CentOS Stream 9
Sponsored Link

OpenStack Caracal : Swift 設定 (Proxy ノード)2024/08/07

 

OpenStack Object Storage(Swift)を設定します。

当例では以下のような環境を例に Swift サービスを設定します。

------------+--------------------------+------------
            |                          |
        eth0|10.0.0.30             eth0|10.0.0.50
+-----------+-----------+  +-----------+-----------+
|   [ dlp.srv.world ]   |  | [ network.srv.world ] |
|     (Control Node)    |  |      (Proxy Node)     |
|                       |  |                       |
|  MariaDB    RabbitMQ  |  |      Swift Proxy      |
|  Memcached  Nginx     |  |         Nginx         |
|  Keystone   httpd     |  |                       |
+-----------------------+  +-----------------------+

------------+--------------------------+--------------------------+-----------
        eth0|10.0.0.71             eth0|10.0.0.72             eth0|10.0.0.73
+-----------+-----------+  +-----------+-----------+  +-----------+-----------+
|  [snode01.srv.world]  |  |  [snode02.srv.world]  |  |  [snode03.srv.world]  |
|    (Storage Node#1)   |  |    (Storage Node#2)   |  |    (Storage Node#3)   |
|                       |  |                       |  |                       |
|     Swift-Account     |  |     Swift-Account     |  |     Swift-Account     |
|    Swift-Container    |  |    Swift-Container    |  |    Swift-Container    |
|     Swift-Object      |  |     Swift-Object      |  |     Swift-Object      |
+-----------------------+  +-----------------------+  +-----------------------+

[1] Proxy ノードに Swift-Proxy をインストールします。
# Caracal, EPEL, CRB からインストール

[root@network ~]#
dnf --enablerepo=centos-openstack-caracal,epel,crb -y install openstack-swift-proxy python3-memcached openssh-clients nginx nginx-mod-stream
[2] Swift-Proxy を設定します。
[root@network ~]#
vi /etc/swift/proxy-server.conf
# 5行目 : 追記
[DEFAULT]
bind_port = 8080
workers = 8
user = swift
bind_ip = 127.0.0.1

# 42行目 : Memcached サーバーを指定
[filter:cache]
use = egg:swift#memcache
memcache_servers = dlp.srv.world:11211

# 最終行 : 以下のように変更
# Control ノードの Keystone に登録した値
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
#project_name = %SERVICE_TENANT_NAME%
#username = %SERVICE_USER%
#password = %SERVICE_PASSWORD%
#auth_url = http://127.0.0.1:5000
www_authenticate_uri = https://dlp.srv.world:5000
auth_url = https://dlp.srv.world:5000
memcached_servers = dlp.srv.world:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = swift
password = servicepassword
delay_auth_decision = true

[root@network ~]#
vi /etc/swift/swift.conf
# 以下のように追記 & 変更
# Swift ノード間でシェアする値 - 適当な文字列で OK

[swift-hash]
swift_hash_path_suffix =
swift_shared_path
swift_hash_path_prefix = swift_shared_path
[3] Swift Ring ファイルの設定です。
[root@network ~]#
swift-ring-builder /etc/swift/account.builder create 12 3 1

[root@network ~]#
swift-ring-builder /etc/swift/container.builder create 12 3 1

[root@network ~]#
swift-ring-builder /etc/swift/object.builder create 12 3 1
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r0z0-10.0.0.71:6202/device 100

Device d0r0z0-10.0.0.71:6202R10.0.0.71:6202/device_"" with 100.0 weight got id 0
[root@network ~]#
swift-ring-builder /etc/swift/container.builder add r0z0-10.0.0.71:6201/device 100

Device d0r0z0-10.0.0.71:6201R10.0.0.71:6201/device_"" with 100.0 weight got id 0
[root@network ~]#
swift-ring-builder /etc/swift/object.builder add r0z0-10.0.0.71:6200/device 100

Device d0r0z0-10.0.0.71:6200R10.0.0.71:6200/device_"" with 100.0 weight got id 0
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r1z1-10.0.0.72:6202/device 100

Device d1r1z1-10.0.0.72:6202R10.0.0.72:6202/device_"" with 100.0 weight got id 1
[root@network ~]#
swift-ring-builder /etc/swift/container.builder add r1z1-10.0.0.72:6201/device 100

Device d1r1z1-10.0.0.72:6201R10.0.0.72:6201/device_"" with 100.0 weight got id 1
[root@network ~]#
swift-ring-builder /etc/swift/object.builder add r1z1-10.0.0.72:6200/device 100

Device d1r1z1-10.0.0.72:6200R10.0.0.72:6200/device_"" with 100.0 weight got id 1
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r2z2-10.0.0.73:6202/device 100

Device d2r2z2-10.0.0.73:6202R10.0.0.73:6202/device_"" with 100.0 weight got id 2
[root@network ~]#
swift-ring-builder /etc/swift/container.builder add r2z2-10.0.0.73:6201/device 100

Device d2r2z2-10.0.0.73:6201R10.0.0.73:6201/device_"" with 100.0 weight got id 2
[root@network ~]#
swift-ring-builder /etc/swift/object.builder add r2z2-10.0.0.73:6200/device 100

Device d2r2z2-10.0.0.73:6200R10.0.0.73:6200/device_"" with 100.0 weight got id 2
[root@network ~]#
swift-ring-builder /etc/swift/account.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
[root@network ~]#
swift-ring-builder /etc/swift/container.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
[root@network ~]#
swift-ring-builder /etc/swift/object.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
[root@network ~]#
chown swift:swift /etc/swift/*.gz

[root@network ~]#
systemctl enable --now openstack-swift-proxy

[4] Firewalld を有効にしている場合は、サービスポートの許可が必要です。
[root@network ~]#
firewall-cmd --add-port=8080/tcp

success
[root@network ~]#
firewall-cmd --runtime-to-permanent

success
[5] ネットワークノード用の SSL/TLS 証明書を取得 または 自己署名の証明書を作成して、Nginx にプロキシの設定をします。
[root@network ~]#
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org

[root@network ~]#
vi /etc/nginx/nginx.conf
# 新規作成

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
}

stream {
    upstream swift-proxy {
        server 127.0.0.1:8080;
    }
    server {
        listen 10.0.0.50:8080 ssl;
        proxy_pass swift-proxy;
    }
    ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem";
}
[root@network ~]#
systemctl enable --now nginx

関連コンテンツ