转载请写明出处:http://blog.youkuaiyun.com/cywosp/article/details/7439440
1. 摘要说明
本文所涉及到的所有操作都是在Ubuntu Server 11.10 64位系统上通过验证。本文参考了Openstack keystone的相关文档,具体信息如下:
- Linux系统版本:Ubuntu Server 11.10 64-bit oneiric
- Proxy Server IP: 192.168.112.129
- Storage Server One: 192.168.112.130
- Storage Server Two: 192.168.112.131
- Storage Server Three: 192.168.112.132
- Keystone Server IP: 192.168.112.133
- 官方文档: www.openstack.org
- 参考文档: http://keystone.openstack.org/installing.html
- Swift版本: 1.4.8
- Keystone版本: 2012.2
![]()
2. 为每一台机器创建swift用户
- sudo useradd -mk /home/swift/ -s /bin/bash swift
- sudo passwd swift #为swift用户添加密码,在此我将其设为了swift
- 编辑/etc/sudoer文件,在文件末尾添加如下代码
- swift ALL=(ALL) NOPASSWD:ALL
3. 下载源码(在swift用户下操作)
- 1.安装git工具
- sudo apt-get install git-core
- 2.在Proxy机器中下载keystone和swift源码
- su swift #切换到swift用户
- sudo mkdir /home/swift/openstack #创建一个目录来存放
- cd /home/swift/openstack
- git clone https://github.com/openstack/swift.git #下载swift
- cd swift
- git checkout 1.4.8 #使用1.4.8版本,在swift目录下你可以
- #使用git tag命令查看有多少个版本
- git clone https://github.com/openstack/keystone.git
- cd keystone
- git checkout 75a8dfe
- 3.在每一台Storage节点的机器中下载swift
- su swift #切换到swift用户
- sudo mkdir /home/swift/openstack #创建一个目录来存放
- cd /home/swift/openstack
- git clone https://github.com/openstack/swift.git #下载swift
- cd swift
- git checkout 1.4.8 #使用1.4.8版本,在swift目录下你可以
- #使用git tag命令查看有多少个版本
- 4.在Auth (keystone)节点的机器中下载keystone和python-keystoneclient
- su swift #切换到swift用户
- sudo mkdir /home/swift/openstack #创建一个目录来存放
- cd /home/swift/openstack
- git clone https://github.com/openstack/keystone.git
- cd keystone
- git checkout 75a8dfe
- git clone https://github.com/openstack/python-keystoneclient.git
- cd /home/swift/openstack/python-keystoneclient
4. 安装swift和keystone以及相关依赖包(在swift用户下操作)
- 1.所有Storage节点上的安装
- sudo apt-get --option Dpkg::Options::=--force-confold --assume-yes update
- sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof vim-nox curl python-mysqldb
- cd /home/swift/openstack/
- sudo pip install -r ./swift/tools/ pip-requires #安装swift的相关依赖,这里可能需要点时间
- #安装swift
- cd /home/swift/openstack/swift
- sudo python setup.py install --record file.txt #假如要删除所安装的东西需要用root用户来删除,删除方法:
- sudo cat file.txt | xargs rm -rf
- 2.Proxy节点上的安装
- sudo apt-get --option Dpkg::Options::=--force-confold --assume-yes update
- sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof vim-nox curl python-mysqldb
- cd /home/swift/openstack/
- sudo pip install -r ./swift/tools/ pip-requires
- cd /home/swift/openstack/swift
- sudo python setup.py install --record file.txt
- cd /home/swift/openstack/keystone
- sudo pip install -r ./tools/pip-requires
- sudo python setup.py install --record file.txt
- 3.Auth(Keystone)节点的安装
- sudo apt-get --option Dpkg::Options::=--force-confold --assume-yes update
- sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof vim-nox curl python-mysqldb mysql-server mysql-client
- cd /home/swift/openstack/
- sudo pip install -r ./keystone/tools/pip-requires
- sudo pip install -r ./ python-keystoneclient/tools/pip-requires
- cd /home/swift/openstack/python-keystoneclient/
- sudo python setup.py install --record file.txt
- cd /home/swift/openstack/keystone
- sudo python setup.py install --record file.txt
5. Proxy节点的设置(192.168.112.129)
- 1.sudo apt-get install memcached #安装缓存服务器
- 修改/etc/ memcached.conf文件,将-l 127.0.0.1改为-l 192.168.112.129(这里我是根据我自己的情况设定的,具体原因见第一点中的图)
- sudo service memcached restart
- sudo mkdir /etc/swift
- cd /etc/swift
- sudo chown -R swift:swift /etc/swift
- cp /home/swift/openstack/swift/etc/proxy-server.conf /etc/swift/
- cp /home/swift/openstack/swift/etc/swift.conf /etc/swift/
- 2.修改/etc/swift/proxy-server.conf文件,具体内容如下,原文件中没有的项需要自行增加
- [DEFAULT]
- bind_port = 8080
- user = swift
- swift_dir = /etc/swift
- workers = 1
- [pipeline:main]
- pipeline = healthcheck cache swift3 authtoken keystone proxy-server
- [app:proxy-server]
- use = egg:swift#proxy
- allow_account_management = true
- account_autocreate = true
- [filter:keystone]
- paste.filter_factory = keystone.middleware.swift_auth:filter_factory
- operator_roles = Member,admin
- [filter:authtoken]
- paste.filter_factory = keystone.middleware.auth_token:filter_factory
- auth_host =<span style="background-color: rgb(255, 255, 255);"> </span><span style="background-color: rgb(204, 204, 204);">192.168.112.133</span>
- auth_port = 35357
- auth_protocol = http
- auth_uri = http://192.168.112.133:5000/
- admin_tenant_name = service
- admin_user = swift
- admin_password = admin
- [filter:swift3]
- use = egg:swift#swift3
- [filter:healthcheck]
- use = egg:swift#healthcheck
- [filter:cache]
- use = egg:swift#memcache
- 192.168.112.133部分为Auth(Keystone)节点的IP
- 3.修改/etc/swift/swift.conf,‘cynric’部分是随意更改的,你可以根据自己的需要更改
- [swift-hash]
- swift_hash_path_suffix = cynric
- 4.生成相关ring以及builder文件,使用如下命令生成,加粗部分是根据具体情况而更改的,具体原因见摘要说明里的图。每一台机器使用一个域(z1, z2, z3…依次递增)
- sudo chown -R swift:swift /etc/swift/*
- cd /etc/swift
- swift-ring-builder object.builder create 18 3 1
- swift-ring-builder container.builder create 18 3 1
- swift-ring-builder account.builder create 18 3 1
- export HOST_IP=192.168.112.130
- swift-ring-builder object.builder add z1-${HOST_IP}:6010/sdb1 100
- swift-ring-builder container.builder add z1-${HOST_IP}:6011/sdb1 100
- swift-ring-builder account.builder add z1-${HOST_IP}:6012/sdb1 100
- export HOST_IP=192.168.112.131
- swift-ring-builder object.builder add z2-${HOST_IP}:6010/sdb1 100
- swift-ring-builder container.builder add z2-${HOST_IP}:6011/sdb1 100
- swift-ring-builder account.builder add z2-${HOST_IP}:6012/sdb1 100
- export HOST_IP=192.168.112.132
- swift-ring-builder object.builder add z3-${HOST_IP}:6010/sdb1 100
- swift-ring-builder container.builder add z3-${HOST_IP}:6011/sdb1 100
- swift-ring-builder account.builder add z3-${HOST_IP}:6012/sdb1 100
- swift-ring-builder object.builder rebalance
- swift-ring-builder container.builder rebalance
- swift-ring-builder account.builder rebalance
- 5.启动proxy服务
- swift-init proxy start
6. 配置Storage节点
7. Auth(Keystone)节点的配置
因为每个Storage节点的设置基本上是相似的,所以在这里只拿其中一个节点做示例(192.168.112.130),其他节点只需要重复一下几步操作就可以了
- 1.创建/etc/swift目录
- sudo mkdir /etc/swift
- sudo chown -R swift:swift /etc/swift/*
- 2.将Proxy节点上/etc/swift/中的account.ring.gz container.ring.gz
- object.ring.gz swift.conf拷贝到当前存储节点(192.168.112.130) /etc/swift目录中,可使用如下命令
- scp swift@192.168.112.129:/etc/swift/*.ring.gz /etc/swift/
- scp swift@192.168.112.129:/etc/swift/swift.conf /etc/swift/
- sudo chown -R swift:swift /etc/swift/*
- 3.更改/etc/rsyncd.conf文件,如果该文件不存在则需要自行创建,内容如下
- uid = swift
- gid = swift
- log file = /var/log/rsyncd.log
- pid file = /var/run/rsyncd.pid
- address = 127.0.0.1 #这里也可以改为192.168.112.130
- [account]
- max connections = 2
- path = /srv/node/
- read only = false
- lock file = /var/lock/account.lock
- [conainer]
- max connections = 2
- path = /srv/node/
- read only = false
- lock file = /var/lock/container.lock
- [object]
- max connections = 2
- path = /srv/node/
- read only = false
- lock file = /var/lock/object.lock
- 编辑/etc/default/rsync:
- 将RSYNC_ENABLE设置为true
- 更改好之后,重启该服务
- sudo service rsync restart
- 4.存储点的设置
- 这里有分两种情况来设置存储点
- a.假设你的系统里有一个单独分区,使用此分区来做存储点,在这里假设系统中有/dev/sdb1(注:这里根据你自己系统的情况而定)这个分区未被使用,我们用它来做存储点。
- sudo mkdir -p /srv/node/sdb1
- sudo mkfs.xfs -i size=1024 /dev/sdb1 #以xfs方式格式化分区
- sudo chmod a+w /etc/fstab
- sudo echo “/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime
- nobarrier,logbufs=8 0 0” >> /etc/fstab #系统启动时自动挂载,这里的sdb1是一定不能改的,因为在做Proxy节点生成相应的ring文件时使用了sdb1 (swift-ring-builder object.builder add z1-${HOST_IP}:6010/sdb1 100)的时候,加入需要更改则两个地方都需要改
- sudo mount /srv/node/sdb1
- sudo chown -R swift:swift /srv/node/sdb1
- sudo chmod a+w -R /srv/node/sdb1
- b.如果系统里没有单独的分区来做存储点,则需要创建一个临时分区来做存储点
- sudo mkdir -p /srv/node/sdb1
- sudo dd if=/dev/zero of=/srv/swift-disk bs=1024 count=0 seek=1000000 #这个命令是在/srv/下创建一个名为swift-disk的存储区,你可以改变seek的大小来改变swift-disk的大小
- sudo mkfs.xfs -i size=1024 /srv/swift-disk
- sudo chmod a+w /etc/fstab
- sudo echo “/srv/swift-disk /srv/node/sdb1 xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0” >> /etc/fstab #系统启动时自动挂载
- sudo mount /srv/node/sdb1
- sudo chown -R swift:swift /srv/node/sdb1
- sudo chmod a+w -R /srv/node/sdb1
- sudo chmod a+w /srv/swift-disk
- c.创建相关的目录
- sudo mkdir /var/run/swift
- sudo chown swift:swift /var/run/swift
- sudo chmod a+w /var/run/swift
- d.在/etc/rc.local的exit 0之前加入下列三行
- mkdir /var/run/swift
- chown swift:swift /var/run/swift
- chmod a+w /var/run/swift
- 5.Swift文件配置
- 创建/etc/swift/account-server.conf文件,并加入如下配置
- [DEFAULT]
- devices = /srv/node
- mount_check = false
- bind_port = 6012
- user = swift
- bind_ip = 0.0.0.0
- workers = 2
- [pipeline:main]
- pipeline = account-server
- [app:account-server]
- use = egg:swift#account
- [account-replicator]
- [account-auditor]
- [account-reaper]
- 创建/etc/swift/object-server.conf文件
- [DEFAULT]
- devices = /srv/node
- mount_check = false
- bind_port = 6010
- user = swift
- bind_ip = 0.0.0.0
- workers = 2
- [pipeline:main]
- pipeline = object-server
- [app:object-server]
- use = egg:swift#object
- [object-replicator]
- [object-updater]
- [object-auditor]
- 创建/etc/swift/ container-server.conf文件
- [DEFAULT]
- devices = /srv/node
- mount_check = false
- bind_port = 6011
- user = swift
- bind_ip = 0.0.0.0
- workers = 2
- [pipeline:main]
- pipeline = container-server
- [app:container-server]
- use = egg:swift#container
- [container-replicator]
- [container-updater]
- [container-auditor]
- [container-sync]
- 6.启动swift服务
- sudo chown -R swift:swift /etc/swift/*
- swift-init all start
- #当启动的时候可能会报WARNING: Unable to increase file descriptor limit. Running as non-root? 这是正常情况
- sudo mkdir /etc/keystone
- sudo chown -R swift:swift /etc/keystone
- cp -r /home/swift/openstack/keystone/etc/* /etc/keystone
- 1.修改/etc/keystone/keystone.conf文件
- 将connection = sqlite:///keystone.db更改为
- connection = mysql://keystone:keystone@127.0.0.1/keystone
- 将[identity]下的driver设置成如下
- driver = keystone.identity.backends.sql.Identity
- 将[catalog]下的driver设置成如下
- driver = keystone.catalog.backends.sql.Catalog
- 其他的保持不变即可
- 2.Mysql的设置
- mysql -u root -p #以root身份登录mysql数据库
- 在数据库中做如下操作
- CREATE DATABASE keystone;
- GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
- commit;
- 修改/etc/mysql/my.conf文件
- 将bind-address = 127.0.0.1改为bind-address = 0.0.0.0
- 重启mysql服务
- sudo service mysql restart
- 3.同步数据库创建相应的数据库表
- keystone-manage db_sync
- #执行成功之后,在mysql的keystone数据库中将会创建一下表,你可以登 陆数据库查看
- +------------------------+
- | Tables_in_keystone |
- +------------------------+
- | ec2_credential |
- | endpoint |
- | metadata |
- | migrate_version |
- | role |
- | service |
- | tenant |
- | token |
- | user |
- | user_tenant_membership |
- +------------------------+
- 4.创建相应的keystone用户以及keystone服务端点
- #!/usr/bin/env bash
- ADMIN_PASSWORD=admin
- ENABLE_SWIFT=1
- ENABLE_ENDPOINTS=1
- KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
- SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
- # Extract some info from Keystone's configuration file
- if [[ -r "$KEYSTONE_CONF" ]]; then
- CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
- CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
- fi
- export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
- if [[ -z "$SERVICE_TOKEN" ]]; then
- echo "No service token found."
- echo "Set SERVICE_TOKEN manually from keystone.conf admin_token."
- exit 1
- fi
- export SERVICE_ENDPOINT=${SERVICE_ENDPOINT:-http://127.0.0.1:${CONFIG_ADMIN_PORT:-35357}/v2.0}
- function get_id () {
- echo `"$@" | grep ' id ' | awk '{print $4}'`
- }
- # Tenants
- ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
- SERVICE_TENANT=$(get_id keystone tenant-create --name=service)
- DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
- # Users
- ADMIN_USER=$(get_id keystone user-create --name=admin \
- --pass="$ADMIN_PASSWORD" \
- --email=admin@example.com)
- DEMO_USER=$(get_id keystone user-create --name=demo \
- --pass="$ADMIN_PASSWORD" \
- --email=admin@example.com)
- # Roles
- ADMIN_ROLE=$(get_id keystone role-create --name=admin)
- MEMBER_ROLE=$(get_id keystone role-create --name=Member)
- KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
- KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
- SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
- # Add Roles to Users in Tenants
- keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
- keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
- keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
- keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
- # TODO(termie): these two might be dubious
- keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
- keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
- # Services
- KEYSTONE_SERVICE=$(get_id \
- keystone service-create --name=keystone \
- --type=identity \
- --description="Keystone Identity Service")
- if [[ -n "$ENABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE \
- --publicurl 'http://localhost:$(public_port)s/v2.0' \
- --adminurl 'http://localhost:$(admin_port)s/v2.0' \
- --internalurl 'http://localhost:$(admin_port)s/v2.0'
- fi
- if [[ -n "$ENABLE_SWIFT" ]]; then
- SWIFT_SERVICE=$(get_id keystone service-create --name=swift \
- --type="object-store" \
- --description="Swift Service")
- SWIFT_USER=$(get_id keystone user-create --name=swift \
- --pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=swift@example.com)
- keystone user-role-add --tenant_id $SERVICE_TENANT \
- --user $SWIFT_USER \
- --role $ADMIN_ROLE
- keystone endpoint-create --region RegionOne --service_id $SWIFT_SERVICE \
- --publicurl 'http://192.168.112.129:8080/v1/AUTH_$(tenant_id)s' \
- --adminurl 'http://192.168.112.129:8080/' \
- --internalurl 'http://192.168.112.129:8080/v1/AUTH_$(tenant_id)s'
- fi
- 将以上shell代码拷贝到一个文件中,然后执行(在Auth(Keystone)主机中)。
- 其创建了以下主要关系的数据:
- Tenant User Roles password
- -----------------------------------------------------------
- admin admin admin admin
- service swift admin admin
- demo admin admin admin
- demo demo Member,sysadmin admin
注意:在创建swift的endpoint时,各个url所指向的必须是Proxy节点, 例如上面IP地址(192.168.112.129)。如果有多个Proxy节点则需要加入多个endpoint。
8. 开启各个节点的服务(swift用户下操作)
9. 验证与使用
Proxy节点:swift-init proxy start
各个Storage节点:swift-init all start
Auth(Keystone)节点:
sudo screen -S keystone #创建一个名为keystone的临时终端,这样 可以隐藏多余的打印信息
su swift #切换到swift用户
keystone-all #这里会输出很多信息,调试的时候可以用到
迅速按下Ctrl+a Ctrl+d键,此时会返回类似于这样的信息[detached from 4334.key],记住红色部分的编号,要想恢复原来keystone临时终 端时可以使用命令:sudo screen -r 4334
a. 验证整个存储架构是否成功(在Proxy节点上或者安装了swift的节点上操作)
swift -A http://192.168.112.133:5000/v2.0 -U admin -K admin stat -V 2
执行成功会返回类似如下的信息:
Account:AUTH_308722b8cc8747a5afdd9b7b1f6155e8
Containers:0
Objects:0
Bytes:0
Accept-Ranges:bytes
b. 用curl测试
- curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://192.168.112.133:35357/v2.0/tokens | python -mjson.tool