# 在部署对象存储服务(swift)之前,你的环境必须包含身份验证服务(keystone);
# keystone需要MySQL数据库,Rabbitmq服务,Memcached服务;
# 内存:4G
# 系统:Ubuntu Server-14.04.5
# 安装方法:http://www.jianshu.com/p/9e77b3ad930a
# IP地址:192.168.10.55
# 主机名:object基本环境配置
配置主机静态IP地址
vim /etc/network/interfacesauto lo
iface lo inet loopback
auto eth0
# 将dhcp修改为static
iface eth0 inet static
# 静态IP地址
address 192.168.10.55
# 子网掩码
netmask 255.255.255.0
# 广播地址
broadcast 192.168.10.255
# 默认网关
gateway 192.168.10.2
# DNS服务器
## 谷歌DNS
dns-nameservers 8.8.8.8
## 阿里DNS
dns-nameservers 223.5.5.5重启网卡
# 关闭网卡
ifdown eth0
# 开启网卡
ifup eth0配置主机名
vim /etc/hostname# 对于不同的节点,请做出相应的修改
# 清空文件内容
# 主机名
object配置主机名解析
vim /etc/hosts# 文件内容,请视实际情况做相应的修改
192.168.10.55 object验证操作
ping -c 4 主机名
# 例如
ping -c 4 object配置Ubuntu更新源
vim /etc/apt/sources.list# 请先把文件内容清空
# 任选一组源
# 中国科学技术大学源
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.ustc.edu.cn/ubuntu/ trusty-backports main restricted universe multiverse
# 阿里云的Ubuntu-14.04源
deb http://mirrors.aliyun.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse更新系统
apt-get update && apt-get dist-upgrade添加OpenStack库
apt-get install software-properties-common
# 此处命令行会停顿,请按Enter键继续
add-apt-repository cloud-archive:mitaka安装OpenStack客户端
apt-get install python-openstackclient更新系统
# 此处为必需步骤
apt-get update && apt-get dist-upgrade重启主机
shutdown -r now
# 重启电脑后,XShell要用新的IP地址连接虚拟机
# XShell的使用方法:http://www.jianshu.com/p/ada93cba0acdMySQL服务
安装软件包
# 此处会提示用户设置数据库密码
apt-get install mariadb-server python-pymysql配置openstack.cnf
vim /etc/mysql/conf.d/openstack.cnf[mysqld]
# object节点的IP
bind-address = 192.168.10.55
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8重启mysql服务
service mysql restartmysql安全初始化
# 提示输入密码,问题推荐输入n、y、y、y、y
mysql_secure_installationRabbitmq服务
安装软件包
apt-get install rabbitmq-server添加OpenStack用户
# 此处密码为0901
rabbitmqctl add_user openstack 0901为OpenStack用户添加读、写及访问权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"Memcached服务
安装软件包
apt-get install memcached python-memcache配置memcached.conf
vim /etc/memcached.conf# object的IP地址
-l 192.168.10.55重启服务
service memcached restartkeystone的安装
进入数据库
# 提示输入数据库密码
mysql -u root -p创建keystone数据库
CREATE DATABASE keystone;赋予keystone相关权限
# 根据实际情况修改密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '0901';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '0901';退出数据库
exit生成随机值作为临时令牌(token)
# token:0c7030a400cf77890c75
# token值要与后文统一
openssl rand -hex 10禁用keystone在安装完成后自启
echo "manual" > /etc/init/keystone.override安装软件包
apt-get install keystone apache2 libapache2-mod-wsgi配置keystone.conf
vim /etc/keystone/keystone.conf[DEFAULT]
# token:0c7030a400cf77890c75
# token值要与后文统一
admin_token = 0c7030a400cf77890c75
[database]
# 注释掉原connection
# 根据实际情况修改密码
connection = mysql+pymysql://keystone:0901@object/keystone
# 在第1987行
[token]
provider = fernet同步keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone初始化Fernet键
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone配置apache2.conf
vim /etc/apache2/apache2.conf# 在文件前面添加该项
ServerName object新建并配置wsgi-keystone.conf
vim /etc/apache2/sites-available/wsgi-keystone.confListen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>使apache支持虚拟机的身份认证服务
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled重启appache服务
service apache2 restart删除SQLite数据库文件
rm -f /var/lib/keystone/keystone.db配置身份验证令牌
# token值要与前文统一
export OS_TOKEN=0c7030a400cf77890c75配置Endpoint的URL
export OS_URL=http://object:35357/v3配置API版本
export OS_IDENTITY_API_VERSION=3创建identity服务实体
# 执行结果为表格
openstack service create --name keystone --description "OpenStack Identity" identity创建identity服务endpoint
# 执行结果为表格
openstack endpoint create --region RegionOne identity public http://object:5000/v3
openstack endpoint create --region RegionOne identity internal http://object:5000/v3
openstack endpoint create --region RegionOne identity admin http://object:35357/v3创建一个默认的domain
# 执行结果为表格
openstack domain create --description "Default Domain" default创建一个admin project
# 执行结果为表格
openstack project create --domain default --description "Admin Project" admin创建一个admin user
# 此处会提示用户设置用户密码
# 执行结果为表格
openstack user create --domain default --password-prompt admin创建一个admin role
# 执行结果为表格
openstack role create admin将role添加到admin project和admin user里面去
# 此处无输出则执行正确
openstack role add --project admin --user admin admin创建一个service project
# 执行结果为表格
openstack project create --domain default --description "Service Project" service配置keystone-paste.ini
vim /etc/keystone/keystone-paste.ini# 分别从[pipeline:public_api]、[pipeline:admin_api] and [pipeline:api_v3] 移除 admin_token_auth移除临时token
unset OS_TOKEN OS_URL作为admin管理员请求一个身份验证令牌
# 提示输入admin的密码
# 执行结果为表格
openstack --os-auth-url http://object:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue简化操作
# 将环境变量写入配置文件
# 简化每次重启主机后需加载脚本的操作
# 直接在命令行执行以下命令,再遇到需要加载脚本时就不需要执行了
echo "export OS_PROJECT_DOMAIN_NAME=default" >> /etc/profile
echo "export OS_USER_DOMAIN_NAME=default" >> /etc/profile
echo "export OS_PROJECT_NAME=admin" >> /etc/profile
echo "export OS_USERNAME=admin" >> /etc/profile
# 注意修改密码
echo "export OS_PASSWORD=0901" >> /etc/profile
echo "export OS_AUTH_URL=http://object:35357/v3" >> /etc/profile
echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile
echo "export OS_IMAGE_API_VERSION=2" >> /etc/profile重新加载配置文件
source /etc/profile请求获取令牌
openstack token issueSwift单节点安装
创建swift用户
# 此处会提示用户设置用户密码
# 执行结果为表格
openstack user create --domain default --password-prompt swift将admin role添加到swift user
# 此处无输出则正确
openstack role add --project service --user swift admin创建Object Storage服务实体
# 执行结果为表格
openstack service create --name swift --description "OpenStack Object Storage" object-store创建Object Storage服务endpoint
openstack endpoint create --region RegionOne object-store public http://object:8080/v1/AUTH_%(tenant_id)s
openstack endpoint create --region RegionOne object-store internal http://object:8080/v1/AUTH_%(tenant_id)s
openstack endpoint create --region RegionOne object-store admin http://object:8080/v1安装软件包
apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached创建swift目录
mkdir -p /etc/swift从对象存储源仓库中获取代理服务配置文件
# 耐心等待,可能获取失败
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka配置proxy-server.conf
vim /etc/swift/proxy-server.conf[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
# 从[pipeline:main]中移除tempurl和tempauth,添加authtoken和keystoneauth,请不要改变模块的顺序;
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
# 配置文件中有,但被注释掉了,直接添加即可
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
# 配置文件中有,但被注释掉了,直接添加即可
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://object:5000
auth_url = http://object:35357
memcached_servers = object:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 0901
delay_auth_decision = True
[filter:cache]
use = egg:swift#memcache
memcache_servers = object:11211磁盘模拟存储节点
# 模拟两个存储节点,每个节点2个空磁盘
# 关闭虚拟机,为我们的虚拟机添加4个10G的空磁盘;
# 虚拟机磁盘名称:sda(系统区)、sdb、sdc、sdd、sde;
# 验证检查,查看是否有以上磁盘;
ls /dev/sd*
步骤1
步骤2
步骤3
步骤4
步骤5
步骤6
步骤7
安装软件包
apt-get install xfsprogs rsync格式化空磁盘
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
mkfs.xfs /dev/sdd
mkfs.xfs /dev/sde创建挂载点目录结构
mkdir -p /srv/node/sdb
mkdir -p /srv/node/sdc
mkdir -p /srv/node/sdd
mkdir -p /srv/node/sde配置fstab(自动挂载)
vim /etc/fstab# 以下内容追加到配置文件
/dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdd /srv/node/sdd xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sde /srv/node/sde xfs noatime,nodiratime,nobarrier,logbufs=8 0 2挂载设备
mount /srv/node/sdb
mount /srv/node/sdc
mount /srv/node/sdd
mount /srv/node/sde配置rsyncd.conf
vim /etc/rsyncd.confuid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
# 本机 IP 地址
address = 192.168.10.55
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock配置开启rsync服务
vim /etc/default/rsyncRSYNC_ENABLE=true启动rsyns服务
service rsync start安装软件包
apt-get install swift swift-account swift-container swift-object获取配置文件
# 耐心等待,可能获取失败
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka配置account-server.conf
vim /etc/swift/account-server.conf[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift配置container-server.conf
vim /etc/swift/container-server.conf[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift配置object-server.conf
vim /etc/swift/object-server.conf[DEFAULT]
# 本机 IP 地址
bind_ip = 192.168.10.55
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock修改挂载点的权限
chown -R swift:swift /srv/node创建recon目录并设置权限
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift创建并分配初始化环(rings)
切换到swift目录
cd /etc/swift创建account.builder文件
# 此处无输出则正确
swift-ring-builder account.builder create 10 3 1将每个存储节点添加到环(ring)中
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6002 --device sdc --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6002 --device sde --weight 100验证操作
swift-ring-builder account.builder平衡环
swift-ring-builder account.builder rebalance切换到swift目录
cd /etc/swift创建container.builder文件
# 此处无输出则正确
swift-ring-builder container.builder create 10 3 1将每个存储节点添加到环(ring)中
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6001 --device sdc --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6001 --device sde --weight 100验证操作
swift-ring-builder container.builder平衡环
swift-ring-builder container.builder rebalance切换到swift目录
cd /etc/swift创建object.builder文件
# 此处无输出则正确
swift-ring-builder object.builder create 10 3 1将每个存储节点添加到环(ring)中
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.10.55 --port 6000 --device sdc --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.10.55 --port 6000 --device sde --weight 100验证操作
swift-ring-builder object.builder平衡环
swift-ring-builder object.builder rebalance从源仓库获取swift.conf
# 耐心等待,可能获取失败
curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/mitaka配置swift.conf
vim /etc/swift/swift.conf[swift-hash]
# suffix与prefix自定义
swift_hash_path_suffix = Ben
swift_hash_path_prefix = Ben
[storage-policy:0]
name = Policy-0
default = yes设置权限
chown -R root:swift /etc/swift重启服务
service memcached restart
service swift-proxy restart
swift-init all start查看swift状态
swift stat创建容器Ben
openstack container create Ben上传测试文件到容器Ben
# 文件需要我们自行去创建
# 注意 FILENAME 的修改
openstack object create Ben FILENAME列出容器 Ben 存储的FILES
openstack object list Ben下载容器Ben存储的FILENAME
# 此处无输出则正确
openstack object save Ben FILENAME