OpenStack Antelope : Configure Swift (Proxy Node)2023/04/19 |
Configure OpenStack Object Storage (Swift).
This example is based on the environment like follows.
------------+--------------------------+------------ | | eth0|10.0.0.30 eth0|10.0.0.50 +-----------+-----------+ +-----------+-----------+ | [ dlp.srv.world ] | | [ network.srv.world ] | | (Control Node) | | (Proxy Node) | | | | | | MariaDB RabbitMQ | | Swift Proxy | | Memcached Nginx | | Nginx | | Keystone httpd | | | +-----------------------+ +-----------------------+ ------------+--------------------------+--------------------------+----------- eth0|10.0.0.71 eth0|10.0.0.72 eth0|10.0.0.73 +-----------+-----------+ +-----------+-----------+ +-----------+-----------+ | [snode01.srv.world] | | [snode02.srv.world] | | [snode03.srv.world] | | (Storage Node#1) | | (Storage Node#2) | | (Storage Node#3) | | | | | | | | Swift-Account | | Swift-Account | | Swift-Account | | Swift-Container | | Swift-Container | | Swift-Container | | Swift-Object | | Swift-Object | | Swift-Object | +-----------------------+ +-----------------------+ +-----------------------+ |
[1] | Install Swift-Proxy on Proxy Node. |
[root@network ~]# dnf --enablerepo=centos-openstack-antelope,epel,crb -y install openstack-swift-proxy python3-memcached openssh-clients nginx nginx-mod-stream
|
[2] | Configure Swift-Proxy. |
[root@network ~]#
vi /etc/swift/proxy-server.conf # line 5 : add [DEFAULT] bind_port = 8080 workers = 8 user = swift bind_ip = 127.0.0.1 # line 42 : specify Memcached server [filter:cache] use = egg:swift#memcache memcache_servers = dlp.srv.world:11211 # add to the end # change to your Keystone auth info [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory #project_name = %SERVICE_TENANT_NAME% #username = %SERVICE_USER% #password = %SERVICE_PASSWORD% #auth_url = http://127.0.0.1:5000 www_authenticate_uri = https://dlp.srv.world:5000 auth_url = https://dlp.srv.world:5000 memcached_servers = dlp.srv.world:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = swift password = servicepassword delay_auth_decision = true
[root@network ~]#
vi /etc/swift/swift.conf # change and add # it is shared among Swift Nodes - any words you like [swift-hash] swift_hash_path_suffix = swift_shared_path
swift_hash_path_prefix = swift_shared_path |
[3] | Configure Swift Ring files. |
[root@network ~]#
swift-ring-builder /etc/swift/account.builder create 12 3 1 [root@network ~]# swift-ring-builder /etc/swift/container.builder create 12 3 1 [root@network ~]# swift-ring-builder /etc/swift/object.builder create 12 3 1
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r0z0-10.0.0.71:6202/device 100 Device d0r0z0-10.0.0.71:6202R10.0.0.71:6202/device_"" with 100.0 weight got id 0 [root@network ~]# swift-ring-builder /etc/swift/container.builder add r0z0-10.0.0.71:6201/device 100 Device d0r0z0-10.0.0.71:6201R10.0.0.71:6201/device_"" with 100.0 weight got id 0 [root@network ~]# swift-ring-builder /etc/swift/object.builder add r0z0-10.0.0.71:6200/device 100 Device d0r0z0-10.0.0.71:6200R10.0.0.71:6200/device_"" with 100.0 weight got id 0
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r1z1-10.0.0.72:6202/device 100 Device d1r1z1-10.0.0.72:6202R10.0.0.72:6202/device_"" with 100.0 weight got id 1 [root@network ~]# swift-ring-builder /etc/swift/container.builder add r1z1-10.0.0.72:6201/device 100 Device d1r1z1-10.0.0.72:6201R10.0.0.72:6201/device_"" with 100.0 weight got id 1 [root@network ~]# swift-ring-builder /etc/swift/object.builder add r1z1-10.0.0.72:6200/device 100 Device d1r1z1-10.0.0.72:6200R10.0.0.72:6200/device_"" with 100.0 weight got id 1
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r2z2-10.0.0.73:6202/device 100 Device d2r2z2-10.0.0.73:6202R10.0.0.73:6202/device_"" with 100.0 weight got id 2 [root@network ~]# swift-ring-builder /etc/swift/container.builder add r2z2-10.0.0.73:6201/device 100 Device d2r2z2-10.0.0.73:6201R10.0.0.73:6201/device_"" with 100.0 weight got id 2 [root@network ~]# swift-ring-builder /etc/swift/object.builder add r2z2-10.0.0.73:6200/device 100 Device d2r2z2-10.0.0.73:6200R10.0.0.73:6200/device_"" with 100.0 weight got id 2
[root@network ~]#
[root@network ~]# swift-ring-builder /etc/swift/account.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 [root@network ~]# swift-ring-builder /etc/swift/container.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 [root@network ~]# swift-ring-builder /etc/swift/object.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 chown swift. /etc/swift/*.gz [root@network ~]# systemctl enable --now openstack-swift-proxy |
[4] | If Firewalld is running, allow service ports. |
[root@network ~]# firewall-cmd --add-port=8080/tcp success [root@network ~]# firewall-cmd --runtime-to-permanent success |
[5] | Get valid SSL/TLS certificate or Create self-signed certificate for Network Node and configure Nginx for proxy settings. |
[root@network ~]# mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org
[root@network ~]#
vi /etc/nginx/nginx.conf # create new user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; } stream { upstream swift-proxy { server 127.0.0.1:8080; } server { listen 10.0.0.50:8080 ssl; proxy_pass swift-proxy; } ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem"; } systemctl enable --now nginx |
Sponsored Link |