Search…
Configuring TrilioVault
Added external database-support Added the Openstack distribution for storage (mount path)
TrilioVault configuration process is using Ansible scripts. Ansible, in the last few years, has grown in popularity as a preferred configuration management tool and TrilioVault uses ansible playbooks extensively to configure the TrilioVault cluster. To troubleshoot TrilioVault configuration issues, the user should have a basic understanding of Ansible playbook output.
Ansible modules are inherently idempotent and hence TrilioVault configuration can run any number of times to change or reconfigure TrilioVault cluster.
Once the VM is booted, point your browser (Chrome or Firefox) to TrilioVault node IP address.
This will bring you to the TrilioVault Dashboard, which contains the TrilioVault configurator.
The user is: admin The default password is: password
After the very first login, you are requested to change the admin password.
Unlike previous versions of TrilioVault, the current version only requires you to configure the cluster once and the TrilioVault dashboard provides cluster-wide management capability.

Details needed for the TrilioVault Appliance

Upon login into an unconfigured TrilioVault Appliance, the shown page is the configurator. The configurator requires some information about the TrilioVault Appliance, Openstack, and Backup Storage.

TrilioVault Cluster information

The TrilioVault Cluster needs to be integrated into an existing environment to be able to operate correctly. This block asks for information about the TrilioVault Cluster operating details.
    Controller Nodes
      This is the list of TrilioVault virtual appliance IP addresses along with their hostnames.
      Format: comma-separated list with pairs combined through '='
      Example: 172.20.4.151=tvault-104-1,172.20.4.152=tvault-104-2,172.20.4.153=tvault-104-3’
The TrilioVault Cluster supports only 1 node and 3 node clusters.
    Virtual IP Address
      This is the TrilioVault cluster IP address which is mandatory
      Format: IP/Subnet
      Example: 172.20.4.150/24
The Virtual IP is mandatory even for single-node clusters and has to be different from any IP given at the Controller Nodes.
    Name Server
      List of nameservers, primarily used to resolve OpenStack service endpoints.
      Format: comma-separated list
      example: 8.8.8.8,172.20.4.1
    Domain Search Order
      The domain the TrilioVault Cluster will use.
      Format: comma-separated list
      example: trilio.io,trilio.demo
    NTP Servers
      NTP servers the TrilioVault Cluster will use
      format: comma-separated list
      example: 0.pool.ntp.org,10.10.10.10
    Timezone
      Timezone the TrilioVault Cluster will use internally
      format: pre-populated list
      example: UTC

Openstack Credentials information

The TrilioVault appliance integrates with one RHV environment. This block asks for the information required to access and connect with the RHV Cluster.
    Keystone URL
      The Keystone endpoint used to fetch authentication for configuration
      format: URL
      example: https://keystone.trilio.io:5000/v3
    Endpoint Type
      Defines which endpoint type will be used to communicate with the Openstack endpoints
      format: predefined list of radio buttons
      example: Public
When FQDNs are used for the Keystone endpoints it is necessary to configure at least one DNS server before the configuration.
Otherwise, the validation of the Openstack Credentials will fail.
    Domain ID
      domain the provided user and tenant are located in
      format: ID
      example: default
    Administrator
      Username of an account with the domain admin role
      format: String
      example: admin
    Password
      password for the prior provided user
      format: String
      example: password
TrilioVault requires domain admin role access. To provide domain admin role to a user, the following command can be used:
openstack role add --domain <domain id> --user <username> admin
The TrilioVault configurator verifies after every entry if it is possible to login into Openstack using the provided credentials.
This verification will fail until all entries are set and correct.
When the verification is successful it is possible to choose the Admin tenant, the Region, and the Trustee role without any error message shown.
    Admin Tenant
      The tenant to be used together with the provided user
      format: a pre-populated list
      example: admin
    Region
      Openstack Region the user and tenant are located in
      format: a pre-populated list
      example: RegionOne
    Trustee Role
      The Openstack role required to be able to use TrilioVault functionalities
      format: a pre-populated list
      example: _member_

Backup Storage Configuration information

This block is requesting the necessary information about the backup target that the TrilioVault installation will be used to store and read backups.
    Openstack Dist
      RHOSP and Kolla Ansible require a special mount point to be used
      format: predefined list
      example: RHOSP
    Backup Storage
      Defines the Backup Storage protocol to use
      format: predefined list of radio buttons
      example: NFS

Using the NFS protocol

    NFS Export
      The path under which the NFS Volumes to be used can be found
      format: comma-separated list of NFS Volumes paths
      example: 10.10.2.20:/upstream,10.10.5.100:/nfs2
    NFS Options
      NFS options used by the TrilioVault Cluster when mounting the NFS Exports
      format: NFS options
      example: nolock,soft,timeo=180,intr,lookupcache=none
Please use the predefined NFS Options and only change them when it is know that changes are necessary.
Trilio is testing against the predefined NFS options.

Using the S3 protocol

    S3 Compatible
      Switch between Amazon and other S3 compatible storage solutions
      format: predefined list
      example: Amazon S3
    (S3 compatible) Endpoint URL
      URL to be used to reach and access the provided S3 compatible storage
      format: URL
      example: objects.trilio.io
    Access Key
      Access Key necessary to login into the S3 storage
      format: access key
      example: SFHSAFHPFFSVVBSVBSZRF
    Secret Key
      Secret Key necessary to login into the S3 storage
      format: secret key
      example: bfAEURFGHsnvd3435BdfeF
    Region
      Configured Region for the S3 Bucket (keep the default for S3 compatible without Region)
      format: String
      example: us-east-1
    Signature Version
      S3 signature version to use for signing into the S3 storage
      format: string
      example: default
    Bucket Name
      Name of the bucket to be used as Backup target
      format: string
      example: Trilio-backup

Using secured non-aws S3 storage

When using secured connection with a non-aws S3 storage like CEPH you have to provide the certificate used for the connection.
To enter this certificate type the https:// based endpoint into the field Endpoint URL.
Once you tab out of the field will the upload certificate button be shown. See picture below.
Accessing the upload certificate for secured connection

Workload Import

Check this box in case of reinitialization or reinstallation of the TrilioVault Appliance to import all matching Workloads located on the Backup Target.
Workloads that are not assigned to an existing tenant will fail to import and need to be reassigned manually once the configuration is done.

Advanced settings

At the end of the configurator is the option to activate the advanced settings.
Activating this option does provide the possibility to configure the Keystone endpoints used for the Datamover API and TrilioVault.

Setup TrilioVault and Datamover API endpoints.

TrilioVault generates Keystone endpoints for 2 services. The TrilioVault Datamover API and the TrilioVault Workloadmanager.
Modern Openstack installation have the endpoint types split over multiple networks. The advanced settings for the Datamover API endpoints and TrilioVault Workloadmanager endpoints allow configuring TrilioVault accordingly.
Used IP addresses are added as additional VIPs to the TrilioVault cluster.
In the case of FQDN used for those endpoints will the TrilioVault configurator resolve the FQDN to learn of the IPs that are then set as VIPs.
It is recommended to verify the datamover api settings against the ones configured during installation of the TrilioVault components.
If these endpoints do already exist in Keystone are the values prefilled and can not be changed. In case of a change required, delete the old Keystone endpoints first.
Providing an URL with https activates the TLS enabled configuration, which requires the upload of certificates and the connected private key.

Set up an external database

TrilioVault allows the use of an external MySQL or MariaDB database.
This database needs to be prepared by creating the empty workloadmgr database, creating the workloadmgr user and setting the right permissions. An example command to create this database would be:
1
create database workloadmgr_auto;
2
CREATE USER 'trilio'@'localhost' IDENTIFIED BY 'password';
3
GRANT ALL PRIVILEGES ON workloadmgr_auto.* TO 'trilio'@'10.10.10.67' IDENTIFIED BY 'password';
Copied!
Provide the connection string to the TrilioVault configurator.
1
mysql://trilio:[email protected]/workloadmgr_auto?charset=utf8
Copied!
This value can only be set upon an initial configuration of the TrilioVault solution.
When the Cluster has been configured to use the internal database, then the connection string will not be shown in the next configuration attempt.
In case of an external database, will the connection string be shown, but is uneditable.

Define the TrilioVault service user password

TrilioVault is using a service user that is located in the Openstack service project.
The password for this service user will be generated randomly or can be defined in the advanced settings.

Starting the configurator

Once all entries have been set and all validations are error-free the configurator can be started.
    Click Finish
    Reconfirm in the pop-up that you want to start the configuration
    Wait for the configurator to finish
Some elements of the configurator take time. Even when it looks like the configurator is stuck, please wait till the configurator finishes. Should the configurator have not finished after 6h, please contact Trilio Support for help.
The configurator is using Ansible and a few TrilioVault internal API calls. After each configuration block or after the configurator finished it is possible to visit the Ansible output.
At the end of a successful configuration does the configurator forward to the set VIP.
Last modified 2mo ago