-
本文档中介绍了如何在单节点上部署
OpenStack
的Swift
服务,包含2
种认证方式的部署指导,即临时认证和Keystone
认证。 -
OpenStack
版本:Queens
。
测试环境
-
系统版本:
Ubuntu 16.04.5
。 -
虚拟机的
IP
地址:172.18.10.100
。 -
虚拟机的主机名:
object
。 -
内存要求: 至少
2G
以上。 -
硬盘空间: 至少
40G
以上。
部署指导
基础环境配置
-
配置静态
IP
地址:
vim /etc/network/interfaces
auto lo iface lo inet loopback auto ens33 iface ens33 inet static address 172.18.10.100 netmask 255.255.255.0 gateway 172.18.10.2 dns-nameservers 223.5.5.5 dns-nameservers 114.114.114.114
-
配置
Ubuntu
的软件源: 请参考 《CentOS/Ubuntu的国内软件源》 。 -
配置
OpenStack
的软件源:
apt install -y software-properties-common # 此处需要按Enter键继续 add-apt-repository cloud-archive:queens
- 更新软件源并更新系统:
apt update && apt dist-upgrade -y
- 配置主机名:
echo 'object' > /etc/hostname
-
配置内网
DNS
解析:
echo '127.0.0.1 localhost' > /etc/hosts echo '172.18.10.100 object' >> /etc/hosts
- 配置终端提示符高亮显示:
echo 'export PS1="\u@\[\e[1;93m\]\h\[\e[m\]:\w\\$\[\e[m\] "' >> /root/.bashrc
- 重启主机,使配置生效:
shutdown -r now
Keystone认证
- 若使用临时认证,则跳过此步骤中所有服务的安装。
Client客户端
- 安装软件包:
apt install -y python-openstackclient
MySQL服务
- 安装软件包:
apt install -y mariadb-server python-pymysql
- 创建配置文件:
vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
[mysqld] bind-address = * default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
-
重启
MySQL
服务:
systemctl restart mysql.service
- 安全初始化数据库:
# 提示输入数据库密码, 若未设置, 直接按Enter键,然后输入y, 设置密码 # 对于配置, 推荐输入y、n、y、y mysql_secure_installation
Rabbitmq服务
- 安装软件包:
apt install -y rabbitmq-server
-
添加
OpenStack
所需用户:
rabbitmqctl add_user openstack 0901
- 设置用户权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Memcached服务
- 安装软件包:
apt install -y memcached python-memcache
- 替换配置文件:
sed -i 's|-l 127.0.0.1|-l 0.0.0.0|g' /etc/memcached.conf
-
重启
Memcached
服务:
systemctl restart memcached.service
Keystone服务
- 创建数据库并赋予权限:
MYSQL_PASS="0901" KEYSTONE_DBPASS="0901" mysql -u root -p${MYSQL_PASS} -e "CREATE DATABASE keystone;" mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${KEYSTONE_DBPASS}';" mysql -u root -p${MYSQL_PASS} -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${KEYSTONE_DBPASS}';"
-
安装
Apache
服务:
apt install -y keystone apache2 libapache2-mod-wsgi
- 编辑配置文件:
vim /etc/keystone/keystone.conf
[database] connection = mysql+pymysql://keystone:0901@object/keystone [token] provider = fernet
-
同步配置到
keystone
数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
-
初始化
Fernet
键:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
-
引导
Identity
服务:
keystone-manage bootstrap --bootstrap-password 0901 \ --bootstrap-admin-url http://object:5000/v3/ \ --bootstrap-internal-url http://object:5000/v3/ \ --bootstrap-public-url http://object:5000/v3/ \ --bootstrap-region-id RegionOne
- 编辑配置文件:
sed -i '1 i\ServerName object/' /etc/apache2/apache2.conf
-
重启
Apache
服务:
systemctl restart apache2.service
- 写入身份认证信息:
echo "export OS_AUTH_URL=http://object:5000/v3" >> /etc/profile echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile echo "export OS_PROJECT_DOMAIN_NAME=Default" >> /etc/profile echo "export OS_USER_DOMAIN_NAME=Default" >> /etc/profile echo "export OS_PROJECT_NAME=admin" >> /etc/profile echo "export OS_USERNAME=admin" >> /etc/profile echo "export OS_PASSWORD=0901" >> /etc/profile source /etc/profile
-
创建
Service Project
:
openstack project create --domain default --description "Service Project" service
- 验证服务状态:
openstack token issue
Swift服务
临时认证
- 安装软件包:
apt install -y memcached python-memcache
- 替换配置文件:
sed -i 's|-l 127.0.0.1|-l 172.18.10.100|g' /etc/memcached.conf
-
重启
Memcached
服务:
systemctl restart memcached.service
- 安装软件包:
apt install -y swift swift-proxy python-swiftclient
- 创建配置目录:
mkdir -p /etc/swift
- 创建配置文件:
vim /etc/swift/proxy-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 8080 swift_dir = /etc/swift user = swift [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:gatekeeper] use = egg:swift#gatekeeper [filter:healthcheck] use = egg:swift#healthcheck [filter:proxy-logging] use = egg:swift#proxy_logging [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [filter:listing_formats] use = egg:swift#listing_formats [filter:container_sync] use = egg:swift#container_sync [filter:bulk] use = egg:swift#bulk [filter:tempurl] use = egg:swift#tempurl [filter:ratelimit] use = egg:swift#ratelimit [filter:tempauth] use = egg:swift#tempauth # user_ACCOUNT_USERNAME = PASSWORD [.admin] [.reseller_admin] # .admin: 允许在账号中执行任何操作 # .reseller_admin: 允许在任何账号中执行任何操作 user_admin_admin = admin .admin .reseller_admin user_user_user = user .admin user_xiao_xiao = xiao [filter:copy] use = egg:swift#copy [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas [filter:slo] use = egg:swift#slo [filter:dlo] use = egg:swift#dlo [filter:versioned_writes] use = egg:swift#versioned_writes [filter:symlink] use = egg:swift#symlink [app:proxy-server] use = egg:swift#proxy account_autocreate = True
-
请跳过
Keystone
认证 ,继续执行ALL
中所有的操作。
Keystone认证
-
创建
swift
用户:
openstack user create --domain default --password-prompt swift
-
为
swift
用户添加admin
角色:
openstack role add --project service --user swift admin
-
创建
Object Storage
服务的entity
:
openstack service create --name swift --description "OpenStack Object Storage" object-store
-
创建
Object Storage
服务的endpoint
:
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(project_id\)s openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(project_id\)s openstack endpoint create --region RegionOne object-store admin http://object:8080/v1
- 安装软件包:
apt install -y swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware
- 创建配置目录:
mkdir -p /etc/swift
- 创建配置文件:
vim /etc/swift/proxy-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 8080 swift_dir = /etc/swift user = swift [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:gatekeeper] use = egg:swift#gatekeeper [filter:healthcheck] use = egg:swift#healthcheck [filter:proxy-logging] use = egg:swift#proxy_logging [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [filter:container_sync] use = egg:swift#container_sync [filter:bulk] use = egg:swift#bulk [filter:ratelimit] use = egg:swift#ratelimit [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://object:5000 auth_url = http://object:5000 memcached_servers = object:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = 0901 delay_auth_decision = True [filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin,user [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas [filter:slo] use = egg:swift#slo [filter:dlo] use = egg:swift#dlo [filter:versioned_writes] use = egg:swift#versioned_writes [app:proxy-server] use = egg:swift#proxy account_autocreate = True
-
请跳过 临时认证
,继续执行
ALL
中所有的操作。
ALL
- 安装软件包:
apt install -y xfsprogs rsync
-
为虚拟机挂载
4
个空磁盘,假设它们分别是/dev/sdb
、/dev/sdc
、/dev/sdd
、/dev/sde
。 -
格式化磁盘并创建挂载点:
for i in {b..e}; do mkfs.xfs /dev/sd${i}; done mkdir -p /srv/node/sd{b,c,d,e} for i in {b..e}; do echo "/dev/sd${i} /srv/node/sd${i} xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab; done for i in {b..e}; do mount /srv/node/sd${i}; done chown -R swift:swift /srv/node
- 创建配置文件:
vim /etc/rsyncd.conf
uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = 0.0.0.0 [account] max connections = 25 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 25 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 25 path = /srv/node/ read only = False lock file = /var/lock/object.lock
-
开启
rsync
服务:
sed -i 's|RSYNC_ENABLE=false|RSYNC_ENABLE=true|g' /etc/default/rsync systemctl enable rsync.service systemctl start rsync.service
-
验证
rsync
服务:
rsync rsync://pub@localhost/
- 安装软件包:
apt install -y swift-account swift-container swift-object swift-object-expirer
- 创建配置文件:
vim /etc/swift/account-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 6002 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = true [pipeline:main] pipeline = healthcheck recon account-server [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift [app:account-server] use = egg:swift#account [account-reaper] [account-replicator] [account-auditor]
vim /etc/swift/container-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 6001 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = true [pipeline:main] pipeline = healthcheck recon container-server [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift [app:container-server] use = egg:swift#container [container-sync] [container-replicator] [container-updater] [container-auditor]
vim /etc/swift/object-server.conf
[DEFAULT] bind_ip = 0.0.0.0 bind_port = 6000 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = true [pipeline:main] pipeline = healthcheck recon object-server [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift recon_lock_path = /var/lock [app:object-server] use = egg:swift#object [object-reconstructor] [object-replicator] [object-updater] [object-auditor]
vim /etc/swift/object-expirer.conf
[DEFAULT] swift_dir = /etc/swift user = swift [object-expirer] interval = 300 [pipeline:main] pipeline = catch_errors cache proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [app:proxy-server] use = egg:swift#proxy
vim /etc/swift/container-reconciler.conf
[DEFAULT] swift_dir = /etc/swift user = swift [container-reconciler] reclaim_age = 604800 interval = 300 request_tries = 3 [pipeline:main] pipeline = catch_errors proxy-logging cache proxy-server [filter:catch_errors] use = egg:swift#catch_errors [filter:proxy-logging] use = egg:swift#proxy_logging [filter:cache] use = egg:swift#memcache memcache_servers = object:11211 [app:proxy-server] use = egg:swift#proxy
-
创建
recon
目录并设置权限:
mkdir -p /var/cache/swift chown -R swift:root /var/cache/swift chmod -R 775 /var/cache/swift
- 切换目录:
cd /etc/swift
-
创建并分配初始化环(
rings
):
swift-ring-builder account.builder create 10 3 1 swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdb --weight 100 swift-ring-builder account.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6002 --device sdc --weight 100 swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sdd --weight 100 swift-ring-builder account.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6002 --device sde --weight 100 swift-ring-builder account.builder swift-ring-builder account.builder rebalance swift-ring-builder container.builder create 10 3 1 swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdb --weight 100 swift-ring-builder container.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6001 --device sdc --weight 100 swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sdd --weight 100 swift-ring-builder container.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6001 --device sde --weight 100 swift-ring-builder container.builder swift-ring-builder container.builder rebalance swift-ring-builder object.builder create 10 3 1 swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdb --weight 100 swift-ring-builder object.builder add --region 1 --zone 1 --ip 172.18.10.100 --port 6000 --device sdc --weight 100 swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sdd --weight 100 swift-ring-builder object.builder add --region 1 --zone 2 --ip 172.18.10.100 --port 6000 --device sde --weight 100 swift-ring-builder object.builder swift-ring-builder object.builder rebalance
- 创建配置文件:
vim /etc/swift/swift.conf
[swift-hash] swift_hash_path_suffix = Xiao swift_hash_path_prefix = Xiao [storage-policy:0] name = Policy-0 default = yes aliases = yellow, orange [swift-constraints]
- 设置权限:
chown -R swift:root /etc/swift
- 重启相关服务:
systemctl restart memcached.service systemctl restart swift-proxy.service swift-init all restart
验证操作
临时认证
-
查看
Swift
服务运行状态:
unset OS_AUTH_URL OS_IDENTITY_API_VERSION OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME OS_PROJECT_NAME OS_USERNAME OS_PASSWORD echo "export ADMIN_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile echo "export USER_AUTH_INFO='-A http://localhost:8080/auth/v1.0 -U admin:admin -K admin'" >> /etc/profile source /etc/profile swift ${ADMIN_AUTH_INFO} stat swift ${USER_AUTH_INFO} stat
-
创建容器(
container
):
swift ${ADMIN_AUTH_INFO} post xiao
-
列出所有容器(
container
):
swift ${ADMIN_AUTH_INFO} list
-
上传测试文件到容器(
container
):
echo "Hello, World" > hello.txt swift ${ADMIN_AUTH_INFO} upload xiao hello.txt
-
列出容器(
container
)中存储的对象(object
):
swift ${ADMIN_AUTH_INFO} list xiao
-
下载容器(
container
)存储的的对象(object
):
swift ${ADMIN_AUTH_INFO} download xiao hello.txt
-
删除容器(
container
)存储的的对象(object
):
swift ${ADMIN_AUTH_INFO} delete xiao hello.txt
-
删除容器(
container
):
swift ${ADMIN_AUTH_INFO} delete xiao
Keystone认证
-
查看
Swift
服务运行状态:
swift stat
-
创建容器(
container
):
openstack container create xiao
-
列出所有容器(
container
):
openstack container list
-
上传测试文件到容器(
container
):
echo "Hello, World" > hello.txt openstack object create xiao hello.txt
-
列出容器(
container
)中存储的对象(object
):
openstack object list xiao
-
下载容器(
container
)存储的的对象(object
):
openstack object save xiao hello.txt
-
删除容器(
container
)存储的的对象(object
):
openstack object delete xiao hello.txt
-
删除容器(
container
):
openstack container delete xiao
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:- 用 Kubernetes 部署 Crawlab 爬虫管理节点集群
- 搭建 K8S 集群之 node 节点部署
- Microsoft Azure 以太坊节点自动化部署方案漏洞分析
- VPS 单节点部署 Kubernetes 的方法与对比——让穷人也能用得起 Kubernetes
- 穷人也能用得起 K8s - VPS 单节点部署 Kubernetes 的方法与对比
- xml创建节点(根节点、子节点)
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。