<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="swift-install-controller-node">
<title>Install and configure the controller node</title>
<para>This section describes how to install and configure the proxy
service that handles requests for the account, container, and object
services operating on the storage nodes. For simplicity, this
guide installs and configures the proxy service on the controller node.
However, you can run the proxy service on any node with network
connectivity to the storage nodes. Additionally, you can install and
configure the proxy service on multiple nodes to increase performance
and redundancy. For more information, see the
<link xlink:href="http://docs.openstack.org/developer/swift/deployment_guide.html"
>Deployment Guide</link>.</para>
<procedure>
<title>To configure prerequisites</title>
<para>The proxy service relies on an authentication and authorization
mechanism such as the Identity service. However, unlike other services,
it also offers an internal mechanism that allows it to operate without
any other OpenStack services. However, for simplicity, this guide
references the Identity service in <xref linkend="ch_keystone"/>. Before
you configure the Object Storage service, you must create service
credentials and an API endpoint.</para>
<note>
<para>The Object Storage service does not use a SQL database on
the controller node. Instead, it uses distributed SQLite databases
on each storage node.</para>
</note>
<step>
<para>To create the Identity service credentials, complete these
steps:</para>
<substeps>
<step>
<para>Create the <literal>swift</literal> user:</para>
<screen><prompt>$</prompt> <userinput>openstack user create --password-prompt swift</userinput>
<computeroutput>User Password:
Repeat User Password:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | d535e5cbd2b74ac7bfb97db9cced3ed6 |
| name | swift |
| username | swift |
+----------+----------------------------------+</computeroutput></screen>
</step>
<step>
<para>Add the <literal>admin</literal> role to the
<literal>swift</literal> user:</para>
<screen><prompt>$</prompt> <userinput>openstack role add --project service --user swift admin</userinput>
<computeroutput>+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create the <literal>swift</literal> service entity:</para>
<screen><prompt>$</prompt> <userinput>openstack service create --type object-store \
--description "OpenStack Object Storage" swift</userinput>
<computeroutput>+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Object Storage |
| enabled | True |
| id | 75ef509da2c340499d454ae96a2c5c34 |
| name | swift |
| type | object-store |
+-------------+----------------------------------+</computeroutput></screen>
</step>
</substeps>
</step>
<step>
<para>Create the Object Storage service API endpoint:</para>
<screen><prompt>$</prompt> <userinput>openstack endpoint create \
--publicurl 'http://<replaceable>controller</replaceable>:8080/v1/AUTH_%(tenant_id)s' \
--internalurl 'http://<replaceable>controller</replaceable>:8080/v1/AUTH_%(tenant_id)s' \
--adminurl http://<replaceable>controller</replaceable>:8080 \
--region RegionOne \
object-store</userinput>
<computeroutput>+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| adminurl | http://controller:8080/ |
| id | af534fb8b7ff40a6acf725437c586ebe |
| internalurl | http://controller:8080/v1/AUTH_%(tenant_id)s |
| publicurl | http://controller:8080/v1/AUTH_%(tenant_id)s |
| region | RegionOne |
| service_id | 75ef509da2c340499d454ae96a2c5c34 |
| service_name | swift |
| service_type | object-store |
+--------------+----------------------------------------------+</computeroutput></screen>
</step>
</procedure>
<procedure>
<title>To install and configure the controller node components</title>
<note>
<para>Default configuration files vary by distribution. You might need
to add these sections and options rather than modifying existing
sections and options. Also, an ellipsis (...) in the configuration
snippets indicates potential default configuration options that you
should retain.</para>
</note>
<step>
<para>Install the packages:</para>
<note>
<para>Complete OpenStack environments already include some of these
packages.</para>
</note>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install swift swift-proxy python-swiftclient python-keystoneclient \
python-keystonemiddleware memcached</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-swift-proxy python-swiftclient python-keystone-auth-token \
python-keystonemiddleware memcached</userinput></screen>
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>zypper install openstack-swift-proxy python-swiftclient python-keystoneclient \
python-keystonemiddleware python-xml memcached</userinput></screen>
</step>
<step os="ubuntu;debian">
<para>Create the <literal>/etc/swift</literal> directory.</para>
</step>
<step os="ubuntu;debian;rhel;centos;fedora">
<para>Obtain the proxy service configuration file from the Object
Storage source repository:</para>
<screen><prompt>#</prompt> <userinput>curl -o /etc/swift/proxy-server.conf \
https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/kilo</userinput></screen>
</step>
<step>
<para>Edit the <filename>/etc/swift/proxy-server.conf</filename>
file and complete the following actions:</para>
<substeps>
<step>
<para>In the <literal>[DEFAULT]</literal> section, configure
the bind port, user, and configuration directory:</para>
<programlisting language="ini">[DEFAULT]
...
bind_port = 8080
user = swift
swift_dir = /etc/swift</programlisting>
</step>
<step>
<para>In the <literal>[pipeline:main]</literal> section, enable
the appropriate modules:</para>
<programlisting language="ini">[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo proxy-logging proxy-server</programlisting>
<note>
<para>For more information on other modules that enable
additional features, see the
<link xlink:href="http://docs.openstack.org/developer/swift/deployment_guide.html"
>Deployment Guide</link>.</para>
</note>
</step>
<step>
<para>In the <literal>[app:proxy-server]</literal> section, enable
automatic account creation:</para>
<programlisting language="ini">[app:proxy-server]
...
account_autocreate = true</programlisting>
</step>
<step>
<para>In the <literal>[filter:keystoneauth]</literal> section,
configure the operator roles:</para>
<programlisting language="ini">[filter:keystoneauth]
use = egg:swift#keystoneauth
...
operator_roles = admin,_member_</programlisting>
</step>
<step>
<para>In the <literal>[filter:authtoken]</literal> section,
configure Identity service access:</para>
<programlisting language="ini">[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
...
auth_uri = http://<replaceable>controller</replaceable>:5000
auth_url = http://<replaceable>controller</replaceable>:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = <replaceable>SWIFT_PASS</replaceable>
delay_auth_decision = true</programlisting>
<para>Replace <replaceable>SWIFT_PASS</replaceable> with the
password you chose for the <literal>swift</literal> user in the
Identity service.</para>
<note>
<para>Comment out or remove any other options in the
<literal>[filter:authtoken]</literal> section.</para>
</note>
</step>
<step>
<para>In the <literal>[filter:cache]</literal> section, configure
the <application>memcached</application> location:</para>
<programlisting language="ini">[filter:cache]
...
memcache_servers = 127.0.0.1:11211</programlisting>
</step>
</substeps>
</step>
</procedure>
</section>