Swift 单节点部署

准备

1
2
3
4
5
6
7
# 在部署对象存储服务(swift)之前,你的环境必须包含身份验证服务(keystone);
# keystone需要MySQL数据库,Rabbitmq服务,Memcached服务;
# 内存:4G
# 系统:Ubuntu Server-14.04.5
# 安装方法:https://www.jianshu.com/p/9e77b3ad930a(失效了)
# IP地址:192.168.10.55
# 主机名:object

基本环境配置

配置主机静态IP地址

1
vim /etc/network/interfaces
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
auto lo
iface lo inet loopback
auto eth0
# 将dhcp修改为static
iface eth0 inet static
# 静态IP地址
address 192.168.10.55
# 子网掩码
netmask 255.255.255.0
# 广播地址
broadcast 192.168.10.255
# 默认网关
gateway 192.168.10.2
# DNS服务器
## 谷歌DNS
dns-nameservers 8.8.8.8
## 阿里DNS
dns-nameservers 223.5.5.5

重启网卡

1
2
3
4
# 关闭网卡
ifdown eth0
# 开启网卡
ifup eth0

配置主机名

1
vim /etc/hostname
1
2
3
4
# 对于不同的节点,请做出相应的修改
# 清空文件内容
# 主机名
object

配置主机名解析

1
vim /etc/hosts
1
2
# 文件内容,请视实际情况做相应的修改
192.168.10.55 object

验证操作

1
2
3
ping -c 4 主机名
# 例如
ping -c 4 object

###配置Ubuntu更新源

1
vim /etc/apt/sources.list
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# 请先把文件内容清空
# 中国科学技术大学源
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse

###更新系统

1
apt-get update && apt-get dist-upgrade

###添加OpenStack库

1
2
3
apt-get install software-properties-common
# 此处命令行会停顿,请按Enter键继续
add-apt-repository cloud-archive:mitaka

安装OpenStack客户端

1
apt-get install python-openstackclient

###更新系统

1
2
# 此处为必需步骤
apt-get update && apt-get dist-upgrade

重启主机

1
2
3
shutdown -r now
# 重启电脑后,XShell要用新的IP地址连接虚拟机
# XShell的使用方法:http://www.jianshu.com/p/ada93cba0acd

MySQL服务

安装软件包

1
2
3
# 此处会提示用户设置数据库密码
# 此处密码为lj0609
apt-get install mariadb-server python-pymysql

配置openstack.cnf

1
vim /etc/mysql/conf.d/openstack.cnf
1
2
3
4
5
6
7
8
[mysqld]
# controller的IP
bind-address = 192.168.10.55
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

重启mysql服务

1
service mysql restart

mysql安全初始化

1
2
# 提示输入密码,问题推荐输入n、y、y、y、y
mysql_secure_installation

Rabbitmq服务

安装软件包

1
2
# 时间较长
apt-get install rabbitmq-server

添加OpenStack用户

1
2
# 此处密码为lj0609
rabbitmqctl add_user openstack lj0609

为OpenStack用户添加读、写及访问权限

1
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Memcached服务

安装软件包

1
apt-get install memcached python-memcache

配置memcached.conf

1
vim /etc/memcached.conf
1
2
# controller的IP地址
-l 192.168.10.55

重启服务

1
service memcached restart

keystone的安装

进入数据库

1
2
# 提示输入数据库密码
mysql -u root -p

创建keystone数据库

1
CREATE DATABASE keystone;

赋予keystone相关权限

1
2
3
# 根据实际情况修改密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'lj0609';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'lj0609';

退出数据库

1
exit

生成随机值作为临时令牌(token)

1
2
3
# token:7928a1ada1c93cb81ef2
# token值要与后文统一
openssl rand -hex 10

禁用keystone在安装完成后自启

1
echo "manual" > /etc/init/keystone.override

安装软件包

1
2
# 时间较长
apt-get install keystone apache2 libapache2-mod-wsgi

配置keystone.conf

1
vim /etc/keystone/keystone.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
[DEFAULT]
# token:7928a1ada1c93cb81ef2
# token值要与后文统一
admin_token = 7928a1ada1c93cb81ef2

[database]
# 注释掉原connection
# 根据实际情况修改密码
connection = mysql+pymysql://keystone:lj0609@swift_node/keystone

# 在第1987行
[token]
provider = fernet

同步keystone数据库

1
su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化Fernet键

1
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置apache2.conf!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

1
vim /etc/apache2/apache2.conf
1
2
# 首行添加该项
ServerName object/

新建并配置wsgi-keystone.conf

1
vim /etc/apache2/sites-available/wsgi-keystone.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/apache2/keystone.log
    CustomLog /var/log/apache2/keystone_access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/apache2/keystone.log
    CustomLog /var/log/apache2/keystone_access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

使apache支持虚拟机的身份认证服务

1
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled

重启appache服务

1
service apache2 restart

删除SQLite数据库文件

1
rm -f /var/lib/keystone/keystone.db

配置身份验证令牌

1
2
# token值要与前文统一
export OS_TOKEN=7928a1ada1c93cb81ef2

配置Endpoint的URL

1
2
主机名注意替换
export OS_URL=http://swift_node:35357/v3

配置API版本

1
export OS_IDENTITY_API_VERSION=3

创建identity服务实体

1
2
# 执行结果为表格
openstack service create --name keystone --description "OpenStack Identity" identity

创建identity服务endpoint

1
2
3
4
5
# 执行结果为表格
#替换主机名object
openstack endpoint create --region RegionOne identity public http://object:5000/v3
openstack endpoint create --region RegionOne identity internal http://object:5000/v3
openstack endpoint create --region RegionOne identity admin http://object:35357/v3

创建一个默认的domain

1
2
# 执行结果为表格
openstack domain create --description "Default Domain" default

创建一个admin project

1
2
# 执行结果为表格
openstack project create --domain default --description "Admin Project" admin

创建一个admin user

1
2
3
# 此处会提示用户设置用户密码lj609
# 执行结果为表格
openstack user create --domain default --password-prompt admin

创建一个admin role

1
2
# 执行结果为表格
openstack role create admin

将role添加到admin project和admin user里面去

1
2
# 此处无输出则执行正确
openstack role add --project admin --user admin admin

创建一个service project

1
2
# 执行结果为表格
openstack project create --domain default --description "Service Project" service

配置keystone-paste.ini

1
vim /etc/keystone/keystone-paste.ini
1
# 分别从[pipeline:public_api]、[pipeline:admin_api] and [pipeline:api_v3] 移除 admin_token_auth

移除临时token

1
unset OS_TOKEN OS_URL

作为admin管理员请求一个身份验证令牌

1
2
3
# 提示输入admin的密码
# 执行结果为表格,替换主机名object
openstack --os-auth-url http://object:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue

简化操作

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# 将环境变量写入配置文件
# 简化每次重启主机后需加载脚本的操作
# 直接在命令行执行以下命令,再遇到需要加载脚本时就不需要执行了
# lj0609为密码
echo "export OS_PROJECT_DOMAIN_NAME=default" >> /etc/profile
echo "export OS_USER_DOMAIN_NAME=default" >> /etc/profile
echo "export OS_PROJECT_NAME=admin" >> /etc/profile
echo "export OS_USERNAME=admin" >> /etc/profile
echo "export OS_PASSWORD=lj0609" >> /etc/profile
echo "export OS_AUTH_URL=http://object:35357/v3" >> /etc/profile
echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile
echo "export OS_IMAGE_API_VERSION=2" >> /etc/profile

重新加载配置文件

1
source /etc/profile

请求获取令牌

1
openstack token issue

Swift单节点安装

创建swift用户

1
2
3
# 此处会提示用户设置用户密码lj0609
# 执行结果为表格
openstack user create --domain default --password-prompt swift

将admin role添加到swift user

1
2
# 此处无输出则正确
openstack role add --project service --user swift admin

创建Object Storage服务实体

1
2
# 执行结果为表格
openstack service create --name swift --description "OpenStack Object Storage" object-store

创建Object Storage服务endpoint

1
2
3
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://object:8080/v1

安装软件包

1
apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached

创建swift目录

1
mkdir -p /etc/swift

从对象存储源仓库中获取代理服务配置文件

1
2
3
4
# 耐心等待,可能获取失败
错的curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka
正确的
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=mitaka-eol

配置proxy-server.conf

1
vim /etc/swift/proxy-server.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift

# 从[pipeline:main]中移除tempurl和tempauth,添加authtoken和keystoneauth,请不要改变模块的顺序;
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True

# 配置文件中有,但被注释掉了,直接添加即可
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user

# 配置文件中有,但被注释掉了,直接添加即可
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://object:5000
auth_url = http://object:35357
memcached_servers = object:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 0901
delay_auth_decision = True

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

磁盘模拟存储节点

1
2
3
4
5
# 模拟两个存储节点,每个节点2个空磁盘
# 关闭虚拟机,为我们的虚拟机添加4个10G的空磁盘;
# 虚拟机磁盘名称:sda(系统区)、sdb、sdc、sdd、sde;
# 验证检查,查看是否有以上磁盘;
ls /dev/sd*

步骤1

步骤2

步骤3

步骤4

步骤5

步骤6

步骤7

安装软件包

1
apt-get install xfsprogs rsync

格式化空磁盘

1
2
3
4
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
mkfs.xfs /dev/sdd
mkfs.xfs /dev/sde

创建挂载点目录结构

1
2
3
4
mkdir -p /srv/node/sdb
mkdir -p /srv/node/sdc
mkdir -p /srv/node/sdd
mkdir -p /srv/node/sde

配置fstab(自动挂载)

1
vim /etc/fstab
1
2
3
4
5
# 以下内容追加到配置文件
/dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdd /srv/node/sdd xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sde /srv/node/sde xfs noatime,nodiratime,nobarrier,logbufs=8 0 2

挂载设备

1
2
3
4
mount /srv/node/sdb
mount /srv/node/sdc
mount /srv/node/sdd
mount /srv/node/sde

配置rsyncd.conf

1
vim /etc/rsyncd.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
# 本机 IP 地址
address = 192.168.10.55

[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock

[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock

[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock

配置开启rsync服务

1
vim /etc/default/rsync
1
RSYNC_ENABLE=true

启动rsyns服务

1
service rsync start

安装软件包

1
apt-get install swift swift-account swift-container swift-object

获取配置文件

1
2
3
4
# 耐心等待,可能获取失败,网址只用把最后的?h=stable/mitaka换成?h=mitaka-eol就行
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka

配置account-server.conf

1
vim /etc/swift/account-server.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon account-server

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

配置container-server.conf

1
vim /etc/swift/container-server.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon container-server

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

配置object-server.conf

1
vim /etc/swift/object-server.conf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon object-server

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock

修改挂载点的权限

1
chown -R swift:swift /srv/node

创建recon目录并设置权限

1
2
3
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift

创建并分配初始化环(rings)

切换到swift目录

1
cd /etc/swift

创建account.builder文件

1
2
# 此处无输出则正确
swift-ring-builder account.builder create 10 3 1

将每个存储节点添加到环(ring)中

1
2
3
4
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdc --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sde --weight 100

验证操作

1
swift-ring-builder account.builder

平衡环

1
swift-ring-builder account.builder rebalance

切换到swift目录

1
cd /etc/swift

创建container.builder文件

1
2
# 此处无输出则正确
swift-ring-builder container.builder create 10 3 1

将每个存储节点添加到环(ring)中

1
2
3
4
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdc --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sde --weight 100

验证操作

1
swift-ring-builder container.builder

平衡环

1
swift-ring-builder container.builder rebalance

切换到swift目录

1
cd /etc/swift

创建object.builder文件

1
2
# 此处无输出则正确
swift-ring-builder object.builder create 10 3 1

将每个存储节点添加到环(ring)中

1
2
3
4
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdc --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sde --weight 100

验证操作

1
swift-ring-builder object.builder

平衡环

1
swift-ring-builder object.builder rebalance

从源仓库获取swift.conf

1
2
# 耐心等待,可能获取失败
curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/mitaka

配置swift.conf

1
vim /etc/swift/swift.conf
1
2
3
4
5
6
7
8
[swift-hash]
# suffix与prefix自定义
swift_hash_path_suffix = Ben
swift_hash_path_prefix = Ben

[storage-policy:0]
name = Policy-0
default = yes

设置权限

1
chown -R root:swift /etc/swift

重启服务

1
2
3
service memcached restart
service swift-proxy restart
swift-init all start

查看swift状态

1
swift stat

创建容器Ben

1
openstack container create Ben

上传测试文件到容器Ben

1
2
3
# 文件需要我们自行去创建
# 注意 FILENAME 的修改
openstack object create Ben FILENAME

列出容器 Ben 存储的FILES

1
openstack object list Ben

下载容器Ben存储的FILENAME

1
2
# 此处无输出则正确
openstack object save Ben FILENAME