03f614acb9
add "source admin-openrc.sh" before create swift user. already checked by apache maven in local environment. URL: http://docs.openstack.org/kilo/install-guide/install/apt/content/swift-install-controller-node.html Change-Id: I7a830ecf68f385912c04e31ce749ee143b38112c Closes-Bug: #1473312
211 lines
10 KiB
XML
211 lines
10 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="swift-install-controller-node">
|
|
<title>Install and configure the controller node</title>
|
|
<para>This section describes how to install and configure the proxy
|
|
service that handles requests for the account, container, and object
|
|
services operating on the storage nodes. For simplicity, this
|
|
guide installs and configures the proxy service on the controller node.
|
|
However, you can run the proxy service on any node with network
|
|
connectivity to the storage nodes. Additionally, you can install and
|
|
configure the proxy service on multiple nodes to increase performance
|
|
and redundancy. For more information, see the
|
|
<link xlink:href="http://docs.openstack.org/developer/swift/deployment_guide.html"
|
|
>Deployment Guide</link>.</para>
|
|
<procedure>
|
|
<title>To configure prerequisites</title>
|
|
<para>The proxy service relies on an authentication and authorization
|
|
mechanism such as the Identity service. However, unlike other services,
|
|
it also offers an internal mechanism that allows it to operate without
|
|
any other OpenStack services. However, for simplicity, this guide
|
|
references the Identity service in <xref linkend="ch_keystone"/>. Before
|
|
you configure the Object Storage service, you must create service
|
|
credentials and an API endpoint.</para>
|
|
<note>
|
|
<para>The Object Storage service does not use a SQL database on
|
|
the controller node. Instead, it uses distributed SQLite databases
|
|
on each storage node.</para>
|
|
</note>
|
|
<step>
|
|
<para>Source the <literal>admin</literal> credentials to gain access to
|
|
admin-only CLI commands:</para>
|
|
<screen><prompt>$</prompt> <userinput>source admin-openrc.sh</userinput>
|
|
</screen>
|
|
</step>
|
|
<step>
|
|
<para>To create the Identity service credentials, complete these
|
|
steps:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Create the <literal>swift</literal> user:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack user create --password-prompt swift</userinput>
|
|
<computeroutput>User Password:
|
|
Repeat User Password:
|
|
+----------+----------------------------------+
|
|
| Field | Value |
|
|
+----------+----------------------------------+
|
|
| email | None |
|
|
| enabled | True |
|
|
| id | d535e5cbd2b74ac7bfb97db9cced3ed6 |
|
|
| name | swift |
|
|
| username | swift |
|
|
+----------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add the <literal>admin</literal> role to the
|
|
<literal>swift</literal> user:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack role add --project service --user swift admin</userinput>
|
|
<computeroutput>+-------+----------------------------------+
|
|
| Field | Value |
|
|
+-------+----------------------------------+
|
|
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
|
|
| name | admin |
|
|
+-------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>swift</literal> service entity:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack service create --name swift \
|
|
--description "OpenStack Object Storage" object-store</userinput>
|
|
<computeroutput>+-------------+----------------------------------+
|
|
| Field | Value |
|
|
+-------------+----------------------------------+
|
|
| description | OpenStack Object Storage |
|
|
| enabled | True |
|
|
| id | 75ef509da2c340499d454ae96a2c5c34 |
|
|
| name | swift |
|
|
| type | object-store |
|
|
+-------------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step>
|
|
<para>Create the Object Storage service API endpoint:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack endpoint create \
|
|
--publicurl 'http://<replaceable>controller</replaceable>:8080/v1/AUTH_%(tenant_id)s' \
|
|
--internalurl 'http://<replaceable>controller</replaceable>:8080/v1/AUTH_%(tenant_id)s' \
|
|
--adminurl http://<replaceable>controller</replaceable>:8080 \
|
|
--region RegionOne \
|
|
object-store</userinput>
|
|
<computeroutput>+--------------+----------------------------------------------+
|
|
| Field | Value |
|
|
+--------------+----------------------------------------------+
|
|
| adminurl | http://controller:8080/ |
|
|
| id | af534fb8b7ff40a6acf725437c586ebe |
|
|
| internalurl | http://controller:8080/v1/AUTH_%(tenant_id)s |
|
|
| publicurl | http://controller:8080/v1/AUTH_%(tenant_id)s |
|
|
| region | RegionOne |
|
|
| service_id | 75ef509da2c340499d454ae96a2c5c34 |
|
|
| service_name | swift |
|
|
| service_type | object-store |
|
|
+--------------+----------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To install and configure the controller node components</title>
|
|
<note>
|
|
<para>Default configuration files vary by distribution. You might need
|
|
to add these sections and options rather than modifying existing
|
|
sections and options. Also, an ellipsis (...) in the configuration
|
|
snippets indicates potential default configuration options that you
|
|
should retain.</para>
|
|
</note>
|
|
<step>
|
|
<para>Install the packages:</para>
|
|
<note>
|
|
<para>Complete OpenStack environments already include some of these
|
|
packages.</para>
|
|
</note>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install swift swift-proxy python-swiftclient python-keystoneclient \
|
|
python-keystonemiddleware memcached</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-swift-proxy python-swiftclient python-keystone-auth-token \
|
|
python-keystonemiddleware memcached</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>zypper install openstack-swift-proxy python-swiftclient python-keystoneclient \
|
|
python-keystonemiddleware python-xml memcached</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu;debian">
|
|
<para>Create the <literal>/etc/swift</literal> directory.</para>
|
|
</step>
|
|
<step os="ubuntu;debian;rhel;centos;fedora">
|
|
<para>Obtain the proxy service configuration file from the Object
|
|
Storage source repository:</para>
|
|
<screen><prompt>#</prompt> <userinput>curl -o /etc/swift/proxy-server.conf \
|
|
https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/kilo</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Edit the <filename>/etc/swift/proxy-server.conf</filename>
|
|
file and complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> section, configure
|
|
the bind port, user, and configuration directory:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
bind_port = 8080
|
|
user = swift
|
|
swift_dir = /etc/swift</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[pipeline:main]</literal> section, enable
|
|
the appropriate modules:</para>
|
|
<programlisting language="ini">[pipeline:main]
|
|
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo proxy-logging proxy-server</programlisting>
|
|
<note>
|
|
<para>For more information on other modules that enable
|
|
additional features, see the
|
|
<link xlink:href="http://docs.openstack.org/developer/swift/deployment_guide.html"
|
|
>Deployment Guide</link>.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[app:proxy-server]</literal> section, enable
|
|
automatic account creation:</para>
|
|
<programlisting language="ini">[app:proxy-server]
|
|
...
|
|
account_autocreate = true</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[filter:keystoneauth]</literal> section,
|
|
configure the operator roles:</para>
|
|
<programlisting language="ini">[filter:keystoneauth]
|
|
use = egg:swift#keystoneauth
|
|
...
|
|
operator_roles = admin,user</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[filter:authtoken]</literal> section,
|
|
configure Identity service access:</para>
|
|
<programlisting language="ini">[filter:authtoken]
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000
|
|
auth_url = http://<replaceable>controller</replaceable>:35357
|
|
auth_plugin = password
|
|
project_domain_id = default
|
|
user_domain_id = default
|
|
project_name = service
|
|
username = swift
|
|
password = <replaceable>SWIFT_PASS</replaceable>
|
|
delay_auth_decision = true</programlisting>
|
|
<para>Replace <replaceable>SWIFT_PASS</replaceable> with the
|
|
password you chose for the <literal>swift</literal> user in the
|
|
Identity service.</para>
|
|
<note>
|
|
<para>Comment out or remove any other options in the
|
|
<literal>[filter:authtoken]</literal> section.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[filter:cache]</literal> section, configure
|
|
the <application>memcached</application> location:</para>
|
|
<programlisting language="ini">[filter:cache]
|
|
...
|
|
memcache_servers = 127.0.0.1:11211</programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
</procedure>
|
|
</section>
|