iaas-swift-controller.sh
#!/bin/bash
source /etc/iaas-openstack/openrc.sh
source /etc/keystone/admin-openrc.sh
yum install openstack-swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached -y # 安装swift
# 创建swift用户并授予admin权限
openstack user create --domain $DOMAIN_NAME --password $SWIFT_PASS swift
openstack role add --project service --user swift admin
# 创建对象存储服务,创建处理外部、内部和admin访问端口
openstack service create --name swift --description "OpenStack Object Storage" object-store
openstack endpoint create --region RegionOne object-store public http://$HOST_NAME:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://$HOST_NAME:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://$HOST_NAME:8080/v1
cat <<EOF > /etc/swift/proxy-server.conf
[DEFAULT]
bind_port = 8080 # 配置对象存储服务组件使用的端口
swift_dir = /etc/swift # 配置对象存储服务组件使用的路径
user = swift # 配置对象存储服务组件使用的用户
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server # 启用相应的模块
[app:proxy-server]
use = egg:swift#proxy # 设置使用方法
account_autocreate = True # 开启自动创建账户
[filter:tempauth]
use = egg:swift#tempauth # 设置使用方法
user_admin_admin = admin .admin .reseller_admin # 设置管理员角色
user_test_tester = testing .admin # 设置普通用户角色
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory # OpenStack服务上部署Keystone中间件
auth_uri = http://$HOST_NAME:5000 # 设置普通用户访问端口
auth_url = http://$HOST_NAME:35357 # 设置管理员访问端口
memcached_servers = $HOST_NAME:11211 # 设置缓存服务访问端口
auth_type = password # 设置令牌类型为密码
project_domain_name = $DOMAIN_NAME # 设置租户域名
user_domain_name = $DOMAIN_NAME # 设置用户域名
project_name = service # 设置租户
username = swift # 设置用户
password = $SWIFT_PASS # 设置密码
delay_auth_decision = True # 开启延迟授权决定
[filter:keystoneauth]
use = egg:swift#keystoneauth # 设置使用方法
operator_roles = admin,user # 设置用户角色
[filter:healthcheck]
use = egg:swift#healthcheck # 配置安全验证
[filter:cache]
memcache_servers = $HOST_NAME:11211 # 配置memcached的地址
use = egg:swift#memcache # 配置memcached
[filter:ratelimit]
use = egg:swift#ratelimit # 配置速率限制
[filter:domain_remap]
use = egg:swift#domain_remap # 配置域的重新映射
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup # 配置显示名
[filter:staticweb]
use = egg:swift#staticweb # 配置静态网页
[filter:tempurl]
use = egg:swift#tempurl # 配置临时URL
[filter:formpost]
use = egg:swift#formpost # 配置表单提交方式
[filter:name_check]
use = egg:swift#name_check # 配置用户名校验
[filter:list-endpoints]
use = egg:swift#list_endpoints # 配置端口显示
[filter:proxy-logging]
use = egg:swift#proxy_logging # 配置代理日志
# 配置块
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas # 配置块
[filter:account-quotas]
use = egg:swift#account_quotas # 用户配额
[filter:gatekeeper]
use = egg:swift#gatekeeper # 配置系统卫士
[filter:container_sync]
use = egg:swift#container_sync # 配置容器同步
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
EOF
pushd /etc/swift # 创建目录栈,将当前目录压入栈中(栈顶)
swift-ring-builder account.builder create 18 1 1 # 创建18个分区、1个副本和1频率的用户环构造器文件
swift-ring-builder account.builder add --region 1 --zone 1 --ip $STORAGE_LOCAL_NET_IP --port 6002 --device $OBJECT_DISK --weight 100 # 将$OBJECT_DISK设备添加到用户环
swift-ring-builder account.builder # 构建用户环
swift-ring-builder account.builder rebalance # 重新平衡环,通过重新分配分区来检查最近有没有被重新分配的分区
swift-ring-builder container.builder create 10 1 1 # 创建10个分区、副本和频率是1的容器环构造文件
swift-ring-builder container.builder add --region 1 --zone 1 --ip $STORAGE_LOCAL_NET_IP --port 6001 --device $OBJECT_DISK --weight 100 # 将$OBJECT_DISK设备添加到容器环
swift-ring-builder container.builder # 构建对象环
swift-ring-builder container.builder rebalance # 重新平衡环
swift-ring-builder object.builder create 10 1 1 # 创建10个分区、副本和频率是1的对象环构造文件
swift-ring-builder object.builder add --region 1 --zone 1 --ip $STORAGE_LOCAL_NET_IP --port 6000 --device $OBJECT_DISK --weight 100 # 将$OBJECT_DISK设备添加到容器环
swift-ring-builder object.builder # 构建对象环
swift-ring-builder object.builder rebalance # 重新平衡环
popd # 将栈顶的目录弹出,与pushd相反
#---------------
cat << EOF > /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = changeme # 配置hash路径的前缀
swift_hash_path_prefix = changeme # 配置hash路径的后缀
[storage-policy:0]
name = Policy-0 # 配置默认存储策略的名字
default = yes # 开启默认存储策略
aliases = yellow, orange # 别名的颜色
[swift-constraints]
EOF
chown -R root:swift /etc/swift # 修改权限,开启swift的代理和缓存服务
systemctl enable openstack-swift-proxy.service memcached.service
systemctl restart openstack-swift-proxy.service memcached.service
iaas-swift-compute.sh
#!/bin/bash
source /etc/iaas-openstack/openrc.sh
yum install xfsprogs rsync openstack-swift-account openstack-swift-container openstack-swift-object -y # 安装swift
mkfs.xfs -i size=1024 -f /dev/$OBJECT_DISK # 格式化分区
sed -i '/nodiratime/d' /etc/fstab # 删除旧挂载
echo "/dev/$OBJECT_DISK /swift/node/$OBJECT_DISK xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 2" >> /etc/fstab # 设置永久挂载
mkdir -p /swift/node/$OBJECT_DISK # 创建挂载目录
mount /dev/$OBJECT_DISK /swift/node/$OBJECT_DISK # 挂载
scp $HOST_NAME:/etc/swift/*.ring.gz /etc/swift/ #同步环到集群到当前节点
# 配置同步服务器
cat <<EOF > /etc/rsyncd.conf
pid file = /var/run/rsyncd.pid # 进程号文件路径
log file = /var/log/rsyncd.log # 日志文件路径
uid = swift # 用户号
gid = swift # 组号
address = 127.0.0.1 # 本机地址
# 用户配置
[account]
path = /swift/node # 路径
read only = false # 是否只读
write only = no # 是否只写
list = yes # 是否可以查看
incoming chmod = 0644 # 进入权限
outgoing chmod = 0644 # 出去权限
max connections = 25 # 最大连接数
lock file = /var/lock/account.lock # 锁文件路径
# 容器配置
[container]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/container.lock
# 对象配置
[object]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/object.lock
# 服务配置
[swift_server]
path = /etc/swift
read only = true
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 5
lock file = /var/lock/swift_server.lock
EOF
# 开启同步服务
systemctl enable rsyncd.service
systemctl restart rsyncd.service
# 配置账户服务
cat <<EOF > /etc/swift/account-server.conf
[DEFAULT]
bind_port = 6002 # 访问端口
user = swift # 用户
swift_dir = /etc/swift # 访问路径
devices = /swift/node # 设备路径
mount_check = false # 配置挂载不用检查
[pipeline:main]
pipeline = healthcheck recon account-server
[app:account-server]
use = egg:swift#account
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[account-replicator]
[account-auditor]
[account-reaper]
[filter:xprofile]
use = egg:swift#xprofile
EOF
# 配置容器服务
cat <<EOF > /etc/swift/container-server.conf
[DEFAULT]
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon container-server
[app:container-server]
use = egg:swift#container
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
[filter:xprofile]
use = egg:swift#xprofile
EOF
# 配置对象服务
cat <<EOF > /etc/swift/object-server.conf
[DEFAULT]
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon object-server
[app:object-server]
use = egg:swift#object
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
[object-replicator]
[object-reconstructor]
[object-updater]
[object-auditor]
[filter:xprofile]
use = egg:swift#xprofile
EOF
# 配置swift
cat <<EOF > /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = changeme # 配置hash路径的后缀
swift_hash_path_prefix = changeme # 配置hash路径的前缀
# 配置存储策略
[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange
[swift-constraints]
EOF
# 修改目录访问权限
chown -R swift:swift /swift/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
chown -R root:swift /etc/swift
# 开启swift的账户、容器和对象服务
systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl restart openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl restart openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
systemctl restart openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
浙公网安备 33010602011771号