You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
OpenStack Swift
Stash supports OpenStack Swift as a backend. This tutorial will show you how to use this backend.
In order to use OpenStack Swift as backend, you have to create a Secret and a Repository object pointing to the desired Swift container.
If the Swift container does not exist yet, Stash will automatically create it during the first backup.
Create Storage Secret
Stash supports Swift’s Keystone v1, v2, v3 authentication as well as token-based authentication.
Keystone v1 authentication:
For keystone v1 authentication, following secret keys are needed:
| Key | Description |
|---|---|
RESTIC_PASSWORD | Password used that will be used to encrypt the backup snapshots. |
ST_AUTH | URL of the Keystone server. |
ST_USER | Username. |
ST_KEY | Password. |
Keystone v2 authentication:
For keystone v2 authentication, following secret keys are needed:
| Key | Description |
|---|---|
RESTIC_PASSWORD | Password used that will be used to encrypt the backup snapshots. |
OS_AUTH_URL | URL of the Keystone server. |
OS_REGION_NAME | Storage region name |
OS_USERNAME | Username |
OS_PASSWORD | Password |
OS_TENANT_ID | Tenant ID |
OS_TENANT_NAME | Tenant Name |
Keystone v3 authentication:
For keystone v3 authentication, following secret keys are needed:
| Key | Description |
|---|---|
RESTIC_PASSWORD | Password used that will be used to encrypt the backup snapshots. |
OS_AUTH_URL | URL of the Keystone server. |
OS_REGION_NAME | Storage region name |
OS_USERNAME | Username |
OS_PASSWORD | Password |
OS_USER_DOMAIN_NAME | User domain name |
OS_PROJECT_NAME | Project name |
OS_PROJECT_DOMAIN_NAME | Project domain name |
For keystone v3 application credential authentication (application credential id):
| Key | Description |
|---|---|
RESTIC_PASSWORD | Password used that will be used to encrypt the backup snapshots. |
OS_AUTH_URL | URL of the Keystone server. |
OS_APPLICATION_CREDENTIAL_ID | The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user. |
OS_APPLICATION_CREDENTIAL_SECRET | The secret for authenticating the application credential. |
For keystone v3 application credential authentication (application credential name):
| Key | Description |
|---|---|
RESTIC_PASSWORD | Password used that will be used to encrypt the backup snapshots. |
OS_AUTH_URL | URL of the Keystone server. |
OS_USERNAME | User name |
OS_USER_DOMAIN_NAME | User domain name |
OS_APPLICATION_CREDENTIAL_NAME | The name of the application credential used for authentication. If provided, must be accompanied by a user object. |
OS_APPLICATION_CREDENTIAL_SECRET | The secret for authenticating the application credential. |
Token-based authentication:
For token-based authentication, following secret keys are needed:
| Key | Description |
|---|---|
RESTIC_PASSWORD | Password used that will be used to encrypt the backup snapshots. |
OS_STORAGE_URL | Storage URL |
OS_AUTH_TOKEN | Authentication token |
A sample storage secret creation for keystone v2 authentication is shown below,
$ echo -n 'changeit' > RESTIC_PASSWORD
$ echo -n '<your-auth-url>' > OS_AUTH_URL
$ echo -n '<your-tenant-id>' > OS_TENANT_ID
$ echo -n '<your-tenant-name>' > OS_TENANT_NAME
$ echo -n '<your-username>' > OS_USERNAME
$ echo -n '<your-password>' > OS_PASSWORD
$ echo -n '<your-region>' > OS_REGION_NAME
$ kubectl create secret generic swift-secret \
--from-file=./RESTIC_PASSWORD \
--from-file=./OS_AUTH_URL \
--from-file=./OS_TENANT_ID \
--from-file=./OS_TENANT_NAME \
--from-file=./OS_USERNAME \
--from-file=./OS_PASSWORD \
--from-file=./OS_REGION_NAME
secret/swift-secret created
Create Repository
Now, you have to create a Repository crd. You have to provide the storage secret that we have created earlier in spec.backend.storageSecretName field.
Following parameters are available for Swift backend.
| Parameter | Description |
|---|---|
swift.container | Required. Name of Storage container |
swift.prefix | Optional. Path prefix inside the container where backed up data will be stored. |
Below, the YAML of a sample Repository crd that uses a Swift container as a backend.
apiVersion: stash.appscode.com/v1alpha1
kind: Repository
metadata:
name: swift-repo
namespace: demo
spec:
backend:
swift:
container: stash-backup
prefix: /demo/deployment/my-deploy
storageSecretName: swift-secret
Create the Repository we have shown above using the following command,
$ kubectl apply -f https://github.com/stashed/docs/raw/v2020.11.17/docs/examples/guides/latest/backends/swift.yaml
repository/swift-repo created
Now, we are ready to use this backend to backup our desired data using Stash.