安裝環(huán)境：Ubuntu 16.04

需要有兩塊硬盤（一塊為系統(tǒng)盤盐捷，一塊用于安裝SWIFT）

需要有IP地址

環(huán)境準(zhǔn)備

• 修改hosts文件
• 安裝相關(guān)服務(wù)

修改hosts

編輯 /etc/hosts彭沼，添加

IP地址 controller

安裝Openstack源并更新和安裝

apt install software-properties-common
add-apt-repository cloud-archive:newton
apt update && apt dist-upgrade

安裝完成后重啟

安裝Openstack客戶端

apt install python-openstackclient

安裝數(shù)據(jù)庫

1佛纫、安裝數(shù)據(jù)庫服務(wù)

apt install mariadb-server python-pymysql

2脑漫、創(chuàng)建或修改/etc/mysql/mariadb.conf.d/99-openstack.cnf文件

（若文件存在則修改街望，不存在則創(chuàng)建飞蚓，存在的文件中若未提及的選項(xiàng)則保持不變，下同）

[mysqld]
bind-address = 你的IP地址

default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

3鼠冕、將/etc/mysql/mariadb.conf.d/下所有的文件中所有utf8mb4改為utf8
4添寺、進(jìn)入數(shù)據(jù)庫，設(shè)置root密碼懈费，添加遠(yuǎn)程登錄權(quán)限

# mysql -u root
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' \
  IDENTIFIED BY 'root密碼';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' \
  IDENTIFIED BY 'root密碼';
mysql> flush privileges;
mysql> exit;

5计露、重啟數(shù)據(jù)庫

 service mysql restart

安裝消息隊(duì)列服務(wù)(Message Queue)

1、安裝服務(wù)

apt install rabbitmq-server

2憎乙、添加openstack用戶并添加權(quán)限

rabbitmqctl add_user openstack 設(shè)置一個(gè)密碼
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

安裝分布式緩存服務(wù)(Memcached)

1票罐、安裝服務(wù)

apt install memcached python-memcache

2、修改配置文件/etc/memcached.conf

-l 你的IP地址

3泞边、重啟服務(wù)

service memcached restart

安裝配置Keystone胶坠，并添加域、項(xiàng)目繁堡、用戶和角色

準(zhǔn)備

1、添加Keystone數(shù)據(jù)庫和相關(guān)用戶

# mysql -u root -p
Create the keystone database:
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'Keystone密碼';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'Keystone密碼';

2乡数、安裝服務(wù)

apt install keystone

配置Keystone

1椭蹄、編輯/etc/keystone/keystone.conf

[database]
connection = mysql+pymysql://keystone:'keystone用戶的密碼'@controller/keystone
[token]
provider = fernet

2、填充keystone數(shù)據(jù)庫
啟動mariadb遠(yuǎn)程訪問

sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf

su -s /bin/sh -c "keystone-manage db_sync" keystone

3净赴、初始化Fernet key repositories（似乎是個(gè)專有名詞不知道咋翻譯）

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

4绳矩、對認(rèn)證服務(wù)進(jìn)行引導(dǎo)

keystone-manage bootstrap --bootstrap-password 設(shè)置一個(gè)admin密碼 \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:35357/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

配置Apache HTTP服務(wù)

1、編輯/etc/apache2/apache2.conf

ServerName controller

2玖翅、重啟apache服務(wù)翼馆，并且刪除SQLite數(shù)據(jù)庫

service apache2 restart
rm -f /var/lib/keystone/keystone.db

3、添加一些環(huán)境變量（臨時(shí)的哦）

export OS_USERNAME=admin
export OS_PASSWORD=這里寫你剛才設(shè)置的admin的密碼
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

創(chuàng)建域金度、項(xiàng)目应媚、用戶和角色

1、創(chuàng)建一個(gè)service項(xiàng)目

openstack project create --domain default \
  --description "Service Project" service

2猜极、創(chuàng)建一個(gè)demo項(xiàng)目和user
創(chuàng)建demo用戶

openstack project create --domain default \
  --description "Demo Project" demo
openstack user create --domain default \
  --password-prompt demo(輸入此句后會需要設(shè)置demo的密碼)

創(chuàng)建user角色

openstack role create user

添加user角色到demo項(xiàng)目和用戶中

openstack role add --project demo --user demo user

驗(yàn)證操作

1中姜、基于安全的考慮在/etc/keystone/keystone-paste.ini中移除

[pipeline:public_api], [pipeline:admin_api],[pipeline:api_v3] 中的admin_token_auth

2、移除掉一些環(huán)境變量

unset OS_AUTH_URL OS_PASSWORD

3跟伏、以admin用戶的身份請求一個(gè)認(rèn)證令牌

openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name default --os-user-domain-name default \
  --os-project-name admin --os-username admin token issue
(會要求輸入admin的密碼)

如果出現(xiàn)類似于以下的信息則表示成功

+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

3丢胚、以demo用戶的身份請求一個(gè)認(rèn)證令牌

openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name default --os-user-domain-name default \
  --os-project-name demo --os-username demo token issue
(會要求輸入demo的密碼)

如果出現(xiàn)類似于以下的信息則表示成功

+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

寫♂腳♂本

由于環(huán)境變量會失效（除非你設(shè)置在bashrc里面去了翩瓜，不過這不利于更換用戶身份）為了方便,可以創(chuàng)建一些腳本
1、創(chuàng)建admin-openrc文件

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=你的admin密碼
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

2携龟、創(chuàng)建demo-openrc文件

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=你的demo密碼
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

3兔跌、驗(yàn)證一下

source admin-openrc
openstack token issue

如果出現(xiàn)類似于以下的信息則表示成功

+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

安裝并配置Swift服務(wù)

環(huán)境準(zhǔn)備

1、運(yùn)行腳本

source admin-openrc

2峡蟋、向Keystone添加swift相關(guān)信息

添加swift用戶

openstack user create --domain default --password-prompt swift(此處要設(shè)置密碼)

將admin角色加入到swift用戶中

openstack role add --project service --user swift admin

添加swift服務(wù)實(shí)體

openstack service create --name swift \
  --description "OpenStack Object Storage" object-store

添加對象存儲服務(wù)API的端點(diǎn)(endpoints)

openstack endpoint create --region RegionOne \
  object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s


openstack endpoint create --region RegionOne \
  object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s


openstack endpoint create --region RegionOne \
  object-store admin http://controller:8080/v1

3坟桅、安裝相關(guān)服務(wù)

apt install swift swift-proxy python-swiftclient \
  python-keystoneclient python-keystonemiddleware \
  memcached \
  swift swift-account swift-container swift-object

配置proxy服務(wù)

1、創(chuàng)建并進(jìn)入/etc/swift文件夾
2层亿、下載proxy-server.conf

curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton

3桦卒、編輯proxy-server.conf

[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift

[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True

[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 你設(shè)置的swift密碼
delay_auth_decision = True

[filter:cache]
use = egg:swift#memcache
memcache_servers = controller:11211

配置存儲相關(guān)服務(wù)

1、安裝服務(wù)

apt install xfsprogs rsync

2匿又、格式化硬盤為XFS格式

(如果不知道硬盤名方灾，可使用fdisk -l查看)

mkfs.xfs /dev/硬盤

3、創(chuàng)建掛載節(jié)點(diǎn)的文件目錄

mkdir -p /srv/node/硬盤

4碌更、在/etc/fstab中添加

/dev/硬盤 /srv/node/硬盤 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2

5裕偿、掛載硬盤

mount /srv/node/硬盤

6、創(chuàng)建并編輯文件 /etc/rsyncd.conf

mkdir /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 你的IP

[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock

[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock

[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock

7痛单、編輯/etc/default/rsync

RSYNC_ENABLE=true

8嘿棘、啟動rsync服務(wù)

service rsync start

9、下載配置文件

curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton

10旭绒、編輯/etc/swift/account-server.conf

[DEFAULT]
bind_ip = 你的IP
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

11鸟妙、編輯/etc/swift/container-server.conf

[DEFAULT]
bind_ip = 你的IP
bind_port = 6001(2.conf為6011)
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift

12、編輯/etc/swift/object-server.conf

[DEFAULT]
bind_ip = 你的IP
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock

13挥吵、修改權(quán)限

chown -R swift:swift /srv/node/*
mkdir -p /var/cache/swift/1 /var/cache/swift/2
chown -R root:swift /var/cache/swift/*
chmod -R 775 /var/cache/swift/*

創(chuàng)建并分配初始化環(huán)

1重父、在/etc/swift中執(zhí)行以下命令

swift-ring-builder account.builder create 10 1 1

swift-ring-builder account.builder add \
  --region 1 --zone 1 --ip 你的IP地址 --port 6002 --device 你的硬盤 --weight 100

swift-ring-builder account.builder rebalance

swift-ring-builder container.builder create 10 1 1

swift-ring-builder container.builder add \
  --region 1 --zone 1 --ip 你的IP地址 --port 6001 --device 你的硬盤 --weight 100

swift-ring-builder container.builder rebalance

swift-ring-builder object.builder create 10 1 1

swift-ring-builder object.builder add \
  --region 1 --zone 1 --ip 你的IP地址 --port 6000 --device 你的硬盤 --weight 100

swift-ring-builder object.builder rebalance

2、在/etc/swift下下載文件

curl -o /etc/swift/swift.conf \
  https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton

3忽匈、執(zhí)行以下命令兩次獲得兩個(gè)字符串

openssl rand -hex 10

4房午、編輯/etc/swift/swift.conf

[swift-hash]
swift_hash_path_suffix = 第一個(gè)字符串
swift_hash_path_prefix = 第二個(gè)字符串
[storage-policy:0]
name = Policy-0
default = yes

5、修改權(quán)限

chown -R root:swift /etc/swift/*

6丹允、重啟服務(wù)

service memcached restart
service swift-proxy restart

7郭厌、啟動對象存儲服務(wù)

swift-init all start

驗(yàn)證swift

1、運(yùn)行腳本

source demo-openrc

2雕蔽、獲得服務(wù)狀態(tài)

swift stat

顯示類似以下信息即成功

                        Account: AUTH_ed0b60bf607743088218b0a533d5943f
                     Containers: 0
                        Objects: 0
                          Bytes: 0
Containers in policy "policy-0": 0
   Objects in policy "policy-0": 0
     Bytes in policy "policy-0": 0
    X-Account-Project-Domain-Id: default
                    X-Timestamp: 1444143887.71539
                     X-Trans-Id: tx1396aeaf17254e94beb34-0056143bde
                   Content-Type: text/plain; charset=utf-8
                  Accept-Ranges: bytes

3折柠、創(chuàng)建一個(gè)容器

openstack container create 容器名

4、上傳一個(gè)對象

openstack object create 容器名 對象名

5萎羔、獲得對象列表

openstack object list 容器名字

6液走、下載對象

 openstack object save 容器名 對象名

也可以用curl或postman驗(yàn)證