openstack/tripleo-docs
Code Issues Proposed changes

Merge "Update external Swift configuration doc"

Browse Source
This commit is contained in:
Jenkins 2017-06-19 13:03:33 +00:00 committed by Gerrit Code Review
commit ea54370069
1 changed files with 36 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
doc/source/advanced_deployment/swift_external.rst
View File

@ -12,11 +12,11 @@ its setup by creating a custom environment file (i.e.
*~/my-swift-settings.yaml*)::
parameter_defaults:
ExternalPublicUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
ExternalInternalUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
ExternalAdminUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
ExternalPublicUrl: 'http://<Public Swift endpoint or loadbalancer>:9024/v1/AUTH_%(tenant_id)s'
ExternalInternalUrl: 'http://<Internal Swift endpoint>:9024/v1/AUTH_%(tenant_id)s'
ExternalAdminUrl: 'http://<Admin Swift endpoint>:9024'
ExternalSwiftUserTenant: 'service'
SwiftPassword: 'choose_a_random_password'
The user can create an environment file with the required settings
and add the files above to the deploy commandline::
@ -26,5 +26,36 @@ and add the files above to the deploy commandline::
Once the deploy has succeeded, user has to complete the
configuration on the external swift proxy, configuring it to use the
keystone authentication provider. This environment files creates also
a service user called *swift* that can be used for this purpose.
a service user called *swift* that can be used for this purpose. The
password for this user is defined by using the *SwiftPassword*
parameter, as shown above.
The external Swift proxy must use Keystone from the overcloud, otherwise
authentication will fail. The public Keystone endpoint must be
accessible from the proxy therefore.
The following snippet from `/etc/swift/proxy-server.conf` is an example
how to configure the Swift proxy to use Keystone from the overcloud::
[pipeline:main]
pipeline = [... other middlewares ...] authtoken keystone [... other middlewares ...]
[filter:keystone]
use = egg:swift#keystoneauth
operator_roles = admin, SwiftOperator
cache = swift.cache
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
signing_dir = /tmp/keystone-signing-swift
auth_uri = http://<public Keystone endpoint>:5000/
auth_url = http://<admin Keystone endpoint>:35357/
password = <Password as defined in the environment parameters>
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
cache = swift.cache
include_service_catalog = False
delay_auth_decision = True