Swift 单节点部署
2017-12-22
约 4269 字
预计阅读 9 分钟
次阅读
准备
1
2
3
4
5
6
7
# 在部署对象存储服务(swift)之前,你的环境必须包含身份验证服务(keystone);
# keystone需要MySQL数据库,Rabbitmq服务,Memcached服务;
# 内存:4G
# 系统:Ubuntu Server-14.04.5
# 安装方法:https://www.jianshu.com/p/9e77b3ad930a(失效了)
# IP地址:192.168.10.55
# 主机名:object
基本环境配置
配置主机静态IP地址
1
vim /etc/network/interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
auto lo
iface lo inet loopback
auto eth0
# 将dhcp修改为static
iface eth0 inet static
# 静态IP地址
address 192.168.10.55
# 子网掩码
netmask 255.255.255.0
# 广播地址
broadcast 192.168.10.255
# 默认网关
gateway 192.168.10.2
# DNS服务器
## 谷歌DNS
dns-nameservers 8.8.8.8
## 阿里DNS
dns-nameservers 223.5.5.5
重启网卡
1
2
3
4
# 关闭网卡
ifdown eth0
# 开启网卡
ifup eth0
配置主机名
1
2
3
4
# 对于不同的节点,请做出相应的修改
# 清空文件内容
# 主机名
object
配置主机名解析
1
2
# 文件内容,请视实际情况做相应的修改
192.168.10.55 object
验证操作
1
2
3
ping -c 4 主机名
# 例如
ping -c 4 object
###配置Ubuntu更新源
1
vim /etc/apt/sources.list
1
2
3
4
5
6
7
8
9
10
11
12
# 请先把文件内容清空
# 中国科学技术大学源
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse
###更新系统
1
apt-get update && apt-get dist-upgrade
###添加OpenStack库
1
2
3
apt-get install software-properties-common
# 此处命令行会停顿,请按Enter键继续
add-apt-repository cloud-archive:mitaka
安装OpenStack客户端
1
apt-get install python-openstackclient
###更新系统
1
2
# 此处为必需步骤
apt-get update && apt-get dist-upgrade
重启主机
1
2
3
shutdown -r now
# 重启电脑后,XShell要用新的IP地址连接虚拟机
# XShell的使用方法:http://www.jianshu.com/p/ada93cba0acd
MySQL服务
安装软件包
1
2
3
# 此处会提示用户设置数据库密码
# 此处密码为lj0609
apt-get install mariadb-server python-pymysql
配置openstack.cnf
1
vim /etc/mysql/conf.d/openstack.cnf
1
2
3
4
5
6
7
8
[mysqld]
# controller的IP
bind-address = 192.168.10.55
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
重启mysql服务
mysql安全初始化
1
2
# 提示输入密码,问题推荐输入n、y、y、y、y
mysql_secure_installation
Rabbitmq服务
安装软件包
1
2
# 时间较长
apt-get install rabbitmq-server
添加OpenStack用户
1
2
# 此处密码为lj0609
rabbitmqctl add_user openstack lj0609
为OpenStack用户添加读、写及访问权限
1
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Memcached服务
安装软件包
1
apt-get install memcached python-memcache
配置memcached.conf
1
vim /etc/memcached.conf
1
2
# controller的IP地址
-l 192.168.10.55
重启服务
1
service memcached restart
keystone的安装
进入数据库
1
2
# 提示输入数据库密码
mysql -u root -p
创建keystone数据库
1
CREATE DATABASE keystone;
赋予keystone相关权限
1
2
3
# 根据实际情况修改密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'lj0609';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'lj0609';
退出数据库
生成随机值作为临时令牌(token)
1
2
3
# token:7928a1ada1c93cb81ef2
# token值要与后文统一
openssl rand -hex 10
禁用keystone在安装完成后自启
1
echo "manual" > /etc/init/keystone.override
安装软件包
1
2
# 时间较长
apt-get install keystone apache2 libapache2-mod-wsgi
配置keystone.conf
1
vim /etc/keystone/keystone.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
[DEFAULT]
# token:7928a1ada1c93cb81ef2
# token值要与后文统一
admin_token = 7928a1ada1c93cb81ef2
[database]
# 注释掉原connection
# 根据实际情况修改密码
connection = mysql+pymysql://keystone:lj0609@swift_node/keystone
# 在第1987行
[token]
provider = fernet
同步keystone数据库
1
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet键
1
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置apache2.conf!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1
vim /etc/apache2/apache2.conf
1
2
# 首行添加该项
ServerName object/
新建并配置wsgi-keystone.conf
1
vim /etc/apache2/sites-available/wsgi-keystone.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
使apache支持虚拟机的身份认证服务
1
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
重启appache服务
1
service apache2 restart
删除SQLite数据库文件
1
rm -f /var/lib/keystone/keystone.db
配置身份验证令牌
1
2
# token值要与前文统一
export OS_TOKEN=7928a1ada1c93cb81ef2
配置Endpoint的URL
1
2
主机名注意替换
export OS_URL=http://swift_node:35357/v3
配置API版本
1
export OS_IDENTITY_API_VERSION=3
创建identity服务实体
1
2
# 执行结果为表格
openstack service create --name keystone --description "OpenStack Identity" identity
创建identity服务endpoint
1
2
3
4
5
# 执行结果为表格
#替换主机名object
openstack endpoint create --region RegionOne identity public http://object:5000/v3
openstack endpoint create --region RegionOne identity internal http://object:5000/v3
openstack endpoint create --region RegionOne identity admin http://object:35357/v3
创建一个默认的domain
1
2
# 执行结果为表格
openstack domain create --description "Default Domain" default
创建一个admin project
1
2
# 执行结果为表格
openstack project create --domain default --description "Admin Project" admin
创建一个admin user
1
2
3
# 此处会提示用户设置用户密码lj609
# 执行结果为表格
openstack user create --domain default --password-prompt admin
创建一个admin role
1
2
# 执行结果为表格
openstack role create admin
将role添加到admin project和admin user里面去
1
2
# 此处无输出则执行正确
openstack role add --project admin --user admin admin
创建一个service project
1
2
# 执行结果为表格
openstack project create --domain default --description "Service Project" service
配置keystone-paste.ini
1
vim /etc/keystone/keystone-paste.ini
1
# 分别从[pipeline:public_api]、[pipeline:admin_api] and [pipeline:api_v3] 移除 admin_token_auth
移除临时token
作为admin管理员请求一个身份验证令牌
1
2
3
# 提示输入admin的密码
# 执行结果为表格,替换主机名object
openstack --os-auth-url http://object:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
简化操作
1
2
3
4
5
6
7
8
9
10
11
12
# 将环境变量写入配置文件
# 简化每次重启主机后需加载脚本的操作
# 直接在命令行执行以下命令,再遇到需要加载脚本时就不需要执行了
# lj0609为密码
echo "export OS_PROJECT_DOMAIN_NAME=default" >> /etc/profile
echo "export OS_USER_DOMAIN_NAME=default" >> /etc/profile
echo "export OS_PROJECT_NAME=admin" >> /etc/profile
echo "export OS_USERNAME=admin" >> /etc/profile
echo "export OS_PASSWORD=lj0609" >> /etc/profile
echo "export OS_AUTH_URL=http://object:35357/v3" >> /etc/profile
echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile
echo "export OS_IMAGE_API_VERSION=2" >> /etc/profile
重新加载配置文件
请求获取令牌
Swift单节点安装
创建swift用户
1
2
3
# 此处会提示用户设置用户密码lj0609
# 执行结果为表格
openstack user create --domain default --password-prompt swift
将admin role添加到swift user
1
2
# 此处无输出则正确
openstack role add --project service --user swift admin
创建Object Storage服务实体
1
2
# 执行结果为表格
openstack service create --name swift --description "OpenStack Object Storage" object-store
创建Object Storage服务endpoint
1
2
3
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://object:8080/v1
安装软件包
1
apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached
创建swift目录
从对象存储源仓库中获取代理服务配置文件
1
2
3
4
# 耐心等待,可能获取失败
错的curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka
正确的
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=mitaka-eol
配置proxy-server.conf
1
vim /etc/swift/proxy-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
# 从[pipeline:main]中移除tempurl和tempauth,添加authtoken和keystoneauth,请不要改变模块的顺序;
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
# 配置文件中有,但被注释掉了,直接添加即可
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
# 配置文件中有,但被注释掉了,直接添加即可
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://object:5000
auth_url = http://object:35357
memcached_servers = object:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 0901
delay_auth_decision = True
[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211
磁盘模拟存储节点
1
2
3
4
5
# 模拟两个存储节点,每个节点2个空磁盘
# 关闭虚拟机,为我们的虚拟机添加4个10G的空磁盘;
# 虚拟机磁盘名称:sda(系统区)、sdb、sdc、sdd、sde;
# 验证检查,查看是否有以上磁盘;
ls /dev/sd*
安装软件包
1
apt-get install xfsprogs rsync
格式化空磁盘
1
2
3
4
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
mkfs.xfs /dev/sdd
mkfs.xfs /dev/sde
创建挂载点目录结构
1
2
3
4
mkdir -p /srv/node/sdb
mkdir -p /srv/node/sdc
mkdir -p /srv/node/sdd
mkdir -p /srv/node/sde
配置fstab(自动挂载)
1
2
3
4
5
# 以下内容追加到配置文件
/dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdd /srv/node/sdd xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sde /srv/node/sde xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
挂载设备
1
2
3
4
mount /srv/node/sdb
mount /srv/node/sdc
mount /srv/node/sdd
mount /srv/node/sde
配置rsyncd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
# 本机 IP 地址
address = 192.168.10.55
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
配置开启rsync服务
启动rsyns服务
安装软件包
1
apt-get install swift swift-account swift-container swift-object
获取配置文件
1
2
3
4
# 耐心等待,可能获取失败,网址只用把最后的?h=stable/mitaka换成?h=mitaka-eol就行
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka
配置account-server.conf
1
vim /etc/swift/account-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
配置container-server.conf
1
vim /etc/swift/container-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
配置object-server.conf
1
vim /etc/swift/object-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
修改挂载点的权限
1
chown -R swift:swift /srv/node
创建recon目录并设置权限
1
2
3
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
创建并分配初始化环(rings)
切换到swift目录
创建account.builder文件
1
2
# 此处无输出则正确
swift-ring-builder account.builder create 10 3 1
将每个存储节点添加到环(ring)中
1
2
3
4
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdc --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sde --weight 100
验证操作
1
swift-ring-builder account.builder
平衡环
1
swift-ring-builder account.builder rebalance
切换到swift目录
创建container.builder文件
1
2
# 此处无输出则正确
swift-ring-builder container.builder create 10 3 1
将每个存储节点添加到环(ring)中
1
2
3
4
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdc --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sde --weight 100
验证操作
1
swift-ring-builder container.builder
平衡环
1
swift-ring-builder container.builder rebalance
切换到swift目录
创建object.builder文件
1
2
# 此处无输出则正确
swift-ring-builder object.builder create 10 3 1
将每个存储节点添加到环(ring)中
1
2
3
4
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdc --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sde --weight 100
验证操作
1
swift-ring-builder object.builder
平衡环
1
swift-ring-builder object.builder rebalance
从源仓库获取swift.conf
1
2
# 耐心等待,可能获取失败
curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/mitaka
配置swift.conf
1
vim /etc/swift/swift.conf
1
2
3
4
5
6
7
8
[swift-hash]
# suffix与prefix自定义
swift_hash_path_suffix = Ben
swift_hash_path_prefix = Ben
[storage-policy:0]
name = Policy-0
default = yes
设置权限
1
chown -R root:swift /etc/swift
重启服务
1
2
3
service memcached restart
service swift-proxy restart
swift-init all start
查看swift状态
创建容器Ben
1
openstack container create Ben
上传测试文件到容器Ben
1
2
3
# 文件需要我们自行去创建
# 注意 FILENAME 的修改
openstack object create Ben FILENAME
列出容器 Ben 存储的FILES
1
openstack object list Ben
下载容器Ben存储的FILENAME
1
2
# 此处无输出则正确
openstack object save Ben FILENAME