【移動(dòng)應(yīng)用開(kāi)發(fā)技術(shù)】基于keystone認(rèn)證的Swift的安裝與配置

【移動(dòng)應(yīng)用開(kāi)發(fā)技術(shù)】基于keystone認(rèn)證的Swift的安裝與配置

一、概要OpenStackObjectStorage（Swift）是OpenStack開(kāi)源云計(jì)算項(xiàng)目的子項(xiàng)目之一。Swift使用普通的服務(wù)器來(lái)構(gòu)建冗余的、可擴(kuò)展的分布式對(duì)象存儲(chǔ)集群，存儲(chǔ)容量可達(dá)PB級(jí)。Swift的是用Python開(kāi)發(fā)，前身是RackspaceCloudFiles項(xiàng)目，隨著Rackspace加入到OpenStack社區(qū)，Racksapce也將CloudFiles的代碼貢獻(xiàn)給了社區(qū)，并逐漸形成現(xiàn)在Swift。Swift最新的發(fā)型版本為essex1.4.6。二、術(shù)語(yǔ)node-ahostmachinerunningoneormoreSwiftservicesProxynode-nodethatrunsProxyservices;alsorunskeystoneAuthStoragenode-nodethatrunsAccount,Container,andObjectservicesring-asetofmappingsofSwiftdatatophysicaldevices三、系統(tǒng)架構(gòu)四、測(cè)試環(huán)境本次測(cè)試將Auth和Proxy安裝在1臺(tái)服務(wù)器，3個(gè)Storage節(jié)點(diǎn)做測(cè)試。單機(jī)安裝請(qǐng)參照官方SAIO安裝方式。Auth使用keystone。版本說(shuō)明：ubuntu-12.04

swift1.9.1五、初始化設(shè)置1）GeneralInstallationStepsforAllNodes添加cloudarchivegpgkey:apt-getinstallubuntu-cloud-keyring添加UbuntuCloudArchiverepository#vi/etc/apt/sources.list.d/grizzly.list添加如下內(nèi)容deb/ubuntuprecise-updates/grizzlymain#apt-getupdate&&apt-getupgrade2）GeneralInstallationStepsforAllSwiftNodes（includeproxy）安裝swift及依賴(lài)包#apt-getinstall-yswiftopenssh-serverrsyncmemcachedpython-netifacespython-xattrpython-memcache創(chuàng)建Swift配置目錄#mkdir-p/etc/swift創(chuàng)建Swift配置文件，并同步到allSwiftnodes#vi/etc/swift/swift.conf

內(nèi)容如下：[swift-hash]

swift_hash_path_suffix=Gdr8ny7YyWqy2修改Swift目錄權(quán)限#chown-Rswift:swift/etc/swift/3）時(shí)間同步SwiftproxyNode做ntp服務(wù)器，SwiftStorageNode與它做同步安裝ntp#apt-getinstall-yntp配置ntp#sed-i's//#server0./'/etc/ntp.conf#sed-i's//#server1./'/etc/ntp.conf#sed-i's//#server2./'/etc/ntp.conf#sed-i's//#server3./'/etc/ntp.conf#sed-i's/server/#server/'/etc/ntp.conf#sed-i'//a\serverswift-proxy'/etc/ntp.conf4）修改hosts文件#vi/etc/hosts添加如下行：26swift-proxy

27swift1

28swift2

29swift3六、Keystone安裝（安裝在proxy節(jié)點(diǎn)）官方文檔/trunk/openstack-compute/install/apt/content/keystone-concepts.html安裝Keystone#apt-getinstall-ykeystonepython-keyring配置keystone#/etc/keystone/default_catalog.templates添加如下內(nèi)容catalog.RegionOne.object_=SwiftService

catalog.RegionOne.object_store.publicURL=26:8080/v1/AUTH_$(tenant_id)s

catalog.RegionOne.object_store.adminURL=26:8080/

catalog.RegionOne.object_ernalURL=26:8080/v1/AUTH_$(tenant_id)s生成隨機(jī)token：#opensslrand-hex10修改keystone配置如下#vi/etc/keystone/keystone.confadmin_token=8a1438899a78df19bb3fverbose=Truelog_config=/etc/keystone/logging.confconnection=mysql://keystone:keystone@26/keystone#idle_timeout=200增加如下行：idle_timeout=200min_pool_size=5max_pool_size=10pool_timeout=200[ssl]enable=False

####token_format=UUID安裝mysqlpython-mysqldbapt-getinstallmysqlpython-mysqldb修改/etc/mysql/fbind-address=#mysqlmysql>CREATEDATABASEkeystone;mysql>GRANTALLONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'keystone';mysql>GRANTALLONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'keystone';mysql>quit;keystone默認(rèn)使用PKItokens#keystone-managepki_setup#sudochown-Rkeystone:keystone/etc/keystone/*/var/log/keystone/keystone.log#servicekeystonerestart#keystone-managedb_sync創(chuàng)建初始tenants、users、roles：下載腳本:#wget/EmilienM/openstack-folsom-guide/master/scripts/keystone-data.sh修改admin密碼（你將要設(shè)置的admin密碼）及token（與keystone.conf中一樣）后執(zhí)行導(dǎo)入數(shù)據(jù)創(chuàng)建services、endpointswget/EmilienM/openstack-folsom-guide/master/scripts/keystone-endpoints.sh修改腳本中以下內(nèi)容：

#MySQLdefinitionsMYSQL_USER=keystoneMYSQL_DATABASE=keystoneMYSQL_HOST=26MYSQL_PASSWORD=keystone#KeystonedefinitionsKEYSTONE_REGION=RegionOneSERVICE_TOKEN=8a1438899a78df19bb3fSERVICE_ENDPOINT="26:35319/v2.0"#otherdefinitionsMASTER="26"SWIFT_MASTER="26"為便于運(yùn)行客戶(hù)端命令創(chuàng)建以下文件并運(yùn)行：（創(chuàng)建認(rèn)證文件并加載該文件，便于運(yùn)行commands命令）#vi/etc/profile

exportSERVICE_TOKEN=8a1438899a78df19bb3fexportSERVICE_ENDPOINT=26:35319/v2.0exportOS_USERNAME=swiftexportOS_PASSWORD=swiftexportOS_TENANT_NAME=adminexportOS_AUTH_STRATEGY=keystoneexportOS_AUTH_URL=http://26:5000/v2.0查看keystone設(shè)置:

#keystoneuser-list#keystoneuser-role-list#keystonerole-list#keystoneservice-list#keystonetenant-list#keystoneendpoint-list

#keystoneuser-role-list--userswift--tenantservices新建test1、test2用戶(hù)權(quán)限為Member

#keystoneuser-create--nametest1--passadmin--emailtest1@#keystoneuser-create--nametest2--passadmin--emailtest1@#keystoneuser-role-add--usertest1--tenantservices--roleMember#keystoneuser-role-add--usertest2--tenantservices--roleMember七、SwiftProxyNode安裝安裝Storageproxynodepackages

#apt-getinstall-yswift-proxymemcachedpython-keystoneclientpython-swiftclientswift-plugin-s3修改memcached配置

#sed-i'/-l/s//26/g'/etc/memcached.conf#servicememcachedrestart創(chuàng)建swift配置目錄（如果不存在）#mkdir/etc/swift/#chown-Rswift:swift/etc/swift/#chown-Rswift:swift/var/cache/swift/創(chuàng)建證書(shū)

//否則不支持https（這里我沒(méi)用https，所以可以不做）#cd/etc/swift#opensslreq-new-x509-nodes-outcert.crt-keyoutcert.key創(chuàng)建/etc/swift/proxy-server.conf配置文件#vi/etc/swift/proxy-server.conf[DEFAULT]

#cert_file=/etc/swift/cert.crt

#key_file=/etc/swift/cert.key

bind_port=8080

workers=8

user=swift

[pipeline:main]

pipeline=catch_errorshealthcheckcacheauthtokenkeystoneauthproxy-loggingproxy-server

[app:proxy-server]

use=egg:swift#proxy

allow_account_management=true

account_autocreate=true

[filter:proxy-logging]

use=egg:swift#proxy_logging

[filter:keystoneauth]

use=egg:swift#keystoneauth

operator_roles=Member,admin,swiftoperator

[filter:authtoken]

paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory

signing_dir=/var/cache/swift

auth_host=26

auth_port=35319

auth_protocol=http

auth_uri=26:5000

admin_tenant_name=services

admin_user=swift

admin_password=111111

delay_auth_decision=10

cache=swift.cache

[filter:cache]

use=egg:swift#memcache

memcache_servers=26:11211,27:11211,28:11211

[filter:catch_errors]

use=egg:swift#catch_errors

[filter:healthcheck]

use=egg:swift#healthcheck創(chuàng)建ring#cd/etc/swiftswift-ring-builderaccount.buildercreate1831swift-ring-buildercontainer.buildercreate1831swift-ring-builderobject.buildercreate1831參數(shù)詳細(xì)信息請(qǐng)參見(jiàn)官方ring部分，以下供參考。18:用于指定分區(qū)數(shù)。分區(qū)數(shù)目為2的冪次，如18，則分區(qū)數(shù)是2的18次方。3：文件副本數(shù)目1：分區(qū)移動(dòng)的最小時(shí)間間隔，單位是小時(shí)。給每個(gè)node添加ringswift-ring-builderaccount.builderaddz1-27:6002/loop100swift-ring-buildercontainer.builderaddz1-27:6001/loop100swift-ring-builderobject.builderaddz1-27:6000/loop100swift-ring-builderaccount.builderaddz2-28:6002/loop100swift-ring-buildercontainer.builderaddz2-28:6001/loop100swift-ring-builderobject.builderaddz2-28:6000/loop100swift-ring-builderaccount.builderaddz3-29:6002/loop100swift-ring-buildercontainer.builderaddz3-29:6001/loop100swift-ring-builderobject.builderaddz3-29:6000/loop100確認(rèn)ring內(nèi)容swift-ring-builder/etc/swift/account.builderswift-ring-builder/etc/swift/container.builderswift-ring-builder/etc/swift/object.builderRebalancetheringsswift-ring-builderaccount.builderrebalanceswift-ring-buildercontainer.builderrebalanceswift-ring-builderobject.builderrebalance復(fù)制account.ring.gz,container.ring.gz,andobject.ring.gz到其他proxyNode及StorageNode#scp*.ring.gzswift1:/etc/swift#scp*.ring.gzswift2:/etc/swift#scp*.ring.gzswift3:/etc/swift所有node檢查/etc/swift權(quán)限，owner修改為swift#chown-Rswift:swift/etc/swift/啟動(dòng)proxy#swift-initproxystart測(cè)試認(rèn)證驗(yàn)證整個(gè)存儲(chǔ)架構(gòu)是否成功#swift-V2.0-A26:5000/v2.0-Uadmin-Kadminstat#swift-V2.0-A26:5000/v2.0-Uswift:service-Kadminstat測(cè)試上傳文件到container#swift-V2.0-A26:5000/v2.0-Uadmin-Kadminuploadmyfilescert.keycurl測(cè)試curl-d'{"auth":{"tenantName":"admin","passwordCredentials":{"username":"admin","password":"admin"}}}'-H"Content-type:application/json"26:35319/v2.0/tokens|python-mjson.toolcurl-s-d"{\"auth\":{\"passwordCredentials\":{\"username\":\"swift\",\"password\":\"admin\"},\"tenantName\":\"services\"}}"-H"Content-type:application/json"26:35319/v2.0/tokens八、SwiftStorageNode安裝步驟安裝Storagenodepackages#apt-getinstall-yswift-accountswift-containerswift-objectxfsprogsparted準(zhǔn)備磁盤(pán)選取某一個(gè)磁盤(pán)分區(qū)做存儲(chǔ)，本例使用loop.硬盤(pán)小于2T可以使用fdisk#parted/dev/sdbmklabelgpt#parted/dev/sdbmkpartprimary0%100%#mkfs.xfs-isize=1024/loop#mkdir–p/srv/node/loop#echo"/loop/srv/node/loopxfsnoatime,nodiratime,nobarrier,logbufs=800">>/etc/fstab#mount/srv/node/loop#chown-Rswift:swift/srv/node以上若有多塊硬盤(pán)，需重復(fù)執(zhí)行，可以使用一下循環(huán)。foriinbcd;doparted/dev/sd${i}mklabelgptparted/dev/sd${i}mkpartprimary0%100%

mkfs.xfs-isize=1024/dev/sd${i}1mkdir-p/srv/node/sd${i}1echo"/dev/sd${i}1/srv/node/sd${i}1xfsnoatime,nodiratime,nobarrier,logbufs=800">>/etc/fstab

mount/srv/node/sd${i}1chown-Rswift:swift/srv/node/sd${i}

done配置rsync#vi/etc/rsyncd.confuid=swiftgid=swiftlogfile=/var/log/rsyncd.logpidfile=/var/run/rsyncd.pidaddress=[STORAGE_NET_IP]

//修改為你的ip[account]maxconnections=2path=/srv/node/readonly=falselockfile=/var/lock/account.lock[container]maxconnections=2path=/srv/node/readonly=falselockfile=/var/lock/container.lock[object]maxconnections=2path=/srv/node/readonly=fal