368793f7e5
start due to SELinux context issues. Added steps in the RDO install guide to change the security context of Object storage's data directories to resolve SELinux avc denied errors. Change-Id: Idcd379b63bf8db4dfcdfba72a0a74c4be987176c Closes-Bug:1534903 backport: liberty
7.0 KiB
Finalize installation
ubuntu or rdo or debian
Obtain the
/etc/swift/swift.conffile from the Object Storage source repository:# curl -o /etc/swift/swift.conf \ https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/libertyEdit the
/etc/swift/swift.conffile and complete the following actions:In the
[swift-hash]section, configure the hash path prefix and suffix for your environment.[swift-hash] ... swift_hash_path_suffix = HASH_PATH_SUFFIX swift_hash_path_prefix = HASH_PATH_PREFIXReplace HASH_PATH_PREFIX and HASH_PATH_SUFFIX with unique values.
Warning
Keep these values secret and do not change or lose them.
In the
[storage-policy:0]section, configure the default storage policy:[storage-policy:0] ... name = Policy-0 default = yes
Copy the
swift.conffile to the/etc/swiftdirectory on each storage node and any additional nodes running the proxy service.
obs
- Edit the
/etc/swift/swift.conffile and complete the following actions:In the
[swift-hash]section, configure the hash path prefix and suffix for your environment.[swift-hash] ... swift_hash_path_suffix = HASH_PATH_SUFFIX swift_hash_path_prefix = HASH_PATH_PREFIXReplace HASH_PATH_PREFIX and HASH_PATH_SUFFIX with unique values.
Warning
Keep these values secret and do not change or lose them.
In the
[storage-policy:0]section, configure the default storage policy:[storage-policy:0] ... name = Policy-0 default = yes
- Copy the
swift.conffile to the/etc/swiftdirectory on each storage node and any additional nodes running the proxy service.
ubuntu or debian
On all nodes, ensure proper ownership of the configuration directory:
# chown -R root:swift /etc/swiftOn the controller node and any other nodes running the proxy service, restart the Object Storage proxy service including its dependencies:
# service memcached restart # service swift-proxy restartOn the storage nodes, start the Object Storage services:
# swift-init all startNote
The storage node runs many Object Storage services and the
swift-initcommand makes them easier to manage. You can ignore errors from services not running on the storage node.
rdo
On all nodes, ensure proper ownership of the configuration directory:
# chown -R root:swift /etc/swiftOn the controller node and any other nodes running the proxy service, start the Object Storage proxy service including its dependencies and configure them to start when the system boots:
# systemctl enable openstack-swift-proxy.service memcached.service # systemctl start openstack-swift-proxy.service memcached.serviceOn the storage nodes, start the Object Storage services and configure them to start when the system boots:
# systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service \ openstack-swift-account-reaper.service openstack-swift-account-replicator.service # systemctl start openstack-swift-account.service openstack-swift-account-auditor.service \ openstack-swift-account-reaper.service openstack-swift-account-replicator.service # systemctl enable openstack-swift-container.service \ openstack-swift-container-auditor.service openstack-swift-container-replicator.service \ openstack-swift-container-updater.service # systemctl start openstack-swift-container.service \ openstack-swift-container-auditor.service openstack-swift-container-replicator.service \ openstack-swift-container-updater.service # systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service \ openstack-swift-object-replicator.service openstack-swift-object-updater.service # systemctl start openstack-swift-object.service openstack-swift-object-auditor.service \ openstack-swift-object-replicator.service openstack-swift-object-updater.serviceIf SELinux errors appear in the
/var/log/audit/audit.logfile, change the security context of the/srv/nodedirectory to the lowest security level (s0) for theswift_data_ttype,object_rrole and thesystem_uuser:# chcon -R system_u:object_r:swift_data_t:s0 /srv/node
obs
On all nodes, ensure proper ownership of the configuration directory:
# chown -R root:swift /etc/swiftOn the controller node and any other nodes running the proxy service, start the Object Storage proxy service including its dependencies and configure them to start when the system boots:
# systemctl enable openstack-swift-proxy.service memcached.service # systemctl start openstack-swift-proxy.service memcached.serviceOn the storage nodes, start the Object Storage services and configure them to start when the system boots:
# systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service \ openstack-swift-account-reaper.service openstack-swift-account-replicator.service # systemctl start openstack-swift-account.service openstack-swift-account-auditor.service \ openstack-swift-account-reaper.service openstack-swift-account-replicator.service # systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service \ openstack-swift-container-replicator.service openstack-swift-container-updater.service # systemctl start openstack-swift-container.service openstack-swift-container-auditor.service \ openstack-swift-container-replicator.service openstack-swift-container-updater.service # systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service \ openstack-swift-object-replicator.service openstack-swift-object-updater.service # systemctl start openstack-swift-object.service openstack-swift-object-auditor.service \ openstack-swift-object-replicator.service openstack-swift-object-updater.service