OpenStack 安装和使用(八)
Swift对象存储
每台机器都按照下面步骤安装就行,注意的是含有10.24.1.47的地方的地址,根据实际情况可能需要修改。
# lokkit -p 11211:udp
# lokkit -p 873:tcp
# lokkit -p 8080:tcp
# lokkit -p 6000-6010:tcp
# yum install –enablerepo=updates-testing openstack-keystone openstack-swift openstack-swift-proxy openstack-swift-account openstack-swift-container openstack-swift-object memcached
增加一个配置文件:
# vi /etc/swift/swift.conf
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix = 123456
建立存储空间,其中/srv/node/为rsync的目录,sdc为具体的某个设备,可以mount设备到/srv/node/sdc上:
# mkdir -p /srv/node/sdc/
# mount /dev/sdc /srv/node/sdc
# chown -R swift:swift /srv/node/
修改rsync配置文件:
# vi /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 0.0.0.0
[account]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/object.lock
启动rsync
# rsync –daemon
测试一下rsync
# echo “test” > /srv/node/sdc/test
# rsync -vcztop –progress root@10.24.1.47::account/sdc/test ./test
# rm /srv/node/sdc/test
增加account、container、object三个配置文件:
# vi /etc/swift/account-server/account-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]
# vi /etc/swift/container-server/container-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
# vi /etc/swift/object-server/object-server.conf
[DEFAULT]
bind_ip = 0.0.0.0
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
[object-expirer]
# vi /etc/swift/object-expirer.conf
[DEFAULT]
[object-expirer]
# interval = 300
# auto_create_account_prefix = .
# report_interval = 300
[pipeline:main]
pipeline = catch_errors cache proxy-server
[app:proxy-server]
use = egg:swift#proxy
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
建立account、container、object的ring环:
这里的9表示2的9次方(计算方法:假定整个系统3块硬盘,经验值硬盘数的100倍命中率比较高,最好的partitions数为300换算成2的n次方,因为2^8<300<2^9,所以为9);
这里的2表示每个对象2个副本(则下面增加设备时必须至少增加2个zone,而且至少必须有2台机器运行正常才能正常工作,否则不能upload和download,只修改副本数,重启后系统原有数据不会丢失);
这里的1表示最小移动间隔,在该时间内不会移动存储块。
# cd /etc/swift/
# swift-ring-builder account.builder create 9 2 1
# swift-ring-builder container.builder create 9 2 1
# swift-ring-builder object.builder create 9 2 1
这里的z1表示区域1,xxxx/sdc表示一个设备(参考上面建立的存储空间,每台机器可以不一样),100表示权重为100(如果某个设备比别的大,那么它的权重也应该大)。
# swift-ring-builder account.builder add z1-10.24.1.47:6002/sdc 100
# swift-ring-builder account.builder add z2-10.24.1.49:6002/sdc 100
# swift-ring-builder container.builder add z1-10.24.1.47:6001/sdc 100
# swift-ring-builder container.builder add z2-10.24.1.49:6001/sdc 100
# swift-ring-builder object.builder add z1-10.24.1.47:6000/sdc 100
# swift-ring-builder object.builder add z2-10.24.1.49:6000/sdc 100
Device z2-10.24.1.49:6000/sdc_”” with 100.0 weight got id 1
# swift-ring-builder account.builder
# swift-ring-builder container.builder
# swift-ring-builder object.builder
object.builder, build version 2
512 partitions, 2 replicas, 2 zones, 2 devices, 100.00 balance
The minimum number of hours before a partition can be reassigned is 1
Devices: id zone ip address port name weight partitions balance meta
0 1 10.24.1.47 6000 sdc 100.00 0 -100.00
1 2 10.24.1.49 6000 sdc 100.00 0 -100.00
使用rebalance来生成*.ring.gz文件:
# swift-ring-builder account.builder rebalance
# swift-ring-builder container.builder rebalance
# swift-ring-builder object.builder rebalance
Reassigned 512 (100.00%) partitions. Balance is now 0.00.
再看一次,可以发现每个设备下的partitions变成了512:
# swift-ring-builder object.builder
object.builder, build version 2
512 partitions, 2 replicas, 2 zones, 2 devices, 0.00 balance
The minimum number of hours before a partition can be reassigned is 1
Devices: id zone ip address port name weight partitions balance meta
0 1 10.24.1.47 6000 sdc 100.00 512 0.00
1 2 10.24.1.49 6000 sdc 100.00 512 0.00
启动swift进程:
# swift-init account-server stop; swift-init account-replicator stop; swift-init account-auditor stop
# swift-init container-server stop; swift-init container-replicator stop; swift-init container-updater stop; swift-init container-auditor stop
# swift-init object-server stop; swift-init object-replicator stop; swift-init object-updater stop; swift-init object-auditor stop
# swift-init object-server restart; swift-init object-replicator restart; swift-init object-updater restart; swift-init object-auditor restart
# swift-init container-server restart; swift-init container-replicator restart; swift-init container-updater restart; swift-init container-auditor restart
# swift-init account-server restart; swift-init account-replicator restart; swift-init account-auditor restart
安装Proxy server:
照提示建立crt.crt和cert.key文件:
# cd /etc/swift/
# openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
按照keystone的安装方法安装keystone和memcached,建立名为swift的service-list项,建立名为swift的user-list项。
增加配置文件,注意这里的keyston和authtoken配置必须和keystone里面的一致,这里的bind_port必须和keystone建立swift的endpoint时使用的端口一致,默认为8080:
# vi /etc/swift/proxy-server/proxy-server.conf
[DEFAULT]
bind_port = 8080
user = swift
[pipeline:main]
pipeline = catch_errors healthcheck cache authtoken keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = true
set log_name = swift-proxy
set log_facility = LOG_LOCAL0
set log_level = DEBUG
set access_log_name = swift-proxy
set access_log_facility = LOG_LOCAL0
set access_log_level = DEBUG
set log_headers = True
[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, member
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers (‘.r:*’).
delay_auth_decision = 1
service_port = 5000
service_host = 10.24.1.47
service_protocol = http
auth_port = 35357
auth_host = 10.24.1.47
auth_protocol = http
admin_tenant_name = service
admin_user = swift
admin_password = swift
[filter:cache]
use = egg:swift#memcache
memcache_servers = 10.24.1.47:11211
set log_name = cache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
启动proxy server
# swift-init proxy stop
# swift-init proxy restart
可以使用下面命令启动主要的和别的进程:
# swift-init rest stop
# swift-init main stop
# swift-init main restart
# swift-init rest restart
# ps axf |grep swift
6883 ? Ss 0:00 /usr/bin/python /bin/swift-proxy-server /etc/swift/proxy-server/proxy-server.conf
6909 ? S 0:00 \_ /usr/bin/python /bin/swift-proxy-server /etc/swift/proxy-server/proxy-server.conf
6884 ? Ss 0:00 /usr/bin/python /bin/swift-container-server /etc/swift/container-server/container-server.conf
6907 ? S 0:00 \_ /usr/bin/python /bin/swift-container-server /etc/swift/container-server/container-server.conf
6908 ? S 0:00 \_ /usr/bin/python /bin/swift-container-server /etc/swift/container-server/container-server.conf
8985 ? Ss 0:00 /usr/bin/python /bin/swift-container-auditor /etc/swift/container-server/container-server.conf
8982 ? Ss 0:00 /usr/bin/python /bin/swift-container-replicator /etc/swift/container-server/container-server.conf
8979 ? Ss 0:00 /usr/bin/python /bin/swift-container-updater /etc/swift/container-server/container-server.conf
8988 ? Ss 0:00 /usr/bin/python /bin/swift-container-sync /etc/swift/container-server/container-server.conf
6885 ? Ss 0:00 /usr/bin/python /bin/swift-account-server /etc/swift/account-server/account-server.conf
6905 ? S 0:00 \_ /usr/bin/python /bin/swift-account-server /etc/swift/account-server/account-server.conf
6906 ? S 0:00 \_ /usr/bin/python /bin/swift-account-server /etc/swift/account-server/account-server.conf
8980 ? Ss 0:00 /usr/bin/python /bin/swift-account-auditor /etc/swift/account-server/account-server.conf
8986 ? Ss 0:00 /usr/bin/python /bin/swift-account-replicator /etc/swift/account-server/account-server.conf
8987 ? Ss 0:00 /usr/bin/python /bin/swift-account-reaper /etc/swift/account-server/account-server.conf
6886 ? Ss 0:00 /usr/bin/python /bin/swift-object-server /etc/swift/object-server/object-server.conf
6903 ? S 0:00 \_ /usr/bin/python /bin/swift-object-server /etc/swift/object-server/object-server.conf
6904 ? S 0:00 \_ /usr/bin/python /bin/swift-object-server /etc/swift/object-server/object-server.conf
8981 ? Ss 0:00 /usr/bin/python /bin/swift-object-replicator /etc/swift/object-server/object-server.conf
8983 ? Ss 0:00 /usr/bin/python /bin/swift-object-auditor /etc/swift/object-server/object-server.conf
9026 ? S 0:00 \_ /usr/bin/python /bin/swift-object-auditor /etc/swift/object-server/object-server.conf
8984 ? Ss 0:00 /usr/bin/python /bin/swift-object-expirer /etc/swift/object-expirer.conf
8992 ? Ss 0:00 /usr/bin/python /bin/swift-object-updater /etc/swift/object-server/object-server.conf
测试验证:
# swift -v -V 2 -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 stat
StorageURL: http://10.24.1.47:8080/v1/AUTH_94d38db32a7d4107beeed36d9e98bf06
Auth Token: 9cfa1f5ff4f24122b50bf1bfea06ae10
Account: AUTH_94d38db32a7d4107beeed36d9e98bf06
Containers: 0
Objects: 0
Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: tx39064d1870e348b5bcdf7a37689804fc
# curl -k -v -H ‘X-Storage-User: hanborq:admin’ -H ‘X-Storage-Pass: 123456’ http://10.24.1.47:5000/v2.0/
* About to connect() to 10.24.1.47 port 5000 (#0)
* Trying 10.24.1.47…
* connected
* Connected to 10.24.1.47 (10.24.1.47) port 5000 (#0)
> GET /v2.0/ HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.4.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1
> Host: 10.24.1.47:5000
> Accept: */*
> X-Storage-User: hanborq:admin
> X-Storage-Pass: 123456
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< Vary: X-Auth-Token
< Date: Thu, 02 Aug 2012 01:21:00 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host 10.24.1.47 left intact
{“version”: {“status”: “beta”, “updated”: “2011-11-19T00:00:00Z”, “media-types”: [{“base”: “application/json”, “type”: “application/vnd.openstack.identity-v2.0+json”}, {“base”: “application/xml”, “type”: “application/vnd.openstack.identity-v2.0+xml”}], “id”: “v2.0”, “links”: [{“href”: “http://10.24.1.47:5000/v2.0/”, “rel”: “self”}, {“href”: “http://docs.openstack.org/api/openstack-identity-service/2.0/content/”, “type”: “text/html”, “rel”: “describedby”}, {“href”: “http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf”, “type”: “application/pdf”, “rel”: “describedby”}]}}* Closing connection #0
这里的X-Auth-Token和URL是从上面的swift命令出来的:
# curl -k -v -H ‘X-Auth-Token: 9cfa1f5ff4f24122b50bf1bfea06ae10‘ http://10.24.1.47:8080/v1/AUTH_94d38db32a7d4107beeed36d9e98bf06
* About to connect() to 10.24.1.47 port 8080 (#0)
* Trying 10.24.1.47…
* connected
* Connected to 10.24.1.47 (10.24.1.47) port 8080 (#0)
> GET /v1/AUTH_94d38db32a7d4107beeed36d9e98bf06 HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.4.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1
> Host: 10.24.1.47:8080
> Accept: */*
> X-Auth-Token: 9cfa1f5ff4f24122b50bf1bfea06ae10
>
< HTTP/1.1 204 No Content
< X-Account-Object-Count: 0
< X-Account-Bytes-Used: 0
< X-Account-Container-Count: 0
< Accept-Ranges: bytes
< X-Trans-Id: tx9f12be72cf144e25a858528673841e91
< Content-Length: 0
< Date: Thu, 02 Aug 2012 01:18:08 GMT
<
* Connection #0 to host 10.24.1.47 left intact
* Closing connection #0
# echo “test” > test
# echo “test1” > test1
# swift -v -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 upload test_dir test
test
# swift -v -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 upload test_dir test1
test1
# swift -v -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 list
test_dir
# swift -v -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 list test_dir
test
test1
# swift -v -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 post test_dir test -m testKey:testValue
# swift -v -A http://10.24.1.47:5000/v2.0 -U hanborq:admin -K 123456 download test_dir test
test
Account: AUTH_94d38db32a7d4107beeed36d9e98bf06
Container: test_dir
Object: test
Content Type: text/plain
Content Length: 13
Last Modified: Thu, 02 Aug 2012 01:48:56 GMT
ETag: d8e8fca2dc0f896fd7cb4cb0031ba249
Meta Testkey: testValue
Accept-Ranges: bytes
X-Trans-Id: txebf0263f223240afac082269ec17ee83
16 /srv/node/sdc/lost+found
1024 /srv/node/sdc/accounts/286/0f2/8f0c9bc2699f8b21bb87fbd9e4f810f2/8f0c9bc2699f8b21bb87fbd9e4f810f2.db
0 /srv/node/sdc/accounts/286/0f2/8f0c9bc2699f8b21bb87fbd9e4f810f2/8f0c9bc2699f8b21bb87fbd9e4f810f2.db.pending
1028 /srv/node/sdc/accounts/286/0f2/8f0c9bc2699f8b21bb87fbd9e4f810f2
1032 /srv/node/sdc/accounts/286/0f2
1036 /srv/node/sdc/accounts/286
1040 /srv/node/sdc/accounts
4 /srv/node/sdc/objects/17/hashes.pkl
8 /srv/node/sdc/objects/17/b08/089ab851c9eee4d593933a774e08db08/1343872136.81044.data
12 /srv/node/sdc/objects/17/b08/089ab851c9eee4d593933a774e08db08
16 /srv/node/sdc/objects/17/b08
24 /srv/node/sdc/objects/17
8 /srv/node/sdc/objects/76/f76/2665accb630458936218a6aa241aff76/1343871780.63486.data
12 /srv/node/sdc/objects/76/f76/2665accb630458936218a6aa241aff76
16 /srv/node/sdc/objects/76/f76
4 /srv/node/sdc/objects/76/hashes.pkl
24 /srv/node/sdc/objects/76
52 /srv/node/sdc/objects
4 /srv/node/sdc/tmp
0 /srv/node/sdc/containers/308/bb4/9a5a30b593157c46887d0b6ddd531bb4/9a5a30b593157c46887d0b6ddd531bb4.db.pending
1024 /srv/node/sdc/containers/308/bb4/9a5a30b593157c46887d0b6ddd531bb4/9a5a30b593157c46887d0b6ddd531bb4.db
1028 /srv/node/sdc/containers/308/bb4/9a5a30b593157c46887d0b6ddd531bb4
1032 /srv/node/sdc/containers/308/bb4
1036 /srv/node/sdc/containers/308
16 /srv/node/sdc/containers/117/d92/3a87af06161074823d53e3711c3c0d92/3a87af06161074823d53e3711c3c0d92.db
20 /srv/node/sdc/containers/117/d92/3a87af06161074823d53e3711c3c0d92
24 /srv/node/sdc/containers/117/d92
28 /srv/node/sdc/containers/117
1068 /srv/node/sdc/containers
2184 /srv/node/sdc/