OpenStack Zed : Configure Swift (Proxy Node)2022/10/10 |
Configure OpenStack Object Storage (Swift).
This example is based on the environment like follows.
------------+-----------------------------+---------------+--- | | | eth0|10.0.0.30 eth0|10.0.0.50 | +-----------+-----------+ +-----------+-----------+ | | [ dlp.srv.world ] | | [ network.srv.world ] | | | (Control Node) | | (Proxy Node) | | | | | | | | MariaDB RabbitMQ | | Swift Proxy | | | Memcached Nginx | | Nginx | | | Keystone httpd | | | | +-----------------------+ +-----------------------+ | | ------------+-----------------------------+---------------+-------------+----------- eth0|10.0.0.71 eth0|10.0.0.72 eth0|10.0.0.73 +-----------+-----------+ +-----------+-----------+ +-----------+-----------+ | [snode01.srv.world] | | [snode02.srv.world] | | [snode03.srv.world] | | (Storage Node#1) | | (Storage Node#2) | | (Storage Node#3) | | | | | | | | Swift-Account | | Swift-Account | | Swift-Account | | Swift-Container | | Swift-Container | | Swift-Container | | Swift-Object | | Swift-Object | | Swift-Object | +-----------------------+ +-----------------------+ +-----------------------+ |
[1] | Install Swift-Proxy on Proxy Node. |
root@network:~# apt -y install swift swift-proxy python3-swiftclient python3-keystonemiddleware python3-memcache nginx libnginx-mod-stream
|
[2] | Configure Swift-Proxy. |
root@network:~#
vi /etc/swift/proxy-server.conf # create new
[DEFAULT]
bind_ip = 127.0.0.1
bind_port = 8080
user = swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
# Keystone auth info
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = https://dlp.srv.world:5000
auth_url = https://dlp.srv.world:5000
memcached_servers = dlp.srv.world:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = servicepassword
delay_auth_decision = true
service_token_roles_required = true
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,SwiftOperator
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = dlp.srv.world:11211
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:domain_remap]
use = egg:swift#domain_remap
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
root@network:~#
vi /etc/swift/swift.conf # create new # shared among Swift Nodes - any words you like
[swift-hash]
swift_hash_path_suffix = swift_shared_path swift_hash_path_prefix = swift_shared_path chown -R swift. /etc/swift
|
[3] | Configure Swift Ring files. |
root@network:~#
swift-ring-builder /etc/swift/account.builder create 12 3 1 root@network:~# swift-ring-builder /etc/swift/container.builder create 12 3 1 root@network:~# swift-ring-builder /etc/swift/object.builder create 12 3 1
root@network:~#
swift-ring-builder /etc/swift/account.builder add r0z0-10.0.0.71:6002/device 100 Device d0r0z0-10.0.0.71:6202R10.0.0.71:6202/device_"" with 100.0 weight got id 0 root@network:~# swift-ring-builder /etc/swift/container.builder add r0z0-10.0.0.71:6001/device 100 Device d0r0z0-10.0.0.71:6201R10.0.0.71:6201/device_"" with 100.0 weight got id 0 root@network:~# swift-ring-builder /etc/swift/object.builder add r0z0-10.0.0.71:6000/device 100 Device d0r0z0-10.0.0.71:6200R10.0.0.71:6200/device_"" with 100.0 weight got id 0
root@network:~#
swift-ring-builder /etc/swift/account.builder add r1z1-10.0.0.72:6002/device 100 Device d1r1z1-10.0.0.72:6202R10.0.0.72:6202/device_"" with 100.0 weight got id 1 root@network:~# swift-ring-builder /etc/swift/container.builder add r1z1-10.0.0.72:6001/device 100 Device d1r1z1-10.0.0.72:6201R10.0.0.72:6201/device_"" with 100.0 weight got id 1 root@network:~# swift-ring-builder /etc/swift/object.builder add r1z1-10.0.0.72:6000/device 100 Device d1r1z1-10.0.0.72:6200R10.0.0.72:6200/device_"" with 100.0 weight got id 1
root@network:~#
swift-ring-builder /etc/swift/account.builder add r2z2-10.0.0.73:6002/device 100 Device d2r2z2-10.0.0.73:6202R10.0.0.73:6202/device_"" with 100.0 weight got id 2 root@network:~# swift-ring-builder /etc/swift/container.builder add r2z2-10.0.0.73:6001/device 100 Device d2r2z2-10.0.0.73:6201R10.0.0.73:6201/device_"" with 100.0 weight got id 2 root@network:~# swift-ring-builder /etc/swift/object.builder add r2z2-10.0.0.73:6000/device 100 Device d2r2z2-10.0.0.73:6200R10.0.0.73:6200/device_"" with 100.0 weight got id 2
root@network:~#
root@network:~# swift-ring-builder /etc/swift/account.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 root@network:~# swift-ring-builder /etc/swift/container.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 root@network:~# swift-ring-builder /etc/swift/object.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 chown swift. /etc/swift/*.gz root@network:~# systemctl restart swift-proxy |
[4] | Get valid SSL/TLS certificate or Create self-signed certificate for Network Node and configure Nginx for proxy settings. |
root@network:~# unlink /etc/nginx/sites-enabled/default
root@network:~#
vi /etc/nginx/nginx.conf # add to the end stream { upstream swift-proxy { server 127.0.0.1:8080; } server { listen 10.0.0.50:8080 ssl; proxy_pass swift-proxy; } ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem"; } systemctl restart nginx |
Sponsored Link |