swift/doc/source/install/storage-install-rdo.rst
Pete Zaitcev a5ec383260 Add a reminder to configure firewall at storage nodes
My customers use the upstream documentation for manual
installation of Swift nodes and they come upon the lack
of any mention that host firewall ought to accomodate
services running on the node. Perhaps we thought it
self-evident in Swift.

Related RH bz#: 1797814

Change-Id: I337f8d0f1fbeee7ae927a581eecbbbcc6dc69340
2020-07-13 18:33:15 -05:00

4.9 KiB

Install and configure the storage nodes for Red Hat Enterprise Linux and CentOS

This section describes how to install and configure storage nodes that operate the account, container, and object services. For simplicity, this configuration references two storage nodes, each containing two empty local block storage devices. The instructions use /dev/sdb and /dev/sdc, but you can substitute different values for your particular nodes.

Although Object Storage supports any file system with extended attributes (xattr), testing and benchmarking indicate the best performance and reliability on XFS. For more information on horizontally scaling your environment, see the Deployment Guide.

This section applies to Red Hat Enterprise Linux 7 and CentOS 7.

Prerequisites

Before you install and configure the Object Storage service on the storage nodes, you must prepare the storage devices.

Note

Perform these steps on each storage node.

  1. Install the supporting utility packages:

    # yum install xfsprogs rsync
  2. Format the /dev/sdb and /dev/sdc devices as XFS:

    # mkfs.xfs /dev/sdb
    # mkfs.xfs /dev/sdc
  3. Create the mount point directory structure:

    # mkdir -p /srv/node/sdb
    # mkdir -p /srv/node/sdc
  4. Find the UUID of the new partitions:

    # blkid
  5. Edit the /etc/fstab file and add the following to it:

    UUID="<UUID-from-output-above>" /srv/node/sdb xfs noatime 0 2
    UUID="<UUID-from-output-above>" /srv/node/sdc xfs noatime 0 2
  6. Mount the devices:

    # mount /srv/node/sdb
    # mount /srv/node/sdc
  7. Create or edit the /etc/rsyncd.conf file to contain the following:

    uid = swift
    gid = swift
    log file = /var/log/rsyncd.log
    pid file = /var/run/rsyncd.pid
    address = MANAGEMENT_INTERFACE_IP_ADDRESS
    
    [account]
    max connections = 2
    path = /srv/node/
    read only = False
    lock file = /var/lock/account.lock
    
    [container]
    max connections = 2
    path = /srv/node/
    read only = False
    lock file = /var/lock/container.lock
    
    [object]
    max connections = 2
    path = /srv/node/
    read only = False
    lock file = /var/lock/object.lock

    Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network on the storage node.

    Note

    The rsync service requires no authentication, so consider running it on a private network in production environments.

  8. Start the rsyncd service and configure it to start when the system boots:

    # systemctl enable rsyncd.service
    # systemctl start rsyncd.service

Install and configure components

Note

Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain.

Note

Perform these steps on each storage node.

  1. Install the packages:

    # yum install openstack-swift-account openstack-swift-container \
      openstack-swift-object
  2. Obtain the accounting, container, and object service configuration files from the Object Storage source repository:

    # curl -o /etc/swift/account-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/account-server.conf-sample
    # curl -o /etc/swift/container-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/container-server.conf-sample
    # curl -o /etc/swift/object-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/object-server.conf-sample
  3. Ensure proper ownership of the mount point directory structure:

    # chown -R swift:swift /srv/node
  4. Create the recon directory and ensure proper ownership of it:

    # mkdir -p /var/cache/swift
    # chown -R root:swift /var/cache/swift
    # chmod -R 775 /var/cache/swift
  5. Enable necessary access in the firewall

    # firewall-cmd --permanent --add-port=6200/tcp
    # firewall-cmd --permanent --add-port=6201/tcp
    # firewall-cmd --permanent --add-port=6202/tcp

    The rsync service includes its own firewall configuration. Connect from one node to another to ensure that access is allowed.