T4O-4.0

Configuring Trilio

Trilio configuration process is using ansible scripts. Ansible, in the last few years, has grown in popularity as a preferred configuration management tool and Trilio uses ansible play books extensively to configure the Trilio cluster. To troubleshoot Trilio configuration issues, user should have basic understanding of ansible playbook output.

Ansible modules are inherently idempotent and hence Trilio configuration can run any number of times to change or reconfigure Trilio cluster.

Once the VM is booted, point your browser (Chrome or Firefox) to Trilio node IP address.

This will bring you to the Trilio Dashboard, which contains the Trilio configurator.

The user is: admin The default password is: password

After the very first login are you requested to change the admin password.

Unlike previous versios of Trilio, the current version only requires you to configure the cluster once and the Trilio dashboard provides cluster wide management capability.

Uploading the OpenStack certificate bundle

OpenStack endpoints can be configured to use TLS. In such a configuration the Trilio appliance needs to trust the certificates provided by the OpenStack endpoints.

To achieve this trust it is required to upload the OpenStack certificate bundle through the OS API certificate tab of the Trilio appliance Dashboard.

The certificate bundle is located on the controller nodes of the OpenStack installation.

The default paths for each distribution are as follows:

RHOSP/TripleO: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Kolla Ansible with CentOS: /etc/pki/tls/certs/ca-bundle.crt
Kolla Ansible with Ubuntu:  /usr/local/share/ca-certificates/
OpenStack Ansible (OSA) with Ubuntu in our lab: /etc/openstack_deploy/ssl/
OpenStack Asnible (OSA) with CentOS: /etc/openstack_deploy/ssl

The uploaded certificates can be verified on the Trilio appliance at the following location.

/etc/workloadmgr/ca-chain.pem

Details needed for the Trilio Appliance

Upon login into an unconfigured Trilio Appliance, the shown page is the configurator. The configurator requires some information about the Trilio Appliance, Openstack and Backup Storage.

Trilio Cluster information

The Trilio Cluster needs to be integrated into an existing environment to be able to operate correctly. This block asks for the information about the Trilio Cluster operating details.

  • Controller Nodes

    • This is the list of Trilio virtual appliance IP addresses along with their hostnames.

    • Format: comma separated list with pairs combined through '='

    • Example: 172.20.4.151=tvault-104-1,172.20.4.152=tvault-104-2,172.20.4.153=tvault-104-3’

The Trilio Cluster supports only 1 node and 3 node clusters.

  • Virtual IP Address

    • This is the Trilio cluster IP address which is mandatory

    • Format: IP/Subnet

    • Example: 172.20.4.150/24

The Virtual IP is mandatory even for single node clusters and has to be different from any IP given at the Controller Nodes.

  • Name Server

    • List of nameservers, primarily used to resolve OpenStack service endpoints.

    • Format: comma separated list

    • example: 10.10.10.1,172.20.4.1

If defining OpenStack endpoint hostnames in the /etc/hosts file on the VM is preferred over a DNS solution you may set the nameserver to 0.0.0.0, the default gateway.

  • Domain Search Order

    • The domain the Trilio Cluster will use.

    • Format: comma separated list

    • example: trilio.io,trilio.demo

  • NTP Servers

    • NTP servers the Trilio Cluster will use

    • format: comma separated list

    • example: 0.pool.ntp.org,10.10.10.10

  • Timezone

    • Timezone the Trilio Cluster will use internally

    • format: pre-populated list

    • example: UTC

Openstack Credentials informations

The Trilio appliance integrates with one RHV environment. This block asks for the information required to access and connect with the RHV Cluster.

  • Keystone Admin URL

    • The Keystone admin endpoint mainly used during configuration

    • format: URL

    • example: https://keystone.trilio.io:35357/v3

  • Keystone Public/Internal URL

    • The URL type defines which endpoint type will communicate with the Openstack endpoints

    • format: URL

    • example: https://internal.trilio.io:5000/v3

When FQDNs are used for the Keystone endpoints it is necessary to configure at least one DNS server before the configuration.

Otherwise will the validations of the Openstack Credentials fail.

  • Administrator

    • Username of an account with the domain admin role

    • format: String

    • example: admin

  • Password

    • password for the user provided before

    • format: String

    • example: password

  • Admin Tenant

    • The tenant to be used together with the provided user

  • Region

    • Openstack Region the user and tenant are located in

    • format: String

    • example: RegionOne

  • Domain ID

    • domain the provided user and tenant are located in

    • format: ID

    • exmaple: default

  • Trustee Role

    • The Openstack role required to be able to use Trilio functionalities

The Trilio configurator verifies after every entry if it is possible to login into Openstack using the provided credentials.

This verification will fail until all entries are set and correct.

When the verification is successful it is possible to choose the trustee role and no error message is shown.

Trilio requires domain admin role access. To provide domain admin role to a user, the following command can be used:

openstack role add --domain <domain id> --user <username> admin

Backup Storage Configuration information

This block is requesting the necessary information about the backup target that the Trilio installation will be used to store and read backups.

The very first field in this block decides the protocol used to connect with Backup Storage, NFS or S3.

Using the NFS protocol

  • NFS Export

    • Path under which the NFS Volumes to be used can be found

    • format: comma separated list of NFS Volumes paths

    • example: 10.10.2.20:/upstream,10.10.5.100:/nfs2

  • NFS Options

    • NFS options used by the Trilio Cluster when mounting the NFS Exports

    • format: NFS options

    • example: nolock,soft,timeo=180,intr,lookupcache=none

Please use the predefined NFS Options and only change them when it is know that changes are necessary.

Trilio is testing against the predefined NFS options.

Using the S3 protocol

  • S3 Compatible

    • Switch between Amazon and Ceph

    • format: predefined list

    • example: Amazon S3

Use Ceph S3 for any non AWS S3 Storage.

  • Access Key

    • Access Key necessary to login into the S3 storage

    • format: access key

    • example: SFHSAFHPFFSVVBSVBSZRF

  • Secret Key

    • Secret Key necessary to login into the S3 storage

    • format: secret key

    • example: bfAEURFGHsnvd3435BdfeF

  • Region

    • Configured Region for the S3 Bucket

    • format: String

    • example: us-east

  • Bucket Name

    • Name of the bucket to be used as Backup target

    • format: string

    • example: Trilio-backup

  • (CEPH S3 ONLY) Endpoint URL

    • URL to be used to reach and access the provided S3 compatible storage

    • format: URL

    • example: objects.trilio.io

Workload Import

If you are upgrading either from older versions of Trilio or reinstalling the appliance for maintenance reasons, please check this box during the configuration. Trilio is a stateless appliance and all the state is securely saved on the NFS/S3 storage. So, during the upgrade process, the user will need to import all backup job records back from the NFS/S3 storage to the appliance MySQL database. By checking this box, the configuration automatically imports all backup records.

Workloads that are not assigned to a still existing tenant will fail there import and need to be reassigned manually once the configuration is done.

Advanced settings

At the end of the configuratorformulars is the option to activate the advanced settings. Activating this option does provide the possibility to configure the Keystone endpoints used for the Datamover API and Trilio.

It is recommended to verify the datamover api settings against the ones configured during installation of the Trilio components.

If these endpoints do already exist in Keystone are the values prefilled and can not be changed. In case of a change required, delete the old Keystone endpoints first.

Providing an URL with https activates the TLS enabled configuration, which requires the upload of certificates and the connected private key.

Starting the configurator

Once all entries have been set and all validations are error free the configurator can be started.

  • Click Finish

  • Reconfirm in the pop-up that you want to start the configuration

  • Wait for the configurator to finish

Some elements of the configurator take time. Even when it looks like the configurator is stuck, please wait till the configurator finishes. Should the configurator have not finished after 6h, please contact Trilio Support for help.

The configurator is using Ansible and a few Trilio internal API calls. After each configuration block or after the configurator finished it is possible to visit the ansible output.

At the end of a successful configuration does the configurator forward to the set VIP.

PreviousInstalling on Ansible Openstack TrainNextApply the Trilio license

Last updated