openstack/openstack-ansible
Code Issues Proposed changes

Allow Swift middleware to be set via a variable

Browse Source 
This patch allows the swift-proxy pipeline to be adjusted via a variable
"swift_middleware_list", which can be amended to add additional
middleware as required.

The default remains the same - which is to include the default pipeline
when using keystone.

Additionally the logic around whether "authtoken" or "tempauth" are
enabled was changed to check if these are set in "swift_middleware_list"
without requiring a separate variable. Variable "swift_authtoken_active"
was removed as it is no longer required.

Tempest object storage settings were adjusted to work with the default
list of enabled discoverable_apis for object storage. Container syncing
was also turned into a variable based on the object storage default.

Closes-Bug: #1453276
Co-Authored-By: Julian Montez <julian.montez@gmail.com>
Co-Authored-By: Darren Birkett <darren.birkett@gmail.com>
Change-Id: I70565296242d10327a58b02149f73eb5f31a877d
This commit is contained in:
Andy McCrae 2015-06-26 12:21:47 +01:00 committed by Jesse Pretorius
parent 78d1bb6110
commit 2ed2bde1b0
4 changed files with 42 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
playbooks/roles/os_swift/defaults/main.yml
View File

@ -31,9 +31,30 @@ swift_system_comment: swift system user
swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}" swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"
## Auth token ## Auth token
swift_authtoken_active: True
swift_delay_auth_decision: true swift_delay_auth_decision: true
## Swift middleware
# NB: The order is important!
swift_middleware_list:
- catch_errors
- gatekeeper
- healthcheck
- proxy-logging
# - ceilometer
- cache
- container_sync
- bulk
- tempurl
- ratelimit
- authtoken
- keystoneauth
- container-quotas
- account-quotas
- slo
- dlo
- proxy-logging
- proxy-server
## Swift default ports ## Swift default ports
swift_proxy_port: "8080" swift_proxy_port: "8080"
swift_object_port: "6000" swift_object_port: "6000"

29
playbooks/roles/os_swift/templates/proxy-server.conf.j2
View File

@ -12,19 +12,8 @@ user = {{ swift_system_user_name }}
log_facility = LOG_LOCAL1 log_facility = LOG_LOCAL1
[pipeline:main] [pipeline:main]
{% if swift_authtoken_active %} pipeline = {{ swift_middleware_list | join(' ') }}
{% if swift_ceilometer_enabled %}
pipeline = catch_errors gatekeeper healthcheck proxy-logging ceilometer cache container_sync bulk tempurl ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo proxy-server
{% else %}
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo proxy-logging proxy-server
{% endif %}
{% else %}
{% if swift_ceilometer_enabled %}
pipeline = catch_errors gatekeeper healthcheck proxy-logging ceilometer cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-server
{% else %}
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-logging proxy-server
{% endif %}
{% endif %}
[app:proxy-server] [app:proxy-server]
use = egg:swift#proxy use = egg:swift#proxy
log_facility = LOG_LOCAL1 log_facility = LOG_LOCAL1
@ -43,18 +32,18 @@ write_affinity_node_count = {{ swift_proxy_vars.write_affinity_node_count }}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if 'tempauth' in swift_middleware_list %}
[filter:tempauth] [filter:tempauth]
use = egg:swift#tempauth use = egg:swift#tempauth
{% if not swift_authtoken_active %}
user_admin_admin = admin .admin .reseller_admin user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3 user_test_tester3 = testing3
{% endif %}
{% elif swift_authtoken_active %} {% if 'authtoken' in swift_middleware_list %}
[filter:authtoken] [filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory paste.filter_factory = keystonemiddleware.auth_token:filter_factory
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ swift_keystone_auth_plugin }} auth_plugin = {{ swift_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }} auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }} auth_uri = {{ keystone_service_internaluri }}
@ -66,16 +55,17 @@ password = {{ swift_service_password }}
delay_auth_decision = {{ swift_delay_auth_decision }} delay_auth_decision = {{ swift_delay_auth_decision }}
{% endif %} {% endif %}
{% if 'keystoneauth' in swift_middleware_list %}
[filter:keystoneauth] [filter:keystoneauth]
use = egg:swift#keystoneauth use = egg:swift#keystoneauth
{% if swift_allow_all_users is defined and swift_allow_all_users == True %} {% if swift_allow_all_users is defined and swift_allow_all_users == True %}
{% if swift_ceilometer_enabled %} {% if 'ceilometer' in swift_middleware_list %}
operator_roles = admin, swiftoperator, _member_, ResellerAdmin operator_roles = admin, swiftoperator, _member_, ResellerAdmin
{% else %} {% else %}
operator_roles = admin, swiftoperator, _member_ operator_roles = admin, swiftoperator, _member_
{% endif %} {% endif %}
{% else %} {% else %}
{% if swift_ceilometer_enabled %} {% if 'ceilometer' in swift_middleware_list %}
operator_roles = admin, swiftoperator, ResellerAdmin operator_roles = admin, swiftoperator, ResellerAdmin
{% else %} {% else %}
operator_roles = admin, swiftoperator operator_roles = admin, swiftoperator
@ -83,6 +73,7 @@ operator_roles = admin, swiftoperator
{% endif %} {% endif %}
# The reseller admin role has the ability to create and delete accounts # The reseller admin role has the ability to create and delete accounts
reseller_admin_role = reseller_admin reseller_admin_role = reseller_admin
{% endif %}
[filter:healthcheck] [filter:healthcheck]
use = egg:swift#healthcheck use = egg:swift#healthcheck
@ -146,7 +137,7 @@ use = egg:swift#container_sync
[filter:xprofile] [filter:xprofile]
use = egg:swift#xprofile use = egg:swift#xprofile
{% if swift_ceilometer_enabled %} {% if 'ceilometer' in swift_middleware_list %}
[filter:ceilometer] [filter:ceilometer]
paste.filter_factory = ceilometermiddleware.swift:filter_factory paste.filter_factory = ceilometermiddleware.swift:filter_factory
control_exchange = swift control_exchange = swift

8
playbooks/roles/os_tempest/defaults/main.yml
View File

@ -56,7 +56,15 @@ tempest_boto_s3_url: "http://{{ external_lb_vip_address }}:3333"
tempest_boto_ec2_url: "http://{{ external_lb_vip_address }}:8773/services/Cloud" tempest_boto_ec2_url: "http://{{ external_lb_vip_address }}:8773/services/Cloud"
tempest_swift_enabled: true tempest_swift_enabled: true
tempest_swift_container_sync: True
tempest_swift_object_versioning: True tempest_swift_object_versioning: True
tempest_swift_discoverable_apis:
- bulk
- object
- container_quotas
- container_sync
- slo
- tempurl
tempest_volume_backup_enabled: False tempest_volume_backup_enabled: False

4
playbooks/roles/os_tempest/templates/tempest.conf.j2
View File

@ -172,9 +172,9 @@ reseller_admin_role = reseller_admin
[object-storage-feature-enabled] [object-storage-feature-enabled]
container_sync = false container_sync = {{ tempest_swift_container_sync }}
object_versioning = {{ tempest_swift_object_versioning }} object_versioning = {{ tempest_swift_object_versioning }}
discoverable_apis = all discoverable_apis = {{ tempest_swift_discoverable_apis | join(' ') }}
[orchestration] [orchestration]