參考文檔:http://docs.openstack.org/essex/openstack-object-storage/admin/content/
最近幾天一直在弄swift,總算是跑起來了,因此跟大家分享下,計劃寫三篇文章:swift代理節點配置、運行;swift存儲節點安裝、配置及運行;swift測試。這次安裝共使用了四臺服務器:一個代理節點(10.61.2.12,也是OpenStack的控制節點,上面還運行着Keystone、Glance及Nova的除nova-compute外的相關組件,三個存儲節點(10.61.2.13-15,每個節點作爲一個單獨的Zone)。
下面就開始代理節點的配置、運行吧。
安裝相關軟件
代理節點的安裝在前面CentOS6.2下一步一步源代碼安裝OpenStack(二)組件安裝已經安裝好了,此外還要安裝memcached及netifaces。
yum install memcached
pip install netifaces啓動memcached
參考文檔提到要修改memcached的監聽ip地址,但在CentOS下沒有找到相關配置文件,並且memcached啓動後是監聽所有ip的,並且僅本地代理節點使用memcached,因此也就沒管了,如果真要考慮安全的話可以考慮在iptables中只開放127.0.0.1的11211端口
chkconfig memcached on && service memcached start
創建相應用戶、組及配置文件目錄
Swift默認以swift:swift用戶及組運行,如果採用其它用戶必須在很多配置文件中顯示配置用戶,比較麻煩。
useradd –Mr swift
mkdir /etc/swift
chown –R swift:swift /etc/swift創建swift.conf文件
該文件/etc/swift/swift.conf在所有節點必須完全一樣,內容如下:
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = fLIbertYgibbitZ創建用於SSL的證書文件
Swift默認使用https協議,因此需要創建證書文件,這也是使用Cyberduck作爲客戶端所必須的,當然在這裏先不打算使用https因此可以省略
cd /etc/swift
openssl req -new -x509 -nodes -out cert.crt -keyout cert.key創建代理服務的配置文件
代理服務的配置文件爲/etc/swift/proxy-server.conf,內容如下:
[DEFAULT]
bind_port = 8888
user = swift
#cert_file = /etc/swift/cert.crt
#key_file = /etc/swift/cert.key
[pipeline:main]
pipeline = catch_errors healthcheck cache swift3 authtoken keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true
[filter:swift3]
use = egg:swift#swift3
[filter:keystone]
paste.filter_factory =keystone.middleware.swift_auth:filter_factory
operator_roles = admin, swiftoperator
[filter:authtoken]
paste.filter_factory =keystone.middleware.auth_token:filter_factory
# Delaying the auth decision is required tosupport token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
auth_protocol = http
service_port = 5000
service_host = 127.0.0.1
auth_port = 35357
auth_host = 127.0.0.1
auth_token = 012345SECRET99TOKEN012345
admin_token = 012345SECRET99TOKEN012345
[filter:cache]
use = egg:swift#memcache
set log_name = cache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck這裏有兩個token需要設置成keydtonek admin token一樣。如果打算使用https的話需要修改端口爲443,創建前面據說的證書文件,去掉證書文件配置前的註釋,去掉[filter:authtoken]下的auth_protocol = http。如果打算使用非本地的或多個memcached服務器的話,需要在[filter:cache]下添加一項,多個地址用逗號分開,如下:
memcache_servers = 10.1.2.3:11211,10.1.2.4:11211
創建相應的rings
cd /etc/swift
swift-ring-builder account.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder object.builder create 18 3 1將每個存儲節點的每個存儲設備添加到各個ring
語法格式如下
swift-ring-builder account.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP>:6002/<DEVICE> 100
swift-ring-builder container.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6001/<DEVICE> 100
swift-ring-builder object.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6000/<DEVICE> 100swift-ring-builder account.builder add z1-10.61.2.13:6002/sdb1100
swift-ring-builder container.builder add z1-10.61.2.13:6001/sdb1 100
swift-ring-builder object.builder add z1-10.61.2.13:6000/sdb1 100驗證ring
通過以上命令添加完實體後可通過以下命令來列出所ring的信息進行驗證
swift-ring-builder account.builder
swift-ring-builder container.builder
swift-ring-builder object.builderRebalance rings
添加完全後要rebalance 這些rings,命令如下
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder rebalance最後確保配置文件的用戶屬性並運行代理服務
chown -R swift:swift /etc/swift
swift-init proxy start修正:修正proxy啓動時的ValueError:invalid literal for int() with base 10: 'true'錯誤,方法見這:
https://github.com/openstack/keystone/commit/bc803a4cede7ed2f39f4dc5c74977eedf46eb205
vim /usr/lib/python2.6/site-packages/keystone-2012.1-py2.6.egg/keystone/middleware/auth_token.py按下圖修改