openstack/swift
Code Issues Proposed changes

Allow dispersion tools to use keystone server with insecure certificate

Browse Source 
The swift-dispersion-populate and swift-dispersion-report tools now
accept a --insecure option.

Also, dispersion.conf now has a keystone_api_insecure option.

Default is obviously to use the secure path.

DocImpact

Change-Id: I4000352e547d9ce5b08ade54e0c886281caff891
This commit is contained in:
Vincent Untz 2013-07-12 08:11:27 +02:00
parent 657a0e4e26
commit 7f1aa9d1e8
6 changed files with 53 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
bin/swift-dispersion-populate
View File

@ -17,7 +17,8 @@
import traceback import traceback
from ConfigParser import ConfigParser from ConfigParser import ConfigParser
from cStringIO import StringIO from cStringIO import StringIO
from sys import exit, argv, stdout from optparse import OptionParser
from sys import exit, stdout
from time import time from time import time
from uuid import uuid4 from uuid import uuid4
@ -26,7 +27,10 @@ from eventlet.pools import Pool
from swiftclient import Connection, get_auth from swiftclient import Connection, get_auth
from swift.common.ring import Ring from swift.common.ring import Ring
from swift.common.utils import compute_eta, get_time_units from swift.common.utils import compute_eta, get_time_units, config_true_value
insecure = False
def put_container(connpool, container, report): def put_container(connpool, container, report):
@ -78,10 +82,19 @@ if __name__ == '__main__':
patcher.monkey_patch() patcher.monkey_patch()
conffile = '/etc/swift/dispersion.conf' conffile = '/etc/swift/dispersion.conf'
if len(argv) == 2:
conffile = argv[1] parser = OptionParser(usage='''
elif len(argv) > 2: Usage: %%prog [options] [conf_file]
exit('Syntax: %s [conffile]' % argv[0])
[conf_file] defaults to %s'''.strip() % conffile)
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
conffile = args.pop(0)
c = ConfigParser() c = ConfigParser()
if not c.read(conffile): if not c.read(conffile):
exit('Unable to read config file: %s' % conffile) exit('Unable to read config file: %s' % conffile)
@ -91,6 +104,8 @@ if __name__ == '__main__':
retries = int(conf.get('retries', 5)) retries = int(conf.get('retries', 5))
concurrency = int(conf.get('concurrency', 25)) concurrency = int(conf.get('concurrency', 25))
endpoint_type = str(conf.get('endpoint_type', 'publicURL')) endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
coropool = GreenPool(size=concurrency) coropool = GreenPool(size=concurrency)
retries_done = 0 retries_done = 0
@ -100,14 +115,16 @@ if __name__ == '__main__':
url, token = get_auth(conf['auth_url'], conf['auth_user'], url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'], conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'), auth_version=conf.get('auth_version', '1.0'),
os_options=os_options) os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1] account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency) connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(conf['auth_url'], connpool.create = lambda: Connection(conf['auth_url'],
conf['auth_user'], conf['auth_key'], conf['auth_user'], conf['auth_key'],
retries=retries, retries=retries,
preauthurl=url, preauthtoken=token, preauthurl=url, preauthtoken=token,
os_options=os_options) os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container') container_ring = Ring(swift_dir, ring_name='container')
parts_left = dict((x, x) for x in xrange(container_ring.partition_count)) parts_left = dict((x, x) for x in xrange(container_ring.partition_count))

12
bin/swift-dispersion-report
View File

@ -37,6 +37,7 @@ unmounted = []
notfound = [] notfound = []
json_output = False json_output = False
debug = False debug = False
insecure = False
def get_error_log(prefix): def get_error_log(prefix):
@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file]
help='Only run container report') help='Only run container report')
parser.add_option('--object-only', action='store_true', default=False, parser.add_option('--object-only', action='store_true', default=False,
help='Only run object report') help='Only run object report')
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args() options, args = parser.parse_args()
if args: if args:
@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file]
and not options.container_only and not options.container_only
if not (object_report or container_report): if not (object_report or container_report):
exit("Neither container or object report is set to run") exit("Neither container or object report is set to run")
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
if options.debug: if options.debug:
debug = True debug = True
@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file]
url, token = get_auth(conf['auth_url'], conf['auth_user'], url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'], conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'), auth_version=conf.get('auth_version', '1.0'),
os_options=os_options) os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1] account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency) connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection( connpool.create = lambda: Connection(
conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries, conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
preauthurl=url, preauthtoken=token, os_options=os_options) preauthurl=url, preauthtoken=token, os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container') container_ring = Ring(swift_dir, ring_name='container')
object_ring = Ring(swift_dir, ring_name='object') object_ring = Ring(swift_dir, ring_name='object')

1
doc/manpages/dispersion.conf.5
View File

@ -69,6 +69,7 @@ Whether to run the object report. The default is yes.
.IP "auth_user = dpstats:dpstats" .IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats" .IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift" .IP "swift_dir = /etc/swift"
.IP "# keystone_api_insecure = no"
.IP "# dispersion_coverage = 1.0" .IP "# dispersion_coverage = 1.0"
.IP "# retries = 5" .IP "# retries = 5"
.IP "# concurrency = 25" .IP "# concurrency = 25"

9
doc/manpages/swift-dispersion-populate.1
View File

@ -24,7 +24,7 @@
.SH SYNOPSIS .SH SYNOPSIS
.LP .LP
.B swift-dispersion-populate .B swift-dispersion-populate [--insecure] [conf_file]
.SH DESCRIPTION .SH DESCRIPTION
.PP .PP
@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
tool should be a dedicated account for the dispersion stats and also have admin tool should be a dedicated account for the dispersion stats and also have admin
privileges. privileges.
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION .SH CONFIGURATION
.PD 0 .PD 0
Example \fI/etc/swift/dispersion.conf\fR: Example \fI/etc/swift/dispersion.conf\fR:

9
doc/manpages/swift-dispersion-report.1
View File

@ -24,7 +24,7 @@
.SH SYNOPSIS .SH SYNOPSIS
.LP .LP
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file] .B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]
.SH DESCRIPTION .SH DESCRIPTION
.PP .PP
@ -84,6 +84,13 @@ Only run the container report
.IP "\fB--object-only\fR" .IP "\fB--object-only\fR"
Only run the object report Only run the object report
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION .SH CONFIGURATION
.PD 0 .PD 0
Example \fI/etc/swift/dispersion.conf\fR: Example \fI/etc/swift/dispersion.conf\fR:

1
etc/dispersion.conf-sample
View File

@ -7,6 +7,7 @@ auth_key = testing
# auth_key = testing # auth_key = testing
# auth_version = 2.0 # auth_version = 2.0
# endpoint_type = publicURL # endpoint_type = publicURL
# keystone_api_insecure = no
# #
# swift_dir = /etc/swift # swift_dir = /etc/swift
# dispersion_coverage = 1.0 # dispersion_coverage = 1.0