diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb index 01bb15201..19f317d40 100644 --- a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/object-server.rb @@ -94,6 +94,17 @@ template "/etc/swift/object-server.conf" do notifies :restart, "service[swift-object-auditor]", :immediately end +%w[ /var/swift /var/swift/recon ].each do |path| + directory path do + # Create the swift recon cache directory and set its permissions. + owner "swift" + group "swift" + mode 00755 + + action :create + end +end + cron "swift-recon" do minute "*/5" command "swift-recon-cron /etc/swift/object-server.conf" diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb index 23232b4bc..3075850e7 100644 --- a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/recipes/proxy-server.rb @@ -127,6 +127,19 @@ else authkey = swift_secrets['swift_authkey'] end +if node["swift"]["authmode"] == "keystone" + openstack_identity_bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token" + %w[ /home/swift /home/swift/keystone-signing ].each do |path| + directory path do + owner "swift" + group "swift" + mode 00700 + + action :create + end + end +end + # create proxy config file template "/etc/swift/proxy-server.conf" do source "proxy-server.conf.erb" @@ -134,6 +147,7 @@ template "/etc/swift/proxy-server.conf" do group "swift" mode "0600" variables("authmode" => node["swift"]["authmode"], + "openstack_identity_bootstrap_token" => openstack_identity_bootstrap_token, "bind_host" => node["swift"]["network"]["proxy-bind-ip"], "bind_port" => node["swift"]["network"]["proxy-bind-port"], "authkey" => authkey, diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb index 35d2d03a0..95da34f33 100644 --- a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/proxy-server.conf.erb @@ -46,6 +46,7 @@ end workers = <%= [ node[:cpu][:total] - 1, 1 ].max %> bind_ip = <%= @bind_host %> bind_port = <%= @bind_port %> +user = swift <% if node[:swift][:statistics][:enabled] -%> log_statsd_host = localhost log_statsd_port = 8125 @@ -137,7 +138,10 @@ use = egg:swift#memcache # commas, as in: 10.1.2.3:11211,10.1.2.4:11211 # memcache_servers = 127.0.0.1:11211 ##### -memcache_servers = <%= @memcache_servers.join(",") %> +#memcache_servers = <%= @memcache_servers.join(",") %> +<% unless @memcache_servers.empty? -%> +memcache_servers = <%= @memcache_servers %> +<% end -%> [filter:ratelimit] use = egg:swift#ratelimit @@ -246,7 +250,7 @@ use = egg:swift#tempurl use = egg:swift#formpost [filter:keystoneauth] -operator_roles = Member,admin +operator_roles = Member,admin,swiftoperator use = egg:swift#keystoneauth [filter:proxy-logging] @@ -268,3 +272,24 @@ use = egg:swift#proxy_logging # not in this list will have "BAD_METHOD" for the portion of the metric. # log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY +[filter:authtoken] +<% case @authmode + +when "keystone" -%> + +paste.filter_factory = keystone.middleware.auth_token:filter_factory +# usage for anonymous referrers ('.r:*') +delay_auth_decision = true +# +signing_dir = /home/swift/keystone-signing +auth_protocol = http +auth_port = 35357 +auth_host = <%= node["swift"]["network"]["proxy-bind-ip"] %> +admin_token = <%= @openstack_identity_bootstrap_token %> +# the service tenant and swift userid and password created in Keystone +admin_tenant_name = service +admin_user = swift +admin_password = swift + +<% end -%> + diff --git a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb index 5bd8526a1..3f101ba5b 100644 --- a/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb +++ b/xCAT-OpenStack/chef-cookbooks/grizzly-xcat/cookbooks/openstack-object-storage/templates/default/rsyncd.conf.erb @@ -3,7 +3,7 @@ gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid -address = 0.0.0.0 +address = <%= @storage_local_net_ip %> [account] max connections = 10