Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Swift /Keystone integration. Highlights:

 1. swauth / keystone auth
 2. keystone instance in proposal
  • Loading branch information...
commit 9de6b35c1aca9912fe9451f0bcf5ed8d274f9eca 1 parent 7078d0d
@aabes aabes authored
View
25 chef/cookbooks/swift/attributes/default.rb
@@ -3,9 +3,9 @@
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
+# You may obtain a copy of the License atxf
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0cyt
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -39,8 +39,10 @@
### where to find IP for admin use
default[:swift][:admin_ip_expr] = "node[:ipaddress]"
-### where to find IP for admin use
+### where to find IP for storage network use
default[:swift][:storage_ip_expr] = "node[:ipaddress]"
+### where to find IP for public network use (for clients to contact proxies)
+default[:swift][:public_ip_expr] = "node[:ipaddress]"
# expression to find a hash of possible disks to be used.
default[:swift][:disk_enum_expr]= 'node[:block_device]'
@@ -60,3 +62,20 @@
# :ring=> one of "object", "account" or "container"
# :disk=> disk partition information as created in disks.rb,contains: :name (e.g sdb) :size either :remaining (= all the disk) or an actual byte count.
default[:swift][:disk_zone_assign_expr] = '$DISK_CNT||=0; $DISK_CNT= $DISK_CNT+1 ;[ $DISK_CNT % node[:swift][:zones] , 99]'
+
+
+# should proxy server account management be enabled
+default[:swift][:account_management] = "true"
+
+####
+# new parameters for diablo
+
+
+#
+# the authentication method to use. possible values:
+# keystone - use keystone (reuqired for swfit/dashboard integration
+# swauth - Swifth authentication
+# tempauth - use only for testing
+default[:swift][:auth_method] = "keystone"
+default[:swift][:keystone_instance] = "proposal"
+default[:swift][:reseller_prefix] = "AUTH"
View
3  chef/cookbooks/swift/recipes/auth.rb
@@ -21,6 +21,3 @@
command "apt-get install --allow-unauthenticated swift-account" # This will fail, but it gets the image local
# returns 100
end
-execute "force install" do
- command 'dpkg --force-overwrite -i "/var/cache/apt/archives/swift-account_1.3-rc+bzr266-0ubuntu0ppa1~maverick1_all.deb"'
-end
View
100 chef/cookbooks/swift/recipes/proxy.rb
@@ -20,10 +20,85 @@
include_recipe 'utils'
include_recipe 'swift::auth'
-%w{curl python-software-properties memcached swift-proxy}.each do |pkg|
- package pkg
+
+local_ip = Swift::Evaluator.get_ip_by_type(node, :admin_ip_expr)
+public_ip = Swift::Evaluator.get_ip_by_type(node, :public_ip_expr)
+
+
+###
+# bucket to collect all the config items that end up in the proxy config template
+proxy_config = {}
+proxy_config[:auth_method] = node[:swift][:auth_method]
+proxy_config[:group] = node[:swift][:group]
+proxy_config[:user] = node[:swift][:user]
+proxy_config[:local_ip] = local_ip
+proxy_config[:public_ip] = public_ip
+
+
+%w{curl python-software-properties memcached swift-proxy}.each do |pkg|
+ package pkg do
+ action :install
+ end
end
+
+case proxy_config[:auth_method]
+ when "swauth"
+ package "python-swauth" do
+ action :install
+ end
+ proxy_config[:admin_key] =node[:swift][:cluster_admin_pw]
+ proxy_config[:account_management] = node[:swift][:account_management]
+
+ when "keystone"
+ package "python-keystone" do
+ action :install
+ end
+
+ env_filter = " AND keystone_config_environment:keystone-config-#{node[:swift][:keystone_instance]}"
+ keystones = search(:node, "recipes:keystone\\:\\:server#{env_filter}") || []
+ if keystones.length > 0
+ keystone = keystones[0]
+ else
+ keystone = node
+ end
+
+ keystone_address = Chef::Recipe::Barclamp::Inventory.get_network_by_type(keystone, "admin").address if keystone_address.nil?
+ keystone_token = keystone[:keystone][:admin]['token']
+ Chef::Log.info("Keystone server found at #{keystone_address}")
+ proxy_config[:keystone_admin_token] = keystone[:keystone][:admin]['token']
+ proxy_config[:keystone_vip] = keystone_address
+ proxy_config[:reseller_prefix] = node[:swift][:reseller_prefix]
+
+ keystone_register "register swift service" do
+ host keystone_address
+ token node[:keystone][:admin][:token]
+ service_name "swift"
+ service_description "Openstack Swift Object Store Service"
+ action :add_service
+ end
+
+ keystone_register "register swift-proxy endpoint" do
+ host keystone_address
+ token node[:keystone][:admin][:token]
+ endpoint_service "swift"
+ endpoint_region "RegionOne"
+ endpoint_adminURL "http://#{local_ip}:8080/v1.0/AUTH_%tenant_id%"
+ endpoint_internalURL "http://#{local_ip}:/v1.0/AUTH_%tenant_id%"
+ endpoint_publicURL "http://#{public_ip}:8080/v1.1/AUTH_%tenant_id%"
+ # endpoint_global true
+ # endpoint_enabled true
+ action :add_endpoint_template
+ end
+
+
+ when "tempauth"
+ ## uses defaults...
+ end
+
+
+######
+# extract some keystone goodness
## note that trying to use the <bash> resource fails in odd ways...
execute "create auth cert" do
cwd "/etc/swift"
@@ -51,22 +126,17 @@
else
log("found no swift-proxy nodes") {level :warn}
end
+proxy_config[:memcached_ips] = servers
+
+
-local_ip = Swift::Evaluator.get_ip_by_type(node, :admin_ip_expr)
## Create the proxy server configuraiton file
template "/etc/swift/proxy-server.conf" do
- source "proxy-server.conf.erb"
- mode "0644"
- group node[:swift][:group]
- owner node[:swift][:user]
- variables( {
- :admin_key => node[:swift][:cluster_admin_pw],
- :memcached_ips => servers,
- :localip => local_ip ,
- :user =>node[:swift][:user],
- :debug => node[:swift][:debug],
- :account_management => node[:swift]["account_management"]
- })
+ source "proxy-server.conf.erb"
+ mode "0644"
+ group node[:swift][:group]
+ owner node[:swift][:user]
+ variables proxy_config
end
## install a default memcached instsance.
View
4 chef/cookbooks/swift/recipes/storage.rb
@@ -18,10 +18,10 @@
include_recipe 'apt'
include_recipe 'swift::disks'
-include_recipe 'swift::auth'
+#include_recipe 'swift::auth'
include_recipe 'swift::rsync'
-%w{swift-container swift-object sqlite }.each do |pkg|
+%w{swift-container swift-object swift-account sqlite }.each do |pkg|
package pkg
end
View
50 chef/cookbooks/swift/templates/default/proxy-server.conf.erb
@@ -15,12 +15,18 @@
#
# Author: andi abes
#
+
+#
+# This file managed by Crowbar/chef - do not edit
+
+
[DEFAULT]
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key
bind_port = 8080
workers = 1
user = <%= @user %>
+group = <%= @group %>
log_facility = LOG_LOCAL0
log_level = DEBUG
@@ -29,13 +35,28 @@ log_requests = true
setup_console_handler = true
[pipeline:main]
-pipeline = healthcheck cache swauth proxy-server
+<%
+ @swauth= @tempauth= @keystone = false
+ auth=""
+ case @auth_method
+ when "swauth"
+ auth= "swauth"
+ @swauth=true
+ when "keystone"
+ auth="keystone"
+ @keystone = true
+ when "tempauth"
+ auth="tempauth"
+ @tempauth=true
+ end
+%>
+pipeline = healthcheck cache <%= auth %> proxy-server
+
[app:proxy-server]
use = egg:swift#proxy
-<% if @account_management == "true" %>
-allow_account_management = true
-<% end %>
+<% if @account_management == "true" %>allow_account_management = true<% end %>
+<% if @keystone %>account_autocreate = true<% end %>
set log_name = proxy-server
set log_facility = LOG_LOCAL0
@@ -45,11 +66,32 @@ set access_log_facility = LOG_LOCAL0
set access_log_level = INFO
set log_requests = true
+<%if @swauth %>
[filter:swauth]
use = egg:swift#swauth
set default_swift_cluster = local#https://<%= @localip %>:8080/v1
super_admin_key = <%= @admin_key %>
log_level = DEBUG
+<% end %>
+
+<% if @keystone %>
+[filter:keystone]
+use = egg:keystone#swiftauth
+keystone_admin_token = <%= @keystone_admin_token %>
+keystone_url = http://<%= @keystone_vip %>:5001
+reseller_prefix=<%= @reseller_prefix %>
+
+<% end %>
+
+<% if @tempauth %>
+[filter:tempauth]
+use = egg:swift#tempauth
+user_admin_admin = admin .admin .reseller_admin
+user_test_tester = testing .admin
+user_test2_tester2 = testing2 .admin
+user_test_tester3 = testing3
+<% end %>
+
[filter:healthcheck]
use = egg:swift#healthcheck
View
4 chef/data_bags/crowbar/bc-template-swift.json
@@ -10,11 +10,15 @@
"partitions": 18,
"zones": 2,
"min_part_hours": 1,
+ "auth_method": "keystone",
+ "keystone_instance": "proposal",
+ "reseller_prefix" : "AUTH",
"user": "swift",
"group": "swift",
"debug": true,
"admin_ip_expr": "Chef::Recipe::Barclamp::Inventory.get_network_by_type(node, \"admin\").address",
"storage_ip_expr": "Chef::Recipe::Barclamp::Inventory.get_network_by_type(node, \"storage\").address",
+ "public_ip_expr": "Chef::Recipe::Barclamp::Inventory.get_network_by_type(node, \"public\").address",
"disk_enum_expr": "node[\"crowbar\"][\"disks\"]",
"disk_test_expr": "v[\"usage\"] == \"Storage\"",
"disk_zone_assign_expr": "$SWIFT_DISK_CNT||=0; $SWIFT_DISK_CNT= $SWIFT_DISK_CNT+1 ;[ $SWIFT_DISK_CNT % node[:swift][:zones] , 99]"
View
14 chef/data_bags/crowbar/bc-template-swift.schema
@@ -18,15 +18,19 @@
"zones": { "type": "int", "required": true },
"min_part_hours": { "type": "int", "required": true },
"partitions": { "type": "int", "required": true },
+ "auth_method": { "type": "str", "required": true, "pattern": "/^swauth|keystone$/" },
+ "keystone_instance": { "type": "str", "required": false },
+ "reseller_prefix": { "type": "str", "required": false },
"user": { "type": "str", "required": true },
"group": { "type": "str", "required": true },
"debug": { "type": "bool", "required": false},
"admin_ip_expr": { "type": "str", "required": true},
- "storage_ip_expr": { "type": "str", "required": true},
- "disk_enum_expr": { "type": "str", "required": true},
- "disk_test_expr": { "type": "str", "required": true},
- "disk_zone_assign_expr": { "type": "str", "required": false}
- }
+ "storage_ip_expr": { "type": "str", "required": true},
+ "public_ip_expr": { "type": "str", "required": true},
+ "disk_enum_expr": { "type": "str", "required": true},
+ "disk_test_expr": { "type": "str", "required": true},
+ "disk_zone_assign_expr": { "type": "str", "required": false}
+ }
}
}
},
View
2  crowbar.yml
@@ -43,6 +43,8 @@ locale_additions:
user: User
group: Group
debug: Debug
+ auth_method: Authentication method
+ keystone_instance: Keystone instance
edit_deployment:
deployment: Deployment
View
6 crowbar_framework/app/views/barclamp/swift/_edit_attributes.html.haml
@@ -4,6 +4,12 @@
%label{:for => "proposal_attributes"}= t('.attributes')
= link_to "Raw", proposal_barclamp_path(:id => @proposal.name, :controller => @proposal.barclamp, :dep_raw => @dep_raw, :attr_raw => true), :style => "float: right;"
%div.container
+ %p
+ %label{ :for=> :auth_method }= t('.auth_method')
+ = select_tag :auth_method, options_for_select([["Keystone","keystone"],["Swauth","swauth"]], @proposal.raw_data['attributes'][@proposal.barclamp]["auth_method"]), :onchange => "update_value('auth_method','auth_method','string')"
+ %p
+ %label{ :for => :keystone_instance }= t('.keystone_instance')
+ = instance_selector("keystone", :keystone_instance, "keystone_instance", @proposal)
%p
%label{ :for => :zones }= t('.zones')
%input#zones{:type => "text", :name => "zones", :'data-default' => @proposal.raw_data['attributes'][@proposal.barclamp]["zones"], :onchange => "update_value('zones', 'zones', 'integer')"}
Please sign in to comment.
Something went wrong with that request. Please try again.