devstack/lib/swift
Brant Knudson 0595237e8a Function for auth_token middleware config
Each project was configuring the auth_token middleware using several
lines of inisets. Since all the projects should configure the
auth_token middleware in the same way create a function and call it.

Change-Id: I3b6727d5a3bdc0ca600d8faa23bc6db32bb32260
2014-09-21 11:18:01 -05:00

725 lines
30 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# lib/swift
# Functions to control the configuration and operation of the **Swift** service
# Dependencies:
#
# - ``functions`` file
# - ``apache`` file
# - ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
# - ``STACK_USER`` must be defined
# - ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
# - ``lib/keystone`` file
#
# ``stack.sh`` calls the entry points in this order:
#
# - install_swift
# - _config_swift_apache_wsgi
# - configure_swift
# - init_swift
# - start_swift
# - stop_swift
# - cleanup_swift
# - _cleanup_swift_apache_wsgi
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
# Set up default directories
SWIFT_DIR=$DEST/swift
SWIFTCLIENT_DIR=$DEST/python-swiftclient
SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
SWIFT3_DIR=$DEST/swift3
# TODO: add logging to different location.
# Set ``SWIFT_DATA_DIR`` to the location of swift drives and objects.
# Default is the common DevStack data directory.
SWIFT_DATA_DIR=${SWIFT_DATA_DIR:-${DATA_DIR}/swift}
SWIFT_DISK_IMAGE=${SWIFT_DATA_DIR}/drives/images/swift.img
# Set ``SWIFT_CONF_DIR`` to the location of the configuration files.
# Default is ``/etc/swift``.
# TODO(dtroyer): remove SWIFT_CONFIG_DIR after cutting stable/grizzly
SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-${SWIFT_CONFIG_DIR:-/etc/swift}}
if is_service_enabled s-proxy && is_service_enabled swift3; then
# If we are using swift3, we can default the s3 port to swift instead
# of nova-objectstore
S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
fi
# DevStack will create a loop-back disk formatted as XFS to store the
# swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in
# kilobytes.
# Default is 1 gigabyte.
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=1G
# if tempest enabled the default size is 6 Gigabyte.
if is_service_enabled tempest; then
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=${SWIFT_LOOPBACK_DISK_SIZE:-6G}
fi
SWIFT_LOOPBACK_DISK_SIZE=${SWIFT_LOOPBACK_DISK_SIZE:-$SWIFT_LOOPBACK_DISK_SIZE_DEFAULT}
# Set ``SWIFT_EXTRAS_MIDDLEWARE`` to extras middlewares.
# Default is ``staticweb, formpost``
SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-formpost staticweb}
# Set ``SWIFT_EXTRAS_MIDDLEWARE_LAST`` to extras middlewares that need to be at
# the end of the pipeline.
SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST}
# Set ``SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH`` to extras middlewares that need to be at
# the beginning of the pipeline, before authentication middlewares.
SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH=${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH:-crossdomain}
# The ring uses a configurable number of bits from a paths MD5 hash as
# a partition index that designates a device. The number of bits kept
# from the hash is known as the partition power, and 2 to the partition
# power indicates the partition count. Partitioning the full MD5 hash
# ring allows other parts of the cluster to work in batches of items at
# once which ends up either more efficient or at least less complex than
# working with each item separately or the entire cluster all at once.
# By default we define 9 for the partition count (which mean 512).
SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}
# Set ``SWIFT_REPLICAS`` to configure how many replicas are to be
# configured for your Swift cluster. By default we are configuring
# only one replica since this is way less CPU and memory intensive. If
# you are planning to test swift replication you may want to set this
# up to 3.
SWIFT_REPLICAS=${SWIFT_REPLICAS:-1}
SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
# Set ``SWIFT_LOG_TOKEN_LENGTH`` to configure how many characters of an auth
# token should be placed in the logs. When keystone is used with PKI tokens,
# the token values can be huge, seemingly larger the 2K, at the least. We
# restrict it here to a default of 12 characters, which should be enough to
# trace through the logs when looking for its use.
SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximun length of headers in
# Swift API
SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
# Port bases used in port number calclution for the service "nodes"
# The specified port number will be used, the additinal ports calculated by
# base_port + node_num * 10
OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6013}
CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6011}
ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012}
# Enable tempurl feature
SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False}
SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY}
# Tell Tempest this project is present
TEMPEST_SERVICES+=,swift
# Toggle for deploying Keystone under HTTPD + mod_wsgi
SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
# Functions
# ---------
# Test if any Swift services are enabled
# is_swift_enabled
function is_swift_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"s-" ]] && return 0
return 1
}
# cleanup_swift() - Remove residual data files
function cleanup_swift {
rm -f ${SWIFT_CONF_DIR}{*.builder,*.ring.gz,backups/*.builder,backups/*.ring.gz}
if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
fi
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
rm ${SWIFT_DISK_IMAGE}
fi
rm -rf ${SWIFT_DATA_DIR}/run/
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
_cleanup_swift_apache_wsgi
fi
}
# _cleanup_swift_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
function _cleanup_swift_apache_wsgi {
sudo rm -f $SWIFT_APACHE_WSGI_DIR/*.wsgi
disable_apache_site proxy-server
local node_number type
for node_number in ${SWIFT_REPLICAS_SEQ}; do
for type in object container account; do
local site_name=${type}-server-${node_number}
disable_apache_site ${site_name}
sudo rm -f $(apache_site_config_for ${site_name})
done
done
}
# _config_swift_apache_wsgi() - Set WSGI config files of Swift
function _config_swift_apache_wsgi {
sudo mkdir -p ${SWIFT_APACHE_WSGI_DIR}
local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080}
# copy proxy vhost and wsgi file
sudo cp ${SWIFT_DIR}/examples/apache2/proxy-server.template $(apache_site_config_for proxy-server)
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$proxy_port/g;
s/%SERVICENAME%/proxy-server/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i $(apache_site_config_for proxy-server)
enable_apache_site proxy-server
sudo cp ${SWIFT_DIR}/examples/wsgi/proxy-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/proxy-server.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
# copy apache vhost file and set name and port
local node_number
for node_number in ${SWIFT_REPLICAS_SEQ}; do
local object_port=$[OBJECT_PORT_BASE + 10 * ($node_number - 1)]
local container_port=$[CONTAINER_PORT_BASE + 10 * ($node_number - 1)]
local account_port=$[ACCOUNT_PORT_BASE + 10 * ($node_number - 1)]
sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template $(apache_site_config_for object-server-${node_number})
sudo sed -e "
s/%PORT%/$object_port/g;
s/%SERVICENAME%/object-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i $(apache_site_config_for object-server-${node_number})
enable_apache_site object-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/object-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/object-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
sudo cp ${SWIFT_DIR}/examples/apache2/container-server.template $(apache_site_config_for container-server-${node_number})
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$container_port/g;
s/%SERVICENAME%/container-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i $(apache_site_config_for container-server-${node_number})
enable_apache_site container-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/container-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/container-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
sudo cp ${SWIFT_DIR}/examples/apache2/account-server.template $(apache_site_config_for account-server-${node_number})
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$account_port/g;
s/%SERVICENAME%/account-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i $(apache_site_config_for account-server-${node_number})
enable_apache_site account-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/account-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/account-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
done
}
# This function generates an object/container/account configuration
# emulating 4 nodes on different ports
function generate_swift_config {
local swift_node_config=$1
local node_id=$2
local bind_port=$3
local server_type=$4
log_facility=$[ node_id - 1 ]
local node_path=${SWIFT_DATA_DIR}/${node_number}
iniuncomment ${swift_node_config} DEFAULT user
iniset ${swift_node_config} DEFAULT user ${STACK_USER}
iniuncomment ${swift_node_config} DEFAULT bind_port
iniset ${swift_node_config} DEFAULT bind_port ${bind_port}
iniuncomment ${swift_node_config} DEFAULT swift_dir
iniset ${swift_node_config} DEFAULT swift_dir ${SWIFT_CONF_DIR}
iniuncomment ${swift_node_config} DEFAULT devices
iniset ${swift_node_config} DEFAULT devices ${node_path}
iniuncomment ${swift_node_config} DEFAULT log_facility
iniset ${swift_node_config} DEFAULT log_facility LOG_LOCAL${log_facility}
iniuncomment ${swift_node_config} DEFAULT workers
iniset ${swift_node_config} DEFAULT workers ${API_WORKERS:-1}
iniuncomment ${swift_node_config} DEFAULT disable_fallocate
iniset ${swift_node_config} DEFAULT disable_fallocate true
iniuncomment ${swift_node_config} DEFAULT mount_check
iniset ${swift_node_config} DEFAULT mount_check false
iniuncomment ${swift_node_config} ${server_type}-replicator vm_test_mode
iniset ${swift_node_config} ${server_type}-replicator vm_test_mode yes
}
# configure_swift() - Set config files, create data dirs and loop image
function configure_swift {
local swift_pipeline="${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH}"
local node_number
local swift_node_config
local swift_log_dir
# Make sure to kill all swift processes first
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
sudo mkdir -p ${SWIFT_CONF_DIR}/{object,container,account}-server
sudo chown -R ${STACK_USER}: ${SWIFT_CONF_DIR}
if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then
# Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed.
# Create a symlink if the config dir is moved
sudo ln -sf ${SWIFT_CONF_DIR} /etc/swift
fi
# Swift use rsync to synchronize between all the different
# partitions (which make more sense when you have a multi-node
# setup) we configure it with our version of rsync.
sed -e "
s/%GROUP%/${USER_GROUP}/;
s/%USER%/${STACK_USER}/;
s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,;
" $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf
# rsyncd.conf just prepared for 4 nodes
if is_ubuntu; then
sudo sed -i '/^RSYNC_ENABLE=false/ { s/false/true/ }' /etc/default/rsync
elif [ -e /etc/xinetd.d/rsync ]; then
sudo sed -i '/disable *= *yes/ { s/yes/no/ }' /etc/xinetd.d/rsync
fi
SWIFT_CONFIG_PROXY_SERVER=${SWIFT_CONF_DIR}/proxy-server.conf
cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER}
cp ${SWIFT_DIR}/etc/container-sync-realms.conf-sample ${SWIFT_CONF_DIR}/container-sync-realms.conf
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT workers
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT workers 1
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level DEBUG
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080}
# Devstack is commonly run in a small slow environment, so bump the
# timeouts up.
# node_timeout is how long between read operations a node takes to
# respond to the proxy server
# conn_timeout is all about how long it takes a connect() system call to
# return
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server node_timeout 120
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server conn_timeout 20
# Configure Ceilometer
if is_service_enabled ceilometer; then
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer "set log_level" "WARN"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer use "egg:ceilometer#swift"
SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
fi
# Restrict the length of auth tokens in the swift proxy-server logs.
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:proxy-logging reveal_sensitive_prefix ${SWIFT_LOG_TOKEN_LENGTH}
# By default Swift will be installed with keystone and tempauth middleware
# and add the swift3 middleware if its configured for it. The token for
# tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the
# token for keystoneauth would have the standard reseller_prefix `AUTH_`
if is_service_enabled swift3;then
swift_pipeline+=" swift3 s3token "
fi
if is_service_enabled key;then
swift_pipeline+=" authtoken keystoneauth"
fi
swift_pipeline+=" tempauth "
sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
# Configure Crossdomain
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
# Configure Keystone
sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
# This causes the authtoken middleware to use the same python logging
# adapter provided by the swift proxy-server, so that request transaction
# IDs will included in all of its log messages.
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
if is_service_enabled swift3; then
cat <<EOF >>${SWIFT_CONFIG_PROXY_SERVER}
# NOTE(chmou): s3token middleware is not updated yet to use only
# username and password.
[filter:s3token]
paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory
auth_port = ${KEYSTONE_AUTH_PORT}
auth_host = ${KEYSTONE_AUTH_HOST}
auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
cafile = ${KEYSTONE_SSL_CA}
auth_token = ${SERVICE_TOKEN}
admin_token = ${SERVICE_TOKEN}
[filter:swift3]
use = egg:swift3#swift3
EOF
fi
cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf
iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH}
iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_header_size ${SWIFT_MAX_HEADER_SIZE}
local node_number
for node_number in ${SWIFT_REPLICAS_SEQ}; do
local swift_node_config=${SWIFT_CONF_DIR}/object-server/${node_number}.conf
cp ${SWIFT_DIR}/etc/object-server.conf-sample ${swift_node_config}
generate_swift_config ${swift_node_config} ${node_number} $(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) object
iniset ${swift_node_config} filter:recon recon_cache_path ${SWIFT_DATA_DIR}/cache
# Using a sed and not iniset/iniuncomment because we want to a global
# modification and make sure it works for new sections.
sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config}
swift_node_config=${SWIFT_CONF_DIR}/container-server/${node_number}.conf
cp ${SWIFT_DIR}/etc/container-server.conf-sample ${swift_node_config}
generate_swift_config ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container
iniuncomment ${swift_node_config} app:container-server allow_versions
iniset ${swift_node_config} app:container-server allow_versions "true"
sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config}
swift_node_config=${SWIFT_CONF_DIR}/account-server/${node_number}.conf
cp ${SWIFT_DIR}/etc/account-server.conf-sample ${swift_node_config}
generate_swift_config ${swift_node_config} ${node_number} $(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) account
sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config}
done
# Set new accounts in tempauth to match keystone tenant/user (to make testing easier)
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest1 "testing .admin"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest2_swiftusertest2 "testing2 .admin"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest3 "testing3 .admin"
testfile=${SWIFT_CONF_DIR}/test.conf
cp ${SWIFT_DIR}/test/sample.conf ${testfile}
# Set accounts for functional tests
iniset ${testfile} func_test account swifttenanttest1
iniset ${testfile} func_test username swiftusertest1
iniset ${testfile} func_test username3 swiftusertest3
iniset ${testfile} func_test account2 swifttenanttest2
iniset ${testfile} func_test username2 swiftusertest2
if is_service_enabled key;then
iniuncomment ${testfile} func_test auth_version
iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
iniset ${testfile} func_test auth_prefix /v2.0/
fi
local swift_log_dir=${SWIFT_DATA_DIR}/logs
rm -rf ${swift_log_dir}
mkdir -p ${swift_log_dir}/hourly
sudo chown -R ${STACK_USER}:adm ${swift_log_dir}
if [[ $SYSLOG != "False" ]]; then
sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \
tee /etc/rsyslog.d/10-swift.conf
# restart syslog to take the changes
sudo killall -HUP rsyslogd
fi
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
_config_swift_apache_wsgi
fi
}
# create_swift_disk - Create Swift backing disk
function create_swift_disk {
local node_number
# First do a bit of setup by creating the directories and
# changing the permissions so we can run it as our user.
local user_group=$(id -g ${STACK_USER})
sudo mkdir -p ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
sudo chown -R ${STACK_USER}:${user_group} ${SWIFT_DATA_DIR}
# Create a loopback disk and format it to XFS.
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
sudo rm -f ${SWIFT_DISK_IMAGE}
fi
fi
mkdir -p ${SWIFT_DATA_DIR}/drives/images
sudo touch ${SWIFT_DISK_IMAGE}
sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
# Make a fresh XFS filesystem
/sbin/mkfs.xfs -f -i size=1024 ${SWIFT_DISK_IMAGE}
# Mount the disk with mount options to make it as efficient as possible
mkdir -p ${SWIFT_DATA_DIR}/drives/sdb1
if ! egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
sudo mount -t xfs -o loop,noatime,nodiratime,nobarrier,logbufs=8 \
${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1
fi
# Create a link to the above mount and
# create all of the directories needed to emulate a few different servers
local node_number
for node_number in ${SWIFT_REPLICAS_SEQ}; do
sudo ln -sf ${SWIFT_DATA_DIR}/drives/sdb1/$node_number ${SWIFT_DATA_DIR}/$node_number;
local drive=${SWIFT_DATA_DIR}/drives/sdb1/${node_number}
local node=${SWIFT_DATA_DIR}/${node_number}/node
local node_device=${node}/sdb1
[[ -d $node ]] && continue
[[ -d $drive ]] && continue
sudo install -o ${STACK_USER} -g $user_group -d $drive
sudo install -o ${STACK_USER} -g $user_group -d $node_device
sudo chown -R ${STACK_USER}: ${node}
done
}
# create_swift_accounts() - Set up standard swift accounts and extra
# one for tests we do this by attaching all words in the account name
# since we want to make it compatible with tempauth which use
# underscores for separators.
# Tenant User Roles
# ------------------------------------------------------------------
# service swift service
# swifttenanttest1 swiftusertest1 admin
# swifttenanttest1 swiftusertest3 anotherrole
# swifttenanttest2 swiftusertest2 admin
function create_swift_accounts {
# Defines specific passwords used by tools/create_userrc.sh
local swiftusertest1_password=testing
local swiftusertest2_password=testing2
local swiftusertest3_password=testing3
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
local swift_user=$(get_or_create_user "swift" \
"$SERVICE_PASSWORD" $service_tenant)
get_or_add_user_role $admin_role $swift_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
local swift_service=$(get_or_create_service "swift" \
"object-store" "Swift Service")
get_or_create_endpoint $swift_service \
"$REGION_NAME" \
"http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
"http://$SERVICE_HOST:8080" \
"http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
fi
local swift_tenant_test1=$(get_or_create_project swifttenanttest1)
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
"$swift_tenant_test1" "test@example.com")
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
get_or_add_user_role $admin_role $SWIFT_USER_TEST1 $swift_tenant_test1
local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
"$swift_tenant_test1" "test3@example.com")
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
get_or_add_user_role $another_role $swift_user_test3 $swift_tenant_test1
local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
"$swift_tenant_test2" "test2@example.com")
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
}
# init_swift() - Initialize rings
function init_swift {
local node_number
# Make sure to kill all swift processes first
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
# Forcibly re-create the backing filesystem
create_swift_disk
# This is where we create three different rings for swift with
# different object servers binding on different ports.
pushd ${SWIFT_CONF_DIR} >/dev/null && {
rm -f *.builder *.ring.gz backups/*.builder backups/*.ring.gz
swift-ring-builder object.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
swift-ring-builder container.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
swift-ring-builder account.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
for node_number in ${SWIFT_REPLICAS_SEQ}; do
swift-ring-builder object.builder add z${node_number}-127.0.0.1:$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
swift-ring-builder container.builder add z${node_number}-127.0.0.1:$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
swift-ring-builder account.builder add z${node_number}-127.0.0.1:$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
done
swift-ring-builder object.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder account.builder rebalance
} && popd >/dev/null
# Create cache dir
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
rm -f $SWIFT_AUTH_CACHE_DIR/*
}
function install_swift {
git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH
setup_develop $SWIFT_DIR
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
install_apache_wsgi
fi
}
function install_swiftclient {
git_clone $SWIFTCLIENT_REPO $SWIFTCLIENT_DIR $SWIFTCLIENT_BRANCH
setup_develop $SWIFTCLIENT_DIR
}
# start_swift() - Start running processes, including screen
function start_swift {
# (re)start memcached to make sure we have a clean memcache.
restart_service memcached
# Start rsync
if is_ubuntu; then
sudo /etc/init.d/rsync restart || :
elif [ -e /etc/xinetd.d/rsync ]; then
start_service xinetd
else
start_service rsyncd
fi
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
restart_apache_server
swift-init --run-dir=${SWIFT_DATA_DIR}/run rest start
tail_log s-proxy /var/log/$APACHE_NAME/proxy-server
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do
tail_log s-${type} /var/log/$APACHE_NAME/${type}-server-1
done
fi
return 0
fi
# By default with only one replica we are launching the proxy,
# container, account and object server in screen in foreground and
# other services in background. If we have SWIFT_REPLICAS set to something
# greater than one we first spawn all the swift services then kill the proxy
# service so we can run it in foreground in screen. ``swift-init ...
# {stop|restart}`` exits with '1' if no servers are running, ignore it just
# in case
local todo type
swift-init --run-dir=${SWIFT_DATA_DIR}/run all restart || true
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
todo="object container account"
fi
for type in proxy ${todo}; do
swift-init --run-dir=${SWIFT_DATA_DIR}/run ${type} stop || true
done
run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do
run_process s-${type} "$SWIFT_DIR/bin/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
done
fi
if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then
swift_configure_tempurls
fi
}
# stop_swift() - Stop running processes (non-screen)
function stop_swift {
local type
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
swift-init --run-dir=${SWIFT_DATA_DIR}/run rest stop && return 0
fi
# screen normally killed by unstack.sh
if type -p swift-init >/dev/null; then
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
fi
# Dump all of the servers
# Maintain the iteration as stop_process() has some desirable side-effects
for type in proxy object container account; do
stop_process s-${type}
done
# Blast out any stragglers
pkill -f swift-
}
function swift_configure_tempurls {
OS_USERNAME=swift \
OS_TENANT_NAME=$SERVICE_TENANT_NAME \
OS_PASSWORD=$SERVICE_PASSWORD \
swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
}
# Restore xtrace
$XTRACE
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: