* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
* add domain/project to auth section of yoga proxy-server.conf
Change-Id: I93da9ce52bed2b3e8a467491d2a61bfd2ed4ea7d
Closes-Bug: #1988491
Upstream removed the api_version configuration option and started
to expect the version to be encoded in the Keystone URL at Rocky.
Add S3 API functional test.
Remove invalid configuration items in the s3token section.
Remove configuration templates for OpenStack versions prior to
Mitaka.
Change-Id: Ia3306441222f7c078d460c659701a57a5944c928
Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/194
Closes-Bug: #1867373
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.
Change-Id: I63f46223c64f2561f505828491a482dea79dc39a
Closes-bug: #1845665
swauth is no longer maintained as of OpenStack Train [1] so we
need to stop supporting it for OpenStack Train and later.
[1] https://opendev.org/x/swauth
Closes-Bug: #1851394
Change-Id: Ic2345427951a311477d6808077fb18b248036b82
This patchset adds a support for Swift Global Cluster feature as
described at:
https://docs.openstack.org/swift/latest/overview_global_cluster.html
It allows specifying affinity settings as parrt of the deployment.
Moreover, the master - slave relation is introduced for the purpose of
rings distribution across proxy nodes participating in the Swift Global
Cluster.
Change-Id: I406445493e2226aa5ae40a09c9053ac8633a46e9
Closes-Bug: 1815879
Depends-On: I11b6c7802e5bfbd61b06e4d11c65804a165781b6
Openstack services don't use the default ports (80 and 443), so
change Apache to not open them.
Change-Id: Iebde91ae780ab50e61ec5ad49961214ac2a137c4
Closes-bug: #1845665
This patchset adds a template for the 'dispersion.conf' file which is
used for swift cluster health monitoring.
Change-Id: I348ded9f94f2bcb7a680b2c2280ff163cde65c46
Closes-Bug: 1328064
Commit e92e8a7 changed the order of auth middleware in the proxy
pipeline which causes S3 api requests to get a 403 error. This
fixes it.
Change-Id: I11bb1e7e3ceeec9753ad6c86072287871a4eb703
Closes-Bug: #1814541
Swift support is in-tree for Swift since OpenStack Rocky, and
the swift-plugin-s3 package has been removed from the archive at
Cosmic so drop installation at Rocky.
Add new template for Rocky to use the in-tree s3api and s3token
middleware.
Enable cosmic test to validate changes.
Change-Id: Ie5447dc44203c1ea2ad27e6d71248ba59d7549d0
Closes-Bug: 1805597
Re-align pipeline with default example pipeline; this includes
adding the following new middleware:
- copy
- ratelimit
- symlink
Re-work SLO middleware configuration to avoid duplicated section.
Re-order middleware inline with documentation avoiding authentication
issues when using DLO/SLO features.
Drop proxy-server.conf validation; its brittle and function should be
validated by other tests anyway.
Change-Id: Ic9df7c12ee0bb402245ad2e64da0d905fe68890c
Closes-Bug: 1794255
Adds new template for Queens that correctly configures
swift3, s3token and proxy pipeline.
Also fixes amulet tests that are currently failing due
to vdb being already mounted in guest and templates
that fail py3.5 due to jinja syntax.
Change-Id: I8ed8a12d2d6adc1f1f3158808101b123ec6bd20d
Closes-Bug: #1775260
Adds the necessary filter to the swift-proxy config
to support Static Large Objects (SLO).
A new config value 'static-large-object-segments' toggles
SLO support and allows the user to control the maximum object
size when set to a value >0.
Change-Id: I42a88292775badb9fd70e5b99558d084ddcdc29f
Closes-Bug: 1753811
From Kilo onwards the swift-proxy charm is
misconfiguring the swift3 middleware such that
the api is unable to respond to any requests.
We fix this by providing working config for
Kilo onwards.
NOTE: see LP for full explanation but due to
problems with package version mismatches in the
UCA this patch only fixes Trusty Kilo, (L is
EOL) and Xenial Mitaka.
Change-Id: Ice5690e7f06ffc78dd20b53b67dffc6bd72b2613
Closes-Bug: 1738063
By default, statsd metrics can be sent by swift-proxy
for diagnostic and monitoring purposes, but are disabled
by default. This change exposes charm config settings
that allow it to be enabled by setting 'statsd_host'
to a non-empty value. 'statsd_port' and 'statsd_sample_rate'
are also supported for changing the destination port
and rate at which metrics are collected.
Closes-Bug: #1729771
Change-Id: I2d5cca233d48022073b5975c06c3da2b1896d8d9
Add new amqp interface and configure ceilometermiddleware to
send telemetry notifications via RabbitMQ when swift-proxy is
related to the rabbitmq-server charm.
This change also includes some tidyup to include required
components in the swift pipelines (automagically added by swift
prior to this).
Change-Id: Ie3c5c87b31d805cb7e62fa47c322402f47dd0d33
Closes-Bug: 1321281
No need for refresh of proxy-server.conf template for Mitaka. Update
template for Kilo and later to make use of domain_name and project_name
parameters instead of domain_id and project_id parameters.
The current template sets up auth to user in default domain
but project in service domain. This does not work with service
domain layout.
Do not request configured operator_roles roles from Keystone. From
which roles swift-proxy should accept requests are still configured
in proxy-server.conf, but requesting and setting up these roles for
the s3_swift user in Keystone is incorrect behaviour.
Register required relation data for identity-service immediatelly when
relation to 'identity-service' exists. Do not postpone registration
until context is complete which may cause the swift-proxy unit marking
itself ready while still being in a unconfigured state.
Add tests to verify configuration and operation of swift-proxy when
using Keystone v3 auth.
Change-Id: I8bf182a9256f96af50e4cc37505d9c0ca3d62e47
Closes-Bug: 1646765
This change implements the alternative authentication system,
swauth in addition to adding an action to add users to swauth
Change-Id: Ib752cd3a2a58f6c8cb06119c6be595cfc07ddc9f
Swift proxy is currently rejecting valid v3 tokens because it is
failing to validate them due to its credentials being in the v2
format and missing domain information. This change examines the
version of the API keystone has advertised down the identity-service
relation and configures the proxy conf appropriately
Change-Id: Id2215168ffbad1caf0e7203ded26c41913181306
Closes-Bug: 1624304
This change registers the configured S3 proxy with Keystone, so that
your cloud knows about the S3 endpoints.
Also includes an update to ensure that the s3token middleware
authenticates against the correct keystone endpoint.
Change-Id: I07d25df6332028a99e0bf79b39f998f84613a4fc