2023學(xué)年完整公開課版搭建OpenStackSwift服務(wù)

搭建openstackswift服務(wù)一、Openstackswift基本概念2OpenStackObjectStorage（Swift）是OpenStack開源云計(jì)算項(xiàng)目的子項(xiàng)目之一。Swift的目的是使用普通硬件來構(gòu)建冗余的、可擴(kuò)展的分布式對(duì)象存儲(chǔ)集群，存儲(chǔ)容量可達(dá)PB級(jí)。Swift并不是文件系統(tǒng)或者實(shí)時(shí)的數(shù)據(jù)存儲(chǔ)系統(tǒng)，它是對(duì)象存儲(chǔ)，用于永久類型的靜態(tài)數(shù)據(jù)的長(zhǎng)期存儲(chǔ)，這些數(shù)據(jù)可以檢索、調(diào)整，必要時(shí)進(jìn)行更新。最適合存儲(chǔ)的數(shù)據(jù)類型的例子是虛擬機(jī)鏡像、圖片存儲(chǔ)、郵件存儲(chǔ)和存檔備份。注意：對(duì)象存儲(chǔ)服務(wù)不使用SQL數(shù)據(jù)庫。而是在每一個(gè)對(duì)象存儲(chǔ)節(jié)點(diǎn)上使用分布式的SQLite數(shù)據(jù)庫。在安裝之前，存儲(chǔ)節(jié)點(diǎn)應(yīng)準(zhǔn)備2個(gè)空本地存儲(chǔ)設(shè)備，本次實(shí)驗(yàn)為/dev/sdb/dev/sdc二、Openstackkeystone構(gòu)建3構(gòu)建swift云存儲(chǔ)開發(fā)環(huán)境時(shí)身份認(rèn)證采用openstack的keystone，不使用本身集成的認(rèn)證系統(tǒng)Tempauth。接下來開始構(gòu)建keystone認(rèn)證服務(wù)。1、環(huán)境準(zhǔn)備設(shè)置主機(jī)解析[root@swift~]#vi/etc/hosts……0swfit……二、Openstackkeystone構(gòu)建4構(gòu)建yum源用于安裝相應(yīng)的軟件包。先上傳iso鏡像文件#mkdir/mnt/centos#mkdir/mnt/mitaka#mount-oloop/CentOS-7-x86_64-DVD-1511.iso/mnt/centos#mount-oloop/Mitaka.iso/mnt/mitaka將網(wǎng)絡(luò)源移除，在/etc/yum.repo.d/下創(chuàng)建local.repo文件

#mv/etc/yum.repos.d/*/opt/二、Openstackkeystone構(gòu)建5#vi/etc/yum.repos.d/local.repo[centos]name=centosbaseurl=file:///opt/centosgpgcheck=0enabled=1[iaas]name=iaasbaseurl=file:///opt/iaas/iaas-repogpgcheck=0enabled=1二、Openstackkeystone構(gòu)建6驗(yàn)證yum是否構(gòu)建成功。#yumlist安裝openstack客戶端#yuminstallpython-openstackclient-y#yuminstallopenstack-selinux-y#yumupgrade--skip-broken-y二、Openstackkeystone構(gòu)建7安裝mariadb數(shù)據(jù)庫用于存儲(chǔ)keystons用戶數(shù)據(jù)。#yuminstallmariadbmariadb-serverpython2-PyMySQL–y編輯/etc/f文件，并添加如下內(nèi)容：在[mysqld]部分配置bind-address值為控制節(jié)點(diǎn)的管理網(wǎng)絡(luò)IP地址以使得其它節(jié)點(diǎn)可以通過管理網(wǎng)絡(luò)訪問數(shù)據(jù)庫。[mysqld]bind-address=0二、Openstackkeystone構(gòu)建8在[mysqld]部分配置如下鍵值來啟用一些有用的選項(xiàng)和UTF-8字符集。[mysqld]default-storage-engine=innodbinnodb_file_per_tablemax_connections=4096collation-server=utf8_general_cicharacter-set-server=utf8啟動(dòng)數(shù)據(jù)庫#systemctlenablemariadb.service#systemctlstartmariadb.service二、Openstackkeystone構(gòu)建9為了保證數(shù)據(jù)庫服務(wù)的安全性，運(yùn)行‘mysql_secure_installation’腳本。初始化數(shù)據(jù)庫并設(shè)置密碼：#mysql_secure_installation二、Openstackkeystone構(gòu)建10安裝并配置消息服務(wù)器（Rabbitmq）#yuminstallrabbitmq-server–y啟動(dòng)并設(shè)置開機(jī)自啟：#systemctlenablerabbitmq-server.service#systemctlstartrabbitmq-server.service創(chuàng)建rabbitmq用戶并設(shè)置權(quán)限創(chuàng)建用戶：openstack密碼：000000#rabbitmqctladd_useropenstack000000給openstack用戶授予讀寫訪問權(quán)限。#rabbitmqctlset_permissionsopenstack".*"".*"".*"二、Openstackkeystone構(gòu)建11安裝Memcached認(rèn)證服務(wù)認(rèn)證緩存使用Memcached緩存令牌，緩存服務(wù)memecached運(yùn)行在控制節(jié)點(diǎn)。#yuminstallmemcachedpython-memcached-y啟動(dòng)并設(shè)置開機(jī)自啟：

#systemctlenablememcached.service#systemctlstartmemcached.service二、Openstackkeystone構(gòu)建122、配置keystone數(shù)據(jù)庫。登錄MYSQL并創(chuàng)建keystone數(shù)據(jù)庫#mysql-uroot-p000000創(chuàng)建keystone數(shù)據(jù)庫MariaDB[(none)]>CREATEDATABASEkeystone;設(shè)置授權(quán)用戶和密碼：MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'000000';MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'000000';MariaDB[(none)]>exit3、安裝keystone所需軟件包#yuminstallopenstack-keystonehttpdmod_wsgi-y二、Openstackkeystone構(gòu)建134、配置keystone令牌。#opensslrand-hex10編輯/etc/keystone/keystone.conf文件做如下配置與修改使用剛剛生成的隨機(jī)值替換[DEFAULT]admin_token=4d41e6e909f346df2676配置數(shù)據(jù)庫鏈接[database]connection=mysql+pymysql://keystone:000000@swift/keystone配置provider[token]provider=fernet二、Openstackkeystone構(gòu)建145、同步數(shù)據(jù)庫。#su-s/bin/sh-c"keystone-managedb_sync"keystone

6、初始化密鑰：#keystone-managefernet_setup--keystone-userkeystone--keystone-groupkeystone二、Openstackkeystone構(gòu)建157、配置apach。編輯/etc/httpd/conf/httpd.conf文件添加：ServerNameswift創(chuàng)建/etc/httpd/conf.d/wsgi-keystone.conf文件啟動(dòng)并設(shè)置ApacheHTTP服務(wù)開機(jī)自啟：#systemctlenablehttpd.service#systemctlstarthttpd.service二、Openstackkeystone構(gòu)建168、創(chuàng)建user，endpoint，domain，project，service，role。配置身份認(rèn)證令牌：#exportOS_TOKEN=4d41e6e909f346df2676配置臨時(shí)的端點(diǎn)URL#exportOS_URL=http://swift:35357/v3配置臨時(shí)的API版本#exportOS_IDENTITY_API_VERSION=3二、Openstackkeystone構(gòu)建17為keystone本身創(chuàng)建服務(wù)：#openstackservicecreate--namekeystone--description"OpenStackIdentity"identity創(chuàng)建公共端點(diǎn)#openstackendpointcreate--regionRegionOneidentitypublichttp://swift:5000/v3創(chuàng)建外部端點(diǎn)#openstackendpointcreate--regionRegionOneidentityinternalhttp://swift:5000/v3創(chuàng)建管理端點(diǎn)#openstackendpointcreate--regionRegionOneidentityadminhttp://swift:35357/v3二、Openstackkeystone構(gòu)建188、創(chuàng)建user，endpoint，domain，project，service，role。創(chuàng)建默認(rèn)（default）的domain#openstackdomaincreate--description"DefaultDomain"default創(chuàng)建名字為admin的project#openstackprojectcreate--domaindefault--description"AdminProject"admin創(chuàng)建名字為admin的user#openstackusercreate--domaindefault--password000000admin創(chuàng)建名字為admin的role#openstackrolecreateadmin進(jìn)行關(guān)聯(lián)#openstackroleadd--projectadmin--useradminadmin二、Openstackkeystone構(gòu)建199、驗(yàn)證keystone服務(wù)清除臨時(shí)的環(huán)境變量：#unsetOS_TOKENOS_URL寫入環(huán)境變量：創(chuàng)建/etc/keystone/admin-openrc文件#vi/etc/keystone/admin-openrcexportOS_PROJECT_DOMAIN_NAME=defaultexportOS_USER_DOMAIN_NAME=defaultexportOS_PROJECT_NAME=adminexportOS_USERNAME=adminexportOS_PASSWORD=000000exportOS_AUTH_URL=http://swift:35357/v3exportOS_IDENTITY_API_VERSION=3exportOS_IMAGE_API_VERSION=2二、Openstackkeystone構(gòu)建209、驗(yàn)證keystone服務(wù)[root@swift~]#source/etc/keystone/admin-openrc.sh//獲取您的管理員憑據(jù)[root@swift~]#source/etc/keystone/admin-openrc.sh[root@swift~]#openstacktokenissue二、Openstackswift搭建211、給swift創(chuàng)建用戶并賦予權(quán)限。[root@swift~]#source/etc/keystone/admin-openrc.sh//獲取您的管理員憑據(jù)[root@swift~]#openstackusercreate--domaindefault–password-prompt000000swift//創(chuàng)建用戶swift，如圖2.1圖2.1二、Openstackswift搭建22#openstackroleadd--projectservice--userswiftadmin//添加角色，如圖2.2#openstackservicecreate--nameswift--description“OpenStackObjectStorage”object-store//創(chuàng)建swift服務(wù)實(shí)體，如圖2.3圖2.3圖2.2二、Openstackswift搭建232、創(chuàng)建swift服務(wù)API端點(diǎn)。[root@swift~]#source/etc/keystone/admin-openrc.sh//獲取您的管理員憑據(jù)[root@swift~]#openstackendpointcreate--regionRegionOneobject-storepublichttp://swift:8080/v1/AUTH_%\(tenant_id\)s//創(chuàng)建公共的api端點(diǎn)

[root@swift~]#openstackendpointcreate--regionRegionOneobject-storeinternalhttp://swift:8080/v1/AUTH_%\(tenant_id\)s//創(chuàng)建公共的api端點(diǎn)

[root@swift~]#openstackendpointcreate--regionRegionOneobject-storeadminhttp://swift:8080/v1//創(chuàng)建公共的api端點(diǎn)二、Openstackswift搭建243、安裝并配置swift#yuminstallopenstack-swift-proxypython-swiftclientpython-keystoneclientpython-keystonemiddlewarememcached–y//安裝openstackswift軟件包從OpenStack官網(wǎng)對(duì)象存儲(chǔ)倉(cāng)庫源中獲取代理服務(wù)的配置文件：#curl-o/etc/swift/proxy-server.conf/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/mitaka編輯并配置文件/etc/swift/proxy-server.conf；二、Openstackswift搭建25在[DEFAULT]部分，配置綁定端口，用戶和配置文件放置的目錄。[DEFAULT]bind_port=8080swift_dir=/etc/swiftuser=swift在[pipeline:main]部分，刪除“tempurl”和“tempauth”模塊并增加“authtoken”和“keystoneauth”模塊；[pipeline:main]pipeline=catch_errorsgatekeeperhealthcheckproxy-loggingcachecontainer_syncbulkratelimitauthtokenkeystoneauthcontainer-quotasaccount-quotasslodloversioned_writesproxy-loggingproxy-server二、Openstackswift搭建263、安裝并配置swift在[app:proxy-server]部分，啟動(dòng)自動(dòng)創(chuàng)建賬戶[app:proxy-server]use=egg:swift#proxyaccount_autocreate=True

在[filter:keystoneauth]部分，配置operator的角色[filter:keystoneauth]use=egg:swift#keystoneauthoperator_roles=admin,userusername=swiftpassword=000000delay_auth_decision=True二、Openstackswift搭建27在[filter:authtoken]部分，配置身份認(rèn)證服務(wù)的訪問

[filter:authtoken]

paste.filter_factory=keystonemiddleware.auth_token:filter_factoryauth_uri=http://swift:5000auth_url=http://swift:35357memcached_servers=swift:11211auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultproject_name=service在[filter:cache]部分，配置memcache的地址[filter:cache]use=egg:swift#memcachememcache_servers=:11211二、Openstackswift搭建284、安裝并配置swift[root@swift~]#

yuminstallxfsprogsrsync–y//安裝支持的軟件包。[root@swift~]#

mkfs.xfs/dev/sdb//格式化磁盤。[root@swift~]#

mkfs.xfs/dev/sdc二、Openstackswift搭建29[root@swift~]#

mkdir-p/srv/node/sdb//創(chuàng)建掛載目錄。編輯/etc/fstab文件，添加如下文件配置自動(dòng)開機(jī)自動(dòng)掛載[root@swift~]#vi/etc/fstab……/dev/sdb/srv/node/sdbxfsnoatime,nodiratime,nobarrier,logbufs=802/dev/sdc/srv/node/sdcxfsnoatime,nodiratime,nobarrier,logbufs=802……[root@swift~]#

mount/srv/node/sdb//掛載磁盤。二、Openstackswift搭建304、安裝并配置swift編輯/etc/rsyncd.conf`文件：uid=swiftgid=swiftlogfile=/var/log/rsyncd.logpidfile=/var/run/rsyncd.pidaddress=MANAGEMENT_INTERFACE_IP_ADDRESS（存儲(chǔ)節(jié)點(diǎn)管理IP）[account]maxconnections=2path=/srv/node/readonly=Falselockfile=/var/lock/account.lock二、Openstackswift搭建31[container]maxconnections=2path=/srv/node/readonly=Falselockfile=/var/lock/container.lock[object]maxconnections=2path=/srv/node/readonly=Falselockfile=/var/lock/object.lock二、Openstackswift搭建324、安裝并配置swift#systemctlenablersyncd.service//設(shè)置開啟自動(dòng)啟動(dòng)#systemctlstartrsyncd.service//啟動(dòng)服務(wù)#yuminstallopenstack-swift-accountopenstack-swift-containeropenstack-swift-object–y//安裝openstackswift軟件包。從OpenStack官網(wǎng)對(duì)象存儲(chǔ)源倉(cāng)庫中獲取accounting,container以及object服務(wù)配置文件#curl-o/etc/swift/account-server.conf/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka#curl-o/etc/swift/container-server.conf/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka#curl-o/etc/swift/object-server.conf/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka二、Openstackswift搭建334、安裝并配置swift編輯/etc/swift/account-server.conf編輯[DEFAULT]部分，配置綁定IP地址，綁定端口，用戶，配置目錄和掛載目錄[DEFAULT]bind_ip=MANAGEMENT_INTERFACE_IP_ADDRESS（存儲(chǔ)節(jié)點(diǎn)管理IP）bind_port=6002#bind_timeout=30#backlog=4096user=swiftswift_dir=/etc/swiftdevices=/srv/nodemount_check=True

二、Openstackswift搭建34

編輯[pipeline:main]部分，啟用合適的模塊[pipeline:main]pipeline=healthcheckreconaccount-server編輯[filter:recon]部分，配置recon（meters）緩存目錄[filter:recon]use=egg:swift#reconrecon_cache_path=/var/cache/swift二、Openstackswift搭建354、安裝并配置swift編輯/etc/swift/container-server.conf文件[DEFAULT]部分，配置綁定IP地址，綁定端口，用戶，配置目錄和掛載目錄[DEFAULT]bind_ip=MANAGEMENT_INTERFACE_IP_ADDRESS（存儲(chǔ)節(jié)點(diǎn)管理IP）bind_port=6001user=swiftswift_dir=/etc/swiftdevices=/srv/nodemount_check=True

二、Openstackswift搭建36編輯[pipeline:main]部分，啟用合適的模塊

[pipeline:main]

pipeline=healthcheckreconcontainer-server

編輯[filter:recon]部分，配置recon（meters）緩存目錄

[filter:recon]use=egg:swift#reconrecon_cache_path=/var/cache/swift二、Openstackswift搭建374、安裝并配置swift編輯/etc/swift/object-server.conf文件：編輯[DEFAULT]部分，配置綁定IP地址，綁定端口，用戶，配置目錄和掛載目錄

[DEFAULT]bind_ip=MANAGEMENT_INTERFACE_IP_ADDRESS（存儲(chǔ)節(jié)點(diǎn)管理IP）bind_port=6000user=swiftswift_dir=/etc/swiftdevices=/srv/nodemount_check=True

二、Openstackswift搭建38mount_check=True

編輯[pipeline:main]部分，啟用合適的模塊

[pipeline:main]pipeline=healthcheckreconobject-server

編輯[filter:recon]部分，配置recon（meters）緩存目錄

[filter:recon]use=egg:swift#reconrecon_cache_path=/var/cache/swiftrecon_lock_path=/var/lock二、Openstackswift搭建394、安裝并配置swift

配置完swift服務(wù)后修改相應(yīng)目錄的權(quán)限；#chown-Rswift:swift/srv/node//修改掛載點(diǎn)目錄權(quán)限#mkdir-p/var/cache/swift//創(chuàng)建recon的目錄修改權(quán)限#chown-Rroot:swift/var/cache/swift//修改權(quán)限#chmod-R775/var/cache/swift//修改權(quán)限二、Openstackswift搭建405、創(chuàng)建swiftRing（控制節(jié)點(diǎn)）創(chuàng)建容器Ring：切換到/etc/swift目錄執(zhí)行：#swift-ring-buildercontainer.buildercreate1021#