grizzly版swift和keystone整合
来源:互联网 发布:网络管理是什么意思 编辑:程序博客网 时间:2024/04/19 11:50
系统:ubuntu 12.0.4
环境:3节点
controller节点:172.16.77.128(swift的proxy也在此节点)
network节点:172.16.77.130
compute节点:172.16.77.131
Openstack部署方案参考:
https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst
swift部署方案参考:
http://blog.lightcloud.cn/?p=68
及官方文档
http://docs.openstack.org/developer/swift/howto_installmultinode.html
swift和keystone参考:
http://docs.openstack.org/developer/swift/overview_auth.html
网上有些swift和keystone结合的文章,但是由于swift版本较老,在swift 1.8.0中并不适用
swift和keystone整合前/etc/swift/proxy-server.conf:
[DEFAULT]
bind_port = 8080
bind_ip = 172.16.77.128
workers = 8
user = swift
log_level = DEBUG
log_facility = LOG_LOCAL1
[pipeline:main]
pipeline = healthcheck cache tempauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 172.16.77.128:11211
swift和keystone整合后/etc/swift/proxy-server.conf:
[DEFAULT]
bind_port = 8080
bind_ip = 172.16.77.128
workers = 8
user = swift
log_level = DEBUG
log_facility = LOG_LOCAL1
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauthproxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:authtoken]
paste.filter_factory =keystoneclient.middleware.auth_token:filter_factory
auth_host = 172.16.77.128
auth_port = 35357
auth_protocol = http
auth_uri = http://172.16.77.128:5000/
admin_tenant_name = service
admin_user = swift
admin_password = service_pass
cache = swift.cache
signing_dir = /etc/swift
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin, swiftoperator
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 172.16.77.128:11211
keystone需要做的操作,脚本供参考:
==================================================================================================
HOST_IP=172.16.77.128
ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}
export SERVICE_TOKEN="ADMIN"
export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
KEYSTONE_REGION=RegionOne
get_id () {
}
ADMIN_TENANT=$(keystone tenant-list|grep admin|awk -F"|"'{print $2}'|awk -F" " '{print $1}')
SERVICE_TENANT=$(keystone tenant-list|grep$SERVICE_TENANT_NAME|awk -F"|" '{print $2}'|awk -F" " '{print$1}')
ADMIN_ROLE=$(keystone role-list|grep admin |awk -F"|" '{print$2}'|awk -F" " '{print $1}')
SWIFT_USER=$(get_id keystone user-create --name=swift--pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT--email=swift@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id$SWIFT_USER --role-id $ADMIN_ROLE
SWIFT_SERVICE=$(get_id keystone service-create --name swift--type object-store --description 'OpenStack StorageService')
keystone endpoint-create --region $KEYSTONE_REGION--service_id $SWIFT_SERVICE --publicurl'http://172.16.77.128:8080/v1/AUTH_$(tenant_id)s' --adminurl'http://172.16.77.128:8080/' --internalurl'http://172.16.77.128:8080/v1/AUTH_$(tenant_id)s'
==================================================================================================
/etc/keystone/default_catalog.templates添加:
catalog.RegionOne.object_store.name = Swift Service
catalog.RegionOne.object_store.publicURL =http://swiftproxy:8080/v1/AUTH_$(tenant_id)s
catalog.RegionOne.object_store.adminURL =http://swiftproxy:8080/
catalog.RegionOne.object_store.internalURL =http://swiftproxy:8080/v1/AUTH_$(tenant_id)s
附上几个部署过程中遇到的问题及解决方法:
1.
Aug 15 05:15:37 controller1 proxy-server UNCAUGHTEXCEPTION#012Traceback (most recent call last):#012 File "/usr/bin/swift-proxy-server", line 22, in#012 run_wsgi(conf_file,'proxy-server', default_port=8080, **options)#012 File"/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 187,in run_wsgi#012 run_server()#012 File"/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 149,in run_server#012 global_conf={'log_name': log_name})#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line247, in loadapp#012 returnloadobj(APP, uri, name=name, **kw)#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line272, in loadobj#012 returncontext.create()#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line710, in create#012 returnself.object_type.invoke(self)#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line207, in invoke#012 app =filter(app)#012 File"/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",line 1153, in auth_filter#012 return AuthProtocol(app, conf)#012 File"/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",line 304, in __init__#012 os.makedirs(self.signing_dirname)#012 File "/usr/lib/python2.7/os.py", line 157, inmakedirs#012 mkdir(name,mode)#012OSError: [Errno 13] Permission denied:'/root/keystone-signing'
解决方式:https://bugs.launchpad.net/keystone/+bug/1036847
/etc/swift/proxy-server.conf中[filter:authtoken]下添加
signing_dir = /etc/swift
2.
Aug 15 05:55:18 controller1 proxy-server UNCAUGHTEXCEPTION#012Traceback (most recent call last):#012 File "/usr/bin/swift-proxy-server", line 22, in#012 run_wsgi(conf_file,'proxy-server', default_port=8080, **options)#012 File"/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 187,in run_wsgi#012 run_server()#012 File"/usr/lib/python2.7/dist-packages/swift/common/wsgi.py", line 149,in run_server#012 global_conf={'log_name': log_name})#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line247, in loadapp#012 returnloadobj(APP, uri, name=name, **kw)#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line271, in loadobj#012 global_conf=global_conf)#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line296, in loadcontext#012 global_conf=global_conf)#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line317, in _loadconfig#012 loader= ConfigLoader(path)#012 File"/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line393, in __init__#012 withopen(filename) as f:#012IOError: [Errno 13] Permission denied:'/etc/swift/proxy-server.conf'
解决方式:https://bugzilla.redhat.com/show_bug.cgi?id=967631
chown root:root /etc/swift
chown swift:swift /etc/swift
3.
root@controller1:/etc/swift# swift -A http://172.16.77.128:5000/v2.0 -U user_one -Kuser_one stat -V 2
Account HEAD failed:http://172.16.77.128:8080/v1/AUTH_4351cda4e5e44278b0e6050eadfbea81401 Unauthorized
用户权限问题:
keystone role-create --name swiftoperator
keystone user-role-add --tenant-id4351cda4e5e44278b0e6050eadfbea81 --user-id8a4dab8816a84f72af39ea1de81e6edd --role-id836640f839344cfca5f68f16083d18da
swift -A http://172.16.77.128:5000/v2.0 -U user_one -Kuser_one stat -V 2
- grizzly版swift和keystone整合
- grizzly版swift和glance整合
- openstack grizzly keystone data script
- 关于Swift的Tempauth和Keystone
- Swift和Keystone单机安装总结
- OpenStack Swift集群与Keystone的整合使用说明
- Ubuntu下Swift、Keystone和Horizon安装集成小结
- Swift和keystone认证服务器结合实现多租户
- swift+keystone 部署小记
- 基于keystone的swift搭建
- Openstack Swift Quotas初探(Grizzly)
- Deploy swift on CentOS6.4 (grizzly)
- Openstack Swift Quotas初探(Grizzly)
- Swift与Keystone认证问题,Permission denied: '/root/keystone-signing'
- Swift与Keystone认证问题,Permission denied: '/root/keystone-signing'
- radosgw和keystone对接
- 使用Keystone认证多节点安装Swift
- 使用Keystone认证多节点安装Swift
- linux下apache
- glDrawPixels
- 几个不错的学习网站
- java与C++分析
- Couldn't start MySQL! while starting XAMPP
- grizzly版swift和keystone整合
- grizzly版swift和glance整合
- Linux c中经常用到的一些处理:
- opencms8.5安装问题集锦
- :org.apache.jasper.JasperException: java.lang.ClassCastException三种解决方法
- 20130909安博培训第一天
- diabloIII
- AU格式解析
- 统计学习方法-概率知识补充