openstack
/
cookbook-openstack-object-storage
Code Issues Proposed changes

Merge "Use keystone as default authenication"

This commit is contained in:
Jenkins 2015-02-18 00:05:53 +00:00 committed by Gerrit Code Review
parent b4413254c9 cd4233aa55
commit 64fd0c9336
29 changed files with 203 additions and 438 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -2,6 +2,9 @@
This file is used to list changes made in each version of cookbook-openstack-object-storage.
## 10.1.0
* Use keystone as default authentication
## 10.0.0
* Upgrading to Juno
* Upgrading berkshelf from 2.0.18 to 3.1.5

60
README.md
View File

@ -11,31 +11,31 @@ Requirements
Clients
--------
* CentOS >= 6.3
* Ubuntu >= 12.04
* CentOS >= 7
* Ubuntu >= 14.04
Chef
---------
* 11.4.4
* 12
Cookbooks
---------
Dependent Cookbooks
-------------------
* openstack-common
* openstack-identity
* memcached
* statsd
* apt
Roles
=====
* swift-account-server - storage node for account data
* swift-container-server - storage node for container data
* swift-object-server - storage node for object server
* swift-proxy-server - proxy for swift storge nodes
* swift-setup - server responsible for generating initial settings
* swift-management-server - responsible for ring generation
* swift-object-server - storage node for object server
* swift-proxy-server - proxy for swift storage nodes
* swift-setup - server responsible for generating initial settings
The swift-management-server role performs the following functions:
@ -44,7 +44,7 @@ The swift-management-server role performs the following functions:
* generally always has the swift-setup role too
* there can only be _one_ swift-management-server
There *must* be node with the the swift-managment-server role to act
There *must* be a node with the the swift-management-server role to act
as the ring repository.
In small environments, it is likely that all storage machines will
@ -56,7 +56,7 @@ swift-{account,container,object}-server roles, and there will be
dedicated hosts with the swift-proxy-server role.
In really really huge environments, it's possible that the storage
node will be split into swift-{container,accout}-server nodes and
node will be split into swift-{container,account}-server nodes and
swift-object-server nodes.
Recipes
@ -69,7 +69,7 @@ client
Attributes
==========
* ```default[:swift][:authmode]``` - "swauth" or "keystone" (default "swauth"). Right now, only swauth is supported (defaults to swauth)
* ```default[:swift][:authmode]``` - "swauth" or "keystone" (default "keystone").
* ```default[:swift][:swauth_source]``` - "git" or "package"(default). Selects between installing python-swauth from git or system package
@ -82,7 +82,7 @@ Attributes
* ```default[:swift][:audit_hour]``` - Hour to run swift_auditor on storage nodes (defaults to 5)
* ```default[:swift][:disk_enum_expr]``` - Eval-able expression that lists
candidate disk nodes for disk probing. The result shoule be a hash
candidate disk nodes for disk probing. The result should be a hash
with keys being the device name (without the leading "/dev/") and a
hash block of any extra info associated with the device. For
example: { "sdc" => { "model": "Hitachi 7K3000" }}. Largely,
@ -98,7 +98,7 @@ Attributes
* ```default[:swift][:ring][:replicas]``` - how many replicas swift should retain (defaults to 3)
* ```default[:swift][:disk_test_filter]``` - an array of expressions that must
all be true in order a block deviced to be considered for
all be true in order a block device to be considered for
formatting and inclusion in the cluster. Each rule gets evaluated
with "candidate" set to the device name (without the leading
"/dev/") and info set to the node hash value. Default rules:
@ -219,34 +219,6 @@ Example environment
This sets up defaults for a swauth-based cluster with the storage
network on 10.0.0.0/24.
Example all-in-one
--------------------------
Example all-in-one storage node config (note there should only ever be
one node with the swift-setup and swift-management roles)
```json
{
"id": "storage1",
"name": "storage1",
"json_class": "Chef::Node",
"run_list": [
"role[swift-setup]",
"role[swift-management-server]",
"role[swift-account-server]",
"role[swift-object-server]",
"role[swift-container-server]",
"role[swift-proxy-server]"
],
"chef_environment": "development",
"normal": {
"swift": {
"zone": "1"
}
}
}
```
Standalone Storage Server
-------------------------
@ -277,7 +249,7 @@ Testing
Please refer to the [TESTING.md](TESTING.md) for instructions for testing the cookbook.
Berkshelf
=====
=========
Berks will resolve version requirements and dependencies on first run and
store these in Berksfile.lock. If new cookbooks become available you can run
@ -300,7 +272,7 @@ License and Author
| | |
| **Copyright** | Copyright (c) 2013, AT&T, Inc. |
| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. |
| **Copyright** | Copyright (c) 2013, IBM, Corp. |
| **Copyright** | Copyright (c) 2013-2015 IBM, Corp. |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

64
attributes/default.rb
View File

@ -22,6 +22,11 @@ default['openstack']['object-storage']['service_tenant_name'] = 'service'
default['openstack']['object-storage']['service_user'] = 'swift'
default['openstack']['object-storage']['service_role'] = 'admin'
# Default swift user
default['openstack']['object-storage']['user'] = 'swift'
# Default swift group
default['openstack']['object-storage']['group'] = 'swift'
default['openstack']['compute']['region'] = node['openstack']['region']
# Set to some text value if you want templated config files
@ -133,11 +138,16 @@ default['openstack']['object-storage']['container_server_chef_role'] = 'swift-c
# authentication
#--------------------
default['openstack']['object-storage']['authmode'] = 'swauth'
# Authenitcation mode, either keystone or swauth
default['openstack']['object-storage']['authmode'] = 'keystone'
default['openstack']['object-storage']['authkey'] = nil
default['openstack']['object-storage']['swift_url'] = 'http://127.0.0.1:8080/v1/'
default['openstack']['object-storage']['swauth_url'] = 'http://127.0.0.1:8080/v1/'
default['openstack']['object-storage']['auth_url'] = 'http://127.0.0.1:8080/auth/v1.0'
# Keystone version
default['openstack']['object-storage']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
# Keystone PKI signing directory
default['openstack']['object-storage']['api']['auth']['cache_dir'] = '/var/cache/swift/api'
#---------------------
# dispersion settings
@ -156,7 +166,8 @@ default['openstack']['object-storage']['ring']['replicas'] = 3
#------------------
# statistics
#------------------
default['openstack']['object-storage']['statistics']['enabled'] = true
# Current statsd cookbook is not supported on rhel platforms
default['openstack']['object-storage']['statistics']['enabled'] = platform_family?('debian')
default['openstack']['object-storage']['statistics']['sample_rate'] = 1
# there are two ways to discover your graphite server ip for
@ -440,8 +451,8 @@ default['openstack']['object-storage']['swauth_version'] = '1.0.8'
#------------------
# Leveling between distros
case platform
when 'redhat'
case platform_family
when 'rhel'
default['openstack']['object-storage']['platform'] = {
'disk_format' => 'ext4',
'proxy_packages' => %w{openstack-swift-proxy sudo cronie python-memcached},
@ -461,50 +472,7 @@ when 'redhat'
'override_options' => '',
'swift_statsd_publish' => '/usr/bin/swift-statsd-publish.py'
}
#
# python-iso8601 is a missing dependency for swift.
# https://bugzilla.redhat.com/show_bug.cgi?id=875948
when 'centos'
default['openstack']['object-storage']['platform'] = {
'disk_format' => 'xfs',
'proxy_packages' => %w{openstack-swift-proxy sudo cronie python-iso8601 python-memcached},
'object_packages' => %w{openstack-swift-object sudo cronie python-iso8601},
'container_packages' => %w{openstack-swift-container sudo cronie python-iso8601},
'account_packages' => %w{openstack-swift-account sudo cronie python-iso8601},
'swift_packages' => %w{openstack-swift sudo cronie python-iso8601},
'swift_client_packages' => ['python-swiftclient'],
'swauth_packages' => %w{openstack-swauth sudo cronie python-iso8601},
'rsync_packages' => ['rsync'],
'git_packages' => ['xinetd', 'git', 'git-daemon'],
'service_prefix' => 'openstack-',
'service_suffix' => '',
'git_dir' => '/var/lib/git',
'git_service' => 'git',
'service_provider' => Chef::Provider::Service::Redhat,
'override_options' => '',
'swift_statsd_publish' => '/usr/bin/swift-statsd-publish.py'
}
when 'fedora'
default['openstack']['object-storage']['platform'] = {
'disk_format' => 'xfs',
'proxy_packages' => ['openstack-swift-proxy', 'python-memcached'],
'object_packages' => ['openstack-swift-object'],
'container_packages' => ['openstack-swift-container'],
'account_packages' => ['openstack-swift-account'],
'swift_packages' => ['openstack-swift'],
'swift_client_packages' => ['python-swiftclient'],
'swauth_packages' => ['openstack-swauth'],
'rsync_packages' => ['rsync'],
'git_packages' => ['git', 'git-daemon'],
'service_prefix' => 'openstack-',
'service_suffix' => '.service',
'git_dir' => '/var/lib/git',
'git_service' => 'git',
'service_provider' => Chef::Provider::Service::Systemd,
'override_options' => '',
'swift_statsd_publish' => '/usr/bin/swift-statsd-publish.py'
}
when 'ubuntu'
when 'debian'
default['openstack']['object-storage']['platform'] = {
'disk_format' => 'xfs',
'proxy_packages' => ['swift-proxy', 'python-memcache'],

11
files/default/rsync.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=Rsync Server
After=local-fs.target
[Service]
Type=forking
ExecStart=/usr/bin/rsync --daemon
PIDFile=/var/run/rsyncd.pid
[Install]
WantedBy=multi-user.target

19
files/default/swift-container-sync.conf.upstart
View File

@ -1,19 +0,0 @@
# swift-container-sync - SWIFT Container Sync
#
# The swift container sync.
description "SWIFT Container Sync"
author "Sergio Rubio <rubiojr@bvox.net>"
start on runlevel [2345]
stop on runlevel [016]
pre-start script
if [ -f "/etc/swift/container-server.conf" ]; then
exec /usr/bin/swift-init container-sync start
else
exit 1
fi
end script
post-stop exec /usr/bin/swift-init container-sync stop

5
metadata.rb
View File

@ -4,16 +4,17 @@ maintainer_email 'opscode-chef-openstack@googlegroups.com'
license 'Apache 2.0'
description 'Installs and configures Openstack Swift'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '10.0.0'
version '10.1.0'
recipe 'openstack-object-storage::account-server', 'Installs the swift account server'
recipe 'openstack-object-storage::client', 'Install the swift client'
recipe 'openstack-object-storage::container-server', 'Installs the swift container server'
recipe 'openstack-object-storage::management-server', 'Installs the swift management server'
recipe 'openstack-object-storage::object-server', 'Installs the swift object server'
recipe 'openstack-object-storage::proxy-server', 'Installs the swift proxy server'
recipe 'openstack-object-storage::setup', 'Does initial setup of a swift cluster'
%w{ centos ubuntu }.each do |os|
%w{ centos ubuntu redhat }.each do |os|
supports os
end

12
providers/mounts.rb
View File

@ -56,8 +56,8 @@ action :ensure_exists do
# make sure we have a "path"
Directory(path) do
group 'swift'
owner 'swift'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
recursive true
end.run_action(:create)
@ -113,8 +113,8 @@ action :ensure_exists do
mount_path = "#{path}/#{info['mountpoint']}"
Directory(mount_path) do
group 'swift'
owner 'swift'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
recursive true
end.run_action(:create)
@ -122,8 +122,8 @@ action :ensure_exists do
when 'ext4'
mount_options = 'noatime,nodiratime,nobarrier,user_xattr'
when 'xfs'
case node['platform']
when 'ubuntu', 'debian'
case node['platform_family']
when 'debian'
mount_options = 'noatime,nodiratime,nobarrier,logbufs=8,nobootwait'
else
mount_options = 'noatime,nodiratime,nobarrier,logbufs=8'

43
recipes/account-server.rb
View File

@ -31,43 +31,6 @@ platform_options['account_packages'].each.each do |pkg|
end
end
# epel/f-17 missing init scripts for the non-major services.
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
%w{auditor reaper replicator}.each do |svc|
template "/etc/systemd/system/openstack-swift-account-#{svc}.service" do
owner 'root'
group 'root'
mode '0644'
source 'simple-systemd-config.erb'
variables(
description: 'OpenStack Object Storage (swift) - ' +
"Account #{svc.capitalize}",
user: 'swift',
exec: "/usr/bin/swift-account-#{svc} " +
'/etc/swift/account-server.conf'
)
only_if { platform?('fedora') }
end
end
# TODO(breu): track against upstream epel packages to determine if this
# is still necessary
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
%w{auditor reaper replicator}.each do |svc|
template "/etc/init.d/openstack-swift-account-#{svc}" do
owner 'root'
group 'root'
mode '0755'
source 'simple-redhat-init-config.erb'
variables(
description: 'OpenStack Object Storage (swift) - ' +
"Account #{svc.capitalize}",
exec: "account-#{svc}"
)
only_if { platform?(%w{redhat centos}) }
end
end
%w{swift-account swift-account-auditor swift-account-reaper swift-account-replicator}.each do |svc|
service_name = platform_options['service_prefix'] + svc + platform_options['service_suffix']
service svc do
@ -82,9 +45,9 @@ end
# create account server template
template '/etc/swift/account-server.conf' do
source 'account-server.conf.erb'
owner 'swift'
group 'swift'
mode 0600
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
variables(
'bind_ip' => node['openstack']['object-storage']['network']['account-bind-ip'],
'bind_port' => node['openstack']['object-storage']['network']['account-bind-port']

24
recipes/common.rb
View File

@ -71,10 +71,9 @@ end
directory '/etc/swift' do
action :create
owner 'swift'
group 'swift'
mode 0700
only_if '/usr/bin/id swift'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00700
end
# determine hash
@ -91,21 +90,19 @@ end
template '/etc/swift/swift.conf' do
source 'swift.conf.erb'
owner 'swift'
group 'swift'
mode 0700
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
variables(
swift_hash_path_prefix: swift_hash_path_prefix,
swift_hash_path_suffix: swift_hash_path_suffix
)
only_if '/usr/bin/id swift'
end
# need a swift user
user 'swift' do
user node['openstack']['object-storage']['user'] do
shell '/bin/bash'
action :modify
only_if '/usr/bin/id swift'
end
package 'git' do
@ -118,14 +115,13 @@ end
git_builder_ip = node['openstack']['object-storage']['git_builder_ip']
template '/etc/swift/pull-rings.sh' do
source 'pull-rings.sh.erb'
owner 'swift'
group 'swift'
mode 0700
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00700
variables(
builder_ip: git_builder_ip,
service_prefix: platform_options['service_prefix']
)
only_if '/usr/bin/id swift'
end
execute '/etc/swift/pull-rings.sh' do

60
recipes/container-server.rb
View File

@ -31,43 +31,6 @@ platform_options['container_packages'].each do |pkg|
end
end
# epel/f-17 missing init scripts for the non-major services.
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
%w{auditor updater replicator}.each do |svc|
template "/etc/systemd/system/openstack-swift-container-#{svc}.service" do
owner 'root'
group 'root'
mode '0644'
source 'simple-systemd-config.erb'
variables(
description: 'OpenStack Object Storage (swift) - ' +
"Container #{svc.capitalize}",
user: 'swift',
exec: "/usr/bin/swift-container-#{svc} " +
'/etc/swift/container-server.conf'
)
only_if { platform?('fedora') }
end
end
# TODO(breu): track against upstream epel packages to determine if this
# is still necessary
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
%w{auditor updater replicator}.each do |svc|
template "/etc/init.d/openstack-swift-container-#{svc}" do
owner 'root'
group 'root'
mode '0755'
source 'simple-redhat-init-config.erb'
variables(
description: 'OpenStack Object Storage (swift) - ' +
"Container #{svc.capitalize}",
exec: "container-#{svc}"
)
only_if { platform?('redhat', 'centos') }
end
end
%w{swift-container swift-container-auditor swift-container-replicator swift-container-updater}.each do |svc|
service_name = platform_options['service_prefix'] + svc + platform_options['service_suffix']
@ -82,9 +45,9 @@ end
template '/etc/swift/container-server.conf' do
source 'container-server.conf.erb'
owner 'swift'
group 'swift'
mode 0600
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
variables(
'bind_ip' => node['openstack']['object-storage']['network']['container-bind-ip'],
'bind_port' => node['openstack']['object-storage']['network']['container-bind-port']
@ -96,23 +59,6 @@ template '/etc/swift/container-server.conf' do
notifies :restart, 'service[swift-container-auditor]', :immediately
end
# Ubuntu 12.04 packages are missing the swift-container-sync service scripts
# See https://bugs.launchpad.net/cloud-archive/+bug/1250171
if platform?('ubuntu')
cookbook_file '/etc/init/swift-container-sync.conf' do
owner 'root'
group 'root'
mode 0755
source 'swift-container-sync.conf.upstart'
action :create
not_if '[ -e /etc/init/swift-container-sync.conf ]'
end
link '/etc/init.d/swift-container-sync' do
to '/lib/init/upstart-job'
not_if '[ -e /etc/init.d/swift-container-sync ]'
end
end
service_name = platform_options['service_prefix'] + 'swift-container-sync' + platform_options['service_suffix']
unless node['openstack']['object-storage']['container-server']['allowed_sync_hosts'] == []
service 'swift-container-sync' do

2
recipes/disks.rb
View File

@ -30,7 +30,6 @@ platform_options = node['openstack']['object-storage']['platform']
package 'xfsprogs' do
options platform_options['package_overrides']
action :upgrade
only_if { platform?(%w{ubuntu debian fedora centos}) }
end
%w(parted util-linux).each do |pkg|
@ -44,6 +43,7 @@ disk_enum_expr = node['openstack']['object-storage']['disk_enum_expr']
disk_test_filter = node['openstack']['object-storage']['disk_test_filter']
disks = locate_disks(disk_enum_expr, disk_test_filter)
Chef::Log.info("Located disks: #{disks}")
disks.each do |disk|
openstack_object_storage_disk "/dev/#{disk}" do

8
recipes/management-server.rb
View File

@ -73,7 +73,7 @@ if node['openstack']['object-storage']['statistics']['enabled']
source 'swift-statsd-publish.py.erb'
owner 'root'
group 'root'
mode 0755
mode 00755
end
cron 'cron_swift_statsd_publish' do
command "#{platform_options['swift_statsd_publish']} > /dev/null 2>&1"
@ -83,9 +83,9 @@ end
template '/etc/swift/dispersion.conf' do
source 'dispersion.conf.erb'
owner 'swift'
group 'swift'
mode 0600
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
variables(
'auth_url' => node['openstack']['object-storage']['auth_url'],
'auth_user' => auth_user,

47
recipes/object-server.rb
View File

@ -27,44 +27,7 @@ platform_options = node['openstack']['object-storage']['platform']
platform_options['object_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['override_options'] # retain configs
end
end
# epel/f-17 missing init scripts for the non-major services.
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
%w{auditor updater replicator}.each do |svc|
template "/etc/systemd/system/openstack-swift-object-#{svc}.service" do
owner 'root'
group 'root'
mode '0644'
source 'simple-systemd-config.erb'
variables(
description: 'OpenStack Object Storage (swift) - ' +
"Object #{svc.capitalize}",
user: 'swift',
exec: "/usr/bin/swift-object-#{svc} " +
'/etc/swift/object-server.conf'
)
only_if { platform?('fedora') }
end
end
# TODO(breu): track against upstream epel packages to determine if this
# is still necessary
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
%w{auditor updater replicator}.each do |svc|
template "/etc/init.d/openstack-swift-object-#{svc}" do
owner 'root'
group 'root'
mode '0755'
source 'simple-redhat-init-config.erb'
variables(
description: 'OpenStack Object Storage (swift) - ' +
"Object #{svc.capitalize}",
exec: "object-#{svc}"
)
only_if { platform?('redhat', 'centos') }
options platform_options['override_options']
end
end
@ -85,9 +48,9 @@ end
template '/etc/swift/object-server.conf' do
source 'object-server.conf.erb'
owner 'swift'
group 'swift'
mode 0600
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
variables(
'bind_ip' => node['openstack']['object-storage']['network']['object-bind-ip'],
'bind_port' => node['openstack']['object-storage']['network']['object-bind-port']
@ -102,5 +65,5 @@ end
cron 'swift-recon' do
minute '*/5'
command 'swift-recon-cron /etc/swift/object-server.conf'
user 'swift'
user node['openstack']['object-storage']['user']
end

33
recipes/proxy-server.rb
View File

@ -49,7 +49,8 @@ platform_options['proxy_packages'].each do |pkg|
end
end
if node['openstack']['object-storage']['authmode'] == 'swauth'
case node['openstack']['object-storage']['authmode']
when 'swauth'
case node['openstack']['object-storage']['swauth_source']
when 'package'
platform_options['swauth_packages'].each do |pkg|
@ -75,6 +76,15 @@ if node['openstack']['object-storage']['authmode'] == 'swauth'
environment 'PREFIX' => '/usr/local'
end
end
when 'keystone'
package 'python-keystoneclient' do
action :upgrade
end
identity_endpoint = endpoint 'identity-api'
identity_admin_endpoint = endpoint 'identity-admin'
service_pass = get_password 'service', 'openstack-object-storage'
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['object-storage']['api']['auth']['version']
end
package 'python-swift-informant' do
@ -82,20 +92,14 @@ package 'python-swift-informant' do
only_if { node['openstack']['object-storage']['use_informant'] }
end
package 'python-keystoneclient' do
action :upgrade
only_if { node['openstack']['object-storage']['authmode'] == 'keystone' }
end
directory '/var/cache/swift' do
owner 'swift'
group 'swift'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00700
end
swift_proxy_service = platform_options['service_prefix'] + 'swift-proxy' + platform_options['service_suffix']
service 'swift-proxy' do
# openstack-swift-proxy.service on fedora-17, swift-proxy on ubuntu
service_name swift_proxy_service
provider platform_options['service_provider']
supports status: true, restart: true
@ -139,15 +143,18 @@ proxy_api_bind_host = proxy_api_bind.host if proxy_api_bind_host.nil?
# create proxy config file
template '/etc/swift/proxy-server.conf' do
source 'proxy-server.conf.erb'
owner 'swift'
group 'swift'
mode 0600
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
variables(
'authmode' => node['openstack']['object-storage']['authmode'],
'bind_host' => proxy_api_bind_host,
'bind_port' => proxy_api_bind_port,
'authkey' => authkey,
'memcache_servers' => memcache_servers
'memcache_servers' => memcache_servers,
'auth_uri' => auth_uri,
'identity_admin_endpoint' => identity_admin_endpoint,
'service_pass' => service_pass
)
notifies :restart, 'service[swift-proxy]', :immediately
end

59
recipes/ring-repo.rb
View File

@ -37,22 +37,22 @@ end
service 'xinetd' do
supports status: false, restart: true
action [:enable, :start]
only_if { platform?('centos', 'redhat', 'fedora') }
only_if { platform_family?('rhel') }
end
execute 'create empty git repo' do
cwd '/tmp'
umask 022
command "mkdir $$; cd $$; git init; echo \"backups\" \> .gitignore; #{git_config_email} ; #{git_config_name} ; git add .gitignore; git commit -m 'initial commit' --author='chef <chef@openstack>'; git push file:///#{platform_options["git_dir"]}/rings master"
user 'swift'
user node['openstack']['object-storage']['user']
action :nothing
end
directory 'git-directory' do
path "#{platform_options["git_dir"]}/rings"
owner 'swift'
group 'swift'
mode '0755'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00755
recursive true
action :create
end
@ -60,37 +60,20 @@ end
execute 'initialize git repo' do
cwd "#{platform_options["git_dir"]}/rings"
umask 022
user 'swift'
user node['openstack']['object-storage']['user']
command 'git init --bare && touch git-daemon-export-ok'
creates "#{platform_options["git_dir"]}/rings/config"
action :run
notifies :run, 'execute[create empty git repo]', :immediately
end
# epel/f-17 missing systemd-ified inits
# https://bugzilla.redhat.com/show_bug.cgi?id=737183
template '/etc/systemd/system/git.service' do
owner 'root'
group 'root'
mode '0644'
source 'simple-systemd-config.erb'
variables(
description: 'Git daemon service',
user: 'nobody',
exec: '/usr/libexec/git-core/git-daemon ' \
'--base-path=/var/lib/git --export-all --user-path=public_git' \
'--syslog --verbose'
)
only_if { platform?('fedora') }
end
case node['platform']
when 'centos', 'redhat', 'fedora'
case node['platform_family']
when 'rhel'
service 'git-daemon' do
service_name platform_options['git_service']
action [:enable]
end
when 'ubuntu', 'debian'
when 'debian'
service 'git-daemon' do
service_name platform_options['git_service']
action [:enable, :start]
@ -100,24 +83,24 @@ end
cookbook_file '/etc/default/git-daemon' do
owner 'root'
group 'root'
mode '644'
mode 00644
source 'git-daemon.default'
action :create
notifies :restart, 'service[git-daemon]', :immediately
not_if { platform?('fedora', 'centos', 'redhat') }
not_if { platform_family?('rhel') }
end
directory '/etc/swift/ring-workspace' do
owner 'swift'
group 'swift'
mode '0755'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00755
action :create
end
execute 'checkout-rings' do
cwd '/etc/swift/ring-workspace'
command "git clone file://#{platform_options["git_dir"]}/rings"
user 'swift'
user node['openstack']['object-storage']['user']
creates '/etc/swift/ring-workspace/rings'
end
@ -132,14 +115,14 @@ end
execute "add #{ring_type}.builder" do
cwd '/etc/swift/ring-workspace/rings'
command "git add #{ring_type}.builder && #{git_config_email} ; #{git_config_name} && git commit -m 'initial ring builders' --author='chef <chef@openstack>'"
user 'swift'
user node['openstack']['object-storage']['user']
action :nothing
end
execute "create #{ring_type} builder" do
cwd '/etc/swift/ring-workspace/rings'
command "swift-ring-builder #{ring_type}.builder create #{part_power} #{replicas} #{min_part_hours}"
user 'swift'
user node['openstack']['object-storage']['user']
creates "/etc/swift/ring-workspace/rings/#{ring_type}.builder"
notifies :run, "execute[add #{ring_type}.builder]", :immediate
end
@ -148,7 +131,7 @@ end
bash 'rebuild-rings' do
action :nothing
cwd '/etc/swift/ring-workspace/rings'
user 'swift'
user node['openstack']['object-storage']['user']
code <<-EOF
set -x
@ -178,9 +161,9 @@ bash 'rebuild-rings' do
end
openstack_object_storage_ring_script '/etc/swift/ring-workspace/generate-rings.sh' do
owner 'swift'
group 'swift'
mode '0700'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00700
ring_path '/etc/swift/ring-workspace/rings'
action :ensure_exists
notifies :run, 'bash[rebuild-rings]', :immediate

25
recipes/rsync.rb
View File

@ -27,29 +27,19 @@ platform_options['rsync_packages'].each do |pkg|
end
end
# epel/f-17 broken: https://bugzilla.redhat.com/show_bug.cgi?id=737710
cookbook_file '/etc/systemd/system/rsync.service' do
owner 'root'
group 'root'
mode '0644'
source 'rsync.service'
action :create
only_if { platform?('fedora') }
end
# rhel based systems install rsync and run it with rsync. We don't want to do that
cookbook_file '/etc/init.d/rsyncd' do
owner 'root'
group 'root'
mode '0755'
mode 00755
source 'rsync.init'
action :create
only_if { platform?('centos', 'redhat', 'scientific') }
only_if { platform_family?('rhel') }
end
# FIXME: chicken and egg
case node['platform']
when 'centos', 'redhat', 'fedora'
case node['platform_family']
when 'rhel'
# enable rsyncd
rsync_servicename = 'rsyncd'
service 'rsyncd' do
@ -62,7 +52,7 @@ when 'centos', 'redhat', 'fedora'
supports status: false, restart: false, start: false, stop: false
action [:disable]
end
when 'ubuntu', 'debian'
when 'debian'
rsync_servicename = 'rsync'
service 'rsync' do
supports status: false, restart: true
@ -73,7 +63,7 @@ end
template '/etc/rsyncd.conf' do
source 'rsyncd.conf.erb'
mode 0644
mode 00644
notifies :restart, "service[#{rsync_servicename}]", :immediately
end
@ -82,6 +72,5 @@ execute 'enable rsync' do
only_if "grep -q 'RSYNC_ENABLE=false' /etc/default/rsync"
notifies :restart, 'service[rsync]', :immediately
action :run
# TODO(chrislaco) Convert these to platform_family?
not_if { platform?('fedora', 'centos', 'redhat', 'scientific') }
not_if { platform_family?('rhel') }
end

10
recipes/storage-common.rb
View File

@ -22,9 +22,9 @@ include_recipe 'openstack-object-storage::rsync'
template '/etc/swift/drive-audit.conf' do
source 'drive-audit.conf.erb'
owner 'swift'
group 'swift'
mode 0600
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
mode 00600
end
cron 'drive-audit' do
@ -34,8 +34,8 @@ cron 'drive-audit' do
end
directory '/var/cache/swift' do
group 'swift'
owner 'swift'
owner node['openstack']['object-storage']['user']
group node['openstack']['object-storage']['group']
recursive true
action :create
mode 00700

2
resources/ring_script.rb
View File

@ -38,5 +38,5 @@ end
attribute :name, kind_of: String
attribute :owner, kind_of: String, default: 'root'
attribute :group, kind_of: String, default: 'root'
attribute :mode, kind_of: String, default: '0600'
attribute :mode, kind_of: Integer, default: 00600
attribute :ring_path, kind_of: String, default: '/etc/swift'

2
spec/account_spec.rb
View File

@ -45,7 +45,7 @@ describe 'openstack-object-storage::account-server' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end

8
spec/common_spec.rb
View File

@ -38,7 +38,7 @@ describe 'openstack-object-storage::common' do
expect(chef_run).to create_template(file.name).with(
user: 'root',
group: 'root',
mode: 0644
mode: 00644
)
end
@ -69,7 +69,7 @@ describe 'openstack-object-storage::common' do
expect(chef_run).to create_directory(dir.name).with(
user: 'swift',
group: 'swift',
mode: 0700
mode: 00700
)
end
end
@ -85,7 +85,7 @@ describe 'openstack-object-storage::common' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0700
mode: 00600
)
end
@ -132,7 +132,7 @@ describe 'openstack-object-storage::common' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0700
mode: 00700
)
end

21
spec/container_spec.rb
View File

@ -41,7 +41,7 @@ describe 'openstack-object-storage::container-server' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end
@ -60,23 +60,6 @@ describe 'openstack-object-storage::container-server' do
end
end
describe 'container sync' do
let(:file) { chef_run.cookbook_file('/etc/init/swift-container-sync.conf') }
let(:link) { chef_run.link('/etc/init.d/swift-container-sync') }
it 'creates /etc/init/swift-container-sync.conf' do
expect(chef_run).to create_cookbook_file(file.name).with(
user: 'root',
group: 'root',
mode: 0755
)
end
it 'creates /etc/init.d/swift-container-sync' do
expect(chef_run).to create_link(link.name)
end
end
describe '/etc/swift/container-server.conf' do
let(:file) { chef_run.template('/etc/swift/container-server.conf') }
@ -84,7 +67,7 @@ describe 'openstack-object-storage::container-server' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end

8
spec/management_spec.rb
View File

@ -11,8 +11,8 @@ describe 'openstack-object-storage::management-server' do
include_context 'swift-stubs'
it 'upgrades swift swauth package' do
expect(chef_run).to upgrade_package 'swauth'
it 'does not upgrade swauth package' do
expect(chef_run).not_to upgrade_package 'swauth'
end
describe '/etc/swift/dispersion.conf' do
@ -26,7 +26,7 @@ describe 'openstack-object-storage::management-server' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end
@ -127,7 +127,7 @@ describe 'openstack-object-storage::management-server' do
expect(chef_run).to create_template(file.name).with(
user: 'root',
group: 'root',
mode: 0755
mode: 00755
)
end

2
spec/object_spec.rb
View File

@ -47,7 +47,7 @@ describe 'openstack-object-storage::object-server' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end

43
spec/proxy_spec.rb
View File

@ -22,8 +22,8 @@ describe 'openstack-object-storage::proxy-server' do
expect(chef_run).to upgrade_package('swift-proxy')
end
it 'upgrades swauth package if swauth is selected' do
expect(chef_run).to upgrade_package('swauth')
it 'does not upgrade swauth package' do
expect(chef_run).not_to upgrade_package('swauth')
end
it 'starts swift-proxy on boot' do
@ -41,7 +41,7 @@ describe 'openstack-object-storage::proxy-server' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end
@ -50,9 +50,8 @@ describe 'openstack-object-storage::proxy-server' do
it 'has default contents' do
array = [
/^pipeline = catch_errors healthcheck cache ratelimit swauth proxy-logging proxy-server$/,
/^workers = auto$/,
/^super_admin_key = swift_authkey-secret$/
/^pipeline = catch_errors healthcheck cache ratelimit authtoken keystoneauth proxy-logging proxy-server$/,
/^workers = auto$/
]
array.each do |content|
expect(chef_run).to render_file(file.name).with_content(content)
@ -60,12 +59,7 @@ describe 'openstack-object-storage::proxy-server' do
end
it 'uses default attribute value for authmode' do
expect(chef_run.node['openstack']['object-storage']['authmode']).to eq('swauth')
end
it 'has auth key override' do
node.set['openstack']['object-storage']['authkey'] = '1234'
expect(chef_run).to render_file(file.name).with_content(/^super_admin_key = 1234$/)
expect(chef_run.node['openstack']['object-storage']['authmode']).to eq('keystone')
end
%w(tempurl formpost domain_remap staticweb).each do |attr|
@ -200,7 +194,6 @@ describe 'openstack-object-storage::proxy-server' do
end
it 'includes keystone related items when authmode is keystone' do
node.set['openstack']['object-storage']['authmode'] = 'keystone'
expect(chef_run).to render_file(file.name).with_content(/^pipeline = .*authtoken keystoneauth.*$/)
end
@ -221,7 +214,6 @@ describe 'openstack-object-storage::proxy-server' do
end
it 'sets account_autocreate when authmode is keystone' do
node.set['openstack']['object-storage']['authmode'] = 'keystone'
expect(chef_run).to render_file(file.name).with_content(/^account_autocreate = true$/)
end
@ -235,6 +227,11 @@ describe 'openstack-object-storage::proxy-server' do
node.set['openstack']['object-storage']['authmode'] = 'swauth'
end
it 'has auth key override' do
node.set['openstack']['object-storage']['authkey'] = '1234'
expect(chef_run).to render_file(file.name).with_content(/^super_admin_key = 1234$/)
end
it 'sets allow_account_management attribute when authmode is swauth' do
expect(chef_run).to render_file(file.name).with_content(/^allow_account_management = true$/)
end
@ -290,6 +287,24 @@ describe 'openstack-object-storage::proxy-server' do
end
end
context 'authtoken enabled' do
{ 'paste.filter_factory' => 'keystoneclient.middleware.auth_token:filter_factory',
'auth_uri' => 'http://127.0.0.1:5000/v2.0',
'auth_host' => '127.0.0.1',
'auth_port' => '35357',
'auth_protocol' => 'http',
'auth_version' => 'v2.0',
'admin_tenant_name' => 'service',
'admin_user' => 'swift',
'admin_password' => 'swift-pass',
'signing_dir' => '/var/cache/swift/api'
}.each do |k, v|
it "sets the default for #{k}" do
expect(chef_run).to render_config_file(file.name).with_section_content('filter:authtoken', /^#{Regexp.quote("#{k} = #{v}")}$/)
end
end
end
it 'sets the memcache_servers attribute' do
expect(chef_run).to render_file(file.name).with_content(/^memcache_servers = 127.0.0.1:11211$/)
end

2
spec/rsync_spec.rb
View File

@ -30,7 +30,7 @@ describe 'openstack-object-storage::rsync' do
it 'creates /etc/rsyncd.conf' do
expect(chef_run).to create_template(file.name).with(
mode: 0644
mode: 00644
)
end

2
spec/setup_spec.rb
View File

@ -13,11 +13,11 @@ describe 'openstack-object-storage::setup' do
include_examples 'keystone-authmode'
it 'does not include the identity registration recipe' do
node.set['openstack']['object-storage']['authmode'] = 'swauth'
expect(chef_run).not_to include_recipe('openstack-object-storage::identity_registration')
end
it 'includes the identity registration recipe' do
node.set['openstack']['object-storage']['authmode'] = 'keystone'
expect(chef_run).to include_recipe('openstack-object-storage::identity_registration')
end

12
spec/spec_helper.rb
View File

@ -97,16 +97,8 @@ end
shared_examples 'keystone-authmode' do
describe 'authorization mode' do
# Default is to use authorization mode of swauth which does not require keystone client.
it 'does not upgrade keystoneclient package' do
expect(chef_run).not_to upgrade_package('python-keystoneclient')
end
describe 'keystone authorization mode' do
before { node.set['openstack']['object-storage']['authmode'] = 'keystone' }
it 'does upgrade keystoneclient package' do
expect(chef_run).to upgrade_package('python-keystoneclient')
end
it 'does upgrade keystoneclient package' do
expect(chef_run).to upgrade_package('python-keystoneclient')
end
end
end

4
spec/storage-common_spec.rb
View File

@ -18,7 +18,7 @@ describe 'openstack-object-storage::storage-common' do
expect(chef_run).to create_directory(dir.name).with(
user: 'swift',
group: 'swift',
mode: 0700
mode: 00700
)
end
end
@ -34,7 +34,7 @@ describe 'openstack-object-storage::storage-common' do
expect(chef_run).to create_template(file.name).with(
user: 'swift',
group: 'swift',
mode: 0600
mode: 00600
)
end

50
templates/default/proxy-server.conf.erb
View File

@ -6,31 +6,31 @@ pipeline = []
# the pipeline ordering is important and certain inclusions
# must either preceed or follow the selected auth module
if (node['openstack']['object-storage']['authmode'] == "swauth" and node['openstack']['object-storage']['tempurl']['enabled'] == true)
pipeline << "tempurl"
if (node['openstack']['object-storage']['authmode'] == 'swauth' and node['openstack']['object-storage']['tempurl']['enabled'] == true)
pipeline << 'tempurl'
end
if node['openstack']['object-storage']['domain_remap']['enabled']
pipeline << "domain_remap"
pipeline << 'domain_remap'
end
if node['openstack']['object-storage']['formpost']['enabled']
pipeline << "formpost"
pipeline << 'formpost'
end
case @authmode
when "keystone"
pipeline << "authtoken"
pipeline << "keystoneauth"
when "swauth"
pipeline << "swauth"
when 'keystone'
pipeline << 'authtoken'
pipeline << 'keystoneauth'
when 'swauth'
pipeline << 'swauth'
end
if node['openstack']['object-storage']['staticweb']['enabled']
pipeline << "staticweb"
pipeline << 'staticweb'
end
if pipeline.include?("swauth")
if pipeline.include?('swauth')
account_management = true
else
account_management = false
@ -51,26 +51,26 @@ log_statsd_metric_prefix = <%= node['openstack']['object-storage']['statistics']
<% end %>
[pipeline:main]
pipeline = catch_errors healthcheck cache ratelimit <%= pipeline.join(" ") %> proxy-logging proxy-server
pipeline = catch_errors healthcheck cache ratelimit <%= pipeline.join(' ') %> proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = <%= account_management %>
node_timeout = <%= node['openstack']['object-storage']['proxy-server']['node_timeout'] %>
<% if pipeline.include?("keystoneauth") -%>
<% if pipeline.include?('keystoneauth') -%>
account_autocreate = true
<% end %>
<% if pipeline.include?("swauth") -%>
<% if pipeline.include?('swauth') -%>
[filter:swauth]
use = egg:swauth#swauth
super_admin_key = <%= @authkey %>
default_swift_cluster = local#<%= node['openstack']['object-storage']['swift_url'] %>#<%= node['openstack']['object-storage']['swauth_url'] %>
<% if pipeline.include?("tempurl") -%>
<% if pipeline.include?('tempurl') -%>
allow_overrides = true
<% end %>
<% if node['openstack']['object-storage']['container-server']['allowed_sync_hosts'].any? -%>
allowed_sync_hosts = <%= node['openstack']['object-storage']['container-server']['allowed_sync_hosts'].join(",") %>
allowed_sync_hosts = <%= node['openstack']['object-storage']['container-server']['allowed_sync_hosts'].join(',') %>
<% end %>
<% end %>
@ -79,7 +79,7 @@ use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
memcache_servers = <%= @memcache_servers.join(",") %>
memcache_servers = <%= @memcache_servers.join(',') %>
[filter:ratelimit]
use = egg:swift#ratelimit
@ -121,9 +121,23 @@ outgoing_allow_headers = <%= node['openstack']['object-storage']['tempurl']['out
[filter:formpost]
use = egg:swift#formpost
<% if pipeline.include?('authtoken') -%>
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_uri = <%= @auth_uri %>
auth_host = <%= @identity_admin_endpoint.host %>
auth_port = <%= @identity_admin_endpoint.port %>
auth_protocol = <%= @identity_admin_endpoint.scheme %>
auth_version = <%= node['openstack']['object-storage']['api']['auth']['version'] %>
admin_tenant_name = <%= node['openstack']['object-storage']['service_tenant_name'] %>
admin_user = <%= node['openstack']['object-storage']['service_user'] %>
admin_password = <%= @service_pass %>
signing_dir = <%= node['openstack']['object-storage']['api']['auth']['cache_dir'] %>
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = Member,admin
operator_roles = admin, swiftoperator
<% end %>
[filter:proxy-logging]
use = egg:swift#proxy_logging