Ubuntu 24.04
Sponsored Link

OpenStack Dalmatian : Swift 設定 (Proxy ノード)2024/10/14

 

OpenStack Object Storage(Swift)を設定します。

当例では以下のような環境を例に Swift サービスを設定します。

------------+--------------------------+------------
            |                          |
        eth0|10.0.0.30             eth0|10.0.0.50
+-----------+-----------+  +-----------+-----------+
|   [ dlp.srv.world ]   |  | [ network.srv.world ] |
|     (Control Node)    |  |      (Proxy Node)     |
|                       |  |                       |
|  MariaDB    RabbitMQ  |  |      Swift Proxy      |
|  Memcached  Nginx     |  |         Nginx         |
|  Keystone   httpd     |  |                       |
+-----------------------+  +-----------------------+

------------+--------------------------+--------------------------+-----------
        eth0|10.0.0.71             eth0|10.0.0.72             eth0|10.0.0.73
+-----------+-----------+  +-----------+-----------+  +-----------+-----------+
|  [snode01.srv.world]  |  |  [snode02.srv.world]  |  |  [snode03.srv.world]  |
|    (Storage Node#1)   |  |    (Storage Node#2)   |  |    (Storage Node#3)   |
|                       |  |                       |  |                       |
|     Swift-Account     |  |     Swift-Account     |  |     Swift-Account     |
|    Swift-Container    |  |    Swift-Container    |  |    Swift-Container    |
|     Swift-Object      |  |     Swift-Object      |  |     Swift-Object      |
+-----------------------+  +-----------------------+  +-----------------------+

[1] こちらの [3] を参考に OpenStack Dalmatian リポジトリを設定後、Swift-Proxy をインストールします。
root@network:~#
apt -y install swift swift-proxy python3-swiftclient python3-keystonemiddleware python3-memcache nginx libnginx-mod-stream
[2] Swift-Proxy を設定します。
root@network:~#
vi /etc/swift/proxy-server.conf
# 新規作成

[DEFAULT]
bind_ip = 127.0.0.1
bind_port = 8080
keep_idle = 600
bind_timeout = 30
backlog = 4096
swift_dir = /etc/swift
user = swift

[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk ratelimit copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server

[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true

[filter:s3api]
use = egg:swift#s3api

[filter:s3token]
use = egg:swift#s3token
reseller_prefix = AUTH_
delay_auth_decision = False
# Keystone 認証情報
auth_uri = https://dlp.srv.world:5000/v3
http_timeout = 10.0
auth_url = https://dlp.srv.world:5000
auth_type = password
project_domain_name = Default
project_domain_id = default
user_domain_name = Default
project_name = service
username = swift
password = servicepassword

[filter:healthcheck]
use = egg:swift#healthcheck

[filter:cache]
use = egg:swift#memcache
# Memcached サーバーを指定
memcache_servers = dlp.srv.world:11211

[filter:ratelimit]
use = egg:swift#ratelimit

[filter:read_only]
use = egg:swift#read_only

[filter:domain_remap]
use = egg:swift#domain_remap

[filter:catch_errors]
use = egg:swift#catch_errors

[filter:cname_lookup]
use = egg:swift#cname_lookup

[filter:staticweb]
use = egg:swift#staticweb

[filter:formpost]
use = egg:swift#formpost

[filter:name_check]
use = egg:swift#name_check

[filter:etag-quoter]
use = egg:swift#etag_quoter

[filter:list-endpoints]
use = egg:swift#list_endpoints

[filter:proxy-logging]
use = egg:swift#proxy_logging

[filter:bulk]
use = egg:swift#bulk

[filter:slo]
use = egg:swift#slo

[filter:dlo]
use = egg:swift#dlo

[filter:container-quotas]
use = egg:swift#container_quotas

[filter:account-quotas]
use = egg:swift#account_quotas

[filter:gatekeeper]
use = egg:swift#gatekeeper

[filter:container_sync]
use = egg:swift#container_sync

[filter:xprofile]
use = egg:swift#xprofile

[filter:versioned_writes]
use = egg:swift#versioned_writes

[filter:copy]
use = egg:swift#copy

[filter:keymaster]
use = egg:swift#keymaster
meta_version_to_write = 2
encryption_root_secret = my_root_secret

[filter:kms_keymaster]
use = egg:swift#kms_keymaster

[filter:kmip_keymaster]
use = egg:swift#kmip_keymaster

[filter:encryption]
use = egg:swift#encryption

[filter:listing_formats]
use = egg:swift#listing_formats

[filter:symlink]
use = egg:swift#symlink

root@network:~#
vi /etc/swift/swift.conf
# 新規作成
# Swift ノード間でシェアする値 : 適当な文字列で OK

[swift-hash]
swift_hash_path_suffix = swift_shared_path
swift_hash_path_prefix = swift_shared_path
root@network:~#
chown -R swift:swift /etc/swift
[3] Swift Ring ファイルの設定です。
root@network:~#
swift-ring-builder /etc/swift/account.builder create 12 3 1

root@network:~#
swift-ring-builder /etc/swift/container.builder create 12 3 1

root@network:~#
swift-ring-builder /etc/swift/object.builder create 12 3 1
root@network:~#
swift-ring-builder /etc/swift/account.builder add r0z0-10.0.0.71:6002/device 100

Device d0r0z0-10.0.0.71:6202R10.0.0.71:6202/device_"" with 100.0 weight got id 0
root@network:~#
swift-ring-builder /etc/swift/container.builder add r0z0-10.0.0.71:6001/device 100

Device d0r0z0-10.0.0.71:6201R10.0.0.71:6201/device_"" with 100.0 weight got id 0
root@network:~#
swift-ring-builder /etc/swift/object.builder add r0z0-10.0.0.71:6000/device 100

Device d0r0z0-10.0.0.71:6200R10.0.0.71:6200/device_"" with 100.0 weight got id 0
root@network:~#
swift-ring-builder /etc/swift/account.builder add r1z1-10.0.0.72:6002/device 100

Device d1r1z1-10.0.0.72:6202R10.0.0.72:6202/device_"" with 100.0 weight got id 1
root@network:~#
swift-ring-builder /etc/swift/container.builder add r1z1-10.0.0.72:6001/device 100

Device d1r1z1-10.0.0.72:6201R10.0.0.72:6201/device_"" with 100.0 weight got id 1
root@network:~#
swift-ring-builder /etc/swift/object.builder add r1z1-10.0.0.72:6000/device 100

Device d1r1z1-10.0.0.72:6200R10.0.0.72:6200/device_"" with 100.0 weight got id 1
root@network:~#
swift-ring-builder /etc/swift/account.builder add r2z2-10.0.0.73:6002/device 100

Device d2r2z2-10.0.0.73:6202R10.0.0.73:6202/device_"" with 100.0 weight got id 2
root@network:~#
swift-ring-builder /etc/swift/container.builder add r2z2-10.0.0.73:6001/device 100

Device d2r2z2-10.0.0.73:6201R10.0.0.73:6201/device_"" with 100.0 weight got id 2
root@network:~#
swift-ring-builder /etc/swift/object.builder add r2z2-10.0.0.73:6000/device 100

Device d2r2z2-10.0.0.73:6200R10.0.0.73:6200/device_"" with 100.0 weight got id 2
root@network:~#
swift-ring-builder /etc/swift/account.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
root@network:~#
swift-ring-builder /etc/swift/container.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
root@network:~#
swift-ring-builder /etc/swift/object.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
root@network:~#
chown swift:swift /etc/swift/*.gz

root@network:~#
systemctl restart swift-proxy

[4] ネットワークノード用の SSL/TLS 証明書を取得 または 自己署名の証明書を作成して、Nginx にプロキシの設定をします。
root@network:~#
unlink /etc/nginx/sites-enabled/default

root@network:~#
vi /etc/nginx/nginx.conf
# 最終行に追記

stream {
    upstream swift-proxy {
        server 127.0.0.1:8080;
    }
    server {
        listen 10.0.0.50:8080 ssl;
        proxy_pass swift-proxy;
    }
    ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem";
}

root@network:~#
systemctl restart nginx

関連コンテンツ