OpenStack Ussuri : Swift
OpenStack Ussuri : Swift
----------------------- ----------------------- -----------------------
| [ Controller Node ] | | [ Compute Node ] | | [ Network Node ] |
| | | Libvirt | | Open vSwitch |
| MariaDB RabbitMQ | | Nova compute | | L2 Agent |
| Memcached Keystone | | Open vSwitch | | L3 Agent |
| httpd Cinder API | | L2 Agent | | metadata agent |
| Nova-API Compute | | Cinder-LVM | | Swift-proxy |
| L2 agent L3 agent | | NFS | -----------------------
| metadata agent | -----------------------
| Neutron Server |
-----------------------
---------------------------------
| [ Storage Node 1, 2, 3 ] |
| |
| Swift-account-auditor |
| Swift-account-replicator |
| Swift-account |
| Swift-container-auditor |
| Swift-container-replicator |
| Swift-container-updater |
| Swift-container |
| Swift-object-auditor |
| Swift-object-replicator |
| Swift-object-updater |
| Swift-swift-object |
---------------------------------OpenStack Ussuri : Swift
- Swift는 우리가 흔히 사용하는 네이버 클라우드, 구글 드라이브와 같은 오브젝트 스토리지 서비스 입니다.
- Swift 설치는 network, Storage 순으로 이루어집니다.
- Swift*에 대한 설명은 Swift을 참조해주세요.
$ controller ~(keystone)> openstack user create --domain default --project service --password qwer1234 swift
+--------------------------------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | b470c69e28db47cdbfc81e06cc67f627 |
| domain_id | default |
| enabled | True |
| id | dd2f0225406249b195e4feff91eca393 |
| name | swift |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project service --user swift admin
$ controller ~(keystone)> openstack service create --name swift --description "OpenStack Object Storage" object-store
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Object Storage |
| enabled | True |
| id | d9d7bc4b99774d3ba701e2eae93edfe2 |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne object-store public http://network:8080/v1/AUTH_%\(tenant_id\)s
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | a70e1ac16a9144529ea49132cd7dd39e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d9d7bc4b99774d3ba701e2eae93edfe2 |
| service_name | swift |
| service_type | object-store |
| url | http://network:8080/v1/AUTH_%(tenant_id)s |
+--------------+------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne object-store internal http://network:8080/v1/AUTH_%\(tenant_id\)s
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | 6b5ea7b028f94035aef5601cf35d3a29 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d9d7bc4b99774d3ba701e2eae93edfe2 |
| service_name | swift |
| service_type | object-store |
| url | http://network:8080/v1/AUTH_%(tenant_id)s |
+--------------+------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne object-store admin http://network:8080/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 08c18a5313f642d59de980f51666f830 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d9d7bc4b99774d3ba701e2eae93edfe2 |
| service_name | swift |
| service_type | object-store |
| url | http://network:8080/v1 |
+--------------+----------------------------------+
Network Node Swift-Proxy 설치
$ network> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-swift-proxy python3-memcached openssh-clients
# swift-proxy 및 관련 모듈을 설치합니다.
$ network> vi /etc/swift/proxy-server.conf
[filter:cache]
use = egg:swift#memcache
memcache_servers = controller:11211
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
# auth_host = 127.0.0.1
# auth_port = 35357
# auth_protocol = http
# signing_dir = /tmp/keystone-signing-swift
# 주석처리 후, 하단의 아래의 항모들을 추가합니다.합니다.
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = qwer1234
delay_auth_decision = true
$ network> vi /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = swift_shared_path
swift_hash_path_prefix = swift_shared_path
# 파일 안에 내용들을 삭제 후, 생성합니다.
$ network> swift-ring-builder /etc/swift/account.builder create 12 3 1
$ network> swift-ring-builder /etc/swift/container.builder create 12 3 1
$ network> swift-ring-builder /etc/swift/object.builder create 12 3 1
$ network> swift-ring-builder /etc/swift/account.builder add r0z0-10.10.10.50:6202/device 100
$ network> swift-ring-builder /etc/swift/container.builder add r0z0-10.10.10.50:6201/device 100
$ network> swift-ring-builder /etc/swift/object.builder add r0z0-10.10.10.50:6200/device 100
$ network> swift-ring-builder /etc/swift/account.builder add r1z1-10.10.10.51:6202/device 100
$ network> swift-ring-builder /etc/swift/container.builder add r1z1-10.10.10.51:6201/device 100
$ network> swift-ring-builder /etc/swift/object.builder add r1z1-10.10.10.51:6200/device 100
$ network> swift-ring-builder /etc/swift/account.builder add r2z2-10.10.10.52:6202/device 100
$ network> swift-ring-builder /etc/swift/container.builder add r2z2-10.10.10.52:6201/device 100
$ network> swift-ring-builder /etc/swift/object.builder add r2z2-10.10.10.52:6200/device 100
$ network> swift-ring-builder /etc/swift/account.builder rebalance
$ network> swift-ring-builder /etc/swift/container.builder rebalance
$ network> swift-ring-builder /etc/swift/object.builder rebalance
$ network> chown swift. /etc/swift/*.gz
$ network> systemctl enable --now openstack-swift-proxy
$ network> firewall-cmd --add-port=8080/tcp --permanent
$ network> firewall-cmd --reload
Swift Stoage Node 설치
$ storage all> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-swift-account openstack-swift-container openstack-swift-object openstack-selinux xfsprogs rsync rsync-daemon openssh-clients
# swift 밒 관련 모듈을 설치합니다.
$ storage all> mkfs.xfs -i size=1024 -s size=4096 /dev/sdb1
$ storage all> mkdir -p /srv/node/device
$ storage all> mount -o noatime,nodiratime /dev/sdb1 /srv/node/device
$ storage all> chown -R swift. /srv/node
# 하드 디스크를 임포트 후, XFS로 포맷을 진행합니다.
$ storage all> vi /etc/fstab
/dev/sdb1 /srv/node/device xfs noatime,nodiratime 0 0
# 설정을 fstab의 등록합니다.
$ network> scp /etc/swift/*.gz storage1:/etc/swift/
$ network> scp /etc/swift/*.gz storage2:/etc/swift/
$ network> scp /etc/swift/*.gz storage3:/etc/swift/
# 설정을 복사합니다.
$ storage all> chown swift. /etc/swift/*.gz
$ storage all> vi /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = swift_shared_path
swift_hash_path_prefix = swift_shared_path
$ storage all> vi /etc/swift/account-server.conf
bind_ip = 0.0.0.0
bind_port = 6202
$ storage all> vi /etc/swift/container-server.conf
bind_ip = 0.0.0.0
bind_port = 6201
$ storage all> vi /etc/swift/object-server.conf
bind_ip = 0.0.0.0
bind_port = 6200
$ storage all> vi /etc/rsyncd.conf
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
uid = swift
gid = swift
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
uid = swift
gid = swift
address = storage1 or storage2 or storage3
[account]
path = /srv/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/account.lock
[container]
path = /srv/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/container.lock
[object]
path = /srv/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/object.lock
[swift_server]
path = /etc/swift
read only = true
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 5
lock file = /var/lock/swift_server.lock
$ storage all> semanage fcontext -a -t swift_data_t /srv/node/device
$ storage all> restorecon /srv/node/device
$ storage all> firewall-cmd --add-port={873/tcp,6200/tcp,6201/tcp,6202/tcp} --permanent
$ storage all> firewall-cmd --reload
# SELinux 및 방화벽을 설정합니다.
$ storage all> systemctl enable --now rsyncd \
openstack-swift-account-auditor \
openstack-swift-account-replicator \
openstack-swift-account \
openstack-swift-container-auditor \
openstack-swift-container-replicator \
openstack-swift-container-updater \
openstack-swift-container \
openstack-swift-object-auditor \
openstack-swift-object-replicator \
openstack-swift-object-updater \
openstack-swift-object
# swift 서비스를 등록 및 시작합니다.
확인
$ controller ~(keystone)> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install python3-openstackclient python3-keystoneclient python3-swiftclient
# swift 사용을 위해 관련 모듈을 설치합니다.
$ controller ~(keystone)> openstack project create --domain default --description "Swift Service Project" swiftservice
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Swift Service Project |
| domain_id | default |
| enabled | True |
| id | ab658f35464e49b7a3df626e09feab91 |
| is_domain | False |
| name | swiftservice |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack role create SwiftOperator
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 3818d26e54244c1ba5d0481e9ad44e6e |
| name | SwiftOperator |
| options | {} |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack user create --domain default --project swiftservice --password qwer1234 swiftuser01
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | ab658f35464e49b7a3df626e09feab91 |
| domain_id | default |
| enabled | True |
| id | 2ac2c69fd55a4bef95b2a8b728f131a7 |
| name | swiftuser01 |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project swiftservice --user swiftuser01 SwiftOperator
$ controller ~(keystone)> vi ~/swift
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=swiftservice
export OS_USERNAME=swiftuser01
export OS_PASSWORD=qwer1234
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export PS1='[\u@\h \W(swift)]\$ '
$ controller ~(keystone)> chmod 600 ~/swift
$ controller ~(keystone)> source ~/swift
$ controller ~(keystone)> echo "source ~/swift " >> ~/.bash_profile
$ controller ~(swift)> swift stat
Account: AUTH_ab658f35464e49b7a3df626e09feab91
Containers: 0
Objects: 0
Bytes: 0
Content-Type: text/plain; charset=utf-8
X-Timestamp: 1597360203.35834
X-Put-Timestamp: 1597360203.35834
Vary: Accept
X-Trans-Id: tx09982b0a02ac4b7eac244-005f35c849
X-Openstack-Request-Id: tx09982b0a02ac4b7eac244-005f35c849
$ controller ~(swift)> openstack container create test
+---------------------------------------+-----------+------------------------------------+
| account | container | x-trans-id |
+---------------------------------------+-----------+------------------------------------+
| AUTH_ab658f35464e49b7a3df626e09feab91 | test | txce00712612794927965f7-005f35c864 |
+---------------------------------------+-----------+------------------------------------+
$ controller ~(swift)> openstack container list
+------+
| Name |
+------+
| test |
+------+
$ controller ~(swift)> openstack object create testfile.txt test
$ controller ~(swift)> openstack object list test
$ controller ~(swift)> rm testfile.txt
$ controller ~(swift)> openstack object save test testfile.txt
$ controller ~(swift)> ll testfile.txt
$ controller ~(swift)> openstack object delete test testfile.txt
$ controller ~(swift)> openstack object list test
마지막 수정일자