OpenStack組件Swift單機搭建(Keystone)
轉載:張大神。orzorzorz
安裝環境:Ubuntu 16.04.1
需要兩塊硬盤(一塊爲系統盤,一塊用於安裝Swift)
需要有IP地址
環境準備
修改hosts
編輯 /etc/hosts,添加
IP地址 controller
安裝Openstack源並更新和安裝
apt install software-properties-common
add-apt-repository cloud-archive:newton
apt update && apt dist-upgrade
安裝完成後重啓
安裝Openstack客戶端
apt install python-openstackclient
安裝數據庫
1、安裝數據庫服務
apt install mariadb-server python-pymysql
2、創建或修改/etc/mysql/mariadb.conf.d/99-openstack.cnf文件
(若文件存在則修改,不存在則創建,存在的文件中未提及的選項則保持不變,下同)
[mysqld]
bind-address = 你的IP地址
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
3、將/etc/mysql/mariadb.conf.d/下所有的文件中所有utf8mb4改爲utf8
4、進入數據庫,設置root密碼,添加遠程登錄權限
# mysql -u root
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' \
IDENTIFIED BY 'root密碼';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' \
IDENTIFIED BY 'root密碼';
mysql> flush privileges;
mysql> exit;
5、重啓數據庫
service mysql restart
安裝消息隊列服務(Message Queue)
1、安裝服務
apt install rabbitmq-server
2、添加openstack用戶並添加權限
rabbitmqctl add_user openstack 設置一個密碼
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安裝分佈式緩存服務(Memcached)
1、安裝服務
apt install memcached python-memcache
2、修改配置文件/etc/memcached.conf
-l 你的IP地址
3、重啓服務
service memcached restart
安裝配置Keystone,並添加域、項目、用戶和角色
準備
1、添加Keystone數據庫和相關用戶
# mysql -u root -p
Create the keystone database:
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'Keystone密碼';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'Keystone密碼';
2、安裝服務
apt install keystone
配置Keystone
1、編輯/etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone用戶的密碼@controller/keystone
[token]
provider = fernet
2、填充keystone數據庫
su -s /bin/sh -c "keystone-manage db_sync" keystone
3、初始化fernet key repositories
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
4、對認證服務進行引導
keystone-manage bootstrap --bootstrap-password 設置一個管理員密碼 \
--bootstrap-admin-url http:
--bootstrap-internal-url http:
--bootstrap-public-url http:
--bootstrap-region-id RegionOne
配置Apache HTTP服務
1、編輯/etc/apache2/apache2.conf
ServerName controller
2、重啓apache服務,並且刪除SQLite數據庫
service apache2 restart
rm -f /var/lib/keystone/keystone.db
3、添加一些環境變量(臨時的哦)
export OS_USERNAME=admin
export OS_PASSWORD=你的admin密碼
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http:
export OS_IDENTITY_API_VERSION=3
創建域、項目、用戶和角色
1、創建一個service項目
openstack project create --domain default \
--description "Service Project" service
2、創建一個demo項目和user
創建demo項目
創建demo用戶
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo(輸入此句之後需要設置demo密碼)
創建user角色
openstack role create user
添加user角色到demo項目和用戶中
-- --
驗證操作
1、基於安全的考慮在/etc/keystone/keystone-paste.ini中移除
[pipeline:public_api], [pipeline:admin_api],[pipeline:api_v3] 中的admin_token_auth
2、移除掉一些環境變量
unset OS_AUTH_URL OS_PASSWORD
3、以admin用戶的身份請求一個認證令牌
openstack --os-auth-url http:
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
(要求輸入admin密碼)
如果出現類似於以下的信息則表示成功
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
3、以demo用戶的身份請求一個認證令牌
openstack --os-auth-url http:
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
(要求輸入demo密碼)
如果出現類似於以下的信息則表示成功
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
寫♂腳♂本
1、創建admin-openrc文件
由於環境變量會失效(除非你設置在bashrc裏面去了,不過這不利於更換用戶身份)爲了方便,可以創建一些腳本
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=你的admin密碼
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2、創建demo-openrc文件
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=你的demo密碼
export OS_AUTH_URL=http:
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3、驗證一下
sh admin-openrc
openstack token issue
如果出現類似於以下的信息則表示成功
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
安裝並配置Swift服務
環境準備
1、運行腳本
sh admin-openrc
2、向Keystone添加swift相關信息
添加swift用戶
openstack user create --domain default --password-prompt swift(此處需要設置密碼)
將admin角色加入到swift用戶中
-- --
添加swift服務實體
openstack service create
添加對象存儲服務API的端點(endpoints)
openstack endpoint create
object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create
object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create
object-store admin http://controller:8080/v1
3、安裝相關服務
apt install swift swift-proxy python-swiftclient \
python-keystoneclient python-keystonemiddleware \
memcached \
swift swift-account swift-container swift-object
配置proxy服務
1、創建並進入/etc/swift文件夾
2、下載proxy-server.conf
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton
3、編輯proxy-server.conf
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 你的swift密碼
delay_auth_decision = True
[filter:cache]
use = egg:swift#memcache
memcache_servers = controller:11211
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
配置存儲相關服務
1、安裝服務
apt install xfsprogs rsync
2、格式化硬盤爲XFS格式
(如果不知道硬盤名,可使用fdisk -l查看)
mkfs.xfs /dev/硬盤
3、創建掛載節點的文件目錄
mkdir -p /srv/node/硬盤
4、在/etc/fstab中添加
/dev/硬盤 /srv/node/硬盤 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
5、掛載硬盤
mount /srv/node/硬盤
6、創建並編輯文件 /etc/rsyncd.conf
mkdir /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 你的IP
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
7、編輯/etc/default/rsync
RSYNC_ENABLE=true
8、啓動rsync服務
service rsync start
9、下載配置文件
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton
10、編輯/etc/swift/account-server.conf
[DEFAULT]
bind_ip = 你的IP
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
11、編輯/etc/swift/container-server.conf
[DEFAULT]
bind_ip = 你的IP
bind_port = 6001(2.conf爲6011)
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
12、編輯/etc/swift/object-server.conf
[DEFAULT]
bind_ip = 你的IP
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
13、修改權限
chown -R swift:swift /srv/node/*
mkdir -p /var/cache/swift/1 /var/cache/swift/2
chown -R root:swift /var/cache/swift/*
chmod -R 775 /var/cache/swift/*
創建並分配初始化環
1、在/etc/swift中執行以下命令
-- .
-- .
-- -- -- -- -- --
-- .
-- .
-- .
-- -- -- -- -- --
-- .
-- .
-- .
-- -- -- -- -- --
-- .
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
2、在/etc/swift下下載文件
curl -o /etc/swift/swift.conf \
https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton
3、執行以下命令兩次獲得兩個字符串
openssl rand -hex 10
4、編輯/etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = 第一個字符串
swift_hash_path_prefix = 第二個字符串
[storage-policy:0]
name = Policy-0
default = yes
5、修改權限
chown -R root:swift /etc/swift/*
6、重啓服務
service memcached restart
service swift-proxy restart
7、啓動對象存儲服務
swift-init all start
驗證swift
1、運行腳本
sh demo-openrc
2、獲得服務狀態
swift stat
顯示類似以下信息即成功
Account: AUTH_ed0b60bf607743088218b0a533d5943f
Containers: 0
Objects: 0
Bytes: 0
Containers in policy "policy-0": 0
Objects in policy "policy-0": 0
Bytes in policy "policy-0": 0
X-Account-Project-Domain-Id: default
X-Timestamp: 1444143887.71539
X-Trans-Id: tx1396aeaf17254e94beb34-0056143bde
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
3、創建一個容器
openstack container create 容器名
4、上傳一個對象
openstack object create 容器名 對象名
5、獲得對象列表
openstack object list 容器名字
6、下載對象
openstack object save 容器名 對象名
可以用curl或postman驗證