Sep 042012
这篇文档是继续单节点的安装,把swift集成keystone和glance。swift是使用一个单独的分区做模拟。
Contents
安装软件
apt-get -y install swift swift-proxy swift-account swift-container swift-object \
xfsprogs curl python-pastedeploy
分区
我安装系统的时候,有一个专门的分区给swift使用。分区前,先umount
umount /dev/sda6
格式化分区
mkfs.xfs -f -i size=1024 /dev/sda6
创建挂载点
mkdir /mnt/swift_backend
修改/etc/fstab, 原来是采用uuid,注释掉,加上
/dev/sda6 /mnt/swift_backend xfs noatime,nodiratime,nobarrier,logbufs=8 0 0
检查修改是否正确
mount -a
如果fstab有错误,会进行提示。没错误,就会把目录挂载上。
目录设置
pushd /mnt/swift_backend mkdir node1 node2 node3 node4 popd chown swift.swift /mnt/swift_backend/* for i in {1..4}; do sudo ln -s /mnt/swift_backend/node$i /srv/node$i; done; mkdir -p /etc/swift/account-server \ /etc/swift/container-server \ /etc/swift/object-server \ /srv/node1/device \ /srv/node2/device \ /srv/node3/device \ /srv/node4/device mkdir /run/swift chown -L -R swift.swift /etc/swift /srv/node[1-4]/ /run/swift
为了在系统启动时启动Swift服务,需要把如下两行命令写入 /etc/rc.local里,位置在“exit 0;”之前:
sudo mkdir /run/swift sudo chown swift.swift /run/swift
配置rsync
编辑 /etc/default/rsync文件
sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync
创建 /etc/rsyncd.conf
cat > /etc/rsyncd.conf <<EOF # General stuff uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /run/rsyncd.pid address = 127.0.0.1 # Account Server replication settings [account6012] max connections = 25 path = /srv/node1/ read only = false lock file = /run/lock/account6012.lock [account6022] max connections = 25 path = /srv/node2/ read only = false lock file = /run/lock/account6022.lock [account6032] max connections = 25 path = /srv/node3/ read only = false lock file = /run/lock/account6032.lock [account6042] max connections = 25 path = /srv/node4/ read only = false lock file = /run/lock/account6042.lock # Container server replication settings [container6011] max connections = 25 path = /srv/node1/ read only = false lock file = /run/lock/container6011.lock [container6021] max connections = 25 path = /srv/node2/ read only = false lock file = /run/lock/container6021.lock [container6031] max connections = 25 path = /srv/node3/ read only = false lock file = /run/lock/container6031.lock [container6041] max connections = 25 path = /srv/node4/ read only = false lock file = /run/lock/container6041.lock # Object Server replication settings [object6010] max connections = 25 path = /srv/node1/ read only = false lock file = /run/lock/object6010.lock [object6020] max connections = 25 path = /srv/node2/ read only = false lock file = /run/lock/object6020.lock [object6030] max connections = 25 path = /srv/node3/ read only = false lock file = /run/lock/object6030.lock [object6040] max connections = 25 path = /srv/node4/ read only = false lock file = /run/lock/object6040.lock EOF
重启rsync服务
service rsync restart
Swift
Swift配置文件
cat >/etc/swift/swift.conf <<EOF
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = `od -t x8 -N 8 -A n </dev/random`
EOF
Proxy Server
创建 /etc/swift/proxy-server.conf
cat > /etc/swift/proxy-server.conf <<EOF
[DEFAULT]
bind_port = 8080
#bind_port = 443
#cert_file = /etc/swift/cert.crt
#key_file = /etc/swift/cert.key
workers = 8
user = swift
log_facility = LOG_LOCAL1
[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211
[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = Member,admin
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_port = 5000
service_host = $MASTER
auth_port = 35357
auth_host = $MASTER
auth_protocol = http
auth_token = $SERVICE_TOKEN
admin_token = $SERVICE_TOKEN
admin_tenant_name = service
admin_user = swift
admin_password = $SERVICE_PASSWORD
cache = swift.cache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:swift3]
use = egg:swift#swift3
EOF
Account Server, Container Server, Object Server
过程比较复杂,所以就考虑用脚本来搞定
for x in {1..4}; do cat > /etc/swift/account-server/$x.conf <<EOF [DEFAULT] devices = /srv/node$x mount_check = false bind_port = 60${x}2 user = swift log_facility = LOG_LOCAL2 [pipeline:main] pipeline = account-server [app:account-server] use = egg:swift#account [account-replicator] vm_test_mode = no [account-auditor] [account-reaper] EOF cat >/etc/swift/container-server/$x.conf <<EOF [DEFAULT] devices = /srv/node$x mount_check = false bind_ip = 0.0.0.0 bind_port = 60${x}1 user = swift log_facility = LOG_LOCAL2 [pipeline:main] pipeline = container-server [app:container-server] use = egg:swift#container [container-replicator] vm_test_mode = no [container-updater] [container-auditor] [container-sync] EOF cat > /etc/swift/object-server/${x}.conf <<EOF [DEFAULT] devices = /srv/node${x} mount_check = false bind_port = 60${x}0 user = swift log_facility = LOG_LOCAL2 [pipeline:main] pipeline = object-server [app:object-server] use = egg:swift#object [object-replicator] vm_test_mode = no [object-updater] [object-auditor] EOF cat <<EOF >>/etc/swift/container-server.conf [container-sync] EOF done
设置日志
sed -i 's/LOCAL2/LOCAL3/g' /etc/swift/account-server/2.conf sed -i 's/LOCAL2/LOCAL4/g' /etc/swift/account-server/3.conf sed -i 's/LOCAL2/LOCAL5/g' /etc/swift/account-server/4.conf sed -i 's/LOCAL2/LOCAL3/g' /etc/swift/container-server/2.conf sed -i 's/LOCAL2/LOCAL4/g' /etc/swift/container-server/3.conf sed -i 's/LOCAL2/LOCAL5/g' /etc/swift/container-server/4.conf sed -i 's/LOCAL2/LOCAL3/g' /etc/swift/object-server/2.conf sed -i 's/LOCAL2/LOCAL4/g' /etc/swift/object-server/3.conf sed -i 's/LOCAL2/LOCAL5/g' /etc/swift/object-server/4.conf
Ring Server
pushd /etc/swift swift-ring-builder object.builder create 18 3 1 swift-ring-builder container.builder create 18 3 1 swift-ring-builder account.builder create 18 3 1 swift-ring-builder object.builder add z1-127.0.0.1:6010/device 1 swift-ring-builder object.builder add z2-127.0.0.1:6020/device 1 swift-ring-builder object.builder add z3-127.0.0.1:6030/device 1 swift-ring-builder object.builder add z4-127.0.0.1:6040/device 1 swift-ring-builder object.builder rebalance swift-ring-builder container.builder add z1-127.0.0.1:6011/device 1 swift-ring-builder container.builder add z2-127.0.0.1:6021/device 1 swift-ring-builder container.builder add z3-127.0.0.1:6031/device 1 swift-ring-builder container.builder add z4-127.0.0.1:6041/device 1 swift-ring-builder container.builder rebalance swift-ring-builder account.builder add z1-127.0.0.1:6012/device 1 swift-ring-builder account.builder add z2-127.0.0.1:6022/device 1 swift-ring-builder account.builder add z3-127.0.0.1:6032/device 1 swift-ring-builder account.builder add z4-127.0.0.1:6042/device 1 swift-ring-builder account.builder rebalance
启动相关服务
设置目录权限
chown -R swift.swift /etc/swift
启动swift服务
swift-init main start swift-init rest start
验证
-k,是swift账号的密码
swift -v -V 2.0 -A http://127.0.0.1:5000/v2.0/ -U service:swift -K $SERVICE_PASSWORD stat
StorageURL: http://10.1.199.17:8080/v1/AUTH_a8b0b44cb5db4da39b053eabac6d3ed7 Auth Token: 3f85c92d6860444e90bf0e1bedc4b45a Account: AUTH_a8b0b44cb5db4da39b053eabac6d3ed7 Containers: 0 Objects: 0 Bytes: 0 Accept-Ranges: bytes X-Trans-Id: txea28887460ff4f1d84e9e826e5514711
你也可以直接运行 swift stat. 这时候是直接采用 租户/用户 admin/admin 去查询swift。因为我们设置了环境变量。
swift stat
Account: AUTH_eb68709e74314aa59c449510a91f8d56
Containers: 0
Objects: 0
Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: txc5a3afa7f228471698c96fd561830a3d
Glance集成Swift
编辑 /etc/glance/glance-api.conf
#default_store = file
default_store = swift
#swift_store_auth_address = 127.0.0.1:35357/v2.0/
swift_store_auth_address = http://10.1.199.8:5000/v2.0/
#swift_store_user = jdoe:jdoe
swift_store_user = service:swift
#swift_store_key = a86850deb2742ec3cb41518e26aa2d89
swift_store_key = password
#swift_store_create_container_on_put = False
swift_store_create_container_on_put = True
说明
- swift_store_auth_addres 不能去掉http,否则会导致认证失败
- swift_store_key , 我理解就是swift的密码,也就是 租户 service,用户 swift的密码。
可以直接运行下面命令实现修改
sed -i "/default_store/s/file/swift/; /swift_store_auth_address/s/127.0.0.1:35357/$MASTER:5000/; /swift_store_user/s/jdoe:jdoe/service:swift/; /swift_store_key/s/a86850deb2742ec3cb41518e26aa2d89/$SERVICE_PASSWORD/; /swift_store_create_container_on_put/s/False/True/" /etc/glance/glance-api.conf
重启glance服务
service glance-api restart && service glance-registry restart
检测
这个时候,image就会传到swift上。在dashboard里,也可以上传文件。并且snapshot可以上传到swift上。
swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD stat swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list
上面命令可以查看上传的image
没上传镜像前
# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD stat
Account: AUTH_678c42aa31114faeb18add84615b4e83
Containers: 0
Objects: 0
Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: tx72707ce7086c4bf0bc72ff7ec2813a27
# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list
上传镜像后
# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD stat Account: AUTH_678c42aa31114faeb18add84615b4e83 Containers: 1 Objects: 0 Bytes: 0 Accept-Ranges: bytes X-Trans-Id: tx65d1d1ee502b4960839f8196b76813f6 # swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list glance
其中:-V 2 指示为keystone验证; IP为keystone节点IP;service:swift为tanent:user ;-K为password
swift -V 2 -A http://$MASTER:5000/v2.0 -U admin:admin -K $OS_PASSWORD upload test \ /root/CentOS-6.2-x86_64-bin-DVD1.iso
38 Responses to “Ubuntu 12.04 Openstack Essex 安装(单节点)Swift篇”
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
谢谢陈老师的分享。
遇到一个问题:
新建的openstack用户无法使用swift,建容器时提示:Unable to create container.
用新建的openstack用户”pengchao”查看列表
swift -V 2 -A http://192.168.0.24:5000/v2.0 -U admin:pengchao -K 123456 list
返回:
Account GET failed: http://192.168.0.24:8080/v1/AUTH_e8b18580e5b44cb79b10bd0f7a03bbdc?format=json 403 Forbidden 403 Forbidden
Access was denied to this resource.
目前应该是只能勉强工作,应该还有不少问题。
嗯,我也是这个问题
陈老师,如果想再增加一个storage节点该注意什么呢?
配置文件该怎么改呢?
陈老师:
“上面命令可以查看上传的image
其中:-V 2 指示为keystone验证; 10.1.199.8为keystone节点IP;service:swift为tanent:user ;-K为password
swift -V 2 -A http://10.1.199.8:5000/v2.0 -U admin:admin -K chenshake upload test \
/root/CentOS-6.2-x86_64-bin-DVD1.iso”
这里10.1.199.8跟之前单节点安装的10.1.199.17是怎么区别的?
这个地方有点问题。应该是17才对。这个和keystone里创建endpoint,指定的swift的proxy地址有关。文档等下做一个说明。
陈老师:
“修改/etc/fstab, 原来是采用uuid,注释掉,加上
/dev/sda6 /mnt/swift_backend xfs noatime,nodiratime,nobarrier,logbufs=8 0 0”
做到上面这一步时,出现了
“bash:/dev/sda5:权限不够”
是哪里出错了啊?
哦。我那个uuid还没注释呢,是这样注释掉吗?
“# /swift was on /dev/sda5 during installation
UUID=06c690d8-11b9-4bd4-bf85-c6284b7da34f /swift ext4 defaults 0 2
# /test was on /dev/sda6 during installation
UUID=903d8152-9369-4404-92f8-4d02de085403 /test ext4 defaults 0 2
# swap was on /dev/sda2 during installation
UUID=62639837-8415-4aee-a723-214c34dfcbe1 none swap sw 0 0
”
注释掉这句“#UUID=06c690d8-11b9-4bd4-bf85-c6284b7da34f /swift ext4 defaults 0 2”?
我是有一个单独的分区swift,是安装的时候分的,所以需要这样处理。如果你是一个单独的硬盘就不需要。
陈老师:
我按照你的文档做的,可是为么不能用glance上传镜像呢?出现这样的错误:
“root@zx-pc:~/桌面# glance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare disk_format=qcow2 < cirros-0.3.0-x86_64-disk.img
Uploading image 'cirros-0.3.0-x86_64'
Uploading image 'cirros-0.3.0-x86_64'
Failed to add image. Got error:
You are not authenticated.
Details: 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication required
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.
=================================================[100%] 92.4M/s, ETA 0h 0m 0s
[ 0%] ?B/s ETA ??h ??m ??s
”
哦,问题解决了,是环境变量每次重新打开一个端口就变了,所以在bash.bashrc里也要修改
你好,请问如何修改的?我也遇到了同样的问题
我没有单独的分区给swift使用,怎么办啊?swift只能通过单独的分区模拟吗?
文件模拟是可以,不过我没测试过。
陈老师,您好!上星期openstack在深圳的那场会没看到您,本来想向您请教个问题,因为swift对大于5G的文件要进行分块的,glance用到了swift,对大于5G的镜像好像有问题。
sina的人比我牛逼多了。swift对于5G的文件是需要切块,不过这个是自动处理,你设置一下就可以。大于5G,我同事这边测试,没问题。应该就是修改glance的限制就可以,你看看glance的配置文件。我是没测试过。
陈老师:
admin_token = chenshake
这一项我是填哪一个?填的是跟keystone里面一样的,还是要随机生成一个呢?
admin_password = chenshake
这一项应该填那个数据库的密码,还是系统用户的密码,或者是指在此处设置一个密码呢?
token,你就写和keystone一样。不过我也没真正确认过。
admin_password = chenshake,这个我倒是值得,这是在keystone创建用户的时候,创建了一个swift用户,他的密码是chenshake,我现在已经调整了keystone的安装,你可以选择使用你的密码。
谢谢陈老师。重新看了一下keystone-data.sh文件,里面却是创建了swift用户。auth_token = chenshake这一项是系统用户名吧?还是系统用户的密码?
我也是今天才搞明白 auth_token 用途。我已经修改文档。不需要使用 auth_token.
陈老师,openstack安装的现在,控制节点的nova-compute是XXX号,计算节点的是笑脸。这可能是什么问题导致的。前提是:nova-compute已经安装了,并且服务处于启动状态。
root@openstackM1:/etc/nova# nova-manage service list
Binary Host Zone Status State Updated_At
nova-consoleauth openstackM1 nova enabled 🙂 2012-10-08 08:42:09
nova-cert openstackM1 nova enabled 🙂 2012-10-08 08:42:07
nova-compute openstackM1 nova enabled XXX None
nova-scheduler openstackM1 nova enabled 🙂 2012-10-08 08:42:09
nova-volume openstackM1 nova enabled 🙂 2012-10-08 08:42:07
nova-network openstackM1 nova enabled 🙂 2012-10-08 08:42:07
nova-compute ubuntulocalhost nova enabled 🙂 2012-10-08 08:42:06
nova-network ubuntulocalhost nova enabled 🙂 2012-10-08 08:42:07
陳老師您好,請問目前有任何軟體或者工具可以模擬openstack運作情況嗎?
或者可模擬一類似UEC、vSphere等雲端控制軟體的模擬工具?
懇請賜教!
by雲端初心者
应该是没有。
陈老师,请问怎么上传镜像到swift,
我用这个命令上传文件或者img文件到swift?
“swift -V 2 -A http://$MASTER:5000/v2.0 -U admin:admin -K $OS_PASSWORD upload test \
/root/glance”
但我最终显示结果还是没有内容。跟没上传镜像前的显示结果是一致的。
这当中是不是重启glance服务,glance中的image就会自动传到swift上?
陈老师:再请教您一个问题,
以下的命令是用来上传镜像到swift上面的吗?
swift -V 2 -A http://$MASTER:5000/v2.0 -U admin:admin -K $OS_PASSWORD upload test \
/root/CentOS-6.2-x86_64-bin-DVD1.iso
谢谢,麻烦您有时间看一下。
这个命令,其实是上传一个iso到swift,不过文件过大,在我的环境下是失败的。具体原因还不清楚。
陈老师,再打扰您一下,如果上传比较小的镜像文件,用下面这个命令是否就可以查看到上传成功的镜像?
swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list
谢谢!!
陈老师:
为什么使用
glance add name=cirros is_public=true container_format=bare \
disk_format=qcow2 < cirros-0.3.0-i386-disk.img
后,再使用:
glance index
有结果,但是使用:
swift list
却没有结果。
swift stat 可以出结果!!!
兄台遇到过swift stat 执行的时候卡住,很长时间不报错也不出结果,谢谢
陈老师:
swift配置结束之后,使用swift -A http://127.0.0.1:5000/v2.0 -U service:swift -K password stat -V 2进行验证的时候,命令一直在执行,不报错也不执行结束,请陈老师指点下,谢谢
陈老师你好,我想问下,swift的可用容量是怎么计算的,单节点的时候和多节点的时候计算方法一样吗?总所周知swift一个文件要放在三个地方,那是不是说可用容量是物理容量的三分之一?这个问题一直困扰着我,望解答,谢谢!
陈老师,请问有没有openstack+ceph radosgw的资料
请问陈老师。对swift做压力测试用什么工具啊