CentOS6.2 安装部署openstack keystone+swift
来源:互联网 发布:java构造函数重载定义 编辑:程序博客网 时间:2024/04/28 07:16
由于工作需要,要在CentOS6.2版本上安装部署openstack的对象存储集群(folsom版本),按照官网的文档搭建的过程中发现有 错误,于是经过探索,最终安装成功,遂记录下来,给需要的人一个参考,如果错误,欢迎指正。
1. 节点配置
安装环境:VMware Workstation 9
操作系统:CentOS 6.2 X86_64
IP地址
任务
192.168.1.123
Keystone
192.168.1.124
Swift proxy
192.168.1.125
Swift object storage 1
192.168.1.126
Swift object storage 2
注意事项:
1)源设置:
所有节点添加folsom的源
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
执行:
yum makecache
2)所有操作均为root权限
3)所有节点都必须关闭防火墙
查看防火墙状态:
/etc/init.d/iptables status
临时关闭防火墙:
/etc/init.d/iptables stop
永久关闭防火墙:
Chkconfig --level 35 iptables off
2. 部署Openstack Identity服务(keystone)
IP:192.168.1.123
2.1 安装keystone1) 将identity服务安装在能被其他主机访问的服务器上
# yum install openstack-utils openstack-keystone python-keystoneclient
2)安装mysql
# yum install mysql mysql-server MySQL-python
开启mysql并设置开机默认启动
# chkconfig --level 2345 mysqld on
# service mysqld start
如果要设置mysql的root密码,可以执行:
# mysql_secure_installation
接下来会提示设置mysql的root密码
3)创建一个名为"keystone”的数据库,以及一个名为"keystone”的mysql用户名,该用户拥有访问keystone数据库的所有权限。默认,密码与用户名同名。
# openstack-db --init --service keystone
也可以通过手动创建keystone数据库:
mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '[YOUR_KEYSTONEDB_PASSWORD]';
mysql> GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '[YOUR_KEYSTONEDB_PASSWORD]';
mysql> quit
4)配置/etc/keystone/keystone.conf文件
(1)connection = mysql://keystone:[YOUR_KEYSTONEDB_PASSWORD]@192.168.1.126/keystone
(2)admin_token = <random string> (dx2013)
5)启动keystone服务并设置为开机启动
# service openstack-keystone start
# chkconfig openstack-keystone on
6)同步keystone数据库
# keystone-manage db_sync
7)可以把admin_token和endpoint添加到系统环境中
# export SERVICE_TOKEN=000000
# export SERVICE_ENDPOINT=http://192.168.1.123:35357/v2.0
8)验证keystone
可以执行如下命令
Keystone user-list
Keystone tenant-list
Keystone role-list
2.2 添加租户、用户、角色将SERVICE_TOKEN和SERVICE_ENDPOINT添加到环境中(否则需要--tokenadmin_token --endpoint http://192.168.1.123:35357/v2.0 )
1)创建租户
keystone tenant-create --name adminTenant --description “Admin Tenant”
2)创建用户
keystone user-create --tenant-id <上一步返回的id> --name admin --pass admin
3)添加角色
keystone role-create --name admin
4)将角色和用户关联起来
keystone user-role-add --user-id <user id> --tenant-id <tenant id> --role-id <role id>
5)验证
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://192.168.1.123:35357/v2.0/tokens | python -mjson.tool
6)加入到环境变量中
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=adminTenant
export OS_AUTH_URL=http://192.168.1.123:35357/v2.0
2.3 添加服务
1)identity服务
keystone service-create --name=keystone --type=identity --description=”Keystone Identity Service”
会得到一个service id
keystone endpoint-create --region RegionOne \
--service-id=<上一步返回的id> \
--publicurl=http://192.168.1.123:5000/v2.0 \
--internalurl=http://192.168.1.123:5000/v2.0 \
--adminurl=http://192.168.1.123:35357/v2.0
2)objectstorage服务
keystone service-create --name=swift --type=object-store --description=”Swift Object Store Service”
会得到一个service id
keystone endpoint-create --region RegionOne \
--service-id=<上一步返回的id> \
--publicurl=http://192.168.1.124:8080/v1/AUTH_<tenant Id> \
--internalurl=http://192.168.1.124:8080/v1/AUTH_<tenant Id> \
--adminurl=http://192.168.1.124:8080(/v1?)
3)查看添加的各项内容
Keystone user-list
列出所有用户
Keystone tenant-list
列出所有租户
Keystone role-list
列出所有角色
Keystone service-list
列出所有服务
Keystone endpoint-list
列出所有终端服务url
3. 部署Openstack Object Storage 服务(swift)
1)两个对象存储节点都需要安装的包:
yum install openstack-swift openstack-swift-account openstack-swift-container openstack-swift-object
2)修改/etc/swift/swift.conf
swift_hash_path_suffix = <random string> (我设为dx2013)
3)权限设置
#mkdir -p /etc/swift
#chown -R swift:swift /etc/swift/
3.1 proxy节点配置节点IP:192.168.1.124
1)安装代理软件包和keystone
# yum install openstack-swift-proxy memcached python-swiftclient python-keystone-auth-token openstack-utils openstack-keystone2)配置证书
# cd /etc/swift
# openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
3)配置memcached
官方文档中给出的方法是修改/etc/memcached.conf文件,但是在CentOS上memcached.conf这个文件已经在新的版本中撤消了,memcached是在启动的时候设置参数的。
Memcached的一些参数:
//-d 选项是启动一个守护进程,
//-m 是分配给Memcache使用的内存数量,单位是MB,默认64MB
//-M return error on memory exhausted (rather than removing items)
//-u 是运行Memcache的用户,如果当前为root 的话,需要使用此参数指定用户。
//-l 是监听的服务器IP地址,默认为所有网卡。
//-p 是设置Memcache的TCP监听的端口,最好是1024以上的端口
//-c 选项是最大运行的并发连接数,默认是1024
//-P 是设置保存Memcache的pid文件
//-f chunk size growth factor (default: 1.25)
//-I Override the size of each slab page. Adjusts max item size
//也可以启动多个守护进程,但是端口不能重复
官方文档让我们修改的就是-l参数,该参数现在默认是所有网卡,可以改成我们需要监听的网卡
启动(停止)memcached程序:
service memcached start(stop)
设置开机启动
Chkconfig --level 2345 memcached on
4)proxy-server配置文件
[DEFAULT]
bind_port = 8080
workers = 8
user = swift
[pipeline:main]
pipeline = healthcheck cache authtoken keystone proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:cache]
use = egg:swift#memcache
memcache_servers = 127.0.0.1:11211
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:keystone]
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
operator_roles = admin, SwiftOperator
is_admin = true
cache = swift.cache
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
admin_tenant_name = adminTenant
admin_user = admin
admin_password = admin
admin_token = dx2013
auth_host = 192.168.1.123
auth_port = 35357
auth_protocol = http
service_port = 5000
service_host = 192.168.1.123
signing_dir = /tmp/keystone-signing-swift
auth_token = dx2013
5)配置节点信息
# cd /etc/swift
# swift-ring-builder account.builder create 18 2 1
# swift-ring-builder container.builder create 18 2 1
# swift-ring-builder object.builder create 18 2 1
定义分区的大小为2^18, 副本数2,分区移动间隔1小时
6)创建ring文件
swift-ring-builder account.builder add z1-192.168.1.125:6002/sda6 100
swift-ring-builder account.builder add z2-192.168.1.126:6002/sda6 100
swift-ring-builder container.builder add z1-192.168.1.125:6001/sda6 100
swift-ring-builder container.builder add z2-192.168.1.126:6001/sda6 100
swift-ring-builder object.builder add z1-192.168.1.125:6000/sda6 100
swift-ring-builder object.builder add z2-192.168.1.126:6000/sda6 100
(其中sda6是存储节点提供的存储空间)
验证刚才添加的内容是否正确
# swift-ring-builder account.builder
# swift-ring-builder container.builder
# swift-ring-builder object.builder
7)生成最终的ring
# swift-ring-builder account.builder rebalance
# swift-ring-builder container.builder rebalance
# swift-ring-builder object.builder rebalance
会生成三个.gz文件
3.2 配置存储节点存储节点的配置方法都是相同的,只是配置文件中IP不同而已,所以这里只写出一个节点如何配置
IP:192.168.1.125
Yum install openstack-swift-account openstack-swift-container openstack-swift-objectinstall xfsprogs
1)通过fdisk创建一个磁盘,假设为/dev/sda6
(1)mkfs.xfs -i size=1024 /dev/sda6
(2)echo "/dev/sda6 /srv/node/sda6 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
(3) mkdir -p /srv/node/sda6
(4)mount /srv/node/sda6
(5)chown -R swift:swift /srv/node
2)创建/etc/rsyncd.conf文件
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 192.168.1.125
[account]
max_connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/account.lock
[container]
max_connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/container.lock
[object]
max_connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/object.lock
3)设置rsync
修改/etc/xinetd.d/rsync
disable = no
4)启动rsync,加载配置文件
# /usr/bin/rsync --daemon --config=/etc/rsyncd.conf
开机启动
echo “/usr/bin/rsync --daemon --config=/etc/rsyncd.conf” >> /etc/rc.local
5)配置/etc/swift/account-server.conf
[DEFAULT]
bind_ip = 192.168.1.125
bind_port = 6002
workers = 1
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]
配置/etc/swift/container-server.conf
[DEFAULT]
bind_ip = 192.168.1.125
bind_port = 6001
workers = 1
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
配置/etc/swift/object-server.conf
[DEFAULT]
bind_ip = 192.168.1.125
bind_port = 6000
workers = 1
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
6)把192.168.1.124中生成的account.ring.gz, container.ring.gz, object.ring.gz三个文件拷贝到本机/etc/swift目录下
可以使用scp命令:
scp root@192.168.1.124:/etc/swift/*.gz /etc/swift/
3.3 启动服务
1)启动代理节点的服务
# swift-init proxy-server start
2)分别启动存储节点的服务
# swift-init object-server start
# swift-init object-replicator start
# swift-init object-updater start
# swift-init object-auditor start
# swift-init container-server start
# swift-init container-replicator start
# swift-init container-updater start
# swift-init container-auditor start
# swift-init account-server start
# swift-init account-replicator start
# swift-init account-auditor start
4. 测试是否安装成功
官网给出的curl的使用方法是针对于使用swauth或tempauth作为认证工具的,使用keystone作为认证工具的时候使用下述方法:
curl -d '{"auth":{"tenantName": "adminTenant","passwordCredentials":{"username": "admin","password": "admin"}}}' -H "Content-type:application/json" http://192.168.1.126:35357/v2.0/tokens | python-mjson.tool
如果安装成功,那么返回的响应大概如下:
% Total % Received % Xferd AverageSpeed Time Time Time Current
Dload Upload Total Spent Left Speed
110 1107 100 1107 0 105 9759 925 --:--:-- --:--:-- --:--:-- 9109
{
"access": {
"metadata": {
"is_admin": 0,
"roles": [
"3804f878346540438b0f640896485373"
]
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL":"http://192.168.1.127:8080",
"id":"bd49f802dddc4483872cc00e827d0362",
"internalURL":"http://192.168.1.127:8080/v1/AUTH_0bb450946b3b4f0aa487cf42d54abe77",
"publicURL:"http://192.168.1.127:8080/v1/AUTH_0bb450946b3b4f0aa487cf42d54abe77",
"region":"RegionOne"
}
],
"endpoints_links":[],
"name":"swift",
"type":"object-store"
},
{
"endpoints": [
{
"adminURL":"http://192.168.1.126:35357/v2.0",
"id":"42083df2425b4d48850599115580e21c",
"internalURL": "http://192.168.1.126:5000/v2.0",
"publicURL":"http://192.168.1.126:5000/v2.0",
"region":"RegionOne"
}
],
"endpoints_links":[],
"name":"keystone",
"type":"identity"
}
],
"token": {
"expires": "2013-05-29T11:58:48Z",
"id":"44c81c18e0af4990b72663985911d6d8",
"tenant": {
"description":"Admin Tenant",
"enabled": true,
"id":"0bb450946b3b4f0aa487cf42d54abe77",
"name":"adminTenant"
}
},
"user": {
"id": "946e9bc0402440638e46f1634cd49955",
"name": "admin",
"roles": [
{
"name":"admin"
}
],
"roles_links": [],
"username": "admin"
}
}
}其中红色的部分就是后续使用对象存储系统需要的token和URL
关于curl如何具体操作swift,可以看我另一篇文章http://blog.csdn.net/gjhnorth/article/details/9036869
- CentOS6.2 安装部署openstack keystone+swift
- CentOS6.2下源码安装openStack keystone
- CentOS6.2下源码安装openStack keystone
- openstack部署(2)-安装keystone组件
- OpenStack Keystone安装部署流程
- OpenStack Keystone安装部署流程
- 在一套安装了keystone的环境上,安装openstack swift(centos6.5)
- OpenStack安装部署之keystone&&Glance
- openstack【Kilo】入门 【keystone篇】八:验证keystone安装部署
- Openstack swift安装部署
- Openstack(Mitaka) Swift Keystone V2.0部署方案
- CentOS6.2下一步一步源代码安装OpenStack(三)keystone配置、运行、测试
- CentOS6.2下一步一步源代码安装OpenStack(三)keystone配置、运行、测试
- CentOS6.2下一步一步源代码安装OpenStack(三)keystone配置、运行、测试
- swift+keystone 部署小记
- [部署篇2]VMWare搭建Openstack——控制节点的KeyStone的安装
- 轻松安装OpenStack Keystone
- openstack安装部署3——keystone安装(仅部署在控制节点)
- CMake命令之list
- Android服务之Service(其)关于AIDL进程间通信
- 如何进行网站的本地测试
- CMake命令之set_property和get_property
- windows nginx + tomcat 负载整合
- CentOS6.2 安装部署openstack keystone+swift
- CentOs下Apache配置全过程
- 设置socket特性
- 推荐10款来自极客标签的超棒前端特效[第六期]
- Smack文档(翻译)
- Java http get/post 传递json参数问题
- (转)C++栈和堆原理介绍
- js的 new image()
- 开源Jamendo在线音乐播放器源码
