Install and configure the storage nodes for Red Hat Enterprise Linux and CentOS¶
This section describes how to install and configure storage nodes
that operate the account, container, and object services. For
simplicity, this configuration references two storage nodes, each
containing two empty local block storage devices. The instructions
use /dev/sdb
and /dev/sdc
, but you can substitute different
values for your particular nodes.
Although Object Storage supports any file system with extended attributes (xattr), testing and benchmarking indicate the best performance and reliability on XFS. For more information on horizontally scaling your environment, see the Deployment Guide.
This section applies to Red Hat Enterprise Linux 9 and CentOS stream9.
Prerequisites¶
Before you install and configure the Object Storage service on the storage nodes, you must prepare the storage devices.
Note
Perform these steps on each storage node.
Install the supporting utility packages:
# dnf install xfsprogs rsync
Format the
/dev/sdb
and/dev/sdc
devices as XFS:# mkfs.xfs /dev/sdb # mkfs.xfs /dev/sdc
Create the mount point directory structure:
# mkdir -p /srv/node/sdb # mkdir -p /srv/node/sdc
Find the UUID of the new partitions:
# blkid
Edit the
/etc/fstab
file and add the following to it:UUID="<UUID-from-output-above>" /srv/node/sdb xfs noatime 0 2 UUID="<UUID-from-output-above>" /srv/node/sdc xfs noatime 0 2
Mount the devices:
# mount /srv/node/sdb # mount /srv/node/sdc
Create or edit the
/etc/rsyncd.conf
file to contain the following:uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock
Replace
MANAGEMENT_INTERFACE_IP_ADDRESS
with the IP address of the management network on the storage node.Note
The
rsync
service requires no authentication, so consider running it on a private network in production environments.
Start the
rsyncd
service and configure it to start when the system boots:# systemctl enable rsyncd.service # systemctl start rsyncd.service
Install and configure components¶
Note
Default configuration files vary by distribution. You might need
to add these sections and options rather than modifying existing
sections and options. Also, an ellipsis (...
) in the configuration
snippets indicates potential default configuration options that you
should retain.
Note
Perform these steps on each storage node.
Install the packages:
# dnf install openstack-swift-account openstack-swift-container \ openstack-swift-object
Obtain the accounting, container, and object service configuration files from the Object Storage source repository:
# curl -o /etc/swift/account-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/account-server.conf-sample # curl -o /etc/swift/container-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/container-server.conf-sample # curl -o /etc/swift/object-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/object-server.conf-sample
Edit the
/etc/swift/account-server.conf
file and complete the following actions:In the
[DEFAULT]
section, configure the bind IP address, bind port, user, configuration directory, and mount point directory:[DEFAULT] ... bind_ip = MANAGEMENT_INTERFACE_IP_ADDRESS bind_port = 6202 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = True
Replace
MANAGEMENT_INTERFACE_IP_ADDRESS
with the IP address of the management network on the storage node.In the
[pipeline:main]
section, enable the appropriate modules:[pipeline:main] pipeline = healthcheck recon account-server
Note
For more information on other modules that enable additional features, see the Deployment Guide.
In the
[filter:recon]
section, configure the recon (meters) cache directory:[filter:recon] use = egg:swift#recon ... recon_cache_path = /var/cache/swift
Edit the
/etc/swift/container-server.conf
file and complete the following actions:In the
[DEFAULT]
section, configure the bind IP address, bind port, user, configuration directory, and mount point directory:[DEFAULT] ... bind_ip = MANAGEMENT_INTERFACE_IP_ADDRESS bind_port = 6201 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = True
Replace
MANAGEMENT_INTERFACE_IP_ADDRESS
with the IP address of the management network on the storage node.In the
[pipeline:main]
section, enable the appropriate modules:[pipeline:main] pipeline = healthcheck recon container-server
Note
For more information on other modules that enable additional features, see the Deployment Guide.
In the
[filter:recon]
section, configure the recon (meters) cache directory:[filter:recon] use = egg:swift#recon ... recon_cache_path = /var/cache/swift
Edit the
/etc/swift/object-server.conf
file and complete the following actions:In the
[DEFAULT]
section, configure the bind IP address, bind port, user, configuration directory, and mount point directory:[DEFAULT] ... bind_ip = MANAGEMENT_INTERFACE_IP_ADDRESS bind_port = 6200 user = swift swift_dir = /etc/swift devices = /srv/node mount_check = True
Replace
MANAGEMENT_INTERFACE_IP_ADDRESS
with the IP address of the management network on the storage node.In the
[pipeline:main]
section, enable the appropriate modules:[pipeline:main] pipeline = healthcheck recon object-server
Note
For more information on other modules that enable additional features, see the Deployment Guide.
In the
[filter:recon]
section, configure the recon (meters) cache and lock directories:[filter:recon] use = egg:swift#recon ... recon_cache_path = /var/cache/swift recon_lock_path = /var/lock
Ensure proper ownership of the mount point directory structure:
# chown -R swift:swift /srv/node
Create the
recon
directory and ensure proper ownership of it:# mkdir -p /var/cache/swift # chown -R root:swift /var/cache/swift # chmod -R 775 /var/cache/swift
Enable necessary access in the firewall
# firewall-cmd --permanent --add-port=6200/tcp # firewall-cmd --permanent --add-port=6201/tcp # firewall-cmd --permanent --add-port=6202/tcp
The rsync service includes its own firewall configuration. Connect from one node to another to ensure that access is allowed.