Support keystone v3 domains in swift-dispersion

This provides the capability to specify a project_name,
project_domain_name and user_domain_name in /etc/swift/dispersion.conf.
If this values are set in dispersion.conf they get populated to the
swift-client.  With this it is possible to have a specific dispersion
project specified, which is not the keystone default domain.  Changes
were applied to swift-dispersion-populate and swift-dispersion-report.
Relevant man pages, the example dispersion.conf and the admin guide were
updated accordingly.

DocImpact
Closes-Bug: #1468374

Change-Id: I0e716f8d281b4d0f510bc568bcee4a13fc480ff7
This commit is contained in:
Falk Reimann 2015-06-24 16:54:02 +02:00 committed by Ian Cordasco
parent 5370526b57
commit 363a256e58
7 changed files with 46 additions and 2 deletions

View File

@ -119,6 +119,9 @@ Usage: %%prog [options] [conf_file]
retries = int(conf.get('retries', 5)) retries = int(conf.get('retries', 5))
concurrency = int(conf.get('concurrency', 25)) concurrency = int(conf.get('concurrency', 25))
endpoint_type = str(conf.get('endpoint_type', 'publicURL')) endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
user_domain_name = str(conf.get('user_domain_name', ''))
project_domain_name = str(conf.get('project_domain_name', ''))
project_name = str(conf.get('project_name', ''))
insecure = options.insecure \ insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no')) or config_true_value(conf.get('keystone_api_insecure', 'no'))
container_populate = config_true_value( container_populate = config_true_value(
@ -133,6 +136,12 @@ Usage: %%prog [options] [conf_file]
retries_done = 0 retries_done = 0
os_options = {'endpoint_type': endpoint_type} os_options = {'endpoint_type': endpoint_type}
if user_domain_name:
os_options['user_domain_name'] = user_domain_name
if project_domain_name:
os_options['project_domain_name'] = project_domain_name
if project_name:
os_options['project_name'] = project_name
url, token = get_auth(conf['auth_url'], conf['auth_user'], url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'], conf['auth_key'],

View File

@ -344,6 +344,9 @@ Usage: %%prog [options] [conf_file]
and not options.container_only and not options.container_only
if not (object_report or container_report): if not (object_report or container_report):
exit("Neither container or object report is set to run") exit("Neither container or object report is set to run")
user_domain_name = str(conf.get('user_domain_name', ''))
project_domain_name = str(conf.get('project_domain_name', ''))
project_name = str(conf.get('project_name', ''))
insecure = options.insecure \ insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no')) or config_true_value(conf.get('keystone_api_insecure', 'no'))
if options.debug: if options.debug:
@ -352,6 +355,12 @@ Usage: %%prog [options] [conf_file]
coropool = GreenPool(size=concurrency) coropool = GreenPool(size=concurrency)
os_options = {'endpoint_type': endpoint_type} os_options = {'endpoint_type': endpoint_type}
if user_domain_name:
os_options['user_domain_name'] = user_domain_name
if project_domain_name:
os_options['project_domain_name'] = project_domain_name
if project_name:
os_options['project_name'] = project_name
url, token = get_auth(conf['auth_url'], conf['auth_user'], url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'], conf['auth_key'],

View File

@ -44,6 +44,12 @@ Authentication system URL
Authentication system account/user name Authentication system account/user name
.IP "\fBauth_key\fR" .IP "\fBauth_key\fR"
Authentication system account/user password Authentication system account/user password
.IP "\fBproject_name\fR"
Project name in case of keystone auth version 3
.IP "\fBproject_domain_name\fR"
Project domain name in case of keystone auth version 3
.IP "\fBuser_domain_name\fR"
User domain name in case of keystone auth version 3
.IP "\fBswift_dir\fR" .IP "\fBswift_dir\fR"
Location of openstack-swift configuration and ring files Location of openstack-swift configuration and ring files
.IP "\fBdispersion_coverage\fR" .IP "\fBdispersion_coverage\fR"
@ -70,6 +76,9 @@ Whether to run the object report. The default is yes.
.IP "auth_key = dpstats" .IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift" .IP "swift_dir = /etc/swift"
.IP "# keystone_api_insecure = no" .IP "# keystone_api_insecure = no"
.IP "# project_name = dpstats"
.IP "# project_domain_name = default"
.IP "# user_domain_name = default"
.IP "# dispersion_coverage = 1.0" .IP "# dispersion_coverage = 1.0"
.IP "# retries = 5" .IP "# retries = 5"
.IP "# concurrency = 25" .IP "# concurrency = 25"

View File

@ -85,6 +85,9 @@ Example \fI/etc/swift/dispersion.conf\fR:
.IP "auth_user = dpstats:dpstats" .IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats" .IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift" .IP "swift_dir = /etc/swift"
.IP "# project_name = dpstats"
.IP "# project_domain_name = default"
.IP "# user_domain_name = default"
.IP "# dispersion_coverage = 1.0" .IP "# dispersion_coverage = 1.0"
.IP "# retries = 5" .IP "# retries = 5"
.IP "# concurrency = 25" .IP "# concurrency = 25"

View File

@ -101,6 +101,9 @@ Example \fI/etc/swift/dispersion.conf\fR:
.IP "auth_user = dpstats:dpstats" .IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats" .IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift" .IP "swift_dir = /etc/swift"
.IP "# project_name = dpstats"
.IP "# project_domain_name = default"
.IP "# user_domain_name = default"
.IP "# dispersion_coverage = 1.0" .IP "# dispersion_coverage = 1.0"
.IP "# retries = 5" .IP "# retries = 5"
.IP "# concurrency = 25" .IP "# concurrency = 25"

View File

@ -270,7 +270,8 @@ configuration file, /etc/swift/dispersion.conf. Example conf file::
There are also options for the conf file for specifying the dispersion coverage There are also options for the conf file for specifying the dispersion coverage
(defaults to 1%), retries, concurrency, etc. though usually the defaults are (defaults to 1%), retries, concurrency, etc. though usually the defaults are
fine. fine. If you want to use keystone v3 for authentication there are options like
auth_version, user_domain_name, project_domain_name and project_name.
Once the configuration is in place, run `swift-dispersion-populate` to populate Once the configuration is in place, run `swift-dispersion-populate` to populate
the containers and objects throughout the cluster. the containers and objects throughout the cluster.

View File

@ -13,6 +13,16 @@ auth_key = testing
# auth_key = password # auth_key = password
# auth_version = 2.0 # auth_version = 2.0
# #
# NOTE: If you want to use keystone (auth version 3.0), then its configuration
# would look something like:
# auth_url = http://localhost:5000/v3/
# auth_user = user
# auth_key = password
# auth_version = 3.0
# project_name = project
# project_domain_name = project_domain
# user_domain_name = user_domain
#
# endpoint_type = publicURL # endpoint_type = publicURL
# keystone_api_insecure = no # keystone_api_insecure = no
# #