Swift是openstack默认的存储服务,但是在生产环境中不使用它,因为swift的机制决定了它会占用很大的CPU资源

Swift是一个高可用分布式的对象存储服务,为Nova子项目提供虚拟机镜像存储服务

 

1.安装对象存储swift(控制节点node1)

---------------------------------------------#创建用户和service
[root@node1 ~]# . admin-openrc
[root@node1 ~]# openstack user create --domain default --password-prompt swift   # 输入密码swift
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 044c2f6e7e0947f2a7f0298e9d9f8af3 |
| name                | swift                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user swift admin
[root@node1 ~]# openstack service create --name swift --description "OpenStack Object Storage" object-store
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Object Storage         |
| enabled     | True                             |
| id          | fbdd56c3d9824ac4a366a529dee4fd76 |
| name        | swift                            |
| type        | object-store                     |
+-------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne object-store public http://node1:8080/v1/AUTH_%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 66ba38c8261e4380aa6dd9f94d178cc4         |
| interface    | public                                   |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | fbdd56c3d9824ac4a366a529dee4fd76         |
| service_name | swift                                    |
| service_type | object-store                             |
| url          | http://node1:8080/v1/AUTH_%(project_id)s |
+--------------+------------------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne object-store internal http://node1:8080/v1/AUTH_%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 54460569959d4ae7bead17e9737c304b         |
| interface    | internal                                 |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | fbdd56c3d9824ac4a366a529dee4fd76         |
| service_name | swift                                    |
| service_type | object-store                             |
| url          | http://node1:8080/v1/AUTH_%(project_id)s |
+--------------+------------------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne object-store admin http://node1:8080/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | f52482fbdcf44c2cabdda1a5d21cf2ee |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fbdd56c3d9824ac4a366a529dee4fd76 |
| service_name | swift                            |
| service_type | object-store                     |
| url          | http://node1:8080/v1             |
+--------------+----------------------------------+

---------------------------------------------#在node1上安装配置组件
yum -y install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached

# 下载配置文件并修改配置
curl -o /etc/swift/proxy-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/proxy-server.conf-sample
crudini --set /etc/swift/proxy-server.conf DEFAULT bind_port 8080
crudini --set /etc/swift/proxy-server.conf DEFAULT user swift
crudini --set /etc/swift/proxy-server.conf DEFAULT swift_dir /etc/swift
crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server"
crudini --set /etc/swift/proxy-server.conf app:proxy-server use egg:swift#proxy
crudini --set /etc/swift/proxy-server.conf app:proxy-server account_autocreate True
crudini --set /etc/swift/proxy-server.conf filter:keystoneauth use  egg:swift#keystoneauth
crudini --set /etc/swift/proxy-server.conf filter:keystoneauth operator_roles admin,user
crudini --set /etc/swift/proxy-server.conf filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
crudini --set /etc/swift/proxy-server.conf filter:authtoken www_authenticate_uri  http://node1:5000
crudini --set /etc/swift/proxy-server.conf filter:authtoken auth_url http://node1:5000
crudini --set /etc/swift/proxy-server.conf filter:authtoken memcached_servers node1:11211
crudini --set /etc/swift/proxy-server.conf filter:authtoken auth_type password
crudini --set /etc/swift/proxy-server.conf filter:authtoken project_domain_id default
crudini --set /etc/swift/proxy-server.conf filter:authtoken user_domain_id default
crudini --set /etc/swift/proxy-server.conf filter:authtoken project_name service
crudini --set /etc/swift/proxy-server.conf filter:authtoken username swift
crudini --set /etc/swift/proxy-server.conf filter:authtoken password swift
crudini --set /etc/swift/proxy-server.conf filter:authtoken delay_auth_decision True
crudini --set /etc/swift/proxy-server.conf filter:cache use egg:swift#memcache
crudini --set /etc/swift/proxy-server.conf filter:cache memcache_servers node1:11211

2.安装对象存储swift(对象存储节点node4/node5,两个基点操作一样,主机IP地址配置不同)

对象存储节点必须提供硬盘并且挂载到指定的目录中,否则会报错503,相关日志可以在对象存储节点的系统日志中看到。

account-replicator[353135]: Skipping: /srv/node/sdd is not mounted
# 安装组件rsync
yum install -y xfsprogs rsync rsync-daemon
# 创建数目存储目录并格式化硬盘
mkdir /svc/node/sdd
mkdir /svc/node/sde
mkfs.xfs /dev/sdd
mkfs.xfs /dev/sde
# 设置开机挂载并挂载硬盘
vi /etc/fstab
/dev/sdd           /srv/node/sdd    xfs   noatime 0 2
/dev/sde           /srv/node/sde    xfs   noatime 0 2
# 挂载硬盘
mount -a

--- 配置
crudini --set /etc/rsyncd.conf '' uid swift
crudini --set /etc/rsyncd.conf '' gid swift
crudini --set /etc/rsyncd.conf '' 'log file' /var/log/rsyncd.log
crudini --set /etc/rsyncd.conf '' 'pid file' /var/run/rsyncd.pid
crudini --set /etc/rsyncd.conf '' address 192.168.31.104   # 存储节点的IP地址
crudini --set /etc/rsyncd.conf account  'max connections ' 2
crudini --set /etc/rsyncd.conf account  path /srv/node/     # 存储数据目录
crudini --set /etc/rsyncd.conf account  'read only' False
crudini --set /etc/rsyncd.conf account  'lock file' /var/lock/account.lock
crudini --set /etc/rsyncd.conf container 'max connections' 2
crudini --set /etc/rsyncd.conf container path /srv/node/
crudini --set /etc/rsyncd.conf container 'read only' False
crudini --set /etc/rsyncd.conf container 'lock file' /var/lock/container.lock
crudini --set /etc/rsyncd.conf object 'max connections' 2
crudini --set /etc/rsyncd.conf object path /srv/node/
crudini --set /etc/rsyncd.conf object 'read only' False
crudini --set /etc/rsyncd.conf object 'lock file' /var/lock/object.lock
---------------------------------------------#  启动服务
systemctl enable rsyncd.service && systemctl start rsyncd.service

---------------------------------------------# 安装OpenStack组件
yum install -y --enablerepo powertools openstack-swift-account openstack-swift-container openstack-swift-object

---------------------------------------------# 修改组件配置
# 下载配置文件
curl -o /etc/swift/account-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/account-server.conf-sample
curl -o /etc/swift/container-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/container-server.conf-sample
curl -o /etc/swift/object-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/object-server.conf-sample

# 对配置文件进行修改
crudini --set  /etc/swift/account-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
crudini --set  /etc/swift/account-server.conf DEFAULT bind_port 6202
crudini --set  /etc/swift/account-server.conf DEFAULT user swift
crudini --set  /etc/swift/account-server.conf DEFAULT swift_dir /etc/swift
crudini --set  /etc/swift/account-server.conf DEFAULT devices /srv/node # 存储数据目录
crudini --set  /etc/swift/account-server.conf DEFAULT mount_check True
crudini --set  /etc/swift/account-server.conf pipeline:main pipeline 'healthcheck recon account-server'
crudini --set  /etc/swift/account-server.conf filter:recon use egg:swift#recon
crudini --set  /etc/swift/account-server.conf filter:recon recon_cache_path 
----------
crudini --set  /etc/swift/container-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
crudini --set  /etc/swift/container-server.conf DEFAULT bind_port 6201
crudini --set  /etc/swift/container-server.conf DEFAULT user swift
crudini --set  /etc/swift/container-server.conf DEFAULT swift_dir /etc/swift
crudini --set  /etc/swift/container-server.conf DEFAULT devices /srv/node # 存储数据目录
crudini --set  /etc/swift/container-server.conf DEFAULT mount_check True
crudini --set  /etc/swift/container-server.conf pipeline:main pipeline  'healthcheck recon container-server'
crudini --set  /etc/swift/container-server.conf filter:recon use egg:swift#recon
crudini --set  /etc/swift/container-server.conf recon_cache_path /var/cache/swift
----------
crudini --set  /etc/swift/object-server.conf DEFAULT bind_ip 192.168.31.104 # 存储节点的IP地址
crudini --set  /etc/swift/object-server.conf DEFAULT bind_port 6200
crudini --set  /etc/swift/object-server.conf DEFAULT user swift
crudini --set  /etc/swift/object-server.conf DEFAULT swift_dir /etc/swift
crudini --set  /etc/swift/object-server.conf DEFAULT devices /srv/node # 存储数据目录
crudini --set  /etc/swift/object-server.conf DEFAULT mount_check True
crudini --set  /etc/swift/object-server.conf pipeline:main pipeline 'healthcheck recon object-server'
crudini --set  /etc/swift/object-server.conf filter:recon use egg:swift#recon
crudini --set  /etc/swift/object-server.conf filter:recon recon_cache_path /var/cache/swift
crudini --set  /etc/swift/object-server.conf filter:recon recon_lock_path /var/lock
----------# 配置数据目录权限
chown -R swift:swift /srv/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift

3.创建分发(控制节点node1)

curl -o /etc/swift/swift.conf \
  https://opendev.org/openstack/swift/raw/branch/master/etc/swift.conf-sample
# 修改配置如下
[swift-hash]
...
swift_hash_path_suffix = 123456789
swift_hash_path_prefix = 123456789

-----------------------------#  生成文件,注意参数里面的sdd和sde必须为本地对应的文件,和挂载目录必须对应
cd /etc/swift
swift-ring-builder account.builder create 10 3 1    # 创建account.builder文件
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6202 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6202 --device sde --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6202 --device sdd --weight 100
swift-ring-builder account.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6202 --device sde --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance
---
cd /etc/swift
swift-ring-builder container.builder create 10 3 1  # 创建container.builder文件
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6201 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6201 --device sde --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6201 --device sdd --weight 100
swift-ring-builder container.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6201 --device sde --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance
---
cd /etc/swift
swift-ring-builder object.builder create 10 3 1 # 创建object.builder文件
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6200 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.31.104 --port 6200 --device sde --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6200 --device sdd --weight 100
swift-ring-builder object.builder add --region 1 --zone 2 --ip 192.168.31.105 --port 6200 --device sde --weight 100
 swift-ring-builder object.builder
 swift-ring-builder object.builder rebalance
---
分发配置文件到对象存储节点node4,node5
for i in 4 5; do scp account.ring.gz container.ring.gz object.ring.gz node$i:/etc/swift;done

4.完成安装,在各个节点启动服务

# 在node1上分发swift.conf到存储节点node4、node5
for i in 4 5; do scp /etc/swift/swift.conf  node$i:/etc/swift;done
------# 所有节点(node1、node4、node5)修改配置文件权限
chown -R root:swift /etc/swift

# 控制节点node1启动服务
systemctl enable openstack-swift-proxy.service memcached.service
systemctl start openstack-swift-proxy.service memcached.service
# 存储节点
systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service \
  openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl start openstack-swift-account.service openstack-swift-account-auditor.service \
  openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl enable openstack-swift-container.service \
  openstack-swift-container-auditor.service openstack-swift-container-replicator.service \
  openstack-swift-container-updater.service
systemctl start openstack-swift-container.service \
  openstack-swift-container-auditor.service openstack-swift-container-replicator.service \
  openstack-swift-container-updater.service
systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service \
  openstack-swift-object-replicator.service openstack-swift-object-updater.service
systemctl start openstack-swift-object.service openstack-swift-object-auditor.service \
  openstack-swift-object-replicator.service openstack-swift-object-updater.service

5.在node1上验证

. admin-openrc
[root@node1 ~]# . admin-openrc 
[root@node1 ~]#  swift stat
               Account: AUTH_c827c773e36d4149a93196b371cebfd9
            Containers: 0
               Objects: 0
                 Bytes: 0
          Content-Type: text/plain; charset=utf-8
           X-Timestamp: 1646277425.56907
       X-Put-Timestamp: 1646277425.56907
                  Vary: Accept
            X-Trans-Id: tx7195146dc9444fe5a0074-0062203331
X-Openstack-Request-Id: tx7195146dc9444fe5a0074-0062203331

# 上传文件,创建一个容器
[root@node1 ~]# openstack container create container1
+---------------------------------------+------------+------------------------------------+
| account                               | container  | x-trans-id                         |
+---------------------------------------+------------+------------------------------------+
| AUTH_c827c773e36d4149a93196b371cebfd9 | container1 | tx0a771488be834a149f48f-00622033b7 |
+---------------------------------------+------------+------------------------------------+
# 删除文件到对象存储中
[root@node1 ~]# openstack object create container1 cirros-0.4.0-x86_64-disk.img 
+------------------------------+------------+----------------------------------+
| object                       | container  | etag                             |
+------------------------------+------------+----------------------------------+
| cirros-0.4.0-x86_64-disk.img | container1 | 443b7623e27ecf03dc9e01ee93f67afe |
+------------------------------+------------+----------------------------------+
# 查询对象存在红的文件
[root@node1 ~]# openstack object list container1
+------------------------------+
| Name                         |
+------------------------------+
| cirros-0.4.0-x86_64-disk.img |
+------------------------------+
# 将文件下载到本地
[root@node1 ~]# openstack object save container1 cirros-0.4.0-x86_64-disk.img

登录Dashboard也可以看到对象存储和刚刚上传的文件,也可以通过Dashboard来上传和下载文件。如果没有对象存储菜单,退出后重新登录或者重启http服务

Openstack中的Swift存储架构 openstack swift部署_swift