Sep 042012
 

这篇文档是继续单节点的安装,把swift集成keystone和glance。swift是使用一个单独的分区做模拟。

 


安装软件

apt-get -y install swift swift-proxy swift-account swift-container swift-object \
xfsprogs curl python-pastedeploy

 

分区

我安装系统的时候,有一个专门的分区给swift使用。分区前,先umount

umount /dev/sda6

格式化分区

mkfs.xfs -f -i size=1024 /dev/sda6

创建挂载点

mkdir /mnt/swift_backend

修改/etc/fstab, 原来是采用uuid,注释掉,加上

/dev/sda6 /mnt/swift_backend xfs noatime,nodiratime,nobarrier,logbufs=8 0 0

检查修改是否正确

mount -a

如果fstab有错误,会进行提示。没错误,就会把目录挂载上。

目录设置

 

pushd /mnt/swift_backend
mkdir node1 node2 node3 node4
popd
chown swift.swift /mnt/swift_backend/*
for i in {1..4}; do sudo ln -s /mnt/swift_backend/node$i /srv/node$i; done;
mkdir -p /etc/swift/account-server \
/etc/swift/container-server \
/etc/swift/object-server \
/srv/node1/device \
/srv/node2/device \
/srv/node3/device \
/srv/node4/device
mkdir /run/swift
chown -L -R swift.swift /etc/swift /srv/node[1-4]/ /run/swift

为了在系统启动时启动Swift服务,需要把如下两行命令写入 /etc/rc.local里,位置在“exit 0;”之前:

sudo mkdir /run/swift
sudo chown swift.swift /run/swift

配置rsync

编辑 /etc/default/rsync文件

sed -i 's/RSYNC_ENABLE=false/RSYNC_ENABLE=true/g' /etc/default/rsync

创建 /etc/rsyncd.conf

cat > /etc/rsyncd.conf <<EOF
# General stuff
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /run/rsyncd.pid
address = 127.0.0.1

# Account Server replication settings
[account6012]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/account6012.lock

[account6022]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/account6022.lock

[account6032]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/account6032.lock

[account6042]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/account6042.lock

# Container server replication settings

[container6011]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/container6011.lock

[container6021]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/container6021.lock

[container6031]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/container6031.lock

[container6041]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/container6041.lock

# Object Server replication settings

[object6010]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/object6010.lock

[object6020]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/object6020.lock

[object6030]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/object6030.lock

[object6040]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/object6040.lock
EOF

重启rsync服务

service rsync restart

 

Swift

Swift配置文件

cat >/etc/swift/swift.conf <<EOF
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = `od -t x8 -N 8 -A n </dev/random`
EOF

 

Proxy Server

创建 /etc/swift/proxy-server.conf

cat > /etc/swift/proxy-server.conf <<EOF
[DEFAULT]
bind_port = 8080
#bind_port = 443
#cert_file = /etc/swift/cert.crt
#key_file = /etc/swift/cert.key
workers = 8
user = swift
log_facility = LOG_LOCAL1


[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server

[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211

[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = Member,admin

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_port = 5000
service_host = $MASTER
auth_port = 35357
auth_host = $MASTER
auth_protocol = http
auth_token = $SERVICE_TOKEN
admin_token = $SERVICE_TOKEN
admin_tenant_name = service
admin_user = swift
admin_password = $SERVICE_PASSWORD
cache = swift.cache

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:swift3]
use = egg:swift#swift3
EOF

Account Server, Container Server, Object Server

过程比较复杂,所以就考虑用脚本来搞定

for x in {1..4}; do
cat > /etc/swift/account-server/$x.conf <<EOF
[DEFAULT]
devices = /srv/node$x
mount_check = false
bind_port = 60${x}2
user = swift
log_facility = LOG_LOCAL2
 
[pipeline:main]
pipeline = account-server

[app:account-server]
use = egg:swift#account
 
[account-replicator]
vm_test_mode = no

[account-auditor]

[account-reaper]
EOF


cat >/etc/swift/container-server/$x.conf <<EOF
[DEFAULT]
devices = /srv/node$x
mount_check = false
bind_ip = 0.0.0.0
bind_port = 60${x}1
user = swift
log_facility = LOG_LOCAL2

[pipeline:main]
pipeline = container-server

[app:container-server]
use = egg:swift#container

[container-replicator]
vm_test_mode = no

[container-updater]

[container-auditor]

[container-sync]
EOF
 

cat > /etc/swift/object-server/${x}.conf <<EOF
[DEFAULT]
devices = /srv/node${x}
mount_check = false
bind_port = 60${x}0
user = swift
log_facility = LOG_LOCAL2

[pipeline:main]
pipeline = object-server

[app:object-server]
use = egg:swift#object

[object-replicator]
vm_test_mode = no

[object-updater]

[object-auditor]
EOF
cat <<EOF >>/etc/swift/container-server.conf 
[container-sync]
EOF
done

设置日志

sed -i 's/LOCAL2/LOCAL3/g' /etc/swift/account-server/2.conf
sed -i 's/LOCAL2/LOCAL4/g' /etc/swift/account-server/3.conf
sed -i 's/LOCAL2/LOCAL5/g' /etc/swift/account-server/4.conf
sed -i 's/LOCAL2/LOCAL3/g' /etc/swift/container-server/2.conf
sed -i 's/LOCAL2/LOCAL4/g' /etc/swift/container-server/3.conf
sed -i 's/LOCAL2/LOCAL5/g' /etc/swift/container-server/4.conf
sed -i 's/LOCAL2/LOCAL3/g' /etc/swift/object-server/2.conf
sed -i 's/LOCAL2/LOCAL4/g' /etc/swift/object-server/3.conf
sed -i 's/LOCAL2/LOCAL5/g' /etc/swift/object-server/4.conf

Ring Server

pushd /etc/swift
swift-ring-builder object.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder account.builder create 18 3 1
swift-ring-builder object.builder add z1-127.0.0.1:6010/device 1
swift-ring-builder object.builder add z2-127.0.0.1:6020/device 1
swift-ring-builder object.builder add z3-127.0.0.1:6030/device 1
swift-ring-builder object.builder add z4-127.0.0.1:6040/device 1
swift-ring-builder object.builder rebalance
swift-ring-builder container.builder add z1-127.0.0.1:6011/device 1
swift-ring-builder container.builder add z2-127.0.0.1:6021/device 1
swift-ring-builder container.builder add z3-127.0.0.1:6031/device 1
swift-ring-builder container.builder add z4-127.0.0.1:6041/device 1
swift-ring-builder container.builder rebalance
swift-ring-builder account.builder add z1-127.0.0.1:6012/device 1
swift-ring-builder account.builder add z2-127.0.0.1:6022/device 1
swift-ring-builder account.builder add z3-127.0.0.1:6032/device 1
swift-ring-builder account.builder add z4-127.0.0.1:6042/device 1
swift-ring-builder account.builder rebalance

 

启动相关服务

设置目录权限

chown -R swift.swift /etc/swift

启动swift服务

swift-init main start
swift-init rest start

验证

-k,是swift账号的密码

swift -v -V 2.0 -A http://127.0.0.1:5000/v2.0/ -U service:swift -K $SERVICE_PASSWORD stat

StorageURL: http://10.1.199.17:8080/v1/AUTH_a8b0b44cb5db4da39b053eabac6d3ed7 Auth Token: 3f85c92d6860444e90bf0e1bedc4b45a Account: AUTH_a8b0b44cb5db4da39b053eabac6d3ed7 Containers: 0 Objects: 0 Bytes: 0 Accept-Ranges: bytes X-Trans-Id: txea28887460ff4f1d84e9e826e5514711

你也可以直接运行 swift stat. 这时候是直接采用 租户/用户  admin/admin 去查询swift。因为我们设置了环境变量。

swift stat
   Account: AUTH_eb68709e74314aa59c449510a91f8d56
Containers: 0
   Objects: 0
     Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: txc5a3afa7f228471698c96fd561830a3d

Glance集成Swift

编辑 /etc/glance/glance-api.conf

#default_store = file
default_store = swift

#swift_store_auth_address = 127.0.0.1:35357/v2.0/
swift_store_auth_address = http://10.1.199.8:5000/v2.0/

#swift_store_user = jdoe:jdoe
swift_store_user = service:swift

#swift_store_key = a86850deb2742ec3cb41518e26aa2d89
swift_store_key = password

#swift_store_create_container_on_put = False
swift_store_create_container_on_put = True

说明

  1. swift_store_auth_addres 不能去掉http,否则会导致认证失败
  2. swift_store_key , 我理解就是swift的密码,也就是 租户 service,用户 swift的密码。

可以直接运行下面命令实现修改

sed -i "/default_store/s/file/swift/; /swift_store_auth_address/s/127.0.0.1:35357/$MASTER:5000/; /swift_store_user/s/jdoe:jdoe/service:swift/; /swift_store_key/s/a86850deb2742ec3cb41518e26aa2d89/$SERVICE_PASSWORD/; /swift_store_create_container_on_put/s/False/True/" /etc/glance/glance-api.conf

重启glance服务

service glance-api restart && service glance-registry restart

检测

这个时候,image就会传到swift上。在dashboard里,也可以上传文件。并且snapshot可以上传到swift上。

swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD stat
swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list

上面命令可以查看上传的image

没上传镜像前

# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD stat
   Account: AUTH_678c42aa31114faeb18add84615b4e83
Containers: 0
   Objects: 0
     Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: tx72707ce7086c4bf0bc72ff7ec2813a27
# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list

上传镜像后

# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD stat
   Account: AUTH_678c42aa31114faeb18add84615b4e83
Containers: 1
   Objects: 0
     Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: tx65d1d1ee502b4960839f8196b76813f6
# swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list
glance

 

其中:-V 2  指示为keystone验证; IP为keystone节点IP;service:swift为tanent:user ;-K为password

swift -V 2 -A http://$MASTER:5000/v2.0 -U admin:admin -K $OS_PASSWORD upload test \
/root/CentOS-6.2-x86_64-bin-DVD1.iso

  38 Responses to “Ubuntu 12.04 Openstack Essex 安装(单节点)Swift篇”

  1. 谢谢陈老师的分享。

  2. 遇到一个问题:
    新建的openstack用户无法使用swift,建容器时提示:Unable to create container.

  3. 用新建的openstack用户”pengchao”查看列表
    swift -V 2 -A http://192.168.0.24:5000/v2.0 -U admin:pengchao -K 123456 list
    返回:
    Account GET failed: http://192.168.0.24:8080/v1/AUTH_e8b18580e5b44cb79b10bd0f7a03bbdc?format=json 403 Forbidden 403 Forbidden

    Access was denied to this resource.

  4. 陈老师,如果想再增加一个storage节点该注意什么呢?

  5. 配置文件该怎么改呢?

  6. 陈老师:
    “上面命令可以查看上传的image

    其中:-V 2 指示为keystone验证; 10.1.199.8为keystone节点IP;service:swift为tanent:user ;-K为password
    swift -V 2 -A http://10.1.199.8:5000/v2.0 -U admin:admin -K chenshake upload test \
    /root/CentOS-6.2-x86_64-bin-DVD1.iso”
    这里10.1.199.8跟之前单节点安装的10.1.199.17是怎么区别的?

    • 这个地方有点问题。应该是17才对。这个和keystone里创建endpoint,指定的swift的proxy地址有关。文档等下做一个说明。

  7. 陈老师:
    “修改/etc/fstab, 原来是采用uuid,注释掉,加上

    /dev/sda6 /mnt/swift_backend xfs noatime,nodiratime,nobarrier,logbufs=8 0 0”
    做到上面这一步时,出现了
    “bash:/dev/sda5:权限不够”
    是哪里出错了啊?

  8. 哦。我那个uuid还没注释呢,是这样注释掉吗?
    “# /swift was on /dev/sda5 during installation
    UUID=06c690d8-11b9-4bd4-bf85-c6284b7da34f /swift ext4 defaults 0 2
    # /test was on /dev/sda6 during installation
    UUID=903d8152-9369-4404-92f8-4d02de085403 /test ext4 defaults 0 2
    # swap was on /dev/sda2 during installation
    UUID=62639837-8415-4aee-a723-214c34dfcbe1 none swap sw 0 0

    注释掉这句“#UUID=06c690d8-11b9-4bd4-bf85-c6284b7da34f /swift ext4 defaults 0 2”?

    • 我是有一个单独的分区swift,是安装的时候分的,所以需要这样处理。如果你是一个单独的硬盘就不需要。

  9. 陈老师:
    我按照你的文档做的,可是为么不能用glance上传镜像呢?出现这样的错误:
    “root@zx-pc:~/桌面# glance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare disk_format=qcow2 < cirros-0.3.0-x86_64-disk.img
    Uploading image 'cirros-0.3.0-x86_64'
    Uploading image 'cirros-0.3.0-x86_64'
    Failed to add image. Got error:
    You are not authenticated.
    Details: 401 Unauthorized

    This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

    Authentication required
    Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.
    =================================================[100%] 92.4M/s, ETA 0h 0m 0s
    [ 0%] ?B/s ETA ??h ??m ??s

  10. 我没有单独的分区给swift使用,怎么办啊?swift只能通过单独的分区模拟吗?

  11. 陈老师,您好!上星期openstack在深圳的那场会没看到您,本来想向您请教个问题,因为swift对大于5G的文件要进行分块的,glance用到了swift,对大于5G的镜像好像有问题。

    • sina的人比我牛逼多了。swift对于5G的文件是需要切块,不过这个是自动处理,你设置一下就可以。大于5G,我同事这边测试,没问题。应该就是修改glance的限制就可以,你看看glance的配置文件。我是没测试过。

  12. 陈老师:
    admin_token = chenshake
    这一项我是填哪一个?填的是跟keystone里面一样的,还是要随机生成一个呢?
    admin_password = chenshake
    这一项应该填那个数据库的密码,还是系统用户的密码,或者是指在此处设置一个密码呢?

    • token,你就写和keystone一样。不过我也没真正确认过。

      admin_password = chenshake,这个我倒是值得,这是在keystone创建用户的时候,创建了一个swift用户,他的密码是chenshake,我现在已经调整了keystone的安装,你可以选择使用你的密码。

  13. 谢谢陈老师。重新看了一下keystone-data.sh文件,里面却是创建了swift用户。auth_token = chenshake这一项是系统用户名吧?还是系统用户的密码?

    • 我也是今天才搞明白 auth_token 用途。我已经修改文档。不需要使用 auth_token.

  14. 陈老师,openstack安装的现在,控制节点的nova-compute是XXX号,计算节点的是笑脸。这可能是什么问题导致的。前提是:nova-compute已经安装了,并且服务处于启动状态。
    root@openstackM1:/etc/nova# nova-manage service list
    Binary Host Zone Status State Updated_At
    nova-consoleauth openstackM1 nova enabled 🙂 2012-10-08 08:42:09
    nova-cert openstackM1 nova enabled 🙂 2012-10-08 08:42:07
    nova-compute openstackM1 nova enabled XXX None
    nova-scheduler openstackM1 nova enabled 🙂 2012-10-08 08:42:09
    nova-volume openstackM1 nova enabled 🙂 2012-10-08 08:42:07
    nova-network openstackM1 nova enabled 🙂 2012-10-08 08:42:07
    nova-compute ubuntulocalhost nova enabled 🙂 2012-10-08 08:42:06
    nova-network ubuntulocalhost nova enabled 🙂 2012-10-08 08:42:07

  15. 陳老師您好,請問目前有任何軟體或者工具可以模擬openstack運作情況嗎?

    或者可模擬一類似UEC、vSphere等雲端控制軟體的模擬工具?

    懇請賜教!

    by雲端初心者

  16. 陈老师,请问怎么上传镜像到swift,
    我用这个命令上传文件或者img文件到swift?
    “swift -V 2 -A http://$MASTER:5000/v2.0 -U admin:admin -K $OS_PASSWORD upload test \
    /root/glance”
    但我最终显示结果还是没有内容。跟没上传镜像前的显示结果是一致的。

  17. 陈老师:再请教您一个问题,
    以下的命令是用来上传镜像到swift上面的吗?

    swift -V 2 -A http://$MASTER:5000/v2.0 -U admin:admin -K $OS_PASSWORD upload test \
    /root/CentOS-6.2-x86_64-bin-DVD1.iso

    谢谢,麻烦您有时间看一下。

    • 这个命令,其实是上传一个iso到swift,不过文件过大,在我的环境下是失败的。具体原因还不清楚。

      • 陈老师,再打扰您一下,如果上传比较小的镜像文件,用下面这个命令是否就可以查看到上传成功的镜像?
        swift -V 2 -A http://$MASTER:5000/v2.0 -U service:swift -K $SERVICE_PASSWORD list

        谢谢!!

  18. 陈老师:
    为什么使用
    glance add name=cirros is_public=true container_format=bare \
    disk_format=qcow2 < cirros-0.3.0-i386-disk.img
    后,再使用:
    glance index
    有结果,但是使用:
    swift list
    却没有结果。

    swift stat 可以出结果!!!

    • 兄台遇到过swift stat 执行的时候卡住,很长时间不报错也不出结果,谢谢

  19. 陈老师:

    swift配置结束之后,使用swift -A http://127.0.0.1:5000/v2.0 -U service:swift -K password stat -V 2进行验证的时候,命令一直在执行,不报错也不执行结束,请陈老师指点下,谢谢

  20. 陈老师你好,我想问下,swift的可用容量是怎么计算的,单节点的时候和多节点的时候计算方法一样吗?总所周知swift一个文件要放在三个地方,那是不是说可用容量是物理容量的三分之一?这个问题一直困扰着我,望解答,谢谢!

  21. 陈老师,请问有没有openstack+ceph radosgw的资料

  22. 请问陈老师。对swift做压力测试用什么工具啊

 Leave a Reply

(required)

(required)