grizzly版swift和keystone整合

最新推荐文章于 2019-12-26 11:00:31 发布

原创最新推荐文章于 2019-12-26 11:00:31 发布 · 833 阅读

0 ·

CC 4.0 BY-SA版权

本文详细介绍了在Ubuntu 12.0.4环境下部署OpenStack Grizzly，并将Swift服务与Keystone进行整合的过程。包括网络配置、部署方案、Swift和Keystone的配置细节，以及遇到的问题与解决方案。

系统：ubuntu 12.0.4

环境：3节点

controller节点：172.16.77.128（swift的proxy也在此节点）

network节点：172.16.77.130

compute节点：172.16.77.131

Openstack部署方案参考：

https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst

swift部署方案参考：

http://blog.lightcloud.cn/?p=68

及官方文档

http://docs.openstack.org/developer/swift/howto_installmultinode.html

swift和keystone参考：

http://docs.openstack.org/developer/swift/overview_auth.html

网上有些swift和keystone结合的文章，但是由于swift版本较老，在swift 1.8.0中并不适用

swift和keystone整合前/etc/swift/proxy-server.conf：

[DEFAULT]

bind_port = 8080

bind_ip = 172.16.77.128

workers = 8

user = swift

log_level = DEBUG

log_facility = LOG_LOCAL1

[pipeline:main]

pipeline = healthcheck cache tempauth proxy-server

[app:proxy-server]

use = egg:swift#proxy

allow_account_management = true

account_autocreate = true

[filter:tempauth]

use = egg:swift#tempauth

user_admin_admin = admin .admin .reseller_admin

user_test_tester = testing .admin

user_test2_tester2 = testing2 .admin

user_test_tester3 = testing3

[filter:healthcheck]

use = egg:swift#healthcheck

[filter:cache]

use = egg:swift#memcache

memcache_servers = 172.16.77.128:11211

swift和keystone整合后/etc/swift/proxy-server.conf：

[DEFAULT]

bind_port = 8080

bind_ip = 172.16.77.128

workers = 8

user = swift

log_level = DEBUG

log_facility = LOG_LOCAL1

[pipeline:main]

pipeline = healthcheck cache authtoken keystoneauth proxy-server

[app:proxy-server]

use = egg:swift#proxy

allow_account_management = true

account_autocreate = true

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 172.16.77.128

auth_port = 35357

auth_protocol = http

auth_uri = http://172.16.77.128:5000/

admin_tenant_name = service

admin_user = swift

admin_password = service_pass

cache = swift.cache

signing_dir = /etc/swift

[filter:keystoneauth]

use = egg:swift#keystoneauth

operator_roles = admin, swiftoperator

[filter:healthcheck]

use = egg:swift#healthcheck

[filter:cache]

use = egg:swift#memcache

memcache_servers = 172.16.77.128:11211

keystone需要做的操作，脚本供参考：

==================================================================================================

HOST_IP=172.16.77.128

ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}

SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}

export SERVICE_TOKEN="ADMIN"

export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"

SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}

KEYSTONE_REGION=RegionOne

get_id () {

echo `$@ | awk '/ id / { print $4 }'`

}

ADMIN_TENANT=$(keystone tenant-list|grep admin|awk -F"|" '{print $2}'|awk -F" " '{print $1}')

SERVICE_TENANT=$(keystone tenant-list|grep $SERVICE_TENANT_NAME|awk -F"|" '{print $2}'|awk -F" " '{print $1}')

ADMIN_ROLE=$(keystone role-list|grep admin |awk -F"|" '{print $2}'|awk -F" " '{print $1}')

SWIFT_USER=$(get_id keystone user-create --name=swift --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=swift@domain.com)

keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $SWIFT_USER --role-id $ADMIN_ROLE

SWIFT_SERVICE=$(get_id keystone service-create --name swift --type object-store --description 'OpenStack Storage Service')

keystone endpoint-create --region $KEYSTONE_REGION --service_id $SWIFT_SERVICE --publicurl 'http://172.16.77.128:8080/v1/AUTH_$(tenant_id)s' --adminurl 'http://172.16.77.128:8080/' --internalurl 'http://172.16.77.128:8080/v1/AUTH_$(tenant_id)s'

==================================================================================================

/etc/keystone/default_catalog.templates添加：

catalog.RegionOne.object_store.name = Swift Service

catalog.RegionOne.object_store.publicURL = http://swiftproxy:8080/v1/AUTH_$(tenant_id)s

catalog.RegionOne.object_store.adminURL = http://swiftproxy:8080/

catalog.RegionOne.object_store.internalURL = http://swiftproxy:8080/v1/AUTH_$(tenant_id)s

附上几个部署过程中遇到的问题及解决方法：

Aug 15 05:15:37 controller1 proxy-server UNCAUGHT EXCEPTION#012Traceback (most recent call last):#012 File "/usr/bin/swift-proxy-server", line 22, in #012 run_wsgi(conf_file, 'proxy-server', default_port=8080, **options)#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 187, in run_wsgi#012 run_server()#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 149, in run_server#012 global_conf={'log_name': log_name})#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 247, in loadapp#012 return loadobj(APP, uri, name=name, **kw)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 272, in loadobj#012 return context.create()#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create#012 return self.object_type.invoke(self)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 207, in invoke#012 app = filter(app)#012 File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py", line 1153, in auth_filter#012 return AuthProtocol(app, conf)#012 File "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py", line 304, in __init__#012 os.makedirs(self.signing_dirname)#012 File "/usr/lib/python2.7/os.py", line 157, in makedirs#012 mkdir(name, mode)#012OSError: [Errno 13] Permission denied: '/root/keystone-signing'

解决方式：https://bugs.launchpad.net/keystone/+bug/1036847

/etc/swift/proxy-server.conf中[filter:authtoken]下添加

signing_dir = /etc/swift

Aug 15 05:55:18 controller1 proxy-server UNCAUGHT EXCEPTION#012Traceback (most recent call last):#012 File "/usr/bin/swift-proxy-server", line 22, in #012 run_wsgi(conf_file, 'proxy-server', default_port=8080, **options)#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 187, in run_wsgi#012 run_server()#012 File "/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 149, in run_server#012 global_conf={'log_name': log_name})#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 247, in loadapp#012 return loadobj(APP, uri, name=name, **kw)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 271, in loadobj#012 global_conf=global_conf)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 296, in loadcontext#012 global_conf=global_conf)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 317, in _loadconfig#012 loader = ConfigLoader(path)#012 File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 393, in __init__#012 with open(filename) as f:#012IOError: [Errno 13] Permission denied: '/etc/swift/proxy-server.conf'

解决方式：https://bugzilla.redhat.com/show_bug.cgi?id=967631

chown root:root /etc/swift

chown swift:swift /etc/swift

root@controller1:/etc/swift# swift -A http://172.16.77.128:5000/v2.0 -U user_one -K user_one stat -V 2

Account HEAD failed: http://172.16.77.128:8080/v1/AUTH_4351cda4e5e44278b0e6050eadfbea81 401 Unauthorized

用户权限问题：

keystone role-create --name swiftoperator

keystone user-role-add --tenant-id 4351cda4e5e44278b0e6050eadfbea81 --user-id 8a4dab8816a84f72af39ea1de81e6edd --role-id 836640f839344cfca5f68f16083d18da

swift -A http://172.16.77.128:5000/v2.0 -U user_one -K user_one stat -V 2