Openstack-swift Cloud Storage Deployment (i)

Recently built a swift cloud storage architecture for the needs of the job

Let's take a look at the technical knowledge Inside: The SWIFT Service is a component service belonging to OpenStack, the Component Services in OpenStack are Keystone, Nova, glance, etc., different services are responsible for different functions, we build today swift+ Keystone,swift is responsible for storing data objects, Keystone provides authentication and authorization for it, but the Keystone Service is a shared category, a directory endpoint for all other service managers in OpenStack, and is responsible for authentication and authorization. It can be simply understood that requests for access to all services in OpenStack require authentication and authorization through Keystone, which can be likened to Keystone as a guardian of a city gate, and visitors who enter it need to be inspected by the guardians and approved before they can enter.

Here we first build the Keystone Certification services:

First to explain the hardware: centos6.4 iptables-off selinux-disabled

The following are some of the key concepts in Keystone:

1. Users, systems, or services that use the OpenStack cloud service to authenticate user-submitted requests. The user needs to log on, and then may assign the token to the resource that was accessed. Multiple users can be assigned directly to specific tenants and behave as if they were included within the tenant.

2, authentication information: Confirm the user identity data. such as user name and password, user name and API key, or authentication token provided by Identity service.

3, authentication: The process of confirming the identity of the user. The OpenStack Identity service verifies the request by verifying the authentication information provided by the user, and when the authentication information is verified, the OpenStack Authentication service sends the user an authentication token that will be used by the user in subsequent requests.

4. Tokens: Letters in text form-numeric strings that use this string to access OpenStack's APIs and resources. Tokens are valid for a limited period of time and may be canceled at any time.

5. Tenant: A container for grouping or isolating resources, and tenants are also used to group or isolate identity objects. Based on the service operator, the tenant may be mapped to a customer, account, organization, or project.

6. Service: An OpenStack service, such as Compute (NOVA), Object Storage (Swift), Mirroring Service (glance). The service provides one or more endpoints (endpoint) where users can access resources or perform operations.

7. Endpoint: The address that the network can access, usually the URL address, through which the service can be accessed. If you are using an extended template, an endpoint template is created that represents the template for all available services.

8. Role: Defines a collection of user rights that perform specific actions. In identity services, tokens that are issued to a user include a list of roles. The services that are accessed by the user determine how to interpret the roles owned by the user and the actions and resources that each role can access.

9. Keystone Client: The command-line interface of the OpenStack identity service API. For example: Run Keystone Service-create and Keystone Endpoint-creat register the service in OpenStack.

First, you must have a database installed in your system, I am installing MySQL, creating identity service-related databases and users in the database:

Log in to the MySQL database as root: Mysql-u root-p

Creating a Keystone Database: Create DB Keystone

Create a user to access Keystone data and grant permissions: Grant all privileges the keystone.* to [email protected] identified by ' 123456 '; grant all Priv Ileges on keystone.* to ' Keystone ' @ ' percent ' identified by ' 123456 ';

After the operation of the database is completed, the administrator token (random number) of the initialization configuration Keystone is generated: Opesnssl Rand-hex (89BBECB48E973BE18DD7), the string in parentheses is a token, it must be saved and will be used frequently later. Then use the following command to install the Keystone Service and the Keystone client, and install the associated dependency package: Yum Install Openstack-keystone Python-keystoneclient (when installed, there will be a lot of lazy packs need to install, specifically follow the instructions to install). This procedure installs Keystone into the Python site-packages directory. After completing the installation, follow the steps below to modify the/etc/keystone/keystone.conf file:

1, in [DEFAULT], modify Admin_token = Admin_token in the Admin_token is randomly generated token 89bbecb48e973be18dd7, that is, Admin_token = 89bbecb48e973be18dd7

2. In [Database], configure database access: Connection = Mysql://keystone:[email Protected]/keystone

3. In [token], configure the UUID provider and SQL driver: Provider = Keystone.token.providers.uuid.Provider and Driver = Keystone.token.persistence.backends.sql.Token

4. In [revoke], configure the SQL recall driver: Driver = Keystone.contrib.revoke.backends.sql.Revoke

5, if you want to observe the output, which helps to troubleshoot the problem, you can configure the following in [DEFAULT]: verbose = True

Next, generate a generic certificate and key and set access permissions for the associated file:

Enter the/etc/keystone directory, execute keystone-manage pki_setup--keystone-user Keystone--keystone-group Keystone This step will generate an SSL certificate in this directory

Chown-r Keystone:keystone/var/log/keystone

Chown-r Keystone:keystone/etc/keystone/ssl

Chmod-r O-rwx/etc/keystone/ssl

Populate the data with the following command like the Keystone Database: Su-s/bin/sh-c "Keystone-manage db_sync" Keystone, or you can execute keystone-manage db_sync directly, After execution of the statement can find the relevant data table in the database, the original data in the table cannot be deleted, otherwise the following configuration will be faulted.

Then use the following command to start the Keystone Service:/etc/init.d/openstack-keystone start, you can use the Keystone client to create tenants, users, roles, services, and endpoint after the service starts:

To create a tenant:

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 tenant-create--name Admin-- Description "Admin Tenant" (after executing this command, the ID will be generated and the table will be prompted)

The following information appears in the database to indicate that the creation was successful:

　　　　

To create a user:

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 user-create--name admin--pass 123456 (after executing this command, the ID will be generated and the table will be prompted)

The following information appears in the database to indicate that the creation was successful:

　　　　

To create a role:

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 role-create--name Admin (after executing this command, ID will be generated and the table will be prompted)

The following information appears in the database to indicate that the creation was successful:

　　　　

Add the role admin to the tenant and the user:

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 user-role-add--user admin--role Admin--tenant Admin (after executing this command, the ID will be generated and the table will be prompted)

The following information appears in the database to indicate that the creation was successful:

　　　　

After you have created tenants, users, and roles, you need to create service entities and endpoint for identity services. Identity Services manages the directory of services in the OpenStack environment, which the service uses to locate other services in the environment, and creates service entities using the following command:

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 service-create--name Keystone-- Type identity (after executing this command, an ID is generated and the table prompts)

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 service-create--name Swift--type Object-store (after executing this command, the ID will be generated and the table will be prompted)

The following information appears in the database to indicate that the creation was successful:

　　

The directory where the Identity Service Manager is associated with the service's API endpoint, which the service uses to determine how to communicate with other services, OpenStack provides three API endpoints for each service: admin, Internal, and public. In a production environment, for security reasons, different networks serve different types of users, while three different API endpoints rely on such networks. OpenStack also supports multiple region for extensibility considerations. The following command creates the three endpoints of Keystone in Regionone:

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 endpoint-create--service Keystone --region regionone--publicurl http://localhost:5000/v2.0--internalurl http://localhost:5000/v2.0--adminurl/http localhost:35357/v2.0 (after executing this command, the ID will be generated and the table will be prompted)

Keystone--os-token 89bbecb48e973be18dd7--os-endpoint http://localhost:35357/v2.0 endpoint-create--service Swift-- Region Regionone--publicurl ' http://localhost:8080/v1/AUTH_% (tenant_id) s '--internalurl ' http://localhost:8080/v1/ auth_% (tenant_id) s '--adminurl ' http://localhost:8080/v1 ' (after executing this command, an ID will be generated and the table will be prompted)

The following information appears in the database to indicate that the creation was successful:

　　

Request tokens for admin tenants and users:

Keystone--os-tenant-name Admin--os-username admin--os-password 123456--os-auth-url http://localhost:35357/v2.0 Tenant-list (information such as name and ID will be displayed)

You can use the following command to verify that each section is added successfully, and that each item can be used:

Keystone--os-username admin--os-password 123456--os-auth-url http://localhost:5000/v2.0 user-role-list

Keystone--os-token 89bbecb48e973be18dd7--os-username admin--os-auth-url http://localhost:5000/v2.0 tenant-list

Curl-d ' {"auth": {"Tenantname": "admin", "passwordcredentials": {"username": "admin", "password": "123456"}} '-H ' Content-type:application/json "Http://localhost:5000/v2.0/tokens (The following display information indicates that the Keystone installation was successful and each item is available)

　　

In the above steps, each time you enter a lengthy command, which increases the likelihood of an error, fortunately OpenStack supports saving parameters or options in the form of an environment variable in a file called OPENRC, usually such a file for all clients, such as Keystone, Swift, The common options are saved, but the client-specific options are supported, and the following is the option for the admin to create the appropriate OPENRC file (which is actually the script to save environment variables) for clients:

Export Os_tenant_name=admin

Export Os_uesername=admin

Export os_password=123456

　　Export os_auth_url=http://localhost:35357/v2.0

Before executing the keystone command, execute the source keystone-admin to make the environment variable effective, and then do not enter lengthy parameters.

The next step is to introduce the SWIFT installation, which includes a master node and two storage nodes.

Openstack-swift Cloud Storage Deployment (i)