azeqjz OpenStack: Swift学习与实践
Swift架构
- OpenStack的Swift服务架构具有一个前端服务:proxyserver (swift-proxy),和三个后端服务:account server (swift-account);container server (swift-container)和object server (swift-object)。Swift API 由 proxy server 进行维护。
- Proxy Server: 处理API请求与定位请求的对象,编解码。
- Ring:映射实体的名称到磁盘的存储位置。Accounts/Containers/Object Server都有自己的Ring。ring 保存了 object 与物理位置的映射关系,proxy server 与Ring通信,提出请求并找到 object。默认情况下,Ring的每个 partition 复制3份,存储的Ring需要分发到集群中所有的服务器中。
- Account Server:保存所有container的列表。
- Container Server:保存包含所有对象的列表。
- Object Server:存储/获取/删除对象。
- Swift是一种分布式存储解决方案,它既不是文件系统也不是实时数据存储。
-每份数据需要在不同 zones 复制,所以 zones 确保数据被隔离,一个 zone 损坏不会对集群产生影响。
-推荐 zone 的数量为5,分布在5个节点上,Swift 默认对数据复制3份,如果某个zone瘫痪,数据仍然可以均匀分布。
Swift命令示意
仍然支持swift post, swift list, 和 swift stat 等命令。新版本OpenStack逐步转向用OpenStack统一CLI。
创建ring
swift-ring-builder <builder_file> add
[r<region>]z<zone>-<ip>:<port>[R<r_ip>:<r_port>]/<device_name>_<meta>
<weight>
[[r<region>]z<zone>-<ip>:<port>[R<r_ip>:<r_port>]/<device_name>_<meta>
<weight>] ...
Where <r_ip> and <r_port> are replication ip and port.
or
swift-ring-builder <builder_file> add
--region <region> --zone <zone> --ip <ip or hostname> --port <port>
[--replication-ip <r_ip or r_hostname>] [--replication-port <r_port>]
--device <device_name> --weight <weight>
[--meta <meta>]
创建container与上传对象
操作用户权限要求
要求有admin权限或者swiftoperator权限。
dashboard操作
在Object Store中创建container:
在container中创建folder与上传对象:
点击container的link:
CLI操作
查看用户权限是否可以操作swift
导入环境变量,可以用环境变量中的admin/favmvajW7WEh7MwEnUKnB4MkB登录OpenStack overcloud链接http://172.25.250.50,进入admin project。
[student@workstation ~(admin-admin)]$ source admin-rc
[student@workstation ~(admin-admin)]$
[student@workstation ~(admin-admin)]$ cat admin-rc
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD=favmvajW7WEh7MwEnUKnB4MkB
export OS_AUTH_URL=http://172.25.250.50:5000/v2.0
export PS1='[\u@\h \W(admin-admin)]\$ '
export OS_TENANT_NAME=admin
export OS_REGION_NAME=regionOne
[student@workstation ~(admin-admin)]$
可以通过env | grep OS_查询目前用户。
查看用户列表
[student@workstation ~(admin-admin)]$ openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| f599788fec954a3298edd2ecd1003352 | admin |
| de3b2c86585f4fcca2a8de1df60348aa | neutron |
| e5a6b8abe19d43a89185b269264e7c5e | heat |
| 5e5fd2f8fd32498fbb174ac382c62d80 | gnocchi |
| eba44218530d421193a40ad70d773337 | aodh |
| 579e3d3bc9bc4650a48bef93549d6dd2 | nova |
| 7567550545cd4ae0b851a39d8eeab416 | glance |
| 23166a38937e4ac195d1b701337a1e79 | ceilometer |
| d87768bbd094453389f88b2a0eb03223 | cinder |
| d3740f4c3c454450a75e11daee5124aa | heat-cfn |
| a8ce6463d0494b7e9de288997caa4ff3 | swift |
| 66bc12cae73645238712bded0b729854 | developer1 |
| 4cc2c444ecb849ec9a9955200c95f8c5 | operator1 |
+----------------------------------+------------+
查看用户详细信息
[student@workstation ~(admin-admin)]$ openstack user show developer1
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| email | developer1@lab.example.com |
| enabled | True |
| id | 66bc12cae73645238712bded0b729854 |
| name | developer1 |
| project_id | c04a7309489b4b1393174db634117234 |
| username | developer1 |
+------------+----------------------------------+
查看用户所在项目
[student@workstation ~(admin-admin)]$ openstack project show c04a7309489b4b1393174db634117234
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | finance |
| enabled | True |
| id | c04a7309489b4b1393174db634117234 |
| name | finance |
| properties | |
+-------------+----------------------------------+
查看用户权限是否可以操作swift
[student@workstation ~(admin-admin)]$ openstack role assignment list -f json --user developer1 --project finance --names
[
{
"Project": "finance",
"Role": "_member_",
"User": "developer1"
},
{
"Project": "finance",
"Role": "swiftoperator",
"User": "developer1"
}
][student@workstation ~(admin-admin)]$ openstack role assignment list -f json --user developer1 --project finance
[
{
"Project": "c04a7309489b4b1393174db634117234",
"Role": "9fe2ff9ee4384b1894a90878d3e92bab",
"User": "66bc12cae73645238712bded0b729854"
},
{
"Project": "c04a7309489b4b1393174db634117234",
"Role": "1669757ff40b48d0ba327905d6fe2643",
"User": "66bc12cae73645238712bded0b729854"
}
][student@workstation ~(admin-admin)]$
切换目标用户进行操作
<未完>