在顺利的安装部署了KeyStone之后,原以为swift的安装调试也会如KeyStone一般,但过程却充满了坎坷,在结合源代码中的一些函数之后,终于成功的完成了swift的安装,并实验了上传下载文件等功能,下面整理了swift的安装过程,并对遇到的问题进行了总结,希望对遇到同样问题的人有些启示或帮助。安装过程依然参考的是OpenStack的官方安装手册,但补充了一些细节。在安装之前,先简单的介绍一下Swift是什么、主要功能是什么。OpenStack的对象存储(Swift)是一个多租户的、高可扩展的对象存储系统,通过RESTful HTTP API管理着大量的非结构化数据,在部署对象存储之前必须至少安装了身份服务(KeyStone)。Swift包含的组件包括:
- 代理服务器(swift-proxy-server):接受对象存储API和HTTP请求以上传文件、修改元数据和创建容器,也向浏览器提供文件或容器的列表。为了改进性能,代理服务器可以使用可选的缓存,通常选择memcache与代理服务器一起部署。
- 账户服务(account-server):管理对象存储中的账户。
- 容器服务(container-server):管理对象存储中容器或文件夹的映射。
- 对象服务(object-server):管理存储节点上的实际对象,比如文件。
- WSGI中间层:处理认证,通常是身份服务(KeyStone)。
- 周期性进程:在集群中执行各种维护任务,比如复制(replicator)服务确保集群中数据的一致性和可用性,其它还包括:auditor, updater和reaper。
代理服务依赖于认证和授权机制,如果使用身份服务完成认证和授权的话,则在配置管理swift之前,首先要在keystone中创建swift的认证信息和endpoint。对象存储在控制节点上不适用SQL数据库。由于之前已经成功部署了KeyStone,所以这里就不在赘述KeyStone的安装过程,直接进入Swift的安装。本次安装是在单节点的虚拟机进行的,也就是控制节点和存储节点部署在相同的主机中,操作系统为CentOS7.1。首先在KeyStone中创建Swift的用户、服务及endpoint,具体命令及结果如下:
[openstack@localhost ~]$ keystone user-create --name swift --pass 123456
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | ed4f45ac3e8a4ac683d54b642e61ac04 |
| name | swift |
| username | swift |
+----------+----------------------------------+
keystone user-role-add --user swift --role admin --tenant service
[openstack@localhost ~]$ keystone service-create --name swift --type object-store
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 094cc0da43e348f8b792f77ef99f8e7e |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
[openstack@localhost ~]$ keystone endpoint-create --region regionOne --service swift --publicurl 'http://localhost:8080/v1/AUTH_%(tenant_id)s' --internalurl 'http://localhost:8080/v1/AUTH_%(tenant_id)s' --adminurl 'http://localhost:8080/v1/AUTH_%(tenant_id)s'
+-------------+-----------------------------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------------------------+
| adminurl | http://locoalhost:8080/v1/ |
| id | c0da7d196e204e038766740e405dbbce |
| internalurl | http://locoalhost:8080/v1/AUTH_2835009c452b4d408f95ff5a920fc877 |
| publicurl | http://locoalhost:8080/v1/AUTH_2835009c452b4d408f95ff5a920fc877 |
| region | regionOne |
| service_id | 094cc0da43e348f8b792f77ef99f8e7e |
+-------------+-----------------------------------------------------------------+
然后安装proxy-server,swift客户端、memcached等:yum install openstack-swift-proxy python-swiftclient python-keystone-auth-token python-keystonemiddleware memcached。上面命令中的python-keystone-auth-token是无法安装的,当使用yum安装时将会报如下的异常信息:没有可用软件包 python-keystone-auth-token。经过在OpenStack的官网确认,该问题属于文档中的错误,直接忽略该问题或者执行yum install openstack-swift-proxy python-swiftclient python-keystonemiddleware memcached。安装执行完毕后,执行下面的命令下载proxy-server.conf文件:
curl -o /etc/swift/proxy-server.conf https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/proxyserver.conf-sample
下载完成后需要对文件中的配置参数进行修改,修改的具体内容如下:
- 在[DEFAULT]中指定端口号、用户名和配置文件目录:
[DEFAULT]
...
bind_port = 8080
user = swift
swift_dir = /etc/swift
- 在[pipeline:main]中,启用合适的模块:
[pipeline:main]
pipeline = authtoken cache healthcheck keystoneauth proxy-logging proxy-server
- 在[app:proxy-server]中,启用用户管理功能:
[app:proxy-server]
...
allow_account_management = true
account_autocreate = true
- 在[filter:keystoneauth]中配置合适的操作角色;
[filter:keystoneauth]
use = egg:swift#keystoneauth
...
operator_roles = admin,_member_
- 在[filter:authtoken]中配置认证服务的相关信息:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
...
auth_uri = http://localhost:5000/v2.0
identity_uri = http://localhost:35357
admin_tenant_name = service
admin_user = swift
admin_password = SWIFT_PASS #指定为使用keystone创建swift用户时设置的密码,比如123456
delay_auth_decision = true
- 在[filter:cache]中,配置memcached的位置:
[filter:cache]
...
memcache_servers = 127.0.0.1:11211
/dev/sdb1 /srv/node/ xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = MANAGEMENT_INTERFACE_IP_ADDRESS
[account]
max connections = 2
path = /srv/
read only = false
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/
read only = false
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/
read only = false
lock file = /var/lock/object.lock
curl -o /etc/swift/account-server.conf https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/account-server.conf-sample
curl -o /etc/swift/container-server.conf https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/container-server.conf-sample
curl -o /etc/swift/object-server.conf https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/object-server.conf-sample
三个配置文件所要修改的内容很相似,因此仅对account-server.conf进行说明,其它两个文件不同的地方将进行标记。
- 在[DEFAULT]中,配置ip地址、端口号、用户、配置文件所在目录和挂载目录,需要注意的地方是挂载目录,该目录为挂载点的上级目录,比如/dev/sdb1挂载到目录/srv/node目录,在该配置文件的中的挂载目录应该为/srv,而不是/srv/node。
[DEFAULT]
...
bind_ip = 127.0.0.1
bind_port = 6002 #不同的服务使用不同的端口
user = swift
swift_dir = /etc/swift
devices = /srv/ #设备挂载目录的上级目录
- 在[pipeline:main]中,设置合适的模块:
[pipeline:main]
pipeline = healthcheck recon account-server#account-server在其它配置文件中应该改为container-server、object-server
- 在[filter:recon]中,配置recon缓存目录:
[filter:recon]
...
recon_cache_path = /var/cache/swift
swift-ring-builder account.builder create 8 1 1
swift-ring-builder container.builder create 8 1 1
swift-ring-builder object.builder create 8 1 1
swift-ring-builder account.builder add r1z1-127.0.0.1:6002/node 100
swift-ring-builder container.builder add r1z1-127.0.0.1:6001/node 100
swift-ring-builder object.builder add r1z1-127.0.0.1:6000/node 100
object-replicator: node is not mounted
proxy-server: ERROR Insufficient Storage 127.0.0.1:6002/node
from swift.common.constraints import check_mount
check_mount('/srv','node') #第一个参数为配置文件中devices的值,第二个参数为向ring增加设备时/后面的值
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder rebalance
curl -o /etc/swift/swift.conf https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/swift.conf-sample
- 在[swift-hash]中配置hash路径的前缀和后缀:
[swift-hash]
...
swift_hash_path_suffix = HASH_PATH_PREFIX
swift_hash_path_prefix = HASH_PATH_SUFFIX
- 在[storage-policy:0]配置默认的存储策略:
[storage-policy:0]
...
name = Policy-0
default = yes
部署配置完成后,就需要启动所有服务。除了proxy-server、account-server、container-server和object-server外,swift还包括许多其它的周期性进程,如果每次都要逐一启动、停止、重启这些服务,将会是繁琐且无聊的过程,因此建议将所有启动、停止或重启的命令编入相应的脚本,这样只需执行脚本就可以了,比如:
[openstack@localhost ~]$ cat swift-stop.sh
#! /bin/bash
systemctl stop openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl stop openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl stop openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
[openstack@localhost ~]$ source demo-openrc.sh
[openstack@localhost ~]$ swift stat
Account: AUTH_1928446a6c364ace8a40043b5318bd9f
Containers: 0
Objects: 0
Bytes: 0
X-Put-Timestamp: 1434681204.28622
Connection: keep-alive
X-Timestamp: 1434681204.28622
X-Trans-Id: tx60e7648bf53f4365a2c84-0055837f72
Content-Type: text/plain; charset=utf-8
[openstack@localhost ~]$ swift upload demo swift-stop.sh --object-name stop
stop
[openstack@localhost ~]$ swift list
demo
[openstack@localhost ~]$ swift list demo
stop
至此就完成了swift的单节点部署工作,并且从测试结果来看,一切动作正常。成功部署swift并不意味者对swift的所有功能、流程都已经熟悉了,相反还有很多需要学习的,比如swift客户端命令的详细使用方法,上传下载文件的具体流程,ring文件的具体含义,如何调整partition的数量等,还需要进一步的学习。