由于工作需要,要在CentOS6.2版本上安装部署openstack的对象存储集群(folsom版本),按照官网的文档搭建的过程中发现有 错误,于是经过探索,最终安装成功,遂记录下来,给需要的人一个参考,如果错误,欢迎指正。
1. 节点配置
安装环境:VMware Workstation 9
操作系统:CentOS 6.2 X86_64
|
IP地址 |
任务 |
|
192.168.1.123 |
Keystone |
|
192.168.1.124 |
Swift proxy |
|
192.168.1.125 |
Swift object storage 1 |
|
192.168.1.126 |
Swift object storage 2 |
注意事项:
1)源设置:
所有节点添加folsom的源
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
执行:
yum makecache
2)所有操作均为root权限
3)所有节点都必须关闭防火墙
查看防火墙状态:
|
/etc/init.d/iptables status |
临时关闭防火墙:
|
/etc/init.d/iptables stop |
永久关闭防火墙:
|
Chkconfig --level 35 iptables off |
2. 部署Openstack Identity服务(keystone)
IP:192.168.1.123
2.1 安装keystone1) 将identity服务安装在能被其他主机访问的服务器上
|
# yum install openstack-utils openstack-keystone python-keystoneclient |
2)安装mysql
|
# yum install mysql mysql-server MySQL-python |
开启mysql并设置开机默认启动
|
# chkconfig --level 2345 mysqld on # service mysqld start |
如果要设置mysql的root密码,可以执行:
|
# mysql_secure_installation |
接下来会提示设置mysql的root密码
3)创建一个名为"keystone”的数据库,以及一个名为"keystone”的mysql用户名,该用户拥有访问keystone数据库的所有权限。默认,密码与用户名同名。
|
# openstack-db --init --service keystone |
也可以通过手动创建keystone数据库:
|
mysql -u root -p mysql> CREATE DATABASE keystone; mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '[YOUR_KEYSTONEDB_PASSWORD]'; mysql> GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '[YOUR_KEYSTONEDB_PASSWORD]'; mysql> quit |
4)配置/etc/keystone/keystone.conf文件
|
(1)cOnnection= mysql://keystone:[YOUR_KEYSTONEDB_PASSWORD]@192.168.1.126/keystone
(2)admin_token = |
5)启动keystone服务并设置为开机启动
|
# service openstack-keystone start # chkconfig openstack-keystone on |
6)同步keystone数据库
|
# keystone-manage db_sync |
7)可以把admin_token和endpoint添加到系统环境中
|
# export SERVICE_TOKEN=000000 # export SERVICE_ENDPOINT=http://192.168.1.123:35357/v2.0 |
8)验证keystone
可以执行如下命令
|
Keystone user-list Keystone tenant-list Keystone role-list |
将SERVICE_TOKEN和SERVICE_ENDPOINT添加到环境中(否则需要--tokenadmin_token --endpoint http://192.168.1.123:35357/v2.0 )
1)创建租户
|
keystone tenant-create --name adminTenant --description “Admin Tenant” |
2)创建用户
|
keystone user-create --tenant-id <上一步返回的id> --name admin --pass admin |
3)添加角色
|
keystone role-create --name admin |
4)将角色和用户关联起来
|
keystone user-role-add --user-id |
5)验证
|
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H "Content-type: application/json" http://192.168.1.123:35357/v2.0/tokens | python -mjson.tool |
6)加入到环境变量中
|
export OS_USERNAME=admin export OS_PASSWORD=admin export OS_TENANT_NAME=adminTenant export OS_AUTH_URL=http://192.168.1.123:35357/v2.0 |
2.3 添加服务
1)identity服务
|
keystone service-create --name=keystone --type=identity --description=”Keystone Identity Service” |
会得到一个service id
|
keystone endpoint-create --region RegionOne \ --service-id=<上一步返回的id> \ --publicurl=http://192.168.1.123:5000/v2.0 \ --internalurl=http://192.168.1.123:5000/v2.0 \ --adminurl=http://192.168.1.123:35357/v2.0 |
2)objectstorage服务
|
keystone service-create --name=swift --type=object-store --description=”Swift Object Store Service” |
会得到一个service id
|
keystone endpoint-create --region RegionOne \ --service-id=<上一步返回的id> \
--publicurl=http://192.168.1.124:8080/v1/AUTH_
--internalurl=http://192.168.1.124:8080/v1/AUTH_ --adminurl=http://192.168.1.124:8080(/v1?) |
3)查看添加的各项内容
|
Keystone user-list |
列出所有用户 |
|
Keystone tenant-list |
列出所有租户 |
|
Keystone role-list |
列出所有角色 |
|
Keystone service-list |
列出所有服务 |
|
Keystone endpoint-list |
列出所有终端服务url |
3. 部署Openstack Object Storage 服务(swift)
1)两个对象存储节点都需要安装的包:
|
yum install openstack-swift openstack-swift-account openstack-swift-container openstack-swift-object |
2)修改/etc/swift/swift.conf
|
swift_hash_path_suffix = |
3)权限设置
|
#mkdir -p /etc/swift #chown -R swift:swift /etc/swift/ |
节点IP:192.168.1.124
1)安装代理软件包和keystone
|
# yum install openstack-swift-proxy memcached python-swiftclient python-keystone-auth-token openstack-utils openstack-keystone |
2)配置证书
|
# cd /etc/swift # openssl req -new -x509 -nodes -out cert.crt -keyout cert.key |
3)配置memcached
官方文档中给出的方法是修改/etc/memcached.conf文件,但是在CentOS上memcached.conf这个文件已经在新的版本中撤消了,memcached是在启动的时候设置参数的。
Memcached的一些参数:
|
//-d 选项是启动一个守护进程, //-m 是分配给Memcache使用的内存数量,单位是MB,默认64MB //-M return error on memory exhausted (rather than removing items) //-u 是运行Memcache的用户,如果当前为root 的话,需要使用此参数指定用户。 //-l 是监听的服务器IP地址,默认为所有网卡。 //-p 是设置Memcache的TCP监听的端口,最好是1024以上的端口 //-c 选项是最大运行的并发连接数,默认是1024 //-P 是设置保存Memcache的pid文件 //-f chunk size growth factor (default: 1.25) //-I Override the size of each slab page. Adjusts max item size //也可以启动多个守护进程,但是端口不能重复 |
官方文档让我们修改的就是-l参数,该参数现在默认是所有网卡,可以改成我们需要监听的网卡
启动(停止)memcached程序:
|
service memcached start(stop) |
设置开机启动
|
Chkconfig --level 2345 memcached on |
4)proxy-server配置文件
|
[DEFAULT] bind_port = 8080 workers = 8 user = swift [pipeline:main] pipeline = healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true [filter:cache] use = egg:swift#memcache memcache_servers = 127.0.0.1:11211 [filter:catch_errors] use = egg:swift#catch_errors [filter:healthcheck] use = egg:swift#healthcheck [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, SwiftOperator is_admin = true cache = swift.cache [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory admin_tenant_name = adminTenant admin_user = admin admin_password = admin admin_token = dx2013 auth_host = 192.168.1.123 auth_port = 35357 auth_protocol = http service_port = 5000 service_host = 192.168.1.123 signing_dir = /tmp/keystone-signing-swift auth_token = dx2013 |
5)配置节点信息
|
# cd /etc/swift # swift-ring-builder account.builder create 18 2 1 # swift-ring-builder container.builder create 18 2 1 # swift-ring-builder object.builder create 18 2 1 |
定义分区的大小为2^18, 副本数2,分区移动间隔1小时
6)创建ring文件
|
swift-ring-builder account.builder add z1-192.168.1.125:6002/sda6 100 swift-ring-builder account.builder add z2-192.168.1.126:6002/sda6 100 swift-ring-builder container.builder add z1-192.168.1.125:6001/sda6 100 swift-ring-builder container.builder add z2-192.168.1.126:6001/sda6 100 swift-ring-builder object.builder add z1-192.168.1.125:6000/sda6 100 swift-ring-builder object.builder add z2-192.168.1.126:6000/sda6 100 |
(其中sda6是存储节点提供的存储空间)
验证刚才添加的内容是否正确
|
# swift-ring-builder account.builder # swift-ring-builder container.builder # swift-ring-builder object.builder |
7)生成最终的ring
|
# swift-ring-builder account.builder rebalance # swift-ring-builder container.builder rebalance # swift-ring-builder object.builder rebalance |
会生成三个.gz文件
3.2 配置存储节点存储节点的配置方法都是相同的,只是配置文件中IP不同而已,所以这里只写出一个节点如何配置
IP:192.168.1.125
|
Yum install openstack-swift-account openstack-swift-container openstack-swift-objectinstall xfsprogs |
1)通过fdisk创建一个磁盘,假设为/dev/sda6
|
(1)mkfs.xfs -i size=1024 /dev/sda6 (2)echo "/dev/sda6 /srv/node/sda6 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab (3) mkdir -p /srv/node/sda6 (4)mount /srv/node/sda6 (5)chown -R swift:swift /srv/node |
2)创建/etc/rsyncd.conf文件
|
uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = 192.168.1.125 [account] max_cOnnections= 2 path = /srv/node/ read Only= false lock file = /var/lock/account.lock [container] max_cOnnections= 2 path = /srv/node/ read Only= false lock file = /var/lock/container.lock [object] max_cOnnections= 2 path = /srv/node/ read Only= false lock file = /var/lock/object.lock |
3)设置rsync
修改/etc/xinetd.d/rsync
4)启动rsync,加载配置文件
|
# /usr/bin/rsync --daemon --cOnfig=/etc/rsyncd.conf |
开机启动
|
echo “/usr/bin/rsync --daemon --cOnfig=/etc/rsyncd.conf” >> /etc/rc.local |
5)配置/etc/swift/account-server.conf
|
[DEFAULT] bind_ip = 192.168.1.125 bind_port = 6002 workers = 1 [pipeline:main] pipeline = account-server [app:account-server] use = egg:swift#account [account-replicator] [account-auditor] [account-reaper] |
配置/etc/swift/container-server.conf
|
[DEFAULT] bind_ip = 192.168.1.125 bind_port = 6001 workers = 1 [pipeline:main] pipeline = container-server [app:container-server] use = egg:swift#container [container-replicator] [container-updater] [container-auditor] [container-sync] |
配置/etc/swift/object-server.conf
|
[DEFAULT] bind_ip = 192.168.1.125 bind_port = 6000 workers = 1 [pipeline:main] pipeline = object-server [app:object-server] use = egg:swift#object [object-replicator] [object-updater] [object-auditor] |
6)把192.168.1.124中生成的account.ring.gz, container.ring.gz, object.ring.gz三个文件拷贝到本机/etc/swift目录下
可以使用scp命令:
3.3 启动服务
1)启动代理节点的服务
|
# swift-init proxy-server start |
2)分别启动存储节点的服务
|
# swift-init object-server start # swift-init object-replicator start # swift-init object-updater start # swift-init object-auditor start # swift-init container-server start # swift-init container-replicator start # swift-init container-updater start # swift-init container-auditor start # swift-init account-server start # swift-init account-replicator start # swift-init account-auditor start |
4. 测试是否安装成功
官网给出的curl的使用方法是针对于使用swauth或tempauth作为认证工具的,使用keystone作为认证工具的时候使用下述方法:
curl -d '{"auth":{"tenantName": "adminTenant","passwordCredentials":{"username": "admin","password": "admin"}}}' -H "Content-type:application/json" http://192.168.1.126:35357/v2.0/tokens | python-mjson.tool
如果安装成功,那么返回的响应大概如下:
% Total % Received % Xferd AverageSpeed Time Time Time Current
Dload Upload Total Spent Left Speed
110 1107 100 1107 0 105 9759 925 --:--:-- --:--:-- --:--:-- 9109
{
"access": {
"metadata": {
"is_admin": 0,
"roles": [
"3804f878346540438b0f640896485373"
]
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL":"http://192.168.1.127:8080",
"id":"bd49f802dddc4483872cc00e827d0362",
"internalURL":"http://192.168.1.127:8080/v1/AUTH_0bb450946b3b4f0aa487cf42d54abe77",
"publicURL:"http://192.168.1.127:8080/v1/AUTH_0bb450946b3b4f0aa487cf42d54abe77",
"region":"RegionOne"
}
],
"endpoints_links":[],
"name":"swift",
"type":"object-store"
},
{
"endpoints": [
{
"adminURL":"http://192.168.1.126:35357/v2.0",
"id":"42083df2425b4d48850599115580e21c",
"internalURL": "http://192.168.1.126:5000/v2.0",
"publicURL":"http://192.168.1.126:5000/v2.0",
"region":"RegionOne"
}
],
"endpoints_links":[],
"name":"keystone",
"type":"identity"
}
],
"token": {
"expires": "2013-05-29T11:58:48Z",
"id":"44c81c18e0af4990b72663985911d6d8",
"tenant": {
"description":"Admin Tenant",
"enabled": true,
"id":"0bb450946b3b4f0aa487cf42d54abe77",
"name":"adminTenant"
}
},
"user": {
"id": "946e9bc0402440638e46f1634cd49955",
"name": "admin",
"roles": [
{
"name":"admin"
}
],
"roles_links": [],
"username": "admin"
}
}
}
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有