swift+keystone 部署小记
一共2台机器
计划:
一台装keystone+swift proxy
一台装storage-node
apt-get install swift openssh-server rsync memcached python-netifaces python-xattr python-memcache
1.keystone+swift proxy
apt-get install vlan bridge-utils ntp mysql-server python-mysqldb
mysql -u root -phengtian -e "create database keystone"
mysql -u root -phengtian -e "create database swift"
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
apt-get install keystone
rm /var/lib/keystone/keystone.db
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
修改keystone.conf
admin_token = admin.mhj
debug = True
verbose = True
[sql]
connection = mysql://keystone:[email protected]/keystone #必须写到 [sql] 下面
[signing]
token_format = UUID
keystone-manage pki_setup
chown -R keystone:keystone /etc/keystone/*
service keystone restart
keystone-manage db_sync
问题:(OperationalError) (2003, "Can't connect to MySQL server on '172.16.9.50' (110)")
没有找出来但是很奇怪。。在使用-h远程登录模式的时候root需要密码,其他用户则不需要直接可以进去。但是本地方式的话其他用户则需要密码
curl http://localhost:35357/v2.0/endpoints -H 'x-auth-token: admin.mhj' | python -mjson.tool
返回401错误endpoint为空
keystone tenant-create --name default --description "DEFAULT TENANT"
这样之后报错!:
No handlers could be found for logger "keystoneclient.client"
The request you have made requires authentication. (HTTP 401)
keystone --debug --token adminhengtian --endpoint http://localhost:35357/v2.0 tenant-create --name admin --description "Admin Tenant"
但是这样是对的
后来仔细看了下keystone命令发现在keystone里罗列的认证命令Defaults to env[SERVICE_TOKEN]需要的系统变量是这样的。。但是安装文档里写的是OS_SERVICE_TOKEN所以是这里错了,把环境变量写入的时候该下变量名称就ok了
export SERVICE_TOKEN=adminhengtian
export SERVICE_ENDPOINT=http://localhost:35357/v2.0
创建admin的tenant和service的tenant
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 1120d966750048ef92661514a0aa39e8 | admin | True |
| fda7c28653a140889494ba1ae9bc769a | service | True |
+----------------------------------+---------+---------+
keystone user-create --tenant-id 1120d966750048ef92661514a0aa39e8 --name admin --pass hengtian
创建admin用户在admin的tenant下
keystone user-create --tenant-id fda7c28653a140889494ba1ae9bc769a --name swift --pass swift
创建swift用户在service的tenant下
keystone role-create --name admin
创建名为admin的角色
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | fd137603ad184d5795a8e7dedd9f5b38 |
| name | admin |
+----------+----------------------------------+
---------‘admin’ role ‘admin’ user ‘admin’ tenant
keystone user-role-add --user-id 6c283d0b04cb488ea32009d0fdde3124 --tenant-id 1120d966750048ef92661514a0aa39e8 --role-id fd137603ad184d5795a8e7dedd9f5b38
---------‘admin’ role ‘swift’ user ‘service’ tenant
keystone user-role-add --user-id 3d1673a64ca04f15ae1a8ddf5aed99e3 --tenant-id fda7c28653a140889494ba1ae9bc769a --role-id fd137603ad184d5795a8e7dedd9f5b38
keystone service-create --name=keystone --type=identity --description="Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Identity Service |
| id | 431e72f321df41609f81e0da382b3937 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
keystone endpoint-create --region RegionOne --service-id 431e72f321df41609f81e0da382b3937 --publicurl=http://172.16.7.50:5000/v2.0 --internalurl=http://172.16.7.50:5000/v2.0 --adminurl=http://172.16.7.50:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://172.16.7.50:35357/v2.0 |
| id | 09812187e40c4949bba99d0223f0e207 |
| internalurl | http://172.16.7.50:5000/v2.0 |
| publicurl | http://172.16.7.50:5000/v2.0 |
| region | RegionOne |
| service_id | 431e72f321df41609f81e0da382b3937 |
+-------------+----------------------------------+
keystone service-create --name=swift --type=object-store --description="Object Storage Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Object Storage Service |
| id | 630a9933a42b4b7fb475d3733f2baefa |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
keystone endpoint-create --region RegionOne --service-id=630a9933a42b4b7fb475d3733f2baefa --publicurl 'http://172.16.7.50:8888/v1/AUTH_%(tenant_id)s' --adminurl 'http://172.16.7.50:8888/v1' --internalurl 'http://172.16.7.50:8888/v1/AUTH_%(tenant_id)s'
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| adminurl | http://172.16.7.50:8888/v1 |
| id | 613ba1f1ca7843eab2967ada29f88687 |
| internalurl | http://172.16.7.50:8888/v1/AUTH_%(tenant_id)s |
| publicurl | http://172.16.7.50:8888/v1/AUTH_%(tenant_id)s |
| region | RegionOne |
| service_id | 630a9933a42b4b7fb475d3733f2baefa |
+-------------+-----------------------------------------------+
---------至此keystone安装完毕,接下来安装的是swift proxy
apt-get install swift-proxy memcached python-keystoneclient python-swiftclient python-webob
//输入操作后
openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
//一堆的信息,大致是认证的!
Generating a 1024 bit RSA private key
....++++++
..........................++++++
writing new private key to 'cert.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
-l 127.0.0.1
to
-l 172.16.7.50
service memcached restart
Create /etc/swift/proxy-server.conf:
//
[DEFAULT]
bind_port = 8888
user = swift
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = Member,admin,swiftoperator
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
# cache directory for signing certificate
signing_dir = /home/swift/keystone-signing
# auth_* settings refer to the Keystone server
auth_protocol = http
auth_host = 172.16.7.50
auth_port = 35357
# the same admin_token as provided in keystone.conf
admin_token = adminhengtian
# the service tenant and swift userid and password created in Keystone
admin_tenant_name = service
admin_user = swift
admin_password = swift
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
/
mkdir -p /home/swift/keystone-signing
chown -R swift:swift /home/swift/keystone-signing
swift-ring-builder account.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder object.builder create 18 3 1
///swift-ring-builder account.builder add z
swift-ring-builder account.builder add z1-172.16.7.51:6002/sdb1 100
swift-ring-builder container.builder add z1-172.16.7.51:6001/sdb1 100
swift-ring-builder object.builder add z1-172.16.7.51:6000/sdb1 100
//verify ring contents of each ring
swift-ring-builder account.builder
swift-ring-builder container.builder
swift-ring-builder object.builder
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder rebalance
scp -p container.ring.gz [email protected]:/etc/swift/
scp -p object.ring.gz [email protected]:/etc/swift/
scp -p account.ring.gz [email protected]:/etc/swift/
swift-init proxy start
问题!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ImportError: No module named middleware.auth_token
是因为python-keystoneclient包中没有这个auth_token模块,这个是版本的原因
从keystone中把middleware复制到keystoneclient中就可以了
cp -rp middleware /usr/lib/python2.7/dist-packages/keystoneclient/
2.swift storage node
系统文件格式为xfs,官方文档上说这个是唯一一个被完全的测试过的!
apt-get install swift-account swift-container swift-object xfsprogs
fdisk /dev/sdb
p
连续回车
w
-----------------------磁盘状态
Disk /dev/sdb: 17.2 GB, 17179869184 bytes
171 heads, 2 sectors/track, 98112 cylinders, total 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xdeb42866
Device Boot Start End Blocks Id System
/dev/sdb1 2048 33554431 16776192 83 Linux
mkfs -t xfs /dev/sdb1
---------------------------输出信息
meta-data=/dev/sdb1 isize=256 agcount=4, agsize=1048512 blks
= sectsz=512 attr=2, projid32bit=0
data = bsize=4096 blocks=4194048, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
mkdir -p /srv/node/sdb1
echo "/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
mount /srv/node/sdb1
----------------------------状态
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/swift-root ext4 5.6G 1.4G 4.0G 25% /
udev devtmpfs 489M 4.0K 489M 1% /dev
tmpfs tmpfs 200M 232K 199M 1% /run
none tmpfs 5.0M 0 5.0M 0% /run/lock
none tmpfs 498M 0 498M 0% /run/shm
/dev/sda1 ext2 228M 25M 192M 12% /boot
/dev/sdb1 xfs 16G 33M 16G 1% /srv/node/sdb1
chown -R swift:swift /srv/node
Create /etc/rsyncd.conf:
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address =
[account]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/object.lock
Edit the following line in /etc/default/rsync:
RSYNC_ENABLE = true
service rsync start
mkdir -p /var/swift/recon
chown -R swift:swift /var/swift/recon
service swift-object start
service swift-object-replicator start
service swift-object-updater start
service swift-object-auditor start
service swift-container start
service swift-container-replicator start
service swift-container-updater start
service swift-container-auditor start
service swift-account start
service swift-account-replicator start
service swift-account-updater start //none
service swift-account-auditor start
start: Job failed to start
swift-init object-server start
这个命令可以调试service swift-object start
我的失误:因为我在ect/swift/swift.conf里的头部缺少东西