Install swift using swauth multi-node Authentication

Reprint please indicate the source: http://blog.csdn.net/cywosp/article/details/7428769
 1. Summary description
        All operations involved in this article are verified on Ubuntu Server 11.10 64-bit system. This article refers to the Instructions for a Multiple Server SwiftInstallation (Ubuntu) document of Openstackswift. The specific information is as follows:

Linux system version: Ubuntu Server 11.10 64-bit oneiric
Proxy Server IP: 192.168.112.129
Storage Server One: 192.168.112.130
Storage Server Two: 192.168.112.131
Storage Server Three: 192.168.112.132
Official document: www.openstack.org
Reference document: http://swift.openstack.org/howto_installmultinode.html
Swift version: 1.4.8
Swauth version: 1.0.4
2. Install dependent packages for each machine
sudo apt-get --option Dpkg :: Options :: =-force-confold --assume-yes update
sudo apt-get install pep8 pylint python-pip screen unzip wget psmisc git-core lsof openssh-server vim-nox locate python-virtualenv python-unittest2 iputils-ping wget curl tcpdump euca2ools python-setuptools python-dev python-lxml python-pastescript python-pastedeploy python-paste sqlite3 python-pysqlite2 python-sqlalchemy python-mysqldb python-webob python-greenlet python-routes libldap2-dev libsasl2-dev python-bcrypt curl gcc python-configobj python-coverage python-dev python-eventlet python- greenlet python-netifaces python-nose python-pastedeploy python-setuptools python-simplejson python-webob python-xattr sqlite3 xfsprogs
3. Create swift users for each machine
sudo useradd -mk / home / swift / -s / bin / bash swift

sudo passwd swift #Add password for swift user, here I set it as swift

Edit the / etc / sudoer file and add the following code at the end of the file

swift ALL = (ALL) NOPASSWD: ALL

4. Download the source code (operate under swift users)
1. Download swauth and swift source code in Proxy machine

su swift #Switch to swift user
sudo mkdir / home / swift / openstack #Create a directory to store
cd / home / swift / openstack
git clone https://github.com/openstack/swift.git #download swift
cd swift
git checkout 1.4.8 # Use version 1.4.8, in the swift directory you can
#Use the git tag command to see how many versions there are

git clone https://github.com/gholt/swauth.git #download swauth
cd swauth
git checkout 1.0.4
2. Download swift in each storage node machine
su swift #Switch to swift user
sudo mkdir / home / swift / openstack #Create a directory to store
cd / home / swift / openstack
git clone https://github.com/openstack/swift.git #download swift
cd swift
git checkout 1.4.8 # Use version 1.4.8, in the swift directory you can use the git tag command to check how many versions there are
5. Install swauth and swift (operate under swift users)
1. Install swauth and swift in the Proxy machine

cd / home / swift / openstack / swauth
sudo python setup.py install --record file.txt

cd / home / swift / openstack / swift #Install swift in the proxy node to use swift's swift-proxy-server
sudo python setup.py install --record file.txt
Note: The file.txt file records the installation information. If you want to delete the installed software, you can delete it through the command sudo cat file.txt | xargs rm -rf. This step may cause the deletion prohibition, so you need to use the root user to operating.
2. Install swift in each storage node machine

cd / home / swift / openstack / swift
sudo python setup.py install --record file.txt
6. Proxy node settings
1.sudo apt-get install memcached #install cache server
Modify the /etc/memcached.conf file and change -l 127.0.0.1 to -l 192.168.112.129 (here I set it according to my own situation, the specific reason is shown in the figure in the first point)
sudo service memcached restart

sudo mkdir / etc / swift
cd / etc / swift
sudo chown -R swift: swift / etc / swift
cp /home/swift/openstack/swift/etc/proxy-server.conf / etc / swift /
cp /home/swift/openstack/swift/etc/swift.conf / etc / swift /
2. Modify the /etc/swift/proxy-server.conf file, the specific content is as follows, items that are not in the original file need to be added by themselves
[DEFAULT]
bind_port = 8080
user = swift
log_facility = LOG_LOCAL0

[pipeline: main]
pipeline = catch_errors healthcheck cache ratelimit swauth proxy-server

[app: proxy-server]
use = egg: swift # proxy
allow_account_management = true
account_autocreate = true

[filter: swauth]
use = egg: swauth # swauth
# Highly recommended to change this.
super_admin_key = swauthkey
default_swift_cluster = local # http: //192.168.112.129: 8080 / auth / v1.0

[filter: healthcheck]
use = egg: swift # healthcheck

[filter: cache]
use = egg: swift # memcache
3. Modify /etc/swift/swift.conf, the red part is changed at will, you can change it according to your needs
[swift-hash]
swift_hash_path_suffix = cynric
4. Generate related ring and builder files, use the following command to generate, the red part is changed according to the specific situation, the specific reason is shown in the summary description. Each machine uses one domain (z1, z2, z3 ... increment in sequence)
sudo chown -R swift: swift / etc / swift / *
cd / etc / swift
swift-ring-builder object.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder account.builder create 18 3 1

export HOST_IP = 192.168.112.130
swift-ring-builder object.builder add z1-$ {HOST_IP}: 6010 / sdb1 100
swift-ring-builder container.builder add z1-$ {HOST_IP}: 6011 / sdb1 100
swift-ring-builder account.builder add z1-$ {HOST_IP}: 6012 / sdb1 100

export HOST_IP = 192.168.112.131
swift-ring-builder object.builder add z2-$ {HOST_IP}: 6010 / sdb1 100
swift-ring-builder container.builder add z2-$ {HOST_IP}: 6011 / sdb1 100
swift-ring-builder account.builder add z2-$ {HOST_IP}: 6012 / sdb1 100

export HOST_IP = 192.168.112.132
swift-ring-builder object.builder add z3-$ {HOST_IP}: 6010 / sdb1 100
swift-ring-builder container.builder add z3-$ {HOST_IP}: 6011 / sdb1 100
swift-ring-builder account.builder add z3-$ {HOST_IP}: 6012 / sdb1 100

swift-ring-builder object.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder account.builder rebalance
5. Start the proxy service
swift-init proxy start
7. Configure Storage Node
Because the settings of each Storage node are basically similar, only one of the nodes is used as an example (192.168.112.130), the other nodes only need to repeat a few steps

1. Create the / etc / swift directory
sudo mkdir / etc / swift
sudo chown -R swift: swift / etc / swift / *
2. Change the account.ring.gz container.rin in / etc / swift / on the Proxy node.gz object.ring.gz swift.conf is copied to the current storage node (192.168.112.130) / etc / swift directory, you can use the following command
scp swift@192.168.112.129: / etc / swift / *. ring.gz / etc / swift /
scp swift@192.168.112.129: /etc/swift/swift.conf / etc / swift /
sudo chown -R swift: swift / etc / swift / *
3. Change the /etc/rsyncd.conf file. If the file does not exist, you need to create it yourself.
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 192.168.112.130 #Here it can also be changed to 127.0.0.1

[account]
max connections = 2
path = / srv / node /
read only = false
lock file = /var/lock/account.lock

[conainer]
max connections = 2
path = / srv / node /
read only = false
lock file = /var/lock/container.lock

[object]
max connections = 2
path = / srv / node /
read only = false
lock file = /var/lock/object.lock

Edit / etc / default / rsync:
Set RSYNC_ENABLE to true

After making changes, restart the service
sudo service rsync restart
4. Setting of storage point
There are two cases to set the storage point
1. Assuming that there is a separate partition in your system, use this partition as a storage point, and assume that there is / dev / sdb1 in the system (Note: This depends on your own system) This partition is not used, we Use it as a storage point.
sudo mkdir -p / srv / node / sdb1
sudo mkfs.xfs -i size = 1024 / dev / sdb1 #format the partition in xfs mode
sudo chmod a + w / etc / fstab
sudo echo "/ dev / sdb1 / srv / node / sdb1 xfs noatime, nodiratime, nobarrier, logbufs = 8 0 0" >> / etc / fstab # Automatically mounted when the system starts, sdb1 here must not be changed because When using the sdb1 (swift-ring-builder object.builder add z1-$ {HOST_IP}: 6010 / sdb1 100) when generating the corresponding ring file as the proxy node, the two places need to be changed when adding

sudo mount / srv / node / sdb1
sudo chown -R swift: swift / srv / node / sdb1
sudo chmod a + w -R / srv / node / sdb1

2. If there is no separate partition in the system as a storage point, you need to create a temporary partition as a storage point
sudo mkdir -p / srv / node / sdb1
sudo dd if = / dev / zero of = / srv / swift-disk bs = 1024 count = 0 seek = 1000000 #This command creates a storage area named swift-disk under / srv /, you can change seek Size to change the size of swift-disk

sudo mkfs.xfs -i size = 1024 / srv / swift-disk
sudo chmod a + w / etc / fstab
sudo echo "/ srv / swift-disk / srv / node / sdb1 xfs loop, noatime, nodiratime, nobarrier, logbufs = 8 0 0" >> / etc / fstab #Automatically mount when the system starts

sudo mount / srv / node / sdb1
sudo chown -R swift: swift / srv / node / sdb1
sudo chmod a + w -R / srv / node / sdb1
sudo chmod a + w / srv / swift-disk

Create related directories
sudo mkdir / var / run / swift
sudo chown swift: swift / var / run / swift
sudo chmod a + w / var / run / swift

Add the following three lines before exit 0 of /etc/rc.local
mkdir / var / run / swift
chown swift: swift / var / run / swift
chmod a + w / var / run / swift
5. Swift file configuration
Create /etc/swift/account-server.conf file and add the following configuration
[DEFAULT]
devices = / srv / node
mount_check = false
bind_port = 6012
user = swift
bind_ip = 0.0.0.0
workers = 2

[pipeline: main]
pipeline = account-server

[app: account-server]
use = egg: swift # account

[account-replicator]

[account-auditor]

[account-reaper]

Create /etc/swift/object-server.conf file
[DEFAULT]
devices = / srv / node
mount_check = false
bind_port = 6010
user = swift
bind_ip = 0.0.0.0
workers = 2

[pipeline: main]
pipeline = object-server

[app: object-server]
use = egg: swift # object
The
[object-replicator]

[object-updater]

[object-auditor]

Create / etc / swift / container-server.conf file
[DEFAULT]
devices = / srv / node
mount_check = false
bind_port = 6011
user = swift
bind_ip = 0.0.0.0
workers = 2

[pipeline: main]
pipeline = container-server

[app: container-server]
use = egg: swift # container

[container-replicator]

[container-updater]

[container-auditor]

[container-sync]
6. Start swift service
sudo chown -R swift: swift / etc / swift / *

swift-init all start
#When starting it may report WARNING: Unable to increase file descriptor limit. Running as non-root? This is normal
8. Test swift (test on Proxy host)
1. Initialize swauth

swauth-prep -K swauthkey #If the execution is successful, no information will be displayed

#In this step, an error such as Auth subsystem prep failed: 500 ServerError often occurs. The cause of the error may be that the owner of the directory under / srv is not a swift user.

2. Add users

swauth-add-user -A http://127.0.0.1:8080/auth/ -K swauthkey -a test tester testing #Add the tester user in the tenant test and set the password to test

3. Check the running status of swift

swift -A http://127.0.0.1:8080/auth/v1.0 -U test: tester -K testing stat -v #Successful operation will return information similar to the following

 

StorageURL: http://127.0.0.1:8080/v1/AUTH_84841e28-93a8-4e9c-a295-f9734f25da01

AuthToken: AUTH_tkfacf171def344d03bf01519e93327f3c

Account: AUTH_ 84841e28-93a8-4e9c-a295-f9734f25da01

Containers: 0

Objects: 0

Bytes: 0

Accept-Ranges: bytes

X-Trans-Id: txa0c57ad0fd6d435b8287ca111ca0269a

Note: The red font part depends on the specific situation, not everyone's system returns the same, if there is an error, you can query the corresponding information in the / var / log / swift / directory

9. Upload and download files (tested on Proxy host)
1. Obtain X-Storage-Token and X-Storage-Url

curl -v -H 'X-Storage-User: test: tester' -H 'X-Storage-Pass: testing' http://127.0.0.1:8080/auth/v1.0 #After executing this statement, it will return The corresponding information, for example (return a small part of the information):

HTTP / 1.1200 OK

X-Storage-Url: http://127.0.0.1:8080/v1/AUTH_84841e28-93a8-4e9c-a295-f9734f25da01

X-Storage-Token: AUTH_tkfacf171def344d03bf01519e93327f3c

X-Auth-Token: AUTH_tkfacf171def344d03bf01519e93327f3c

2. Create container and list containers

curl -X PUT -D--H "X-Auth_Token: AUTH_tkfacf171def344d03bf01519e93327f3c" http://127.0.0.1:8080/v1/AUTH_84841e28-93a8-4e9c-a295-f9734f25da01/cynric #Create the cyrnic container, the red part is the previous step Information

swift -A http://127.0.0.1:8080/auth/v1.0 -U test: tester -K testing list #View the container list of the test user

3. Upload and list files

swift -A http://127.0.0.1:8080/auth/v1.0 -U test: tester -K testing upload cynric / etc / swift / proxy-server.conf # 将 /etc/swift/proxy-server.conf File upload to cynric container

 

swift -A http://127.0.0.1:8080/auth/v1.0 -U test: tester -K testing list cynric #List files in cynric container

4. Download the file

swift -A http: //127.0.0.1: 8080 / auth / v1.0 -U test: tester -K testing download cynric #Download all files under cynric container to local

Note: If there is a nested directory when uploading files, after uploading to swift, it also exists as a nested directory. After downloading, the same nested directory will be created in the current directory.