系统: ubuntu 12.04 desktop LTS
控制节点 (Control node:server1):192.168.8.44(200G的主分区+ 10G的Swap分区 + 200G + 200G)
注:其中200G用于nova-volumes,另外200G用于swift
计算节点 (Compute node:server2):192.168.8.10
待12.04的UbuntuOS安装完毕后 ,使用下列命令安装ssh并更新系统:
sudo apt-get install ssh
sudo apt-get update
sudo apt-get upgrade
安装网桥工具bridge-utils:
二.配置网络
1) 编辑/etc/network/interfaces文件,如下所示:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.8.44
netmask 255.255.255.0
broadcast 192.168.8.255
gateway 192.168.8.254
dns-nameservers 202.120.2.101
2)重启网络:
sudo /etc/init.d/networking restart
三.NTP服务器
安装NTP软件包。这个时间服务器将为所有节点提供支持。OpenStack所有组件的时间都必须同步,于是我们就在Server1上安装NTP服务并且让其他服务器或节点与之保持同步。
sudo apt-get install ntp
译者注:NTP(Network Time Protocol),是用来使计算机时间同步化的一种协议,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化,它可以提供高精准度的时间校正(LAN上与标准间差小于1毫秒,WAN上几十毫秒),且可介由加密确认的方式来防止恶毒的协议攻击。[来源:百度百科]
打开文件/etc/ntp.conf增加以下三行内容,目的是让本服务器时间与外部服务器时间同步。如果不能访问外网,NTP服务器将使用本机硬件时钟作为第二选择。
server ntp.ubuntu.com
server 127.127.1.0
fudge 127.127.1.0 stratum 10
然后重启NTP使配置生效:
sudo service ntp restart
请确保服务器IP地址可以被DNS解析。如果不能,则在/etc/hosts文件中手工加入。
四.安装数据库
安装mysql-server和python-mysqldb包:
sudo apt-get install mysql-server python-mysqldb
为mysql创建root密码,在此使用"123456”。随后编辑mysql配置文件/etc/mysql/my.cnf,将绑定地址从127.0.0.1改为0.0.0.0,如下所示:
bind-address = 0.0.0.0
重启MySQL服务器让其开始监听所有端口:
sudo restart mysql
创建数据库
我们将要为nova、glance和keystone创建很多东东,各种数据库、表及用户。话音未落,这就开始了:
创建名为“nova”的数据库:
sudo mysql -uroot -p123456 -e 'CREATE DATABASE nova;'(mysql每句语句结束需要用”;“)
新建一个用户,名为“novadbadmin”:
sudo mysql -uroot -p123456 -e 'CREATE USER novadbadmin;'
授予novadbadmin用户nova数据库全部权限:
sudo mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%';"
(%代表任何非本地主机,localhost代表本机)
sudo mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'localhost';"
为novadbadmin同志创建密码(译者注:密码是nova,后文类似之处不多言,请详见命令):
sudo mysql -uroot -p123456 -e "SET PASSWORD FOR 'novadbadmin'@'%' = PASSWORD('nova');"
sudo mysql -uroot -p123456 -e "SET PASSWORD FOR 'novadbadmin'@'localhost' = PASSWORD('nova');
Glance登场,还是重复刚才的道道,首先创建一个名为glance的数据库:
sudo mysql -uroot -p123456 -e 'CREATE DATABASE glance;'
然后为这个新建的数据库添加一个用户“glancedbadmin”:
sudo mysql -uroot -p123456 -e 'CREATE USER glancedbadmin;'
接着,光荣授予他本数据库的全部权限:
sudo mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%';"
sudo mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'localhost';"
是的,最后一步,为该用户分配密码:
sudo mysql -uroot -p123456 -e "SET PASSWORD FOR 'glancedbadmin'@'%' = PASSWORD('glance');"
sudo mysql -uroot -p123456 -e "SET PASSWORD FOR 'glancedbadmin'@'localhost' = PASSWORD('glance');"
很烦的,keystone出场了。刚才的大循环,至此开始演绎第三遍:
sudo mysql -uroot -p123456 -e 'CREATE DATABASE keystone;'
sudo mysql -uroot -p123456 -e 'CREATE USER keystonedbadmin;'
sudo mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%';"
sudo mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'localhost';"
sudo mysql -uroot -p123456 -e "SET PASSWORD FOR 'keystonedbadmin'@'%' = PASSWORD('keystone')"
sudo mysql -uroot -p123456 -e "SET PASSWORD FOR 'keystonedbadmin'@'localhost' = PASSWORD('keystone')"
五.keystone
Keystone是OpenStack的认证服务。使用以下命令进行安装:
sudo apt-get install keystone python-keystone python-keystoneclient
打开/etc/keystone/keystone.conf文件,将这一行:
admin_token = ADMIN
改为:
admin_token = admin
(本教程中我们将一直使用admin作为令牌)
本例中,我们使用MySQL来存储keystone配置,则将 /etc/keystone/keystone.conf中的这句配置:
connection = sqlite:var/lib/keystone/keystone.db
换成:
connection = mysql://keystonedbadmin:keystone@192.168.8.44/keystone
然后,重启Keystone:
sudo service keystone restart
接着,执行以下命令同步数据库:
sudo keystone-manage db_sync
Q:sqlalchemy.exc.OperationalError: (OperationalError) (2003, "Can't connect to MySQL server on '192.16.......
S: the service mysql may not be opened
service mysql restart
最后,有些环境变量是OpenStack运行所必须的:
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=admin
创建租间
使用以下命令创建两个租间,admin和service:
keystone tenant-create --name admin
keystone tenant-create --name service
Q: Expecting authentication method via either a service token, --token or env[SERVICE_TOKEN], or .....
S:
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=admin
创建用户
执行以下命令,创建四个用户admin、nova、glance及swift:
keystone user-create --name admin --pass admin --email admin@foobar.com
keystone user-create --name nova --pass nova --email nova@foobar.com
keystone user-create --name glance --pass glance --email glance@foobar.com
keystone user-create --name swift --pass swift --email swift@foobar.com
创建角色
使用命令创建两个角色,admin和Member(译者注:注意是大写M):
keystone role-create --name admin
keystone role-create --name Member
查看租间、用户和角色
刚才建立的租间、用户和角色可以通过如下命令进行查看:
keystone tenant-list
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| 7f95ae9617cd496888bc412efdceabfd | admin | True |
| c7970080576646c6959ee35970cf3199 | service | True |
+----------------------------------+--------------------+---------+
用户列表:
keystone user-list
+----------------------------------+---------+-------------------+--------+
| id | enabled | email | name |
+----------------------------------+---------+-------------------+--------+
| 1b986cca67e242f38cd6aa4bdec587ca | True | swift@foobar.com | swift |
| 518b51ea133c4facadae42c328d6b77b | True | glance@foobar.com | glance |
| b3de3aeec2544f0f90b9cbfe8b8b7acd | True | admin@foobar.com | admin |
| ce8cd56ca8824f5d845ba6ed015e9494 | True | nova@foobar.com | nova |
+----------------------------------+---------+-------------------+--------+
角色列表:
keystone role-list
+----------------------------------+----------------------+
| id | name |
+----------------------------------+----------------------+
| 2bbe305ad531434991d4281aaaebb700 | admin |
| d983800dd6d54ee3a1b1eb9f2ae3291f | Member |
+----------------------------------+----------------------+
为特定租间中的用户绑定角色
现在我们先为刚刚创建的用户绑定角色,通过如下命令格式可以将特定租间中的特定用户增加角色(译者注:仅是命令格式,随后才是真正执行的命令):
keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID
其中id字段可以通过keystone user-list,keystone role-list和keystone tenant-list命令获得。
下面开始为“admin”租间中的“admin”用户绑定“admin”角色:
keystone user-role-add --user b3de3aeec2544f0f90b9cbfe8b8b7acd --role 2bbe305ad531434991d4281aaaebb700 --tenant_id 7f95ae9617cd496888bc412efdceabfd
接着执行如下命令,为“service”租间中的“nova”、“glance”、“swift”用户绑定“admin”角色:
keystone user-role-add --user ce8cd56ca8824f5d845ba6ed015e9494 --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199
keystone user-role-add --user 518b51ea133c4facadae42c328d6b77b --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199
keystone user-role-add --user 1b986cca67e242f38cd6aa4bdec587ca --role 2bbe305ad531434991d4281aaaebb700 --tenant_id c7970080576646c6959ee35970cf3199
为"admin"租间里的"swift"用户绑定“Member”角色即可,所以相应地执行如下命令:
keystone user-role-add --user 1b986cca67e242f38cd6aa4bdec587ca --role d983800dd6d54ee3a1b1eb9f2ae3291f --tenant_id 7f95ae9617cd496888bc412efdceabfd
创建服务
至此,我们该创建授权用户可以享用的服务了,命令格式如下:
keystone service-create --name service_name --type service_type --description 'Description of the service'
安装上述格式,创建nova-compute、nova-volume、glance、swift、keystone及ec2服务:
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name volume --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name swift --type object-store --description 'OpenStack Storage Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'
keystone service-create --name ec2 --type ec2 --description 'EC2 Service'
刚才创建的每个服务都拥有唯一的id,要查看服务id,使用如下命令即可:
keystone service-list
+----------------------------------+----------+--------------+----------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+----------------------------+
| 1e93ee6c70f8468c88a5cb1b106753f3 | nova | compute | OpenStack Compute Service |
| 28fd92ffe3824004996a3e04e059d875 | ec2 | ec2 | EC2 Service |
| 7d4ec192dfa1456996f0f4c47415c7a7 | keystone | identity | OpenStack Identity Service |
| 96f35e1112b143e59d5cd5d0e6a8b22d | swift | object-store | OpenStack Storage Service |
| f38f4564ff7b4e43a52b2f5c1b75e5fa | volume | volume | OpenStack Volume Service |
| fbafab6edcab467bb734380ce6be3561 | glance | image | OpenStack Image Service |
+----------------------------------+----------+--------------+----------------------------+
这些id将被用于定义所属服务的入口(endpoint)。
创建入口
创建服务入口的命令格式是:
keystone endpoint-create --region region_name --service_id service_id --publicurl public_url --adminurl admin_url --internalurl internal_url
使用如下命令创建nova-compute入口:
keystone endpoint-create --region myregion --service_id 1e93ee6c70f8468c88a5cb1b106753f3 --publicurl 'http://192.168.8.44:8774/v2/$(tenant_id)s' --adminurl 'http://192.168.8.44:8774/v2/$(tenant_id)s' --internalurl 'http://192.168.8.44:8774/v2/$(tenant_id)s'
使用如下命令创建nova-volume入口:
keystone endpoint-create --region myregion --service_id f38f4564ff7b4e43a52b2f5c1b75e5fa --publicurl 'http://192.168.8.44:8776/v1/$(tenant_id)s' --adminurl 'http://192.168.8.44:8776/v1/$(tenant_id)s' --internalurl 'http://192.168.8.44:8776/v1/$(tenant_id)s'
使用如下命令创建glance入口:
keystone endpoint-create --region myregion --service_id fbafab6edcab467bb734380ce6be3561 --publicurl 'http://192.168.8.44:9292/v1' --adminurl 'http://192.168.8.44:9292/v1' --internalurl 'http://192.168.8.44:9292/v1'
使用如下命令创建swift入口:
keystone endpoint-create --region myregion --service_id 96f35e1112b143e59d5cd5d0e6a8b22d --publicurl 'http://192.168.8.44/v1/AUTH_$(tenant_id)s' --adminurl 'http://192.168.8.44:8080/v1' --internalurl 'http://192.168.8.44:8080/v1/AUTH_$(tenant_id)s'
使用如下命令创建keystone入口:
keystone endpoint-create --region myregion --service_id 7d4ec192dfa1456996f0f4c47415c7a7 --publicurl http://192.168.8.44:5000/v2.0 --adminurl http://192.168.8.44:35357/v2.0 --internalurl http://192.168.8.44:5000/v2.0
使用如下命令创建ec2入口:
keystone endpoint-create --region myregion --service_id 28fd92ffe3824004996a3e04e059d875 --publicurl http://192.168.8.44:8773/services/Cloud --adminurl http://192.168.8.44:8773/services/Admin --internalurl http://192.168.8.44:8773/services/Cloud
使用以下命令安装glance:
sudo apt-get install glance glance-api glance-client glance-common glance-
registry python-glance
配置Glance服务
Glance默认使用SQLite,MySQL或PostgreSQL也可以很好地与Glance工作。
打开 /etc/glance/glance-api-paste.ini文件并在末尾编辑如下内容:
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
这些值需要用刚才我们安装中的实际值进行替换,admin_tenant_name应该是“service”,admin_user这里是“glance”、admin_password是“glance”。
编辑完这三行应该是如下的样子:
admin_tenant_name = service
admin_user = glance
admin_password = glance
接着再打开 /etc/glance/glance-registry-paste.ini文件,也如上述操作一样在文件尾部进行同样的编辑。
然后,修改glance数据库连接为MySQL,编辑 /etc/glance/glance-registry.conf,找到“sql_connection =”这句作如下修改:
sql_connection = mysql://glancedbadmin:glance@192.168.8.44/glance
紧接着还是这份文件,在底部增加如下设置,目的是让glance使用keystone授权:
[paste_deploy]
flavor = keystone
打开 /etc/glance/glance-api.conf文件,在文件末尾增加如下配置:
[paste_deploy]
flavor = keystone
在MySQL数据库中创建glance schema,进行同步:
sudo glance-manage version_control 0
sudo glance-manage db_sync
上述改动全部完成后,重启glance-api和glance-registry服务:
sudo restart glance-api
sudo restart glance-registry
设置如下环境变量,你也可以将其写入 ~/.bashrc中:
export SERVICE_TOKEN=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT=http://localhost:35357/v2.0
现在我们可以使用这个命令来测试glance是否正确安装:
glance index
Q:Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication required
S:
run the export phases above
如果这条命令没有返回任何结果,则说明glance已经正确安装完毕,并与Keystone正常通信。若是稍微探究一下的话,上述命令其实有返回值,正确安装情况下的返回值是0,可以使用echo $?进行查看。
在Glance正确配置且使用keystone作为授权机制后,我们便可以上传镜像到glance了,相关内容详见后文中的“镜像管理(Image Management)”。
七.Nova
先使用如下命令安装nova及其相关组件:
sudo apt-get install nova-api nova-cert nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-volume rabbitmq-server novnc nova-consoleauth
配置Nova
以如下配置为例,编辑nova主配文件 /etc/nova/nova.conf:
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/run/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=192.168.8.44
--ec2_host=192.168.8.44
--rabbit_host=192.168.8.44
--cc_host=192.168.8.44
--nova_url=http://192.168.8.44:8774/v1.1/
--routing_source_ip=192.168.8.44
--glance_api_servers=192.168.8.44:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.4
--sql_connection=mysql://novadbadmin:nova@192.168.8.44/nova
--ec2_url=http://192.168.8.44:8773/services/Cloud
--keystone_ec2_url=http://192.168.8.44:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
--libvirt_type=kvm
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
# vnc specific configuration
--novnc_enabled=true
--novncproxy_base_url=http://192.168.8.44:60
--vncserver_proxyclient_address=192.168.8.44
--vncserver_listen= 192.168.8.44
# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth0;只有一个网卡,该为eth0
--flat_network_bridge=br100
--fixed_range=192.168.4.1/27
--floating_range=192.168.8.44/27
--network_size=32
--flat_network_dhcp_start=192.168.4.33
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose
创建一个物理卷:
sudo pvcreate /dev/sda6
创建一个名为“nova-volumnes”的卷组:
sudo vgcreate nova-volumes /dev/sda6
修改 /etc/nova文件夹的属主及 /etc/nova/nova.conf文件的访问权限:
sudo chown -R nova:nova /etc/nova
sudo chmod 644 /etc/nova/nova.conf
进入 /etc/nova/api-paste.ini文件,找到末尾三行:
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
用之前创建的名字进行替换(译者注:和Glance如出一辙,只是这次是nova),编辑完毕如下所示:
admin_tenant_name = service
admin_user = nova
admin_password = nova
仍然在MySQL数据库进行同步:
sudo nova-manage db sync
可能输出:
2012-07-04 17:49:29 DEBUG nova.utils [-] backend from (pid=1302) __get_backend /usr/lib/python2.7/dist-packages/nova/utils.py:658
2012-07-04 17:50:46 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:639: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated. Use event.listen().
Pool.__init__(self, creator, **kw)
2012-07-04 17:50:46 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:145: SADeprecationWarning: Pool.add_listener is deprecated. Use event.listen()
self.add_listener(l)
2012-07-04 17:50:46 AUDIT nova.db.sqlalchemy.fix_dns_domains [-] Applying database fix for Es*** dns_domains table.
为实例提供IP池:
sudo nova-manage network create private --fixed_range_v4=192.168.4.32/27 --num_networks=1 --bridge=br100 --bridge_interface=eth0 --network_size=32
输出环境变量:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL="http://localhost:5000/v2.0/"
重启nova服务:
sudo restart libvirt-bin; sudo restart nova-network; sudo restart nova-compute; sudo restart nova-api; sudo restart nova-objectstore; sudo restart nova-scheduler; sudo restart nova-volume; sudo restart nova-consoleauth;
执行下列命令测试nova是否正确安装:
sudo nova-manage service list
2012-07-04 17:53:20 DEBUG nova.utils [req-054484fc-ba70-494a-b932-b1760592096b None None] backend from (pid=1683) __get_backend /usr/lib/python2.7/dist-packages/nova/utils.py:658
Binary Host Zone Status State Updated_At
nova-consoleauth server1 nova enabled :-) 2012-07-04 09:53:16
nova-compute server1 nova enabled :-) 2012-07-04 09:53:10
nova-scheduler server1 nova enabled :-) 2012-07-04 09:53:17
nova-network server1 nova enabled :-) 2012-07-04 09:53:17
若所有组件都是微笑,说明nova已经正确安装完毕。
八.openstack管理面板
执行下列命令安装管理面板:
sudo apt-get install openstack-dashboard
重启Apache:
sudo service apache2 restart
九.安装swift
安装Swift
最重要的部分是swift的代理、账户、容器及对象服务器:
sudo apt-get install swift swift-proxy swift-account swift-container swift-object
随后安装一些支持组件,xfsprogs(支持XFS文件系统)、python.pastedeploy(访问keystone)和curl(测试swift):
sudo apt-get install xfsprogs curl python-pastedeploy
Swift存储端
有两种方法来创建或制备存储端,一种是采用现有的分区或卷作为存储设备,另一种是创建环回文件(Loopback file)并将当做存储设备。安装时,两种方式自选。
1. 分区作为存储设备
如果在安装OS时为Swift预留了一个分区,你就可以直接使用它。如果该分区没有使用过或仍是空闲空间(比如 /dev/sdb3),就应该把它格式化为xfs文件系统,接着编辑 /etc/fstab中该分区的挂载点(注意:请根据实际情况选择你自定的设备,本教程假定手头未使用也没分区的空闲空间在 /dev/sdb上):
sudo fdisk /dev/sdb
Type n for new partition
Type e for extended partion
Choose appropriate partition number ( or go with the default )
Choose first and last sectors to set the hard disk size (or go with defaults)
Note that 83 is the partition type number for Linux
Type w to write changes to the disk
上述命令将创建一个譬如 /dev/sdb3的分区,接着我们便将其格式化为XFS。记得格式化前要先使用命令“sudo fdisk -l”查看当前分区表,确定系统列出的分区含有你即将格式化的目标分区。最后,如果刚才xfsprogs成功安装的话,我们才能够使用以下命令:
sudo mkfs.xfs -i size=1024 /dev/sdb3
创建一个该分区的挂载点,并命名为“swift_backend”:
sudo mkdir /mnt/swift_backend
紧接着编辑 /etc/fstab文件写入如下内容以便系统启动时自动加载这个分区:
/dev/sdb3 /mnt/swift_backend xfs noatime,nodiratime,nobarrier,logbufs=8 0 0
2. 环回文件作为存储设备
创建一个空文件作为Swift存储的环回设备,在这里我们使用disk copy命令创建它并命名为swift-disk,还将为其分配1G的磁盘空间。如果空间不够,可以通过改变seek值来增加空间。随后格式化为XFS:
sudo dd if=/dev/zero of=/srv/swift-disk bs=1024 count=0 seek=1000000
sudo mkfs.xfs -i size=1024 /srv/swift-disk
file /srv/swift-disk
swift-disk1: SGI XFS filesystem data (blksz 4096, inosz 1024, v2 dirs)
创建挂载点:
sudo mkdir /mnt/swift_backend
写入 /etc/fstab:
/srv/swift-disk /mnt/swift_backend xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0
3. 使用存储
挂载存储分区前,需要创建一些设备节点并设置其属主和主群为“Swift”:
sudo mount /mnt/swift_backend
pushd /mnt/swift_backend
sudo mkdir node1 node2 node3 node4
popd
sudo chown swift.swift /mnt/swift_backend/*
for i in {1..4}; do sudo ln -s /mnt/swift_backend/node$i /srv/node$i; done;
sudo mkdir -p /etc/swift/account-server /etc/swift/container-server /etc/
swift/object-server /srv/node1/device /srv/node2/device /srv/node3/device /srv/node4/device
sudo mkdir /run/swift
sudo chown -L -R swift.swift /etc/swift /srv/node[1-4]/ /run/swift
为了在系统启动时启动Swift服务,需要把如下两行命令写入 /etc/rc.local里,位置在“exit 0;”之前:
sudo mkdir /run/swift
sudo chown swift:swift /run/swift
配置远程备份
Rsync用来维护对象副本,许多swift服务都使用它保持对象一致性及进行更新操作。所有存储节点都将享用此配置:
首先编辑 /etc/default/rsync文件:
Set RSYNC_ENABLE=true
# General stuff
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /run/rsyncd.pid
address = 127.0.0.1
# Account Server replication settings
[account6012]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/account6012.lock
[account6022]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/account6022.lock
[account6032]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/account6032.lock
[account6042]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/account6042.lock
# Container server replication settings
[container6011]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/container6011.lock
[container6021]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/container6021.lock
[container6031]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/container6031.lock
[container6041]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/container6041.lock
# Object Server replication settings
[object6010]
max connections = 25
path = /srv/node1/
read only = false
lock file = /run/lock/object6010.lock
[object6020]
max connections = 25
path = /srv/node2/
read only = false
lock file = /run/lock/object6020.lock
[object6030]
max connections = 25
path = /srv/node3/
read only = false
lock file = /run/lock/object6030.lock
[object6040]
max connections = 25
path = /srv/node4/
read only = false
lock file = /run/lock/object6040.lock
最后重新启动服务完成rsync配置:
sudo service rsync restart
创建并编辑 /etc/swift/swift.conf文件,并写入如下配置:
[swift-hash]
# random unique string that can never change (DO NOT LOSE). I'm using 03c9f48da2229770.
# od -t x8 -N 8 -A n < /dev/random
# The above command can be used to generate random a string.
swift_hash_path_suffix = 03c9f48da2229770
特别的,当建立更多的节点时,你需要记住随机串。不要照抄本例,请通过以下命令生成自己的随机字符串:
1. 配置Swift代理服务器
代理服务器是swift的门卫,它的职责是检测合法性。它将审查:一、请求是否伪造,二、请求使用资源的用户身份。具体操作由keystone之类的认证服务器来协助完成。
创建并编辑 /etc/swift/proxy-server.conf并增加如下内容:
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
[pipeline:main]
# Order of execution of modules defined below
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
set log_name = swift-proxy
set log_facility = LOG_LOCAL0
set log_level = INFO
set access_log_name = swift-proxy
set access_log_facility = SYSLOG
set access_log_level = INFO
set log_headers = True
account_autocreate = True
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cache]
use = egg:swift#memcache
set log_name = cache
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_protocol = http
auth_host = 127.0.0.1
auth_port = 35357
auth_token = admin
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
admin_token = admin
admin_tenant_name = service
admin_user = swift
admin_password = swift
delay_auth_decision = 0
[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, swiftoperator
is_admin = true
注意:可以使用apt-get安装swift-doc软件包,安装后许多文档都收录在/usr/share/doc/swift-doc/html下,本配置样例也是如此。
2. 配置Swift账户服务器
默认swift容器服务配置文件为 /etc/swift/account-server.conf:
[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]
所有的account server配置文件都在 /etc/swift/account-server目录中。与 /srv里的设备相对应,我们创建1.conf、2.conf等等文件,并将它们放到/etc/swift/account-server/下。以下是/etc/swift/account-server/1.conf配置文件的内容:
[DEFAULT]
devices = /srv/node1
mount_check = false
bind_port = 6012
user = swift
log_facility = LOG_LOCAL2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
vm_test_mode = no
[account-auditor]
[account-reaper]
对其它设备也是如此,比如/srv/node2、/srv/node3、/srv/node4等,我们分别创建2.conf,3.conf和4.conf与之对应。现在利用1.conf进行复制生成其余文件,并一一设置唯一的绑定端口及本地日志值:
sudo cp /etc/swift/account-server/1.conf /etc/swift/account-server/2.conf
sudo cp /etc/swift/account-server/1.conf /etc/swift/account-server/3.conf
sudo cp /etc/swift/account-server/1.conf /etc/swift/account-server/4.conf
sudo sed -i ‘s/6012/6022/g;s/LOCAL2/LOCAL3/g;s/node1/node2/g’ /etc/swift/account-server/2.conf
sudo sed -i ‘s/6012/6032/g;s/LOCAL2/LOCAL4/g;s/node1/node3/g’ /etc/swift/account-server/3.conf
sudo sed -i ‘s/6012/6042/g;s/LOCAL2/LOCAL5/g;s/node1/node4/g’ /etc/swift/account-server/4.conf
3. 配置Swift容器服务器
默认swift容器服务配置文件为 /etc/swift/container-server.conf:
[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
与account-server类似,我们同样创建 /etc/swift/container-server/1.conf等等文件与 /srv设备匹配,这是1.conf文件内容:
[DEFAULT]
devices = /srv/node1
mount_check = false
bind_port = 6011
user = swift
log_facility = LOG_LOCAL2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
vm_test_mode = no
[container-updater]
[container-auditor]
[container-sync]
接着利用1.conf继续创建2.conf、3.conf和4.conf。并修改端口(分别是6021、6031和6041)及本地日志值(LOG_LOCAL3、LOG_LOCAL4和 LOG_LOCAL5)。
4. 配置Swift对象服务器
默认swift容器服务配置文件为 /etc/swift/object-server.conf:
[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
与account-server和container-server一样,我们同样创建 /etc/swift/object-server/1.conf等等文件与 /srv设备匹配,这是1.conf文件内容:
[DEFAULT]
devices = /srv/node1
mount_check = false
bind_port = 6010
user = swift
log_facility = LOG_LOCAL2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
vm_test_mode = no
[object-updater]
[object-auditor]
继而利用1.conf继续创建2.conf、3.conf和4.conf。并修改端口(分别是6020、6030和6040)及本地日志值(LOG_LOCAL3、LOG_LOCAL4和 LOG_LOCAL5)。
5. 配置Swift Ring服务器
Ring是swift的一个极为重要的组件,它维护着对象的真实物理位置信息,对象的副本及多种设备。创建与对象服务、容器服务和账户服务相对应的ring-builder文件:
pushd /etc/swift
sudo swift-ring-builder object.builder create 18 3 1
sudo swift-ring-builder container.builder create 18 3 1
sudo swift-ring-builder account.builder create 18 3 1
注意:执行以上命令时需要在 /etc/swift目录下。
命令中的参数指定了分区、副本和小时的数量,用来限制分区多次移动。可以参考man页面中的swift-ring-builder获取更多信息。
现在添加区域以均衡ring服务。命令格式如下:
swift-ring-builder <builder_file> add <zone>-<ip_address>:<port>/<device><weight>
执行下列命令:
sudo swift-ring-builder object.builder add z1-127.0.0.1:6010/device 1
sudo swift-ring-builder object.builder add z2-127.0.0.1:6020/device 1
sudo swift-ring-builder object.builder add z3-127.0.0.1:6030/device 1
sudo swift-ring-builder object.builder add z4-127.0.0.1:6040/device 1
sudo swift-ring-builder object.builder rebalance
sudo swift-ring-builder container.builder add z1-127.0.0.1:6011/device 1
sudo swift-ring-builder container.builder add z2-127.0.0.1:6021/device 1
sudo swift-ring-builder container.builder add z3-127.0.0.1:6031/device 1
sudo swift-ring-builder container.builder add z4-127.0.0.1:6041/device 1
sudo swift-ring-builder container.builder rebalance
sudo swift-ring-builder account.builder add z1-127.0.0.1:6012/device 1
sudo swift-ring-builder account.builder add z2-127.0.0.1:6022/device 1
sudo swift-ring-builder account.builder add z3-127.0.0.1:6032/device 1
sudo swift-ring-builder account.builder add z4-127.0.0.1:6042/device 1
sudo swift-ring-builder account.builder rebalance
启动Swift服务
使用以下命令启动swift和REST API:
sudo swift-init main start
sudo swift-init rest start
测试Swift
可以通过Swift命令或Horizon提供的Web管理面板测试Swift是否正确运行。
首先,将 /etc/swift目录的属主设为swift:swift:
sudo chown -R swift:swift /etc/swift
执行以下命令查看是否能得到正确的account、容器数量和存储的对象信息:
swift -v -V 2.0 -A http://127.0.0.1:5000/v2.0/ -U service:swift -K swift stat
StorageURL: http://127.0.0.1:8080/v1/AUTH_c7970080576646c6959ee35970cf3199
Auth Token: ba9df200a92d4a5088dcd6b7dcc19c0d
Account: AUTH_c7970080576646c6959ee35970cf3199
Containers: 1
Objects: 1
Bytes: 77
Accept-Ranges: bytes
X-Trans-Id: tx11c64e218f984749bc3ec37ea46280ee
问题:若member角色无法创建容器,需要修改配置文件/etc/swift/proxy-server.conf
<span style="color:#333333;">[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, <span style="color:#ff0000;">Member</span>, swiftoperator
is_admin = true</span>
1587
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
