Install and Configure OpenStack Object Storage (Swift)

所谓覅破解

　　Based on OpenStack Icehouse release

　　OpenStack Swift Architecture
https://swiftstack.com/openstack-swift/architecture/

　　On keystone auth node:

　　# add swift user
keystone user-create --tenant service --name swift --pass SWIFT-USER-PASSWORD

# add swift user in admin role
keystone user-role-add --user swift --tenant service --role admin

# add an entry for swift service
keystone service-create --name=swift --type=object-store --description="Swift Service"

# add an entry for swift endpoint
keystone endpoint-create --region RegionOne --service swift --publicurl=http://LOAD-BALANCER-OF-PROXY:8080/v1/AUTH_%\(tenant_id\)s --internalurl=http://LOAD-BALANCER-OF-PROXY:8080/v1/AUTH_%\(tenant_id\)s --adminurl=http://LOAD-BALANCER-OF-PROXY:8080
　　

　　On Swift Storage nodes:

　　1. service NetworkManager stop; chkconfig NetworkManager off
service network start; chkconfig network on

disable firewall and selinux
service iptables stop; chkconfig iptables off
service ip6tables stop; chkconfig ip6tables off

2. using eth0 to connect proxy servers and other storage nodes

　　
3. set hostname in /etc/sysconfig/network and /etc/hosts
192.168.20.30    proxynode1
　　192.168.20.31    proxynode2
　　
4. yum -y install ntp
vi /etc/ntp.conf
server 192.168.20.30 perfer

　　server 192.168.20.31
restrict 192.168.20.30
　　restrict 192.168.20.31

service ntpd start; chkconfig ntpd on

5. yum -y install  http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
　　yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install mysql MySQL-python
　　

　　6. yum -y install openstack-swift-account openstack-swift-container openstack-swift-object xfsprogs xinetd

7. RAID on the storage drives is not required and not recommended, use a single partition per drive

swift storage node1:
single partition, using fdisk, /dev/sdb --> /dev/sdb1 --> /srv/node/sdb1
　　/dev/sdc --> /dev/sdc1 --> /srv/node/sdc1
　　partprobe /dev/sdb /dev/sdc

　　mkfs.xfs -i size=1024 /dev/sdb1
　　mkfs.xfs -i size=1024 /dev/sdc1
　　mkdir -p /srv/node/sdb1; mkdir -p /srv/node/sdc1
echo "/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
echo "/dev/sdc1 /srv/node/sdc1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
mount /srv/node/sdb1; mount /srv/node/sdc1
chown -R swift:swift /srv/node
　　

　　vi /etc/swift/swift.conf
# change (it is shared between Nodes - any words you like)
[swift-hash]
swift_hash_path_suffix = swift_shared_path
　　

　　vi /etc/swift/account-server.conf
bind_ip =192.168.20.40

vi /etc/swift/container-server.conf
bind_ip =192.168.20.40

vi /etc/swift/object-server.conf
bind_ip =192.168.20.40
　　
vi /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = STORAGE_LOCAL_NET_IP # 192.168.20.40

[account]
max connections = 25
path = /srv/node/
read only = false
lock file = /var/lock/account.lock

[container]
max connections = 25
path = /srv/node/
read only = false
lock file = /var/lock/container.lock

[object]
max connections = 25
path = /srv/node/
read only = false
lock file = /var/lock/object.lock

vi /etc/xinetd.d/rsync
disable = no

service xinetd start; chkconfig xinetd on

mkdir -p /var/swift/recon; chown -R swift:swift /var/swift/recon
　　

　　swift storage node2:
single partition, using fdisk, /dev/sdb --> /dev/sdb1 --> /srv/node/sdb1

　　/dev/sdc --> /dev/sdc1 --> /srv/node/sdc1
　　partprobe /dev/sdb /dev/sdc
　　mkfs.xfs -i size=1024 /dev/sdb1
　　mkfs.xfs -i size=1024 /dev/sdc1

　　mkdir -p /srv/node/sdb1; mkdir -p /srv/node/sdc1
echo "/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
echo "/dev/sdc1 /srv/node/sdc1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
mount /srv/node/sdb1; mount /srv/node/sdc1
chown -R swift:swift /srv/node
　　

　　vi /etc/swift/swift.conf
# change (it is shared between Nodes - any words you like)
[swift-hash]
swift_hash_path_suffix = swift_shared_path
　　

　　vi /etc/swift/account-server.conf
bind_ip =192.168.20.41

vi /etc/swift/container-server.conf
bind_ip =192.168.20.41

vi /etc/swift/object-server.conf
bind_ip =192.168.20.41

　　
vi /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = STORAGE_LOCAL_NET_IP # 192.168.20.41
　　

　　[account]
max connections = 25
path = /srv/node/
read only = false
lock file = /var/lock/account.lock

[container]
max connections = 25
path = /srv/node/
read only = false
lock file = /var/lock/container.lock

[object]
max connections = 25
path = /srv/node/
read only = false
lock file = /var/lock/object.lock

vi /etc/xinetd.d/rsync
disable = no

service xinetd start; chkconfig xinetd on

mkdir -p /var/swift/recon; chown -R swift:swift /var/swift/recon
　　

　　Swift Proxy Load balancer:
　　1. yum -y install Pound

2. vi /etc/pound.cfg

User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"

ListenHTTP
    Address LOAD-BALANCER-NAME|IP-OF-LOAD-BALANCER
    Port 8080
　　    xHTTP 2
End

#ListenHTTPS
#    Address 0.0.0.0
#    Port    443
#    Cert    "/etc/pki/tls/certs/pound.pem"
#End

Service
    BackEnd
        Address 192.168.1.30
        Port    8080
    End

    BackEnd
        Address 192.168.1.31
        Port    8080
    End
End

service pound start; chkconfig pound on
　　

　　On First Swift Proxy:
　　1. service NetworkManager stop; chkconfig NetworkManager off
service network start; chkconfig network on

disable firewall and selinux
service iptables stop; chkconfig iptables off
service ip6tables stop; chkconfig ip6tables off

2. eth0 for management/public/floating (192.168.1.0/24), eth1 for internal/flat (192.168.20.0/24), it's recommended to use seperated nic for management network
　　
3. set hostname in /etc/sysconfig/network and /etc/hosts
192.168.1.10    controller
192.168.1.11    node1
192.168.1.30    proxynode1
　　192.168.1.31    proxynode2
　　
4. yum -y install ntp
vi /etc/ntp.conf
server 192.168.1.10
restrict 192.168.1.10
　　restrict 192.168.20.0 mask 255.255.255.0 nomodify notrap
　　
service ntpd start; chkconfig ntpd on

5. yum -y install  http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
　　yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install mysql MySQL-python
　　

　　6. yum -y install openstack-swift-proxy memcached python-swiftclient python-keystone-auth-token
　　

　　vi /etc/sysconfig/memcached
　　OPTIONS="-l 192.168.20.30"
　　

　　service memcached start; chkconfig memcached on

7. vi /etc/swift/proxy-server.conf

　　[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.20.30:11211
　　

　　[filter:authtoken]
　　admin_tenant_name = service
admin_user = swift
admin_password = SWIFT-USER-PASSWORD
auth_host = controller
auth_port = 35357
auth_protocol = http
　　signing_dir = /tmp/keystone-signing-swift

vi /etc/swift/swift.conf
# change (it is shared between Nodes - any words you like)
[swift-hash]
swift_hash_path_suffix = swift_shared_path

　　

　　mkdir /tmp/keystone-signing-swift
　　chown -R swift:swift /tmp/keystone-signing-swift

　　

　　8. please check http://rackerlabs.github.io/swift-ppc/, you should have at least 3 disks for the ring (my thought :))

　　cd /etc/swift
swift-ring-builder account.builder create 8 3 1
swift-ring-builder container.builder create 8 3 1
swift-ring-builder object.builder create 8 3 1
　　you should run above commands only once, so take care of the part_power value

　　

　　Notes: check https://swiftstack.com/blog/2012/04/09/swift-capacity-management/ for more info on weight, you can use disk capacity in GB for weight value during first initilization

　　

　　swift-ring-builder account.builder add r1z1-192.168.20.40:6002/sdb1 25
swift-ring-builder container.builder add r1z1-192.168.20.40:6001/sdb1 25
swift-ring-builder object.builder add r1z1-192.168.20.40:6000/sdb1 25

swift-ring-builder account.builder add r1z1-192.168.20.40:6002/sdc1 25
swift-ring-builder container.builder add r1z1-192.168.20.40:6001/sdc1 25
swift-ring-builder object.builder add r1z1-192.168.20.140:6000/sdc1 25

swift-ring-builder account.builder add r1z2-192.168.20.41:6002/sdb1 25
swift-ring-builder container.builder add r1z2-192.168.20.41:6001/sdb1 25
swift-ring-builder object.builder add r1z2-192.168.20.41:6000/sdb1 25

swift-ring-builder account.builder add r1z2-192.168.20.41:6002/sdc1 25
swift-ring-builder container.builder add r1z2-192.168.20.41:6001/sdc1 25
swift-ring-builder object.builder add r1z2-192.168.20.41:6000/sdc1 25

　　

　　Verify the ring contents for each ring (cd /etc/swift to run below commands):
swift-ring-builder account.builder
swift-ring-builder container.builder
swift-ring-builder object.builder
　　
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder rebalance

chown -R swift:swift /etc/swift

scp /etc/swift/*.gz 192.168.20.40:/etc/swift/
scp /etc/swift/*.gz 192.168.20.41:/etc/swift/

service openstack-swift-proxy start; chkconfig openstack-swift-proxy on

　　

　　on swift storage node1 and node2:
　　1. chown -R swift:swift /etc/swift
　　

　　2. for service in openstack-swift-object openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object-auditor openstack-swift-container openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container-auditor openstack-swift-account openstack-swift-account-replicator openstack-swift-account-reaper openstack-swift-account-auditor; do
service $service start
　　chkconfig $service on
done
　　

　　On keystone auth node:
　　swift stat
　　

　　Second Swift Proxy Server:

1. service NetworkManager stop; chkconfig NetworkManager off
service network start; chkconfig network on

disable firewall and selinux
service iptables stop; chkconfig iptables off
service ip6tables stop; chkconfig ip6tables off

2. eth0 for management/public/floating (192.168.1.0/24), eth1 for internal/flat (192.168.20.0/24), it's recommended to use seperated nic for management network
　　

　　3. set hostname in /etc/sysconfig/network and /etc/hosts
192.168.1.10    controller
192.168.1.11    node1
192.168.1.30    proxynode1
　　192.168.1.31    proxynode2
　　

　　4. yum -y install ntp
vi /etc/ntp.conf
server 192.168.1.10
restrict 192.168.1.10
　　restrict 192.168.20.0 mask 255.255.255.0 nomodify notrap
　　
service ntpd start; chkconfig ntpd on

5. yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
　　yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install mysql MySQL-python

6. yum -y install openstack-swift-proxy memcached python-swiftclient python-keystone-auth-token

vi /etc/sysconfig/memcached
OPTIONS="-l 192.168.20.31"

service memcached start; chkconfig memcached on

7. vi /etc/swift/proxy-server.conf
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.20.30:11211,192.168.20.31:11211

[filter:authtoken]
admin_tenant_name = service
admin_user = swift
admin_password = SWIFT-USER-PASSWORD
auth_host = controller
auth_port = 35357
auth_protocol = http
signing_dir = /tmp/keystone-signing-swift

vi /etc/swift/swift.conf
# change (it is shared between Nodes - any words you like)
[swift-hash]
swift_hash_path_suffix = swift_shared_path

mkdir /tmp/keystone-signing-swift
chown -R swift:swift /tmp/keystone-signing-swift

8. scp 192.168.1.30:/etc/swift/*.gz /etc/swift
chown -R swift:swift /etc/swift

9. service openstack-swift-proxy start; chkconfig openstack-swift-proxy on
　　

　　on first swift proxy server:

vi /etc/swift/proxy-server.conf
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.20.30:11211,192.168.20.31:11211

service openstack-swift-proxy restart
　　

　　To verify installation:
　　on controller node
　　source ~/adminrc
　　swift stat