• OpenStack学习系列之十一:安装部署对象存储swift服务


    Swift是openstack默认的存储服务,但是在生产环境中不使用它,因为swift的机制决定了它会占用很大的CPU资源
    Swift是一个高可用分布式的对象存储服务,为Nova子项目提供虚拟机镜像存储服务
     

    1.安装对象存储swift(控制节点node1)

    ---------------------------------------------#创建用户和service
    [root@node1 ~]# . admin-openrc
    [root@node1 ~]# openstack user create --domain default --password-prompt swift   # 输入密码swift
    User Password:
    Repeat User Password:
    +---------------------+----------------------------------+
    | Field               | Value                            |
    +---------------------+----------------------------------+
    | domain_id           | default                          |
    | enabled             | True                             |
    | id                  | 044c2f6e7e0947f2a7f0298e9d9f8af3 |
    | name                | swift                            |
    | options             | {}                               |
    | password_expires_at | None                             |
    +---------------------+----------------------------------+
    [root@node1 ~]# openstack role add --project service --user swift admin
    [root@node1 ~]# openstack service create --name swift --description "OpenStack Object Storage" object-store
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | OpenStack Object Storage         |
    | enabled     | True                             |
    | id          | fbdd56c3d9824ac4a366a529dee4fd76 |
    | name        | swift                            |
    | type        | object-store                     |
    +-------------+----------------------------------+
    [root@node1 ~]# openstack endpoint create --region RegionOne object-store public http://node1:8080/v1/AUTH_%\(project_id\)s
    +--------------+------------------------------------------+
    | Field        | Value                                    |
    +--------------+------------------------------------------+
    | enabled      | True                                     |
    | id           | 66ba38c8261e4380aa6dd9f94d178cc4         |
    | interface    | public                                   |
    | region       | RegionOne                                |
    | region_id    | RegionOne                                |
    | service_id   | fbdd56c3d9824ac4a366a529dee4fd76         |
    | service_name | swift                                    |
    | service_type | object-store                             |
    | url          | http://node1:8080/v1/AUTH_%(project_id)s |
    +--------------+------------------------------------------+
    [root@node1 ~]# openstack endpoint create --region RegionOne object-store internal http://node1:8080/v1/AUTH_%\(project_id\)s
    +--------------+------------------------------------------+
    | Field        | Value                                    |
    +--------------+------------------------------------------+
    | enabled      | True                                     |
    | id           | 54460569959d4ae7bead17e9737c304b         |
    | interface    | internal                                 |
    | region       | RegionOne                                |
    | region_id    | RegionOne                                |
    | service_id   | fbdd56c3d9824ac4a366a529dee4fd76         |
    | service_name | swift                                    |
    | service_type | object-store                             |
    | url          | http://node1:8080/v1/AUTH_%(project_id)s |
    +--------------+------------------------------------------+
    [root@node1 ~]# openstack endpoint create --region RegionOne object-store admin http://node1:8080/v1
    +--------------+----------------------------------+
    | Field        | Value                            |
    +--------------+----------------------------------+
    | enabled      | True                             |
    | id           | f52482fbdcf44c2cabdda1a5d21cf2ee |
    | interface    | admin                            |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | fbdd56c3d9824ac4a366a529dee4fd76 |
    | service_name | swift                            |
    | service_type | object-store                     |
    | url          | http://node1:8080/v1             |
    +--------------+----------------------------------+
    
    ---------------------------------------------#在node1上安装配置组件
    yum -y install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached
    
    # 下载配置文件并修改配置
    curl -o /etc/swift/proxy-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/proxy-server.conf-sample
    crudini --set /etc/swift/proxy-server.conf DEFAULT bind_port 8080
    crudini --set /etc/swift/proxy-server.conf DEFAULT user swift
    crudini --set /etc/swift/proxy-server.conf DEFAULT swift_dir /etc/swift
    crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server"
    crudini --set /etc/swift/proxy-server.conf app:proxy-server use egg:swift#proxy
    crudini --set /etc/swift/proxy-server.conf app:proxy-server account_autocreate True
    crudini --set /etc/swift/proxy-server.conf filter:keystoneauth use  egg:swift#keystoneauth
    crudini --set /etc/swift/proxy-server.conf filter:keystoneauth operator_roles admin,user
    crudini --set /etc/swift/proxy-server.conf filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
    crudini --set /etc/swift/proxy-server.conf filter:authtoken www_authenticate_uri  http://node1:5000
    crudini --set /etc/swift/proxy-server.conf filter:authtoken auth_url http://node1:5000
    crudini --set /etc/swift/proxy-server.conf filter:authtoken memcached_servers node1:11211
    crudini --set /etc/swift/proxy-server.conf filter:authtoken auth_type password
    crudini --set /etc/swift/proxy-server.conf filter:authtoken project_domain_id default
    crudini --set /etc/swift/proxy-server.conf filter:authtoken user_domain_id default
    crudini --set /etc/swift/proxy-server.conf filter:authtoken project_name service
    crudini --set /etc/swift/proxy-server.conf filter:authtoken username swift
    crudini --set /etc/swift/proxy-server.conf filter:authtoken password swift
    crudini --set /etc/swift/proxy-server.conf filter:authtoken delay_auth_decision True
    crudini --set /etc/swift/proxy-server.conf filter:cache use egg:swift#memcache
    crudini --set /etc/swift/proxy-server.conf filter:cache memcache_servers node1:11211

    2.安装对象存储swift(对象存储节点node4/node5,两个基点操作一样,主机IP地址配置不同)

    对象存储节点必须提供硬盘并且挂载到指定的目录中,否则会报错503,相关日志可以在对象存储节点的系统日志中看到。
    account-replicator[353135]: Skipping: /srv/node/sdd is not mounted
    # 安装组件rsync
    yum install -y xfsprogs rsync rsync-daemon
    # 创建数目存储目录并格式化硬盘
    mkdir /svc/node/sdd
    mkdir /svc/node/sde
    mkfs.xfs /dev/sdd
    mkfs.xfs /dev/sde
    # 设置开机挂载并挂载硬盘
    vi /etc/fstab
    /dev/sdd           /srv/node/sdd    xfs   noatime 0 2
    /dev/sde           /srv/node/sde    xfs   noatime 0 2
    # 挂载硬盘
    mount -a
    
    --- 配置
    crudini --set /etc/rsyncd.conf '' uid swift
    crudini --set /etc/rsyncd.conf '' gid swift
    crudini --set /etc/rsyncd.conf '' 'log file' /var/log/rsyncd.log
    crudini --set /etc/rsyncd.conf '' 'pid file' /var/run/rsyncd.pid
    crudini --set /etc/rsyncd.conf '' address 192.168.31.104   # 存储节点的IP地址
    crudini --set /etc/rsyncd.conf account  'max connections ' 2
    crudini --set /etc/rsyncd.conf account  path /srv/node/     # 存储数据目录
    crudini --set /etc/rsyncd.conf account  'read only' False
    crudini --set /etc/rsyncd.conf account  'lock file' /var/lock/account.lock
    crudini --set /etc/rsyncd.conf container 'max connections' 2
    crudini --set /etc/rsyncd.conf container path /srv/node/
    crudini --set /etc/rsyncd.conf container 'read only' False
    crudini --set /etc/rsyncd.conf container 'lock file' /var/lock/container.lock
    crudini --set /etc/rsyncd.conf object 'max connections' 2
    crudini --set /etc/rsyncd.conf object path /srv/node/
    crudini --set /etc/rsyncd.conf object 'read only' False
    crudini --set /etc/rsyncd.conf object 'lock file' /var/lock/object.lock
    ---------------------------------------------#  启动服务
    systemctl enable rsyncd.service && systemctl start rsyncd.service
    
    ---------------------------------------------# 安装OpenStack组件
    yum install -y --enablerepo powertools openstack-swift-account openstack-swift-container openstack-swift-object
    
    ---------------------------------------------# 修改组件配置
    # 下载配置文件
    curl -o /etc/swift/account-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/account-server.conf-sample
    curl -o /etc/swift/container-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/container-server.conf-sample
    curl -o /etc/swift/object-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/object-server.conf-sample
    
    # 对配置文件进行修改
    crudini --set  /etc/swift/account-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
    crudini --set  /etc/swift/account-server.conf DEFAULT bind_port 6202
    crudini --set  /etc/swift/account-server.conf DEFAULT user swift
    crudini --set  /etc/swift/account-server.conf DEFAULT swift_dir /etc/swift
    crudini --set  /etc/swift/account-server.conf DEFAULT devices /srv/node # 存储数据目录
    crudini --set  /etc/swift/account-server.conf DEFAULT mount_check True
    crudini --set  /etc/swift/account-server.conf pipeline:main pipeline 'healthcheck recon account-server'
    crudini --set  /etc/swift/account-server.conf filter:recon use egg:swift#recon
    crudini --set  /etc/swift/account-server.conf filter:recon recon_cache_path 
    ----------
    crudini --set  /etc/swift/container-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
    crudini --set  /etc/swift/container-server.conf DEFAULT bind_port 6201
    crudini --set  /etc/swift/container-server.conf DEFAULT user swift
    crudini --set  /etc/swift/container-server.conf DEFAULT swift_dir /etc/swift
    crudini --set  /etc/swift/container-server.conf DEFAULT devices /srv/node # 存储数据目录
    crudini --set  /etc/swift/container-server.conf DEFAULT mount_check True
    crudini --set  /etc/swift/container-server.conf pipeline:main pipeline  'healthcheck recon container-server'
    crudini --set  /etc/swift/container-server.conf filter:recon use egg:swift#recon
    crudini --set  /etc/swift/container-server.conf recon_cache_path /var/cache/swift
    ----------
    crudini --set  /etc/swift/object-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
    crudini --set  /etc/swift/object-server.conf DEFAULT bind_port 6200
    crudini --set  /etc/swift/object-server.conf DEFAULT user swift
    crudini --set  /etc/swift/object-server.conf DEFAULT swift_dir /etc/swift
    crudini --set  /etc/swift/object-server.conf DEFAULT devices /srv/node # 存储数据目录
    crudini --set  /etc/swift/object-server.conf DEFAULT mount_check True
    crudini --set  /etc/swift/object-server.conf pipeline:main pipeline 'healthcheck recon object-server'
    crudini --set  /etc/swift/object-server.conf filter:recon use egg:swift#recon
    crudini --set  /etc/swift/object-server.conf filter:recon recon_cache_path /var/cache/swift
    crudini --set  /etc/swift/object-server.conf filter:recon recon_lock_path /var/lock
    ----------# 配置数据目录权限
    chown -R swift:swift /srv/node
    mkdir -p /var/cache/swift
    chown -R root:swift /var/cache/swift
    chmod -R 775 /var/cache/swift

    3.创建分发(控制节点node1)

    curl -o /etc/swift/swift.conf \
      https://opendev.org/openstack/swift/raw/branch/master/etc/swift.conf-sample
    # 修改配置如下
    [swift-hash]
    ...
    swift_hash_path_suffix = 123456789
    swift_hash_path_prefix = 123456789
    
    -----------------------------#  生成文件,注意参数里面的sdd和sde必须为本地对应的文件,和挂载目录必须对应
    cd /etc/swift
    swift-ring-builder account.builder create 10 3 1    # 创建account.builder文件
    swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6202 --device sdd --weight 100
    swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6202 --device sde --weight 100
    swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6202 --device sdd --weight 100
    swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6202 --device sde --weight 100
    swift-ring-builder account.builder
    swift-ring-builder account.builder rebalance
    ---
    cd /etc/swift
    swift-ring-builder container.builder create 10 3 1  # 创建container.builder文件
    swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6201 --device sdd --weight 100
    swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6201 --device sde --weight 100
    swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6201 --device sdd --weight 100
    swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6201 --device sde --weight 100
    swift-ring-builder container.builder
    swift-ring-builder container.builder rebalance
    ---
    cd /etc/swift
    swift-ring-builder object.builder create 10 3 1 # 创建object.builder文件
    swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6200 --device sdd --weight 100
    swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6200 --device sde --weight 100
    swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6200 --device sdd --weight 100
    swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6200 --device sde --weight 100
     swift-ring-builder object.builder
     swift-ring-builder object.builder rebalance
    ---
    分发配置文件到对象存储节点node4,node5
    for i in 4 5; do scp account.ring.gz container.ring.gz object.ring.gz node$i:/etc/swift;done

    4.完成安装,在各个节点启动服务

    # 在node1上分发swift.conf到存储节点node4、node5
    for i in 4 5; do scp /etc/swift/swift.conf  node$i:/etc/swift;done
    ------# 所有节点(node1、node4、node5)修改配置文件权限
    chown -R root:swift /etc/swift
    
    # 控制节点node1启动服务
    systemctl enable openstack-swift-proxy.service memcached.service
    systemctl start openstack-swift-proxy.service memcached.service
    # 存储节点
    systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service \
      openstack-swift-account-reaper.service openstack-swift-account-replicator.service
    systemctl start openstack-swift-account.service openstack-swift-account-auditor.service \
      openstack-swift-account-reaper.service openstack-swift-account-replicator.service
    systemctl enable openstack-swift-container.service \
      openstack-swift-container-auditor.service openstack-swift-container-replicator.service \
      openstack-swift-container-updater.service
    systemctl start openstack-swift-container.service \
      openstack-swift-container-auditor.service openstack-swift-container-replicator.service \
      openstack-swift-container-updater.service
    systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service \
      openstack-swift-object-replicator.service openstack-swift-object-updater.service
    systemctl start openstack-swift-object.service openstack-swift-object-auditor.service \
      openstack-swift-object-replicator.service openstack-swift-object-updater.service

    5.在node1上验证

    . admin-openrc
    [root@node1 ~]# . admin-openrc 
    [root@node1 ~]#  swift stat
                   Account: AUTH_c827c773e36d4149a93196b371cebfd9
                Containers: 0
                   Objects: 0
                     Bytes: 0
              Content-Type: text/plain; charset=utf-8
               X-Timestamp: 1646277425.56907
           X-Put-Timestamp: 1646277425.56907
                      Vary: Accept
                X-Trans-Id: tx7195146dc9444fe5a0074-0062203331
    X-Openstack-Request-Id: tx7195146dc9444fe5a0074-0062203331
    
    # 上传文件,创建一个容器
    [root@node1 ~]# openstack container create container1
    +---------------------------------------+------------+------------------------------------+
    | account                               | container  | x-trans-id                         |
    +---------------------------------------+------------+------------------------------------+
    | AUTH_c827c773e36d4149a93196b371cebfd9 | container1 | tx0a771488be834a149f48f-00622033b7 |
    +---------------------------------------+------------+------------------------------------+
    # 删除文件到对象存储中
    [root@node1 ~]# openstack object create container1 cirros-0.4.0-x86_64-disk.img 
    +------------------------------+------------+----------------------------------+
    | object                       | container  | etag                             |
    +------------------------------+------------+----------------------------------+
    | cirros-0.4.0-x86_64-disk.img | container1 | 443b7623e27ecf03dc9e01ee93f67afe |
    +------------------------------+------------+----------------------------------+
    # 查询对象存在红的文件
    [root@node1 ~]# openstack object list container1
    +------------------------------+
    | Name                         |
    +------------------------------+
    | cirros-0.4.0-x86_64-disk.img |
    +------------------------------+
    # 将文件下载到本地
    [root@node1 ~]# openstack object save container1 cirros-0.4.0-x86_64-disk.img
    登录Dashboard也可以看到对象存储和刚刚上传的文件,也可以通过Dashboard来上传和下载文件。如果没有对象存储菜单,退出后重新登录或者重启http服务

  • 相关阅读:
    TensorflowJS 教程
    理解TCP序列号(Sequence Number)和确认号(Acknowledgment Number)
    Wireshark 过滤 基本语法
    LSTM如何解决梯度消失或爆炸的?
    K-Means ++ 和 kmeans 区别
    LSTM UEBA异常检测——deeplog里其实提到了,就是多分类LSTM算法,结合LSTM预测误差来检测异常参数
    python 多进程练习 调用 os.system命令
    TLS 改变密码标准协议(Change Cipher Spec Protocol) 就是加密传输中每隔一段时间必须改变其加解密参数的协议
    ssl tls 证书链 根证书和叶证书查询
    TLS与SSL之间关系——SSL已经被IEFT组织废弃,你可以简单认为TLS是SSL的加强版
  • 原文地址:https://www.cnblogs.com/djoker/p/15955661.html
Copyright © 2020-2023  润新知