安装环境:Ubuntu 16.04
需要有两块硬盘(一块为系统盘,一块用于安装SWIFT)
需要有IP地址
环境准备
- 修改hosts文件
- 安装相关服务
修改hosts
编辑 /etc/hosts,添加
IP地址 controller
安装Openstack源并更新和安装
apt install software-properties-common
add-apt-repository cloud-archive:newton
apt update && apt dist-upgrade
安装完成后重启
安装Openstack客户端
apt install python-openstackclient
安装数据库
1、安装数据库服务
apt install mariadb-server python-pymysql
2、创建或修改/etc/mysql/mariadb.conf.d/99-openstack.cnf文件
(若文件存在则修改,不存在则创建,存在的文件中若未提及的选项则保持不变,下同)
[mysqld]
bind-address = 你的IP地址
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
3、将/etc/mysql/mariadb.conf.d/下所有的文件中所有utf8mb4改为utf8
4、进入数据库,设置root密码,添加远程登录权限
# mysql -u root
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' \
IDENTIFIED BY 'root密码';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' \
IDENTIFIED BY 'root密码';
mysql> flush privileges;
mysql> exit;
5、重启数据库
service mysql restart
安装消息队列服务(Message Queue)
1、安装服务
apt install rabbitmq-server
2、添加openstack用户并添加权限
rabbitmqctl add_user openstack 设置一个密码
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装分布式缓存服务(Memcached)
1、安装服务
apt install memcached python-memcache
2、修改配置文件/etc/memcached.conf
-l 你的IP地址
3、重启服务
service memcached restart
安装配置Keystone,并添加域、项目、用户和角色
准备
1、添加Keystone数据库和相关用户
# mysql -u root -p
Create the keystone database:
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'Keystone密码';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'Keystone密码';
2、安装服务
apt install keystone
配置Keystone
1、编辑/etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:'keystone用户的密码'@controller/keystone
[token]
provider = fernet
2、填充keystone数据库
启动mariadb远程访问
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf
su -s /bin/sh -c "keystone-manage db_sync" keystone
3、初始化Fernet key repositories(似乎是个专有名词不知道咋翻译)
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
4、对认证服务进行引导
keystone-manage bootstrap --bootstrap-password 设置一个admin密码 \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:35357/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置Apache HTTP服务
1、编辑/etc/apache2/apache2.conf
ServerName controller
2、重启apache服务,并且删除SQLite数据库
service apache2 restart
rm -f /var/lib/keystone/keystone.db
3、添加一些环境变量(临时的哦)
export OS_USERNAME=admin
export OS_PASSWORD=这里写你刚才设置的admin的密码
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建域、项目、用户和角色
1、创建一个service项目
openstack project create --domain default \
--description "Service Project" service
2、创建一个demo项目和user
创建demo用户
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo(输入此句后会需要设置demo的密码)
创建user角色
openstack role create user
添加user角色到demo项目和用户中
openstack role add --project demo --user demo user
验证操作
1、基于安全的考虑在/etc/keystone/keystone-paste.ini中移除
[pipeline:public_api], [pipeline:admin_api],[pipeline:api_v3] 中的admin_token_auth
2、移除掉一些环境变量
unset OS_AUTH_URL OS_PASSWORD
3、以admin用户的身份请求一个认证令牌
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
(会要求输入admin的密码)
如果出现类似于以下的信息则表示成功
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
3、以demo用户的身份请求一个认证令牌
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
(会要求输入demo的密码)
如果出现类似于以下的信息则表示成功
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
写♂脚♂本
由于环境变量会失效(除非你设置在bashrc里面去了,不过这不利于更换用户身份)为了方便,可以创建一些脚本
1、创建admin-openrc文件
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=你的admin密码
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2、创建demo-openrc文件
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=你的demo密码
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3、验证一下
source admin-openrc
openstack token issue
如果出现类似于以下的信息则表示成功
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
安装并配置Swift服务
环境准备
1、运行脚本
source admin-openrc
2、向Keystone添加swift相关信息
添加swift用户
openstack user create --domain default --password-prompt swift(此处要设置密码)
将admin角色加入到swift用户中
openstack role add --project service --user swift admin
添加swift服务实体
openstack service create --name swift \
--description "OpenStack Object Storage" object-store
添加对象存储服务API的端点(endpoints)
openstack endpoint create --region RegionOne \
object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne \
object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne \
object-store admin http://controller:8080/v1
3、安装相关服务
apt install swift swift-proxy python-swiftclient \
python-keystoneclient python-keystonemiddleware \
memcached \
swift swift-account swift-container swift-object
配置proxy服务
1、创建并进入/etc/swift文件夹
2、下载proxy-server.conf
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton
3、编辑proxy-server.conf
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 你设置的swift密码
delay_auth_decision = True
[filter:cache]
use = egg:swift#memcache
memcache_servers = controller:11211
配置存储相关服务
1、安装服务
apt install xfsprogs rsync
2、格式化硬盘为XFS格式
(如果不知道硬盘名,可使用fdisk -l查看)
mkfs.xfs /dev/硬盘
3、创建挂载节点的文件目录
mkdir -p /srv/node/硬盘
4、在/etc/fstab中添加
/dev/硬盘 /srv/node/硬盘 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
5、挂载硬盘
mount /srv/node/硬盘
6、创建并编辑文件 /etc/rsyncd.conf
mkdir /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 你的IP
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
7、编辑/etc/default/rsync
RSYNC_ENABLE=true
8、启动rsync服务
service rsync start
9、下载配置文件
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton
10、编辑/etc/swift/account-server.conf
[DEFAULT]
bind_ip = 你的IP
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
11、编辑/etc/swift/container-server.conf
[DEFAULT]
bind_ip = 你的IP
bind_port = 6001(2.conf为6011)
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
12、编辑/etc/swift/object-server.conf
[DEFAULT]
bind_ip = 你的IP
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
13、修改权限
chown -R swift:swift /srv/node/*
mkdir -p /var/cache/swift/1 /var/cache/swift/2
chown -R root:swift /var/cache/swift/*
chmod -R 775 /var/cache/swift/*
创建并分配初始化环
1、在/etc/swift中执行以下命令
swift-ring-builder account.builder create 10 1 1
swift-ring-builder account.builder add \
--region 1 --zone 1 --ip 你的IP地址 --port 6002 --device 你的硬盘 --weight 100
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder create 10 1 1
swift-ring-builder container.builder add \
--region 1 --zone 1 --ip 你的IP地址 --port 6001 --device 你的硬盘 --weight 100
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder create 10 1 1
swift-ring-builder object.builder add \
--region 1 --zone 1 --ip 你的IP地址 --port 6000 --device 你的硬盘 --weight 100
swift-ring-builder object.builder rebalance
2、在/etc/swift下下载文件
curl -o /etc/swift/swift.conf \
https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton
3、执行以下命令两次获得两个字符串
openssl rand -hex 10
4、编辑/etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = 第一个字符串
swift_hash_path_prefix = 第二个字符串
[storage-policy:0]
name = Policy-0
default = yes
5、修改权限
chown -R root:swift /etc/swift/*
6、重启服务
service memcached restart
service swift-proxy restart
7、启动对象存储服务
swift-init all start
验证swift
1、运行脚本
source demo-openrc
2、获得服务状态
swift stat
显示类似以下信息即成功
Account: AUTH_ed0b60bf607743088218b0a533d5943f
Containers: 0
Objects: 0
Bytes: 0
Containers in policy "policy-0": 0
Objects in policy "policy-0": 0
Bytes in policy "policy-0": 0
X-Account-Project-Domain-Id: default
X-Timestamp: 1444143887.71539
X-Trans-Id: tx1396aeaf17254e94beb34-0056143bde
Content-Type: text/plain; charset=utf-8
Accept-Ranges: bytes
3、创建一个容器
openstack container create 容器名
4、上传一个对象
openstack object create 容器名 对象名
5、获得对象列表
openstack object list 容器名字
6、下载对象
openstack object save 容器名 对象名
也可以用curl或postman验证
网友评论