Difference between revisions of "stoney backup: OpenLDAP directory data organisation"

From stoney cloud
Jump to: navigation, search
[unchecked revision][unchecked revision]
(Backup Reseller Quota Templates)
(Backup Reseller Quota Templates)
Line 220: Line 220:
 
  TIgQmVybgoKVGVsZXBob25lOiArNDEg MzEgMzMyIDUzIDYzCnd3dy5zdGVwcGluZy1zdG9uZS5
 
  TIgQmVybgoKVGVsZXBob25lOiArNDEg MzEgMzMyIDUzIDYzCnd3dy5zdGVwcGluZy1zdG9uZS5
 
  jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25l LmNo
 
  jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25l LmNo
 +
 
  dn: ou=de-CH,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
 
  dn: ou=de-CH,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
 +
objectclass: top
 +
objectclass: organizationalUnit
 +
objectclass: sstTemplateLanguage
 +
ou: de-CH
 +
sstMailTemplate: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHJlIE1haWxib3ggKHskcmV
 +
jaXBpZW50fSkgYmVs ZWd0IG1vbWVudGFuIG1laHIgYWxzIHskcGVyY2VudH0lIGRlcyB2ZXJmw
 +
7xnYmFyZW4KU3BlaWNo ZXJwbGF0ei4KVW0gZGVuIHdlaXRlcmVuIEVtcGZhbmcgdW5kIFZlcnN
 +
hbmQgenUgZ2FyYW50aWVy ZW4sIGzDtnNjaGVuIFNpZSBiaXR0ZQpuaWNodCBtZWhyIGJlbsO2d
 +
GlndGUgRS1NYWlscywgenVt IEJlaXNwaWVsIGFsbGUgaW4gSWhyZW0gIlNwYW0iIE9yZG5lci4
 +
KCkZhbGxzIFNpZSBrZWluZSBF LU1haWxzIGzDtnNjaGVuIHdvbGxlbiBvZGVyIGvDtm5uZW4sI
 +
GJpZXRldCBzaWNoIGRpZQpWZXJn csO2c3NlcnVuZyBJaHJlciBNYWlsYm94IGFuLgoKQmVpIEZ
 +
yYWdlbiB3ZW5kZW4gU2llIFNpY2gg Yml0dGUgYW4gdW5zZXJlbiBTdXBwb3J0OgpzdXBwb3J0Q
 +
HN0ZXBwaW5nLXN0b25lLmNoCgotLSAK c3RlcHBpbmcgc3RvbmUgR21iSApOZXVmZWxkc3RyYXN
 +
zZSA5CkNILTMwMTIgQmVybgoKVGVsZWZv bjogKzQxIDMxIDMzMiA1MyA2Mwp3d3cuc3RlcHBpb
 +
mctc3RvbmUuY2gKc3VwcG9ydEBzdGVwcGlu Zy1zdG9uZS5jaA==
  
 
====== Backup Reseller Schedule Templates ======
 
====== Backup Reseller Schedule Templates ======

Revision as of 20:31, 7 August 2013

Abstract

This document describes the OpenLDAP directory data organisation for the stoney cloud (Online) Backup service.

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory, in this case we looking at the (Online) Backup service.

Backup

The following LDIF shows the backup entry of the whole OpenLDAP directory tree for the stoney cloud:

dn: ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: backup

Backup Configuration

The sub tree for the configuration of the (online) backup service:

dn: ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: configuration
description: The sub tree for the configuration of the (online) backup service.

Backup rsnapshot Provisioning Daemon

The sub tree for the configuration of the prov-backup-rsnapshot daemon:

dn: ou=prov-backup-rsnapshot,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstServiceConfigurationObjectClass
ou: prov-backup-rsnapshot
description: The sub tree for the configuration of the prov-backup-rsnapshot daemon.
sstIsActive: TRUE

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
description
MAY
x
The description of the leaf.
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).

Legend:

  • x: Mandatory in all cases.

Backup Reseller

The sub tree for the reseller specific (online) backup service settings:

dn: ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: reseller
description: The sub tree for the reseller specific (online) backup service settings.

The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.

dn: uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstReseller
objectclass: sstServiceConfigurationObjectClass
uid: 4000000
o: Reseller Ltd.
description: The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.
sstIsActive: TRUE
sstIsDefault: TRUE
Backup Reseller Billing

The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=billing,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: TBD
ou: billing
description: The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
TBD: Der Aufbau sollte so sein, dass er hierarchische Informationen abbilden könnte. Oder wir machen den normalen Billing Tree, den wir ursprünglich vorgeshene haben.
Backup Reseller Settings

The sub tree for the default quota values for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=settings,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstBackup
ou: settings
description: The sub tree for the default settings of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
sstVolumeCapacityDefault: 1
sstVolumeCapacityMin: 1
sstVolumeCapacityMax: 5
sstVolumeCapacityStep: 1
sstBackupWarningMissedDays: 1
sstBackupWarningMissedNumbers: 0
sstBackupWarningOn: TRUE
sstNotificationWarningLevel: 85
sstNotificationWarningMedium: mail
sstBackupIntervalHourly: 0
sstBackupIntervalDaily: 7
sstBackupIntervalWeekly: 4
sstBackupIntervalMonthly: 3
sstBackupIntervalYearly: 0
sstUseSelfcare: FALSE
sstUseSSH: TRUE
sstIsActive: TRUE

Folgende Attribute Fehlen:

  • Kann der Benutzer die Notifikations-Art von mail auf sms umstellen?
  • Kann der Benutzer seine eignene E-Mail Adresse hinzufügen (für die Notifikation)?
  • Kann der Benutzer seine eignene Händynummer hinzufügen (für die Notifikation)?
  • Kann der Benutzer seine eigene Quota anpassen?
  • Sieht der Benutzer die Preise vom Online Backup?
  • sstBackupWarningNotExecutedDays: 1 ?
  • sstBackupWarningNotExecutedNumbers: 0 ?


The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
description
MAY
x
The description of the leaf.
sstVolumeCapacityDefault
TBD
x
sstVolumeCapacityMin
TBD
x
sstVolumeCapacityMax
TBD
x
sstVolumeCapacityStep
TBD
x
sstNotificationWarningLevel
MAY
x
The quota notification level in percent, when the owner of the backup needs to warned. A value between 0 and 100. The default is 85 percent.
sstNotificationWarningMedium
MAY
x
The notification warning medium, either mail or sms. Default would normally be mail.
mail
MAY
x
The notification warning medium, either mail or sms. Default is mail.
mobileTelephoneNumber
MAY
x
If sstNotificationWarningMedium ist set to sms, this attribute must contain a mobile number. This attribute is normally not used.


Legend:

  • x: Mandatory in all cases.
Backup Reseller Templates

This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: templates
description: This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
Backup Reseller Quota Templates

This sub tree contains the quota templates for the (online) backup service:

dn: ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateSetup
ou: quota
description: This sub tree contains the quota templates for the (online) backup service. The leaf contains the information about the sender and default recipient of the mails sent.
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTo: Support stepping stone GmbH <support@stepping-stone.ch>
dn: ou=en-GB,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: sstTemplateLanguage
objectclass: top
objectclass: organizationalUnit
ou: en-GB
sstMailTemplate: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIG1haWxib3ggKHskcmV
jaXBpZW50fSkgaXMg bm93IG1vcmUgdGhhbiB7JHBlcmNlbnR9JSBmdWxsLgpTbyB0aGF0IHlvd
SBjYW4gY29udGludWUg dG8gcmVjZWl2ZSBtYWlsIHlvdSBuZWVkIHRvIHJlbW92ZSBzb21lCm1
lc3NhZ2VzIGZyb20geW91 ciBtYWlsYm94LgpGb3IgZXhhbXBsZSBhbGwgbWVzc2FnZXMgaW5za
WRlIHlvdXIgIlNwYW0iIGZv bGRlci4KCklmIHlvdSBkb24ndCB3YW50IHRvIGRlbGV0ZSBhbnk
gbWVzc2FnZXMsIHlvdSBjYW4g b3JkZXIgbW9yZSBzcGFjZS4KCklmIHlvdSBoYXZlIGFueSBxd
WVzdGlvbnMsIHBsZWFzZSBjb250 YWN0IG91ciBzdXBwb3J0OgpzdXBwb3J0QHN0ZXBwaW5nLXN
0b25lLmNoCgotLSAKc3RlcHBpbmcg c3RvbmUgR21iSApOZXVmZWxkc3RyYXNzZSA5CkNILTMwM
TIgQmVybgoKVGVsZXBob25lOiArNDEg MzEgMzMyIDUzIDYzCnd3dy5zdGVwcGluZy1zdG9uZS5
jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25l LmNo
dn: ou=de-CH,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateLanguage
ou: de-CH
sstMailTemplate: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHJlIE1haWxib3ggKHskcmV
jaXBpZW50fSkgYmVs ZWd0IG1vbWVudGFuIG1laHIgYWxzIHskcGVyY2VudH0lIGRlcyB2ZXJmw
7xnYmFyZW4KU3BlaWNo ZXJwbGF0ei4KVW0gZGVuIHdlaXRlcmVuIEVtcGZhbmcgdW5kIFZlcnN
hbmQgenUgZ2FyYW50aWVy ZW4sIGzDtnNjaGVuIFNpZSBiaXR0ZQpuaWNodCBtZWhyIGJlbsO2d
GlndGUgRS1NYWlscywgenVt IEJlaXNwaWVsIGFsbGUgaW4gSWhyZW0gIlNwYW0iIE9yZG5lci4
KCkZhbGxzIFNpZSBrZWluZSBF LU1haWxzIGzDtnNjaGVuIHdvbGxlbiBvZGVyIGvDtm5uZW4sI
GJpZXRldCBzaWNoIGRpZQpWZXJn csO2c3NlcnVuZyBJaHJlciBNYWlsYm94IGFuLgoKQmVpIEZ
yYWdlbiB3ZW5kZW4gU2llIFNpY2gg Yml0dGUgYW4gdW5zZXJlbiBTdXBwb3J0OgpzdXBwb3J0Q
HN0ZXBwaW5nLXN0b25lLmNoCgotLSAK c3RlcHBpbmcgc3RvbmUgR21iSApOZXVmZWxkc3RyYXN
zZSA5CkNILTMwMTIgQmVybgoKVGVsZWZv bjogKzQxIDMxIDMzMiA1MyA2Mwp3d3cuc3RlcHBpb
mctc3RvbmUuY2gKc3VwcG9ydEBzdGVwcGlu Zy1zdG9uZS5jaA==
Backup Reseller Schedule Templates

This sub tree contains the schedule templates for the (online) backup service:

dn: ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: templates
description: This sub tree contains the schedule templates for the (online) backup service.

dn: ou=en-GB,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org

dn: ou=de-CH,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org

Backup Account

Each (Online) Backup service account has it's own change root (chroot, jail) directory. The following example shows the OpenLDAP directory entry for the (online) backup account with the uid number 3723707:

dn: uid=3723707,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: account
objectclass: posixAccount
objectclass: shadowAccount
objectclass: sstBackup
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 3723707
userPassword: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U
uidNumber: 3723707
gidNumber: 3723707
cn: Michael Eichenberger
gecos: Michael Eichenberger
homeDirectory: /var/backup/7/707/723/3723707/chroot/./home/3723707
loginShell: /bin/sh
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 134539460
sstBackupIntervalHourly: 0
sstBackupIntervalDaily: 7
sstBackupIntervalWeekly: 4
sstBackupIntervalMonthly: 3
sstBackupIntervalYearly: 0
sstBackupLastSuccessfulBackup: 199412161032Z
sstBackupWarningMissedDays: 1
sstBackupWarningMissedNumbers: 0
sstBackupWarningOn: TRUE
sstNotificationWarningLevel: 85
preferredLanguage: de-CH
sstNotificationWarningMedium: mail
mail: support@stepping-stone.ch
sstUseSelfcare: FALSE
sstUseSSH: TRUE
sstIsActive: TRUE
sstQuota: 1
sstBackupSize: 1
sstIncrementSize: 1
sstProvisioningMode: add
sstProvisioningExecutionDate: 0
sstProvisioningState: 0 
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002

The following attributes are written by writeAccountSize.pl, which is called through rsnapshotPostExecWrapper.sh script on the backup server.

  • sstBackupSize: 1
  • sstIncrementSize: 1

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
uid
TBD
x
userPassword
TBD
x
Identifies the entry's password and encryption method in the following format: {encryption method}encrypted password. For example: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U. This password will be automatically set through the selfcare interface. Afterwords, the password can be changed by the owner.
uidNumber
TBD
x
Related to the /etc/shadow file, this attribute specifies the user's login ID. Is the same as the uid. For example: 3723707.
gidNumber
TBD
x
Group ID number. Is the same as the uid. For example: 3723707.
cn
TBD
x
Identifies the name of an object in the directory. When the object corresponds to a person, the CN is typically the person's full name. For a personal account, this entry would consist of givenName and surname, for example Michael Eichenberger. These values are taken from the owners entry (ou=people). For a service account, the attribute sstDisplayName from the corresponding service would be used for the content of this attribute.Can contain extended characters e.g. é, Ø, å etc.
gecos
TBD
x
Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of givenName and surname, for example Michael Eichenberger. These values are taken from the owners entry (ou=people). For a service account, the attribute sstDisplayName from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a IA5String (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc.
homeDirectory
MUST
x
The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the accout with the uid 3723707.

/var/backup/g/efg/bcd/abcdefg/chroot/./home/abcdefg
/var/backup/7/707/723/3723707/chroot/./home/3723707

loginShell
TBD
x
The path to the login shell. The default is /bin/sh.
shadowLastChange
TBD
x
Related to the /etc/shadow file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed).
shadowMax
TBD
x
Related to the /etc/shadow file, this attribute specifies the maximum number of days the password is valid. The default is 99999, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password.
shadowWarning
TBD
x
Related to the /etc/shadow file, this attribute specifies the number of days before the password expires that the user is warned. The default is 7.
shadowFlag
TBD
x
Related to the /etc/shadow file, this attribute is currently not used and is reserved for future use. The default is set to 134539460.
sstBackupIntervalHourly
TBD
x
sstBackupIntervalDaily
TBD
x
sstBackupIntervalWeekly
TBD
x
sstBackupIntervalMonthly
TBD
x
sstBackupIntervalYearly
TBD
x
sstBackupLastSuccessfulBackup
TBD
x

Timestamp of the last successful backup. Syntax: Generalized Time, see RFC 2252, Chapter 6.14. Values in this syntax are encoded as printable strings, represented as specified in X.208. Note that the time zone must be specified. GMT time is to be used. Example: 199412161032Z.

sstBackupWarningMissedDays
TBD
x
If the attribute sstBackupWarningOn ist true, a non-successful backup notification warning is sent after X days of non-successful backups (where X is an integer number larger than zero). X is an integer number larger than 1. 0 means, the warning is turned off. Default is 1.
sstBackupWarningMissedNumbers
TBD
x
If the attribute sstBackupWarningOn ist true, a non-successful backup notification warning is sent after X non-successful backups. X is an integer number larger than 1. 0 means, the warning is turned off. Default is 0.
sstBackupWarningOn
TBD
x
Is the non-successful backup notification warning turned on or not? Either true (yes) or false (no). Default is true (yes).
preferredLanguage
TBD
x
The notification language according to RFC 1766 (ISO 3166-1-alpha-2 code-ISO 639-1 Code. For example de-CH or en-GB. The content of this value is taken from the person entry from the attribute preferredLanguage. If the backup account belongs to a service, the user must be asked for the notification language.
sstNotificationWarningLevel
TBD
x
sstNotificationWarningMedium
TBD
x
The notification medium, either sms (points to the multi-valued attribute sstBackupWarningMobileTelephoneNumber) or mail (points to the multi-valued attribute sstBackupWarningEmail). In most cases, the default would be mail (sstBackupWarningEmail), which is taken from the reseller default settings.
sstQuota
MUST
x
The filesystem quota in bytes. For example 104857600 equates to 100 Megabyte ( 104857600 / 1024 / 1024 = 100).
mobileTelephoneNumber
TBD
x
Multi-valued attribute with the mobile phone number(s) that is used for the notification of the user(s), if the attribute sstBackupWarningOn ist true and the attribute sstNotificationWarningMedium ist set to sstBackupWarningMobileTelephoneNumber.
mail
TBD
x
Multi-valued attribute with the E-Mail addresse(s) that is used for the notification of the user(s), if the attribute sstBackupWarningOn ist true and the attribute sstNotificationWarningMedium ist set to sstBackupWarningEmail. The value(s) taken from "ou=settings,..." is not allowed to be deleted.
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).
sstUseSelfcare
TBD
x
sstUseSSH
TBD
x
sstBelongsToResellerUID
TBD
x
sstBelongsToCustomerUID
TBD
x
sstBelongsToPersonUID
TBD
x
sstBelongsToServiceUID
TBD
x
sstProvisioningMode
TBD
x
sstProvisioningExecutionDate
TBD
x
sstProvisioningState
TBD
x

Legend:

  • x: Mandatory in all cases.


  • Welche Werte werden aus dem People Eintrag verwendet?
    • mail -> cn
    • gecos -> givenName surname
    • preferredLanguage -> sstBackupWarningLanguage
  • Welche Werte werden aus dem Service Eintrag verwendet (im Falle einer virtuellen Maschine oder einem dediziertem Server)?
    •  ??? -> cn
    • gecos -> sstVirtualMachineName und/oder sstDisplayName
  • Welche Werte werden automatisch generiert?
    • Passwort
  • Welche Werte werden konkret für den Service abgefragt?
    • Quota, wobei die Default Quota pro Reseller als Default angezeigt wird.
  • People Eintrag mit einem weiteren Flag ergänzen, welche mit dem sstIsActive kombiniert werden kann, damit er aktiv sein kann, aber nicht einloggen darf). Gilt jedoch nur für non-employees.
    • sstUseSelfcare: false
  • Wenn Reseller oder Customer sstUseSelfcare oder sstIsActive auf false gesetzt ist, dürfen die dazugehörigen Benutzer auch nicht einloggen.
  • Wir nehmen nur die Sprachen, welche das Web Interface kann: de-CH und en-GB (oder müsste es mit Unterstrich sein?) -> CWI/MEI
  • Sprachen-Fallback ist English.
  • Platz für Iterationen ins Directory
    • Braucht es noch mehr?
    • Wrapper Script für Used Disk Space umstellen, so dass die Angaben aus dem Verzeichnis ausgelesen werden.
  • Neue Attribute
    • sstUseSSH: true
    • sstUseSelfcare: false
    • sstUseSelfcare kommt auch bei der Person hin (als MAY, jedch mandatory)
  • Entscheid chroot-Umgebung. TMU/CAF/PKL/MEI
    • chroot-Umgebung mit einer Kombination von busybox, Jailkit und dem täglich ablaufendem Backup-Script (als aufrufende Instanz)
    • rsync vom Host (als static Binary)
    • busybox vom Host (als static Binary)
  • Verzicht auf Bind-Mount (.snapshots ist read only) -> CAF
  • LDAP Struktur -> MEI/TMU
  • Neuer Backup Server aufbauen (Gleicher Fingerprint) -> TMU/MEI
  • Backup Script (prov-backup-rsnapshot) -> PKL
  • SSHA Umstellung bei den Passwörtern -> MEI/CWI

Provisioning

Links