From f765f60e86ff2d8332d6599eb4006154544edcff Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Wed, 31 May 2017 10:17:35 +0000 Subject: [PATCH] Allow the simple Swift auth to work Incase we do *not* use keystone as an authentication mechanism, let the built-in authentication work with this charm. Without this change, the Swift authentication itself will work, but the X-Storage-URL header will point to the port the storage daemon listens on - which is not open in the firewall (70). This change instead forces the URL to be "the unit's public IP" with the default port (80), on which haproxy is listening, and will do the right thing. Change-Id: Ia2b12153eca3074392aad6dea6ee995990f15633 Signed-off-by: Christopher Glass --- hooks/ceph_radosgw_context.py | 11 +++++++++-- templates/ceph.conf | 4 +++- unit_tests/test_ceph_radosgw_context.py | 6 ++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/hooks/ceph_radosgw_context.py b/hooks/ceph_radosgw_context.py index 3ba6b781..ae6879e0 100644 --- a/hooks/ceph_radosgw_context.py +++ b/hooks/ceph_radosgw_context.py @@ -29,9 +29,10 @@ from charmhelpers.core.hookenv import ( WARNING, config, log, - relation_ids, related_units, relation_get, + relation_ids, + unit_public_ip, ) from charmhelpers.contrib.network.ip import ( format_ipv6_addr, @@ -175,7 +176,13 @@ class MonContext(context.CephContext): 'use_syslog': str(config('use-syslog')).lower(), 'loglevel': config('loglevel'), 'port': port, - 'ipv6': config('prefer-ipv6') + 'ipv6': config('prefer-ipv6'), + # The public unit IP is only used in case the authentication is + # *Not* keystone - in which case it is used to make sure the + # storage endpoint returned by the built-in auth is the HAproxy + # (since it defaults to the port the service runs on, and that is + # not available externally). ~tribaal + 'unit_public_ip': unit_public_ip(), } certs_path = '/var/lib/ceph/nss' diff --git a/templates/ceph.conf b/templates/ceph.conf index 392ec031..d89902e4 100644 --- a/templates/ceph.conf +++ b/templates/ceph.conf @@ -47,7 +47,9 @@ rgw s3 auth use keystone = true {% if cms -%} nss db path = /var/lib/ceph/nss {% endif %} -{% endif %} +{% else -%} +rgw swift url = http://{{ unit_public_ip }} +{% endif -%} {% if client_radosgw_gateway -%} # The following are user-provided options provided via the config-flags charm option. # User-provided [client.radosgw.gateway] section config diff --git a/unit_tests/test_ceph_radosgw_context.py b/unit_tests/test_ceph_radosgw_context.py index ec81ad31..f84fc692 100644 --- a/unit_tests/test_ceph_radosgw_context.py +++ b/unit_tests/test_ceph_radosgw_context.py @@ -28,6 +28,7 @@ TO_PATCH = [ 'related_units', 'cmp_pkgrevno', 'socket', + 'unit_public_ip', ] @@ -170,6 +171,7 @@ class MonContextTest(CharmTestCase): def setUp(self): super(MonContextTest, self).setUp(context, TO_PATCH) self.config.side_effect = self.test_config.get + self.unit_public_ip.return_value = '10.255.255.255' @patch.object(ceph, 'config', lambda *args: '{"client.radosgw.gateway": {"rgw init timeout": 60}}') @@ -193,6 +195,7 @@ class MonContextTest(CharmTestCase): 'hostname': 'testhost', 'mon_hosts': '10.5.4.1 10.5.4.2 10.5.4.3', 'old_auth': False, + 'unit_public_ip': '10.255.255.255', 'use_syslog': 'false', 'loglevel': 1, 'port': 70, @@ -231,6 +234,7 @@ class MonContextTest(CharmTestCase): 'hostname': 'testhost', 'mon_hosts': '10.5.4.1 10.5.4.2 10.5.4.3', 'old_auth': False, + 'unit_public_ip': '10.255.255.255', 'use_syslog': 'false', 'loglevel': 1, 'port': 70, @@ -278,6 +282,7 @@ class MonContextTest(CharmTestCase): 'hostname': 'testhost', 'mon_hosts': '10.5.4.1 10.5.4.2 10.5.4.3', 'old_auth': False, + 'unit_public_ip': '10.255.255.255', 'use_syslog': 'false', 'loglevel': 1, 'port': 70, @@ -307,6 +312,7 @@ class MonContextTest(CharmTestCase): 'hostname': 'testhost', 'mon_hosts': '10.5.4.1 10.5.4.2 10.5.4.3', 'old_auth': False, + 'unit_public_ip': '10.255.255.255', 'use_syslog': 'false', 'loglevel': 1, 'port': 70,