bcf7f723d1
Note that openSUSE uses openstack-swift as user/group Change-Id: I89a9f71c7c63c28cdf1ebe2e738e0791b8b4e2fb
171 lines
10 KiB
XML
171 lines
10 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xml:id="installing-and-configuring-the-proxy-node"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" >
|
|
<title>Installing and Configuring the Proxy Node</title>
|
|
<para>The proxy server takes each request and looks up locations
|
|
for the account, container, or object and routes the requests
|
|
correctly. The proxy server also handles API requests. You
|
|
enable account management by configuring it in the
|
|
<filename>proxy-server.conf</filename> file.</para>
|
|
<note>
|
|
<para>Swift processes run under a separate user and group, set
|
|
by configuration options, and referred to as <phrase
|
|
os="ubuntu;debian;rhel;centos;fedora">swift:swift</phrase><phrase
|
|
os="opensuse">openstack-swift:openstack-swift</phrase>. The
|
|
default user is <phrase
|
|
os="ubuntu;debian;rhel;centos;fedora">swift, which may not
|
|
exist on your system.</phrase><phrase
|
|
os="opensuse">openstack-swift.</phrase>
|
|
</para>
|
|
</note>
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>Install swift-proxy service:</para>
|
|
<para><screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install swift-proxy memcached python-keystoneclient python-swiftclient python-webob</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystone-auth-token</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-swift-proxy memcached openstack-utils python-swiftclient python-keystoneclient</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Create self-signed cert for SSL:</para>
|
|
<para>
|
|
<screen><prompt>#</prompt> <userinput>cd /etc/swift</userinput>
|
|
<prompt>#</prompt> <userinput>openssl req -new -x509 -nodes -out cert.crt -keyout cert.key</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Modify memcached to listen on the default interfaces.
|
|
Preferably this should be on a local, non-public network.
|
|
Edit the following line in <filename>/etc/memcached.conf</filename>,
|
|
changing:</para>
|
|
<para>
|
|
<literallayout class="monospaced">-l 127.0.0.1
|
|
to
|
|
-l <PROXY_LOCAL_NET_IP></literallayout>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Restart the memcached server:</para>
|
|
<para>
|
|
<screen><prompt>#</prompt> <userinput>service memcached restart</userinput></screen></para>
|
|
</listitem>
|
|
<listitem os="rhel;centos;fedora">
|
|
<para>RHEL/CentOS/Fedora only: To set up Object Storage to authenticate tokens we need to set the keystone Admin
|
|
token in the swift proxy file with the openstack-config command.
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/swift/proxy-server.conf filter:authtoken admin_token $ADMIN_TOKEN</userinput>
|
|
<prompt>#</prompt> sudo <userinput>openstack-config --set /etc/swift/proxy-server.conf filter:authtoken auth_token $ADMIN_TOKEN</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Create <filename>/etc/swift/proxy-server.conf</filename>:</para>
|
|
<para>
|
|
<literallayout os="rhel;centos;fedora;ubuntu;debian" class="monospaced"><xi:include parse="text" href="../samples/proxy-server.conf.txt" /></literallayout>
|
|
<literallayout os="opensuse" class="monospaced"><xi:include parse="text" href="../samples/proxy-server.conf.txt-openSUSE" /></literallayout>
|
|
</para>
|
|
<note>
|
|
<para>If you run multiple memcache servers, put the multiple
|
|
IP:port listings in the [filter:cache] section of
|
|
the proxy-server.conf file like:
|
|
<literallayout class="monospaced">10.1.2.3:11211,10.1.2.4:11211</literallayout></para>
|
|
<para>Only the proxy server uses memcache.</para>
|
|
</note>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Create the <parameter class="option"
|
|
>signing_dir</parameter> and set its permissions
|
|
accordingly.<screen os="ubuntu;debian;rhel;centos;fedora"><prompt>#</prompt> <userinput>mkdir -p /home/swift/keystone-signing</userinput>
|
|
<prompt>#</prompt> <userinput>chown -R swift:swift /home/swift/keystone-signing</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>mkdir -p /home/swift/keystone-signing</userinput>
|
|
<prompt>#</prompt> <userinput>chown -R openstack-swift:openstack-swift /home/swift/keystone-signing</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Create the account, container and object rings. The
|
|
builder command is basically creating a builder file
|
|
with a few parameters. The parameter with the value of
|
|
18 represents 2 ^ 18th, the value that the partition
|
|
will be sized to. Set this “partition power” value
|
|
based on the total amount of storage you expect your
|
|
entire ring to use. The value of 3 represents the
|
|
number of replicas of each object, with the last value
|
|
being the number of hours to restrict moving a
|
|
partition more than once.</para>
|
|
<para>
|
|
<screen><prompt>#</prompt> <userinput>cd /etc/swift</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder account.builder create 18 3 1</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder create 18 3 1</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder create 18 3 1</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>For every storage device on each node add entries to each
|
|
ring:</para>
|
|
<para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP>:6002[R<STORAGE_REPLICATION_NET_IP>:6005]/<DEVICE> 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6001[R<STORAGE_REPLICATION_NET_IP>:6004]/<DEVICE> 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder add z<ZONE>-<STORAGE_LOCAL_NET_IP_1>:6000[R<STORAGE_REPLICATION_NET_IP>:6003]/<DEVICE> 100</userinput></screen>
|
|
</para>
|
|
<note>
|
|
<para><literal>STORAGE_REPLICATION_NET_IP</literal> is an
|
|
optional parameter which must be omitted if you do not
|
|
want to use dedicated network for replication</para>
|
|
</note>
|
|
<para>For example, if you were setting up a storage node with a
|
|
partition in Zone 1 on IP 10.0.0.1. Storage node has address 10.0.1.1 from
|
|
replication network. The mount point of
|
|
this partition is /srv/node/sdb1, and the path in
|
|
<filename>rsyncd.conf</filename> is /srv/node/,
|
|
the DEVICE would be sdb1 and the commands would look
|
|
like:
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder add z1-10.0.0.1:6002R10.0.1.1:6005/sdb1 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder add z1-10.0.0.1:6001R10.0.1.1:6005/sdb1 100</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder add z1-10.0.0.1:6000R10.0.1.1:6005/sdb1 100</userinput></screen></para>
|
|
<note>
|
|
<para>Assuming there are 5 zones with 1 node per zone, ZONE
|
|
should start at 1 and increment by one for each
|
|
additional node.</para>
|
|
</note>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Verify the ring contents for each ring:</para>
|
|
<para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Rebalance the rings:</para>
|
|
<para>
|
|
<screen><prompt>#</prompt> <userinput>swift-ring-builder account.builder rebalance</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder container.builder rebalance</userinput>
|
|
<prompt>#</prompt> <userinput>swift-ring-builder object.builder rebalance</userinput></screen>
|
|
</para>
|
|
<note>
|
|
<para>Rebalancing rings can take some time.</para>
|
|
</note>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Copy the <filename>account.ring.gz</filename>,
|
|
<filename>container.ring.gz</filename>, and
|
|
<filename>object.ring.gz</filename> files to each
|
|
of the Proxy and Storage nodes in /etc/swift.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Make sure all the config files are owned by the swift
|
|
user:</para>
|
|
<para>
|
|
<screen os="ubuntu;debian;rhel;centos;fedora"><prompt>#</prompt> <userinput>chown -R swift:swift /etc/swift</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>chown -R openstack-swift:openstack-swift /etc/swift</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Start Proxy services:</para>
|
|
<para><screen><prompt>#</prompt> <userinput>service proxy-server start</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
</section>
|