42b23e8c84
Closes-Bug: #1249082 Change-Id: I9f68073da5ca25867b2b8c099cce5df34f6a3eec author: diane fleming
165 lines
10 KiB
XML
165 lines
10 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xml:id="installing-and-configuring-the-proxy-node"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
|
|
<title>Install and configure the proxy node</title>
|
|
<para>The proxy server takes each request and looks up locations
|
|
for the account, container, or object and routes the requests
|
|
correctly. The proxy server also handles API requests. You
|
|
enable account management by configuring it in the
|
|
<filename>proxy-server.conf</filename> file.</para>
|
|
<note>
|
|
<para>Swift processes run under a separate user and group, set
|
|
by configuration options, and referred to as <phrase
|
|
os="ubuntu;debian;rhel;centos;fedora"
|
|
>swift:swift</phrase><phrase os="opensuse;sles"
|
|
>openstack-swift:openstack-swift</phrase>. The default
|
|
user is <phrase os="ubuntu;debian;rhel;centos;fedora"
|
|
>swift, which may not exist on your
|
|
system.</phrase><phrase os="opensuse;sles"
|
|
>openstack-swift.</phrase></para>
|
|
</note>
|
|
<procedure>
|
|
<step>
|
|
<para>Install swift-proxy service:</para>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install swift-proxy memcached python-keystoneclient python-swiftclient python-webob</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystone-auth-token</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystoneclient</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create self-signed cert for SSL:</para>
|
|
<screen><prompt>#</prompt> <userinput>cd /etc/swift</userinput>
|
|
<prompt>#</prompt> <userinput>openssl req -new -x509 -nodes -out cert.crt -keyout cert.key</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Modify memcached to listen on the default interfaces
|
|
on a local, non-public network. Edit this line in
|
|
the <filename>/etc/memcached.conf</filename> file:</para>
|
|
<literallayout class="monospaced">-l 127.0.0.1</literallayout>
|
|
<para>Change it to:</para>
|
|
<literallayout class="monospaced">-l <PROXY_LOCAL_NET_IP></literallayout>
|
|
</step>
|
|
<step>
|
|
<para>Restart the memcached server:</para>
|
|
<screen><prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora">
|
|
<para>RHEL/CentOS/Fedora only: To set up Object Storage to
|
|
authenticate tokens, set the Identity Service Admin
|
|
token in the swift proxy file with the
|
|
<command>openstack-config</command> command.</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/swift/proxy-server.conf \
|
|
filter:authtoken admin_token $ADMIN_TOKEN</userinput>
|
|
<prompt>#</prompt> sudo <userinput>openstack-config --set /etc/swift/proxy-server.conf \
|
|
filter:authtoken auth_token $ADMIN_TOKEN</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>Ubuntu only: Because the distribution packages do
|
|
not include a copy of the keystoneauth middleware,
|
|
ensure that the proxy server includes
|
|
them:</para>
|
|
<screen><prompt>$</prompt> <userinput>git clone https://github.com/openstack/swift.git</userinput>
|
|
<prompt>$</prompt> <userinput>cd swift</userinput>
|
|
<prompt>$</prompt> <userinput>python setup.py install</userinput>
|
|
<prompt>$</prompt> <userinput>swift-init proxy start</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create
|
|
<filename>/etc/swift/proxy-server.conf</filename>:</para>
|
|
<programlisting os="rhel;centos;fedora;ubuntu;debian" language="ini"><xi:include parse="text" href="../samples/proxy-server.conf.txt"/></programlisting>
|
|
<programlisting os="opensuse;sles" language="ini"><xi:include parse="text" href="../samples/proxy-server.conf.txt-openSUSE"/></programlisting>
|
|
<note>
|
|
<para>If you run multiple memcache servers, put the
|
|
multiple IP:port listings in the [filter:cache]
|
|
section of the
|
|
<filename>proxy-server.conf</filename> file:</para>
|
|
<literallayout class="monospaced">10.1.2.3:11211,10.1.2.4:11211</literallayout>
|
|
<para>Only the proxy server uses memcache.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Create the <parameter class="option"
|
|
>signing_dir</parameter> and set its permissions
|
|
accordingly.</para>
|
|
<screen os="ubuntu;debian;rhel;centos;fedora"><prompt>#</prompt> <userinput>mkdir -p /home/swift/keystone-signing</userinput>
|
|
<prompt>#</prompt> <userinput>chown -R swift:swift /home/swift/keystone-signing</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>mkdir -p /home/swift/keystone-signing</userinput>
|
|
<prompt>#</prompt> <userinput>chown -R openstack-swift:openstack-swift /home/swift/keystone-signing</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the account, container, and object rings. The
|
|
builder command creates a builder file
|
|
with a few parameters. The parameter with the value of
|
|
18 represents 2 ^ 18th, the value that the partition
|
|
is sized to. Set this “partition power” value
|
|
based on the total amount of storage you expect your
|
|
entire ring to use. The value 3 represents the
|
|
number of replicas of each object, with the last value
|
|
being the number of hours to restrict moving a
|
|
partition more than once.</para>
|
|
<screen><prompt>#</prompt> <userinput>cd /etc/swift</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder account.builder create 18 3 1</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder create 18 3 1</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder create 18 3 1</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>For every storage device on each node add entries to
|
|
each ring:</para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP>:6002[R<STORAGE_REPLICATION_NET_IP>:6005]/<DEVICE> 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6001[R<STORAGE_REPLICATION_NET_IP>:6004]/<DEVICE> 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6000[R<STORAGE_REPLICATION_NET_IP>:6003]/<DEVICE> 100</userinput></screen>
|
|
<note>
|
|
<para>You must omit the optional <parameter>STORAGE_REPLICATION_NET_IP</parameter> parameter if you
|
|
do not want to use dedicated network for
|
|
replication.</para>
|
|
</note>
|
|
<para>For example, if a storage node
|
|
has a partition in Zone 1 on IP 10.0.0.1, the storage
|
|
node has address 10.0.1.1 from replication network.
|
|
The mount point of this partition is /srv/node/sdb1,
|
|
and the path in <filename>rsyncd.conf</filename> is
|
|
/srv/node/, the DEVICE would be sdb1 and the commands
|
|
are:</para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder add z1-10.0.0.1:6002R10.0.1.1:6005/sdb1 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder add z1-10.0.0.1:6001R10.0.1.1:6005/sdb1 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder add z1-10.0.0.1:6000R10.0.1.1:6005/sdb1 100</userinput></screen>
|
|
<note>
|
|
<para>If you assume five zones with one node for each
|
|
zone, start ZONE at 1. For each additional node,
|
|
increment ZONE by 1.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Verify the ring contents for each ring:</para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Rebalance the rings:</para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder rebalance</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder rebalance</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder rebalance</userinput></screen>
|
|
<note>
|
|
<para>Rebalancing rings can take some time.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Copy the <filename>account.ring.gz</filename>,
|
|
<filename>container.ring.gz</filename>, and
|
|
<filename>object.ring.gz</filename> files to each
|
|
of the Proxy and Storage nodes in /etc/swift.</para>
|
|
</step>
|
|
<step>
|
|
<para>Make sure the swift user owns all configuration files:</para>
|
|
<screen os="ubuntu;debian;rhel;centos;fedora"><prompt>#</prompt> <userinput>chown -R swift:swift /etc/swift</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chown -R openstack-swift:openstack-swift /etc/swift</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Start Proxy services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service proxy-server start</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|