openstack/kolla-ansible
Code Issues Proposed changes
f1d3ff11d0
kolla-ansible/ansible/roles/swift/templates/proxy-server.conf.j2
Maksim Malchuk 835920782f Correctly configure S3 Token Middleware for Swift 
According the documentation [1] there need to configure auth_uri in the
[filter:s3token] section instead of www_authenticate_uri which cause an
error 'swift.common.wsgi.ConfigFileError: Invalid auth_uri; must
include scheme and host' during start the swift-proxy-server container.

1. https://docs.openstack.org/swift/ussuri/middleware.html#s3-token-middleware

Change-Id: I6b8f5807ebb746428a501dca13eae30763dede8d
Closes-Bug: 1862765
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-03-10 13:03:35 +00:00

104 lines
2.8 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
bind_ip = {{ api_interface_address }}
bind_port = {{ swift_proxy_server_listen_port }}
log_udp_host = {{ syslog_server }}
log_udp_port = {{ syslog_udp_port }}
log_name = {{ service_name }}
log_facility = {{ syslog_swift_facility }}
log_level = {{ swift_log_level }}
workers = {{ openstack_service_workers }}
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk tempurl ratelimit authtoken {% if enable_swift_s3api | bool %}s3api s3token {% endif %}keystoneauth container_quotas account_quotas slo dlo {% if enable_ceilometer | bool %}ceilometer {% endif %}proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:tempurl]
use = egg:swift#tempurl
[filter:cache]
use = egg:swift#memcache
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ swift_keystone_user }}
password = {{ swift_keystone_password }}
delay_auth_decision = {{ swift_delay_auth_decision }}
cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,{{ keystone_default_user_role }},ResellerAdmin
{% if enable_ceilometer | bool %}
[filter:ceilometer]
paste.filter_factory = ceilometermiddleware.swift:filter_factory
control_exchange = swift
url = {{ notify_transport_url }}
driver = messagingv2
topic = notifications
log_level = WARN
{% endif %}
[filter:container_sync]
use = egg:swift#container_sync
[filter:bulk]
use = egg:swift#bulk
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:account_quotas]
use = egg:swift#account_quotas
[filter:container_quotas]
use = egg:swift#container_quotas
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:versioned_writes]
use = egg:swift#versioned_writes
allow_versioned_writes = True
{% if enable_swift_s3api | bool %}
[filter:s3api]
use = egg:swift#s3api
[filter:s3token]
use = egg:swift#s3token
auth_uri = {{ keystone_internal_url }}/v3
{% endif %}
View Git Blame Copy Permalink