How to do it...

Execute the following command on your openstack-node1, unless otherwise specified:

  1. Configure OpenStack to point to the Ceph RGW by creating the service and its endpoints:
        # keystone service-create --name swift --type object-store 
          --description "ceph object store"
        # keystone endpoint-create --service-id 
        6614554878344bbeaa7fec0d5dccca7f --publicurl 
        http://192.168.1.106:8080/swift/v1 --internalurl 
        http://192.168.1.106:8080/swift/v1 --adminurl 
        http://192.168.1.106:8080/swift/v1 --region RegionOne
  1. Get the Keystone admin token, which will be used for the RGW configuration:
        # cat /etc/keystone/keystone.conf | grep -i admin_token
  1. Create a directory for certificates:
        # mkdir -p /var/ceph/nss
  1. Generate OpenSSL certificates:
        # openssl x509 -in /etc/keystone/ssl/certs/ca.pem 
        -pubkey|certutil -d /var/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
        # openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem 
        -pubkey | certutil -A -d /var/ceph/nss -n signing_cert 
        -t "P,P,P"
  1. Create the /var/ceph/nss directory on rgw-node1:
        # mkdir -p /var/ceph/nss
  1. From openstack-node1, copy OpenSSL certificates to rgw-node1. If you are logging in for the first time, you will get an SSH confirmation; type yes and then type the root password, which is vagrant for all the machines:
        # scp /var/ceph/nss/* rgw-node1:/var/ceph/nss
  1. Update /etc/ceph/ceph.conf on rgw-node1 with the following entries under the [client.rgw.rgw-node1] section:
        rgw keystone url = http://192.168.1.111:5000
        rgw keystone admin token = f72adb0238d74bb885005744ce526148
        rgw keystone accepted roles = admin, Member, swiftoperator
        rgw keystone token cache size = 500
        rgw keystone revocation interval = 60
        rgw s3 auth use keystone = true
        nss db path = /var/ceph/nss

rgw keystone url must be the Keystone management URL that can be gotten from the # keystone endpoint-list command. rgw keystone admin token is the token value that we saved in step 2 of this recipe.

  1. Finally, restart the ceph-radosgw service:
        # systemctl restart ceph-radosgw.target
  1. Now, to test the Keystone and Ceph integration, switch back to openstack-node1 and run the basic Swift commands, and it should not ask for any user keys:
        # export OS_STORAGE_URL=http://192.168.1.106:8080/swift/v1
        # swift list
        # swift post swift-test-bucket
        # swift list
  1. Let us verify if the container swift-test-bucket got created in the RGW:
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset