1、控制节点操作
1.1、先决条件
设置 admin 凭证
获得 admin 凭证来获取只有管理员能执行的命令的访问权限,执行如下命令:
. /root/admin-openrc
创建身份认证服务的凭证
创建 swift 用户(密码设置为:zhitu2017):
openstack user create --domain default --password-prompt swift
给 swift 用户添加 admin 角色:
openstack role add --project service --user swift admin
创建 swift 服务实体:
openstack service create --name swift --description "OpenStack Object Storage" object-store
创建对象存储服务API入口点,命令如下(依次执行三条命令):
openstack endpoint create --region RegionOne object-store public http://192.168.122.143:8080/v1/AUTH_%(project_id)s
openstack endpoint create --region RegionOne object-store internal http://192.168.122.143:8080/v1/AUTH_%(project_id)s
1.2、安装并配置组件
安装Swift及相关包
命令如下:
yum -y install openstack-swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached
获取代理服务的配置文件
将最新的代理服务的配置文件覆盖到/etc/swift目录,命令如下:
cp /usr/local/zhitu/swift/proxy-server.conf /etc/swift/proxy-server.conf
修改代理服务的配置文件proxy-server.conf
执行如下命令编辑/etc/swift/proxy-server.conf:
vi /etc/swift/proxy-server.conf
在文件中[DEFAULT]块下配置绑定端口,用户和配置目录:
bind_port = 8080
user = swift
swift_dir = /etc/swift
在文件中[pipeline:main]块删除tempurl和tempauth模块并增加authtoken和keystoneauth模块,也就是将原来的pipeline修改为如下:
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
在文件中[app:proxy-server]块下启动自动账户创建:
use = egg:swift#proxy
account_autocreate = true
在文件中[filter:keystoneauth]块下配置操作员角色:
取消[filter:keystoneauth]注释
use = egg:swift#keystoneauth
operator_roles = admin,user
在文件中[filter:authtoken]块下配置认证服务访问(注释或者删除掉在 [filter:authtoken] 部分的所有其他的内容,放开[filter:authtoken]本身的注释):注意ip换成实验环境所提供的的
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://10.10.82.135:5000
auth_url = http://10.10.82.135:35357
memcached_servers = 10.10.82.135:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = zhitu2017
delay_auth_decision = True
在文件中[filter:cache]块下配置 memcached 的位置:
2、存储节点(控制节点)操作:
2.1、先决条件
安装支持的工具包:
yum -y install xfsprogs rsync
使用XFS格式化/dev/sdb和/dev/sdc设备:
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
创建挂载点目录结构:
mkdir -p /srv/node/sdb
mkdir -p /srv/node/sdc
在文件下面添加如下内容:
/dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
挂载设备
mount /srv/node/sdb
mount /srv/node/sdc
创建并编辑/etc/rsyncd.conf文件并包含以下内容:
vi /etc/rsyncd.conf
在文件下面添加如下内容:注意ip换成实验环境所提供的
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 10.10.82.135
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
启动rsyncd服务
systemctl start rsyncd.service
2.2、安装并配置组件
安装swift
执行如下命令安装:
yum -y install openstack-swift-account openstack-swift-container openstack-swift-object
将最新的配置文件覆盖到/etc/swift目录,命令如下:
cp /usr/local/zhitu/swift/account-server.conf /etc/swift/account-server.conf
cp /usr/local/zhitu/swift/container-server.conf /etc/swift/container-server.conf
cp /usr/local/zhitu/swift/object-server.conf /etc/swift/object-server.conf
配置account-server.con
vi /etc/swift/account-server.conf
编辑文件,在[DEFAULT]块下加入配置绑定IP地址,绑定端口,用户,配置目录和挂载目录 :
bind_ip = 192.168.122.143
bind_port = 6202
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
编辑文件,在[pipeline:main]块下加入启用合适的模块:
pipeline = healthcheck recon account-server
编辑文件,在[filter:recon]块下加入配置recon(meters)缓存目录:
use = egg:swift#recon
recon_cache_path = /var/cache/swift
编辑文件,在[DEFAULT]块下加入配置绑定IP地址,绑定端口,用户,配置目录和挂载目录,
bind_ip = 192.168.122.143
bind_port = 6201
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
编辑文件,在[pipeline:main]块下加入启用合适的模块:
pipeline = healthcheck recon container-server
编辑文件,在[filter:recon]块下加入配置recon(meters)缓存目录:
use = egg:swift#recon
recon_cache_path = /var/cache/swift
编辑文件,在[DEFAULT]块下加入配置绑定IP地址,绑定端口,用户,配置目录和挂载目录 :
bind_ip = 192.168.122.143
bind_port = 6200
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
编辑文件,在[pipeline:main]块下加入启用合适的模块:
pipeline = healthcheck recon object-server
编辑文件,在[filter:recon]块下加入配置recon(meters)缓存和lock目录:
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
确认挂载点目录结构是否有合适的所有权:
chown -R swift:swift /srv/node
创建recon目录和确保它有合适的所有权:
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
3、创建,分发并初始化rings
3.1、创建账户ring
帐户服务使用帐户 ring 来维护一个容器的列表。
进入/etc/swift目录
cd /etc/swift
创建基本 account.builder 文件:
swift-ring-builder account.builder create 10 2 1
添加每个节点到 ring 中:注意ip换成实验环境所提供的
一个存储设备一条命令,注意替换存储节点的IP,实际应用中可以根据存储设备容量调整权重,比如把1T的存储设备权重设置为100,
则2T的可以设置为200:
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.122.143 --port 6202 --device sdb --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.122.143 --port 6202 --device sdc --weight 100
验证 ring 的内容:
swift-ring-builder account.builder
平衡ring
swift-ring-builder account.builder rebalance
3.2、创建容器ring
进入/etc/swift目录
cd /etc/swift
创建基本object.builder文件:
swift-ring-builder container.builder create 10 2 1
添加每个节点到 ring 中:
一个存储设备一条命令,注意替换存储节点的IP:注意ip换成实验环境所提供的的
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.122.143 --port 6201 --device sdb --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.122.143 --port 6201 --device sdc --weight 100
验证 ring 的内容:
swift-ring-builder container.builder
平衡ring
swift-ring-builder container.builder rebalance
3.3、创建对象ring
进入/etc/swift目录
cd /etc/swift
创建基本 object.builder 文件:
swift-ring-builder object.builder create 10 2 1
添加每个节点到 ring 中:
一个存储设备一条命令,注意替换存储节点的IP:注意ip换成实验环境所提供的的
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.122.143 --port 6200 --device sdb --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.122.143 --port 6200 --device sdc --weight 100
验证 ring 的内容:
swift-ring-builder object.builder
平衡ring
swift-ring-builder object.builder rebalance
4、完成安装
4.1、获取/etc/swift/swift.conf文件
从对象存储源仓库中获取/etc/swift/swift.conf 文件,由于实验环境中不能联网,所以预先将swift的相关最新配置文件放在了/usr/local/zhitu/swift中。
将最新的swift.conf文件配置文件覆盖到/etc/swift目录,命令如下:输入y再回车
4.2、编辑swift.conf
执行如下命令:
vi /etc/swift/swift.conf
编辑文件,在[swift-hash]块下将其中的 swift_hash_path_suffix和 swift_hash_path_prefix替换为唯一的值。这些值可以自定义修改,但要保密,并且不要修改或丢失:
swift_hash_path_suffix = zhitu
swift_hash_path_prefix = mooc
编辑文件,在[storage-policy:0]块下配置默认存储策略:
name = Policy-0
default = yes
4.4、在所有节点上,确认配置文件目录是否有合适的所有权:
chown -R root:swift /etc/swift
4.5、启动对象存储代理服务及其依赖服务
在控制节点和其他运行了代理服务的节点上,启动对象存储代理服务及其依赖服务:
systemctl start openstack-swift-proxy.service memcached.service
4.6、在存储节点上,启动对象存储服务:
systemctl start openstack-swift-account.service
systemctl start openstack-swift-account-auditor.service
systemctl start openstack-swift-account-reaper.service
systemctl start openstack-swift-account-replicator.service
systemctl start openstack-swift-container.service
systemctl start openstack-swift-container-auditor.service
systemctl start openstack-swift-container-replicator.service
systemctl start openstack-swift-container-updater.service
systemctl start openstack-swift-object.service
systemctl start openstack-swift-object-auditor.service
systemctl start openstack-swift-object-replicator.service
systemctl start openstack-swift-object-updater.service
5、验证操作
5.1、安全等级的信息设置
将/srv/node目录下swift_data_t type, object_r role 和the system_u user关于安全等级的信息设置成最低安全等级(s0)命令如下:
chcon -R system_u:object_r:swift_data_t:s0 /srv/node
5.2、导入demo凭证
. /root/demo-openrc
5.3、显示服务状态
swift stat
5.4、创建container1容器
openstack container create container1
5.6、列出container1容器里的所有文件
openstack object list container1
5.7、从container1容器里下载一个测试文件
openstack object save --file /root/swift.conf container1 /usr/local/zhitu/swift/swift.conf
5.8、再次显示服务状态
swift stat
