Swift All In One（SAIO）部署环境迁移的配置调整

由于虚拟机迁移或者部署环境IP的更改会直接导致原有的Swift无法正常工作，伴随产生大量的403、503等错误日志信息，我们需要针对系统环境变化作出相应配置的更改调整，使得Swift恢复正常。

模拟情景：虚拟机迁移导致IP发生变动，需要从原来的192.168.85.183调整为 192.168.240.132 。 

第一，排查身份认证模块是否正常

以Keystone为例，首先检查一下keystone.conf配置中，是否绑定了原来的ip（如：“bind_host = 192.168.85.183”），如果为“bind_host = 0.0.0.0”则可忽略。

在启动keystone-all进程后，我们需要修改相对应的环境变量：OS_AUTH_URL和OS_SERVICE_ENDPOINT。

export OS_AUTH_URL=http://192.168.240.132:35357
export OS_SERVICE_ENDPOINT=http://192.168.240.132:35357/v2.0

然后使用curl模拟登陆keystone获取token，与此同时我们还能查看到endpoint等详细配置信息。

curl -s -d '{"auth": {"tenantName": "swifttenant1", "passwordCredentials":{"username": "alan", "password": "admin"}}}' -H "Content-type: application/json" http://192.168.240.132:35357/v2.0/tokens | python -mjson.tool

返回信息中可见，endpoint部分仍然残留着与原IP相关的配置，因此需要删除原来的endpoint并重新创建一个。

...
serviceCatalog: [1]
0:  {
    endpoints: [1]
        0:  {
            adminURL: "http://192.168.85.183:8888/v1"
            region: "RegionOne"
            internalURL: "http://192.168.85.183:8888/v1/AUTH_da255b5d1f0444cf9fcff14a866bb658"
            id: "85ed49cc428444bfa40b52b73a62593e"
            publicURL: "http://192.168.85.183:8888/v1/AUTH_da255b5d1f0444cf9fcff14a866bb658"
        }-
    -
    endpoints_links: [0]
    type: "object-store"
    name: "Swift"
}
...

# usage: keystone endpoint-delete <endpoint-id>
keystone endpoint-delete 89093f8cc5d3428dbe1f216080e02153
# usage: keystone endpoint-create [--region <endpoint-region>] --service
#                                 <service> [--publicurl <public-url>]
#                                 [--adminurl <admin-url>]
#                                 [--internalurl <internal-url>]
keystone endpoint-create --region 'RegionOne' \
--service 'c11382efa2d249dd86f155e92458d494' \
--publicurl 'https://192.168.240.132:8888/v1/AUTH_$(tenant_id)s' \
--adminurl 'https:// 192.168.240.132:8888/' \
--internalurl 'https:// 192.168.240.132:8888/v1/AUTH_$(tenant_id)s'

这样，KeyStone身份认证模块部分配置调整就完成了。

第二，重新构建Swift的Ring文件

首先移除旧的Ring文件：

cd /etc/swift
rm -f *.builder *.ring.gz backups/*.builder backups/*.ring.gz

然后重新平衡RIng文件：

swift-ring-builder object.builder create 18 3 1
swift-ring-builder object.builder add z1-192.168.240.132:6010/sdb1 1
swift-ring-builder object.builder add z2-192.168.240.132:6020/sdb2 1
swift-ring-builder object.builder add z3-192.168.240.132:6030/sdb3 1
swift-ring-builder object.builder add z4-192.168.240.132:6040/sdb4 1
swift-ring-builder object.builder rebalance
swift-ring-builder container.builder create 18 3 1
swift-ring-builder container.builder add z1-192.168.240.132:6011/sdb1 1
swift-ring-builder container.builder add z2-192.168.240.132:6021/sdb2 1
swift-ring-builder container.builder add z3-192.168.240.132:6031/sdb3 1
swift-ring-builder container.builder add z4-192.168.240.132:6041/sdb4 1
swift-ring-builder container.builder rebalance
swift-ring-builder account.builder create 18 3 1
swift-ring-builder account.builder add z1-192.168.240.132:6012/sdb1 1
swift-ring-builder account.builder add z2-192.168.240.132:6022/sdb2 1
swift-ring-builder account.builder add z3-192.168.240.132:6032/sdb3 1
swift-ring-builder account.builder add z4-192.168.240.132:6042/sdb4 1
swift-ring-builder account.builder rebalance

第三，修改proxy-server.conf中的身份认证部分

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 192.168.240.132
auth_port = 35357
auth_protocol = http
auth_uri = http:// 192.168.240.132:5000/
admin_tenant_name = swifttenant1
admin_user = alan
admin_password = admin
delay_auth_decision = true
cache = swift.cache

第四，重启Swift

swift-init main restart