GitList

lib/swift

e263c82e	#!/bin/bash #
ece6a332	# lib/swift
6d04fd7b	# Functions to control the configuration and operation of the Swift service
ece6a332	# Dependencies:
6a5aa7c6	# # - ``functions`` file # - ``apache`` file # - ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined # - ``STACK_USER`` must be defined # - ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined # - ``lib/keystone`` file #
ece6a332	# ``stack.sh`` calls the entry points in this order: #
6a5aa7c6	# - install_swift # - _config_swift_apache_wsgi # - configure_swift # - init_swift # - start_swift # - stop_swift # - cleanup_swift # - _cleanup_swift_apache_wsgi
ece6a332	# Save trace setting XTRACE=$(set +o \| grep xtrace) set +o xtrace # Defaults # --------
18d4778c	if is_ssl_enabled_service "s-proxy" \|\| is_service_enabled tls-proxy; then SWIFT_SERVICE_PROTOCOL="https" fi
ece6a332	# Set up default directories
e08ab104	GITDIR["python-swiftclient"]=$DEST/python-swiftclient
5cb19069
ece6a332	SWIFT_DIR=$DEST/swift
64ab7743	SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
d98a5d0a	SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
b7490da9	SWIFT3_DIR=$DEST/swift3
ece6a332
18d4778c	SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}
180f5eb6	SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
92ad1525	SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
18d4778c
ece6a332	# TODO: add logging to different location. # Set ``SWIFT_DATA_DIR`` to the location of swift drives and objects. # Default is the common DevStack data directory. SWIFT_DATA_DIR=${SWIFT_DATA_DIR:-${DATA_DIR}/swift}
e6024413	SWIFT_DISK_IMAGE=${SWIFT_DATA_DIR}/drives/images/swift.img
ece6a332
6ec72fab	# Set ``SWIFT_CONF_DIR`` to the location of the configuration files.
ece6a332	# Default is ``/etc/swift``.
a6dfe819	SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-/etc/swift}
ece6a332
b7490da9	if is_service_enabled s-proxy && is_service_enabled swift3; then
dc97cb71	# If we are using ``swift3``, we can default the S3 port to swift instead
b7490da9	# of nova-objectstore S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080} fi
9ebd65be	if is_service_enabled g-api; then # Minimum Cinder volume size is 1G so if Swift backend for Glance is # only 1G we can not upload volume to image. # Increase Swift disk size up to 2G SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=2G else # DevStack will create a loop-back disk formatted as XFS to store the # swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in # kilobytes. # Default is 1 gigabyte. SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=1G fi
66c54249	# if tempest enabled the default size is 6 Gigabyte.
3418c1ca	if is_service_enabled tempest; then
66c54249	SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=${SWIFT_LOOPBACK_DISK_SIZE:-6G}
3418c1ca	fi SWIFT_LOOPBACK_DISK_SIZE=${SWIFT_LOOPBACK_DISK_SIZE:-$SWIFT_LOOPBACK_DISK_SIZE_DEFAULT}
ece6a332
bc3a3394	# Set ``SWIFT_EXTRAS_MIDDLEWARE`` to extras middlewares.
f19ccb63	# Default is ``staticweb, formpost`` SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-formpost staticweb}
bc3a3394
d9883407	# Set ``SWIFT_EXTRAS_MIDDLEWARE_LAST`` to extras middlewares that need to be at # the end of the pipeline.
53753293	SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST:-}
d9883407
1ce2ffd1	# Set ``SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH`` to extras middlewares that need to be at # the beginning of the pipeline, before authentication middlewares. SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH=${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH:-crossdomain}
ea21eb4f	# The ring uses a configurable number of bits from a path's MD5 hash as
ece6a332	# a partition index that designates a device. The number of bits kept # from the hash is known as the partition power, and 2 to the partition # power indicates the partition count. Partitioning the full MD5 hash # ring allows other parts of the cluster to work in batches of items at # once which ends up either more efficient or at least less complex than # working with each item separately or the entire cluster all at once. # By default we define 9 for the partition count (which mean 512). SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9} # Set ``SWIFT_REPLICAS`` to configure how many replicas are to be
0c3a5584	# configured for your Swift cluster. By default we are configuring # only one replica since this is way less CPU and memory intensive. If # you are planning to test swift replication you may want to set this # up to 3. SWIFT_REPLICAS=${SWIFT_REPLICAS:-1}
ece6a332	SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
cee4b3bd	# Set ``SWIFT_LOG_TOKEN_LENGTH`` to configure how many characters of an auth # token should be placed in the logs. When keystone is used with PKI tokens, # the token values can be huge, seemingly larger the 2K, at the least. We # restrict it here to a default of 12 characters, which should be enough to # trace through the logs when looking for its use. SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
63024d91	# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximun length of headers in # Swift API SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
ece6a332	# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE`` # Port bases used in port number calclution for the service "nodes" # The specified port number will be used, the additinal ports calculated by # base_port + node_num * 10
1151d6ff	OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6013} CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6011} ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012}
ece6a332
abbb0e9a	# Enable tempurl feature SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False}
53753293	SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY:-}
abbb0e9a
dc97cb71	# Toggle for deploying Swift under HTTPD + mod_wsgi SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
cc6b4435	# Functions # ---------
ece6a332
e4fa7213	# Test if any Swift services are enabled # is_swift_enabled function is_swift_enabled { [[ ,${ENABLED_SERVICES} =~ ,"s-" ]] && return 0 return 1 }
ece6a332	# cleanup_swift() - Remove residual data files
aee18c74	function cleanup_swift {
101b4248	rm -f ${SWIFT_CONF_DIR}{.builder,.ring.gz,backups/.builder,backups/.ring.gz} if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then sudo umount ${SWIFT_DATA_DIR}/drives/sdb1 fi if [[ -e ${SWIFT_DISK_IMAGE} ]]; then rm ${SWIFT_DISK_IMAGE} fi rm -rf ${SWIFT_DATA_DIR}/run/
46455a34	if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
101b4248	_cleanup_swift_apache_wsgi fi
d98a5d0a	} # _cleanup_swift_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
aee18c74	function _cleanup_swift_apache_wsgi {
d98a5d0a	sudo rm -f $SWIFT_APACHE_WSGI_DIR/*.wsgi
5470701e	disable_apache_site proxy-server
084f51f7	local node_number type
d98a5d0a	for node_number in ${SWIFT_REPLICAS_SEQ}; do for type in object container account; do
084f51f7	local site_name=${type}-server-${node_number}
5470701e	disable_apache_site ${site_name}
a688bc65	sudo rm -f $(apache_site_config_for ${site_name})
d98a5d0a	done done } # _config_swift_apache_wsgi() - Set WSGI config files of Swift
aee18c74	function _config_swift_apache_wsgi {
d98a5d0a	sudo mkdir -p ${SWIFT_APACHE_WSGI_DIR} local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080} # copy proxy vhost and wsgi file
a688bc65	sudo cp ${SWIFT_DIR}/examples/apache2/proxy-server.template $(apache_site_config_for proxy-server)
d98a5d0a	sudo sed -e " /^#/d;/^$/d; s/%PORT%/$proxy_port/g; s/%SERVICENAME%/proxy-server/g; s/%APACHE_NAME%/${APACHE_NAME}/g;
d5824601	s/%USER%/${STACK_USER}/g;
a688bc65	" -i $(apache_site_config_for proxy-server)
5470701e	enable_apache_site proxy-server
d98a5d0a	sudo cp ${SWIFT_DIR}/examples/wsgi/proxy-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi sudo sed -e " /^#/d;/^$/d; s/%SERVICECONF%/proxy-server.conf/g; " -i ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi # copy apache vhost file and set name and port
084f51f7	local node_number
d98a5d0a	for node_number in ${SWIFT_REPLICAS_SEQ}; do
761c456a	local object_port=$(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) local container_port=$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) local account_port=$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))
d98a5d0a
a688bc65	sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template $(apache_site_config_for object-server-${node_number})
d98a5d0a	sudo sed -e " s/%PORT%/$object_port/g; s/%SERVICENAME%/object-server-${node_number}/g; s/%APACHE_NAME%/${APACHE_NAME}/g;
d5824601	s/%USER%/${STACK_USER}/g;
a688bc65	" -i $(apache_site_config_for object-server-${node_number})
5470701e	enable_apache_site object-server-${node_number}
d98a5d0a	sudo cp ${SWIFT_DIR}/examples/wsgi/object-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi sudo sed -e " /^#/d;/^$/d; s/%SERVICECONF%/object-server\/${node_number}.conf/g; " -i ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
a688bc65	sudo cp ${SWIFT_DIR}/examples/apache2/container-server.template $(apache_site_config_for container-server-${node_number})
d98a5d0a	sudo sed -e " /^#/d;/^$/d; s/%PORT%/$container_port/g; s/%SERVICENAME%/container-server-${node_number}/g; s/%APACHE_NAME%/${APACHE_NAME}/g;
d5824601	s/%USER%/${STACK_USER}/g;
a688bc65	" -i $(apache_site_config_for container-server-${node_number})
5470701e	enable_apache_site container-server-${node_number}
d98a5d0a	sudo cp ${SWIFT_DIR}/examples/wsgi/container-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi sudo sed -e " /^#/d;/^$/d; s/%SERVICECONF%/container-server\/${node_number}.conf/g; " -i ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
a688bc65	sudo cp ${SWIFT_DIR}/examples/apache2/account-server.template $(apache_site_config_for account-server-${node_number})
d98a5d0a	sudo sed -e "
101b4248	/^#/d;/^$/d;
d98a5d0a	s/%PORT%/$account_port/g; s/%SERVICENAME%/account-server-${node_number}/g; s/%APACHE_NAME%/${APACHE_NAME}/g;
d5824601	s/%USER%/${STACK_USER}/g;
a688bc65	" -i $(apache_site_config_for account-server-${node_number})
5470701e	enable_apache_site account-server-${node_number}
d98a5d0a	sudo cp ${SWIFT_DIR}/examples/wsgi/account-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi sudo sed -e "
101b4248	/^#/d;/^$/d;
d98a5d0a	s/%SERVICECONF%/account-server\/${node_number}.conf/g; " -i ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi done
ece6a332	}
f8e86bb3	# This function generates an object/container/account configuration # emulating 4 nodes on different ports
6c585d73	function generate_swift_config_services {
f8e86bb3	local swift_node_config=$1 local node_id=$2 local bind_port=$3 local server_type=$4
761c456a	log_facility=$(( node_id - 1 ))
084f51f7	local node_path=${SWIFT_DATA_DIR}/${node_number}
f8e86bb3	iniuncomment ${swift_node_config} DEFAULT user iniset ${swift_node_config} DEFAULT user ${STACK_USER} iniuncomment ${swift_node_config} DEFAULT bind_port iniset ${swift_node_config} DEFAULT bind_port ${bind_port} iniuncomment ${swift_node_config} DEFAULT swift_dir iniset ${swift_node_config} DEFAULT swift_dir ${SWIFT_CONF_DIR} iniuncomment ${swift_node_config} DEFAULT devices iniset ${swift_node_config} DEFAULT devices ${node_path} iniuncomment ${swift_node_config} DEFAULT log_facility iniset ${swift_node_config} DEFAULT log_facility LOG_LOCAL${log_facility} iniuncomment ${swift_node_config} DEFAULT workers
55dc2c2b	iniset ${swift_node_config} DEFAULT workers ${API_WORKERS:-1}
f8e86bb3	iniuncomment ${swift_node_config} DEFAULT disable_fallocate iniset ${swift_node_config} DEFAULT disable_fallocate true iniuncomment ${swift_node_config} DEFAULT mount_check iniset ${swift_node_config} DEFAULT mount_check false iniuncomment ${swift_node_config} ${server_type}-replicator vm_test_mode iniset ${swift_node_config} ${server_type}-replicator vm_test_mode yes
6c585d73	# Using a sed and not iniset/iniuncomment because we want to a global # modification and make sure it works for new sections. sed -i -e "s,#[ ]recon_cache_path .,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config}
f8e86bb3	}
ece6a332	# configure_swift() - Set config files, create data dirs and loop image
aee18c74	function configure_swift {
1ce2ffd1	local swift_pipeline="${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH}"
ece6a332	local node_number local swift_node_config local swift_log_dir
2f6576bf	local user_group
ece6a332	# Make sure to kill all swift processes first
ad8b2762	swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop \|\| true
ece6a332
8421c2b9	sudo install -d -o ${STACK_USER} ${SWIFT_CONF_DIR} sudo install -d -o ${STACK_USER} ${SWIFT_CONF_DIR}/{object,container,account}-server
ece6a332
6ec72fab	if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then
ece6a332	# Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed. # Create a symlink if the config dir is moved
6ec72fab	sudo ln -sf ${SWIFT_CONF_DIR} /etc/swift
ece6a332	fi # Swift use rsync to synchronize between all the different # partitions (which make more sense when you have a multi-node # setup) we configure it with our version of rsync. sed -e " s/%GROUP%/${USER_GROUP}/;
e578effb	s/%USER%/${STACK_USER}/;
ece6a332	s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,; " $FILES/swift/rsyncd.conf \| sudo tee /etc/rsyncd.conf # rsyncd.conf just prepared for 4 nodes
c18b9651	if is_ubuntu; then
ece6a332	sudo sed -i '/^RSYNC_ENABLE=false/ { s/false/true/ }' /etc/default/rsync
0e57b967	elif [ -e /etc/xinetd.d/rsync ]; then
ece6a332	sudo sed -i '/disable = yes/ { s/yes/no/ }' /etc/xinetd.d/rsync fi
6ec72fab	SWIFT_CONFIG_PROXY_SERVER=${SWIFT_CONF_DIR}/proxy-server.conf
ece6a332	cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER}
d03915f9	# To run container sync feature introduced in Swift ver 1.12.0, # container sync "realm" is added in container-sync-realms.conf local csyncfile=${SWIFT_CONF_DIR}/container-sync-realms.conf cp ${SWIFT_DIR}/etc/container-sync-realms.conf-sample ${csyncfile} iniset ${csyncfile} realm1 key realm1key iniset ${csyncfile} realm1 cluster_name1 "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/"
f2c1a712
ece6a332	iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user
e578effb	iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER}
ece6a332	iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir
6ec72fab	iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR}
ece6a332	iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT workers iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT workers 1 iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level DEBUG
92ad1525	iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_ip iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
ece6a332	iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port
18d4778c	if is_service_enabled tls-proxy; then iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT_INT} else iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080} fi if is_ssl_enabled_service s-proxy; then ensure_certificates SWIFT iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT cert_file "$SWIFT_SSL_CERT" iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT key_file "$SWIFT_SSL_KEY" fi
ece6a332
dc97cb71	# DevStack is commonly run in a small slow environment, so bump the timeouts up. # ``node_timeout`` is the node read operation response time to the proxy server # ``conn_timeout`` is how long it takes a connect() system call to return
d254da52	iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server node_timeout 120 iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server conn_timeout 20
eedfdee0	# Configure Ceilometer if is_service_enabled ceilometer; then iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer "set log_level" "WARN"
b6197e6a	iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer paste.filter_factory "ceilometermiddleware.swift:filter_factory" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer control_exchange "swift" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer url $(get_transport_url) iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer driver "messaging" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer topic "notifications"
eedfdee0	SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer" fi
d9883407
dc97cb71	# Restrict the length of auth tokens in the Swift ``proxy-server`` logs.
cee4b3bd	iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:proxy-logging reveal_sensitive_prefix ${SWIFT_LOG_TOKEN_LENGTH}
dc97cb71	# By default Swift will be installed with Keystone and tempauth middleware
5cac378c	# and add the swift3 middleware if its configured for it. The token for
cb961597	# tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the # token for keystoneauth would have the standard reseller_prefix `AUTH_`
5cac378c	if is_service_enabled swift3;then
1ce2ffd1	swift_pipeline+=" swift3 s3token "
bc3a3394	fi
254fd552
5ce44cd6	if is_service_enabled keystone; then
254fd552	swift_pipeline+=" authtoken keystoneauth" fi swift_pipeline+=" tempauth "
bc3a3394	sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
d9883407	sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
ece6a332	iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
1ce2ffd1	# Configure Crossdomain iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
dc97cb71	# Configure authtoken middleware to use the same Python logging # adapter provided by the Swift ``proxy-server``, so that request transaction
8afc8935	# IDs will included in all of its log messages. iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
ece6a332
38c95b8e	iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
6ac97deb	configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
38c95b8e	iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1 iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth"
ece6a332	iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
dc97cb71	# Configure Tempauth. In the sample config file Keystoneauth is commented
7faceb67	# out. Make sure we uncomment Tempauth after we uncomment Keystoneauth # otherwise, this code also sets the reseller_prefix for Keystoneauth. iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
ece6a332	if is_service_enabled swift3; then cat <<EOF >>${SWIFT_CONFIG_PROXY_SERVER} [filter:s3token]
e8a2fa43	paste.filter_factory = keystonemiddleware.s3_token:filter_factory
ece6a332	auth_port = ${KEYSTONE_AUTH_PORT} auth_host = ${KEYSTONE_AUTH_HOST} auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
18d4778c	cafile = ${SSL_BUNDLE_FILE}
fbb3e773	admin_user = swift admin_tenant_name = ${SERVICE_TENANT_NAME} admin_password = ${SERVICE_PASSWORD}
ece6a332	[filter:swift3] use = egg:swift3#swift3
9b21f98c	location = ${REGION_NAME}
ece6a332	EOF fi
6ec72fab	cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH}
63024d91	iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_header_size ${SWIFT_MAX_HEADER_SIZE}
ece6a332
084f51f7	local node_number
ece6a332	for node_number in ${SWIFT_REPLICAS_SEQ}; do
084f51f7	local swift_node_config=${SWIFT_CONF_DIR}/object-server/${node_number}.conf
ece6a332	cp ${SWIFT_DIR}/etc/object-server.conf-sample ${swift_node_config}
6c585d73	generate_swift_config_services ${swift_node_config} ${node_number} $(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) object
92ad1525	iniuncomment ${swift_node_config} DEFAULT bind_ip iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
8e5d2f0c	iniset ${swift_node_config} filter:recon recon_cache_path ${SWIFT_DATA_DIR}/cache
ece6a332
6ec72fab	swift_node_config=${SWIFT_CONF_DIR}/container-server/${node_number}.conf
ece6a332	cp ${SWIFT_DIR}/etc/container-server.conf-sample ${swift_node_config}
6c585d73	generate_swift_config_services ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container
92ad1525	iniuncomment ${swift_node_config} DEFAULT bind_ip iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
83e10957	iniuncomment ${swift_node_config} app:container-server allow_versions iniset ${swift_node_config} app:container-server allow_versions "true"
ece6a332
6ec72fab	swift_node_config=${SWIFT_CONF_DIR}/account-server/${node_number}.conf
ece6a332	cp ${SWIFT_DIR}/etc/account-server.conf-sample ${swift_node_config}
6c585d73	generate_swift_config_services ${swift_node_config} ${node_number} $(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) account
92ad1525	iniuncomment ${swift_node_config} DEFAULT bind_ip iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
ece6a332	done
0ce91a5c	# Set new accounts in tempauth to match keystone tenant/user (to make testing easier) iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest1 "testing .admin" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest2_swiftusertest2 "testing2 .admin" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest3 "testing3 .admin" testfile=${SWIFT_CONF_DIR}/test.conf cp ${SWIFT_DIR}/test/sample.conf ${testfile} # Set accounts for functional tests iniset ${testfile} func_test account swifttenanttest1 iniset ${testfile} func_test username swiftusertest1 iniset ${testfile} func_test username3 swiftusertest3 iniset ${testfile} func_test account2 swifttenanttest2 iniset ${testfile} func_test username2 swiftusertest2
24779f65	iniset ${testfile} func_test account4 swifttenanttest4 iniset ${testfile} func_test username4 swiftusertest4 iniset ${testfile} func_test password4 testing4 iniset ${testfile} func_test domain4 swift_test
0ce91a5c
5ce44cd6	if is_service_enabled keystone; then
0ce91a5c	iniuncomment ${testfile} func_test auth_version
24779f65	local auth_vers=$(iniget ${testfile} func_test auth_version)
0ce91a5c	iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST} iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
24779f65	if [[ $auth_vers == "3" ]]; then iniset ${testfile} func_test auth_prefix /v3/ else iniset ${testfile} func_test auth_prefix /v2.0/ fi
0ce91a5c	fi
2f6576bf	local user_group=$(id -g ${STACK_USER}) sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}
084f51f7	local swift_log_dir=${SWIFT_DATA_DIR}/logs
2f6576bf	sudo rm -rf ${swift_log_dir} sudo install -d -o ${STACK_USER} -g adm ${swift_log_dir}/hourly
f894c2ab	if [[ $SYSLOG != "False" ]]; then sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf \| sudo \ tee /etc/rsyslog.d/10-swift.conf # restart syslog to take the changes sudo killall -HUP rsyslogd fi
ad7e8c63
46455a34	if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
d98a5d0a	_config_swift_apache_wsgi fi
ece6a332	}
1c6c1125	# create_swift_disk - Create Swift backing disk
aee18c74	function create_swift_disk {
1c6c1125	local node_number # First do a bit of setup by creating the directories and # changing the permissions so we can run it as our user.
084f51f7	local user_group=$(id -g ${STACK_USER})
8421c2b9	sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
1c6c1125	# Create a loopback disk and format it to XFS.
e6024413	if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
1c6c1125	if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
e6024413	sudo rm -f ${SWIFT_DISK_IMAGE}
1c6c1125	fi fi mkdir -p ${SWIFT_DATA_DIR}/drives/images
e6024413	sudo touch ${SWIFT_DISK_IMAGE}
e578effb	sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
1c6c1125
e6024413	truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
1c6c1125	# Make a fresh XFS filesystem
fd034f00	/sbin/mkfs.xfs -f -i size=1024 ${SWIFT_DISK_IMAGE}
1c6c1125	# Mount the disk with mount options to make it as efficient as possible mkdir -p ${SWIFT_DATA_DIR}/drives/sdb1 if ! egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then sudo mount -t xfs -o loop,noatime,nodiratime,nobarrier,logbufs=8 \
e6024413	${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1
1c6c1125	fi # Create a link to the above mount and # create all of the directories needed to emulate a few different servers
084f51f7	local node_number
1c6c1125	for node_number in ${SWIFT_REPLICAS_SEQ}; do sudo ln -sf ${SWIFT_DATA_DIR}/drives/sdb1/$node_number ${SWIFT_DATA_DIR}/$node_number;
084f51f7	local drive=${SWIFT_DATA_DIR}/drives/sdb1/${node_number} local node=${SWIFT_DATA_DIR}/${node_number}/node local node_device=${node}/sdb1
1c6c1125	[[ -d $node ]] && continue [[ -d $drive ]] && continue
084f51f7	sudo install -o ${STACK_USER} -g $user_group -d $drive sudo install -o ${STACK_USER} -g $user_group -d $node_device
e578effb	sudo chown -R ${STACK_USER}: ${node}
1c6c1125	done }
dc97cb71	# create_swift_accounts() - Set up standard Swift accounts and extra
ba313054	# one for tests we do this by attaching all words in the account name # since we want to make it compatible with tempauth which use # underscores for separators.
0ce91a5c
24779f65	# Tenant User Roles Domain
0ce91a5c	# ------------------------------------------------------------------
24779f65	# service swift service default # swifttenanttest1 swiftusertest1 admin default # swifttenanttest1 swiftusertest3 anotherrole default # swifttenanttest2 swiftusertest2 admin default # swifttenanttest4 swiftusertest4 admin swift_test
0ce91a5c
aee18c74	function create_swift_accounts {
dc97cb71	# Defines specific passwords used by ``tools/create_userrc.sh`` # As these variables are used by ``create_userrc.sh,`` they must be exported # The _password suffix is expected by ``create_userrc.sh``.
7c6d005e	export swiftusertest1_password=testing export swiftusertest2_password=testing2 export swiftusertest3_password=testing3
24779f65	export swiftusertest4_password=testing4
1814e671
ba313054	KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
dbdee698	local another_role=$(get_or_create_role "anotherrole")
19685428
ae74ed77	# NOTE(jroll): Swift doesn't need the admin role here, however Ironic uses # temp urls, which break when uploaded by a non-admin role create_service_user "swift" "admin"
ba313054	if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
0abde393
b17ad756	get_or_create_service "swift" "object-store" "Swift Service" get_or_create_endpoint "object-store" \
0abde393	"$REGION_NAME" \
18d4778c	"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080" \ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
ba313054	fi
b632c9ef	local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
084f51f7	die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
9d7e776b	SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \ "default" "test@example.com")
23178a99	die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
9b215db5	get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
0ce91a5c
9d7e776b	local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \ "default" "test3@example.com")
084f51f7	die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
9b215db5	get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
0ce91a5c
b632c9ef	local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
084f51f7	die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
19685428
9d7e776b	local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \ "default" "test2@example.com")
084f51f7	die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
9b215db5	get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
24779f65	local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing') die_if_not_set $LINENO swift_domain "Failure creating swift_test domain" local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain) die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
18f39bfb
9d7e776b	local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \ $swift_domain "test4@example.com")
24779f65	die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
9b215db5	get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
0ce91a5c	}
1c6c1125
ece6a332	# init_swift() - Initialize rings
aee18c74	function init_swift {
ece6a332	local node_number # Make sure to kill all swift processes first
ad8b2762	swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop \|\| true
ece6a332
1c6c1125	# Forcibly re-create the backing filesystem create_swift_disk
ece6a332	# This is where we create three different rings for swift with # different object servers binding on different ports.
6ec72fab	pushd ${SWIFT_CONF_DIR} >/dev/null && {
ece6a332	rm -f .builder .ring.gz backups/.builder backups/.ring.gz swift-ring-builder object.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1 swift-ring-builder container.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1 swift-ring-builder account.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1 for node_number in ${SWIFT_REPLICAS_SEQ}; do
180f5eb6	swift-ring-builder object.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1 swift-ring-builder container.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1 swift-ring-builder account.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
ece6a332	done swift-ring-builder object.builder rebalance swift-ring-builder container.builder rebalance swift-ring-builder account.builder rebalance } && popd >/dev/null
64ab7743	# Create cache dir
8421c2b9	sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR
64ab7743	rm -f $SWIFT_AUTH_CACHE_DIR/*
ece6a332	}
aee18c74	function install_swift {
ece6a332	git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH
253a1a35	setup_develop $SWIFT_DIR
46455a34	if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
d98a5d0a	install_apache_wsgi fi
ece6a332	}
aee18c74	function install_swiftclient {
e08ab104	if use_library_from_git "python-swiftclient"; then git_clone_by_name "python-swiftclient" setup_dev_lib "python-swiftclient"
5cb19069	fi
ece6a332	}
1848b837	# install_ceilometermiddleware() - Collect source and prepare # note that this doesn't really have anything to do with ceilometer; # though ceilometermiddleware has ceilometer in its name as an # artifact of history, it is not a ceilometer specific tool. It # simply generates pycadf-based notifications about requests and # responses on the swift proxy function install_ceilometermiddleware { if use_library_from_git "ceilometermiddleware"; then git_clone_by_name "ceilometermiddleware" setup_dev_lib "ceilometermiddleware" else pip_install_gr ceilometermiddleware fi }
ece6a332	# start_swift() - Start running processes, including screen
aee18c74	function start_swift {
8ecbb38d	# (re)start memcached to make sure we have a clean memcache. restart_service memcached
ece6a332	# Start rsync
c18b9651	if is_ubuntu; then
ece6a332	sudo /etc/init.d/rsync restart \|\| :
0e57b967	elif [ -e /etc/xinetd.d/rsync ]; then start_service xinetd
ece6a332	else
0e57b967	start_service rsyncd
ece6a332	fi
46455a34	if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
d98a5d0a	restart_apache_server swift-init --run-dir=${SWIFT_DATA_DIR}/run rest start
2f27a0ed	tail_log s-proxy /var/log/$APACHE_NAME/proxy-server
d98a5d0a	if [[ ${SWIFT_REPLICAS} == 1 ]]; then for type in object container account; do
2f27a0ed	tail_log s-${type} /var/log/$APACHE_NAME/${type}-server-1
d98a5d0a	done fi return 0 fi
101b4248	# By default with only one replica we are launching the proxy, # container, account and object server in screen in foreground and
dc97cb71	# other services in background. If we have ``SWIFT_REPLICAS`` set to something # greater than one we first spawn all the Swift services then kill the proxy
101b4248	# service so we can run it in foreground in screen. ``swift-init ... # {stop\|restart}`` exits with '1' if no servers are running, ignore it just # in case
084f51f7	local todo type
101b4248	swift-init --run-dir=${SWIFT_DATA_DIR}/run all restart \|\| true if [[ ${SWIFT_REPLICAS} == 1 ]]; then
0c3a5584	todo="object container account"
101b4248	fi for type in proxy ${todo}; do swift-init --run-dir=${SWIFT_DATA_DIR}/run ${type} stop \|\| true done
18d4778c	if is_service_enabled tls-proxy; then local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080} start_tls_proxy '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT & fi
2f27a0ed	run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
101b4248	if [[ ${SWIFT_REPLICAS} == 1 ]]; then for type in object container account; do
2f27a0ed	run_process s-${type} "$SWIFT_DIR/bin/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
101b4248	done fi
abbb0e9a	if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then swift_configure_tempurls fi
ece6a332	} # stop_swift() - Stop running processes (non-screen)
aee18c74	function stop_swift {
084f51f7	local type
d98a5d0a
46455a34	if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
d98a5d0a	swift-init --run-dir=${SWIFT_DATA_DIR}/run rest stop && return 0 fi
dc97cb71	# screen normally killed by ``unstack.sh``
995eb927	if type -p swift-init >/dev/null; then
0c3a5584	swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop \|\| true fi
f36a9b21	# Dump all of the servers
2f27a0ed	# Maintain the iteration as stop_process() has some desirable side-effects
1eae3e15	for type in proxy object container account; do
2f27a0ed	stop_process s-${type}
1eae3e15	done # Blast out any stragglers
f750a6fe	pkill -f swift- \|\| true
ece6a332	}
abbb0e9a	function swift_configure_tempurls { OS_USERNAME=swift \ OS_TENANT_NAME=$SERVICE_TENANT_NAME \ OS_PASSWORD=$SERVICE_PASSWORD \
3e3212b5	OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
abbb0e9a	swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY" }
ece6a332	# Restore xtrace $XTRACE
584d90ec
6a5aa7c6	# Tell emacs to use shell-script-mode ## Local variables: ## mode: shell-script ## End: