x	The description of the leaf.
sstVolumeCapacityDefault	TBD	x
sstVolumeCapacityMin	TBD	x
sstVolumeCapacityMax	TBD	x
sstVolumeCapacityStep	TBD	x
sstNotificationWarningLevel	MAY	x	The quota notification level in percent, when the owner of the backup needs to warned. The default is 85 percent.

Legend:

x: Mandatory in all cases.

Backup Reseller Templates

This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: templates
description: This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.

This sub tree contains the quota templates for the (online) backup service:

dn: ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: templates
description: This sub tree contains the quota templates for the (online) backup service.

dn: ou=en-GB,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org

dn: ou=de-CH,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org

This sub tree contains the schedule templates for the (online) backup service:

dn: ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: templates
description: This sub tree contains the schedule templates for the (online) backup service.

dn: ou=en-GB,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org

dn: ou=de-CH,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org

Backup Account

Each (Online) Backup service account has it's own change root (chroot, jail) directory. The following example shows the OpenLDAP directory entry for the (online) backup account with the uid number 3723707:

dn: uid=3723707,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: account
objectclass: posixAccount
objectclass: shadowAccount
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 3723707
userPassword:: e2NyeXB0fWFzYXh1by9WcnVURk0=
uidNumber: 3723707
gidNumber: 3723707
cn: michael.eichenberger@stepping-stone.ch
gecos: Michael Eichenberger
homeDirectory: /var/backup/7/707/723/3723707/chroot/./home/3723707
loginShell: /bin/sh
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 134539460

sstBackupIntervalHourly: 0
sstBackupIntervalDaily: 7
sstBackupIntervalWeekly: 4
sstBackupIntervalMonthly: 3
sstBackupIntervalYearly: 0
sstBackupLastSuccessfulBackup: 199412161032Z
sstBackupWarningMissedDays: 1
sstBackupWarningMissedNumbers: 0
sstBackupWarningOn: true
sstNotificationWarningLevel: 85
sstBackupWarningLanguage: de-CH
sstNotificationWarningMedium: mail
sstQuota: The filesystem quota in bytes.
sstBackupWarningMobileTelephoneNumber: TBD (wahrscheinlich mobileTelephone statt sstBackupWarningMobileTelephoneNumber, muss gesetzt sein, wenn sstNotificationWarningMedium auf mobileTelephone gesetzt ist)
sstBackupWarningMail: TBD (wahrscheinlich mail statt sstBackupWarningMail, muss gesetzt sein, wenn sstNotificationWarningMedium auf mail gesetzt ist)

sstIsActive: true
sstUseSelfcare: false
sstUseSSH: true

sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002 TBD (könnte auch sstBelongsToServiceUID sein)
sstProvisioningMode: add
sstProvisioningExecutionDate: 0
sstProvisioningState: 0

The following table describes the different attributes:

Attribute	Existence	Mandatory	Description
uid	TBD	x
userPassword	TBD	x
uidNumber	TBD	x
gidNumber	TBD	x
cn	TBD	x
gecos	TBD	x
homeDirectory	MUST	x	The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the accout with the uid 3723707. `/var/backup/g/efg/bcd/abcdefg/chroot/./home/abcdefg` `/var/backup/7/707/723/3723707/chroot/./home/3723707`
loginShell	TBD	x
shadowLastChange	TBD	x
shadowMax	TBD	x
shadowWarning	TBD	x
shadowFlag	TBD	x
sstBackupIntervalHourly	TBD	x
sstBackupIntervalDaily	TBD	x
sstBackupIntervalWeekly	TBD	x
sstBackupIntervalMonthly	TBD	x
sstBackupIntervalYearly	TBD	x
sstBackupLastSuccessfulBackup	TBD	x	Timestamp of the last successful backup. Syntax: Generalized Time, see RFC 2252, Chapter 6.14. Values in this syntax are encoded as printable strings, represented as specified in X.208. Note that the time zone must be specified. GMT time is to be used. Example: `199412161032Z`.
sstBackupWarningMissedDays	TBD	x	If the attribute `sstBackupWarningOn` ist true, a non-successful backup notification warning is sent after X days of non-successful backups (where X is an integer number larger than zero). X is an integer number larger than 1. 0 means, the warning is turned off. Default is 1.
sstBackupWarningMissedNumbers	TBD	x	If the attribute `sstBackupWarningOn` ist true, a non-successful backup notification warning is sent after X non-successful backups. X is an integer number larger than 1. 0 means, the warning is turned off. Default is 0.
sstBackupWarningOn	TBD	x	Is the non-successful backup notification warning turned on or not? Either `true` (yes) or `false` (no). Default is true (yes).
sstBackupWarningLanguage	TBD	x	The notification language according to RFC 1766 (ISO 3166-1-alpha-2 code-ISO 639-1 Code. For example de-CH or en-GB. The content of this value is taken from the person entry from the attribute `preferredLanguage`. If the backup account belongs to a service, the user must be asked for the notification language.
sstNotificationWarningLevel	TBD	x
sstNotificationWarningMedium	TBD	x	The notification medium, either sms (points to the multi-valued attribute `sstBackupWarningMobileTelephoneNumber`) or mail (points to the multi-valued attribute `sstBackupWarningEmail`). In most cases, the default would be mail (`sstBackupWarningEmail`), which is taken from the reseller default settings.
sstQuota	MUST	x	The filesystem quota in bytes. For example 104857600 equates to 100 Megabyte ( 104857600 / 1024 / 1024 = 100).
sstBackupWarningMobileTelephoneNumber	TBD	x	Multi-valued attribute with the mobile phone number(s) that is used for the notification of the user(s), if the attribute `sstBackupWarningOn` ist true and the attribute `sstNotificationWarningMedium` ist set to `sstBackupWarningMobileTelephoneNumber`.
sstBackupWarningEmail	TBD	x	Multi-valued attribute with the E-Mail addresse(s) that is used for the notification of the user(s), if the attribute `sstBackupWarningOn` ist true and the attribute `sstNotificationWarningMedium` ist set to `sstBackupWarningEmail`.
sstIsActive	MAY	x	Is the entry active? Either true (yes) or false (no).
sstUseSelfcare	TBD	x
sstUseSSH	TBD	x
sstBelongsToResellerUID	TBD	x
sstBelongsToCustomerUID	TBD	x
sstBelongsToPersonUID	TBD	x
sstBelongsToServiceUID	TBD	x
sstProvisioningMode	TBD	x
sstProvisioningExecutionDate	TBD	x
sstProvisioningState	TBD	x

Legend:

x: Mandatory in all cases.

Welche Werte werden aus dem People Eintrag verwendet?
- mail -> cn
- gecos -> givenName surname
- preferredLanguage -> sstBackupWarningLanguage
Welche Werte werden aus dem Service Eintrag verwendet (im Falle einer virtuellen Maschine oder einem dediziertem Server)?
- ??? -> cn
- gecos -> sstVirtualMachineName und/oder sstDisplayName

Welche Werte werden automatisch generiert?
- Passwort

Welche Werte werden konkret für den Service abgefragt?
- Quota, wobei die Default Quota pro Reseller als Default angezeigt wird.

People Eintrag mit einem weiteren Flag ergänzen, welche mit dem sstIsActive kombiniert werden kann, damit er aktiv sein kann, aber nicht einloggen darf). Gilt jedoch nur für non-employees.
- sstUseSelfcare: false

Wenn Reseller oder Customer sstUseSelfcare oder sstIsActive auf false gesetzt ist, dürfen die dazugehörigen Benutzer auch nicht einloggen.

Wir nehmen nur die Sprachen, welche das Web Interface kann: de-CH und en-GB (oder müsste es mit Unterstrich sein?) -> CWI/MEI
Sprachen-Fallback ist English.

Platz für Iterationen ins Directory
- Braucht es noch mehr?
- Wrapper Script für Used Disk Space umstellen, so dass die Angaben aus dem Verzeichnis ausgelesen werden.

Neue Attribute
- sstUseSSH: true
- sstUseSelfcare: false
- sstUseSelfcare kommt auch bei der Person hin (als MAY, jedch mandatory)

Entscheid chroot-Umgebung. TMU/CAF/PKL/MEI
- chroot-Umgebung mit einer Kombination von busybox, Jailkit und dem täglich ablaufendem Backup-Script (als aufrufende Instanz)
- rsync vom Host (als static Binary)
- busybox vom Host (als static Binary)

Verzicht auf Bind-Mount (.snapshots ist read only) -> CAF
LDAP Struktur -> MEI/TMU
Neuer Backup Server aufbauen (Gleicher Fingerprint) -> TMU/MEI
Backup Script (prov-backup-rsnapshot) -> PKL
SSHA Umstellung bei den Passwörtern -> MEI/CWI

Icons: http://www.famfamfam.com/lab/icons/silk/

Provisioning

Links

Difference between revisions of "stoney backup: OpenLDAP directory data organisation"

Revision as of 10:06, 7 August 2013

Contents

Abstract

Data Organisation

Backup

Backup Configuration

Backup rsnapshot Provisioning Daemon

Backup Reseller

Backup Reseller Billing

Backup Reseller Settings

Backup Reseller Templates

Backup Account

Provisioning

Links

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Wiki

Tools