swift(Object Storage對象存儲服務)(單節點)

# 在部署對象存儲服務(swift)之前,你的環境必須包含身份驗證服務(keystone); # keystone需要MySQL數據庫,Rabbitmq服務,Memcached服務; # 內存：4G # 系統：Ubuntu Server-14.04.5 # 安裝方法：http://www.jianshu.com/p/9e77b3ad930a # IP地址：192.168.10.55 # 主機名：object

---

基本環境配置

配置主機靜態IP地址

vim /etc/network/interfaces

auto lo iface lo inet loopback auto eth0 # 將dhcp修改為static iface eth0 inet static # 靜態IP地址 address 192.168.10.55 # 子網掩碼 netmask 255.255.255.0 # 廣播地址 broadcast 192.168.10.255 # 默認網關 gateway 192.168.10.2 # DNS服務器 ## 谷歌DNS dns-nameservers 8.8.8.8 ## 阿里DNS dns-nameservers 223.5.5.5

重啟網卡

# 關閉網卡 ifdown eth0 # 開啟網卡 ifup eth0

配置主機名

vim /etc/hostname

# 對於不同的節點，請做出相應的修改 # 清空文件內容 # 主機名 object

配置主機名解析

vim /etc/hosts

# 文件內容，請視實際情況做相應的修改
192.168.10.55 object

驗證操作

ping -c 4 主機名 # 例如 ping -c 4 object

配置Ubuntu更新源

vim /etc/apt/sources.list

# 請先把文件內容清空 # 任選一組源 # 中國科學技術大學源 deb http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse # 阿里雲的Ubuntu-14.04源 deb http://mirrors.aliyun.com/ubuntu/ trusty main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ trusty-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ trusty-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ trusty main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ trusty-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ trusty-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse

更新系統

apt-get update && apt-get dist-upgrade

添加OpenStack庫

apt-get install software-properties-common
# 此處命令行會停頓，請按Enter鍵繼續 add-apt-repository cloud-archive:mitaka

安裝OpenStack客戶端

apt-get install python-openstackclient

更新系統

# 此處為必需步驟 apt-get update && apt-get dist-upgrade

重啟主機

shutdown -r now
# 重啟電腦后,XShell要用新的IP地址連接虛擬機 # XShell的使用方法：http://www.jianshu.com/p/ada93cba0acd

---

MySQL服務

安裝軟件包

# 此處會提示用戶設置數據庫密碼 apt-get install mariadb-server python-pymysql

配置openstack.cnf

vim /etc/mysql/conf.d/openstack.cnf

[mysqld]
# object節點的IP bind-address = 192.168.10.55 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8

重啟mysql服務

service mysql restart

mysql安全初始化

# 提示輸入密碼，問題推薦輸入n、y、y、y、y mysql_secure_installation

---

Rabbitmq服務

安裝軟件包

apt-get install rabbitmq-server

添加OpenStack用戶

# 此處密碼為0901 rabbitmqctl add_user openstack 0901

為OpenStack用戶添加讀、寫及訪問權限

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

---

Memcached服務

安裝軟件包

apt-get install memcached python-memcache

配置memcached.conf

vim /etc/memcached.conf

# object的IP地址 -l 192.168.10.55

重啟服務

service memcached restart

---

keystone的安裝

進入數據庫

# 提示輸入數據庫密碼 mysql -u root -p

創建keystone數據庫

CREATE DATABASE keystone;

賦予keystone相關權限

# 根據實際情況修改密碼
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '0901'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '0901';

退出數據庫

exit

生成隨機值作為臨時令牌(token)

# token：0c7030a400cf77890c75 # token值要與后文統一 openssl rand -hex 10

禁用keystone在安裝完成后自啟

echo "manual" > /etc/init/keystone.override

安裝軟件包

apt-get install keystone apache2 libapache2-mod-wsgi

配置keystone.conf

vim /etc/keystone/keystone.conf

[DEFAULT] # token：0c7030a400cf77890c75 # token值要與后文統一 admin_token = 0c7030a400cf77890c75  [database] # 注釋掉原connection # 根據實際情況修改密碼 connection = mysql+pymysql://keystone:0901@object/keystone # 在第1987行 [token] provider = fernet

同步keystone數據庫

su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化Fernet鍵

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置apache2.conf

vim /etc/apache2/apache2.conf

# 在文件前面添加該項 ServerName object

新建並配置wsgi-keystone.conf

vim /etc/apache2/sites-available/wsgi-keystone.conf

Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost>

使apache支持虛擬機的身份認證服務

ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled

重啟appache服務

service apache2 restart

刪除SQLite數據庫文件

rm -f /var/lib/keystone/keystone.db

配置身份驗證令牌

# token值要與前文統一 export OS_TOKEN=0c7030a400cf77890c75

配置Endpoint的URL

export OS_URL=http://object:35357/v3

配置API版本

export OS_IDENTITY_API_VERSION=3

創建identity服務實體

# 執行結果為表格 openstack service create --name keystone --description "OpenStack Identity" identity

創建identity服務endpoint

# 執行結果為表格 openstack endpoint create --region RegionOne identity public http://object:5000/v3 openstack endpoint create --region RegionOne identity internal http://object:5000/v3 openstack endpoint create --region RegionOne identity admin http://object:35357/v3

創建一個默認的domain

# 執行結果為表格 openstack domain create --description "Default Domain" default

創建一個admin project

# 執行結果為表格 openstack project create --domain default --description "Admin Project" admin

創建一個admin user

# 此處會提示用戶設置用戶密碼 # 執行結果為表格 openstack user create --domain default --password-prompt admin

創建一個admin role

# 執行結果為表格 openstack role create admin

將role添加到admin project和admin user里面去

# 此處無輸出則執行正確 openstack role add --project admin --user admin admin

創建一個service project

# 執行結果為表格 openstack project create --domain default --description "Service Project" service

配置keystone-paste.ini

vim /etc/keystone/keystone-paste.ini

# 分別從[pipeline:public_api]、[pipeline:admin_api] and [pipeline:api_v3] 移除 admin_token_auth

移除臨時token

unset OS_TOKEN OS_URL

作為admin管理員請求一個身份驗證令牌

# 提示輸入admin的密碼 # 執行結果為表格 openstack --os-auth-url http://object:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue

簡化操作

# 將環境變量寫入配置文件 # 簡化每次重啟主機后需加載腳本的操作 # 直接在命令行執行以下命令,再遇到需要加載腳本時就不需要執行了 echo "export OS_PROJECT_DOMAIN_NAME=default" >> /etc/profile echo "export OS_USER_DOMAIN_NAME=default" >> /etc/profile echo "export OS_PROJECT_NAME=admin" >> /etc/profile echo "export OS_USERNAME=admin" >> /etc/profile # 注意修改密碼 echo "export OS_PASSWORD=0901" >> /etc/profile echo "export OS_AUTH_URL=http://object:35357/v3" >> /etc/profile echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile echo "export OS_IMAGE_API_VERSION=2" >> /etc/profile

重新加載配置文件

source /etc/profile

請求獲取令牌

openstack token issue

---

Swift單節點安裝

創建swift用戶

# 此處會提示用戶設置用戶密碼 # 執行結果為表格 openstack user create --domain default --password-prompt swift

將admin role添加到swift user

# 此處無輸出則正確 openstack role add --project service --user swift admin

創建Object Storage服務實體

# 執行結果為表格 openstack service create --name swift --description "OpenStack Object Storage" object-store

創建Object Storage服務endpoint

openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%\(tenant_id\)s openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%\(tenant_id\)s openstack endpoint create --region RegionOne object-store admin http://object:8080/v1

安裝軟件包

apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached

創建swift目錄

mkdir -p /etc/swift

從對象存儲源倉庫中獲取代理服務配置文件

# 耐心等待,可能獲取失敗 curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka

配置proxy-server.conf

vim /etc/swift/proxy-server.conf

[DEFAULT]
bind_port = 8080 user = swift swift_dir = /etc/swift # 從[pipeline:main]中移除tempurl和tempauth,添加authtoken和keystoneauth,請不要改變模塊的順序; [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server [app:proxy-server] use = egg:swift#proxy account_autocreate = True # 配置文件中有,但被注釋掉了,直接添加即可 [filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin,user # 配置文件中有,但被注釋掉了,直接添加即可 [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory auth_uri = http://object:5000 auth_url = http://object:35357 memcached_servers = object:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = swift password = 0901 delay_auth_decision = True [filter:cache] use = egg:swift#memcache memcache_servers = object:11211

磁盤模擬存儲節點

# 模擬兩個存儲節點,每個節點2個空磁盤 # 關閉虛擬機，為我們的虛擬機添加4個10G的空磁盤; # 虛擬機磁盤名稱：sda(系統區)、sdb、sdc、sdd、sde; # 驗證檢查,查看是否有以上磁盤; ls /dev/sd*

步驟1

步驟2

步驟3

步驟4

步驟5

步驟6

步驟7

安裝軟件包

apt-get install xfsprogs rsync

格式化空磁盤

mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc mkfs.xfs /dev/sdd mkfs.xfs /dev/sde

創建掛載點目錄結構

mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc mkdir -p /srv/node/sdd mkdir -p /srv/node/sde

配置fstab(自動掛載)

vim /etc/fstab

# 以下內容追加到配置文件 /dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2 /dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2 /dev/sdd /srv/node/sdd xfs noatime,nodiratime,nobarrier,logbufs=8 0 2 /dev/sde /srv/node/sde xfs noatime,nodiratime,nobarrier,logbufs=8 0 2

掛載設備

mount /srv/node/sdb mount /srv/node/sdc mount /srv/node/sdd mount /srv/node/sde

配置rsyncd.conf

vim /etc/rsyncd.conf

uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid # 本機 IP 地址 address = 192.168.10.55 [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock

配置開啟rsync服務

vim /etc/default/rsync

RSYNC_ENABLE=true

啟動rsyns服務

service rsync start

安裝軟件包

apt-get install swift swift-account swift-container swift-object

獲取配置文件

# 耐心等待,可能獲取失敗 curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka

配置account-server.conf

vim /etc/swift/account-server.conf

[DEFAULT] # 本機 IP 地址 bind_ip = 192.168.10.55 bind_port = 6002 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = True  [pipeline:main] pipeline = healthcheck recon account-server  [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift

配置container-server.conf

vim /etc/swift/container-server.conf

[DEFAULT] # 本機 IP 地址 bind_ip = 192.168.10.55 bind_port = 6001 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = True  [pipeline:main] pipeline = healthcheck recon container-server  [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift

配置object-server.conf

vim /etc/swift/object-server.conf

[DEFAULT] # 本機 IP 地址 bind_ip = 192.168.10.55 bind_port = 6000 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = True  [pipeline:main] pipeline = healthcheck recon object-server  [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift recon_lock_path = /var/lock

修改掛載點的權限

chown -R swift:swift /srv/node

創建recon目錄並設置權限

mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift

---

創建並分配初始化環(rings)

切換到swift目錄

cd /etc/swift

創建account.builder文件

# 此處無輸出則正確
swift-ring-builder account.builder create 10 3 1

將每個存儲節點添加到環(ring)中

swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdb --weight 100 swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdc --weight 100 swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sdd --weight 100 swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sde --weight 100

驗證操作

swift-ring-builder account.builder

平衡環

swift-ring-builder account.builder rebalance

切換到swift目錄

cd /etc/swift

創建container.builder文件

# 此處無輸出則正確
swift-ring-builder container.builder create 10 3 1

將每個存儲節點添加到環(ring)中

swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdb --weight 100 swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdc --weight 100 swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sdd --weight 100 swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sde --weight 100

驗證操作

swift-ring-builder container.builder

平衡環

swift-ring-builder container.builder rebalance

切換到swift目錄

cd /etc/swift

創建object.builder文件

# 此處無輸出則正確
swift-ring-builder object.builder create 10 3 1

將每個存儲節點添加到環(ring)中

swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdb --weight 100 swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdc --weight 100 swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sdd --weight 100 swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sde --weight 100

驗證操作

swift-ring-builder object.builder

平衡環

swift-ring-builder object.builder rebalance

從源倉庫獲取swift.conf

# 耐心等待,可能獲取失敗 curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/mitaka

配置swift.conf

vim /etc/swift/swift.conf

[swift-hash] # suffix與prefix自定義 swift_hash_path_suffix = Ben swift_hash_path_prefix = Ben  [storage-policy:0] name = Policy-0 default = yes

設置權限

chown -R root:swift /etc/swift

重啟服務

service memcached restart service swift-proxy restart swift-init all start

查看swift狀態

swift stat

創建容器Ben

openstack container create Ben

上傳測試文件到容器Ben

# 文件需要我們自行去創建 # 注意 FILENAME 的修改 openstack object create Ben FILENAME

列出容器 Ben 存儲的FILES

openstack object list Ben

下載容器Ben存儲的FILENAME

# 此處無輸出則正確 openstack object save Ben FILENAME