Install and configure the controller node

Install and configure the controller node This section describes how to install and configure the proxy service that handles requests for the account, container, and object services operating on the storage nodes. For simplicity, this guide installs and configures the proxy service on the controller node. However, you can run the proxy service on any node with network connectivity to the storage nodes. Additionally, you can install and configure the proxy service on multiple nodes to increase performance and redundancy. For more information, see the Deployment Guide. To configure prerequisites The proxy service relies on an authentication and authorization mechanism such as the Identity service. However, unlike other services, it also offers an internal mechanism that allows it to operate without any other OpenStack services. However, for simplicity, this guide references the Identity service in . Before you configure the Object Storage service, you must create service credentials and API endpoints. The Object Storage service does not use a SQL database on the controller node. To create the Identity service credentials, complete these steps: Create the swift user: $ keystone user-create --name swift --pass SWIFT_PASS +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | d535e5cbd2b74ac7bfb97db9cced3ed6 | | name | swift | | username | swift | +----------+----------------------------------+ Replace SWIFT_PASS with a suitable password. Add the admin role to the swift user: $ keystone user-role-add --user swift --tenant service --role admin This command provides no output. Create the swift service entity: $ keystone service-create --name swift --type object-store \ --description "OpenStack Object Storage" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Object Storage | | enabled | True | | id | 75ef509da2c340499d454ae96a2c5c34 | | name | swift | | type | object-store | +-------------+----------------------------------+ Create the Object Storage service API endpoints: $ keystone endpoint-create \ --service-id $(keystone service-list | awk '/ object-store / {print $2}') \ --publicurl 'http://controller:8080/v1/AUTH_%(tenant_id)s' \ --internalurl 'http://controller:8080/v1/AUTH_%(tenant_id)s' \ --adminurl http://controller:8080 \ --region regionOne +-------------+---------------------------------------------------+ | Property | Value | +-------------+---------------------------------------------------+ | adminurl | http://controller:8080/ | | id | af534fb8b7ff40a6acf725437c586ebe | | internalurl | http://controller:8080/v1/AUTH_%(tenant_id)s | | publicurl | http://controller:8080/v1/AUTH_%(tenant_id)s | | region | regionOne | | service_id | 75ef509da2c340499d454ae96a2c5c34 | +-------------+---------------------------------------------------+ To install and configure the controller node components Install the packages: Complete OpenStack environments already include some of these packages. # apt-get install swift swift-proxy python-swiftclient python-keystoneclient \ python-keystonemiddleware memcached # yum install openstack-swift-proxy python-swiftclient python-keystone-auth-token \ python-keystonemiddleware memcached # zypper install openstack-swift-proxy python-swiftclient python-keystoneclient \ python-keystonemiddleware python-xml memcached Create the /etc/swift directory. Obtain the proxy service configuration file from the Object Storage source repository: # curl -o /etc/swift/proxy-server.conf \ https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/proxy-server.conf-sample Edit the /etc/swift/proxy-server.conf file and complete the following actions: In the [DEFAULT] section, configure the bind port, user, and configuration directory: [DEFAULT] ... bind_port = 8080 user = swift swift_dir = /etc/swift In the [pipeline:main] section, enable the appropriate modules: [pipeline:main] pipeline = authtoken cache healthcheck keystoneauth proxy-logging proxy-server For more information on other modules that enable additional features, see the Deployment Guide. In the [app:proxy-server] section, enable account management: [app:proxy-server] ... allow_account_management = true account_autocreate = true In the [filter:keystoneauth] section, configure the operator roles: [filter:keystoneauth] use = egg:swift#keystoneauth ... operator_roles = admin,_member_ You might need to uncomment this section. In the [filter:authtoken] section, configure Identity service access: [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory ... auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = swift admin_password = SWIFT_PASS delay_auth_decision = true Replace SWIFT_PASS with the password you chose for the swift user in the Identity service. You might need to uncomment this section. Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them. In the [filter:cache] section, configure the memcached location: [filter:cache] ... memcache_servers = 127.0.0.1:11211