openstack/openstack-manuals
Code Issues Proposed changes
c65d643e9a
openstack-manuals/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml
annegentle c65d643e9a Adds swift user to the Object Storage Service install steps 
backport:havana
Change-Id: I9f335751e9476fcd13ce2cd2e714a64045fdc897
Closes-bug: 1263649
2014-01-10 11:10:12 -06:00

212 lines
11 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="installing-and-configuring-the-proxy-node"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Install and configure the proxy node</title>
<para>The proxy server takes each request and looks up locations
for the account, container, or object and routes the requests
correctly. The proxy server also handles API requests. You
enable account management by configuring it in the
<filename>proxy-server.conf</filename> file.</para>
<note>
<para>The Object Storage processes run under a separate user
and group, set by configuration options, and referred to as <phrase
os="ubuntu;debian;rhel;centos;fedora"
>swift:swift</phrase><phrase os="opensuse;sles"
>openstack-swift:openstack-swift</phrase>. The default
user is <phrase os="ubuntu;debian;rhel;centos;fedora"
>swift, which may not exist on your
system.</phrase><phrase os="opensuse;sles"
>openstack-swift.</phrase></para>
</note>
<procedure>
<step>
<para>Install swift-proxy service:</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install swift-proxy memcached python-keystoneclient python-swiftclient python-webob</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystone-auth-token</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystoneclient</userinput></screen>
</step>
<step>
<para>Create self-signed cert for SSL:</para>
<screen><prompt>#</prompt> <userinput>cd /etc/swift</userinput>
<prompt>#</prompt> <userinput>openssl req -new -x509 -nodes -out cert.crt -keyout cert.key</userinput></screen>
</step>
<step>
<para>Modify memcached to listen on the default interfaces
on a local, non-public network. Edit this line in
the <filename>/etc/memcached.conf</filename> file:</para>
<literallayout class="monospaced">-l 127.0.0.1</literallayout>
<para>Change it to:</para>
<literallayout class="monospaced">-l &lt;PROXY_LOCAL_NET_IP&gt;</literallayout>
</step>
<step>
<para>Restart the memcached server:</para>
<screen><prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
</step>
<step os="rhel;centos;fedora">
<para>RHEL/CentOS/Fedora only: To set up Object Storage to
authenticate tokens, set the Identity Service Admin
token in the swift proxy file with the
<command>openstack-config</command> command.</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/swift/proxy-server.conf \
filter:authtoken admin_token $ADMIN_TOKEN</userinput>
<prompt>#</prompt> sudo <userinput>openstack-config --set /etc/swift/proxy-server.conf \
filter:authtoken auth_token $ADMIN_TOKEN</userinput></screen>
</step>
<step os="ubuntu">
<para>Ubuntu only: Because the distribution packages do
not include a copy of the keystoneauth middleware,
ensure that the proxy server includes
them:</para>
<screen><prompt>$</prompt> <userinput>git clone https://github.com/openstack/swift.git</userinput>
<prompt>$</prompt> <userinput>cd swift</userinput>
<prompt>$</prompt> <userinput>python setup.py install</userinput>
<prompt>$</prompt> <userinput>swift-init proxy start</userinput></screen>
</step>
<step>
<para>Create
<filename>/etc/swift/proxy-server.conf</filename>:</para>
<programlisting language="ini">[DEFAULT]
bind_port = 8888
<phrase os="rhel;centos;fedora;ubuntu;debian">user = swift</phrase>
<phrase os="opensuse;sles">user = openstack-swift</phrase>
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = Member,admin,swiftoperator
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
# cache directory for signing certificate
signing_dir = /home/swift/keystone-signing
# auth_* settings refer to the Keystone server
auth_protocol = http
auth_host = <replaceable>controller</replaceable>
auth_port = 35357
# the same admin_token as provided in keystone.conf
admin_token = ADMIN_TOKEN
# the service tenant and swift userid and password created in Keystone
admin_tenant_name = service
admin_user = swift
admin_password = SWIFT_PASS
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
</programlisting>
<note>
<para>If you run multiple memcache servers, put the
multiple IP:port listings in the [filter:cache]
section of the
<filename>proxy-server.conf</filename> file:</para>
<literallayout class="monospaced">10.1.2.3:11211,10.1.2.4:11211</literallayout>
<para>Only the proxy server uses memcache.</para>
</note>
</step>
<step>
<para>Create the <parameter class="option"
>signing_dir</parameter> and set its permissions
accordingly.</para>
<screen os="ubuntu;debian;rhel;centos;fedora"><prompt>#</prompt> <userinput>mkdir -p /home/swift/keystone-signing</userinput>
<prompt>#</prompt> <userinput>chown -R swift:swift /home/swift/keystone-signing</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>mkdir -p /home/swift/keystone-signing</userinput>
<prompt>#</prompt> <userinput>chown -R openstack-swift:openstack-swift /home/swift/keystone-signing</userinput></screen>
</step>
<step>
<para>Create the account, container, and object rings. The
builder command creates a builder file
with a few parameters. The parameter with the value of
18 represents 2 ^ 18th, the value that the partition
is sized to. Set this “partition power” value
based on the total amount of storage you expect your
entire ring to use. The value 3 represents the
number of replicas of each object, with the last value
being the number of hours to restrict moving a
partition more than once.</para>
<screen><prompt>#</prompt> <userinput>cd /etc/swift</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder account.builder create 18 3 1</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder container.builder create 18 3 1</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder object.builder create 18 3 1</userinput></screen>
</step>
<step>
<para>For every storage device on each node add entries to
each ring:</para>
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder add z&lt;ZONE&gt;-&lt;STORAGE_LOCAL_NET_IP&gt;:6002[R&lt;STORAGE_REPLICATION_NET_IP&gt;:6005]/&lt;DEVICE&gt; 100</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder container.builder add z&lt;ZONE&gt;-&lt;STORAGE_LOCAL_NET_IP_1&gt;:6001[R&lt;STORAGE_REPLICATION_NET_IP&gt;:6004]/&lt;DEVICE&gt; 100</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder object.builder add z&lt;ZONE&gt;-&lt;STORAGE_LOCAL_NET_IP_1&gt;:6000[R&lt;STORAGE_REPLICATION_NET_IP&gt;:6003]/&lt;DEVICE&gt; 100</userinput></screen>
<note>
<para>You must omit the optional <parameter>STORAGE_REPLICATION_NET_IP</parameter> parameter if you
do not want to use dedicated network for
replication.</para>
</note>
<para>For example, if a storage node
has a partition in Zone 1 on IP 10.0.0.1, the storage
node has address 10.0.1.1 from replication network.
The mount point of this partition is /srv/node/sdb1,
and the path in <filename>rsyncd.conf</filename> is
/srv/node/, the DEVICE would be sdb1 and the commands
are:</para>
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder add z1-10.0.0.1:6002R10.0.1.1:6005/sdb1 100</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder container.builder add z1-10.0.0.1:6001R10.0.1.1:6005/sdb1 100</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder object.builder add z1-10.0.0.1:6000R10.0.1.1:6005/sdb1 100</userinput></screen>
<note>
<para>If you assume five zones with one node for each
zone, start ZONE at 1. For each additional node,
increment ZONE by 1.</para>
</note>
</step>
<step>
<para>Verify the ring contents for each ring:</para>
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder container.builder</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder object.builder</userinput></screen>
</step>
<step>
<para>Rebalance the rings:</para>
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder rebalance</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder container.builder rebalance</userinput>
<prompt>#</prompt> <userinput>swift-ring-builder object.builder rebalance</userinput></screen>
<note>
<para>Rebalancing rings can take some time.</para>
</note>
</step>
<step>
<para>Copy the <filename>account.ring.gz</filename>,
<filename>container.ring.gz</filename>, and
<filename>object.ring.gz</filename> files to each
of the Proxy and Storage nodes in /etc/swift.</para>
</step>
<step>
<para>Make sure the swift user owns all configuration files:</para>
<screen os="ubuntu;debian;rhel;centos;fedora"><prompt>#</prompt> <userinput>chown -R swift:swift /etc/swift</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chown -R openstack-swift:openstack-swift /etc/swift</userinput></screen>
</step>
<step>
<para>Start Proxy services:</para>
<screen><prompt>#</prompt> <userinput>service proxy-server start</userinput></screen>
</step>
</procedure>
</section>
View Git Blame Copy Permalink