Clients connect to OpenStack Object Storage via the proxy servers. This allows us to scale out our OpenStack Object Storage environment as needed, without affecting the frontend to which the clients connect. Configuration of the Swift proxy service is simply done by editing the /etc/swift/proxy-server.conf
file.
Ensure that you are logged in to the swift-proxy
nodes. If you created this with vagrant
, you can access this node by issuing the following command:
vagrant ssh swift-proxy
To configure the OpenStack Object Storage proxy server, carry out the following steps:
/etc/swift/proxy-server.conf
file with the following content:[DEFAULT] bind_port = 8080 user = swift swift_dir = /etc/swift log_level = DEBUG [pipeline:main] # Order of execution of modules defined as follows pipeline = catch_errors healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true set log_name = swift-proxy set log_facility = LOG_LOCAL0 set log_level = INFO set access_log_name = swift-proxy set access_log_facility = SYSLOG set access_log_level = INFO set log_headers = True [filter:healthcheck] use = egg:swift#healthcheck [filter:catch_errors] use = egg:swift#catch_errors [filter:cache] use = egg:swift#memcache set log_name = cache [filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory # Delaying the auth decision is required to support token-less # usage for anonymous referrers ('.r:*'). delay_auth_decision = true # auth_* settings refer to the Keystone server auth_uri = https://192.168.100.200:35357/v2.0/ identity_uri = https://192.168.100.200:5000 insecure = True # using self-signed certs # the service tenant and swift username and password created in Keystone admin_tenant_name = service admin_user = swift admin_password = swift signing_dir = /var/swift-signing [filter:keystone] use = egg:swift#keystoneauth operator_roles = admin, Member
/etc/swift/swift.conf
that must be present on all servers in our environment. We will copy this same file with exactly the same content to all servers (proxy servers and storage nodes):[swift-hash] # Random unique string used on all nodes swift_hash_path_prefix=a4rUmUIgJYXpKhbh swift_hash_path_suffix=NESuuUEqc6OXwy6X
The contents of the /etc/swift/proxy-server.conf
file define how the OpenStack Object Storage proxy server is configured.
For our purposes, we will run our proxy on port 8080
as the user swift
, and it will log to syslog
using the log level of INFO
(this is the default logging level).
The [filter:authtoken]
and [filter:keystone]
sections connect our OpenStack Object Storage proxy to keystone
running on our controller
virtual machine. The contents of [filter:authtoken]
take the same syntax as our other OpenStack services when configuring to keystone
.
The /etc/swift/swift.conf
file is not unique to the proxy server. This file must be present on all of our Swift servers and have exactly the same contents. This will be replicated onto the storage nodes when we configure the services on them.