OpenStack的Swift单节点部署

栏目: 编程工具 · 发布时间: 6年前

  • 本文档中介绍了如何在单节点上部署 OpenStackSwift 服务,包含 2 种认证方式的部署指导,即临时认证和 Keystone 认证。
  • OpenStack 版本: Queens

测试环境

  • 系统版本: Ubuntu 16.04.5
  • 虚拟机的 IP 地址: 172.18.10.100
  • 虚拟机的主机名: object
  • 内存要求: 至少 2G 以上。
  • 硬盘空间: 至少 40G 以上。

部署指导

基础环境配置

  • 配置静态 IP 地址:
vim /etc/network/interfaces
auto lo
iface lo inet loopback

auto ens33
iface ens33 inet static
address 172.18.10.100
netmask 255.255.255.0
gateway 172.18.10.2
dns-nameservers 223.5.5.5
dns-nameservers 114.114.114.114
apt install -y software-properties-common

# 此处需要按Enter键继续
add-apt-repository cloud-archive:queens
  • 更新软件源并更新系统:
apt update && apt dist-upgrade -y
  • 配置主机名:
echo 'object' > /etc/hostname
  • 配置内网 DNS 解析:
echo '127.0.0.1 localhost' > /etc/hosts
echo '172.18.10.100 object' >> /etc/hosts
  • 配置终端提示符高亮显示:
echo 'export PS1="\u@\[\e[1;93m\]\h\[\e[m\]:\w\\$\[\e[m\] "' >> /root/.bashrc
  • 重启主机,使配置生效:
shutdown -r now

Keystone认证

  • 若使用临时认证,则跳过此步骤中所有服务的安装。

Client客户端

  • 安装软件包:
apt install -y python-openstackclient

MySQL服务

  • 安装软件包:
apt install -y mariadb-server python-pymysql
  • 创建配置文件:
vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
[mysqld]
bind-address = *
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
  • 重启 MySQL 服务:
systemctl restart mysql.service
  • 安全初始化数据库:
# 提示输入数据库密码, 若未设置, 直接按Enter键,然后输入y, 设置密码
# 对于配置, 推荐输入y、n、y、y
mysql_secure_installation

Rabbitmq服务

  • 安装软件包:
apt install -y rabbitmq-server
  • 添加 OpenStack 所需用户:
rabbitmqctl add_user openstack 0901
  • 设置用户权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Memcached服务

  • 安装软件包:
apt install -y memcached python-memcache
  • 替换配置文件:
sed -i 's|-l 127.0.0.1|-l 0.0.0.0|g' /etc/memcached.conf
  • 重启 Memcached 服务:
systemctl restart memcached.service

Keystone服务

  • 创建数据库并赋予权限:
MYSQL_PASS="0901"
KEYSTONE_DBPASS="0901"
mysql -u root -p${MYSQL_PASS} -e "CREATE DATABASE keystone;"
mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${KEYSTONE_DBPASS}';"
mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${KEYSTONE_DBPASS}';"
  • 安装 Apache 服务:
apt install -y keystone apache2 libapache2-mod-wsgi
  • 编辑配置文件:
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:0901@object/keystone

[token]
provider = fernet
  • 同步配置到 keystone 数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
  • 初始化 Fernet 键:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  • 引导 Identity 服务:
keystone-manage bootstrap --bootstrap-password 0901 \
  --bootstrap-admin-url http://object:5000/v3/ \
  --bootstrap-internal-url http://object:5000/v3/ \
  --bootstrap-public-url http://object:5000/v3/ \
  --bootstrap-region-id RegionOne
  • 编辑配置文件:
sed -i '1 i\ServerName object/' /etc/apache2/apache2.conf
  • 重启 Apache 服务:
systemctl restart apache2.service
  • 写入身份认证信息:
echo "export OS_AUTH_URL=http://object:5000/v3" >> /etc/profile
echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile
echo "export OS_PROJECT_DOMAIN_NAME=Default" >> /etc/profile
echo "export OS_USER_DOMAIN_NAME=Default" >> /etc/profile
echo "export OS_PROJECT_NAME=admin" >> /etc/profile
echo "export OS_USERNAME=admin" >> /etc/profile
echo "export OS_PASSWORD=0901" >> /etc/profile
source /etc/profile
  • 创建 Service Project :
openstack project create --domain default --description "Service Project" service
  • 验证服务状态:
openstack token issue

Swift服务

临时认证

  • 安装软件包:
apt install -y memcached python-memcache
  • 替换配置文件:
sed -i 's|-l 127.0.0.1|-l 172.18.10.100|g' /etc/memcached.conf
  • 重启 Memcached 服务:
systemctl restart memcached.service
  • 安装软件包:
apt install -y swift swift-proxy python-swiftclient
  • 创建配置目录:
mkdir -p /etc/swift
  • 创建配置文件:
vim /etc/swift/proxy-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 8080
swift_dir = /etc/swift
user = swift

[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:gatekeeper]
use = egg:swift#gatekeeper

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[filter:listing_formats]
use = egg:swift#listing_formats

[filter:container_sync]
use = egg:swift#container_sync

[filter:bulk]
use = egg:swift#bulk

[filter:tempurl]
use = egg:swift#tempurl

[filter:ratelimit]
use = egg:swift#ratelimit

[filter:tempauth]
use = egg:swift#tempauth
# user_ACCOUNT_USERNAME = PASSWORD [.admin] [.reseller_admin]
# .admin: 允许在账号中执行任何操作
# .reseller_admin: 允许在任何账号中执行任何操作
user_admin_admin = admin .admin .reseller_admin
user_user_user = user .admin
user_xiao_xiao = xiao

[filter:copy]
use = egg:swift#copy

[filter:container-quotas]
use = egg:swift#container_quotas

[filter:account-quotas]
use = egg:swift#account_quotas

[filter:slo]
use = egg:swift#slo

[filter:dlo]
use = egg:swift#dlo

[filter:versioned_writes]
use = egg:swift#versioned_writes

[filter:symlink]
use = egg:swift#symlink

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
  • 请跳过 Keystone 认证 ,继续执行 ALL 中所有的操作。

Keystone认证

  • 创建 swift 用户:
openstack user create --domain default --password-prompt swift
  • swift 用户添加 admin 角色:
openstack role add --project service --user swift admin
  • 创建 Object Storage 服务的 entity :
openstack service create --name swift --description "OpenStack Object Storage" object-store
  • 创建 Object Storage 服务的 endpoint :
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(project_id\)s
openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(project_id\)s
openstack endpoint create --region RegionOne object-store admin http://object:8080/v1
  • 安装软件包:
apt install -y swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware
  • 创建配置目录:
mkdir -p /etc/swift
  • 创建配置文件:
vim /etc/swift/proxy-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 8080
swift_dir = /etc/swift
user = swift

[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:gatekeeper]
use = egg:swift#gatekeeper

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[filter:container_sync]
use = egg:swift#container_sync

[filter:bulk]
use = egg:swift#bulk

[filter:ratelimit]
use = egg:swift#ratelimit

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://object:5000
auth_url = http://object:5000
memcached_servers = object:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = 0901
delay_auth_decision = True

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user

[filter:container-quotas]
use = egg:swift#container_quotas

[filter:account-quotas]
use = egg:swift#account_quotas

[filter:slo]
use = egg:swift#slo

[filter:dlo]
use = egg:swift#dlo

[filter:versioned_writes]
use = egg:swift#versioned_writes

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
  • 请跳过 临时认证 ,继续执行 ALL 中所有的操作。

ALL

  • 安装软件包:
apt install -y xfsprogs rsync
  • 为虚拟机挂载 4 个空磁盘,假设它们分别是 /dev/sdb/dev/sdc/dev/sdd/dev/sde

  • 格式化磁盘并创建挂载点:

for i in {b..e}; do mkfs.xfs /dev/sd${i}; done
mkdir -p /srv/node/sd{b,c,d,e}
for i in {b..e}; do echo "/dev/sd${i} /srv/node/sd${i} xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab; done
for i in {b..e}; do mount /srv/node/sd${i}; done
chown -R swift:swift /srv/node
  • 创建配置文件:
vim /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 0.0.0.0

[account]
max connections = 25
path = /srv/node/
read only = False
lock file = /var/lock/account.lock

[container]
max connections = 25
path = /srv/node/
read only = False
lock file = /var/lock/container.lock

[object]
max connections = 25
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
  • 开启 rsync 服务:
sed -i 's|RSYNC_ENABLE=false|RSYNC_ENABLE=true|g' /etc/default/rsync
systemctl enable rsync.service
systemctl start rsync.service
  • 验证 rsync 服务:
rsync rsync://pub@localhost/
  • 安装软件包:
apt install -y swift-account swift-container swift-object swift-object-expirer
  • 创建配置文件:
vim /etc/swift/account-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = true

[pipeline:main]
pipeline = healthcheck recon account-server

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

[app:account-server]
use = egg:swift#account

[account-reaper]

[account-replicator]

[account-auditor]
vim /etc/swift/container-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = true

[pipeline:main]
pipeline = healthcheck recon container-server

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

[app:container-server]
use = egg:swift#container

[container-sync]

[container-replicator]

[container-updater]

[container-auditor]
vim /etc/swift/object-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = true

[pipeline:main]
pipeline = healthcheck recon object-server

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock

[app:object-server]
use = egg:swift#object

[object-reconstructor]

[object-replicator]

[object-updater]

[object-auditor]
vim /etc/swift/object-expirer.conf
[DEFAULT]
swift_dir = /etc/swift
user = swift

[object-expirer]
interval = 300

[pipeline:main]
pipeline = catch_errors cache proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[app:proxy-server]
use = egg:swift#proxy
vim /etc/swift/container-reconciler.conf
[DEFAULT]
swift_dir = /etc/swift
user = swift

[container-reconciler]
reclaim_age = 604800
interval = 300
request_tries = 3

[pipeline:main]
pipeline = catch_errors proxy-logging cache proxy-server

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211

[app:proxy-server]
use = egg:swift#proxy
  • 创建 recon 目录并设置权限:
mkdir -p /var/cache/swift
chown -R swift:root /var/cache/swift
chmod -R 775 /var/cache/swift
  • 切换目录:
cd /etc/swift
  • 创建并分配初始化环( rings ):
swift-ring-builder account.builder create 10 3 1
swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdc --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sde --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance

swift-ring-builder container.builder create 10 3 1
swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdc --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sde --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance

swift-ring-builder object.builder create 10 3 1
swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdc --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sde --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
  • 创建配置文件:
vim /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = Xiao
swift_hash_path_prefix = Xiao

[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange

[swift-constraints]
  • 设置权限:
chown -R swift:root /etc/swift
  • 重启相关服务:
systemctl restart memcached.service
systemctl restart swift-proxy.service
swift-init all restart

验证操作

临时认证

  • 查看 Swift 服务运行状态:
unset OS_AUTH_URL OS_IDENTITY_API_VERSION OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME OS_PROJECT_NAME OS_USERNAME OS_PASSWORD
echo "export ADMIN_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile
echo "export USER_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile
source /etc/profile
swift ${ADMIN_AUTH_INFO} stat
swift ${USER_AUTH_INFO} stat
  • 创建容器( container ):
swift ${ADMIN_AUTH_INFO} post xiao
  • 列出所有容器( container ):
swift ${ADMIN_AUTH_INFO} list
  • 上传测试文件到容器( container ):
echo "Hello, World" > hello.txt
swift ${ADMIN_AUTH_INFO} upload xiao hello.txt
  • 列出容器( container )中存储的对象( object ):
swift ${ADMIN_AUTH_INFO} list xiao
  • 下载容器( container )存储的的对象( object ):
swift ${ADMIN_AUTH_INFO} download xiao hello.txt
  • 删除容器( container )存储的的对象( object ):
swift ${ADMIN_AUTH_INFO} delete xiao hello.txt
  • 删除容器( container ):
swift ${ADMIN_AUTH_INFO} delete xiao

Keystone认证

  • 查看 Swift 服务运行状态:
swift stat
  • 创建容器( container ):
openstack container create xiao
  • 列出所有容器( container ):
openstack container list
  • 上传测试文件到容器( container ):
echo "Hello, World" > hello.txt
openstack object create xiao hello.txt
  • 列出容器( container )中存储的对象( object ):
openstack object list xiao
  • 下载容器( container )存储的的对象( object ):
openstack object save xiao hello.txt
  • 删除容器( container )存储的的对象( object ):
openstack object delete xiao hello.txt
  • 删除容器( container ):
openstack container delete xiao

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Data Structures and Algorithms in Java

Data Structures and Algorithms in Java

Robert Lafore / Sams / 2002-11-06 / USD 64.99

Data Structures and Algorithms in Java, Second Edition is designed to be easy to read and understand although the topic itself is complicated. Algorithms are the procedures that software programs use......一起来看看 《Data Structures and Algorithms in Java》 这本书的介绍吧!

随机密码生成器
随机密码生成器

多种字符组合密码

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具

HEX CMYK 转换工具
HEX CMYK 转换工具

HEX CMYK 互转工具