This chapter covers 5% of the Certified OpenStack Administrator exam requirements. You may expect a small number of tasks related to object storage. Moreover, not all OpenStack installations have this type of storage. However, I recommend studying this chapter carefully to maximize the chances of passing the COA exam.
Overview of Swift Object Storage
OpenStack Swift is a highly available, distributed, consistent object Software Defined Storage (SDS) system. In contrast to file storage, object storage works with an object that contains data and metadata itself. Generally, object storage provides access through an API. Objects are available via URLs and HTTP/HTTPS protocols. Object storage can distribute requests across many storage hosts. All objects are accessible in one single namespace, and object storage systems are usually highly scalable.
To pass the Certified OpenStack Administrator exam, you only need to know the basic operations with objects. With the first version of COA, the weight of this topic was 10%. Now it shrinks to just 5%.
Logically, Swift consists of three levels: accounts, containers, and objects.
Account in Swift corresponds to the Project/Tenant in other OpenStack services. Swift users are primarily people who have a username and password. Swift users correspond to accounts in other OpenStack services. Objects are stored in containers that belong to the accounts. You can imagine an account as a file system, with the container as a directory and the object as a file. Figure 8-1 illustrates this.
You can identify each object by its path.
/account_name/container_name/object_name
By default, the data stored in Swift is replicated three times. The main services of Swift are object, account, and container services.
With the swiftcommand, you can start working with containers from the command line. This command shows the summary for the containers and objects.
As you see, there are no objects or containers yet. Let’s try to upload a file to an object store. As a part of the upload command, you need to define a container. A container is automatically created if you point to a nonexisting container.
$ swift upload apress_cont1 /etc/hosts
etc/hosts
$ swift stat | grep Containers
Containers: 1
Containers in policy "policy-0": 1
With the swift listcommand, you can list the containers and the objects within the containers.
$ swift list
apress_cont1
$ swift list apress_cont1
etc/hosts
You can use the swift statcommand to check the status of the object.
You may also specify a particular object in the container.
$ swift download apress_cont1 etc/hosts
etc/hosts [auth 0.260s, headers 0.387s, total 0.388s, 0.001 MB/s]
Figure 8-2shows the Horizon web interface (Project ➤ Object Store ➤ Containers).
Managing Permissions on a Container in Object Storage
Users can set up access control lists (ACLs) at the container level and define the read and write access. To successfully write to a container, a user must have both read and write access.
Here is an example of setting up a “read” ACL for users from a demo project, specifically for user8 from project1.
$ swift post apress_cont1 -r "demo:demo, project1:user8"
A very common method of working with object storage is by using the cURL command-line tool. cURL requests usually include an HTTP verb (such as GET, PUT), authentication information, storage URL, data, and metadata. To get authentication information and storage URL, use the swift auth command.
$ curl -X PUT -H 'X-Auth-Token:gAAAAABi2R3waCe9Wkj_oUMmyxCgDGwpG0o9mytrjxfd_2J_APg_3z4RHDKTPxQgemrDXrkp5F4Hqj1UBEQ6C9z0Er0pgL0KGv_sHusxSyiBqbpITZgohA3ko1rSAc-oUFfTaZ6aPcsoyidsOaO4eT0ObUFlWveCsLadEmFLlyX0X7bkh1a1onc' http://192.168.122.10:8080/v1/AUTH_9e0c535c2240405b989afa450681df18/apress_cont2
For simplicity, it is better to use shell variables constructed by the swift auth command. Let’s rewrite previous commands as follows.
$ $(swift auth)
$ curl -X PUT -H X-Auth-Token:$OS_AUTH_TOKEN $OS_STORAGE_URL/apress_cont2
And here is an example that is similar to using the swift list command.
$ curl -X GET -H X-Auth-Token:$OS_AUTH_TOKEN $OS_STORAGE_URL
apress_cont1
apress_cont2
Next, you can put the file /etc/networks into the apress_cont2 container.
$ curl -X PUT -H X-Auth-Token:$OS_AUTH_TOKEN $OS_STORAGE_URL/apress_cont2/ -T /etc/networks
For checking the content of the apress_cont2 container, use the following command.
$ curl -X GET -H X-Auth-Token:$OS_AUTH_TOKEN $OS_STORAGE_URL/apress_cont2/
networks
And at the end, you can get the contents of the object.
$ curl -X GET -H X-Auth-Token:$OS_AUTH_TOKEN $OS_STORAGE_URL/apress_cont2/networks
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0
Managing Expiring Objects
Swift object storage can schedule the deletion of an object. To do that, you must add the X-Delete-At or X-Delete-After header during an object PUT or POST command. The date and time of deletion should be in Unix Epoch timestamp format. You can use the date command to learn the current date and time in Unix Epoch timestamp format or for conversion.
$ date +%s
1658398821
$ date -d @1658398821
Thu Jul 21 12:20:21 PM CEST 2022
You could use www.epochconverter.com for conversion. The following is an example of how to automatically delete the etc/sysctl.conf object in the apress_cont1 container on Thursday, July 21, 2022, at 12:40:00 PM CEST (1658400000).
$ curl -X POST -H X-Auth-Token:$OS_AUTH_TOKEN -H 'X-Delete-At:1658400000' $OS_STORAGE_URL/apress_cont2/networks <html><h1>Accepted</h1><p>The request is accepted for processing.</p></html>
Note
You should change the suggested time and date to your current plus some extra minutes. You may want to use something like X-Delete-At:$(expr $(date +%s) + 60).
Swift Cluster Monitoring
For Swift cluster monitoring of the account, container, and object servers, special Swift Recon server middleware, and the swift-recon tool are used. If you installed the OpenStack lab environment with the PackStack tool, you need to do the additional configuration of the middleware server. You should change the existing pipeline option in the [pipeline:main] section and add the new [filter:recon] section in three configuration files.
Here is an example of changes made in /etc/swift/object-server.conf.
[pipeline:main]
pipeline = recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
Here is an example of changes made in /etc/swift/container-server.conf.
[pipeline:main]
pipeline = recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
This is an example of changes made in /etc/swift/account-server.conf.
[pipeline:main]
pipeline = recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
After that, you need to check whether the cache directory exists and has the right permissions.
# ls -ld /var/cache/swift/
drwxr-xr-x. 2 swift swift 70 Jul 21 12:56 /var/cache/swift/
For tracking asynchronous pending on your object servers, you need to add a job in cron to run the swift-recon-cron script.
# crontab -e
*/5 * * * * swift /usr/bin/swift-recon-cron /etc/swift/object-server.conf
Then you must reload the Swift services. Now you can try to obtain the cluster load average stats.
For a complete options list, see the swift-recon(1) main page.
Summary
This chapter was probably the most straightforward. If you follow up on the examples in this chapter, you will easily pass the corresponding tasks on the exam. Do not forget you can use the Horizon dashboard. It makes tasks even easier.
The next chapter covers block storage.
Review Questions
1.
Which uploads all the files from the ∼user directory to the tempcontainer container?
A.
swift upload tempcontainer ~user/all
B.
swift upload tempcontainer ~user/*
C.
swift upload ~user/* tempcontainer
D.
swift upload ~user/* tempcontainer all
2.
Which checks the status of the test object in the cont container?
A.
swift stat test cont
B.
swift cont test stat
C.
swift stat cont test
D.
swift test cont stat
3.
Which gets disk usage stats in Swift?
A.
recon -l
B.
swift-recon -d
C.
swift-recon -l
D.
recon -d
4.
Which gets a list of all objects in the test container?
A.
swift list test
B.
swift test list
C.
swift list
D.
swift list container test
5.
Which gets the object with the curl command?
A.
curl -X GET -H 'X-Auth-Token: token' http://server:port/AUTH_User/container/object