Install and configure the proxy node
The proxy server takes each request and looks up locations
for the account, container, or object and routes the requests
correctly. The proxy server also handles API requests. You
enable account management by configuring it in the
/etc/swift/proxy-server.conf file.
The Object Storage processes run under a separate user
and group, set by configuration options, and referred to as
swift:swift. The default
user is swift.
Install swift-proxy service:
# apt-get install swift-proxy memcached python-keystoneclient python-swiftclient python-webob
# yum install openstack-swift-proxy memcached python-swiftclient python-keystone-auth-token
# zypper install openstack-swift-proxy memcached python-swiftclient python-keystoneclient python-xml
Modify memcached to listen on the default interface
on a local, non-public network. Edit this line in
the /etc/memcached.conf file:
-l 127.0.0.1
Change it to:
-l PROXY_LOCAL_NET_IP
Modify memcached to listen on the default interface
on a local, non-public network. Edit
the /etc/sysconfig/memcached file:
OPTIONS="-l PROXY_LOCAL_NET_IP"
MEMCACHED_PARAMS="-l PROXY_LOCAL_NET_IP"
Restart the memcached service:
# service memcached restart
Start the memcached service and configure it to start when
the system boots:
# service memcached start
# chkconfig memcached on
Create
Edit
/etc/swift/proxy-server.conf:
[DEFAULT]
bind_port = 8080
user = swift
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = Member,admin,swiftoperator
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
# cache directory for signing certificate
signing_dir = /home/swift/keystone-signing
# auth_* settings refer to the Keystone server
auth_protocol = http
auth_host = controller
auth_port = 35357
# the service tenant and swift username and password created in Keystone
admin_tenant_name = service
admin_user = swift
admin_password = SWIFT_PASS
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
If you run multiple memcache servers, put the
multiple IP:port listings in the [filter:cache]
section of the
/etc/swift/proxy-server.conf file:
10.1.2.3:11211,10.1.2.4:11211
Only the proxy server uses memcache.
Create the account, container, and object rings. The
builder command creates a builder file
with a few parameters. The parameter with the value of
18 represents 2 ^ 18th, the value that the partition
is sized to. Set this “partition power” value
based on the total amount of storage you expect your
entire ring to use. The value 3 represents the
number of replicas of each object, with the last value
being the number of hours to restrict moving a
partition more than once.
# cd /etc/swift
# swift-ring-builder account.builder create 18 3 1
# swift-ring-builder container.builder create 18 3 1
# swift-ring-builder object.builder create 18 3 1
For every storage device on each node add entries to
each ring:
# swift-ring-builder account.builder add zZONE-STORAGE_LOCAL_NET_IP:6002[RSTORAGE_REPLICATION_NET_IP:6005]/DEVICE 100
# swift-ring-builder container.builder add zZONE-STORAGE_LOCAL_NET_IP_1:6001[RSTORAGE_REPLICATION_NET_IP:6004]/DEVICE 100
# swift-ring-builder object.builder add zZONE-STORAGE_LOCAL_NET_IP_1:6000[RSTORAGE_REPLICATION_NET_IP:6003]/DEVICE 100
You must omit the optional STORAGE_REPLICATION_NET_IP parameter if you
do not want to use dedicated network for
replication.
For example, if a storage node
has a partition in Zone 1 on IP 10.0.0.1, the storage node has
address 10.0.1.1 from replication network. The mount point of
this partition is /srv/node/sdb1, and the
path in /etc/rsyncd.conf is
/srv/node/, the DEVICE would be sdb1 and
the commands are:
# swift-ring-builder account.builder add z1-10.0.0.1:6002R10.0.1.1:6005/sdb1 100
# swift-ring-builder container.builder add z1-10.0.0.1:6001R10.0.1.1:6004/sdb1 100
# swift-ring-builder object.builder add z1-10.0.0.1:6000R10.0.1.1:6003/sdb1 100
If you assume five zones with one node for each
zone, start ZONE at 1. For each additional node,
increment ZONE by 1.
Verify the ring contents for each ring:
# swift-ring-builder account.builder
# swift-ring-builder container.builder
# swift-ring-builder object.builder
Rebalance the rings:
# swift-ring-builder account.builder rebalance
# swift-ring-builder container.builder rebalance
# swift-ring-builder object.builder rebalance
Rebalancing rings can take some time.
Copy the account.ring.gz,
container.ring.gz, and
object.ring.gz files to each
of the Proxy and Storage nodes in /etc/swift.
Make sure the swift user owns all configuration files:
# chown -R swift:swift /etc/swift
Restart the Proxy service:
# service swift-proxy restart
Start the Proxy service and configure it to start when the
system boots:
# service openstack-swift-proxy start
# chkconfig openstack-swift-proxy on