sudo yum update sudo yum install curl gcc memcached rsync sqlite xfsprogs git-core \ libffi-devel xinetd python-setuptools \
CentOS6.5部署juno版Swift对象存储 - keystone+swift
sudo yum updatesudo yum install curl gcc memcached rsync sqlite xfsprogs git-core \ libffi-devel xinetd python-setuptools \ python-coverage python-devel python-nose \ pyxattr python-eventlet \ python-greenlet python-paste-deploy \ python-netifaces python-pip python-dns \ python-mock
0.2 约定(Keystone的MySQL账号密码、admin、demo和swift租户的账号密码)
KEYSTONE_DBPASS=swiftwxjxyADMIN_TOKEN=adminADMIN_PASS=adminSWIFT_PASS=SWIFT_PASSDEMO_PASS= DEMO_PASS
yum install MySQL-server mysql-client -y
vim /etc/my.cnf修改和添加配置文件如下:port=3306bind-address=0.0.0.0
default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = ‘SET NAMES utf8’character-set-server = utf8
配置MySQL-server开机启动chkconfig mysql on
启动MySQL-server[root@s1 ~]# /etc/init.d/mysql statusMySQL is not running [FAILED][root@s1 ~]# /etc/init.d/mysql startStarting MySQL.. [ OK ][root@s1 ~]# /etc/init.d/mysql statusMySQL running (4160) [ OK ]
查看监听端口,判断MySQL启动绑定端口是否成功[root@s1 ~]# netstat -natulptcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4160/mysqld
登录MySQL生成keystone账号密码mysql -u root -p
CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone. TO ‘keystone’@’localhost’ IDENTIFIED BY ‘swiftwxjxy’;GRANT ALL PRIVILEGES ON keystone. TO ‘keystone’@’%’ IDENTIFIED BY ‘swiftwxjxy’;
exit
安装keystone相关组件yum install openstack-keystone python-keystoneclient -y
vim /etc/keystone/keystone.conf修改和添加配置如下:[DEFAULT]admin_token=swiftwxjxyverbose=True
[database]connection = mysql://keystone:swiftwxjxy@localhost/keystone
[token]provider = keystone.token.providers.uuid.Providerdriver = keystone.token.persistence.backends.sql.Token
keystone-manage pki_setup —keystone-user keystone —keystone-group keystonechown -R keystone:keystone /var/log/keystonechown -R keystone:keystone /etc/keystone/sslchmod -R o-rwx /etc/keystone/ssl
初始化keystone的数据库su -s /bin/sh -c “keystone-manage db_sync” keystone[root@s1 ~]# mysql -ukeystone -pswiftwxjxy -e “use keystone;show tables;”+———————————-+| Tables_in_keystone |+———————————-+| assignment || credential || domain || endpoint || group || id_mapping || migrate_version || policy || project || region || revocation_event || role || service || token || trust || trust_role || user || user_group_membership |+———————————-+测试生产库成功
配置开机启动chkconfig openstack-keystone on启动keystone服务/etc/init.d/openstack-keystone restartservice openstack-keystone restart
Stopping keystone: [FAILED]Starting keystone: [ OK ][root@s1 ~]# /etc/init.d/openstack-keystone statuskeystone (pid 4450) is running…
配置定期清理过期token(否则会有大量过期的token占领空间)(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo ‘@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1’ >> /var/spool/cron/keystone
创建keystone中的admin、demo账号密码export OS_SERVICE_TOKEN=swiftwxjxyexport OS_SERVICE_ENDPOINT=http://s1:35357/v2.0
keystone tenant-create —name admin —description “Admin Tenant”keystone user-create —name admin —pass swiftwxjxykeystone role-create —name adminkeystone user-role-add —tenant admin —user admin —role admin
keystone role-create —name memberkeystone user-role-add —tenant admin —user admin —role member
keystone tenant-create —name demo —description “Demo Tenant”keystone user-create —name demo —pass swiftwxjxykeystone user-role-add —tenant demo —user demo —role member
keystone tenant-create —name service —description “Service Tenant”
keystone service-create —name keystone —type identity —description “OpenStack Identity”keystone endpoint-create —service-id $(keystone service-list | awk ‘/ identity / {print $2}’) —publicurl http://s1:5000/v2.0 —internalurl http://s1:5000/v2.0 —adminurl http://s1:35357/v2.0 —region regionOne
验证是否生效:unset OS_SERVICE_TOKENunset OS_SERVICE_ENDPOINT
keystone —os-username admin —os-password swiftwxjxy —os-tenant-name admin —os-auth-url http://s1:35357/v2.0 token-getkeystone —os-tenant-name admin —os-username admin —os-password swiftwxjxy —os-auth-url http://s1:35357/v2.0 tenant-list
创建keystone中的swift的账号密码keystone user-create —name swift —pass swiftwxjxykeystone user-role-add —user swift —tenant service —role admin
创建keystone中swift的service和endpointkeystone service-create —name swift —type object-store —description “OpenStack Object Storage”
keystone endpoint-create —service-id $(keystone service-list | awk ‘/ object-store / {print $2}’) —publicurl ‘http://s1:8080/v1/AUTH_%(tenant_id)s‘ —internalurl ‘http://s1:8080/v1/AUTH_%(tenant_id)s‘ —adminurl http://s1:8080 —region regionOne
安装Swift控制节点的相关组件yum install openstack-swift-proxy python-swiftclient python-keystoneauth-token memcached -y
vim /etc/resolv.conf注释掉search和其它的nameserver,添加nameserver 114.114.114.114
vim /etc/sysconfig/network-scripts/ifcfg-eth0下边添加已便DNS重启后仍生效DNS1=114.114.114.114
mv proxy-server.conf proxy-server.conf.backup
curl -o /etc/swift/proxy-server.conf https://raw.githubusercontent.com/openstack/swift/juno-eol/etc/proxy-server.conf-sample
vim /etc/swift/proxy-server.conf修改和添加配置如下:[DEFAULT]bind_port = 8080user = swiftswift_dir = /etc/swift
[pipeline:main]pipeline = authtoken cache healthcheck keystoneauth proxy-logging proxy-server
[app:proxy-server]allow_account_management = trueaccount_autocreate = true
[filter:keystoneauth]use = egg:swift#keystoneauth
operatorroles = admin,_member
[filter:authtoken]paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://s1:5000/v2.0identity_uri = http://s1:35357admin_tenant_name = serviceadmin_user = swiftadmin_password = swiftwxjxydelay_auth_decision = true
[filter:cache]memcache_servers = 127.0.0.1:11211
4.1 挂载文件系统挂载文件系统,格式化成建议的XFS格式[root@s1 ~]#cat /etc/fstab
#
#UUID=40f094b5-40a6-4132-a021-ba378281e5cd / ext4 defaults 1 1UUID=58976038-8092-4e6e-a600-506e51500023 /boot ext4 defaults 1 2UUID=ee289c0d-4368-4f9e-9a7e-e375fa91c280 swap swap defaults 0 0tmpfs /dev/shm tmpfs defaults 0 0devpts /dev/pts devpts gid=5,mode=620 0 0sysfs /sys sysfs defaults 0 0proc /proc proc defaults 0 0/dev/vda4 /data ext4 defaults 0 0
卸载vda4umount /dev/vda4
创建逻辑卷组lvm_swiftvgcreate lvm_swift /dev/vda4
使能逻辑卷组lvm_swiftvgchange -a y lvm_swift
查看逻辑卷组vgs
创建逻辑卷组lvm_swift中的逻辑卷lvm_swift_nodelvcreate -L 120000 -n lvm_swift_node lvm_swift
查看逻辑卷组和逻辑卷vgdisplaylvdisplay
查看逻辑卷的device mapper文件[root@s1 mapper]# ls /dev/mapper/control lvm_swift-lvm_swift_node
格式化成建议的XFS文件系统mkfs.xfs /dev/mapper/lvm_swift-lvm_swift_node
创建挂载点mkdir -p /srv/node/swiftnode
修改系统挂载配置文件vim /etc/fstab注释:
增加:/dev/mapper/lvm_swift-lvm_swift_node /srv/node/swiftnode xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
dd if=/dev/zero of=/srv/swift-disk bs=1024 count=0 seek=10000000 mkfs.xfs -i size=1024 /srv/swift-disk vi /etc/fstab挂载逻辑卷mount /srv/node/swiftnode
chown -R swift:swift /srv/node/swiftnode chmod a+w -R /srv/node/swiftnode
4.2 安装相关依赖组件service iptables stopyum install xfsprogs rsync -yvim /etc/rsyncd.conf添加uid = swiftgid = swiftlog file = /var/log/rsyncd.logpid file = /var/run/rsyncd.pidaddress = 172.28.19.249[account]max connections = 2path = /srv/node/read only = falselock file = /var/lock/account.lock[container]max connections = 2path = /srv/node/read only = falselock file = /var/lock/container.lock[object]max connections = 2path = /srv/node/read only = falselock file = /var/lock/object.lock
启动rsync/usr/bin/rsync —daemon —config=/etc/rsyncd.conf
vim /etc/rc.local添加rsync服务开机启动/usr/bin/rsync —daemon —config=/etc/rsyncd.conf
4.3 安装Swift存储节点组件
每个节点均需安装yum install openstack-swift-account openstack-swift-container openstack-swift-object -y
mv /etc/swift/account-server.conf /etc/swift/account-server.conf.backupcurl -o /etc/swift/account-server.conf https://raw.githubusercontent.com/openstack/swift/juno-eol/etc/account-server.conf-sample
mv /etc/swift/container-server.conf /etc/swift/container-server.conf.backupcurl -o /etc/swift/container-server.conf https://raw.githubusercontent.com/openstack/swift/juno-eol/etc/container-server.conf-sample
mv /etc/swift/object-server.conf /etc/swift/object-server.conf.backupcurl -o /etc/swift/object-server.conf https://raw.githubusercontent.com/openstack/swift/juno-eol/etc/object-server.conf-sample
vim /etc/swift/account-server.confvim /etc/swift/container-server.confvim /etc/swift/object-server.conf分别修改添加如下:[DEFAULT]
bind_ip = 172.28.19.249(自身服务器IP)bind_port = 6002user = swiftswift_dir = /etc/swiftdevices = /srv/node
[pipeline]pipeline = healthcheck recon account-server
[filter:recon]recon_cache_path = /var/cache/swift
chown -R swift:swift /srv/nodemkdir -p /var/cache/swiftchown -R swift:swift /var/cache/swift
其它节点拷贝s1节点配置,并修改相应节点上的绑定ipscp -r s1:/etc/swift/ /etc/
4.4 配置Swift的Ring
定义分区的大小为2^10,副本数2,分区移动间隔1小时swift-ring-builder account.builder create 10 3 1
创建ring文件swift-ring-builder account.builder add r1z1-172.28.19.249:6002/swiftnode 100swift-ring-builder account.builder add r1z2-172.28.19.252:6002/swiftnode 100swift-ring-builder account.builder add r1z3-172.28.19.254:6002/swiftnode 100
生成最终的ringswift-ring-builder account.builder rebalance
验证刚才添加的内容是否正确swift-ring-builder account.builder
定义分区的大小为2^10,副本数2,分区移动间隔1小时swift-ring-builder container.builder create 10 3 1
创建ring文件swift-ring-builder container.builder add r1z1-172.28.19.249:6001/swiftnode 100swift-ring-builder container.builder add r1z2-172.28.19.252:6001/swiftnode 100swift-ring-builder container.builder add r1z3-172.28.19.254:6001/swiftnode 100
生成最终的ringswift-ring-builder container.builder rebalance
验证刚才添加的内容是否正确swift-ring-builder container.builder
定义分区的大小为2^10,副本数2,分区移动间隔1小时swift-ring-builder object.builder create 10 3 1
创建ring文件swift-ring-builder object.builder add r1z1-172.28.19.249:6000/swiftnode 100swift-ring-builder object.builder add r1z2-172.28.19.252:6000/swiftnode 100swift-ring-builder object.builder add r1z3-172.28.19.254:6000/swiftnode 100
生成最终的ringswift-ring-builder object.builder rebalance
验证刚才添加的内容是否正确swift-ring-builder object.builder
mv /etc/swift/swift.conf /etc/swift/swift.conf.backup
curl -o /etc/swift/swift.conf https://raw.githubusercontent.com/openstack/swift/juno-eol/etc/swift.conf-sample
生成十六位十六进制随机数用于一致性hash环openssl rand -hex 10
vim /etc/swift/swift.conf修改添加如下:[swift-hash]
swift_hash_path_suffix = ce418f18fa59d70e8292swift_hash_path_prefix = 01b227af10d9b9094988
[storage-policy:0]
name = Policy-0default = yes
chown -R swift:swift /etc/swift
chkconfig openstack-swift-proxy onchkconfig memcached on/etc/init.d/openstack-swift-proxy start/etc/init.d/memcached start
chkconfig openstack-swift-account onchkconfig openstack-swiftaccount-auditor onchkconfig openstack-swift-account-reaper onchkconfig openstack-swift-accountreplicator on
/etc/init.d/openstack-swift-account start/etc/init.d/openstack-swift-accountauditor start/etc/init.d/openstack-swift-account-reaper start/etc/init.d/openstack-swift-accountreplicator start
chkconfig openstack-swift-container onchkconfig openstack-swiftcontainer-auditor onchkconfig openstack-swift-container-replicator onchkconfig openstack-swift-containerupdater on
/etc/init.d/openstack-swift-container start/etc/init.d/openstack-swiftcontainer-auditor start/etc/init.d/openstack-swift-container-replicator start/etc/init.d/openstack-swift-containerupdater start
chkconfig openstack-swift-object onchkconfig openstack-swift-objectauditor onchkconfig openstack-swift-object-replicator onchkconfig openstack-swift-objectupdater on
/etc/init.d/openstack-swift-object start/etc/init.d/openstack-swift-objectauditor start/etc/init.d/openstack-swift-object-replicator start/etc/init.d/openstack-swift-objectupdater start
swift-init proxy-server start
swift-init object-server startswift-init object-replicator startswift-init object-updater startswift-init object-auditor startswift-init container-server startswift-init container-replicator startswift-init container-updater startswift-init container-auditor startswift-init account-server startswift-init account-replicator startswift-init account-auditor start
swift-init proxy-server restart
swift-init object-server restartswift-init object-replicator restartswift-init object-updater restart/srv/node/swiftnodeswift-init object-auditor restartswift-init container-server restartswift-init container-replicator restartswift-init container-updater restartswift-init container-auditor restartswift-init account-server restartswift-init account-replicator restartswift-init account-auditor restart