From 5427452057c5719bf7cadf1bd768958d9cdab8c0 Mon Sep 17 00:00:00 2001 From: Gauvain Pocentek Date: Fri, 31 Jan 2014 19:00:17 +0100 Subject: [PATCH] Make the object storage section less Ubuntu centric The Swift section of the install guide tends to assume that the user uses Ubuntu. This change provide more information for other distributions. backport: havana Closes-Bug: #1274473 Closes-Bug: #1274405 Change-Id: I1c1fbea43d29724067185e3ab261cd20b2e0ed72 --- .../section_getstart_object-storage.xml | 6 +- ...ject-storage-install-config-proxy-node.xml | 126 ++++++++---------- ...t-storage-install-config-storage-nodes.xml | 35 ++--- .../section_object-storage-install.xml | 33 ++--- .../section_object-storage-post-install.xml | 2 +- ...ection_object-storage-sys-requirements.xml | 2 +- .../section_start-storage-node-services.xml | 44 ++---- 7 files changed, 100 insertions(+), 148 deletions(-) diff --git a/doc/common/section_getstart_object-storage.xml b/doc/common/section_getstart_object-storage.xml index ecd5c6eedc..8c9503b354 100644 --- a/doc/common/section_getstart_object-storage.xml +++ b/doc/common/section_getstart_object-storage.xml @@ -40,7 +40,9 @@ periodic processes include auditors, updaters, and reapers. + + Configurable WSGI middleware that handles authentication. + Usually the Identity Service. + - Configurable WSGI middleware that handles authentication. - Usually the Identity Service. diff --git a/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml b/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml index 7241faa0c1..4350b0e011 100644 --- a/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml +++ b/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml @@ -8,69 +8,57 @@ for the account, container, or object and routes the requests correctly. The proxy server also handles API requests. You enable account management by configuring it in the - proxy-server.conf file. + /etc/swift/proxy-server.conf file. The Object Storage processes run under a separate user - and group, set by configuration options, and referred to as swift:swiftopenstack-swift:openstack-swift. The default - user is swift, which may not exist on your - system.openstack-swift. + and group, set by configuration options, and referred to as + swift:swiftopenstack-swift:openstack-swift. The default + user is swiftopenstack-swift. Install swift-proxy service: # apt-get install swift-proxy memcached python-keystoneclient python-swiftclient python-webob - # yum install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystone-auth-token - # zypper install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystoneclient + # yum install openstack-swift-proxy memcached python-swiftclient python-keystone-auth-token + # zypper install openstack-swift-proxy memcached python-swiftclient python-keystoneclient python-xml - - Create self-signed cert for SSL: - # cd /etc/swift -# openssl req -new -x509 -nodes -out cert.crt -keyout cert.key - - - Modify memcached to listen on the default interfaces + + Modify memcached to listen on the default interface on a local, non-public network. Edit this line in the /etc/memcached.conf file: - -l 127.0.0.1 + -l 127.0.0.1 Change it to: - -l <PROXY_LOCAL_NET_IP> + -l PROXY_LOCAL_NET_IP - - Restart the memcached server: + + Modify memcached to listen on the default interface + on a local, non-public network. Edit + the /etc/sysconfig/memcached file: + OPTIONS="-l PROXY_LOCAL_NET_IP" + MEMCACHED_PARAMS="-l PROXY_LOCAL_NET_IP" + + + Restart the memcached service: # service memcached restart - - RHEL/CentOS/Fedora only: To set up Object Storage to - authenticate tokens, set the Identity Service Admin - token in the swift proxy file with the - openstack-config command. - # openstack-config --set /etc/swift/proxy-server.conf \ - filter:authtoken admin_token $ADMIN_TOKEN -# sudo openstack-config --set /etc/swift/proxy-server.conf \ - filter:authtoken auth_token $ADMIN_TOKEN - - - Ubuntu only: Because the distribution packages do - not include a copy of the keystoneauth middleware, - ensure that the proxy server includes - them: - $ git clone https://github.com/openstack/swift.git -$ cd swift -$ python setup.py install -$ swift-init proxy start + + Start the memcached service and configure it to start when + the system boots: + # service memcached start +# chkconfig memcached on - Create + Create + Edit /etc/swift/proxy-server.conf: [DEFAULT] bind_port = 8080 -user = swift -user = openstack-swift +user = swiftuser = openstack-swift [pipeline:main] pipeline = healthcheck cache authtoken keystoneauth proxy-server @@ -99,13 +87,10 @@ auth_protocol = http auth_host = controller auth_port = 35357 -# the same admin_token as provided in keystone.conf -admin_token = ADMIN_TOKEN - -# the service tenant and swift userid and password created in Keystone +# the service tenant and swift username and password created in Keystone admin_tenant_name = service admin_user = swift -admin_password = SWIFT_PASS +admin_password = SWIFT_PASS [filter:cache] use = egg:swift#memcache @@ -120,20 +105,11 @@ use = egg:swift#healthcheck If you run multiple memcache servers, put the multiple IP:port listings in the [filter:cache] section of the - proxy-server.conf file: + /etc/swift/proxy-server.conf file: 10.1.2.3:11211,10.1.2.4:11211 Only the proxy server uses memcache. - - Create the signing_dir and set its permissions - accordingly. - # mkdir -p /home/swift/keystone-signing -# chown -R swift:swift /home/swift/keystone-signing - # mkdir -p /home/swift/keystone-signing -# chown -R openstack-swift:openstack-swift /home/swift/keystone-signing - Create the account, container, and object rings. The builder command creates a builder file @@ -153,21 +129,21 @@ use = egg:swift#healthcheck For every storage device on each node add entries to each ring: - # swift-ring-builder account.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP>:6002[R<STORAGE_REPLICATION_NET_IP>:6005]/<DEVICE> 100 -# swift-ring-builder container.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6001[R<STORAGE_REPLICATION_NET_IP>:6004]/<DEVICE> 100 -# swift-ring-builder object.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6000[R<STORAGE_REPLICATION_NET_IP>:6003]/<DEVICE> 100 + # swift-ring-builder account.builder add zZONE-STORAGE_LOCAL_NET_IP:6002[RSTORAGE_REPLICATION_NET_IP:6005]/DEVICE 100 +# swift-ring-builder container.builder add zZONE-STORAGE_LOCAL_NET_IP_1:6001[RSTORAGE_REPLICATION_NET_IP:6004]/DEVICE 100 +# swift-ring-builder object.builder add zZONE-STORAGE_LOCAL_NET_IP_1:6000[RSTORAGE_REPLICATION_NET_IP:6003]/DEVICE 100 You must omit the optional STORAGE_REPLICATION_NET_IP parameter if you do not want to use dedicated network for replication. For example, if a storage node - has a partition in Zone 1 on IP 10.0.0.1, the storage - node has address 10.0.1.1 from replication network. - The mount point of this partition is /srv/node/sdb1, - and the path in rsyncd.conf is - /srv/node/, the DEVICE would be sdb1 and the commands - are: + has a partition in Zone 1 on IP 10.0.0.1, the storage node has + address 10.0.1.1 from replication network. The mount point of + this partition is /srv/node/sdb1, and the + path in /etc/rsyncd.conf is + /srv/node/, the DEVICE would be sdb1 and + the commands are: # swift-ring-builder account.builder add z1-10.0.0.1:6002R10.0.1.1:6005/sdb1 100 # swift-ring-builder container.builder add z1-10.0.0.1:6001R10.0.1.1:6005/sdb1 100 # swift-ring-builder object.builder add z1-10.0.0.1:6000R10.0.1.1:6005/sdb1 100 @@ -196,16 +172,22 @@ use = egg:swift#healthcheck Copy the account.ring.gz, container.ring.gz, and object.ring.gz files to each - of the Proxy and Storage nodes in /etc/swift. + of the Proxy and Storage nodes in /etc/swift. Make sure the swift user owns all configuration files: # chown -R swift:swift /etc/swift # chown -R openstack-swift:openstack-swift /etc/swift - - Start Proxy services: - # service proxy-server start + + Restart the Proxy service: + # service proxy-server restart + + + Start the Proxy service and configure it to start when the + system boots: + # service openstack-swift-proxy start +# chkconfig openstack-swift-proxy on diff --git a/doc/install-guide/object-storage/section_object-storage-install-config-storage-nodes.xml b/doc/install-guide/object-storage/section_object-storage-install-config-storage-nodes.xml index eb2c3460d8..6a1ee23e12 100644 --- a/doc/install-guide/object-storage/section_object-storage-install-config-storage-nodes.xml +++ b/doc/install-guide/object-storage/section_object-storage-install-config-storage-nodes.xml @@ -23,7 +23,7 @@ # yum install openstack-swift-account openstack-swift-container \ openstack-swift-object xfsprogs xinetd # zypper install openstack-swift-account openstack-swift-container \ - openstack-swift-object xfsprogs xinetd + openstack-swift-object python-xml xfsprogs xinetd For each device on the node that you want to use for @@ -35,26 +35,24 @@ touched in this step. The other 10 or 11 disks should be partitioned with a single partition, then formatted in XFS. - # fdisk /dev/sdb + # fdisk /dev/sdb # mkfs.xfs /dev/sdb1 # echo "/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab # mkdir -p /srv/node/sdb1 # mount /srv/node/sdb1 -# chown -R swift:swift /srv/node - # fdisk /dev/sdb -# mkfs.xfs /dev/sdb1 -# echo "/dev/sdb1 /srv/node/sdb1 xfs noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab -# mkdir -p /srv/node/sdb1 -# mount /srv/node/sdb1 -# chown -R openstack-swift:openstack-swift /srv/node +# chown -R swift:swift /srv/node +# chown -R openstack-swift:openstack-swift /srv/node - Create /etc/rsyncd.conf: + Create + /etc/rsyncd.conf: + Replace the content of + /etc/rsyncd.conf with: uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid -address = <STORAGE_LOCAL_NET_IP> +address = STORAGE_LOCAL_NET_IP [account] max connections = 2 @@ -77,7 +75,7 @@ lock file = /var/lock/object.lock gid = openstack-swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid -address = <STORAGE_LOCAL_NET_IP> +address = STORAGE_LOCAL_NET_IP [account] max connections = 2 @@ -103,7 +101,7 @@ lock file = /var/lock/object.lock STORAGE_REPLICATION_NET_IP instead of STORAGE_LOCAL_NET_IP: - address = <STORAGE_REPLICATION_NET_IP> + address = STORAGE_REPLICATION_NET_IP Edit the following line in @@ -119,9 +117,14 @@ lock file = /var/lock/object.lock Start the rsync service: # service rsync start - Start the Start the xinetd service: - # service xinetd start + # service xinetd start + Start the xinetd service and configure it to + start when the system boots: + # service xinetd start +# chkconfig xinetd on The rsync service requires no authentication, so run it on a local, private network. @@ -129,7 +132,7 @@ lock file = /var/lock/object.lock Create the swift recon cache directory and set its - permissions. + permissions: # mkdir -p /var/swift/recon # chown -R swift:swift /var/swift/recon # mkdir -p /var/swift/recon diff --git a/doc/install-guide/object-storage/section_object-storage-install.xml b/doc/install-guide/object-storage/section_object-storage-install.xml index 85ce92f1b3..25cd0dff24 100644 --- a/doc/install-guide/object-storage/section_object-storage-install.xml +++ b/doc/install-guide/object-storage/section_object-storage-install.xml @@ -53,27 +53,15 @@
General installation steps - - Install core Swift files and openSSH. - # apt-get install swift openssh-server rsync memcached python-netifaces \ - python-xattr python-memcache - # yum install openstack-swift openstack-swift-proxy \ - openstack-swift-account openstack-swift-container \ - openstack-swift-object memcached - # zypper install openstack-swift openstack-swift-proxy \ - openstack-swift-account openstack-swift-container \ - openstack-swift-object memcached - Create a swift user that the Object - Storage - Service can use to authenticate with the Identity Service. + Storage Service can use to authenticate with the Identity Service. Choose a password and specify an email address for the swift user. Use the service tenant and give the user the - admin role. + admin role: # keystone user-create --name=swift --pass=SWIFT_PASS \ - --email=swift@example.com + --email=swift@example.com # keystone user-role-add --user=swift --tenant=service --role=admin @@ -88,15 +76,15 @@ | name | swift | | type | object-store | +-------------+----------------------------------+ - The service ID is randomly generated and is different from - the one shown here. + The service ID is randomly generated and is different from + the one shown here. Specify an API endpoint for the Object Storage Service by using the returned service ID. When you specify an endpoint, you provide URLs for the public API, internal API, and admin API. In this guide, the controller host name is - used. + used: # keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ object-store / {print $2}') \ --publicurl='http://controller:8080/v1/AUTH_%(tenant_id)s' \ @@ -114,12 +102,9 @@ +-------------+---------------------------------------------------+ - Create and populate configuration directories on + Create the configuration directory on all nodes: - # mkdir -p /etc/swift -# chown -R swift:swift /etc/swift/ - # mkdir -p /etc/swift -# chown -R openstack-swift:openstack-swift /etc/swift/ + # mkdir -p /etc/swift Create @@ -133,7 +118,7 @@ /etc/swift/swift.conf should be set to some random string of text to be used as a salt when hashing to determine mappings in the ring. - This file should be the same on every node in the + This file must be the same on every node in the cluster! Next, set up your storage nodes and proxy node. This diff --git a/doc/install-guide/object-storage/section_object-storage-post-install.xml b/doc/install-guide/object-storage/section_object-storage-post-install.xml index ed6dca4d6c..63df20c7f2 100644 --- a/doc/install-guide/object-storage/section_object-storage-post-install.xml +++ b/doc/install-guide/object-storage/section_object-storage-post-install.xml @@ -36,7 +36,7 @@ 10.1.2.3:11211,10.1.2.4:11211 [filter:cache] use = egg:swift#memcache -memcache_servers = <PROXY_LOCAL_NET_IP>:11211 +memcache_servers = PROXY_LOCAL_NET_IP:11211 Copy ring information to all diff --git a/doc/install-guide/object-storage/section_object-storage-sys-requirements.xml b/doc/install-guide/object-storage/section_object-storage-sys-requirements.xml index 957cfe186d..e239dc0f59 100644 --- a/doc/install-guide/object-storage/section_object-storage-sys-requirements.xml +++ b/doc/install-guide/object-storage/section_object-storage-sys-requirements.xml @@ -86,7 +86,7 @@ Operating system: OpenStack Object Storage currently runs on Ubuntu, RHEL, CentOS, Fedora, openSUSE, or SLES. - Networking: 1Gpbs or 10 + Networking: 1 Gbps or 10 Gbps is suggested internally. For OpenStack Object Storage, an external network should connect the outside world to the proxy servers, and the storage network is intended to be isolated on diff --git a/doc/install-guide/object-storage/section_start-storage-node-services.xml b/doc/install-guide/object-storage/section_start-storage-node-services.xml index 988b4923ea..cd16bd6ef7 100644 --- a/doc/install-guide/object-storage/section_start-storage-node-services.xml +++ b/doc/install-guide/object-storage/section_start-storage-node-services.xml @@ -7,41 +7,21 @@ Start services on the storage nodes Now that the ring files are on each storage node, you can start the services. On each storage node, run the following - commands: - # service swift-object start -# service swift-object-replicator start -# service swift-object-updater start -# service swift-object-auditor start -# service swift-container start -# service swift-container-replicator start -# service swift-container-updater start -# service swift-container-auditor start -# service swift-account start -# service swift-account-replicator start -# service swift-account-reaper start -# service swift-account-auditor start - # service openstack-swift-object start -# service openstack-swift-object-replicator start -# service openstack-swift-object-updater start -# service openstack-swift-object-auditor start -# service openstack-swift-container start -# service openstack-swift-container-replicator start -# service openstack-swift-container-updater start -# service openstack-swift-container-auditor start -# service openstack-swift-account start -# service openstack-swift-account-replicator start -# service openstack-swift-account-reaper start -# service openstack-swift-account-auditor start + command: + # for service in \ + swift-object swift-object-replicator swift-object-updater swift-object-auditor \ + swift-container swift-container-replicator swift-container-updater swift-container-auditor \ + swift-account swift-account-replicator swift-account-reaper swift-account-auditor; do \ + service $service start; done + # for service in \ + openstack-swift-object openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object-auditor \ + openstack-swift-container openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container-auditor \ + openstack-swift-account openstack-swift-account-replicator openstack-swift-account-reaper openstack-swift-account-auditor; do \ + service $service start; chkconfig $service on; done To start all swift services at once, run the command: - # swift-init main start + # swift-init all start To know more about swift-init command, run: # man swift-init -# service rsyslog restart -# service memcached restart - - On Fedora, you might need to use systemctl restart - service. -