Swift 和 Keystone单机安装总结

新浪微博 QQ空间

一般网上搜索到的资料都是介绍整个Openstack的安装过程的,通常都是长篇累牍,非常复杂。因为个人的虚拟机环境,没有太高调配置,不可能完整运行Openstack的各种服务,只想体验一下Swift,于是试着只安装Swift和Keystone。对于Openstack支持最好的也就算是Ubuntu发行版了,甚至在较新的13.0版以上都直接集成了。

因为只安装单机版本的Swift和Keystone,因此不需要双网卡,所有业务和控制都走一个网络即可。网络规划简单。

首先,下载安装Ubuntu,这里选择12.04 LTS版本。安装软件包:

通用工具:sudo apt-get install openssh-server 

Keystone:sudo apt-get install keystone python-keystone python-keystoneclient 

Swift:sudo apt-get install swift swift-proxy swift-account swift-container swift-object
ssh server是为了远程登录使用,在Windows下使用终端工具登录便于与Linux系统交互。Keystone 安装完成后即可正常运行,不需要作任何配置。默认情况下,Keystone使用SQLite来存储数据。执行如下命令同步Keystone的数据库:
sudo service keystone restart 
sudo keystone-manage db_sync

Swift安装和配置过程稍微复杂一些。首先要为Swift准备存储节点。Swift的三个Ring使用的是XFS的文件系统,因此需要为其新增一块虚拟硬盘,这里在一块硬盘上面模拟4个虚拟节点,来模拟Swfit环。

在虚拟机管理界面上面为系统添加一块硬盘,重启系统后,可以看到该硬盘已经被系统识别。本系统上面的硬盘设备名为:/dev/sdb,使用fdisk /dev/sdb为该硬盘创建分区,先建扩展分区,再建一个主分区。然后再给该分区创建文件系统,使用mkfs.xfs命令创建xfs文件系统。这些操作可以单独再网络上搜索到详尽的指导,这里不再详述。创建好系统后,将该XFS格式的文件系统mount到系统目录下,这里mount到/swift目录。然后使用mount命令,可以看到系统已经多了一个XFS的分区:/dev/sdb5 on /swift type xfs (rw)。最好能把该分区信息写到fstab中,这样系统启动时即会挂载该分区。

在/swfit目录下新建四个子目录:

root@u1:/swift# ls -l 
总用量 0 
drwxr-xr-x 3 swift swift 31 3月 18 21:35 node1 
drwxr-xr-x 3 swift swift 31 3月 18 21:35 node2 
drwxr-xr-x 3 swift swift 31 3月 18 21:35 node3 
drwxr-xr-x 3 swift swift 31 3月 18 21:35 node4 
root@u1:/swift#

指导手册中也有介绍采用回环文件作为存储空间的方法,需要的可以自己操作。

建立运行环境:

for i in {1..4}; do sudo ln -s /swift/node$i /srv/node$i; done; 
sudo mkdir -p /etc/swift/account-server /etc/swift/container-server /etc/swift/object-server /srv/node1/device /srv/node2/device /srv/node3/device /srv/node4/device 
sudo mkdir /run/swift

将如下命令写入系统启动脚本中:

mkdir /run/swift 
chown swift:swift /run/swift

使用Rsync来维护对象副本,许多swift服务都使用它保持对象一致性及进行更新操作。

编辑 /etc/default/rsync文件:Set RSYNC_ENABLE=true

然后编辑 /etc/rsyncd.conf配置文件,如下所示:

# General stuff
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /run/rsyncd.pid
address = 127.0.0.1
# Account Server replication settings
[account6012]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/account6012.lock
[account6022]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/account6022.lock
[account6032]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/account6032.lock
[account6042]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/account6042.lock
# Container server replication settings
[container6011]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/container6011.lock
[container6021]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/container6021.lock
[container6031]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/container6031.lock
[container6041]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/container6041.lock
# Object Server replication settings
[object6010]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/object6010.lock
[object6020]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/object6020.lock
[object6030]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/object6030.lock
[object6040]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/object6040.lock

最后重新启动服务完成rsync配置:

sudo service rsync restart

创建并编辑 /etc/swift/swift.conf文件,并写入如下配置:

[swift-hash]
# random unique string that can never change (DO NOT LOSE). I’m using 03c9f48da2229770.
# od -t x8 -N 8 -A n <; /dev/random
# The above command can be used to generate random a string.
swift_hash_path_suffix = 03c9f48da2229770

配置Swift代理服务器

代理服务器是swift的门卫,它的职责是检测合法性。它将审查:一、请求是否伪造,二、请求使用资源的用户身份。具体操作由keystone之类的认证服务器来协助完成。

创建并编辑 /etc/swift/proxy-server.conf并增加如下内容:

[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift

[pipeline:main]
# Order of execution of modules defined below
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
set log_name = swift-proxy
set log_facility = LOG_LOCAL0
set log_level = INFO
set access_log_name = swift-proxy
set access_log_facility = SYSLOG
set access_log_level = INFO
set log_headers = True
account_autocreate = True

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:cache]
use = egg:swift#memcache
set log_name = cache

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
auth_token = admin
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
admin_token = admin
admin_tenant_name = service
admin_user = swift
admin_password = swift
delay_auth_decision = 0

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, swiftoperator
is_admin = true

配置Swift账户服务器

默认swift容器服务配置文件为 /etc/swift/account-server.conf:

[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]

所有的account server配置文件都在 /etc/swift/account-server目录中。与 /srv里的设备相对应,我们创建1.conf、2.conf等等文件,并将它们放到/etc/swift/account-server/下。以下是/etc/swift/account-server/1.conf配置文件的内容:

[DEFAULT]
devices = /srv/node1
mount_check = false
bind_port = 6012
user = swift
log_facility = LOG_LOCAL2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
vm_test_mode = no
[account-auditor]
[account-reaper]

对其它设备也是如此,比如/srv/node2、/srv/node3、/srv/node4等,我们分别创建2.conf,3.conf和4.conf与之对应。现在利用1.conf进行复制生成其余文件,并一一设置唯一的绑定端口及本地日志值:

sudo cp /etc/swift/account-server/1.conf /etc/swift/account-server/2.conf
sudo cp /etc/swift/account-server/1.conf /etc/swift/account-server/3.conf
sudo cp /etc/swift/account-server/1.conf /etc/swift/account-server/4.conf

注意:拷贝完成后,修改其中的设备地址和日志标志符。

配置Swift容器服务器

默认swift容器服务配置文件为 /etc/swift/container-server.conf:

[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
与account-server类似,我们同样创建 /etc/swift/container-server/1.conf等等文件与 /srv设备匹配,这是1.conf文件内容:
[DEFAULT]
devices = /srv/node1
mount_check = false
bind_port = 6011
user = swift
log_facility = LOG_LOCAL2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
vm_test_mode = no
[container-updater]

同Account一样,需要为每一个设备准备一份配置。

配置Swift对象服务器,默认swift容器服务配置文件为 /etc/swift/object-server.conf:

[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
与account-server和container-server一样,我们同样创建 /etc/swift/object-server/1.conf等等文件与 /srv设备匹配,这是1.conf文件内容:
[DEFAULT]
devices = /srv/node1
mount_check = false
bind_port = 6010
user = swift
log_facility = LOG_LOCAL2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
vm_test_mode = no
[object-updater]
[object-auditor]
配置Swift Ring服务器

Ring是swift的一个极为重要的组件,它维护着对象的真实物理位置信息,对象的副本及多种设备。创建与对象服务、容器服务和账户服务相对应的ring-builder文件:

pushd /etc/swift
sudo swift-ring-builder object.builder create 18 3 1
sudo swift-ring-builder container.builder create 18 3 1
sudo swift-ring-builder account.builder create 18 3 1
注意:执行以上命令时需要在 /etc/swift目录下。

命令中的参数指定了分区、副本和小时的数量,用来限制分区多次移动。可以参考man页面中的swift-ring-builder获取更多信息。

现在添加区域以均衡ring服务。命令格式如下:

swift-ring-builder <builder_file> add <zone>-<ip_address>:<port>/<device><weight>

执行下列命令:

sudo swift-ring-builder object.builder add z1-127.0.0.1:6010/device 1
sudo swift-ring-builder object.builder add z2-127.0.0.1:6020/device 1
sudo swift-ring-builder object.builder add z3-127.0.0.1:6030/device 1
sudo swift-ring-builder object.builder add z4-127.0.0.1:6040/device 1
sudo swift-ring-builder object.builder rebalance
sudo swift-ring-builder container.builder add z1-127.0.0.1:6011/device 1
sudo swift-ring-builder container.builder add z2-127.0.0.1:6021/device 1
sudo swift-ring-builder container.builder add z3-127.0.0.1:6031/device 1
sudo swift-ring-builder container.builder add z4-127.0.0.1:6041/device 1
sudo swift-ring-builder container.builder rebalance
sudo swift-ring-builder account.builder add z1-127.0.0.1:6012/device 1
sudo swift-ring-builder account.builder add z2-127.0.0.1:6022/device 1
sudo swift-ring-builder account.builder add z3-127.0.0.1:6032/device 1
sudo swift-ring-builder account.builder add z4-127.0.0.1:6042/device 1
sudo swift-ring-builder account.builder rebalance

到此,所有的配置也就完成了,注意所有以上涉及修改的文件或者目录,都需要将文件的属主设定为swift和swift用户组。

启动Swift服务,使用以下命令启动swift和REST API:

sudo swift-init main start
sudo swift-init rest start

到此,所有的Swift配置就已经做完了。

现在Swift已经是可以正常工作的了,但是目前系统里面是没有任何账号和容器的,不能上传对象。

需要使用Keystone的客户端来创建账号。

对于Keystone有几个概念:tenant,user,role,service,endpoint,对于这些概念,可以参考其他文章的介绍。这里tenant对于swift来说是account,只有有了account才能创建container,user是身份,user有用户名和密码,role可以认为是组队概念。endpoint是服务入口,是需要和service以及tenant绑定的。下面在Keystone上面一一创建这些实体:

#创建两个租户,对于Swift也就是两个account 
keystone tenant-create --name service 
keystone tenant-create --name account2

#创建一个用户,用户名和密码都是swift 
keystone user-create --name swift --pass swift --email [email protected] 
keystone user-create --name shentar --pass shentar --email [email protected]

#创建一个角色 
keystone role-create --name admin

#创建两个服务,一个是keystone,另外一个是swift。 
keystone service-create --name swift --type object-store --description 'OpenStack Storage Service' 
keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'

列举以上各个实体:

root@u1:~# keystone user-list 
+----------------------------------+---------+--------------------+---------+ 
| id | enabled | email | name | 
+----------------------------------+---------+--------------------+---------+ 
| 492e829f4520429b950a3a7fbe4ae6eb | True | [email protected] | swift | 
| 914ec3cd303b4571b0dbaea1f9a0546e | True | [email protected] | shentar | 
+----------------------------------+---------+--------------------+---------+ 
root@u1:~# keystone role-list 

+----------------------------------+-------+ 
| id | name | 
+----------------------------------+-------+ 
| 031e54d7c9d34f0fad667f423387c354 | admin | 
+----------------------------------+-------+ 
root@u1:~# keystone tenant-list 
+----------------------------------+----------+---------+ 
| id | name | enabled | 
+----------------------------------+----------+---------+ 
| 665e59b3d6c240e8a66dbabe3ac2259d | account2 | True | 
| d2d8fc718cde4a9e9f6d7175313efad0 | service | True | 
+----------------------------------+----------+---------+ 
root@u1:~# keystone service-list 
+----------------------------------+----------+--------------+----------------------------+ 
| id | name | type | description | 
+----------------------------------+----------+--------------+----------------------------+ 
| 8906dfcdefa14e6388edb0e3ad264b29 | keystone | identity | OpenStack Identity Service | 
| d01427a1449d469482798971a88bb92f | swift | object-store | OpenStack Storage Service | 
+----------------------------------+----------+--------------+----------------------------+
#为两个服务创建endpoint,注意swift服务的endpoint需要AUTH_34fb2227caae4edcb052ebec7cc78abe以这样的内容作为后缀,其中AUTH_后面的是tenant_id,注意到是下面的id需要以自己系统生成的为准,照搬这里的命令肯定会出错。
 
 keystone endpoint-create --region myregion --service_id 8906dfcdefa14e6388edb0e3ad264b29 --publicurl 'http://192.168.1.109:5000/v2.0' --adminurl 'http://192.168.1.109:35357/v2.0' --internalurl 'http://192.168.1.109:5000/v2.0' 
keystone endpoint-create --region myregion --service_id d01427a1449d469482798971a88bb92f --publicurl 'http://192.168.1.109:8080/v1/AUTH_665e59b3d6c240e8a66dbabe3ac2259d' --adminurl 'http://192.168.1.109:8080/v1' --internalurl 'http://192.168.1.109:8080/v1/AUTH_665e59b3d6c240e8a66dbabe3ac2259d' 
keystone endpoint-create --region myregion --service_id d01427a1449d469482798971a88bb92f --publicurl 'http://192.168.1.109:8080/v1/AUTH_d2d8fc718cde4a9e9f6d7175313efad0' --adminurl 'http://192.168.1.109:8080/v1' --internalurl 'http://192.168.1.109:8080/v1/AUTH_d2d8fc718cde4a9e9f6d7175313efad0'
#将用户加入到租户中,一个用户只能加入到一个租户中。将swift用户加入到service租户中: 
keystone user-role-add --user 492e829f4520429b950a3a7fbe4ae6eb --role 031e54d7c9d34f0fad667f423387c354 --tenant_id d2d8fc718cde4a9e9f6d7175313efad0 
#将shentar用户也加入到service租户中: 
keystone user-role-add --user 914ec3cd303b4571b0dbaea1f9a0546e --role 031e54d7c9d34f0fad667f423387c354 --tenant_id d2d8fc718cde4a9e9f6d7175313efad0

这样就可以使用用户名和密码获取token和访问的url了:

swift -v -V 2.0 -A http://192.168.1.109:5000/v2.0/ -U service:swift -K swift stat
这条命令返回的是swift租户在service租户下的token和访问的url。同样的

swift -v -V 2.0 -A http://192.168.1.109:5000/v2.0/ -U service:shentar -K shentar stat
返回的是shentar用户的。

接下来就可以使用上面获取到的token和url来发送REST HTTP请求了:

root@u1:~# curl -X PUT 
http://192.168.1.109:8080/v1/AUTH_d2d8fc718cde4a9e9f6d7175313efad0/testcontainer -H "X-Auth-Token: 63de715ee3a04b669e021ee3bc333433" 
201 Created

root@u1:~# curl -i -X HEAD http://192.168.1.109:8080/v1/AUTH_d2d8fc718cde4a9e9f6d7175313efad0/ -H "X-Auth-Token: 63de715ee3a04b669e021ee3bc333433" 
HTTP/1.1 204 No Content 
X-Account-Object-Count: 0 
X-Account-Bytes-Used: 0 
X-Account-Container-Count: 1 
Accept-Ranges: bytes 
Content-Length: 0 
X-Trans-Id: txbfdff903df11407895042f1ec8e95299 
Date: Fri, 21 Mar 2014 16:12:59 GMT

到此整个Swift和Keystone也就安装完成了。

新浪微博 QQ空间

| 1 分2 分3 分4 分5 分 (4.67- 12票) Loading ... Loading ... | 这篇文章归档在:Swift, 云计算/云存储, 存储技术 | 标签: , , . | 永久链接:链接 | 评论(0) |

评论

邮箱地址不会被泄露, 标记为 * 的项目必填。

8 - 2 = *



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <img alt="" src="" class=""> <pre class=""> <q cite=""> <s> <strike> <strong>

返回顶部