Merge "Use keystone as default authenication"
This commit is contained in:
commit
64fd0c9336
|
@ -2,6 +2,9 @@
|
|||
|
||||
This file is used to list changes made in each version of cookbook-openstack-object-storage.
|
||||
|
||||
## 10.1.0
|
||||
* Use keystone as default authentication
|
||||
|
||||
## 10.0.0
|
||||
* Upgrading to Juno
|
||||
* Upgrading berkshelf from 2.0.18 to 3.1.5
|
||||
|
|
60
README.md
60
README.md
|
@ -11,31 +11,31 @@ Requirements
|
|||
Clients
|
||||
--------
|
||||
|
||||
* CentOS >= 6.3
|
||||
* Ubuntu >= 12.04
|
||||
* CentOS >= 7
|
||||
* Ubuntu >= 14.04
|
||||
|
||||
Chef
|
||||
---------
|
||||
|
||||
* 11.4.4
|
||||
* 12
|
||||
|
||||
Cookbooks
|
||||
---------
|
||||
Dependent Cookbooks
|
||||
-------------------
|
||||
|
||||
* openstack-common
|
||||
* openstack-identity
|
||||
* memcached
|
||||
* statsd
|
||||
* apt
|
||||
|
||||
Roles
|
||||
=====
|
||||
|
||||
* swift-account-server - storage node for account data
|
||||
* swift-container-server - storage node for container data
|
||||
* swift-object-server - storage node for object server
|
||||
* swift-proxy-server - proxy for swift storge nodes
|
||||
* swift-setup - server responsible for generating initial settings
|
||||
* swift-management-server - responsible for ring generation
|
||||
* swift-object-server - storage node for object server
|
||||
* swift-proxy-server - proxy for swift storage nodes
|
||||
* swift-setup - server responsible for generating initial settings
|
||||
|
||||
The swift-management-server role performs the following functions:
|
||||
|
||||
|
@ -44,7 +44,7 @@ The swift-management-server role performs the following functions:
|
|||
* generally always has the swift-setup role too
|
||||
* there can only be _one_ swift-management-server
|
||||
|
||||
There *must* be node with the the swift-managment-server role to act
|
||||
There *must* be a node with the the swift-management-server role to act
|
||||
as the ring repository.
|
||||
|
||||
In small environments, it is likely that all storage machines will
|
||||
|
@ -56,7 +56,7 @@ swift-{account,container,object}-server roles, and there will be
|
|||
dedicated hosts with the swift-proxy-server role.
|
||||
|
||||
In really really huge environments, it's possible that the storage
|
||||
node will be split into swift-{container,accout}-server nodes and
|
||||
node will be split into swift-{container,account}-server nodes and
|
||||
swift-object-server nodes.
|
||||
|
||||
Recipes
|
||||
|
@ -69,7 +69,7 @@ client
|
|||
Attributes
|
||||
==========
|
||||
|
||||
* ```default[:swift][:authmode]``` - "swauth" or "keystone" (default "swauth"). Right now, only swauth is supported (defaults to swauth)
|
||||
* ```default[:swift][:authmode]``` - "swauth" or "keystone" (default "keystone").
|
||||
|
||||
* ```default[:swift][:swauth_source]``` - "git" or "package"(default). Selects between installing python-swauth from git or system package
|
||||
|
||||
|
@ -82,7 +82,7 @@ Attributes
|
|||
* ```default[:swift][:audit_hour]``` - Hour to run swift_auditor on storage nodes (defaults to 5)
|
||||
|
||||
* ```default[:swift][:disk_enum_expr]``` - Eval-able expression that lists
|
||||
candidate disk nodes for disk probing. The result shoule be a hash
|
||||
candidate disk nodes for disk probing. The result should be a hash
|
||||
with keys being the device name (without the leading "/dev/") and a
|
||||
hash block of any extra info associated with the device. For
|
||||
example: { "sdc" => { "model": "Hitachi 7K3000" }}. Largely,
|
||||
|
@ -98,7 +98,7 @@ Attributes
|
|||
* ```default[:swift][:ring][:replicas]``` - how many replicas swift should retain (defaults to 3)
|
||||
|
||||
* ```default[:swift][:disk_test_filter]``` - an array of expressions that must
|
||||
all be true in order a block deviced to be considered for
|
||||
all be true in order a block device to be considered for
|
||||
formatting and inclusion in the cluster. Each rule gets evaluated
|
||||
with "candidate" set to the device name (without the leading
|
||||
"/dev/") and info set to the node hash value. Default rules:
|
||||
|
@ -219,34 +219,6 @@ Example environment
|
|||
This sets up defaults for a swauth-based cluster with the storage
|
||||
network on 10.0.0.0/24.
|
||||
|
||||
Example all-in-one
|
||||
--------------------------
|
||||
|
||||
Example all-in-one storage node config (note there should only ever be
|
||||
one node with the swift-setup and swift-management roles)
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "storage1",
|
||||
"name": "storage1",
|
||||
"json_class": "Chef::Node",
|
||||
"run_list": [
|
||||
"role[swift-setup]",
|
||||
"role[swift-management-server]",
|
||||
"role[swift-account-server]",
|
||||
"role[swift-object-server]",
|
||||
"role[swift-container-server]",
|
||||
"role[swift-proxy-server]"
|
||||
],
|
||||
"chef_environment": "development",
|
||||
"normal": {
|
||||
"swift": {
|
||||
"zone": "1"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Standalone Storage Server
|
||||
-------------------------
|
||||
|
||||
|
@ -277,7 +249,7 @@ Testing
|
|||
Please refer to the [TESTING.md](TESTING.md) for instructions for testing the cookbook.
|
||||
|
||||
Berkshelf
|
||||
=====
|
||||
=========
|
||||
|
||||
Berks will resolve version requirements and dependencies on first run and
|
||||
store these in Berksfile.lock. If new cookbooks become available you can run
|
||||
|
@ -300,7 +272,7 @@ License and Author
|
|||
| | |
|
||||
| **Copyright** | Copyright (c) 2013, AT&T, Inc. |
|
||||
| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. |
|
||||
| **Copyright** | Copyright (c) 2013, IBM, Corp. |
|
||||
| **Copyright** | Copyright (c) 2013-2015 IBM, Corp. |
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
@ -22,6 +22,11 @@ default['openstack']['object-storage']['service_tenant_name'] = 'service'
|
|||
default['openstack']['object-storage']['service_user'] = 'swift'
|
||||
default['openstack']['object-storage']['service_role'] = 'admin'
|
||||
|
||||
# Default swift user
|
||||
default['openstack']['object-storage']['user'] = 'swift'
|
||||
# Default swift group
|
||||
default['openstack']['object-storage']['group'] = 'swift'
|
||||
|
||||
default['openstack']['compute']['region'] = node['openstack']['region']
|
||||
|
||||
# Set to some text value if you want templated config files
|
||||
|
@ -133,11 +138,16 @@ default['openstack']['object-storage']['container_server_chef_role'] = 'swift-c
|
|||
# authentication
|
||||
#--------------------
|
||||
|
||||
default['openstack']['object-storage']['authmode'] = 'swauth'
|
||||
# Authenitcation mode, either keystone or swauth
|
||||
default['openstack']['object-storage']['authmode'] = 'keystone'
|
||||
default['openstack']['object-storage']['authkey'] = nil
|
||||
default['openstack']['object-storage']['swift_url'] = 'http://127.0.0.1:8080/v1/'
|
||||
default['openstack']['object-storage']['swauth_url'] = 'http://127.0.0.1:8080/v1/'
|
||||
default['openstack']['object-storage']['auth_url'] = 'http://127.0.0.1:8080/auth/v1.0'
|
||||
# Keystone version
|
||||
default['openstack']['object-storage']['api']['auth']['version'] = node['openstack']['api']['auth']['version']
|
||||
# Keystone PKI signing directory
|
||||
default['openstack']['object-storage']['api']['auth']['cache_dir'] = '/var/cache/swift/api'
|
||||
|
||||
#---------------------
|
||||
# dispersion settings
|
||||
|
@ -156,7 +166,8 @@ default['openstack']['object-storage']['ring']['replicas'] = 3
|
|||
#------------------
|
||||
# statistics
|
||||
#------------------
|
||||
default['openstack']['object-storage']['statistics']['enabled'] = true
|
||||
# Current statsd cookbook is not supported on rhel platforms
|
||||
default['openstack']['object-storage']['statistics']['enabled'] = platform_family?('debian')
|
||||
default['openstack']['object-storage']['statistics']['sample_rate'] = 1
|
||||
|
||||
# there are two ways to discover your graphite server ip for
|
||||
|
@ -440,8 +451,8 @@ default['openstack']['object-storage']['swauth_version'] = '1.0.8'
|
|||
#------------------
|
||||
|
||||
# Leveling between distros
|
||||
case platform
|
||||
when 'redhat'
|
||||
case platform_family
|
||||
when 'rhel'
|
||||
default['openstack']['object-storage']['platform'] = {
|
||||
'disk_format' => 'ext4',
|
||||
'proxy_packages' => %w{openstack-swift-proxy sudo cronie python-memcached},
|
||||
|
@ -461,50 +472,7 @@ when 'redhat'
|
|||
'override_options' => '',
|
||||
'swift_statsd_publish' => '/usr/bin/swift-statsd-publish.py'
|
||||
}
|
||||
#
|
||||
# python-iso8601 is a missing dependency for swift.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=875948
|
||||
when 'centos'
|
||||
default['openstack']['object-storage']['platform'] = {
|
||||
'disk_format' => 'xfs',
|
||||
'proxy_packages' => %w{openstack-swift-proxy sudo cronie python-iso8601 python-memcached},
|
||||
'object_packages' => %w{openstack-swift-object sudo cronie python-iso8601},
|
||||
'container_packages' => %w{openstack-swift-container sudo cronie python-iso8601},
|
||||
'account_packages' => %w{openstack-swift-account sudo cronie python-iso8601},
|
||||
'swift_packages' => %w{openstack-swift sudo cronie python-iso8601},
|
||||
'swift_client_packages' => ['python-swiftclient'],
|
||||
'swauth_packages' => %w{openstack-swauth sudo cronie python-iso8601},
|
||||
'rsync_packages' => ['rsync'],
|
||||
'git_packages' => ['xinetd', 'git', 'git-daemon'],
|
||||
'service_prefix' => 'openstack-',
|
||||
'service_suffix' => '',
|
||||
'git_dir' => '/var/lib/git',
|
||||
'git_service' => 'git',
|
||||
'service_provider' => Chef::Provider::Service::Redhat,
|
||||
'override_options' => '',
|
||||
'swift_statsd_publish' => '/usr/bin/swift-statsd-publish.py'
|
||||
}
|
||||
when 'fedora'
|
||||
default['openstack']['object-storage']['platform'] = {
|
||||
'disk_format' => 'xfs',
|
||||
'proxy_packages' => ['openstack-swift-proxy', 'python-memcached'],
|
||||
'object_packages' => ['openstack-swift-object'],
|
||||
'container_packages' => ['openstack-swift-container'],
|
||||
'account_packages' => ['openstack-swift-account'],
|
||||
'swift_packages' => ['openstack-swift'],
|
||||
'swift_client_packages' => ['python-swiftclient'],
|
||||
'swauth_packages' => ['openstack-swauth'],
|
||||
'rsync_packages' => ['rsync'],
|
||||
'git_packages' => ['git', 'git-daemon'],
|
||||
'service_prefix' => 'openstack-',
|
||||
'service_suffix' => '.service',
|
||||
'git_dir' => '/var/lib/git',
|
||||
'git_service' => 'git',
|
||||
'service_provider' => Chef::Provider::Service::Systemd,
|
||||
'override_options' => '',
|
||||
'swift_statsd_publish' => '/usr/bin/swift-statsd-publish.py'
|
||||
}
|
||||
when 'ubuntu'
|
||||
when 'debian'
|
||||
default['openstack']['object-storage']['platform'] = {
|
||||
'disk_format' => 'xfs',
|
||||
'proxy_packages' => ['swift-proxy', 'python-memcache'],
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
[Unit]
|
||||
Description=Rsync Server
|
||||
After=local-fs.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/rsync --daemon
|
||||
PIDFile=/var/run/rsyncd.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,19 +0,0 @@
|
|||
# swift-container-sync - SWIFT Container Sync
|
||||
#
|
||||
# The swift container sync.
|
||||
|
||||
description "SWIFT Container Sync"
|
||||
author "Sergio Rubio <rubiojr@bvox.net>"
|
||||
|
||||
start on runlevel [2345]
|
||||
stop on runlevel [016]
|
||||
|
||||
pre-start script
|
||||
if [ -f "/etc/swift/container-server.conf" ]; then
|
||||
exec /usr/bin/swift-init container-sync start
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
end script
|
||||
|
||||
post-stop exec /usr/bin/swift-init container-sync stop
|
|
@ -4,16 +4,17 @@ maintainer_email 'opscode-chef-openstack@googlegroups.com'
|
|||
license 'Apache 2.0'
|
||||
description 'Installs and configures Openstack Swift'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '10.0.0'
|
||||
version '10.1.0'
|
||||
|
||||
recipe 'openstack-object-storage::account-server', 'Installs the swift account server'
|
||||
recipe 'openstack-object-storage::client', 'Install the swift client'
|
||||
recipe 'openstack-object-storage::container-server', 'Installs the swift container server'
|
||||
recipe 'openstack-object-storage::management-server', 'Installs the swift management server'
|
||||
recipe 'openstack-object-storage::object-server', 'Installs the swift object server'
|
||||
recipe 'openstack-object-storage::proxy-server', 'Installs the swift proxy server'
|
||||
recipe 'openstack-object-storage::setup', 'Does initial setup of a swift cluster'
|
||||
|
||||
%w{ centos ubuntu }.each do |os|
|
||||
%w{ centos ubuntu redhat }.each do |os|
|
||||
supports os
|
||||
end
|
||||
|
||||
|
|
|
@ -56,8 +56,8 @@ action :ensure_exists do
|
|||
|
||||
# make sure we have a "path"
|
||||
Directory(path) do
|
||||
group 'swift'
|
||||
owner 'swift'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
recursive true
|
||||
end.run_action(:create)
|
||||
|
||||
|
@ -113,8 +113,8 @@ action :ensure_exists do
|
|||
mount_path = "#{path}/#{info['mountpoint']}"
|
||||
|
||||
Directory(mount_path) do
|
||||
group 'swift'
|
||||
owner 'swift'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
recursive true
|
||||
end.run_action(:create)
|
||||
|
||||
|
@ -122,8 +122,8 @@ action :ensure_exists do
|
|||
when 'ext4'
|
||||
mount_options = 'noatime,nodiratime,nobarrier,user_xattr'
|
||||
when 'xfs'
|
||||
case node['platform']
|
||||
when 'ubuntu', 'debian'
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
mount_options = 'noatime,nodiratime,nobarrier,logbufs=8,nobootwait'
|
||||
else
|
||||
mount_options = 'noatime,nodiratime,nobarrier,logbufs=8'
|
||||
|
|
|
@ -31,43 +31,6 @@ platform_options['account_packages'].each.each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
# epel/f-17 missing init scripts for the non-major services.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
|
||||
%w{auditor reaper replicator}.each do |svc|
|
||||
template "/etc/systemd/system/openstack-swift-account-#{svc}.service" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
source 'simple-systemd-config.erb'
|
||||
variables(
|
||||
description: 'OpenStack Object Storage (swift) - ' +
|
||||
"Account #{svc.capitalize}",
|
||||
user: 'swift',
|
||||
exec: "/usr/bin/swift-account-#{svc} " +
|
||||
'/etc/swift/account-server.conf'
|
||||
)
|
||||
only_if { platform?('fedora') }
|
||||
end
|
||||
end
|
||||
|
||||
# TODO(breu): track against upstream epel packages to determine if this
|
||||
# is still necessary
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
|
||||
%w{auditor reaper replicator}.each do |svc|
|
||||
template "/etc/init.d/openstack-swift-account-#{svc}" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
source 'simple-redhat-init-config.erb'
|
||||
variables(
|
||||
description: 'OpenStack Object Storage (swift) - ' +
|
||||
"Account #{svc.capitalize}",
|
||||
exec: "account-#{svc}"
|
||||
)
|
||||
only_if { platform?(%w{redhat centos}) }
|
||||
end
|
||||
end
|
||||
|
||||
%w{swift-account swift-account-auditor swift-account-reaper swift-account-replicator}.each do |svc|
|
||||
service_name = platform_options['service_prefix'] + svc + platform_options['service_suffix']
|
||||
service svc do
|
||||
|
@ -82,9 +45,9 @@ end
|
|||
# create account server template
|
||||
template '/etc/swift/account-server.conf' do
|
||||
source 'account-server.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0600
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
'bind_ip' => node['openstack']['object-storage']['network']['account-bind-ip'],
|
||||
'bind_port' => node['openstack']['object-storage']['network']['account-bind-port']
|
||||
|
|
|
@ -71,10 +71,9 @@ end
|
|||
|
||||
directory '/etc/swift' do
|
||||
action :create
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0700
|
||||
only_if '/usr/bin/id swift'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00700
|
||||
end
|
||||
|
||||
# determine hash
|
||||
|
@ -91,21 +90,19 @@ end
|
|||
|
||||
template '/etc/swift/swift.conf' do
|
||||
source 'swift.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0700
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
swift_hash_path_prefix: swift_hash_path_prefix,
|
||||
swift_hash_path_suffix: swift_hash_path_suffix
|
||||
)
|
||||
only_if '/usr/bin/id swift'
|
||||
end
|
||||
|
||||
# need a swift user
|
||||
user 'swift' do
|
||||
user node['openstack']['object-storage']['user'] do
|
||||
shell '/bin/bash'
|
||||
action :modify
|
||||
only_if '/usr/bin/id swift'
|
||||
end
|
||||
|
||||
package 'git' do
|
||||
|
@ -118,14 +115,13 @@ end
|
|||
git_builder_ip = node['openstack']['object-storage']['git_builder_ip']
|
||||
template '/etc/swift/pull-rings.sh' do
|
||||
source 'pull-rings.sh.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0700
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00700
|
||||
variables(
|
||||
builder_ip: git_builder_ip,
|
||||
service_prefix: platform_options['service_prefix']
|
||||
)
|
||||
only_if '/usr/bin/id swift'
|
||||
end
|
||||
|
||||
execute '/etc/swift/pull-rings.sh' do
|
||||
|
|
|
@ -31,43 +31,6 @@ platform_options['container_packages'].each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
# epel/f-17 missing init scripts for the non-major services.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
|
||||
%w{auditor updater replicator}.each do |svc|
|
||||
template "/etc/systemd/system/openstack-swift-container-#{svc}.service" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
source 'simple-systemd-config.erb'
|
||||
variables(
|
||||
description: 'OpenStack Object Storage (swift) - ' +
|
||||
"Container #{svc.capitalize}",
|
||||
user: 'swift',
|
||||
exec: "/usr/bin/swift-container-#{svc} " +
|
||||
'/etc/swift/container-server.conf'
|
||||
)
|
||||
only_if { platform?('fedora') }
|
||||
end
|
||||
end
|
||||
|
||||
# TODO(breu): track against upstream epel packages to determine if this
|
||||
# is still necessary
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
|
||||
%w{auditor updater replicator}.each do |svc|
|
||||
template "/etc/init.d/openstack-swift-container-#{svc}" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
source 'simple-redhat-init-config.erb'
|
||||
variables(
|
||||
description: 'OpenStack Object Storage (swift) - ' +
|
||||
"Container #{svc.capitalize}",
|
||||
exec: "container-#{svc}"
|
||||
)
|
||||
only_if { platform?('redhat', 'centos') }
|
||||
end
|
||||
end
|
||||
|
||||
%w{swift-container swift-container-auditor swift-container-replicator swift-container-updater}.each do |svc|
|
||||
service_name = platform_options['service_prefix'] + svc + platform_options['service_suffix']
|
||||
|
||||
|
@ -82,9 +45,9 @@ end
|
|||
|
||||
template '/etc/swift/container-server.conf' do
|
||||
source 'container-server.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0600
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
'bind_ip' => node['openstack']['object-storage']['network']['container-bind-ip'],
|
||||
'bind_port' => node['openstack']['object-storage']['network']['container-bind-port']
|
||||
|
@ -96,23 +59,6 @@ template '/etc/swift/container-server.conf' do
|
|||
notifies :restart, 'service[swift-container-auditor]', :immediately
|
||||
end
|
||||
|
||||
# Ubuntu 12.04 packages are missing the swift-container-sync service scripts
|
||||
# See https://bugs.launchpad.net/cloud-archive/+bug/1250171
|
||||
if platform?('ubuntu')
|
||||
cookbook_file '/etc/init/swift-container-sync.conf' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode 0755
|
||||
source 'swift-container-sync.conf.upstart'
|
||||
action :create
|
||||
not_if '[ -e /etc/init/swift-container-sync.conf ]'
|
||||
end
|
||||
link '/etc/init.d/swift-container-sync' do
|
||||
to '/lib/init/upstart-job'
|
||||
not_if '[ -e /etc/init.d/swift-container-sync ]'
|
||||
end
|
||||
end
|
||||
|
||||
service_name = platform_options['service_prefix'] + 'swift-container-sync' + platform_options['service_suffix']
|
||||
unless node['openstack']['object-storage']['container-server']['allowed_sync_hosts'] == []
|
||||
service 'swift-container-sync' do
|
||||
|
|
|
@ -30,7 +30,6 @@ platform_options = node['openstack']['object-storage']['platform']
|
|||
package 'xfsprogs' do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
only_if { platform?(%w{ubuntu debian fedora centos}) }
|
||||
end
|
||||
|
||||
%w(parted util-linux).each do |pkg|
|
||||
|
@ -44,6 +43,7 @@ disk_enum_expr = node['openstack']['object-storage']['disk_enum_expr']
|
|||
disk_test_filter = node['openstack']['object-storage']['disk_test_filter']
|
||||
|
||||
disks = locate_disks(disk_enum_expr, disk_test_filter)
|
||||
Chef::Log.info("Located disks: #{disks}")
|
||||
|
||||
disks.each do |disk|
|
||||
openstack_object_storage_disk "/dev/#{disk}" do
|
||||
|
|
|
@ -73,7 +73,7 @@ if node['openstack']['object-storage']['statistics']['enabled']
|
|||
source 'swift-statsd-publish.py.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode 0755
|
||||
mode 00755
|
||||
end
|
||||
cron 'cron_swift_statsd_publish' do
|
||||
command "#{platform_options['swift_statsd_publish']} > /dev/null 2>&1"
|
||||
|
@ -83,9 +83,9 @@ end
|
|||
|
||||
template '/etc/swift/dispersion.conf' do
|
||||
source 'dispersion.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0600
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
'auth_url' => node['openstack']['object-storage']['auth_url'],
|
||||
'auth_user' => auth_user,
|
||||
|
|
|
@ -27,44 +27,7 @@ platform_options = node['openstack']['object-storage']['platform']
|
|||
platform_options['object_packages'].each do |pkg|
|
||||
package pkg do
|
||||
action :upgrade
|
||||
options platform_options['override_options'] # retain configs
|
||||
end
|
||||
end
|
||||
|
||||
# epel/f-17 missing init scripts for the non-major services.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
|
||||
%w{auditor updater replicator}.each do |svc|
|
||||
template "/etc/systemd/system/openstack-swift-object-#{svc}.service" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
source 'simple-systemd-config.erb'
|
||||
variables(
|
||||
description: 'OpenStack Object Storage (swift) - ' +
|
||||
"Object #{svc.capitalize}",
|
||||
user: 'swift',
|
||||
exec: "/usr/bin/swift-object-#{svc} " +
|
||||
'/etc/swift/object-server.conf'
|
||||
)
|
||||
only_if { platform?('fedora') }
|
||||
end
|
||||
end
|
||||
|
||||
# TODO(breu): track against upstream epel packages to determine if this
|
||||
# is still necessary
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=807170
|
||||
%w{auditor updater replicator}.each do |svc|
|
||||
template "/etc/init.d/openstack-swift-object-#{svc}" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
source 'simple-redhat-init-config.erb'
|
||||
variables(
|
||||
description: 'OpenStack Object Storage (swift) - ' +
|
||||
"Object #{svc.capitalize}",
|
||||
exec: "object-#{svc}"
|
||||
)
|
||||
only_if { platform?('redhat', 'centos') }
|
||||
options platform_options['override_options']
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -85,9 +48,9 @@ end
|
|||
|
||||
template '/etc/swift/object-server.conf' do
|
||||
source 'object-server.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0600
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
'bind_ip' => node['openstack']['object-storage']['network']['object-bind-ip'],
|
||||
'bind_port' => node['openstack']['object-storage']['network']['object-bind-port']
|
||||
|
@ -102,5 +65,5 @@ end
|
|||
cron 'swift-recon' do
|
||||
minute '*/5'
|
||||
command 'swift-recon-cron /etc/swift/object-server.conf'
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
end
|
||||
|
|
|
@ -49,7 +49,8 @@ platform_options['proxy_packages'].each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
if node['openstack']['object-storage']['authmode'] == 'swauth'
|
||||
case node['openstack']['object-storage']['authmode']
|
||||
when 'swauth'
|
||||
case node['openstack']['object-storage']['swauth_source']
|
||||
when 'package'
|
||||
platform_options['swauth_packages'].each do |pkg|
|
||||
|
@ -75,6 +76,15 @@ if node['openstack']['object-storage']['authmode'] == 'swauth'
|
|||
environment 'PREFIX' => '/usr/local'
|
||||
end
|
||||
end
|
||||
when 'keystone'
|
||||
package 'python-keystoneclient' do
|
||||
action :upgrade
|
||||
end
|
||||
identity_endpoint = endpoint 'identity-api'
|
||||
identity_admin_endpoint = endpoint 'identity-admin'
|
||||
service_pass = get_password 'service', 'openstack-object-storage'
|
||||
|
||||
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['object-storage']['api']['auth']['version']
|
||||
end
|
||||
|
||||
package 'python-swift-informant' do
|
||||
|
@ -82,20 +92,14 @@ package 'python-swift-informant' do
|
|||
only_if { node['openstack']['object-storage']['use_informant'] }
|
||||
end
|
||||
|
||||
package 'python-keystoneclient' do
|
||||
action :upgrade
|
||||
only_if { node['openstack']['object-storage']['authmode'] == 'keystone' }
|
||||
end
|
||||
|
||||
directory '/var/cache/swift' do
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00700
|
||||
end
|
||||
|
||||
swift_proxy_service = platform_options['service_prefix'] + 'swift-proxy' + platform_options['service_suffix']
|
||||
service 'swift-proxy' do
|
||||
# openstack-swift-proxy.service on fedora-17, swift-proxy on ubuntu
|
||||
service_name swift_proxy_service
|
||||
provider platform_options['service_provider']
|
||||
supports status: true, restart: true
|
||||
|
@ -139,15 +143,18 @@ proxy_api_bind_host = proxy_api_bind.host if proxy_api_bind_host.nil?
|
|||
# create proxy config file
|
||||
template '/etc/swift/proxy-server.conf' do
|
||||
source 'proxy-server.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0600
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
variables(
|
||||
'authmode' => node['openstack']['object-storage']['authmode'],
|
||||
'bind_host' => proxy_api_bind_host,
|
||||
'bind_port' => proxy_api_bind_port,
|
||||
'authkey' => authkey,
|
||||
'memcache_servers' => memcache_servers
|
||||
'memcache_servers' => memcache_servers,
|
||||
'auth_uri' => auth_uri,
|
||||
'identity_admin_endpoint' => identity_admin_endpoint,
|
||||
'service_pass' => service_pass
|
||||
)
|
||||
notifies :restart, 'service[swift-proxy]', :immediately
|
||||
end
|
||||
|
|
|
@ -37,22 +37,22 @@ end
|
|||
service 'xinetd' do
|
||||
supports status: false, restart: true
|
||||
action [:enable, :start]
|
||||
only_if { platform?('centos', 'redhat', 'fedora') }
|
||||
only_if { platform_family?('rhel') }
|
||||
end
|
||||
|
||||
execute 'create empty git repo' do
|
||||
cwd '/tmp'
|
||||
umask 022
|
||||
command "mkdir $$; cd $$; git init; echo \"backups\" \> .gitignore; #{git_config_email} ; #{git_config_name} ; git add .gitignore; git commit -m 'initial commit' --author='chef <chef@openstack>'; git push file:///#{platform_options["git_dir"]}/rings master"
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
action :nothing
|
||||
end
|
||||
|
||||
directory 'git-directory' do
|
||||
path "#{platform_options["git_dir"]}/rings"
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode '0755'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00755
|
||||
recursive true
|
||||
action :create
|
||||
end
|
||||
|
@ -60,37 +60,20 @@ end
|
|||
execute 'initialize git repo' do
|
||||
cwd "#{platform_options["git_dir"]}/rings"
|
||||
umask 022
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
command 'git init --bare && touch git-daemon-export-ok'
|
||||
creates "#{platform_options["git_dir"]}/rings/config"
|
||||
action :run
|
||||
notifies :run, 'execute[create empty git repo]', :immediately
|
||||
end
|
||||
|
||||
# epel/f-17 missing systemd-ified inits
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=737183
|
||||
template '/etc/systemd/system/git.service' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
source 'simple-systemd-config.erb'
|
||||
variables(
|
||||
description: 'Git daemon service',
|
||||
user: 'nobody',
|
||||
exec: '/usr/libexec/git-core/git-daemon ' \
|
||||
'--base-path=/var/lib/git --export-all --user-path=public_git' \
|
||||
'--syslog --verbose'
|
||||
)
|
||||
only_if { platform?('fedora') }
|
||||
end
|
||||
|
||||
case node['platform']
|
||||
when 'centos', 'redhat', 'fedora'
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
service 'git-daemon' do
|
||||
service_name platform_options['git_service']
|
||||
action [:enable]
|
||||
end
|
||||
when 'ubuntu', 'debian'
|
||||
when 'debian'
|
||||
service 'git-daemon' do
|
||||
service_name platform_options['git_service']
|
||||
action [:enable, :start]
|
||||
|
@ -100,24 +83,24 @@ end
|
|||
cookbook_file '/etc/default/git-daemon' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '644'
|
||||
mode 00644
|
||||
source 'git-daemon.default'
|
||||
action :create
|
||||
notifies :restart, 'service[git-daemon]', :immediately
|
||||
not_if { platform?('fedora', 'centos', 'redhat') }
|
||||
not_if { platform_family?('rhel') }
|
||||
end
|
||||
|
||||
directory '/etc/swift/ring-workspace' do
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode '0755'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00755
|
||||
action :create
|
||||
end
|
||||
|
||||
execute 'checkout-rings' do
|
||||
cwd '/etc/swift/ring-workspace'
|
||||
command "git clone file://#{platform_options["git_dir"]}/rings"
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
creates '/etc/swift/ring-workspace/rings'
|
||||
end
|
||||
|
||||
|
@ -132,14 +115,14 @@ end
|
|||
execute "add #{ring_type}.builder" do
|
||||
cwd '/etc/swift/ring-workspace/rings'
|
||||
command "git add #{ring_type}.builder && #{git_config_email} ; #{git_config_name} && git commit -m 'initial ring builders' --author='chef <chef@openstack>'"
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
action :nothing
|
||||
end
|
||||
|
||||
execute "create #{ring_type} builder" do
|
||||
cwd '/etc/swift/ring-workspace/rings'
|
||||
command "swift-ring-builder #{ring_type}.builder create #{part_power} #{replicas} #{min_part_hours}"
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
creates "/etc/swift/ring-workspace/rings/#{ring_type}.builder"
|
||||
notifies :run, "execute[add #{ring_type}.builder]", :immediate
|
||||
end
|
||||
|
@ -148,7 +131,7 @@ end
|
|||
bash 'rebuild-rings' do
|
||||
action :nothing
|
||||
cwd '/etc/swift/ring-workspace/rings'
|
||||
user 'swift'
|
||||
user node['openstack']['object-storage']['user']
|
||||
code <<-EOF
|
||||
set -x
|
||||
|
||||
|
@ -178,9 +161,9 @@ bash 'rebuild-rings' do
|
|||
end
|
||||
|
||||
openstack_object_storage_ring_script '/etc/swift/ring-workspace/generate-rings.sh' do
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode '0700'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00700
|
||||
ring_path '/etc/swift/ring-workspace/rings'
|
||||
action :ensure_exists
|
||||
notifies :run, 'bash[rebuild-rings]', :immediate
|
||||
|
|
|
@ -27,29 +27,19 @@ platform_options['rsync_packages'].each do |pkg|
|
|||
end
|
||||
end
|
||||
|
||||
# epel/f-17 broken: https://bugzilla.redhat.com/show_bug.cgi?id=737710
|
||||
cookbook_file '/etc/systemd/system/rsync.service' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
source 'rsync.service'
|
||||
action :create
|
||||
only_if { platform?('fedora') }
|
||||
end
|
||||
|
||||
# rhel based systems install rsync and run it with rsync. We don't want to do that
|
||||
cookbook_file '/etc/init.d/rsyncd' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0755'
|
||||
mode 00755
|
||||
source 'rsync.init'
|
||||
action :create
|
||||
only_if { platform?('centos', 'redhat', 'scientific') }
|
||||
only_if { platform_family?('rhel') }
|
||||
end
|
||||
|
||||
# FIXME: chicken and egg
|
||||
case node['platform']
|
||||
when 'centos', 'redhat', 'fedora'
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
# enable rsyncd
|
||||
rsync_servicename = 'rsyncd'
|
||||
service 'rsyncd' do
|
||||
|
@ -62,7 +52,7 @@ when 'centos', 'redhat', 'fedora'
|
|||
supports status: false, restart: false, start: false, stop: false
|
||||
action [:disable]
|
||||
end
|
||||
when 'ubuntu', 'debian'
|
||||
when 'debian'
|
||||
rsync_servicename = 'rsync'
|
||||
service 'rsync' do
|
||||
supports status: false, restart: true
|
||||
|
@ -73,7 +63,7 @@ end
|
|||
|
||||
template '/etc/rsyncd.conf' do
|
||||
source 'rsyncd.conf.erb'
|
||||
mode 0644
|
||||
mode 00644
|
||||
notifies :restart, "service[#{rsync_servicename}]", :immediately
|
||||
end
|
||||
|
||||
|
@ -82,6 +72,5 @@ execute 'enable rsync' do
|
|||
only_if "grep -q 'RSYNC_ENABLE=false' /etc/default/rsync"
|
||||
notifies :restart, 'service[rsync]', :immediately
|
||||
action :run
|
||||
# TODO(chrislaco) Convert these to platform_family?
|
||||
not_if { platform?('fedora', 'centos', 'redhat', 'scientific') }
|
||||
not_if { platform_family?('rhel') }
|
||||
end
|
||||
|
|
|
@ -22,9 +22,9 @@ include_recipe 'openstack-object-storage::rsync'
|
|||
|
||||
template '/etc/swift/drive-audit.conf' do
|
||||
source 'drive-audit.conf.erb'
|
||||
owner 'swift'
|
||||
group 'swift'
|
||||
mode 0600
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
mode 00600
|
||||
end
|
||||
|
||||
cron 'drive-audit' do
|
||||
|
@ -34,8 +34,8 @@ cron 'drive-audit' do
|
|||
end
|
||||
|
||||
directory '/var/cache/swift' do
|
||||
group 'swift'
|
||||
owner 'swift'
|
||||
owner node['openstack']['object-storage']['user']
|
||||
group node['openstack']['object-storage']['group']
|
||||
recursive true
|
||||
action :create
|
||||
mode 00700
|
||||
|
|
|
@ -38,5 +38,5 @@ end
|
|||
attribute :name, kind_of: String
|
||||
attribute :owner, kind_of: String, default: 'root'
|
||||
attribute :group, kind_of: String, default: 'root'
|
||||
attribute :mode, kind_of: String, default: '0600'
|
||||
attribute :mode, kind_of: Integer, default: 00600
|
||||
attribute :ring_path, kind_of: String, default: '/etc/swift'
|
||||
|
|
|
@ -45,7 +45,7 @@ describe 'openstack-object-storage::account-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ describe 'openstack-object-storage::common' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'root',
|
||||
group: 'root',
|
||||
mode: 0644
|
||||
mode: 00644
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -69,7 +69,7 @@ describe 'openstack-object-storage::common' do
|
|||
expect(chef_run).to create_directory(dir.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0700
|
||||
mode: 00700
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -85,7 +85,7 @@ describe 'openstack-object-storage::common' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0700
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -132,7 +132,7 @@ describe 'openstack-object-storage::common' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0700
|
||||
mode: 00700
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ describe 'openstack-object-storage::container-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -60,23 +60,6 @@ describe 'openstack-object-storage::container-server' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'container sync' do
|
||||
let(:file) { chef_run.cookbook_file('/etc/init/swift-container-sync.conf') }
|
||||
let(:link) { chef_run.link('/etc/init.d/swift-container-sync') }
|
||||
|
||||
it 'creates /etc/init/swift-container-sync.conf' do
|
||||
expect(chef_run).to create_cookbook_file(file.name).with(
|
||||
user: 'root',
|
||||
group: 'root',
|
||||
mode: 0755
|
||||
)
|
||||
end
|
||||
|
||||
it 'creates /etc/init.d/swift-container-sync' do
|
||||
expect(chef_run).to create_link(link.name)
|
||||
end
|
||||
end
|
||||
|
||||
describe '/etc/swift/container-server.conf' do
|
||||
let(:file) { chef_run.template('/etc/swift/container-server.conf') }
|
||||
|
||||
|
@ -84,7 +67,7 @@ describe 'openstack-object-storage::container-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -11,8 +11,8 @@ describe 'openstack-object-storage::management-server' do
|
|||
|
||||
include_context 'swift-stubs'
|
||||
|
||||
it 'upgrades swift swauth package' do
|
||||
expect(chef_run).to upgrade_package 'swauth'
|
||||
it 'does not upgrade swauth package' do
|
||||
expect(chef_run).not_to upgrade_package 'swauth'
|
||||
end
|
||||
|
||||
describe '/etc/swift/dispersion.conf' do
|
||||
|
@ -26,7 +26,7 @@ describe 'openstack-object-storage::management-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -127,7 +127,7 @@ describe 'openstack-object-storage::management-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'root',
|
||||
group: 'root',
|
||||
mode: 0755
|
||||
mode: 00755
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ describe 'openstack-object-storage::object-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -22,8 +22,8 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
expect(chef_run).to upgrade_package('swift-proxy')
|
||||
end
|
||||
|
||||
it 'upgrades swauth package if swauth is selected' do
|
||||
expect(chef_run).to upgrade_package('swauth')
|
||||
it 'does not upgrade swauth package' do
|
||||
expect(chef_run).not_to upgrade_package('swauth')
|
||||
end
|
||||
|
||||
it 'starts swift-proxy on boot' do
|
||||
|
@ -41,7 +41,7 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -50,9 +50,8 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
|
||||
it 'has default contents' do
|
||||
array = [
|
||||
/^pipeline = catch_errors healthcheck cache ratelimit swauth proxy-logging proxy-server$/,
|
||||
/^workers = auto$/,
|
||||
/^super_admin_key = swift_authkey-secret$/
|
||||
/^pipeline = catch_errors healthcheck cache ratelimit authtoken keystoneauth proxy-logging proxy-server$/,
|
||||
/^workers = auto$/
|
||||
]
|
||||
array.each do |content|
|
||||
expect(chef_run).to render_file(file.name).with_content(content)
|
||||
|
@ -60,12 +59,7 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
end
|
||||
|
||||
it 'uses default attribute value for authmode' do
|
||||
expect(chef_run.node['openstack']['object-storage']['authmode']).to eq('swauth')
|
||||
end
|
||||
|
||||
it 'has auth key override' do
|
||||
node.set['openstack']['object-storage']['authkey'] = '1234'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^super_admin_key = 1234$/)
|
||||
expect(chef_run.node['openstack']['object-storage']['authmode']).to eq('keystone')
|
||||
end
|
||||
|
||||
%w(tempurl formpost domain_remap staticweb).each do |attr|
|
||||
|
@ -200,7 +194,6 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
end
|
||||
|
||||
it 'includes keystone related items when authmode is keystone' do
|
||||
node.set['openstack']['object-storage']['authmode'] = 'keystone'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^pipeline = .*authtoken keystoneauth.*$/)
|
||||
end
|
||||
|
||||
|
@ -221,7 +214,6 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
end
|
||||
|
||||
it 'sets account_autocreate when authmode is keystone' do
|
||||
node.set['openstack']['object-storage']['authmode'] = 'keystone'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^account_autocreate = true$/)
|
||||
end
|
||||
|
||||
|
@ -235,6 +227,11 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
node.set['openstack']['object-storage']['authmode'] = 'swauth'
|
||||
end
|
||||
|
||||
it 'has auth key override' do
|
||||
node.set['openstack']['object-storage']['authkey'] = '1234'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^super_admin_key = 1234$/)
|
||||
end
|
||||
|
||||
it 'sets allow_account_management attribute when authmode is swauth' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^allow_account_management = true$/)
|
||||
end
|
||||
|
@ -290,6 +287,24 @@ describe 'openstack-object-storage::proxy-server' do
|
|||
end
|
||||
end
|
||||
|
||||
context 'authtoken enabled' do
|
||||
{ 'paste.filter_factory' => 'keystoneclient.middleware.auth_token:filter_factory',
|
||||
'auth_uri' => 'http://127.0.0.1:5000/v2.0',
|
||||
'auth_host' => '127.0.0.1',
|
||||
'auth_port' => '35357',
|
||||
'auth_protocol' => 'http',
|
||||
'auth_version' => 'v2.0',
|
||||
'admin_tenant_name' => 'service',
|
||||
'admin_user' => 'swift',
|
||||
'admin_password' => 'swift-pass',
|
||||
'signing_dir' => '/var/cache/swift/api'
|
||||
}.each do |k, v|
|
||||
it "sets the default for #{k}" do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('filter:authtoken', /^#{Regexp.quote("#{k} = #{v}")}$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'sets the memcache_servers attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^memcache_servers = 127.0.0.1:11211$/)
|
||||
end
|
||||
|
|
|
@ -30,7 +30,7 @@ describe 'openstack-object-storage::rsync' do
|
|||
|
||||
it 'creates /etc/rsyncd.conf' do
|
||||
expect(chef_run).to create_template(file.name).with(
|
||||
mode: 0644
|
||||
mode: 00644
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -13,11 +13,11 @@ describe 'openstack-object-storage::setup' do
|
|||
include_examples 'keystone-authmode'
|
||||
|
||||
it 'does not include the identity registration recipe' do
|
||||
node.set['openstack']['object-storage']['authmode'] = 'swauth'
|
||||
expect(chef_run).not_to include_recipe('openstack-object-storage::identity_registration')
|
||||
end
|
||||
|
||||
it 'includes the identity registration recipe' do
|
||||
node.set['openstack']['object-storage']['authmode'] = 'keystone'
|
||||
expect(chef_run).to include_recipe('openstack-object-storage::identity_registration')
|
||||
end
|
||||
|
||||
|
|
|
@ -97,16 +97,8 @@ end
|
|||
|
||||
shared_examples 'keystone-authmode' do
|
||||
describe 'authorization mode' do
|
||||
# Default is to use authorization mode of swauth which does not require keystone client.
|
||||
it 'does not upgrade keystoneclient package' do
|
||||
expect(chef_run).not_to upgrade_package('python-keystoneclient')
|
||||
end
|
||||
describe 'keystone authorization mode' do
|
||||
before { node.set['openstack']['object-storage']['authmode'] = 'keystone' }
|
||||
|
||||
it 'does upgrade keystoneclient package' do
|
||||
expect(chef_run).to upgrade_package('python-keystoneclient')
|
||||
end
|
||||
it 'does upgrade keystoneclient package' do
|
||||
expect(chef_run).to upgrade_package('python-keystoneclient')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -18,7 +18,7 @@ describe 'openstack-object-storage::storage-common' do
|
|||
expect(chef_run).to create_directory(dir.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0700
|
||||
mode: 00700
|
||||
)
|
||||
end
|
||||
end
|
||||
|
@ -34,7 +34,7 @@ describe 'openstack-object-storage::storage-common' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'swift',
|
||||
group: 'swift',
|
||||
mode: 0600
|
||||
mode: 00600
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -6,31 +6,31 @@ pipeline = []
|
|||
# the pipeline ordering is important and certain inclusions
|
||||
# must either preceed or follow the selected auth module
|
||||
|
||||
if (node['openstack']['object-storage']['authmode'] == "swauth" and node['openstack']['object-storage']['tempurl']['enabled'] == true)
|
||||
pipeline << "tempurl"
|
||||
if (node['openstack']['object-storage']['authmode'] == 'swauth' and node['openstack']['object-storage']['tempurl']['enabled'] == true)
|
||||
pipeline << 'tempurl'
|
||||
end
|
||||
|
||||
if node['openstack']['object-storage']['domain_remap']['enabled']
|
||||
pipeline << "domain_remap"
|
||||
pipeline << 'domain_remap'
|
||||
end
|
||||
|
||||
if node['openstack']['object-storage']['formpost']['enabled']
|
||||
pipeline << "formpost"
|
||||
pipeline << 'formpost'
|
||||
end
|
||||
|
||||
case @authmode
|
||||
when "keystone"
|
||||
pipeline << "authtoken"
|
||||
pipeline << "keystoneauth"
|
||||
when "swauth"
|
||||
pipeline << "swauth"
|
||||
when 'keystone'
|
||||
pipeline << 'authtoken'
|
||||
pipeline << 'keystoneauth'
|
||||
when 'swauth'
|
||||
pipeline << 'swauth'
|
||||
end
|
||||
|
||||
if node['openstack']['object-storage']['staticweb']['enabled']
|
||||
pipeline << "staticweb"
|
||||
pipeline << 'staticweb'
|
||||
end
|
||||
|
||||
if pipeline.include?("swauth")
|
||||
if pipeline.include?('swauth')
|
||||
account_management = true
|
||||
else
|
||||
account_management = false
|
||||
|
@ -51,26 +51,26 @@ log_statsd_metric_prefix = <%= node['openstack']['object-storage']['statistics']
|
|||
<% end %>
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = catch_errors healthcheck cache ratelimit <%= pipeline.join(" ") %> proxy-logging proxy-server
|
||||
pipeline = catch_errors healthcheck cache ratelimit <%= pipeline.join(' ') %> proxy-logging proxy-server
|
||||
|
||||
[app:proxy-server]
|
||||
use = egg:swift#proxy
|
||||
allow_account_management = <%= account_management %>
|
||||
node_timeout = <%= node['openstack']['object-storage']['proxy-server']['node_timeout'] %>
|
||||
<% if pipeline.include?("keystoneauth") -%>
|
||||
<% if pipeline.include?('keystoneauth') -%>
|
||||
account_autocreate = true
|
||||
<% end %>
|
||||
|
||||
<% if pipeline.include?("swauth") -%>
|
||||
<% if pipeline.include?('swauth') -%>
|
||||
[filter:swauth]
|
||||
use = egg:swauth#swauth
|
||||
super_admin_key = <%= @authkey %>
|
||||
default_swift_cluster = local#<%= node['openstack']['object-storage']['swift_url'] %>#<%= node['openstack']['object-storage']['swauth_url'] %>
|
||||
<% if pipeline.include?("tempurl") -%>
|
||||
<% if pipeline.include?('tempurl') -%>
|
||||
allow_overrides = true
|
||||
<% end %>
|
||||
<% if node['openstack']['object-storage']['container-server']['allowed_sync_hosts'].any? -%>
|
||||
allowed_sync_hosts = <%= node['openstack']['object-storage']['container-server']['allowed_sync_hosts'].join(",") %>
|
||||
allowed_sync_hosts = <%= node['openstack']['object-storage']['container-server']['allowed_sync_hosts'].join(',') %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
||||
|
@ -79,7 +79,7 @@ use = egg:swift#healthcheck
|
|||
|
||||
[filter:cache]
|
||||
use = egg:swift#memcache
|
||||
memcache_servers = <%= @memcache_servers.join(",") %>
|
||||
memcache_servers = <%= @memcache_servers.join(',') %>
|
||||
|
||||
[filter:ratelimit]
|
||||
use = egg:swift#ratelimit
|
||||
|
@ -121,9 +121,23 @@ outgoing_allow_headers = <%= node['openstack']['object-storage']['tempurl']['out
|
|||
[filter:formpost]
|
||||
use = egg:swift#formpost
|
||||
|
||||
<% if pipeline.include?('authtoken') -%>
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||
auth_uri = <%= @auth_uri %>
|
||||
auth_host = <%= @identity_admin_endpoint.host %>
|
||||
auth_port = <%= @identity_admin_endpoint.port %>
|
||||
auth_protocol = <%= @identity_admin_endpoint.scheme %>
|
||||
auth_version = <%= node['openstack']['object-storage']['api']['auth']['version'] %>
|
||||
admin_tenant_name = <%= node['openstack']['object-storage']['service_tenant_name'] %>
|
||||
admin_user = <%= node['openstack']['object-storage']['service_user'] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
signing_dir = <%= node['openstack']['object-storage']['api']['auth']['cache_dir'] %>
|
||||
|
||||
[filter:keystoneauth]
|
||||
use = egg:swift#keystoneauth
|
||||
operator_roles = Member,admin
|
||||
operator_roles = admin, swiftoperator
|
||||
<% end %>
|
||||
|
||||
[filter:proxy-logging]
|
||||
use = egg:swift#proxy_logging
|
||||
|
|
Loading…
Reference in New Issue