-
本文档中介绍了如何在单节点上部署
OpenStack
的Swift
服务,包含2
种认证方式的部署指导,即临时认证和Keystone
认证。 -
OpenStack
版本:Queens
。
测试环境
-
系统版本:
Ubuntu 16.04.5
。 -
虚拟机的
IP
地址:172.18.10.100
。 -
虚拟机的主机名:
object
。 -
内存要求: 至少
2G
以上。 -
硬盘空间: 至少
40G
以上。
部署指导
基础环境配置
-
配置静态
IP
地址:
vim /etc/network/interfaces
auto lo iface lo inet loopback auto ens33 iface ens33 inet static address 172.18.10.100 netmask 255.255.255.0 gateway 172.18.10.2 dns-nameservers 223.5.5.5 dns-nameservers 114.114.114.114
-
配置
Ubuntu
的软件源: 请参考 《CentOS/Ubuntu的国内软件源》 。 -
配置
OpenStack
的软件源:
apt install -y software-properties-common # 此处需要按Enter键继续 add-apt-repository cloud-archive:queens
- 更新软件源并更新系统:
apt update && apt dist-upgrade -y
- 配置主机名:
echo 'object' > /etc/hostname
-
配置内网
DNS
解析:
echo '127.0.0.1 localhost' > /etc/hosts echo '172.18.10.100 object' >> /etc/hosts
- 配置终端提示符高亮显示:
echo 'export PS1="\u@\[\e[1;93m\]\h\[\e[m\]:\w\\$\[\e[m\] "' >> /root/.bashrc
- 重启主机,使配置生效:
shutdown -r now
Keystone认证
- 若使用临时认证,则跳过此步骤中所有服务的安装。
Client客户端
- 安装软件包:
apt install -y python-openstackclient
MySQL服务
- 安装软件包:
apt install -y mariadb-server python-pymysql
- 创建配置文件:
vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
[mysqld] bind-address = * default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
-
重启
MySQL
服务:
systemctl restart mysql.service
- 安全初始化数据库:
# 提示输入数据库密码, 若未设置, 直接按Enter键,然后输入y, 设置密码 # 对于配置, 推荐输入y、n、y、y mysql_secure_installation
Rabbitmq服务
- 安装软件包:
apt install -y rabbitmq-server
-
添加
OpenStack
所需用户:
rabbitmqctl add_user openstack 0901
- 设置用户权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Memcached服务
- 安装软件包:
apt install -y memcached python-memcache
- 替换配置文件:
sed -i 's|-l 127.0.0.1|-l 0.0.0.0|g' /etc/memcached.conf
-
重启
Memcached
服务:
systemctl restart memcached.service
Keystone服务
- 创建数据库并赋予权限:
MYSQL_PASS="0901" KEYSTONE_DBPASS="0901" mysql -u root -p${MYSQL_PASS} -e "CREATE DATABASE keystone;" mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${KEYSTONE_DBPASS}';" mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${KEYSTONE_DBPASS}';"
-
安装
Apache
服务:
apt install -y keystone apache2 libapache2-mod-wsgi
- 编辑配置文件:
vim /etc/keystone/keystone.conf
[database] connection = mysql+pymysql://keystone:0901@object/keystone [token] provider = fernet
-
同步配置到
keystone
数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
-
初始化
Fernet
键:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
-
引导
Identity
服务:
keystone-manage bootstrap --bootstrap-password 0901 \ --bootstrap-admin-url http://object:5000/v3/ \ --bootstrap-internal-url http://object:5000/v3/ \ --bootstrap-public-url http://object:5000/v3/ \ --bootstrap-region-id RegionOne
- 编辑配置文件:
sed -i '1 i\ServerName object/' /etc/apache2/apache2.conf
-
重启
Apache
服务:
systemctl restart apache2.service
- 写入身份认证信息:
echo "export OS_AUTH_URL=http://object:5000/v3" >> /etc/profile echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile echo "export OS_PROJECT_DOMAIN_NAME=Default" >> /etc/profile echo "export OS_USER_DOMAIN_NAME=Default" >> /etc/profile echo "export OS_PROJECT_NAME=admin" >> /etc/profile echo "export OS_USERNAME=admin" >> /etc/profile echo "export OS_PASSWORD=0901" >> /etc/profile source /etc/profile
-
创建
Service Project
:
openstack project create --domain default --description "Service Project" service
- 验证服务状态:
openstack token issue
Swift服务
临时认证
- 安装软件包:
apt install -y memcached python-memcache
- 替换配置文件:
sed -i 's|-l 127.0.0.1|-l 172.18.10.100|g' /etc/memcached.conf
-
重启
Memcached
服务:
systemctl restart memcached.service
- 安装软件包:
apt install -y swift swift-proxy python-swiftclient
- 创建配置目录:
mkdir -p /etc/swift
- 创建配置文件:
vim /etc/swift/proxy-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 8080 swift_dir = /etc/swift user = swift [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:gatekeeper] use = egg:swift#gatekeeper [filter:healthcheck] use = egg:swift#healthcheck [filter:proxy-logging] use = egg:swift#proxy_logging [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [filter:listing_formats] use = egg:swift#listing_formats [filter:container_sync] use = egg:swift#container_sync [filter:bulk] use = egg:swift#bulk [filter:tempurl] use = egg:swift#tempurl [filter:ratelimit] use = egg:swift#ratelimit [filter:tempauth] use = egg:swift#tempauth # user_ACCOUNT_USERNAME = PASSWORD [.admin] [.reseller_admin] # .admin: 允许在账号中执行任何操作 # .reseller_admin: 允许在任何账号中执行任何操作 user_admin_admin = admin .admin .reseller_admin user_user_user = user .admin user_xiao_xiao = xiao [filter:copy] use = egg:swift#copy [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas [filter:slo] use = egg:swift#slo [filter:dlo] use = egg:swift#dlo [filter:versioned_writes] use = egg:swift#versioned_writes [filter:symlink] use = egg:swift#symlink [app:proxy-server] use = egg:swift#proxy account_autocreate = True
-
请跳过
Keystone
认证 ,继续执行ALL
中所有的操作。
Keystone认证
-
创建
swift
用户:
openstack user create --domain default --password-prompt swift
-
为
swift
用户添加admin
角色:
openstack role add --project service --user swift admin
-
创建
Object Storage
服务的entity
:
openstack service create --name swift --description "OpenStack Object Storage" object-store
-
创建
Object Storage
服务的endpoint
:
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(project_id\)s openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(project_id\)s openstack endpoint create --region RegionOne object-store admin http://object:8080/v1
- 安装软件包:
apt install -y swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware
- 创建配置目录:
mkdir -p /etc/swift
- 创建配置文件:
vim /etc/swift/proxy-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 8080 swift_dir = /etc/swift user = swift [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:gatekeeper] use = egg:swift#gatekeeper [filter:healthcheck] use = egg:swift#healthcheck [filter:proxy-logging] use = egg:swift#proxy_logging [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [filter:container_sync] use = egg:swift#container_sync [filter:bulk] use = egg:swift#bulk [filter:ratelimit] use = egg:swift#ratelimit [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://object:5000 auth_url = http://object:5000 memcached_servers = object:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = 0901 delay_auth_decision = True [filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin,user [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas [filter:slo] use = egg:swift#slo [filter:dlo] use = egg:swift#dlo [filter:versioned_writes] use = egg:swift#versioned_writes [app:proxy-server] use = egg:swift#proxy account_autocreate = True
-
请跳过 临时认证
,继续执行
ALL
中所有的操作。
ALL
- 安装软件包:
apt install -y xfsprogs rsync
-
为虚拟机挂载
4
个空磁盘,假设它们分别是/dev/sdb
、/dev/sdc
、/dev/sdd
、/dev/sde
。 -
格式化磁盘并创建挂载点:
for i in {b..e}; do mkfs.xfs /dev/sd${i}; done mkdir -p /srv/node/sd{b,c,d,e} for i in {b..e}; do echo "/dev/sd${i} /srv/node/sd${i} xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab; done for i in {b..e}; do mount /srv/node/sd${i}; done chown -R swift:swift /srv/node
- 创建配置文件:
vim /etc/rsyncd.conf
uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = 0.0.0.0 [account] max connections = 25 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 25 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 25 path = /srv/node/ read only = False lock file = /var/lock/object.lock
-
开启
rsync
服务:
sed -i 's|RSYNC_ENABLE=false|RSYNC_ENABLE=true|g' /etc/default/rsync systemctl enable rsync.service systemctl start rsync.service
-
验证
rsync
服务:
rsync rsync://pub@localhost/
- 安装软件包:
apt install -y swift-account swift-container swift-object swift-object-expirer
- 创建配置文件:
vim /etc/swift/account-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 6002 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = true [pipeline:main] pipeline = healthcheck recon account-server [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift [app:account-server] use = egg:swift#account [account-reaper] [account-replicator] [account-auditor]
vim /etc/swift/container-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 6001 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = true [pipeline:main] pipeline = healthcheck recon container-server [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift [app:container-server] use = egg:swift#container [container-sync] [container-replicator] [container-updater] [container-auditor]
vim /etc/swift/object-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 6000 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = true [pipeline:main] pipeline = healthcheck recon object-server [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift recon_lock_path = /var/lock [app:object-server] use = egg:swift#object [object-reconstructor] [object-replicator] [object-updater] [object-auditor]
vim /etc/swift/object-expirer.conf
[DEFAULT] swift_dir = /etc/swift user = swift [object-expirer] interval = 300 [pipeline:main] pipeline = catch_errors cache proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [app:proxy-server] use = egg:swift#proxy
vim /etc/swift/container-reconciler.conf
[DEFAULT] swift_dir = /etc/swift user = swift [container-reconciler] reclaim_age = 604800 interval = 300 request_tries = 3 [pipeline:main] pipeline = catch_errors proxy-logging cache proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:proxy-logging] use = egg:swift#proxy_logging [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [app:proxy-server] use = egg:swift#proxy
-
创建
recon
目录并设置权限:
mkdir -p /var/cache/swift chown -R swift:root /var/cache/swift chmod -R 775 /var/cache/swift
- 切换目录:
cd /etc/swift
-
创建并分配初始化环(
rings
):
swift-ring-builder account.builder create 10 3 1 swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdb --weight 100 swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdc --weight 100 swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sdd --weight 100 swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sde --weight 100 swift-ring-builder account.builder swift-ring-builder account.builder rebalance swift-ring-builder container.builder create 10 3 1 swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdb --weight 100 swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdc --weight 100 swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sdd --weight 100 swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sde --weight 100 swift-ring-builder container.builder swift-ring-builder container.builder rebalance swift-ring-builder object.builder create 10 3 1 swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdb --weight 100 swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdc --weight 100 swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sdd --weight 100 swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sde --weight 100 swift-ring-builder object.builder swift-ring-builder object.builder rebalance
- 创建配置文件:
vim /etc/swift/swift.conf
[swift-hash] swift_hash_path_suffix = Xiao swift_hash_path_prefix = Xiao [storage-policy:0] name = Policy-0 default = yes aliases = yellow, orange [swift-constraints]
- 设置权限:
chown -R swift:root /etc/swift
- 重启相关服务:
systemctl restart memcached.service systemctl restart swift-proxy.service swift-init all restart
验证操作
临时认证
-
查看
Swift
服务运行状态:
unset OS_AUTH_URL OS_IDENTITY_API_VERSION OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME OS_PROJECT_NAME OS_USERNAME OS_PASSWORD echo "export ADMIN_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile echo "export USER_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile source /etc/profile swift ${ADMIN_AUTH_INFO} stat swift ${USER_AUTH_INFO} stat
-
创建容器(
container
):
swift ${ADMIN_AUTH_INFO} post xiao
-
列出所有容器(
container
):
swift ${ADMIN_AUTH_INFO} list
-
上传测试文件到容器(
container
):
echo "Hello, World" > hello.txt swift ${ADMIN_AUTH_INFO} upload xiao hello.txt
-
列出容器(
container
)中存储的对象(object
):
swift ${ADMIN_AUTH_INFO} list xiao
-
下载容器(
container
)存储的的对象(object
):
swift ${ADMIN_AUTH_INFO} download xiao hello.txt
-
删除容器(
container
)存储的的对象(object
):
swift ${ADMIN_AUTH_INFO} delete xiao hello.txt
-
删除容器(
container
):
swift ${ADMIN_AUTH_INFO} delete xiao
Keystone认证
-
查看
Swift
服务运行状态:
swift stat
-
创建容器(
container
):
openstack container create xiao
-
列出所有容器(
container
):
openstack container list
-
上传测试文件到容器(
container
):
echo "Hello, World" > hello.txt openstack object create xiao hello.txt
-
列出容器(
container
)中存储的对象(object
):
openstack object list xiao
-
下载容器(
container
)存储的的对象(object
):
openstack object save xiao hello.txt
-
删除容器(
container
)存储的的对象(object
):
openstack object delete xiao hello.txt
-
删除容器(
container
):
openstack container delete xiao
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:- 用 Kubernetes 部署 Crawlab 爬虫管理节点集群
- 搭建 K8S 集群之 node 节点部署
- Microsoft Azure 以太坊节点自动化部署方案漏洞分析
- VPS 单节点部署 Kubernetes 的方法与对比——让穷人也能用得起 Kubernetes
- 穷人也能用得起 K8s - VPS 单节点部署 Kubernetes 的方法与对比
- xml创建节点(根节点、子节点)
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Data Structures and Algorithms in Java
Robert Lafore / Sams / 2002-11-06 / USD 64.99
Data Structures and Algorithms in Java, Second Edition is designed to be easy to read and understand although the topic itself is complicated. Algorithms are the procedures that software programs use......一起来看看 《Data Structures and Algorithms in Java》 这本书的介绍吧!