Add swift.conf template

* new template with attributes for values
* Allow use of Common databags, deprecated swift databag
* update banners in all templates
* update specs

This is another patch on the road to bringing the swift cookbook
up to speed with the latest Common functions and with Juno in general.

Change-Id: I028776c481a1c96bba3496adfcca149f9ada42d3
Blueprint: object-storage-cleanup

CHANGELOG.md

@@ -8,6 +8,7 @@ This file is used to list changes made in each version of cookbook-openstack-obj
 * Bump Chef gem to 11.16
 * Add keystone registration support
 * Use Common bind endpoint
+* Add swift.conf template
 
 ## 9.0.3
 * Bugfix run_command exitstatus

README.md

@@ -77,18 +77,6 @@ Attributes
 
  * ```default[:swift][:swauth_version]``` - Specifies git repo tagged branch. Default "1.0.8"
 
- * ```default[:swift][:swift_secret_databag_name]``` - this cookbook supports an optional secret databag where we will retrieve the following attributes overriding any default attributes below. (defaults to nil)
-
-```
-        {
-          "id": "swift_dal2",
-          "swift_hash": "1a7c0568fa84"
-          "swift_authkey": "keY4all"
-          "dispersion_auth_user": "ops:dispersion",
-          "dispersion_auth_key": "dispersionpass"
-        }
-```
-
  * ```default[:swift][:swift_hash]``` - swift_hash_path_suffix in /etc/swift/swift.conf (defaults to 107c0568ea84)
 
  * ```default[:swift][:audit_hour]``` - Hour to run swift_auditor on storage nodes (defaults to 5)
@@ -135,6 +123,17 @@ For "swauth", the following attributes are used:
 
  * ```default[:swift][:authkey]``` - swauth super admin key if using swauth (defaults to test)
 
+The following secrets can be defined in the databag defined in Common ['openstack']['secret']['secrets_data_bag']
+
+```
+        {
+          "swift_hash": "1a7c0568fa84"
+          "swift_authkey": "keY4all"
+          "dispersion_auth_user": "ops:dispersion",
+          "dispersion_auth_key": "dispersionpass"
+        }
+```
+
 In addition, because swift is typically deployed as a cluster
 there are some attributes used to find interfaces and ip addresses
 on storage nodes:

attributes/default.rb

@@ -24,26 +24,97 @@ default['openstack']['object-storage']['service_role'] = 'admin'
 
 default['openstack']['compute']['region'] = node['openstack']['region']
 
+# Set to some text value if you want templated config files
+# to contain a custom banner at the top of the written file
+default['openstack']['object-storage']['custom_template_banner'] = "
+# This file autogenerated by Chef
+# Do not edit, changes will be overwritten
+"
+
 #--------------------
 # node/ring settings
 #--------------------
 
 default['openstack']['object-storage']['state'] = {}
-default['openstack']['object-storage']['swift_hash'] = '107c0568ea84'
 default['openstack']['object-storage']['audit_hour'] = '5'
 default['openstack']['object-storage']['disk_enum_expr'] = 'node[:block_device]'
 default['openstack']['object-storage']['auto_rebuild_rings'] = false
 default['openstack']['object-storage']['git_builder_ip'] = '127.0.0.1'
 
+# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the
+# the hashing algorithm when determining data placement in the cluster.
+# These values should remain secret and MUST NOT change
+# once a cluster has been deployed.
+# Deprecated in juno, use swift_hash_path_prefix
+default['openstack']['object-storage']['swift_hash'] = nil
+# A value of nil will get the hash from the get_secret library method in common
+default['openstack']['object-storage']['swift_hash_path_prefix'] = node['openstack']['object-storage']['swift_hash']
+default['openstack']['object-storage']['swift_hash_path_suffix'] = nil
+
+# The swift-constraints section sets the basic constraints on data
+# saved in the swift cluster. These constraints are automatically
+# published by the proxy server in responses to /info requests.
+
+# max_file_size is the largest "normal" object that can be saved in
+# the cluster. This is also the limit on the size of each segment of
+# a "large" object when using the large object manifest support.
+# This value is set in bytes. Setting it to lower than 1MiB will cause
+# some tests to fail. It is STRONGLY recommended to leave this value at
+# the default (5 * 2**30 + 2).
+default['openstack']['object-storage']['max_file_size'] = 5368709122
+# max_meta_name_length is the max number of bytes in the utf8 encoding
+# of the name portion of a metadata header.
+default['openstack']['object-storage']['max_meta_name_length'] = 128
+# max_meta_value_length is the max number of bytes in the utf8 encoding
+# of a metadata value
+default['openstack']['object-storage']['max_meta_value_length'] = 256
+# max_meta_count is the max number of metadata keys that can be stored
+# on a single account, container, or object
+default['openstack']['object-storage']['max_meta_count'] = 90
+# max_meta_overall_size is the max number of bytes in the utf8 encoding
+# of the metadata (keys + values)
+default['openstack']['object-storage']['max_meta_overall_size'] = 4096
+# max_header_size is the max number of bytes in the utf8 encoding of each
+# header. Using 8192 as default because eventlet use 8192 as max size of
+# header line. This value may need to be increased when using identity
+# v3 API tokens including more than 7 catalog entries.
+# See also include_service_catalog in proxy-server.conf-sample
+# (documented in overview_auth.rst)
+default['openstack']['object-storage']['max_header_size'] = 8192
+# max_object_name_length is the max number of bytes in the utf8 encoding
+# of an object name
+default['openstack']['object-storage']['max_object_name_length'] = 1024
+# container_listing_limit is the default (and max) number of items
+# returned for a container listing request
+default['openstack']['object-storage']['container_listing_limit'] = 10000
+# account_listing_limit is the default (and max) number of items returned
+# for an account listing request
+default['openstack']['object-storage']['account_listing_limit'] = 10000
+# max_account_name_length is the max number of bytes in the utf8 encoding
+# of an account name
+default['openstack']['object-storage']['max_account_name_length'] = 256
+# max_container_name_length is the max number of bytes in the utf8 encoding
+# of a container name
+default['openstack']['object-storage']['max_container_name_length'] = 256
+
 # the release only has any effect on ubuntu, and must be
 # a valid release on http://ubuntu-cloud.archive.canonical.com/ubuntu
 default['openstack']['object-storage']['release'] = 'juno'
 
+# Use the openstack-common cookbook databags with the
+# following keys:
+# secret tokens
+#   "swift_hash_path_prefix"
+#   "swift_hash_path_suffix"
+#   "swift_authkey"
+#   "dispersion_auth_key"
+#   "dispersion_auth_user"
+
+# The follow swift specific databag support is DEPRECATED.
 # we support an optional secret databag where we will retrieve the
 # following attributes overriding any default attributes here
 #
 # {
-#   "id": "swift_dal2",
 #   "swift_hash": "107c0568ea84"
 #   "swift_authkey": "keW4all"
 #   "dispersion_auth_user": "test:test",
@@ -67,7 +138,7 @@ default['openstack']['object-storage']['container_server_chef_role']  = 'swift-c
 #--------------------
 
 default['openstack']['object-storage']['authmode']              = 'swauth'
-default['openstack']['object-storage']['authkey']               = 'test'
+default['openstack']['object-storage']['authkey']               = nil
 default['openstack']['object-storage']['swift_url']             = 'http://127.0.0.1:8080/v1/'
 default['openstack']['object-storage']['swauth_url']            = 'http://127.0.0.1:8080/v1/'
 default['openstack']['object-storage']['auth_url']              = 'http://127.0.0.1:8080/auth/v1.0'
@@ -76,8 +147,8 @@ default['openstack']['object-storage']['auth_url']              = 'http://127.0.
 # dispersion settings
 #---------------------
 
-default['openstack']['object-storage']['dispersion']['auth_user'] = 'test:test'
-default['openstack']['object-storage']['dispersion']['auth_key'] = 'test'
+default['openstack']['object-storage']['dispersion']['auth_user'] = nil
+default['openstack']['object-storage']['dispersion']['auth_key'] = nil
 
 # settings for the swift ring - these default settings are
 # a safe setting for testing but part_power should be set to

recipes/common.rb

@@ -79,18 +79,25 @@ end
 
 # determine hash
 if node['openstack']['object-storage']['swift_secret_databag_name'].nil?
-  swifthash = node['openstack']['object-storage']['swift_hash']
+  swift_hash_path_prefix = node['openstack']['object-storage']['swift_hash_path_prefix']
+  swift_hash_path_prefix = get_secret 'swift_hash_path_prefix' if swift_hash_path_prefix.nil?
+  swift_hash_path_suffix = node['openstack']['object-storage']['swift_hash_path_suffix']
+  swift_hash_path_suffix = get_secret 'swift_hash_path_suffix' if swift_hash_path_suffix.nil?
 else
+  # Deprecated, else case to be removed.
   swift_secrets = Chef::EncryptedDataBagItem.load 'secrets', node['openstack']['object-storage']['swift_secret_databag_name']
-  swifthash = swift_secrets['swift_hash']
+  swift_hash_path_prefix = swift_secrets['swift_hash']
 end
 
-file '/etc/swift/swift.conf' do
-  action :create
+template '/etc/swift/swift.conf' do
+  source 'swift.conf.erb'
   owner 'swift'
   group 'swift'
   mode 0700
-  content "[swift-hash]\nswift_hash_path_suffix=#{swifthash}\n"
+  variables(
+    swift_hash_path_prefix: swift_hash_path_prefix,
+    swift_hash_path_suffix: swift_hash_path_suffix
+  )
   only_if '/usr/bin/id swift'
 end
 

recipes/management-server.rb

@@ -57,8 +57,12 @@ end
 # determine where to find dispersion login information
 if node['openstack']['object-storage']['swift_secret_databag_name'].nil?
   auth_user = node['openstack']['object-storage']['dispersion']['auth_user']
+  auth_user = get_secret 'dispersion_auth_user' if auth_user.nil?
+
   auth_key  = node['openstack']['object-storage']['dispersion']['auth_key']
+  auth_key = get_secret 'dispersion_auth_key' if auth_key.nil?
 else
+  # Deprecated, else case to be removed.
   swift_secrets = Chef::EncryptedDataBagItem.load 'secrets', node['openstack']['object-storage']['swift_secret_databag_name']
   auth_user = swift_secrets['dispersion_auth_user']
   auth_key = swift_secrets['dispersion_auth_key']

recipes/proxy-server.rb

@@ -122,7 +122,9 @@ end
 # determine authkey to use
 if node['openstack']['object-storage']['swift_secret_databag_name'].nil?
   authkey = node['openstack']['object-storage']['authkey']
+  authkey = get_secret 'swift_authkey' if authkey.nil?
 else
+  # Deprecated, else case to be removed.
   swift_secrets = Chef::EncryptedDataBagItem.load 'secrets', node['openstack']['object-storage']['swift_secret_databag_name']
   authkey = swift_secrets['swift_authkey']
 end

spec/account_spec.rb

@@ -37,6 +37,10 @@ describe 'openstack-object-storage::account-server' do
     describe '/etc/swift/account-server.conf' do
       let(:file) { chef_run.template('/etc/swift/account-server.conf') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates account-server.conf' do
         expect(chef_run).to create_template(file.name).with(
           user: 'swift',

spec/common_spec.rb

@@ -15,6 +15,22 @@ describe 'openstack-object-storage::common' do
       expect(chef_run).to include_recipe('openstack-common::sysctl')
     end
 
+    it 'upgrades swift packages' do
+      expect(chef_run).to upgrade_package('swift')
+    end
+
+    it 'does not create swift user' do
+      expect(chef_run).not_to create_user('swift').with(
+        shell: '/bin/bash'
+      )
+    end
+
+    it 'executes pull rings' do
+      expect(chef_run).to run_execute('/etc/swift/pull-rings.sh').with(
+        cwd: '/etc/swift'
+      )
+    end
+
     describe '60-openstack.conf' do
       let(:file) { chef_run.template('/etc/sysctl.d/60-openstack.conf') }
 
@@ -59,10 +75,14 @@ describe 'openstack-object-storage::common' do
     end
 
     describe '/etc/swift/swift.conf' do
-      let(:file) { chef_run.file('/etc/swift/swift.conf') }
+      let(:file) { chef_run.template('/etc/swift/swift.conf') }
+
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
 
       it 'creates swift.conf' do
-        expect(chef_run).to create_file(file.name).with(
+        expect(chef_run).to create_template(file.name).with(
           user: 'swift',
           group: 'swift',
           mode: 0700
@@ -70,13 +90,44 @@ describe 'openstack-object-storage::common' do
       end
 
       it 'template contents' do
-        skip 'TODO: implement'
+        [
+          /^swift_hash_path_prefix = swift_hash_path_prefix-secret$/,
+          /^swift_hash_path_suffix = swift_hash_path_suffix-secret$/,
+          /^max_file_size = 5368709122$/,
+          /^max_meta_name_length = 128$/,
+          /^max_meta_value_length = 256$/,
+          /^max_meta_count = 90$/,
+          /^max_meta_overall_size = 4096$/,
+          /^max_header_size = 8192$/,
+          /^max_object_name_length = 1024$/,
+          /^container_listing_limit = 10000$/,
+          /^account_listing_limit = 10000$/,
+          /^max_account_name_length = 256$/,
+          /^max_container_name_length = 256$/
+        ].each do |content|
+          expect(chef_run).to render_file(file.name).with_content(content)
+        end
+      end
+
+      it 'template contents with hash overrides' do
+        node.set['openstack']['object-storage']['swift_hash_path_prefix'] = '1234'
+        node.set['openstack']['object-storage']['swift_hash_path_suffix'] = '4321'
+        [
+          /^swift_hash_path_prefix = 1234$/,
+          /^swift_hash_path_suffix = 4321$/
+        ].each do |content|
+          expect(chef_run).to render_file(file.name).with_content(content)
+        end
       end
     end
 
     describe '/etc/swift/pull-rings.sh' do
       let(:file) { chef_run.template('/etc/swift/pull-rings.sh') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates pull-rings.sh' do
         expect(chef_run).to create_template(file.name).with(
           user: 'swift',

spec/container_spec.rb

@@ -30,6 +30,36 @@ describe 'openstack-object-storage::container-server' do
       end
     end
 
+    describe '/etc/swift/container-server.conf' do
+      let(:file) { chef_run.template('/etc/swift/container-server.conf') }
+
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
+      it 'creates account-server.conf' do
+        expect(chef_run).to create_template(file.name).with(
+          user: 'swift',
+          group: 'swift',
+          mode: 0600
+        )
+      end
+
+      it 'has allowed sync hosts' do
+        node.set['openstack']['object-storage']['container-server']['allowed_sync_hosts'] = %w(host1 host2)
+        expect(chef_run).to render_file(file.name).with_content('allowed_sync_hosts = host1,host2')
+      end
+
+      { 'bind_ip' => '0.0.0.0',
+        'bind_port' => '6001',
+        'log_statsd_default_sample_rate' => '1',
+        'log_statsd_metric_prefix' => 'openstack.swift.Fauxhai' }.each do |k, v|
+        it "sets the #{k}" do
+          expect(chef_run).to render_file(file.name).with_content(/^#{Regexp.quote("#{k} = #{v}")}$/)
+        end
+      end
+    end
+
     describe 'container sync' do
       let(:file) { chef_run.cookbook_file('/etc/init/swift-container-sync.conf') }
       let(:link) { chef_run.link('/etc/init.d/swift-container-sync') }

spec/management_spec.rb

@@ -18,6 +18,10 @@ describe 'openstack-object-storage::management-server' do
     describe '/etc/swift/dispersion.conf' do
       let(:file) { chef_run.template('/etc/swift/dispersion.conf') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates dispersion.conf' do
         expect(chef_run).to create_template(file.name).with(
           user: 'swift',
@@ -36,11 +40,11 @@ describe 'openstack-object-storage::management-server' do
         end
 
         it 'uses default attribute value for dispersion auth_user' do
-          expect(chef_run.node['openstack']['object-storage']['dispersion']['auth_user']).to eq('test:test')
+          expect(chef_run.node['openstack']['object-storage']['dispersion']['auth_user']).to eq(nil)
         end
 
         it 'uses default attribute value for dispersion auth_key' do
-          expect(chef_run.node['openstack']['object-storage']['dispersion']['auth_key']).to eq('test')
+          expect(chef_run.node['openstack']['object-storage']['dispersion']['auth_key']).to eq(nil)
         end
       end
 
@@ -50,7 +54,15 @@ describe 'openstack-object-storage::management-server' do
           expect(chef_run).to render_file(file.name).with_content(/^auth_url = auth_url_value$/)
         end
 
-        context 'with databag' do
+        context 'with user databag' do
+          %w(user key).each do |attr|
+            it "sets the auth_#{attr}" do
+              expect(chef_run).to render_file(file.name).with_content(/^auth_#{attr} = dispersion_auth_#{attr}-secret$/)
+            end
+          end
+        end
+
+        context 'with swift databag' do
           let(:swift_secrets) do
             { 'dispersion_auth_user' => 'dispersion_auth_user_value',
               'dispersion_auth_key' => 'dispersion_auth_key_value' }
@@ -70,7 +82,7 @@ describe 'openstack-object-storage::management-server' do
           end
         end
 
-        context 'without databag' do
+        context 'without swift databag' do
           before do
             node.set['openstack']['object-storage']['swift_secret_databag_name'] = nil
           end
@@ -82,6 +94,29 @@ describe 'openstack-object-storage::management-server' do
             end
           end
         end
+
+        it 'template default contents' do
+          [
+            %r{^auth_url = http://127.0.0.1:8080/auth/v1.0$},
+            /^auth_user = dispersion_auth_user-secret$/,
+            /^auth_key = dispersion_auth_key-secret$/
+          ].each do |content|
+            expect(chef_run).to render_file(file.name).with_content(content)
+          end
+        end
+
+        it 'has template overrides' do
+          node.set['openstack']['object-storage']['auth_url'] = 'url'
+          node.set['openstack']['object-storage']['dispersion']['auth_user'] = 'user'
+          node.set['openstack']['object-storage']['dispersion']['auth_key'] = 'key'
+          [
+            /^auth_url = url$/,
+            /^auth_user = user$/,
+            /^auth_key = key$/
+          ].each do |content|
+            expect(chef_run).to render_file(file.name).with_content(content)
+          end
+        end
       end
     end
 

spec/object_spec.rb

@@ -39,6 +39,10 @@ describe 'openstack-object-storage::object-server' do
     describe '/etc/swift/object-server.conf' do
       let(:file) { chef_run.template('/etc/swift/object-server.conf') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates object-server.conf' do
         expect(chef_run).to create_template(file.name).with(
           user: 'swift',

spec/proxy_spec.rb

@@ -33,6 +33,10 @@ describe 'openstack-object-storage::proxy-server' do
     describe '/etc/swift/proxy-server.conf' do
       let(:file) { chef_run.template('/etc/swift/proxy-server.conf') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates proxy-server.conf' do
         expect(chef_run).to create_template(file.name).with(
           user: 'swift',
@@ -44,10 +48,26 @@ describe 'openstack-object-storage::proxy-server' do
       describe 'default attribute values' do
         it_behaves_like 'a common swift server default attribute values checker', 'proxy', nil, nil
 
+        it 'has default contents' do
+          array = [
+            /^pipeline = catch_errors healthcheck cache ratelimit swauth proxy-logging proxy-server$/,
+            /^workers = auto$/,
+            /^super_admin_key = swift_authkey-secret$/
+          ]
+          array.each do |content|
+            expect(chef_run).to render_file(file.name).with_content(content)
+          end
+        end
+
         it 'uses default attribute value for authmode' do
           expect(chef_run.node['openstack']['object-storage']['authmode']).to eq('swauth')
         end
 
+        it 'has auth key override' do
+          node.set['openstack']['object-storage']['authkey'] = '1234'
+          expect(chef_run).to render_file(file.name).with_content(/^super_admin_key = 1234$/)
+        end
+
         %w(tempurl formpost domain_remap staticweb).each do |attr|
           it "uses default attribute value for #{attr} enabled" do
             expect(chef_run.node['openstack']['object-storage'][attr]['enabled']).to eq(false)

spec/rsync_spec.rb

@@ -24,6 +24,10 @@ describe 'openstack-object-storage::rsync' do
     describe '/etc/rsyncd.conf' do
       let(:file) { chef_run.template('/etc/rsyncd.conf') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates /etc/rsyncd.conf' do
         expect(chef_run).to create_template(file.name).with(
           mode: 0644

spec/spec_helper.rb

@@ -77,6 +77,21 @@ shared_context 'swift-stubs' do
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
       .with('service', 'openstack-object-storage')
       .and_return('swift-pass')
+    allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
+      .with('swift_hash_path_prefix')
+      .and_return('swift_hash_path_prefix-secret')
+    allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
+      .with('swift_hash_path_suffix')
+      .and_return('swift_hash_path_suffix-secret')
+    allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
+      .with('swift_authkey')
+      .and_return('swift_authkey-secret')
+    allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
+      .with('dispersion_auth_user')
+      .and_return('dispersion_auth_user-secret')
+    allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
+      .with('dispersion_auth_key')
+      .and_return('dispersion_auth_key-secret')
   end
 end
 
@@ -162,3 +177,10 @@ shared_examples 'a common swift server default attribute values checker' do |ser
     expect(chef_run.node['openstack']['object-storage']["#{server_type}-server"]['workers']).to eq('auto')
   end
 end
+
+shared_examples 'custom template banner displayer' do
+  it 'shows the custom banner' do
+    node.set['openstack']['object-storage']['custom_template_banner'] = 'custom_template_banner_value'
+    expect(chef_run).to render_file(file_name).with_content(/^custom_template_banner_value$/)
+  end
+end

spec/storage-common_spec.rb

@@ -26,6 +26,10 @@ describe 'openstack-object-storage::storage-common' do
     describe '/etc/swift/drive-audit.conf' do
       let(:file) { chef_run.template('/etc/swift/drive-audit.conf') }
 
+      it_behaves_like 'custom template banner displayer' do
+        let(:file_name) { file.name }
+      end
+
       it 'creates drive-audit.conf' do
         expect(chef_run).to create_template(file.name).with(
           user: 'swift',

templates/default/account-server.conf.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 [DEFAULT]
 # bind_ip = 0.0.0.0
 # bind_port = 6002

templates/default/container-server.conf.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 [DEFAULT]
 bind_ip = <%= @bind_ip %>
 bind_port = <%= @bind_port %>

templates/default/dispersion.conf.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 [dispersion]
 auth_url = <%= @auth_url %>
 auth_user = <%= @auth_user %>

templates/default/drive-audit.conf.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 [drive-audit]
 log_facility = LOG_LOCAL0
 log_level = INFO

templates/default/object-server.conf.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 [DEFAULT]
 bind_ip = <%= @bind_ip %>
 bind_port = <%= @bind_port %>

templates/default/proxy-server.conf.erb

@@ -1,3 +1,4 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
 <%
 
 pipeline = []

templates/default/pull-rings.sh.erb

@@ -1,4 +1,5 @@
 #!/bin/bash
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
 
 # this has to be run as root to restart the services...
 

templates/default/rsyncd.conf.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 uid = swift
 gid = swift
 

templates/default/simple-redhat-init-config.erb

@@ -1,4 +1,5 @@
 #!/bin/sh
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
 
 ### BEGIN INIT INFO
 # Provides:          <%= @exec %>

templates/default/simple-systemd-config.erb

@@ -1,3 +1,5 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
 [Unit]
 Description=<%= @description %>
 After=syslog.target network.target

templates/default/swift-statsd-publish.py.erb

@@ -16,9 +16,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 #
-"""
-THIS FILE WAS INSTALLED BY CHEF.  ANY CHANGES WILL BE OVERWRITTEN.
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
 
+"""
 Openstack swift collector for recon and dispersion reports.  Will send
 back dispersion reporting metrics as well as swift recon statistics
 to a statsd server for graphite consumption

templates/default/swift.conf.erb

@@ -0,0 +1,50 @@
+<%= node['openstack']['object-storage']['custom_template_banner'] %>
+
+[swift-hash]
+swift_hash_path_prefix = <%= @swift_hash_path_prefix %>
+swift_hash_path_suffix = <%= @swift_hash_path_suffix %>
+
+# storage policies are defined here and determine various characteristics
+# about how objects are stored and treated.  Policies are specified by name on
+# a per container basis.  Names are case-insensitive.  The policy index is
+# specified in the section header and is used internally.  The policy with
+# index 0 is always used for legacy containers and can be given a name for use
+# in metadata however the ring file name will always be 'object.ring.gz' for
+# backwards compatibility.  If no policies are defined a policy with index 0
+# will be automatically created for backwards compatibility and given the name
+# Policy-0.  A default policy is used when creating new containers when no
+# policy is specified in the request.  If no other policies are defined the
+# policy with index 0 will be declared the default.  If multiple policies are
+# defined you must define a policy with index 0 and you must specify a
+# default.  It is recommended you always define a section for
+# storage-policy:0.
+[storage-policy:0]
+name = Policy-0
+default = yes
+
+# the following section would declare a policy called 'silver', the number of
+# replicas will be determined by how the ring is built.  In this example the
+# 'silver' policy could have a lower or higher # of replicas than the
+# 'Policy-0' policy above.  The ring filename will be 'object-1.ring.gz'.  You
+# may only specify one storage policy section as the default.  If you changed
+# this section to specify 'silver' as the default, when a client created a new
+# container w/o a policy specified, it will get the 'silver' policy because
+# this config has specified it as the default.  However if a legacy container
+# (one created with a pre-policy version of swift) is accessed, it is known
+# implicitly to be assigned to the policy with index 0 as opposed to the
+# current default.
+#[storage-policy:1]
+#name = silver
+
+[swift-constraints]
+max_file_size = <%= node['openstack']['object-storage']['max_file_size'] %>
+max_meta_name_length = <%= node['openstack']['object-storage']['max_meta_name_length'] %>
+max_meta_value_length = <%= node['openstack']['object-storage']['max_meta_value_length'] %>
+max_meta_count = <%= node['openstack']['object-storage']['max_meta_count'] %>
+max_meta_overall_size = <%= node['openstack']['object-storage']['max_meta_overall_size'] %>
+max_header_size = <%= node['openstack']['object-storage']['max_header_size'] %>
+max_object_name_length = <%= node['openstack']['object-storage']['max_object_name_length'] %>
+container_listing_limit = <%= node['openstack']['object-storage']['container_listing_limit'] %>
+account_listing_limit = <%= node['openstack']['object-storage']['account_listing_limit'] %>
+max_account_name_length = <%= node['openstack']['object-storage']['max_account_name_length'] %>
+max_container_name_length = <%= node['openstack']['object-storage']['max_container_name_length'] %>