OpenStack Zed : Swift 設定 (Proxy ノード)2022/11/11 |
OpenStack Object Storage(Swift)を設定します。
当例では以下のような環境を例に Swift サービスを設定します。
------------+-----------------------------+---------------+--- | | | eth0|10.0.0.30 eth0|10.0.0.50 | +-----------+-----------+ +-----------+-----------+ | | [ dlp.srv.world ] | | [ network.srv.world ] | | | (Control Node) | | (Proxy Node) | | | | | | | | MariaDB RabbitMQ | | Swift Proxy | | | Memcached Nginx | | Nginx | | | Keystone httpd | | | | +-----------------------+ +-----------------------+ | | ------------+-----------------------------+---------------+-------------+----------- eth0|10.0.0.71 eth0|10.0.0.72 eth0|10.0.0.73 +-----------+-----------+ +-----------+-----------+ +-----------+-----------+ | [snode01.srv.world] | | [snode02.srv.world] | | [snode03.srv.world] | | (Storage Node#1) | | (Storage Node#2) | | (Storage Node#3) | | | | | | | | Swift-Account | | Swift-Account | | Swift-Account | | Swift-Container | | Swift-Container | | Swift-Container | | Swift-Object | | Swift-Object | | Swift-Object | +-----------------------+ +-----------------------+ +-----------------------+ |
[1] | Proxy ノードに Swift-Proxy をインストールします。 |
[root@network ~]# dnf --enablerepo=centos-openstack-zed,epel,crb -y install openstack-swift-proxy python3-memcached openssh-clients nginx nginx-mod-stream
|
[2] | Swift-Proxy を設定します。 |
[root@network ~]#
vi /etc/swift/proxy-server.conf # 5行目 : 追記 [DEFAULT] bind_port = 8080 workers = 8 user = swift bind_ip = 127.0.0.1 # 42行目 : Memcached サーバーを指定 [filter:cache] use = egg:swift#memcache memcache_servers = dlp.srv.world:11211 # 最終行 : 以下のように変更 # Control ノードの Keystone に登録した値 [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory #project_name = %SERVICE_TENANT_NAME% #username = %SERVICE_USER% #password = %SERVICE_PASSWORD% #auth_url = http://127.0.0.1:5000 www_authenticate_uri = https://dlp.srv.world:5000 auth_url = https://dlp.srv.world:5000 memcached_servers = dlp.srv.world:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = swift password = servicepassword delay_auth_decision = true
[root@network ~]#
vi /etc/swift/swift.conf # 以下のように追記 & 変更 # Swift ノード間でシェアする値 - 適当な文字列で OK [swift-hash] swift_hash_path_suffix = swift_shared_path
swift_hash_path_prefix = swift_shared_path |
[3] | Swift Ring ファイルの設定です。 |
[root@network ~]#
swift-ring-builder /etc/swift/account.builder create 12 3 1 [root@network ~]# swift-ring-builder /etc/swift/container.builder create 12 3 1 [root@network ~]# swift-ring-builder /etc/swift/object.builder create 12 3 1
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r0z0-10.0.0.71:6202/device 100 Device d0r0z0-10.0.0.71:6202R10.0.0.71:6202/device_"" with 100.0 weight got id 0 [root@network ~]# swift-ring-builder /etc/swift/container.builder add r0z0-10.0.0.71:6201/device 100 Device d0r0z0-10.0.0.71:6201R10.0.0.71:6201/device_"" with 100.0 weight got id 0 [root@network ~]# swift-ring-builder /etc/swift/object.builder add r0z0-10.0.0.71:6200/device 100 Device d0r0z0-10.0.0.71:6200R10.0.0.71:6200/device_"" with 100.0 weight got id 0
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r1z1-10.0.0.72:6202/device 100 Device d1r1z1-10.0.0.72:6202R10.0.0.72:6202/device_"" with 100.0 weight got id 1 [root@network ~]# swift-ring-builder /etc/swift/container.builder add r1z1-10.0.0.72:6201/device 100 Device d1r1z1-10.0.0.72:6201R10.0.0.72:6201/device_"" with 100.0 weight got id 1 [root@network ~]# swift-ring-builder /etc/swift/object.builder add r1z1-10.0.0.72:6200/device 100 Device d1r1z1-10.0.0.72:6200R10.0.0.72:6200/device_"" with 100.0 weight got id 1
[root@network ~]#
swift-ring-builder /etc/swift/account.builder add r2z2-10.0.0.73:6202/device 100 Device d2r2z2-10.0.0.73:6202R10.0.0.73:6202/device_"" with 100.0 weight got id 2 [root@network ~]# swift-ring-builder /etc/swift/container.builder add r2z2-10.0.0.73:6201/device 100 Device d2r2z2-10.0.0.73:6201R10.0.0.73:6201/device_"" with 100.0 weight got id 2 [root@network ~]# swift-ring-builder /etc/swift/object.builder add r2z2-10.0.0.73:6200/device 100 Device d2r2z2-10.0.0.73:6200R10.0.0.73:6200/device_"" with 100.0 weight got id 2
[root@network ~]#
[root@network ~]# swift-ring-builder /etc/swift/account.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 [root@network ~]# swift-ring-builder /etc/swift/container.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 [root@network ~]# swift-ring-builder /etc/swift/object.builder rebalance Reassigned 12288 (300.00%) partitions. Balance is now 0.00. Dispersion is now 0.00 chown swift. /etc/swift/*.gz [root@network ~]# systemctl enable --now openstack-swift-proxy |
[4] | Firewalld を有効にしている場合は、サービスポートの許可が必要です。 |
[root@network ~]# firewall-cmd --add-port=8080/tcp success [root@network ~]# firewall-cmd --runtime-to-permanent success |
[5] | ネットワークノード用の SSL/TLS 証明書を取得 または 自己署名の証明書を作成して、Nginx にプロキシの設定をします。 |
[root@network ~]# mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org
[root@network ~]#
vi /etc/nginx/nginx.conf # 新規作成 user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; } stream { upstream swift-proxy { server 127.0.0.1:8080; } server { listen 10.0.0.50:8080 ssl; proxy_pass swift-proxy; } ssl_certificate "/etc/letsencrypt/live/network.srv.world/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/network.srv.world/privkey.pem"; } systemctl enable --now nginx |
Sponsored Link |
|