OpenStack学习系列之十一:安装部署对象存储swift服务
Swift是openstack默认的存储服务,但是在生产环境中不使用它,因为swift的机制决定了它会占用很大的CPU资源
Swift是一个高可用分布式的对象存储服务,为Nova子项目提供虚拟机镜像存储服务
1.安装对象存储swift(控制节点node1)
---------------------------------------------#创建用户和service
[root@node1 ~]# . admin-openrc
[root@node1 ~]# openstack user create --domain default --password-prompt swift # 输入密码swift
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 044c2f6e7e0947f2a7f0298e9d9f8af3 |
| name | swift |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user swift admin
[root@node1 ~]# openstack service create --name swift --description "OpenStack Object Storage" object-store
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Object Storage |
| enabled | True |
| id | fbdd56c3d9824ac4a366a529dee4fd76 |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne object-store public http://node1:8080/v1/AUTH_%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 66ba38c8261e4380aa6dd9f94d178cc4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fbdd56c3d9824ac4a366a529dee4fd76 |
| service_name | swift |
| service_type | object-store |
| url | http://node1:8080/v1/AUTH_%(project_id)s |
+--------------+------------------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne object-store internal http://node1:8080/v1/AUTH_%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 54460569959d4ae7bead17e9737c304b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fbdd56c3d9824ac4a366a529dee4fd76 |
| service_name | swift |
| service_type | object-store |
| url | http://node1:8080/v1/AUTH_%(project_id)s |
+--------------+------------------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne object-store admin http://node1:8080/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f52482fbdcf44c2cabdda1a5d21cf2ee |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fbdd56c3d9824ac4a366a529dee4fd76 |
| service_name | swift |
| service_type | object-store |
| url | http://node1:8080/v1 |
+--------------+----------------------------------+
---------------------------------------------#在node1上安装配置组件
yum -y install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached
# 下载配置文件并修改配置
curl -o /etc/swift/proxy-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/proxy-server.conf-sample
crudini --set /etc/swift/proxy-server.conf DEFAULT bind_port 8080
crudini --set /etc/swift/proxy-server.conf DEFAULT user swift
crudini --set /etc/swift/proxy-server.conf DEFAULT swift_dir /etc/swift
crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server"
crudini --set /etc/swift/proxy-server.conf app:proxy-server use egg:swift#proxy
crudini --set /etc/swift/proxy-server.conf app:proxy-server account_autocreate True
crudini --set /etc/swift/proxy-server.conf filter:keystoneauth use egg:swift#keystoneauth
crudini --set /etc/swift/proxy-server.conf filter:keystoneauth operator_roles admin,user
crudini --set /etc/swift/proxy-server.conf filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
crudini --set /etc/swift/proxy-server.conf filter:authtoken www_authenticate_uri http://node1:5000
crudini --set /etc/swift/proxy-server.conf filter:authtoken auth_url http://node1:5000
crudini --set /etc/swift/proxy-server.conf filter:authtoken memcached_servers node1:11211
crudini --set /etc/swift/proxy-server.conf filter:authtoken auth_type password
crudini --set /etc/swift/proxy-server.conf filter:authtoken project_domain_id default
crudini --set /etc/swift/proxy-server.conf filter:authtoken user_domain_id default
crudini --set /etc/swift/proxy-server.conf filter:authtoken project_name service
crudini --set /etc/swift/proxy-server.conf filter:authtoken username swift
crudini --set /etc/swift/proxy-server.conf filter:authtoken password swift
crudini --set /etc/swift/proxy-server.conf filter:authtoken delay_auth_decision True
crudini --set /etc/swift/proxy-server.conf filter:cache use egg:swift#memcache
crudini --set /etc/swift/proxy-server.conf filter:cache memcache_servers node1:112112.安装对象存储swift(对象存储节点node4/node5,两个基点操作一样,主机IP地址配置不同)
对象存储节点必须提供硬盘并且挂载到指定的目录中,否则会报错503,相关日志可以在对象存储节点的系统日志中看到。
account-replicator[353135]: Skipping: /srv/node/sdd is not mounted# 安装组件rsync
yum install -y xfsprogs rsync rsync-daemon
# 创建数目存储目录并格式化硬盘
mkdir /svc/node/sdd
mkdir /svc/node/sde
mkfs.xfs /dev/sdd
mkfs.xfs /dev/sde
# 设置开机挂载并挂载硬盘
vi /etc/fstab
/dev/sdd /srv/node/sdd xfs noatime 0 2
/dev/sde /srv/node/sde xfs noatime 0 2
# 挂载硬盘
mount -a
--- 配置
crudini --set /etc/rsyncd.conf '' uid swift
crudini --set /etc/rsyncd.conf '' gid swift
crudini --set /etc/rsyncd.conf '' 'log file' /var/log/rsyncd.log
crudini --set /etc/rsyncd.conf '' 'pid file' /var/run/rsyncd.pid
crudini --set /etc/rsyncd.conf '' address 192.168.31.104 # 存储节点的IP地址
crudini --set /etc/rsyncd.conf account 'max connections ' 2
crudini --set /etc/rsyncd.conf account path /srv/node/ # 存储数据目录
crudini --set /etc/rsyncd.conf account 'read only' False
crudini --set /etc/rsyncd.conf account 'lock file' /var/lock/account.lock
crudini --set /etc/rsyncd.conf container 'max connections' 2
crudini --set /etc/rsyncd.conf container path /srv/node/
crudini --set /etc/rsyncd.conf container 'read only' False
crudini --set /etc/rsyncd.conf container 'lock file' /var/lock/container.lock
crudini --set /etc/rsyncd.conf object 'max connections' 2
crudini --set /etc/rsyncd.conf object path /srv/node/
crudini --set /etc/rsyncd.conf object 'read only' False
crudini --set /etc/rsyncd.conf object 'lock file' /var/lock/object.lock
---------------------------------------------# 启动服务
systemctl enable rsyncd.service && systemctl start rsyncd.service
---------------------------------------------# 安装OpenStack组件
yum install -y --enablerepo powertools openstack-swift-account openstack-swift-container openstack-swift-object
---------------------------------------------# 修改组件配置
# 下载配置文件
curl -o /etc/swift/account-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/account-server.conf-sample
curl -o /etc/swift/container-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/container-server.conf-sample
curl -o /etc/swift/object-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/object-server.conf-sample
# 对配置文件进行修改
crudini --set /etc/swift/account-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
crudini --set /etc/swift/account-server.conf DEFAULT bind_port 6202
crudini --set /etc/swift/account-server.conf DEFAULT user swift
crudini --set /etc/swift/account-server.conf DEFAULT swift_dir /etc/swift
crudini --set /etc/swift/account-server.conf DEFAULT devices /srv/node # 存储数据目录
crudini --set /etc/swift/account-server.conf DEFAULT mount_check True
crudini --set /etc/swift/account-server.conf pipeline:main pipeline 'healthcheck recon account-server'
crudini --set /etc/swift/account-server.conf filter:recon use egg:swift#recon
crudini --set /etc/swift/account-server.conf filter:recon recon_cache_path
----------
crudini --set /etc/swift/container-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
crudini --set /etc/swift/container-server.conf DEFAULT bind_port 6201
crudini --set /etc/swift/container-server.conf DEFAULT user swift
crudini --set /etc/swift/container-server.conf DEFAULT swift_dir /etc/swift
crudini --set /etc/swift/container-server.conf DEFAULT devices /srv/node # 存储数据目录
crudini --set /etc/swift/container-server.conf DEFAULT mount_check True
crudini --set /etc/swift/container-server.conf pipeline:main pipeline 'healthcheck recon container-server'
crudini --set /etc/swift/container-server.conf filter:recon use egg:swift#recon
crudini --set /etc/swift/container-server.conf recon_cache_path /var/cache/swift
----------
crudini --set /etc/swift/object-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
crudini --set /etc/swift/object-server.conf DEFAULT bind_port 6200
crudini --set /etc/swift/object-server.conf DEFAULT user swift
crudini --set /etc/swift/object-server.conf DEFAULT swift_dir /etc/swift
crudini --set /etc/swift/object-server.conf DEFAULT devices /srv/node # 存储数据目录
crudini --set /etc/swift/object-server.conf DEFAULT mount_check True
crudini --set /etc/swift/object-server.conf pipeline:main pipeline 'healthcheck recon object-server'
crudini --set /etc/swift/object-server.conf filter:recon use egg:swift#recon
crudini --set /etc/swift/object-server.conf filter:recon recon_cache_path /var/cache/swift
crudini --set /etc/swift/object-server.conf filter:recon recon_lock_path /var/lock
----------# 配置数据目录权限
chown -R swift:swift /srv/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift3.创建分发(控制节点node1)
curl -o /etc/swift/swift.conf \
https://opendev.org/openstack/swift/raw/branch/master/etc/swift.conf-sample
# 修改配置如下
[swift-hash]
...
swift_hash_path_suffix = 123456789
swift_hash_path_prefix = 123456789
-----------------------------# 生成文件,注意参数里面的sdd和sde必须为本地对应的文件,和挂载目录必须对应
cd /etc/swift
swift-ring-builder account.builder create 10 3 1 # 创建account.builder文件
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6202 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6202 --device sde --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6202 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6202 --device sde --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance
---
cd /etc/swift
swift-ring-builder container.builder create 10 3 1 # 创建container.builder文件
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6201 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6201 --device sde --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6201 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6201 --device sde --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance
---
cd /etc/swift
swift-ring-builder object.builder create 10 3 1 # 创建object.builder文件
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6200 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6200 --device sde --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6200 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6200 --device sde --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
---
分发配置文件到对象存储节点node4,node5
for i in 4 5; do scp account.ring.gz container.ring.gz object.ring.gz node$i:/etc/swift;done4.完成安装,在各个节点启动服务
# 在node1上分发swift.conf到存储节点node4、node5
for i in 4 5; do scp /etc/swift/swift.conf node$i:/etc/swift;done
------# 所有节点(node1、node4、node5)修改配置文件权限
chown -R root:swift /etc/swift
# 控制节点node1启动服务
systemctl enable openstack-swift-proxy.service memcached.service
systemctl start openstack-swift-proxy.service memcached.service
# 存储节点
systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service \
openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl start openstack-swift-account.service openstack-swift-account-auditor.service \
openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl enable openstack-swift-container.service \
openstack-swift-container-auditor.service openstack-swift-container-replicator.service \
openstack-swift-container-updater.service
systemctl start openstack-swift-container.service \
openstack-swift-container-auditor.service openstack-swift-container-replicator.service \
openstack-swift-container-updater.service
systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service \
openstack-swift-object-replicator.service openstack-swift-object-updater.service
systemctl start openstack-swift-object.service openstack-swift-object-auditor.service \
openstack-swift-object-replicator.service openstack-swift-object-updater.service5.在node1上验证
. admin-openrc
[root@node1 ~]# . admin-openrc
[root@node1 ~]# swift stat
Account: AUTH_c827c773e36d4149a93196b371cebfd9
Containers: 0
Objects: 0
Bytes: 0
Content-Type: text/plain; charset=utf-8
X-Timestamp: 1646277425.56907
X-Put-Timestamp: 1646277425.56907
Vary: Accept
X-Trans-Id: tx7195146dc9444fe5a0074-0062203331
X-Openstack-Request-Id: tx7195146dc9444fe5a0074-0062203331
# 上传文件,创建一个容器
[root@node1 ~]# openstack container create container1
+---------------------------------------+------------+------------------------------------+
| account | container | x-trans-id |
+---------------------------------------+------------+------------------------------------+
| AUTH_c827c773e36d4149a93196b371cebfd9 | container1 | tx0a771488be834a149f48f-00622033b7 |
+---------------------------------------+------------+------------------------------------+
# 删除文件到对象存储中
[root@node1 ~]# openstack object create container1 cirros-0.4.0-x86_64-disk.img
+------------------------------+------------+----------------------------------+
| object | container | etag |
+------------------------------+------------+----------------------------------+
| cirros-0.4.0-x86_64-disk.img | container1 | 443b7623e27ecf03dc9e01ee93f67afe |
+------------------------------+------------+----------------------------------+
# 查询对象存在红的文件
[root@node1 ~]# openstack object list container1
+------------------------------+
| Name |
+------------------------------+
| cirros-0.4.0-x86_64-disk.img |
+------------------------------+
# 将文件下载到本地
[root@node1 ~]# openstack object save container1 cirros-0.4.0-x86_64-disk.img登录Dashboard也可以看到对象存储和刚刚上传的文件,也可以通过Dashboard来上传和下载文件。如果没有对象存储菜单,退出后重新登录或者重启http服务
