support for keystone+swift
This commit is contained in:
jjhua
parent
784f89b916
commit
2d7b3f6c51
@ -94,6 +94,17 @@ template "/etc/swift/object-server.conf" do
|
||||
notifies :restart, "service[swift-object-auditor]", :immediately
|
||||
end
|
||||
|
||||
%w[ /var/swift /var/swift/recon ].each do |path|
|
||||
directory path do
|
||||
# Create the swift recon cache directory and set its permissions.
|
||||
owner "swift"
|
||||
group "swift"
|
||||
mode 00755
|
||||
|
||||
action :create
|
||||
end
|
||||
end
|
||||
|
||||
cron "swift-recon" do
|
||||
minute "*/5"
|
||||
command "swift-recon-cron /etc/swift/object-server.conf"
|
||||
|
||||
@ -127,6 +127,19 @@ else
|
||||
authkey = swift_secrets['swift_authkey']
|
||||
end
|
||||
|
||||
if node["swift"]["authmode"] == "keystone"
|
||||
openstack_identity_bootstrap_token = secret "secrets", "openstack_identity_bootstrap_token"
|
||||
%w[ /home/swift /home/swift/keystone-signing ].each do |path|
|
||||
directory path do
|
||||
owner "swift"
|
||||
group "swift"
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# create proxy config file
|
||||
template "/etc/swift/proxy-server.conf" do
|
||||
source "proxy-server.conf.erb"
|
||||
@ -134,6 +147,7 @@ template "/etc/swift/proxy-server.conf" do
|
||||
group "swift"
|
||||
mode "0600"
|
||||
variables("authmode" => node["swift"]["authmode"],
|
||||
"openstack_identity_bootstrap_token" => openstack_identity_bootstrap_token,
|
||||
"bind_host" => node["swift"]["network"]["proxy-bind-ip"],
|
||||
"bind_port" => node["swift"]["network"]["proxy-bind-port"],
|
||||
"authkey" => authkey,
|
||||
|
||||
@ -46,6 +46,7 @@ end
|
||||
workers = <%= [ node[:cpu][:total] - 1, 1 ].max %>
|
||||
bind_ip = <%= @bind_host %>
|
||||
bind_port = <%= @bind_port %>
|
||||
user = swift
|
||||
<% if node[:swift][:statistics][:enabled] -%>
|
||||
log_statsd_host = localhost
|
||||
log_statsd_port = 8125
|
||||
@ -137,7 +138,10 @@ use = egg:swift#memcache
|
||||
# commas, as in: 10.1.2.3:11211,10.1.2.4:11211
|
||||
# memcache_servers = 127.0.0.1:11211
|
||||
#####
|
||||
memcache_servers = <%= @memcache_servers.join(",") %>
|
||||
#memcache_servers = <%= @memcache_servers.join(",") %>
|
||||
<% unless @memcache_servers.empty? -%>
|
||||
memcache_servers = <%= @memcache_servers %>
|
||||
<% end -%>
|
||||
|
||||
[filter:ratelimit]
|
||||
use = egg:swift#ratelimit
|
||||
@ -246,7 +250,7 @@ use = egg:swift#tempurl
|
||||
use = egg:swift#formpost
|
||||
|
||||
[filter:keystoneauth]
|
||||
operator_roles = Member,admin
|
||||
operator_roles = Member,admin,swiftoperator
|
||||
use = egg:swift#keystoneauth
|
||||
|
||||
[filter:proxy-logging]
|
||||
@ -268,3 +272,24 @@ use = egg:swift#proxy_logging
|
||||
# not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
|
||||
# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY
|
||||
|
||||
[filter:authtoken]
|
||||
<% case @authmode
|
||||
|
||||
when "keystone" -%>
|
||||
|
||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||
# usage for anonymous referrers ('.r:*')
|
||||
delay_auth_decision = true
|
||||
#
|
||||
signing_dir = /home/swift/keystone-signing
|
||||
auth_protocol = http
|
||||
auth_port = 35357
|
||||
auth_host = <%= node["swift"]["network"]["proxy-bind-ip"] %>
|
||||
admin_token = <%= @openstack_identity_bootstrap_token %>
|
||||
# the service tenant and swift userid and password created in Keystone
|
||||
admin_tenant_name = service
|
||||
admin_user = swift
|
||||
admin_password = swift
|
||||
|
||||
<% end -%>
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ gid = swift
|
||||
|
||||
log file = /var/log/rsyncd.log
|
||||
pid file = /var/run/rsyncd.pid
|
||||
address = 0.0.0.0
|
||||
address = <%= @storage_local_net_ip %>
|
||||
|
||||
[account]
|
||||
max connections = 10
|
||||
|
||||
Loading…
Reference in New Issue
Block a user