Ask Your Question

How to setup swift with commvault

asked 2015-07-01 12:51:26 -0500

Stephanie Fuller gravatar image

updated 2015-08-21 16:25:26 -0500

smaffulli gravatar image

Has anyone set up a swift account/container for use by commvault? I am starting down this path and am not sure about the best way to set up ring/account/container for commvault. I read some documentation from SwiftStack, but it makes some SwiftStack assumptions that I am not sure how to duplicate on my own with native Swift.

If anyone has done this, I would love to hear your story and recommendations.

Thanks, Stephanie

edit retag flag offensive close merge delete


My most pressing question is should I build 1 new container with 3 volumes (1/zone) that is the backend for 1 new commvault MagneticLibrary that is assigned to 1 new commvault storage policy???

Stephanie Fuller gravatar imageStephanie Fuller ( 2015-07-01 16:53:27 -0500 )edit

Or build 3 new containers with one volume each from each of my 3 zones that are the backend for 3 new commvault MagLibs that are assigned to 1 new commvault storage policy using a round-robin fashion.

Stephanie Fuller gravatar imageStephanie Fuller ( 2015-07-01 16:59:39 -0500 )edit

My desired end result is to have the commvault backup data replicated in multiple sites for disaster recovery purposes.

Stephanie Fuller gravatar imageStephanie Fuller ( 2015-07-01 17:01:12 -0500 )edit

3 answers

Sort by ยป oldest newest most voted

answered 2015-08-21 11:19:38 -0500

Stephanie Fuller gravatar image

After over a month, I got this to work - here's the basics. If you are having trouble and need more details, ping me...

SSL -> generated a key and got an officially signed cert, not self-signed. Put them in /etc/keystone/ssl/certs & .../private for future reference

keystone: 1 -> changed keystone.conf file [signing] and [ssl] sections with those paths and other details about the key I generated. However, I am still uncertain that this is used other than to generate self-signed key/cert (which I did not use). I am not certain that these values are read from the conf file and used for keystone operation/authentication.

2 -> changed the keystone endpoints in the keystone database to https, ports 5000 & 35357.

3 -> installed apache wsgi module and configured wsgi_keystone.conf in apache to turn on SSLEngine, SSLCertificateKeyFile, SSLCertificateFile & SSLCertificateChainFile with files obtained from the cert authority. I did this for both keystone ports.

swift: 1 -> changed proxy-server.conf to change swift bind_port to 8081, put the key/cert in key_file & cert_file strings, but later took them out to revert swift back to non-ssl (on port 8081). I also changed the auth_uri & auth_url strings to https://myserver-fqdn:5000 & ...:35357 directing swift to talk to keystone with ssl (through apache wsgi...)

2 -> I changed the swift endpoints in the keystone database to https://myserver.fqdn:8080/... to direct swift traffic through a secure apache url/uri.

3 -> all apache modules were already installed (mod_ssl & mod_proxy), I added a file to configure Apache to listen for swift on a secure port and SSL-terminate; /etc/httpd/conf.d/proxy-swift.conf with Proxy stuff (ProxyPass, ProxyPassReverse, ProxyRequests & ProxyPreserveHost) and SSL stuff (same as for wsgi_keystone)

I added SSL to swift because it seemed like CommVault was trying to talk to swift using ssl/https, so I ended up having to make swift API non-ssl and using Apache to run interference for me/commvault. I had other errors when swift API was configured for SSL. Now that it is all figured out, it makes perfect sense. Scary!

edit flag offensive delete link more

answered 2015-07-01 18:07:45 -0500

dsoltesz gravatar image

updated 2015-07-03 17:06:50 -0500


SwiftStack uses OpenStack Swift as the backend, so most of the recommendations will apply for a native Swift implementation. I can tell you that more information in this area is going to be released soon as I'm finishing up a best practice guide for Simpana 10 SP11.

Here are some highlights:

  1. You will want to create multiple containers for your backups. If you just want the default Storage Policy, then you can let Commvault create the containers for you. If you are using SSD drives for Account and Container objects then you should be able to store 80TB of post compressed/deduped backups in each container for Full/Delta/Incremental. If using Dedup this number is more like 20TB per container. If using HDD for account and container objects divide those numbers above by 10. IE 8TB and 2TB respectively.

  2. Create a single Cloud Library in commvault and setup for your first container. Then under Storage -> Library & Drive, add additional Mount Paths. Once finished go into properties for the Cloud Library you created. Click on the Mount Paths Tab and change Mount Path Usage to Spill and fill. This will attempt to balance the backup data across all of the containers. This is a better option than the one given in our previous video of creating multiple cloud libraries and setting round robin in the CommVault Storage Policy.

  3. Swift excels with many connections. So it is best to enable your Media Agents to allow for many streams to the Swift backend. By default your Mount Paths created above will be set "Allow Maximum Paths", but on the Subclient Properties of a backup job, the number of data readers in the Advanced Options tab can be increased if a Backup Set does not have a large number of Subclients which will give Swift a good number of backup streams.

I would be glad to give more directed suggestions if you let me know more about your environment or have more directed questions. I can tell you that SwiftStack will be releasing more videos and literature in the next few weeks on this subject matter. 99% of it should translate directly to Native Swift.

If you check the SwiftStack website there is a CommVault webinar coming up. It will have some sales in it but will be mostly technical with the best practices highlight. Here is a link

For all with questions on how to link to v2 auth here is the CommVault article:

Here is a picture:

image description


edit flag offensive delete link more


I have looked everywhere for an API key. Commvault wants an API key to create the cloud library. Openstack/Keystone/Swift don't have one anywhere that I can find. I tried using a token for swift from openstack, but commvault did not like that.

Stephanie Fuller gravatar imageStephanie Fuller ( 2015-07-02 15:52:48 -0500 )edit

Please see the following from Commvault on V2 Auth. I would post a picture of my v2 setup, but I'm still earning karma points. My connection looks like this.

dsoltesz gravatar imagedsoltesz ( 2015-07-03 16:49:45 -0500 )edit

Add Cloud Library: Name: Anything Type: openstack object storage Media Agent: Pick one from drop down Service host: (This may change for you) Username: <tenant>:<username> API key: <user's password=""> Container: container I want to use

dsoltesz gravatar imagedsoltesz ( 2015-07-03 16:56:10 -0500 )edit

I'm not sure why, but it changed my Commvault V2 Auth URL. Here is the proper one.

dsoltesz gravatar imagedsoltesz ( 2015-07-03 16:59:34 -0500 )edit

Yeah. I have enough Karma to add a picture to my post. Please see information above. For linking v2 authenticated OpenStack Swift with Commvault.

dsoltesz gravatar imagedsoltesz ( 2015-07-03 17:07:53 -0500 )edit

answered 2015-07-01 20:05:51 -0500

dsoltesz gravatar image

Given the information above. I would suggest building 1 Cloud Library in CommVault with 3 volumes each mapped to a different Swift Container. Set the Library to Spill and Fill, and map to 1 new commvault storage policy. Don't bother with Round robin as Spill and Fill does the same thing.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-07-01 12:51:26 -0500

Seen: 7,493 times

Last updated: Aug 21 '15