转载请写明出处:http://blog.csdn.net/cywosp/article/details/7439440
1. 摘要说明
本文所涉及到的所有操作都是在Ubuntu Server 11.10 64位系统上通过验证。本文参考了Openstack keystone的相关文档,具体信息如下:Linux系统版本:Ubuntu Server 11.10 64-bit oneiric Proxy Server IP: 192.168.112.129 Storage Server One: 192.168.112.130 Storage Server Two: 192.168.112.131 Storage Server Three: 192.168.112.132 Keystone Server IP: 192.168.112.133 官方文档: www.openstack.org 参考文档: http://keystone.openstack.org/installing.html Swift版本: 1.4.8 Keystone版本: 2012.2
2. 为每一台机器创建swift用户
sudo useradd -mk /home/swift/ -s /bin/bash swift sudo passwd swift #为swift用户添加密码,在此我将其设为了swift 编辑/etc/sudoer文件,在文件末尾添加如下代码 swift ALL=(ALL) NOPASSWD:ALL
3. 下载源码(在swift用户下操作)
1.安装git工具 sudo apt-get install git-core 2.在Proxy机器中下载keystone和swift源码 su swift #切换到swift用户 sudo mkdir /home/swift/openstack #创建一个目录来存放 cd /home/swift/openstack git clone https://github.com/openstack/swift.git #下载swift cd swift git checkout 1.4.8 #使用1.4.8版本,在swift目录下你可以 #使用git tag命令查看有多少个版本 git clone https://github.com/openstack/keystone.git cd keystone git checkout 75a8dfe 3.在每一台Storage节点的机器中下载swift su swift #切换到swift用户 sudo mkdir /home/swift/openstack #创建一个目录来存放 cd /home/swift/openstack git clone https://github.com/openstack/swift.git #下载swift cd swift git checkout 1.4.8 #使用1.4.8版本,在swift目录下你可以 #使用git tag命令查看有多少个版本 4.在Auth (keystone)节点的机器中下载keystone和python-keystoneclient su swift #切换到swift用户 sudo mkdir /home/swift/openstack #创建一个目录来存放 cd /home/swift/openstack git clone https://github.com/openstack/keystone.git cd keystone git checkout 75a8dfe git clone https://github.com/openstack/python-keystoneclient.git cd /home/swift/openstack/python-keystoneclient
4. 安装swift和keystone以及相关依赖包(在swift用户下操作)
1.所有Storage节点上的安装 sudo apt-get --option Dpkg::Options::=--force-confold --assume-yes update sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof vim-nox curl python-mysqldb cd /home/swift/openstack/ sudo pip install -r ./swift/tools/ pip-requires #安装swift的相关依赖,这里可能需要点时间 #安装swift cd /home/swift/openstack/swift sudo python setup.py install --record file.txt #假如要删除所安装的东西需要用root用户来删除,删除方法: sudo cat file.txt | xargs rm -rf 2.Proxy节点上的安装 sudo apt-get --option Dpkg::Options::=--force-confold --assume-yes update sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof vim-nox curl python-mysqldb cd /home/swift/openstack/ sudo pip install -r ./swift/tools/ pip-requires cd /home/swift/openstack/swift sudo python setup.py install --record file.txt cd /home/swift/openstack/keystone sudo pip install -r ./tools/pip-requires sudo python setup.py install --record file.txt 3.Auth(Keystone)节点的安装 sudo apt-get --option Dpkg::Options::=--force-confold --assume-yes update sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof vim-nox curl python-mysqldb mysql-server mysql-client cd /home/swift/openstack/ sudo pip install -r ./keystone/tools/pip-requires sudo pip install -r ./ python-keystoneclient/tools/pip-requires cd /home/swift/openstack/python-keystoneclient/ sudo python setup.py install --record file.txt cd /home/swift/openstack/keystone sudo python setup.py install --record file.txt
5. Proxy节点的设置(192.168.112.129)
1.sudo apt-get install memcached #安装缓存服务器 修改/etc/ memcached.conf文件,将-l 127.0.0.1改为-l 192.168.112.129(这里我是根据我自己的情况设定的,具体原因见第一点中的图) sudo service memcached restart sudo mkdir /etc/swift cd /etc/swift sudo chown -R swift:swift /etc/swift cp /home/swift/openstack/swift/etc/proxy-server.conf /etc/swift/ cp /home/swift/openstack/swift/etc/swift.conf /etc/swift/ 2.修改/etc/swift/proxy-server.conf文件,具体内容如下,原文件中没有的项需要自行增加 [DEFAULT] bind_port = 8080 user = swift swift_dir = /etc/swift workers = 1 [pipeline:main] pipeline = healthcheck cache swift3 authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = Member,admin [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_host = 192.168.112.133 auth_port = 35357 auth_protocol = http auth_uri = http://192.168.112.133:5000/ admin_tenant_name = service admin_user = swift admin_password = admin [filter:swift3] use = egg:swift#swift3 [filter:healthcheck] use = egg:swift#healthcheck [filter:cache] use = egg:swift#memcache 192.168.112.133部分为Auth(Keystone)节点的IP 3.修改/etc/swift/swift.conf,‘cynric’部分是随意更改的,你可以根据自己的需要更改 [swift-hash] swift_hash_path_suffix = cynric 4.生成相关ring以及builder文件,使用如下命令生成,加粗部分是根据具体情况而更改的,具体原因见摘要说明里的图。每一台机器使用一个域(z1, z2, z3…依次递增) sudo chown -R swift:swift /etc/swift/* cd /etc/swift swift-ring-builder object.builder create 18 3 1 swift-ring-builder container.builder create 18 3 1 swift-ring-builder account.builder create 18 3 1 export HOST_IP=192.168.112.130 swift-ring-builder object.builder add z1-${HOST_IP}:6010/sdb1 100 swift-ring-builder container.builder add z1-${HOST_IP}:6011/sdb1 100 swift-ring-builder account.builder add z1-${HOST_IP}:6012/sdb1 100 export HOST_IP=192.168.112.131 swift-ring-builder object.builder add z2-${HOST_IP}:6010/sdb1 100 swift-ring-builder container.builder add z2-${HOST_IP}:6011/sdb1 100 swift-ring-builder account.builder add z2-${HOST_IP}:6012/sdb1 100 export HOST_IP=192.168.112.132 swift-ring-builder object.builder add z3-${HOST_IP}:6010/sdb1 100 swift-ring-builder container.builder add z3-${HOST_IP}:6011/sdb1 100 swift-ring-builder account.builder add z3-${HOST_IP}:6012/sdb1 100 swift-ring-builder object.builder rebalance swift-ring-builder container.builder rebalance swift-ring-builder account.builder rebalance 5.启动proxy服务 swift-init proxy start
6. 配置Storage节点
7. Auth(Keystone)节点的配置因为每个Storage节点的设置基本上是相似的,所以在这里只拿其中一个节点做示例(192.168.112.130),其他节点只需要重复一下几步操作就可以了
1.创建/etc/swift目录 sudo mkdir /etc/swift sudo chown -R swift:swift /etc/swift/* 2.将Proxy节点上/etc/swift/中的account.ring.gz container.ring.gz object.ring.gz swift.conf拷贝到当前存储节点(192.168.112.130) /etc/swift目录中,可使用如下命令 scp swift@192.168.112.129:/etc/swift/*.ring.gz /etc/swift/ scp swift@192.168.112.129:/etc/swift/swift.conf /etc/swift/ sudo chown -R swift:swift /etc/swift/* 3.更改/etc/rsyncd.conf文件,如果该文件不存在则需要自行创建,内容如下 uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = 127.0.0.1 #这里也可以改为192.168.112.130 [account] max connections = 2 path = /srv/node/ read only = false lock file = /var/lock/account.lock [conainer] max connections = 2 path = /srv/node/ read only = false lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = false lock file = /var/lock/object.lock 编辑/etc/default/rsync: 将RSYNC_ENABLE设置为true 更改好之后,重启该服务 sudo service rsync restart 4.存储点的设置 这里有分两种情况来设置存储点 a.假设你的系统里有一个单独分区,使用此分区来做存储点,在这里假设系统中有/dev/sdb1(注:这里根据你自己系统的情况而定)这个分区未被使用,我们用它来做存储点。 sudo mkdir -p /srv/node/sdb1 sudo mkfs.xfs -i size=1024 /dev/sdb1 #以xfs方式格式化分区 sudo chmod a+w /etc/fstab sudo echo “/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime nobarrier,logbufs=8 0 0” >> /etc/fstab #系统启动时自动挂载,这里的sdb1是一定不能改的,因为在做Proxy节点生成相应的ring文件时使用了sdb1 (swift-ring-builder object.builder add z1-${HOST_IP}:6010/sdb1 100)的时候,加入需要更改则两个地方都需要改 sudo mount /srv/node/sdb1 sudo chown -R swift:swift /srv/node/sdb1 sudo chmod a+w -R /srv/node/sdb1 b.如果系统里没有单独的分区来做存储点,则需要创建一个临时分区来做存储点 sudo mkdir -p /srv/node/sdb1 sudo dd if=/dev/zero of=/srv/swift-disk bs=1024 count=0 seek=1000000 #这个命令是在/srv/下创建一个名为swift-disk的存储区,你可以改变seek的大小来改变swift-disk的大小 sudo mkfs.xfs -i size=1024 /srv/swift-disk sudo chmod a+w /etc/fstab sudo echo “/srv/swift-disk /srv/node/sdb1 xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0” >> /etc/fstab #系统启动时自动挂载 sudo mount /srv/node/sdb1 sudo chown -R swift:swift /srv/node/sdb1 sudo chmod a+w -R /srv/node/sdb1 sudo chmod a+w /srv/swift-disk c.创建相关的目录 sudo mkdir /var/run/swift sudo chown swift:swift /var/run/swift sudo chmod a+w /var/run/swift d.在/etc/rc.local的exit 0之前加入下列三行 mkdir /var/run/swift chown swift:swift /var/run/swift chmod a+w /var/run/swift 5.Swift文件配置 创建/etc/swift/account-server.conf文件,并加入如下配置 [DEFAULT] devices = /srv/node mount_check = false bind_port = 6012 user = swift bind_ip = 0.0.0.0 workers = 2 [pipeline:main] pipeline = account-server [app:account-server] use = egg:swift#account [account-replicator] [account-auditor] [account-reaper] 创建/etc/swift/object-server.conf文件 [DEFAULT] devices = /srv/node mount_check = false bind_port = 6010 user = swift bind_ip = 0.0.0.0 workers = 2 [pipeline:main] pipeline = object-server [app:object-server] use = egg:swift#object [object-replicator] [object-updater] [object-auditor] 创建/etc/swift/ container-server.conf文件 [DEFAULT] devices = /srv/node mount_check = false bind_port = 6011 user = swift bind_ip = 0.0.0.0 workers = 2 [pipeline:main] pipeline = container-server [app:container-server] use = egg:swift#container [container-replicator] [container-updater] [container-auditor] [container-sync] 6.启动swift服务 sudo chown -R swift:swift /etc/swift/* swift-init all start #当启动的时候可能会报WARNING: Unable to increase file descriptor limit. Running as non-root? 这是正常情况
sudo mkdir /etc/keystone sudo chown -R swift:swift /etc/keystone cp -r /home/swift/openstack/keystone/etc/* /etc/keystone 1.修改/etc/keystone/keystone.conf文件 将connection = sqlite:///keystone.db更改为 connection = mysql://keystone:keystone@127.0.0.1/keystone 将[identity]下的driver设置成如下 driver = keystone.identity.backends.sql.Identity 将[catalog]下的driver设置成如下 driver = keystone.catalog.backends.sql.Catalog 其他的保持不变即可 2.Mysql的设置 mysql -u root -p #以root身份登录mysql数据库 在数据库中做如下操作 CREATE DATABASE keystone; GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; commit; 修改/etc/mysql/my.conf文件 将bind-address = 127.0.0.1改为bind-address = 0.0.0.0 重启mysql服务 sudo service mysql restart 3.同步数据库创建相应的数据库表 keystone-manage db_sync #执行成功之后,在mysql的keystone数据库中将会创建一下表,你可以登 陆数据库查看 +------------------------+ | Tables_in_keystone | +------------------------+ | ec2_credential | | endpoint | | metadata | | migrate_version | | role | | service | | tenant | | token | | user | | user_tenant_membership | +------------------------+ 4.创建相应的keystone用户以及keystone服务端点 #!/usr/bin/env bash ADMIN_PASSWORD=admin ENABLE_SWIFT=1 ENABLE_ENDPOINTS=1 KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf} SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD} # Extract some info from Keystone's configuration file if [[ -r "$KEYSTONE_CONF" ]]; then CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2) CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2) fi export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN} if [[ -z "$SERVICE_TOKEN" ]]; then echo "No service token found." echo "Set SERVICE_TOKEN manually from keystone.conf admin_token." exit 1 fi export SERVICE_ENDPOINT=${SERVICE_ENDPOINT:-http://127.0.0.1:${CONFIG_ADMIN_PORT:-35357}/v2.0} function get_id () { echo `"$@" | grep ' id ' | awk '{print $4}'` } # Tenants ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) SERVICE_TENANT=$(get_id keystone tenant-create --name=service) DEMO_TENANT=$(get_id keystone tenant-create --name=demo) # Users ADMIN_USER=$(get_id keystone user-create --name=admin \ --pass="$ADMIN_PASSWORD" \ --email=admin@example.com) DEMO_USER=$(get_id keystone user-create --name=demo \ --pass="$ADMIN_PASSWORD" \ --email=admin@example.com) # Roles ADMIN_ROLE=$(get_id keystone role-create --name=admin) MEMBER_ROLE=$(get_id keystone role-create --name=Member) KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin) # Add Roles to Users in Tenants keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT # TODO(termie): these two might be dubious keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT # Services KEYSTONE_SERVICE=$(get_id \ keystone service-create --name=keystone \ --type=identity \ --description="Keystone Identity Service") if [[ -n "$ENABLE_ENDPOINTS" ]]; then keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE \ --publicurl 'http://localhost:$(public_port)s/v2.0' \ --adminurl 'http://localhost:$(admin_port)s/v2.0' \ --internalurl 'http://localhost:$(admin_port)s/v2.0' fi if [[ -n "$ENABLE_SWIFT" ]]; then SWIFT_SERVICE=$(get_id keystone service-create --name=swift \ --type="object-store" \ --description="Swift Service") SWIFT_USER=$(get_id keystone user-create --name=swift \ --pass="$SERVICE_PASSWORD" \ --tenant_id $SERVICE_TENANT \ --email=swift@example.com) keystone user-role-add --tenant_id $SERVICE_TENANT \ --user $SWIFT_USER \ --role $ADMIN_ROLE keystone endpoint-create --region RegionOne --service_id $SWIFT_SERVICE \ --publicurl 'http://192.168.112.129:8080/v1/AUTH_$(tenant_id)s' \ --adminurl 'http://192.168.112.129:8080/' \ --internalurl 'http://192.168.112.129:8080/v1/AUTH_$(tenant_id)s' fi 将以上shell代码拷贝到一个文件中,然后执行(在Auth(Keystone)主机中)。 其创建了以下主要关系的数据: Tenant User Roles password ----------------------------------------------------------- admin admin admin admin service swift admin admin demo admin admin admin demo demo Member,sysadmin admin
注意:在创建swift的endpoint时,各个url所指向的必须是Proxy节点, 例如上面IP地址(192.168.112.129)。如果有多个Proxy节点则需要加入多个endpoint。
8. 开启各个节点的服务(swift用户下操作)
9. 验证与使用Proxy节点:swift-init proxy start
各个Storage节点:swift-init all start
Auth(Keystone)节点:
sudo screen -S keystone #创建一个名为keystone的临时终端,这样 可以隐藏多余的打印信息
su swift #切换到swift用户
keystone-all #这里会输出很多信息,调试的时候可以用到
迅速按下Ctrl+a Ctrl+d键,此时会返回类似于这样的信息[detached from 4334.key],记住红色部分的编号,要想恢复原来keystone临时终 端时可以使用命令:sudo screen -r 4334
a. 验证整个存储架构是否成功(在Proxy节点上或者安装了swift的节点上操作)
swift -A http://192.168.112.133:5000/v2.0 -U admin -K admin stat -V 2
执行成功会返回类似如下的信息:
Account:AUTH_308722b8cc8747a5afdd9b7b1f6155e8
Containers:0
Objects:0
Bytes:0
Accept-Ranges:bytes
b. 用curl测试
curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://192.168.112.133:35357/v2.0/tokens | python -mjson.tool