1.概念
对象存储包含以下组件
a. 对象服务:管理实际存储的数据
b. 容器服务:管理容器
c. 账号服务:管理用户账号信息
c. 代理服务:对外提供访问接口,可以有多个。
d. 其它服务:必要的后台处理程序,例如副本维护,状态更新等。
部署方式
一般分两种服务器:
a. 存储服务器:运行前两种服务,同时还运行sqlite和rsync
b.代理服务器:运行代理服务
存储网络分为三种
a. 对外网络:即代理服务器的对外接口网络,外部主机可以通过该接口访问swift存储服务。
b. 存储网络:用于集群内部通讯。
c. 复制网络:专用于数据复制的通讯。
复制网络不是必须的。
如果有复制网络,则对象服务和容器/账号服务除监听STORAGE_LOCAL_NET之外,还得监听STORAGE_REPLICATION_NET,但是rsync服务只需监听STORAGE_REPLICATION_NET即可
zone
一个zone包含一个或多个存储设备,其宕机不会影响集群运行。
基本安装方式中可以把一台主机作为一个zone,建议一个集群至少包含5个zone。
ring
实现对象存储数据到实际存储设备之间的映射。
3.安装MySQL
3.1在控制节点安装MySQL服务器
yum install mysql mysql-server MySQL-python
vim /etc/my.cnf
[mysqld]
bind-address=xxxx
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
# service mysqld start
# chkconfig mysqld on
# mysql_install_db
# mysql_secure_installation
3.1在集群其它节点安装MySQL客户端
yum install MySQL-python
4.在集群所有节点安装openstack的安装源
yum install yum-plugin-priorities
yum install -y http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install -y
openstack-utils openstack-selinux
yum upgrade
reboot
4.在控制节点安装消息队列
yum install qpid-cpp-server
vim /etc/qpidd.conf
service qpidd start
chk
config qpidd on
5.部署keystone
由于认证需要,部署swift之前必须先部署keystone。
5.1安装keystone
5.1.1在控制节点安装keystone service和client
yum install openstack-keystone python-keystoneclient
5.2配置keystone服务使用的数据库
# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:KEYSTONE_DBPASS@controller/keystone
KEYSTONE_DBPASS修改为想要的密码,controller修改为数据库所在主机的地址。
5.3在MySQL数据库中创建keystone数据库
用户名设置为keystone,设置keystone用户对其有完全访问权限。密码设置为和前面的KEYSTONE_DBPASS一样。
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> exit
5.4创建数据库表
su -s /bin/sh -c "keystone-manage db_sync" keystone
5.5定义一个认证token,所有openstack的其他服务和keystone服务之间都使用这个token
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
5.6设置PKI token
# keystone-manage pki_setup --keystone-user keystone --keystone-group
keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl
5.7启动keystone服务
# service openstack-keystone start
# chkconfig openstack-keystone on
5.8定期将过期的token删除
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
5.2定义用户,租户和角色
定义用户,租户和角色的目的是为了使服务和端点的访问变得有效。
5.2.1设置环境变量
$ export OS_SERVICE_TOKEN=ADMIN_TOKEN # ADMIN_TOKEN见上文
$ export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0# controller即控制节点的ip
5.2.2创建管理员
创建管理员用户:keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL
创建管理员角色:keystone role-create --name=admin
创建管理员租户:keystone tenant-create --name=admin --description="Admin Tenant"
把以上三者联系起来:keystone user-role-add --user=admin --tenant=admin --role=admin
把admin和_member_角色联系起来:keystone user-role-add --user=admin --role=_member_ --tenant=admin
5.2.3为日常维护创建用户
keystone user-create --name=demo --pass=DEMO_PASS --email=DEMO_EMAIL
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo
5.2.4为所有的服务建立service租户
keystone tenant-create --name=service --description="Service Tenant"
5.3定义服务和API端点
为了跟踪那些服务和API端点已经安装,首先需要注册这些服务。
5.3.1 注册keystone服务:
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0
5.4验证keystone安装
5.4.1取消前面的环境变量设置
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
5.4.2执行以下命令,观察输出是否正常
$ keystone --os-username=admin --os-password=ADMIN_PASS \
--os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 \
token-get
5.5在集群所有主机上安装keystone客户端
5.5.1安装客户端
yum install python-keystoneclient
5.5.2设置环境变量
vim 创建admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0
cp admin-openrc.sh /etc/profile.d/
source admin-openrc.sh
5.5.3测试
keystone token-get
keystone user-list
6.安装swift
6.1基本步骤
6.1.1.创建swift用户,该用户属于service租户,admin组
$ keystone user-create --name=swift --pass=SWIFT_PASS
[email protected]
$ keystone user-role-add --user=swift --tenant=service --role=admin
6.1.2创建swift服务
$ keystone service-create --name=swift --type=object-store --description="OpenStack Object Storage"
6.1.3创建swift的访问端点
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ object-store / {print $2}') \
--publicurl='http://controller:8080/v1/AUTH_%(tenant_id)s' \
--internalurl='http://controller:8080/v1/AUTH_%(tenant_id)s' \
--adminurl=http://controller:8080
6.1.4在集群的所有主机上创建swift用户,配置目录和文件
# adduser swift
# mkdir -p /etc/swift
# vim /etc/swift/swift.conf
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_prefix = xrfuniounenqjnw
swift_hash_path_suffix = fLIbertYgibbitZ
6.2安装和配置存储节点
安装swift的相关服务
yum install openstack-swift-account openstack-swift-container openstack-swift-object xfsprogs xinetd
准备一个独立的存储块设备(设为/dev/sdb),将其格式化为xfs文件系统。
# yum install -y xfsprogs
#################################################
#如果是独立存储设备
# fdisk /dev/sdb
# mkfs.xfs /dev/sdb1
# echo "/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime,nobarrier,logbufs= 8 0 0" >> /etc/fstab
# mkdir -p /srv/node/sdb1
# mount /srv/node/sdb1
# chown -R swift:swift /srv/node
#################################################
#如果是模拟文件系统
fallocate -l 200G /data/swift-data/xfs.disk
losetup -d /dev/loop0
losetup /dev/loop0 /data/swift-data/xfs.disk
mkfs.xfs /dev/loop0
mkdir -p /srv/node/loop0
mount /dev/loop0 /srv/node/loop0
chown -R swift:swift /srv/node
vim /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = STORAGE_LOCAL_NET_IP #如果有独立的副本同步网络,则替换为STORAGE_REPLICATION_NET_IP
[account]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/object.lock
vim /etc/xinetd.d/rsync
disable = no
# service xinetd start
# mkdir -p /var/swift/recon
# chown -R swift:swift /var/swift/recon
6.3安装和配置代理节点
6.3.1安装软件
yum install openstack-swift-proxy memcached python-swiftclient pythonkeystone-auth-token
6.3.2配置memcached
vim /etc/sysconfig/memcached
OPTIONS="-l PROXY_LOCAL_NET_IP" #本机的私网地址
6.3.3配置proxy
vim /etc/swift/proxy-server.conf
[DEFAULT]
bind_port = 8080
user = swift
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = Member,admin,swiftoperator
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
# auth_* settings refer to the Keystone server
auth_protocol = http
auth_host = controller
auth_port = 35357
# the service tenant and swift username and password created in Keystone
admin_tenant_name = service
admin_user = swift
admin_password = SWIFT_PASS
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
6.3.4创建账号,容器和对象的ring
# cd /etc/swift
# swift-ring-builder account.builder create 18 3 1
# swift-ring-builder container.builder create 18 3 1
# swift-ring-builder object.builder create 18 3 1
6.3.5为存储节点上的每个存储设备加入ring的入口点
# swift-ring-builder account.builder add zZONE-STORAGE_LOCAL_NET_IP:6002[RSTORAGE_REPLICATION_NET_IP:6005]/DEVICE 100
# swift-ring-builder container.builder add zZONE-STORAGE_LOCAL_NET_IP_1:6001[RSTORAGE_REPLICATION_NET_IP:6004]/DEVICE 100
# swift-ring-builder object.builder add zZONE-STORAGE_LOCAL_NET_IP_1:6000[RSTORAGE_REPLICATION_NET_IP:6003]/DEVICE 100
如果没有专用的复制网络,那么无需填写
STORAGE_REPLICATION_NET_IP:6003。
假设一个存储节点的地址是10.0.0.1,存储网络地址是10.0.1.1,存储设备挂载到/srv/node/sdb1,/etc/rsyncd.conf文件中配置的path是/srv/node/,那么设备就是sdb1,命令如下:
# swift-ring-builder account.builder add z1-10.0.0.1:6002R10.0.1.1:6005 sdb1 100
# swift-ring-builder container.builder add z1-10.0.0.1:6001R10.0.1.1:6004 sdb1 100
# swift-ring-builder object.builder add z1-10.0.0.1:6000R10.0.1.1:6003 sdb1 100
假设5台主机分为5个zone,那么zone依次加1
6.3.6验证每个ring的内容
# swift-ring-builder account.builder
# swift-ring-builder container.builder
# swift-ring-builder object.builder
6.3.7重新平衡ring
# swift-ring-builder account.builder rebalance
# swift-ring-builder container.builder rebalance
# swift-ring-builder object.builder rebalance
6.3.8复制以下文件到每一个proxy和存储节点
/etc/swift/account.ring.gz
/etc/swift/container.ring.gz
/etc/swift/object.ring.gz
6.3.9确保swift用户对这些文件的所有权
chown -R swift:swift /etc/swift
6.3.10启动代理服务
# service openstack-swift-proxy start
# chkconfig openstack-swift-proxy on
6.4在所有的存储节点上启动以下服务
# for service in \
openstack-swift-object openstack-swift-object-replicator openstack-swiftobject-updater openstack-swift-object-auditor \
openstack-swift-container openstack-swift-container-replicator openstackswift-container-updater openstack-swift-container-auditor \
openstack-swift-account openstack-swift-account-replicator openstack-swiftaccount-reaper openstack-swift-account-auditor; do \
service $service start; chkconfig $service on; done
或者
# swift-init all start
6.5.验证安装
从代理服务器运行以下命令
$ source admin-openrc.sh
$ swift stat
上传文件:
$ swift upload myfiles test.txt
# myfiles是容器
$ swift upload myfiles test2.txt
下载myfiles容器内的所有文件
swift download myfiles
7.加入新的proxy
1.以相同的方式加入代理服务器
2.为了使访问统一,需要增加一台反向代理服务器
3.更新memcached服务器列表:
vim /etc/swift/proxy-server.conf
10.1.2.3:11211,10.1.2.4:11211
[filter:cache]
use = egg:swift#memcache
memcache_servers = PROXY_LOCAL_NET_IP:11211
4.把ring信息复制到本地
5.把
admin-openrc.sh复制到本地
6.确保swift用户对/etc/swift的所有权
8.安装keystone和swift的pthon开发客户端
到上面一步完成后,就可以在集群内部使用命令行来使用swift了。
如果需要在集群外的机器上使用swift,则需在这些机器上安装客户端:
pip install python-keystoneclient python-swiftclient