OpenStack的Swift单节点部署

简介

前言

  • 本文档中介绍了如何在单节点上部署OpenStackSwift服务,包含2种认证方式的部署指导,即临时认证和Keystone认证。
  • OpenStack版本: Queens

测试环境

  • 系统版本: Ubuntu 16.04.5
  • 虚拟机的IP地址: 172.18.10.100
  • 虚拟机的主机名: object
  • 内存要求: 至少2G以上。
  • 硬盘空间: 至少40G以上。

部署指导

基础环境配置

  • 配置静态IP地址:
1
vim /etc/network/interfaces
1
2
3
4
5
6
7
8
9
10
auto lo
iface lo inet loopback

auto ens33
iface ens33 inet static
address 172.18.10.100
netmask 255.255.255.0
gateway 172.18.10.2
dns-nameservers 223.5.5.5
dns-nameservers 114.114.114.114
1
2
3
4
apt install -y software-properties-common

# 此处需要按Enter键继续
add-apt-repository cloud-archive:queens
  • 更新软件源并更新系统:
1
apt update && apt dist-upgrade -y
  • 配置主机名:
1
echo 'object' > /etc/hostname
  • 配置内网DNS解析:
1
2
echo '127.0.0.1 localhost' > /etc/hosts
echo '172.18.10.100 object' >> /etc/hosts
  • 配置终端提示符高亮显示:
1
echo 'export PS1="\u@\[\e[1;93m\]\h\[\e[m\]:\w\\$\[\e[m\] "' >> /root/.bashrc
  • 重启主机,使配置生效:
1
shutdown -r now

Keystone认证

  • 若使用临时认证,则跳过此步骤中所有服务的安装。

Client客户端

  • 安装软件包:
1
apt install -y python-openstackclient

MySQL服务

  • 安装软件包:
1
apt install -y mariadb-server python-pymysql
  • 创建配置文件:
1
vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
1
2
3
4
5
6
7
[mysqld]
bind-address = *
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
  • 重启MySQL服务:
1
systemctl restart mysql.service
  • 安全初始化数据库:
1
2
3
# 提示输入数据库密码, 若未设置, 直接按Enter键,然后输入y, 设置密码
# 对于配置, 推荐输入y、n、y、y
mysql_secure_installation

Rabbitmq服务

  • 安装软件包:
1
apt install -y rabbitmq-server
  • 添加OpenStack所需用户:
1
rabbitmqctl add_user openstack 0901
  • 设置用户权限:
1
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Memcached服务

  • 安装软件包:
1
apt install -y memcached python-memcache
  • 替换配置文件:
1
sed -i 's|-l 127.0.0.1|-l 0.0.0.0|g' /etc/memcached.conf
  • 重启Memcached服务:
1
systemctl restart memcached.service

Keystone服务

  • 创建数据库并赋予权限:
1
2
3
4
5
MYSQL_PASS="0901"
KEYSTONE_DBPASS="0901"
mysql -u root -p${MYSQL_PASS} -e "CREATE DATABASE keystone;"
mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${KEYSTONE_DBPASS}';"
mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${KEYSTONE_DBPASS}';"
  • 安装Apache服务:
1
apt install -y keystone apache2 libapache2-mod-wsgi
  • 编辑配置文件:
1
vim /etc/keystone/keystone.conf
1
2
3
4
5
[database]
connection = mysql+pymysql://keystone:0901@object/keystone

[token]
provider = fernet
  • 同步配置到keystone数据库:
1
su -s /bin/sh -c "keystone-manage db_sync" keystone
  • 初始化Fernet键:
1
2
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  • 引导Identity服务:
1
2
3
4
5
keystone-manage bootstrap --bootstrap-password 0901 \
--bootstrap-admin-url http://object:5000/v3/ \
--bootstrap-internal-url http://object:5000/v3/ \
--bootstrap-public-url http://object:5000/v3/ \
--bootstrap-region-id RegionOne
  • 编辑配置文件:
1
sed -i '1 i\ServerName object/' /etc/apache2/apache2.conf
  • 重启Apache服务:
1
systemctl restart apache2.service
  • 写入身份认证信息:
1
2
3
4
5
6
7
8
echo "export OS_AUTH_URL=http://object:5000/v3" >> /etc/profile
echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile
echo "export OS_PROJECT_DOMAIN_NAME=Default" >> /etc/profile
echo "export OS_USER_DOMAIN_NAME=Default" >> /etc/profile
echo "export OS_PROJECT_NAME=admin" >> /etc/profile
echo "export OS_USERNAME=admin" >> /etc/profile
echo "export OS_PASSWORD=0901" >> /etc/profile
source /etc/profile
  • 创建Service Project:
1
openstack project create --domain default --description "Service Project" service
  • 验证服务状态:
1
openstack token issue

Swift服务

临时认证

  • 安装软件包:
1
apt install -y memcached python-memcache
  • 替换配置文件:
1
sed -i 's|-l 127.0.0.1|-l 172.18.10.100|g' /etc/memcached.conf
  • 重启Memcached服务:
1
systemctl restart memcached.service
  • 安装软件包:
1
apt install -y swift swift-proxy python-swiftclient
  • 创建配置目录:
1
mkdir -p /etc/swift
  • 创建配置文件:
1
vim /etc/swift/proxy-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 8080
swift_dir = /etc/swift
user = swift

[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:gatekeeper]
use = egg:swift#gatekeeper

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[filter:listing_formats]
use = egg:swift#listing_formats

[filter:container_sync]
use = egg:swift#container_sync

[filter:bulk]
use = egg:swift#bulk

[filter:tempurl]
use = egg:swift#tempurl

[filter:ratelimit]
use = egg:swift#ratelimit

[filter:tempauth]
use = egg:swift#tempauth
# user_ACCOUNT_USERNAME = PASSWORD [.admin] [.reseller_admin]
# .admin: 允许在账号中执行任何操作
# .reseller_admin: 允许在任何账号中执行任何操作
user_admin_admin = admin .admin .reseller_admin
user_user_user = user .admin
user_xiao_xiao = xiao

[filter:copy]
use = egg:swift#copy

[filter:container-quotas]
use = egg:swift#container_quotas

[filter:account-quotas]
use = egg:swift#account_quotas

[filter:slo]
use = egg:swift#slo

[filter:dlo]
use = egg:swift#dlo

[filter:versioned_writes]
use = egg:swift#versioned_writes

[filter:symlink]
use = egg:swift#symlink

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
  • 请跳过Keystone认证,继续执行ALL中所有的操作。

Keystone认证

  • 创建swift用户:
1
openstack user create --domain default --password-prompt swift
  • swift用户添加admin角色:
1
openstack role add --project service --user swift admin
  • 创建Object Storage服务的entity:
1
openstack service create --name swift --description "OpenStack Object Storage" object-store
  • 创建Object Storage服务的endpoint:
1
2
3
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(project_id\)s
openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(project_id\)s
openstack endpoint create --region RegionOne object-store admin http://object:8080/v1
  • 安装软件包:
1
apt install -y swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware
  • 创建配置目录:
1
mkdir -p /etc/swift
  • 创建配置文件:
1
vim /etc/swift/proxy-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 8080
swift_dir = /etc/swift
user = swift

[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:gatekeeper]
use = egg:swift#gatekeeper

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[filter:container_sync]
use = egg:swift#container_sync

[filter:bulk]
use = egg:swift#bulk

[filter:ratelimit]
use = egg:swift#ratelimit

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://object:5000
auth_url = http://object:5000
memcached_servers = object:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = 0901
delay_auth_decision = True

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user

[filter:container-quotas]
use = egg:swift#container_quotas

[filter:account-quotas]
use = egg:swift#account_quotas

[filter:slo]
use = egg:swift#slo

[filter:dlo]
use = egg:swift#dlo

[filter:versioned_writes]
use = egg:swift#versioned_writes

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
  • 请跳过临时认证,继续执行ALL中所有的操作。

ALL

  • 安装软件包:
1
apt install -y xfsprogs rsync
  • 为虚拟机挂载4个空磁盘,假设它们分别是/dev/sdb/dev/sdc/dev/sdd/dev/sde

  • 格式化磁盘并创建挂载点:

1
2
3
4
5
for i in {b..e}; do mkfs.xfs /dev/sd${i}; done
mkdir -p /srv/node/sd{b,c,d,e}
for i in {b..e}; do echo "/dev/sd${i} /srv/node/sd${i} xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab; done
for i in {b..e}; do mount /srv/node/sd${i}; done
chown -R swift:swift /srv/node
  • 创建配置文件:
1
vim /etc/rsyncd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 0.0.0.0

[account]
max connections = 25
path = /srv/node/
read only = False
lock file = /var/lock/account.lock

[container]
max connections = 25
path = /srv/node/
read only = False
lock file = /var/lock/container.lock

[object]
max connections = 25
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
  • 开启rsync服务:
1
2
3
sed -i 's|RSYNC_ENABLE=false|RSYNC_ENABLE=true|g' /etc/default/rsync
systemctl enable rsync.service
systemctl start rsync.service
  • 验证rsync服务:
1
rsync rsync://pub@localhost/
  • 安装软件包:
1
apt install -y swift-account swift-container swift-object swift-object-expirer
  • 创建配置文件:
1
vim /etc/swift/account-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = true

[pipeline:main]
pipeline = healthcheck recon account-server

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

[app:account-server]
use = egg:swift#account

[account-reaper]

[account-replicator]

[account-auditor]
1
vim /etc/swift/container-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = true

[pipeline:main]
pipeline = healthcheck recon container-server

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

[app:container-server]
use = egg:swift#container

[container-sync]

[container-replicator]

[container-updater]

[container-auditor]
1
vim /etc/swift/object-server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = true

[pipeline:main]
pipeline = healthcheck recon object-server

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock

[app:object-server]
use = egg:swift#object

[object-reconstructor]

[object-replicator]

[object-updater]

[object-auditor]
1
vim /etc/swift/object-expirer.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[DEFAULT]
swift_dir = /etc/swift
user = swift

[object-expirer]
interval = 300

[pipeline:main]
pipeline = catch_errors cache proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[app:proxy-server]
use = egg:swift#proxy
1
vim /etc/swift/container-reconciler.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[DEFAULT]
swift_dir = /etc/swift
user = swift

[container-reconciler]
reclaim_age = 604800
interval = 300
request_tries = 3

[pipeline:main]
pipeline = catch_errors proxy-logging cache proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[app:proxy-server]
use = egg:swift#proxy
  • 创建recon目录并设置权限:
1
2
3
mkdir -p /var/cache/swift
chown -R swift:root /var/cache/swift
chmod -R 775 /var/cache/swift
  • 切换目录:
1
cd /etc/swift
  • 创建并分配初始化环(rings):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
swift-ring-builder account.builder create 10 3 1
swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdc --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sde --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance

swift-ring-builder container.builder create 10 3 1
swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdc --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sde --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance

swift-ring-builder object.builder create 10 3 1
swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdc --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sde --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
  • 创建配置文件:
1
vim /etc/swift/swift.conf
1
2
3
4
5
6
7
8
9
10
[swift-hash]
swift_hash_path_suffix = Xiao
swift_hash_path_prefix = Xiao

[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange

[swift-constraints]
  • 设置权限:
1
chown -R swift:root /etc/swift
  • 重启相关服务:
1
2
3
systemctl restart memcached.service
systemctl restart swift-proxy.service
swift-init all restart

验证操作

临时认证

  • 查看Swift服务运行状态:
1
2
3
4
5
6
unset OS_AUTH_URL OS_IDENTITY_API_VERSION OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME OS_PROJECT_NAME OS_USERNAME OS_PASSWORD
echo "export ADMIN_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile
echo "export USER_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile
source /etc/profile
swift ${ADMIN_AUTH_INFO} stat
swift ${USER_AUTH_INFO} stat
  • 创建容器(container):
1
swift ${ADMIN_AUTH_INFO} post xiao
  • 列出所有容器(container):
1
swift ${ADMIN_AUTH_INFO} list
  • 上传测试文件到容器(container):
1
2
echo "Hello, World" > hello.txt
swift ${ADMIN_AUTH_INFO} upload xiao hello.txt
  • 列出容器(container)中存储的对象(object):
1
swift ${ADMIN_AUTH_INFO} list xiao
  • 下载容器(container)存储的的对象(object):
1
swift ${ADMIN_AUTH_INFO} download xiao hello.txt
  • 删除容器(container)存储的的对象(object):
1
swift ${ADMIN_AUTH_INFO} delete xiao hello.txt
  • 删除容器(container):
1
swift ${ADMIN_AUTH_INFO} delete xiao

Keystone认证

  • 查看Swift服务运行状态:
1
swift stat
  • 创建容器(container):
1
openstack container create xiao
  • 列出所有容器(container):
1
openstack container list
  • 上传测试文件到容器(container):
1
2
echo "Hello, World" > hello.txt
openstack object create xiao hello.txt
  • 列出容器(container)中存储的对象(object):
1
openstack object list xiao
  • 下载容器(container)存储的的对象(object):
1
openstack object save xiao hello.txt
  • 删除容器(container)存储的的对象(object):
1
openstack object delete xiao hello.txt
  • 删除容器(container):
1
openstack container delete xiao

有你就有世界,感谢有你,昕!
0%