Install and configure the controller node for Red Hat Enterprise Linux and CentOS

Install and configure the controller node for Red Hat Enterprise Linux and CentOS

This section describes how to install and configure the proxy service that handles requests for the account, container, and object services operating on the storage nodes. For simplicity, this guide installs and configures the proxy service on the controller node. However, you can run the proxy service on any node with network connectivity to the storage nodes. Additionally, you can install and configure the proxy service on multiple nodes to increase performance and redundancy. For more information, see the Deployment Guide.

This section applies to Red Hat Enterprise Linux 7 and CentOS 7.

Prerequisites

The proxy service relies on an authentication and authorization mechanism such as the Identity service. However, unlike other services, it also offers an internal mechanism that allows it to operate without any other OpenStack services. Before you configure the Object Storage service, you must create service credentials and an API endpoint.

Note

The Object Storage service does not use an SQL database on the controller node. Instead, it uses distributed SQLite databases on each storage node.

  1. Source the admin credentials to gain access to admin-only CLI commands:

    $ . admin-openrc
    
  2. To create the Identity service credentials, complete these steps:

    • Create the swift user:

      $ openstack user create --domain default --password-prompt swift
      User Password:
      Repeat User Password:
      +-----------+----------------------------------+
      | Field     | Value                            |
      +-----------+----------------------------------+
      | domain_id | default                          |
      | enabled   | True                             |
      | id        | d535e5cbd2b74ac7bfb97db9cced3ed6 |
      | name      | swift                            |
      +-----------+----------------------------------+
      
    • Add the admin role to the swift user:

      $ openstack role add --project service --user swift admin
      

      Note

      This command provides no output.

    • Create the swift service entity:

      $ openstack service create --name swift \
        --description "OpenStack Object Storage" object-store
      +-------------+----------------------------------+
      | Field       | Value                            |
      +-------------+----------------------------------+
      | description | OpenStack Object Storage         |
      | enabled     | True                             |
      | id          | 75ef509da2c340499d454ae96a2c5c34 |
      | name        | swift                            |
      | type        | object-store                     |
      +-------------+----------------------------------+
      
  3. Create the Object Storage service API endpoints:

    $ openstack endpoint create --region RegionOne \
      object-store public http://controller:8080/v1/AUTH_%\(project_id\)s
    +--------------+----------------------------------------------+
    | Field        | Value                                        |
    +--------------+----------------------------------------------+
    | enabled      | True                                         |
    | id           | 12bfd36f26694c97813f665707114e0d             |
    | interface    | public                                       |
    | region       | RegionOne                                    |
    | region_id    | RegionOne                                    |
    | service_id   | 75ef509da2c340499d454ae96a2c5c34             |
    | service_name | swift                                        |
    | service_type | object-store                                 |
    | url          | http://controller:8080/v1/AUTH_%(project_id)s |
    +--------------+----------------------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      object-store internal http://controller:8080/v1/AUTH_%\(project_id\)s
    +--------------+----------------------------------------------+
    | Field        | Value                                        |
    +--------------+----------------------------------------------+
    | enabled      | True                                         |
    | id           | 7a36bee6733a4b5590d74d3080ee6789             |
    | interface    | internal                                     |
    | region       | RegionOne                                    |
    | region_id    | RegionOne                                    |
    | service_id   | 75ef509da2c340499d454ae96a2c5c34             |
    | service_name | swift                                        |
    | service_type | object-store                                 |
    | url          | http://controller:8080/v1/AUTH_%(project_id)s |
    +--------------+----------------------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      object-store admin http://controller:8080/v1
    +--------------+----------------------------------+
    | Field        | Value                            |
    +--------------+----------------------------------+
    | enabled      | True                             |
    | id           | ebb72cd6851d4defabc0b9d71cdca69b |
    | interface    | admin                            |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | 75ef509da2c340499d454ae96a2c5c34 |
    | service_name | swift                            |
    | service_type | object-store                     |
    | url          | http://controller:8080/v1        |
    +--------------+----------------------------------+
    

Install and configure components

Note

Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain.

  1. Install the packages:

    # yum install openstack-swift-proxy python-swiftclient \
      python-keystoneclient python-keystonemiddleware \
      memcached
    

    Note

    Complete OpenStack environments already include some of these packages.

    1. Obtain the proxy service configuration file from the Object Storage source repository:

      # curl -o /etc/swift/proxy-server.conf https://opendev.org/openstack/swift/raw/branch/stable/rocky/etc/proxy-server.conf-sample
      
    2. Edit the /etc/swift/proxy-server.conf file and complete the following actions:

      • In the [DEFAULT] section, configure the bind port, user, and configuration directory:

        [DEFAULT]
        ...
        bind_port = 8080
        user = swift
        swift_dir = /etc/swift
        
      • In the [pipeline:main] section, remove the tempurl and tempauth modules and add the authtoken and keystoneauth modules:

        [pipeline:main]
        pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
        

        Note

        Do not change the order of the modules.

        Note

        For more information on other modules that enable additional features, see the Deployment Guide.

      • In the [app:proxy-server] section, enable automatic account creation:

        [app:proxy-server]
        use = egg:swift#proxy
        ...
        account_autocreate = True
        
      • In the [filter:keystoneauth] section, configure the operator roles:

        [filter:keystoneauth]
        use = egg:swift#keystoneauth
        ...
        operator_roles = admin,user
        
      • In the [filter:authtoken] section, configure Identity service access:

        [filter:authtoken]
        paste.filter_factory = keystonemiddleware.auth_token:filter_factory
        ...
        www_authenticate_uri = http://controller:5000
        auth_url = http://controller:35357
        memcached_servers = controller:11211
        auth_type = password
        project_domain_id = default
        user_domain_id = default
        project_name = service
        username = swift
        password = SWIFT_PASS
        delay_auth_decision = True
        

        Replace SWIFT_PASS with the password you chose for the swift user in the Identity service.

        Note

        Comment out or remove any other options in the [filter:authtoken] section.

      • In the [filter:cache] section, configure the memcached location:

        [filter:cache]
        use = egg:swift#memcache
        ...
        memcache_servers = controller:11211
        
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

swift 2.19.3.dev7