https://www.os3.nl/2010-2011/students/vic_ding/lia \\
Above is the link to the wiki of the configuration in case people would like to replicate such an object storage thing.
It is a going on project, so reports and slides will be attached later.
=== Shared part on all machines ===
apt-get install python-software-properties
add-apt-repository ppa:swift-core/ppa
apt-get update
apt-get install swift
mkdir -p /etc/swift
chown -R swift:swift /etc/swift/
nano /etc/swift/swift.conf
##paste this
[swift-hash]
# random unique string that can never change (DO NOT LOSE)
swift_hash_path_suffix =
##end of paste
=== proxy node ===
apt-get install swift-proxy memcached
nano /etc/memcached.conf
##change the following line
-l 145.100.106.85
##end of change
service memcached restart
nano /etc/swift/proxy-server.conf
##paste this
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 8
user = swift
[pipeline:main]
# For DevAuth:
pipeline = healthcheck cache auth proxy-server
# For Swauth:
# pipeline = healthcheck cache swauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
# Only needed for DevAuth
[filter:auth]
use = egg:swift#auth
ip = 145.100.106.86
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = 145.100.106.85:11211
##end of paste
swift-ring-builder account.builder create 18 3 1
swift-ring-builder container.builder create 18 3 1
swift-ring-builder object.builder create 18 3 1
swift-ring-builder account.builder add z1-145.100.106.87:6002/sdb1 100
swift-ring-builder account.builder add z2-145.100.106.88:6002/sdb1 100
swift-ring-builder account.builder add z3-145.100.106.89:6002/sdb1 100
swift-ring-builder account.builder add z4-145.100.105.88:6002/sdb1 100
swift-ring-builder account.builder add z5-145.100.105.89:6002/sdb1 100
swift-ring-builder container.builder add z1-145.100.106.87:6001/sdb1 100
swift-ring-builder container.builder add z2-145.100.106.88:6001/sdb1 100
swift-ring-builder container.builder add z3-145.100.106.89:6001/sdb1 100
swift-ring-builder container.builder add z4-145.100.105.88:6001/sdb1 100
swift-ring-builder container.builder add z5-145.100.105.89:6001/sdb1 100
swift-ring-builder object.builder add z1-145.100.106.87:6000/sdb1 100
swift-ring-builder object.builder add z2-145.100.106.88:6000/sdb1 100
swift-ring-builder object.builder add z3-145.100.106.89:6000/sdb1 100
swift-ring-builder object.builder add z4-145.100.105.88:6000/sdb1 100
swift-ring-builder object.builder add z5-145.100.105.89:6000/sdb1 100
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder rebalance
#### do this on "every" machine ###
scp fsadmin@145.100.106.85:/etc/swift/*.gz /etc/swift/
chown swift:swift /etc/swift/*
#### end every do
swift-init proxy restart
=== Auth node ===
apt-get install swift-auth
nano /etc/swift/auth-server.conf
## paste this
[DEFAULT]
user = swift
[pipeline:main]
pipeline = auth-server
[app:auth-server]
use = egg:swift#auth
default_cluster_url = http://145.100.106.85:8080/v1
# Highly recommended to change this key to something else!
super_admin_key =
## end of paste
chown -R swift:swift /etc/swift/*
=== Storage nodes ===
run on each of it
apt-get install swift-account swift-container swift-object xfsprogs
#make file image and convert to xfs
dd if=/dev/zero of=/storage.img bs=1024 count=1 seek=10M
mkfs.xfs -i size=1024 /storage.img
echo "/storage.img /srv/node/sdb1 xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab
mkdir -p /srv/node/sdb1
mount /srv/node/sdb1
chown -R swift:swift /srv/node
nano /etc/rsyncd.conf
##paste this
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address =
[account]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = false
lock file = /var/lock/object.lock
##end of paste
nano /etc/default/rsync
##change this line
RSYNC_ENABLE=true
##end of change
service rsync start
nano /etc/swift/account-server.conf
##paste this
[DEFAULT]
bind_ip =
workers = 2
[pipeline:main]
pipeline = account-server
[app:account-server]
use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper]
##end of paste
nano /etc/swift/container-server.conf
##paste this
[DEFAULT]
bind_ip =
workers = 2
[pipeline:main]
pipeline = container-server
[app:container-server]
use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
##end of paste
nano /etc/swift/object-server.conf
##paste this
[DEFAULT]
bind_ip =
workers = 2
[pipeline:main]
pipeline = object-server
[app:object-server]
use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
##end of paste
swift-init object-server start
swift-init object-replicator start
swift-init object-updater start
swift-init object-auditor start
swift-init container-server start
swift-init container-replicator start
swift-init container-updater start
swift-init container-auditor start
swift-init account-server start
swift-init account-replicator start
swift-init account-auditor start
=== add account ===
add a admin user with the following command
swift-auth-add-user -K devauth -a system root testpass
=== upload and download files ===
1.
Create a user with administrative privileges (account = system, username = root, password = testpass). Make sure to replace devauth (or swauthkey) with whatever super_admin key you assigned in the auth-server.conf file (or proxy-server.conf file in the case of Swauth) above. Note: None of the values of account, username, or password are special - they can be anything.:
# For DevAuth:
swift-auth-add-user -K devauth -a system root testpass
# For Swauth:
swauth-add-user -K swauthkey -a system root testpass
2.
Get an X-Storage-Url and X-Auth-Token:
curl -k -v -H 'X-Storage-User: system:root' -H 'X-Storage-Pass: testpass' https://:11000/v1.0
3.
Check that you can HEAD the account:
curl -k -v -H 'X-Auth-Token: '
4.
Check that st works:
st -A https://:11000/v1.0 -U system:root -K testpass stat
5.
Use st to upload a few files named ‘bigfile[1-2].tgz’ to a container named ‘myfiles’:
st -A https://:11000/v1.0 -U system:root -K testpass upload myfiles bigfile1.tgz
st -A https://:11000/v1.0 -U system:root -K testpass upload myfiles bigfile2.tgz
6.
Use st to download all files from the ‘myfiles’ container:
st -A https://:11000/v1.0 -U system:root -K testpass download myfiles
I uploaded a test file, name: testfile. with only "hihi" in it. Then I try to open it directly from the storage node.
root@storage1:/etc/swift# cat /srv/node/sdb1/objects/130033/2b6/7efc7b52beaf55b7ce478ab7bfd0c2b6/1299174108.09001.data
hihi
Works~!!!!
Created script to up/download file. It is on the proxy server home folder of the user.
./transfer [upload|download]
choose the action you want to do and give the filename
first cp the original script then change obj/server.py for encryption
sudo cp /usr/share/pyshared/swift/obj/server.py /usr/share/pyshared/swift/obj/server.py.origin
sudo scp fsadmin@145.100.106.85:/usr/share/pyshared/swift/obj/server.py /usr/share/pyshared/swift/obj/server.py
sudo swift-init all restart
Looks like there is integrity check on the chunk, so the encrypted part won't pass the text hence won't be written to the disk. Have to figure it out.