OpenStack Pike

2017/09/03

Travaux de synthèse : Taylor VOLI

Volet 10
 2

OpenStack Pike : Configure Swift#2 (Proxy Node)

2017/09/07

Configure OpenStack Object Storage (Swift).

This example is based on the emvironment like follows.
-+---------------+----------------------------+------------
| | |
| eth0|10.0.0.30 eth0|10.0.0.50
| +-----------+-----------+ +-----------+-----------+
| | [ Control Node ] | | [ Proxy Node ] |
| | | | |
| | MariaDB RabbitMQ | | Swift Proxy |
| | Memcached httpd | | |
| | Keystone | | |
| +-----------------------+ +-----------------------+
|
+---------------+----------------------------+-------------------------
---+---------
eth0|10.0.0.71 eth0|10.0.0.72
eth0|10.0.0.73
+-----------+-----------+ +-----------+-----------+ +--------
---+-----------+
| [ Storage Node#1 ] | | [ Storage Node#2 ] | | [
Storage Node#3 ] |
| | | | |
|
| Swift-Account | | Swift-Account | |
Swift-Account |
| Swift-Container | | Swift-Container | |
Swift-Container |
| Swift-Object | | Swift-Object | |
Swift-Object |
+-----------------------+ +-----------------------+ +--------
---------------+

[1] Install Swift-Proxy.

# install from Pike, EPEL

[root@proxy ~]#
yum --enablerepo=centos-openstack-pike,epel -y install openstack-swift-proxy python-
memcached openssh-clients
[2] Configure Swift-Proxy.
[root@proxy ~]#
vi /etc/swift/proxy-server.conf
[filter:cache]
use = egg:swift#memcache
# line 42: specify Memcached server

2
 3

memcache_servers =
10.0.0.30:11211
# end line: change like follows (Keystone auth info)

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
#
admin_tenant_name = %SERVICE_TENANT_NAME%
#
admin_user = %SERVICE_USER%
#
admin_password = %SERVICE_PASSWORD%
#
auth_host = 127.0.0.1
#
auth_port = 35357
#
auth_protocol = http
#
signing_dir = /tmp/keystone-signing-swift
auth_uri = http://10.0.0.30:5000
auth_url = http://10.0.0.30:35357
memcached_servers = 10.0.0.30:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = servicepassword
delay_auth_decision = true
[root@proxy ~]#
vi /etc/swift/swift.conf
# change and add (it is shared among Swift Nodes - any words you like)

[swift-hash]
swift_hash_path_suffix =
swift_shared_path
swift_hash_path_prefix = swift_shared_path
[3] Configure Swift Ring files.
[root@proxy ~]#
swift-ring-builder /etc/swift/account.builder create 12 3 1

[root@proxy ~]#
swift-ring-builder /etc/swift/container.builder create 12 3 1

3
 4

[root@proxy ~]#
swift-ring-builder /etc/swift/object.builder create 12 3 1
[root@proxy ~]#
swift-ring-builder /etc/swift/account.builder add r0z0-10.0.0.71:6202/device0 100

Device d0r0z0-10.0.0.71:6202R10.0.0.71:6202/device0_"" with 100.0 weight got id 0

[root@proxy ~]#
swift-ring-builder /etc/swift/container.builder add r0z0-10.0.0.71:6201/device0 100

Device d0r0z0-10.0.0.71:6201R10.0.0.71:6201/device0_"" with 100.0 weight got id 0

[root@proxy ~]#
swift-ring-builder /etc/swift/object.builder add r0z0-10.0.0.71:6200/device0 100

Device d0r0z0-10.0.0.71:6200R10.0.0.71:6200/device0_"" with 100.0 weight got id 0

[root@proxy ~]#
swift-ring-builder /etc/swift/account.builder add r1z1-10.0.0.72:6202/device1 100

Device d1r1z1-10.0.0.72:6202R10.0.0.72:6202/device1_"" with 100.0 weight got id 1

[root@proxy ~]#
swift-ring-builder /etc/swift/container.builder add r1z1-10.0.0.72:6201/device1 100

Device d1r1z1-10.0.0.72:6201R10.0.0.72:6201/device1_"" with 100.0 weight got id 1

[root@proxy ~]#
swift-ring-builder /etc/swift/object.builder add r1z1-10.0.0.72:6200/device1 100

Device d1r1z1-10.0.0.72:6200R10.0.0.72:6200/device1_"" with 100.0 weight got id 1

[root@proxy ~]#
swift-ring-builder /etc/swift/account.builder add r2z2-10.0.0.73:6202/device2 100

Device d2r2z2-10.0.0.73:6202R10.0.0.73:6202/device2_"" with 100.0 weight got id 2

[root@proxy ~]#
swift-ring-builder /etc/swift/container.builder add r2z2-10.0.0.73:6201/device2 100

Device d2r2z2-10.0.0.73:6201R10.0.0.73:6201/device2_"" with 100.0 weight got id 2

[root@proxy ~]#
swift-ring-builder /etc/swift/object.builder add r2z2-10.0.0.73:6200/device2 100

Device d2r2z2-10.0.0.73:6200R10.0.0.73:6200/device2_"" with 100.0 weight got id 2

[root@proxy ~]#
swift-ring-builder /etc/swift/account.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
[root@proxy ~]#
swift-ring-builder /etc/swift/container.builder rebalance

4
 5

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
[root@proxy ~]#
swift-ring-builder /etc/swift/object.builder rebalance

Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00
[root@proxy ~]#
chown swift. /etc/swift/*.gz

[root@proxy ~]#
systemctl start openstack-swift-proxy

[root@proxy ~]#
systemctl enable openstack-swift-proxy

[4] If Firewalld is running, allow service ports.

[root@proxy ~]#
firewall-cmd --add-port=8080/tcp --permanent

success
[root@proxy ~]#
firewall-cmd --reload

success

5
 6

OpenStack Pike : Configure Swift#3 (Storage Node)

2017/09/07

Configure OpenStack Object Storage (Swift).

This example is based on the emvironment like follows.
-+---------------+----------------------------+------------
| | |
| eth0|10.0.0.30 eth0|10.0.0.50
| +-----------+-----------+ +-----------+-----------+
| | [ Control Node ] | | [ Proxy Node ] |
| | | | |
| | MariaDB RabbitMQ | | Swift Proxy |
| | Memcached httpd | | |
| | Keystone | | |
| +-----------------------+ +-----------------------+
|
+---------------+----------------------------+-------------------------
---+---------
eth0|10.0.0.71 eth0|10.0.0.72
eth0|10.0.0.73
+-----------+-----------+ +-----------+-----------+ +--------
---+-----------+
| [ Storage Node#1 ] | | [ Storage Node#2 ] | | [
Storage Node#3 ] |
| | | | |
|
| Swift-Account | | Swift-Account | |
Swift-Account |
| Swift-Container | | Swift-Container | |
Swift-Container |
| Swift-Object | | Swift-Object | |
Swift-Object |
+-----------------------+ +-----------------------+ +--------
---------------+

Configure Storage Node on this section.

It's OK to set the same settings mostly on all Storage Nodes, but only IP address and Device
number are different each other, though. Furthermore, add Hard drives on each Storage
Nodes and create a partition [/dev/sdb1] for this settings.
Install Swift-Account, Swift-Container, Swift-Object and others on all Storage Node like
[1]
follows.
# install from Pike, EPEL

[root@snode01 ~]#
yum --enablerepo=centos-openstack-pike,epel -y install openstack-swift-account openstack-
swift-container openstack-swift-object xfsprogs rsync openssh-clients
Format free space of disk (/dev/sdb1 on this example) with XFS and mount on [/srv/node] on
[2]
all Storage Node like follows. (the number [device*] is different on each Storage Nodes)

6
 7

[root@snode01 ~]#
mkfs.xfs -i size=1024 -s size=4096 /dev/sdb1

meta-data=/dev/sdb1 isize=1024 agcount=4, agsize=1310656 blks

= sectsz=4096 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=5242624, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0

[root@snode01 ~]#
mkdir -p /srv/node/device0

[root@snode01 ~]#
mount -o noatime,nodiratime,nobarrier /dev/sdb1 /srv/node/device0

[root@snode01 ~]#
chown -R swift. /srv/node

[root@snode01 ~]#
vi /etc/fstab
# add to the end

/dev/sdb1 /srv/node/device0 xfs noatime,nodiratime,nobarrier

0 0
[3] Copy Swift Ring files from the Swift Proxy Node to all Storage Nodes.
[root@proxy ~]#
scp /etc/swift/*.gz 10.0.0.71:/etc/swift/

root@10.0.0.71's password:
account.ring.gz 100% 3912 3.8KB/s 00:00
container.ring.gz 100% 3904 3.8KB/s 00:00
object.ring.gz 100% 3895 3.8KB/s 00:00
[4] Configure Swift and Rsync on all Storage Nodes.
[root@snode01 ~]#
chown swift. /etc/swift/*.gz

[root@snode01 ~]#
vi /etc/swift/swift.conf
# set the value which is set on Proxy Node

[swift-hash]
swift_hash_path_suffix =

7
 8

swift_shared_path
swift_hash_path_prefix = swift_shared_path
[root@snode01 ~]#
vi /etc/swift/account-server.conf
# line 6: change

bind_ip =
0.0.0.0

bind_port = 6202
[root@snode01 ~]#
vi /etc/swift/container-server.conf
# line 6: change

bind_ip =
0.0.0.0

bind_port = 6201
[root@snode01 ~]#
vi /etc/swift/object-server.conf
# line 6: change

bind_ip =
0.0.0.0

bind_port = 6200
[root@snode01 ~]#
vi /etc/rsyncd.conf
# add to the end

pid file = /var/run/rsyncd.pid

log file = /var/log/rsyncd.log
uid = swift
gid = swift
# specify the IP address of each storage node
address = 10.0.0.71

[account]
path = /srv/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/account.lock

[container]
path = /srv/node

8
 9

read only = false

write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/container.lock

[object]
path = /srv/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/object.lock

[swift_server]
path = /etc/swift
read only = true
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 5
lock file = /var/lock/swift_server.lock
On Storage Node, if SELinux is enabled, change policy like follows. Replace the number of
[5]
device [device*] to each Node's one.
[root@snode01 ~]#
semanage fcontext -a -t swift_data_t /srv/node/device0

[root@snode01 ~]#
restorecon /srv/node/device0
[6] On Storage Node, if Firewalld is running, allow service ports.
[root@snode01 ~]#
firewall-cmd --add-port={873/tcp,6200/tcp,6201/tcp,6202/tcp} --permanent

success
[root@snode01 ~]#
firewall-cmd --reload

success
[7] Start Swift services.
[root@snode01 ~]#
systemctl start rsyncd

[root@snode01 ~]#

9
 10

systemctl enable rsyncd

[root@snode01 ~]#
for ringtype in account container object; do
systemctl start openstack-swift-$ringtype
systemctl enable openstack-swift-$ringtype
for service in replicator updater auditor; do
if [ $ringtype != 'account' ] || [ $service != 'updater' ]; then
systemctl start openstack-swift-$ringtype-$service
systemctl enable openstack-swift-$ringtype-$service
fi
done
done

10