Commit Graph

65 Commits

Author SHA1 Message Date
Corey Bryant 745a89a7c1 Add Kinetic and Zed support
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
* add domain/project to auth section of yoga proxy-server.conf

Change-Id: I93da9ce52bed2b3e8a467491d2a61bfd2ed4ea7d
Closes-Bug: #1988491
2022-09-06 16:23:07 +00:00
jneo8 daef40a837 Add new version template: yoga
Closes-Bug: #1960866
Change-Id: I90769c16ca05c725c212255da5cb04a5e36bdcda
2022-04-21 15:17:08 +08:00
Frode Nordahl ed9051a9f3
s3token: Fix Keystone API configuration
Upstream removed the api_version configuration option and started
to expect the version to be encoded in the Keystone URL at Rocky.

Add S3 API functional test.

Remove invalid configuration items in the s3token section.

Remove configuration templates for OpenStack versions prior to
Mitaka.

Change-Id: Ia3306441222f7c078d460c659701a57a5944c928
Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/194
Closes-Bug: #1867373
2020-03-16 12:26:52 +01:00
tpsilva 2d8d80e47e Disable Apache port 80
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: I63f46223c64f2561f505828491a482dea79dc39a
Closes-bug: #1845665
2020-01-29 18:23:08 +00:00
Zuul 2b55aadb56 Merge "Drop support of swauth for Train and later" 2020-01-08 13:57:52 +00:00
Zuul 5f2cc4e7dc Merge "Set include_service_catalog to False" 2020-01-08 11:22:55 +00:00
Corey Bryant 1b47612f87 Drop support of swauth for Train and later
swauth is no longer maintained as of OpenStack Train [1] so we
need to stop supporting it for OpenStack Train and later.

[1] https://opendev.org/x/swauth

Closes-Bug: #1851394
Change-Id: Ic2345427951a311477d6808077fb18b248036b82
2020-01-07 15:03:08 -05:00
Zuul e31253d15b Merge "Revert "Disable Apache default ports"" 2019-12-20 09:43:38 +00:00
Tiago Pasqualini da Silva f7a3670d87 Revert "Disable Apache default ports"
This reverts commit 235ef232df.

Change-Id: Iebd50c664273ed7178e3ec590c30eee66760b9df
2019-12-20 02:05:18 +00:00
Zuul d80cb2a8ed Merge "Disable Apache default ports" 2019-12-19 12:26:36 +00:00
Tytus Kurek 44df5db97d Swift Global Cluster
This patchset adds a support for Swift Global Cluster feature as
described at:

https://docs.openstack.org/swift/latest/overview_global_cluster.html

It allows specifying affinity settings as parrt of the deployment.
Moreover, the master - slave relation is introduced for the purpose of
rings distribution across proxy nodes participating in the Swift Global
Cluster.

Change-Id: I406445493e2226aa5ae40a09c9053ac8633a46e9
Closes-Bug: 1815879
Depends-On: I11b6c7802e5bfbd61b06e4d11c65804a165781b6
2019-12-16 14:51:56 +00:00
Alex Kavanagh bcaa0b67ae Set include_service_catalog to False
As per the recommendations in [1], this patchset sets configures
authtoken to not include the service catalog.  This should improve
performance on token authentication and generally help keystone.

[1] https://docs.openstack.org/swift/latest/overview_auth.html#configuring-swift-to-use-keystone

Change-Id: Iaf0da1dbd19e5aa563224a388312fb4dc71a5961
2019-11-29 15:10:35 +00:00
tpsilva 235ef232df Disable Apache default ports
Openstack services don't use the default ports (80 and 443), so
change Apache to not open them.

Change-Id: Iebde91ae780ab50e61ec5ad49961214ac2a137c4
Closes-bug: #1845665
2019-11-27 12:51:57 +00:00
Tytus Kurek f9a02a3f58 Dispersion report
This patchset adds a template for the 'dispersion.conf' file which is
used for swift cluster health monitoring.

Change-Id: I348ded9f94f2bcb7a680b2c2280ff163cde65c46
Closes-Bug: 1328064
2019-07-01 09:24:10 +00:00
Edward Hope-Morley cc280d9dcb Add S3 SigV4 location support
Change-Id: I2ee8cb968ae2cf34558546b1be6be5273c2f52d3
Closes-Bug: #1822322
2019-05-03 11:16:25 +01:00
Edward Hope-Morley 69caa6eb50 Fix Queens+ S3 auth
Commit e92e8a7 changed the order of auth middleware in the proxy
pipeline which causes S3 api requests to get a 403 error. This
fixes it.

Change-Id: I11bb1e7e3ceeec9753ad6c86072287871a4eb703
Closes-Bug: #1814541
2019-02-04 14:19:57 +00:00
James Page 8cf9dd4e1a Support deploy of Swift with internal S3 support
Swift support is in-tree for Swift since OpenStack Rocky, and
the swift-plugin-s3 package has been removed from the archive at
Cosmic so drop installation at Rocky.

Add new template for Rocky to use the in-tree s3api and s3token
middleware.

Enable cosmic test to validate changes.

Change-Id: Ie5447dc44203c1ea2ad27e6d71248ba59d7549d0
Closes-Bug: 1805597
2018-12-18 10:12:19 +00:00
James Page e92e8a75e0 Update pipeline for refstack compatibility
Re-align pipeline with default example pipeline; this includes
adding the following new middleware:

    - copy
    - ratelimit
    - symlink

Re-work SLO middleware configuration to avoid duplicated section.

Re-order middleware inline with documentation avoiding authentication
issues when using DLO/SLO features.

Drop proxy-server.conf validation; its brittle and function should be
validated by other tests anyway.

Change-Id: Ic9df7c12ee0bb402245ad2e64da0d905fe68890c
Closes-Bug: 1794255
2018-09-26 08:14:36 +01:00
Edward Hope-Morley fc14531999 Fix Queens Swift S3 API
Adds new template for Queens that correctly configures
swift3, s3token and proxy pipeline.

Also fixes amulet tests that are currently failing due
to vdb being already mounted in guest and templates
that fail py3.5 due to jinja syntax.

Change-Id: I8ed8a12d2d6adc1f1f3158808101b123ec6bd20d
Closes-Bug: #1775260
2018-06-18 16:43:58 +01:00
Shane Peters 3b2efe479f Add support for Static Large Objects
Adds the necessary filter to the swift-proxy config
to support Static Large Objects (SLO).

A new config value 'static-large-object-segments' toggles
SLO support and allows the user to control the maximum object
size when set to a value >0.

Change-Id: I42a88292775badb9fd70e5b99558d084ddcdc29f
Closes-Bug: 1753811
2018-05-04 09:56:45 -04:00
Edward Hope-Morley a256263c79 Fix S3 API for >= Kilo
From Kilo onwards the swift-proxy charm is
misconfiguring the swift3 middleware such that
the api is unable to respond to any requests.
We fix this by providing working config for
Kilo onwards.

NOTE: see LP for full explanation but due to
problems with package version mismatches in the
UCA this patch only fixes Trusty Kilo, (L is
EOL) and Xenial Mitaka.

Change-Id: Ice5690e7f06ffc78dd20b53b67dffc6bd72b2613
Closes-Bug: 1738063
2017-12-14 18:38:32 +00:00
James Hebden a11ff79fc7 Add statsd logging support to the swift-proxy charm
By default, statsd metrics can be sent by swift-proxy
for diagnostic and monitoring purposes, but are disabled
by default. This change exposes charm config settings
that allow it to be enabled by setting 'statsd_host'
to a non-empty value. 'statsd_port' and 'statsd_sample_rate'
are also supported for changing the destination port
and rate at which metrics are collected.

Closes-Bug: #1729771

Change-Id: I2d5cca233d48022073b5975c06c3da2b1896d8d9
2017-11-05 18:03:54 +11:00
James Page 9f2038d20a Improve support for telemetry collection
Add new amqp interface and configure ceilometermiddleware to
send telemetry notifications via RabbitMQ when swift-proxy is
related to the rabbitmq-server charm.

This change also includes some tidyup to include required
components in the swift pipelines (automagically added by swift
prior to this).

Change-Id: Ie3c5c87b31d805cb7e62fa47c322402f47dd0d33
Closes-Bug: 1321281
2017-08-08 14:10:41 +01:00
Frode Nordahl 7c24ae8128 Fix Keystone v3 auth for swift-proxy
No need for refresh of proxy-server.conf template for Mitaka. Update
template for Kilo and later to make use of domain_name and project_name
parameters instead of domain_id and project_id parameters.

The current template sets up auth to user in default domain
but project in service domain. This does not work with service
domain layout.

Do not request configured operator_roles roles from Keystone. From
which roles swift-proxy should accept requests are still configured
in proxy-server.conf, but requesting and setting up these roles for
the s3_swift user in Keystone is incorrect behaviour.

Register required relation data for identity-service immediatelly when
relation to 'identity-service' exists. Do not postpone registration
until context is complete which may cause the swift-proxy unit marking
itself ready while still being in a unconfigured state.

Add tests to verify configuration and operation of swift-proxy when
using Keystone v3 auth.

Change-Id: I8bf182a9256f96af50e4cc37505d9c0ca3d62e47
Closes-Bug: 1646765
2016-12-08 07:17:26 +01:00
Chris MacNaughton ce3f15310e Implement swauth
This change implements the alternative authentication system,
swauth in addition to adding an action to add users to swauth

Change-Id: Ib752cd3a2a58f6c8cb06119c6be595cfc07ddc9f
2016-09-23 09:12:43 -04:00
Liam Young 5b8b04a213 Fix support for Keystone v3 API
Swift proxy is currently rejecting valid v3 tokens because it is
failing to validate them due to its credentials being in the v2
format and missing domain information. This change examines the
version of the API keystone has advertised down the identity-service
relation and configures the proxy conf appropriately

Change-Id: Id2215168ffbad1caf0e7203ded26c41913181306
Closes-Bug: 1624304
2016-09-16 13:58:26 +00:00
Chris MacNaughton 25a2ea7fdd Fix S3 support, register endpoint in keystone
This change registers the configured S3 proxy with Keystone, so that
your cloud knows about the S3 endpoints.

Also includes an update to ensure that the s3token middleware
authenticates against the correct keystone endpoint.

Change-Id: I07d25df6332028a99e0bf79b39f998f84613a4fc
2016-07-14 15:44:02 +01:00
James Page 43b67150e0 [xtrusia,r=james-page] Add support for debug and header logging. 2015-04-20 12:17:45 +01:00
Seyeong Kim 945d03dc67 default things to template, more option on if branch 2015-04-13 22:57:02 +00:00
Seyeong Kim f666e53be2 add log configuration 2015-04-09 05:36:21 +00:00
James Page 8feec5a0bf Fixup templates, add service_host to identity data 2015-03-25 08:58:13 +00:00
James Page e1222c7433 Remove deprecated config 2015-03-25 08:52:36 +00:00
James Page c31e0bc9c2 Add kilo template 2015-03-25 08:49:32 +00:00
Edward Hope-Morley efe142e697 added signing_dir field to template 2015-02-20 10:20:45 +00:00
Hui Xiang acb7a64be3 Use general BindHostContext(). 2014-09-25 14:20:53 +08:00
Hui Xiang 59aaa38404 Correct templates to support IPv6. 2014-08-15 15:06:25 +08:00
Ryan Harper bd70af7296 Add config options for proxy-server.conf template. node-timeout and recoverable-node-timeout. For large swift/glance uploads, higher defaults are needed to prevent uploads from failing on real servers which are slower than VMs. 2014-06-03 20:38:25 -05:00
James Page c42b78b18c Add gatekeeper to pipeline 2014-04-07 15:44:39 +01:00
James Page 4aba610dc5 Add container_sync to pipeline 2014-04-07 15:41:43 +01:00
James Page e10b2305a7 Add tempurl to pipeline in icehouse 2014-04-07 15:39:29 +01:00
James Page cd9b7d1abe Fix typo 2014-04-03 19:02:30 +01:00
James Page 121417212e Add formpost filter for icehouse 2014-04-03 19:00:08 +01:00
James Page e5270d8e57 Enable slo and dlo for icehouse 2014-04-03 18:52:45 +01:00
James Page b895d10629 Add bulk support 2014-04-03 18:50:59 +01:00
James Page 10750ca169 Add staticweb support for icehouse 2014-04-03 18:46:52 +01:00
James Page e891b12b02 Merge ssl-everywhere branch 2014-03-27 11:23:24 +00:00
James Page 4ac69e9d4c Correct keystoneauth component of pipeline for icehouse 2014-03-07 10:15:12 +00:00
James Page a463fe947e Renable s3token for icehouse now that keystoneclient is fixed 2014-03-07 10:13:22 +00:00
James Page 32185b7789 Use s3_token from keystoneclient middleware, add s3token back into the pipeline 2014-03-07 10:11:00 +00:00
James Page 0bda3aeaeb Add service protocol config as well 2014-02-27 12:17:53 +00:00