e263c82e |
#!/bin/bash
# |
ece6a332 |
# lib/swift |
6d04fd7b |
# Functions to control the configuration and operation of the **Swift** service |
ece6a332 |
# Dependencies: |
6a5aa7c6 |
#
# - ``functions`` file
# - ``apache`` file
# - ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
# - ``STACK_USER`` must be defined
# - ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
# - ``lib/keystone`` file
# |
ece6a332 |
# ``stack.sh`` calls the entry points in this order:
# |
6a5aa7c6 |
# - install_swift
# - _config_swift_apache_wsgi
# - configure_swift
# - init_swift
# - start_swift
# - stop_swift
# - cleanup_swift
# - _cleanup_swift_apache_wsgi |
ece6a332 |
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
|
18d4778c |
if is_ssl_enabled_service "s-proxy" || is_service_enabled tls-proxy; then
SWIFT_SERVICE_PROTOCOL="https"
fi
|
ece6a332 |
# Set up default directories |
e08ab104 |
GITDIR["python-swiftclient"]=$DEST/python-swiftclient |
5cb19069 |
|
ece6a332 |
SWIFT_DIR=$DEST/swift |
64ab7743 |
SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift} |
d98a5d0a |
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift} |
b7490da9 |
SWIFT3_DIR=$DEST/swift3 |
ece6a332 |
|
18d4778c |
SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081} |
180f5eb6 |
SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST} |
92ad1525 |
SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
18d4778c |
|
ece6a332 |
# TODO: add logging to different location.
# Set ``SWIFT_DATA_DIR`` to the location of swift drives and objects.
# Default is the common DevStack data directory.
SWIFT_DATA_DIR=${SWIFT_DATA_DIR:-${DATA_DIR}/swift} |
e6024413 |
SWIFT_DISK_IMAGE=${SWIFT_DATA_DIR}/drives/images/swift.img |
ece6a332 |
|
6ec72fab |
# Set ``SWIFT_CONF_DIR`` to the location of the configuration files. |
ece6a332 |
# Default is ``/etc/swift``. |
a6dfe819 |
SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-/etc/swift} |
ece6a332 |
|
b7490da9 |
if is_service_enabled s-proxy && is_service_enabled swift3; then |
dc97cb71 |
# If we are using ``swift3``, we can default the S3 port to swift instead |
b7490da9 |
# of nova-objectstore
S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
fi
|
9ebd65be |
if is_service_enabled g-api; then
# Minimum Cinder volume size is 1G so if Swift backend for Glance is
# only 1G we can not upload volume to image.
# Increase Swift disk size up to 2G
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=2G
else
# DevStack will create a loop-back disk formatted as XFS to store the
# swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in
# kilobytes.
# Default is 1 gigabyte.
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=1G
fi
|
66c54249 |
# if tempest enabled the default size is 6 Gigabyte. |
3418c1ca |
if is_service_enabled tempest; then |
66c54249 |
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=${SWIFT_LOOPBACK_DISK_SIZE:-6G} |
3418c1ca |
fi
SWIFT_LOOPBACK_DISK_SIZE=${SWIFT_LOOPBACK_DISK_SIZE:-$SWIFT_LOOPBACK_DISK_SIZE_DEFAULT} |
ece6a332 |
|
bc3a3394 |
# Set ``SWIFT_EXTRAS_MIDDLEWARE`` to extras middlewares. |
f19ccb63 |
# Default is ``staticweb, formpost``
SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-formpost staticweb} |
bc3a3394 |
|
d9883407 |
# Set ``SWIFT_EXTRAS_MIDDLEWARE_LAST`` to extras middlewares that need to be at
# the end of the pipeline. |
53753293 |
SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST:-} |
d9883407 |
|
1ce2ffd1 |
# Set ``SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH`` to extras middlewares that need to be at
# the beginning of the pipeline, before authentication middlewares.
SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH=${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH:-crossdomain}
|
ea21eb4f |
# The ring uses a configurable number of bits from a path's MD5 hash as |
ece6a332 |
# a partition index that designates a device. The number of bits kept
# from the hash is known as the partition power, and 2 to the partition
# power indicates the partition count. Partitioning the full MD5 hash
# ring allows other parts of the cluster to work in batches of items at
# once which ends up either more efficient or at least less complex than
# working with each item separately or the entire cluster all at once.
# By default we define 9 for the partition count (which mean 512).
SWIFT_PARTITION_POWER_SIZE=${SWIFT_PARTITION_POWER_SIZE:-9}
# Set ``SWIFT_REPLICAS`` to configure how many replicas are to be |
0c3a5584 |
# configured for your Swift cluster. By default we are configuring
# only one replica since this is way less CPU and memory intensive. If
# you are planning to test swift replication you may want to set this
# up to 3.
SWIFT_REPLICAS=${SWIFT_REPLICAS:-1} |
ece6a332 |
SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
|
cee4b3bd |
# Set ``SWIFT_LOG_TOKEN_LENGTH`` to configure how many characters of an auth
# token should be placed in the logs. When keystone is used with PKI tokens,
# the token values can be huge, seemingly larger the 2K, at the least. We
# restrict it here to a default of 12 characters, which should be enough to
# trace through the logs when looking for its use.
SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
|
63024d91 |
# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximun length of headers in
# Swift API
SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
|
ece6a332 |
# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
# Port bases used in port number calclution for the service "nodes"
# The specified port number will be used, the additinal ports calculated by
# base_port + node_num * 10 |
1151d6ff |
OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6013}
CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6011}
ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012} |
ece6a332 |
|
abbb0e9a |
# Enable tempurl feature
SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False} |
53753293 |
SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY:-} |
abbb0e9a |
|
dc97cb71 |
# Toggle for deploying Swift under HTTPD + mod_wsgi
SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
|
cc6b4435 |
# Functions
# --------- |
ece6a332 |
|
e4fa7213 |
# Test if any Swift services are enabled
# is_swift_enabled
function is_swift_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"s-" ]] && return 0
return 1
}
|
ece6a332 |
# cleanup_swift() - Remove residual data files |
aee18c74 |
function cleanup_swift { |
101b4248 |
rm -f ${SWIFT_CONF_DIR}{*.builder,*.ring.gz,backups/*.builder,backups/*.ring.gz}
if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
fi
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
rm ${SWIFT_DISK_IMAGE}
fi
rm -rf ${SWIFT_DATA_DIR}/run/ |
46455a34 |
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then |
101b4248 |
_cleanup_swift_apache_wsgi
fi |
d98a5d0a |
}
# _cleanup_swift_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file |
aee18c74 |
function _cleanup_swift_apache_wsgi { |
d98a5d0a |
sudo rm -f $SWIFT_APACHE_WSGI_DIR/*.wsgi |
5470701e |
disable_apache_site proxy-server |
084f51f7 |
local node_number type |
d98a5d0a |
for node_number in ${SWIFT_REPLICAS_SEQ}; do
for type in object container account; do |
084f51f7 |
local site_name=${type}-server-${node_number} |
5470701e |
disable_apache_site ${site_name} |
a688bc65 |
sudo rm -f $(apache_site_config_for ${site_name}) |
d98a5d0a |
done
done
}
# _config_swift_apache_wsgi() - Set WSGI config files of Swift |
aee18c74 |
function _config_swift_apache_wsgi { |
d98a5d0a |
sudo mkdir -p ${SWIFT_APACHE_WSGI_DIR}
local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080}
# copy proxy vhost and wsgi file |
a688bc65 |
sudo cp ${SWIFT_DIR}/examples/apache2/proxy-server.template $(apache_site_config_for proxy-server) |
d98a5d0a |
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$proxy_port/g;
s/%SERVICENAME%/proxy-server/g;
s/%APACHE_NAME%/${APACHE_NAME}/g; |
d5824601 |
s/%USER%/${STACK_USER}/g; |
a688bc65 |
" -i $(apache_site_config_for proxy-server) |
5470701e |
enable_apache_site proxy-server |
d98a5d0a |
sudo cp ${SWIFT_DIR}/examples/wsgi/proxy-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/proxy-server.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
# copy apache vhost file and set name and port |
084f51f7 |
local node_number |
d98a5d0a |
for node_number in ${SWIFT_REPLICAS_SEQ}; do |
761c456a |
local object_port=$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))
local container_port=$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))
local account_port=$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) |
d98a5d0a |
|
a688bc65 |
sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template $(apache_site_config_for object-server-${node_number}) |
d98a5d0a |
sudo sed -e "
s/%PORT%/$object_port/g;
s/%SERVICENAME%/object-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g; |
d5824601 |
s/%USER%/${STACK_USER}/g; |
a688bc65 |
" -i $(apache_site_config_for object-server-${node_number}) |
5470701e |
enable_apache_site object-server-${node_number} |
d98a5d0a |
sudo cp ${SWIFT_DIR}/examples/wsgi/object-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/object-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
|
a688bc65 |
sudo cp ${SWIFT_DIR}/examples/apache2/container-server.template $(apache_site_config_for container-server-${node_number}) |
d98a5d0a |
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$container_port/g;
s/%SERVICENAME%/container-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g; |
d5824601 |
s/%USER%/${STACK_USER}/g; |
a688bc65 |
" -i $(apache_site_config_for container-server-${node_number}) |
5470701e |
enable_apache_site container-server-${node_number} |
d98a5d0a |
sudo cp ${SWIFT_DIR}/examples/wsgi/container-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/container-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
|
a688bc65 |
sudo cp ${SWIFT_DIR}/examples/apache2/account-server.template $(apache_site_config_for account-server-${node_number}) |
d98a5d0a |
sudo sed -e " |
101b4248 |
/^#/d;/^$/d; |
d98a5d0a |
s/%PORT%/$account_port/g;
s/%SERVICENAME%/account-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g; |
d5824601 |
s/%USER%/${STACK_USER}/g; |
a688bc65 |
" -i $(apache_site_config_for account-server-${node_number}) |
5470701e |
enable_apache_site account-server-${node_number} |
d98a5d0a |
sudo cp ${SWIFT_DIR}/examples/wsgi/account-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
sudo sed -e " |
101b4248 |
/^#/d;/^$/d; |
d98a5d0a |
s/%SERVICECONF%/account-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
done |
ece6a332 |
}
|
f8e86bb3 |
# This function generates an object/container/account configuration
# emulating 4 nodes on different ports |
6c585d73 |
function generate_swift_config_services { |
f8e86bb3 |
local swift_node_config=$1
local node_id=$2
local bind_port=$3
local server_type=$4
|
761c456a |
log_facility=$(( node_id - 1 )) |
084f51f7 |
local node_path=${SWIFT_DATA_DIR}/${node_number} |
f8e86bb3 |
iniuncomment ${swift_node_config} DEFAULT user
iniset ${swift_node_config} DEFAULT user ${STACK_USER}
iniuncomment ${swift_node_config} DEFAULT bind_port
iniset ${swift_node_config} DEFAULT bind_port ${bind_port}
iniuncomment ${swift_node_config} DEFAULT swift_dir
iniset ${swift_node_config} DEFAULT swift_dir ${SWIFT_CONF_DIR}
iniuncomment ${swift_node_config} DEFAULT devices
iniset ${swift_node_config} DEFAULT devices ${node_path}
iniuncomment ${swift_node_config} DEFAULT log_facility
iniset ${swift_node_config} DEFAULT log_facility LOG_LOCAL${log_facility}
iniuncomment ${swift_node_config} DEFAULT workers |
55dc2c2b |
iniset ${swift_node_config} DEFAULT workers ${API_WORKERS:-1} |
f8e86bb3 |
iniuncomment ${swift_node_config} DEFAULT disable_fallocate
iniset ${swift_node_config} DEFAULT disable_fallocate true
iniuncomment ${swift_node_config} DEFAULT mount_check
iniset ${swift_node_config} DEFAULT mount_check false
iniuncomment ${swift_node_config} ${server_type}-replicator vm_test_mode
iniset ${swift_node_config} ${server_type}-replicator vm_test_mode yes |
6c585d73 |
# Using a sed and not iniset/iniuncomment because we want to a global
# modification and make sure it works for new sections.
sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config} |
f8e86bb3 |
}
|
ece6a332 |
# configure_swift() - Set config files, create data dirs and loop image |
aee18c74 |
function configure_swift { |
1ce2ffd1 |
local swift_pipeline="${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH}" |
ece6a332 |
local node_number
local swift_node_config
local swift_log_dir |
2f6576bf |
local user_group |
ece6a332 |
# Make sure to kill all swift processes first |
ad8b2762 |
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true |
ece6a332 |
|
8421c2b9 |
sudo install -d -o ${STACK_USER} ${SWIFT_CONF_DIR}
sudo install -d -o ${STACK_USER} ${SWIFT_CONF_DIR}/{object,container,account}-server |
ece6a332 |
|
6ec72fab |
if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then |
ece6a332 |
# Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed.
# Create a symlink if the config dir is moved |
6ec72fab |
sudo ln -sf ${SWIFT_CONF_DIR} /etc/swift |
ece6a332 |
fi
# Swift use rsync to synchronize between all the different
# partitions (which make more sense when you have a multi-node
# setup) we configure it with our version of rsync.
sed -e "
s/%GROUP%/${USER_GROUP}/; |
e578effb |
s/%USER%/${STACK_USER}/; |
ece6a332 |
s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,;
" $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf
# rsyncd.conf just prepared for 4 nodes |
c18b9651 |
if is_ubuntu; then |
ece6a332 |
sudo sed -i '/^RSYNC_ENABLE=false/ { s/false/true/ }' /etc/default/rsync |
0e57b967 |
elif [ -e /etc/xinetd.d/rsync ]; then |
ece6a332 |
sudo sed -i '/disable *= *yes/ { s/yes/no/ }' /etc/xinetd.d/rsync
fi
|
6ec72fab |
SWIFT_CONFIG_PROXY_SERVER=${SWIFT_CONF_DIR}/proxy-server.conf |
ece6a332 |
cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER}
|
d03915f9 |
# To run container sync feature introduced in Swift ver 1.12.0,
# container sync "realm" is added in container-sync-realms.conf
local csyncfile=${SWIFT_CONF_DIR}/container-sync-realms.conf
cp ${SWIFT_DIR}/etc/container-sync-realms.conf-sample ${csyncfile}
iniset ${csyncfile} realm1 key realm1key
iniset ${csyncfile} realm1 cluster_name1 "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/" |
f2c1a712 |
|
ece6a332 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user |
e578effb |
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER} |
ece6a332 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir |
6ec72fab |
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR} |
ece6a332 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT workers
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT workers 1
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level DEBUG
|
92ad1525 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_ip
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
|
ece6a332 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port |
18d4778c |
if is_service_enabled tls-proxy; then
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT_INT}
else
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080}
fi
if is_ssl_enabled_service s-proxy; then
ensure_certificates SWIFT
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT cert_file "$SWIFT_SSL_CERT"
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT key_file "$SWIFT_SSL_KEY"
fi |
ece6a332 |
|
dc97cb71 |
# DevStack is commonly run in a small slow environment, so bump the timeouts up.
# ``node_timeout`` is the node read operation response time to the proxy server
# ``conn_timeout`` is how long it takes a connect() system call to return |
d254da52 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server node_timeout 120
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server conn_timeout 20
|
eedfdee0 |
# Configure Ceilometer
if is_service_enabled ceilometer; then
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer "set log_level" "WARN" |
b6197e6a |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer paste.filter_factory "ceilometermiddleware.swift:filter_factory"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer control_exchange "swift"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer url $(get_transport_url)
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer driver "messaging"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer topic "notifications" |
eedfdee0 |
SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
fi |
d9883407 |
|
dc97cb71 |
# Restrict the length of auth tokens in the Swift ``proxy-server`` logs. |
cee4b3bd |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:proxy-logging reveal_sensitive_prefix ${SWIFT_LOG_TOKEN_LENGTH}
|
dc97cb71 |
# By default Swift will be installed with Keystone and tempauth middleware |
5cac378c |
# and add the swift3 middleware if its configured for it. The token for |
cb961597 |
# tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the
# token for keystoneauth would have the standard reseller_prefix `AUTH_` |
5cac378c |
if is_service_enabled swift3;then |
1ce2ffd1 |
swift_pipeline+=" swift3 s3token " |
bc3a3394 |
fi |
254fd552 |
|
5ce44cd6 |
if is_service_enabled keystone; then |
254fd552 |
swift_pipeline+=" authtoken keystoneauth"
fi
swift_pipeline+=" tempauth "
|
bc3a3394 |
sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER} |
d9883407 |
sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER} |
ece6a332 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
|
1ce2ffd1 |
# Configure Crossdomain
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
|
dc97cb71 |
# Configure authtoken middleware to use the same Python logging
# adapter provided by the Swift ``proxy-server``, so that request transaction |
8afc8935 |
# IDs will included in all of its log messages.
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift |
ece6a332 |
|
38c95b8e |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory |
6ac97deb |
configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken |
38c95b8e |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth" |
ece6a332 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
|
dc97cb71 |
# Configure Tempauth. In the sample config file Keystoneauth is commented |
7faceb67 |
# out. Make sure we uncomment Tempauth after we uncomment Keystoneauth
# otherwise, this code also sets the reseller_prefix for Keystoneauth.
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
|
ece6a332 |
if is_service_enabled swift3; then
cat <<EOF >>${SWIFT_CONFIG_PROXY_SERVER}
[filter:s3token] |
e8a2fa43 |
paste.filter_factory = keystonemiddleware.s3_token:filter_factory |
ece6a332 |
auth_port = ${KEYSTONE_AUTH_PORT}
auth_host = ${KEYSTONE_AUTH_HOST}
auth_protocol = ${KEYSTONE_AUTH_PROTOCOL} |
18d4778c |
cafile = ${SSL_BUNDLE_FILE} |
fbb3e773 |
admin_user = swift
admin_tenant_name = ${SERVICE_TENANT_NAME}
admin_password = ${SERVICE_PASSWORD} |
ece6a332 |
[filter:swift3]
use = egg:swift3#swift3 |
9b21f98c |
location = ${REGION_NAME} |
ece6a332 |
EOF
fi
|
6ec72fab |
cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf
iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH} |
63024d91 |
iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_header_size ${SWIFT_MAX_HEADER_SIZE} |
ece6a332 |
|
084f51f7 |
local node_number |
ece6a332 |
for node_number in ${SWIFT_REPLICAS_SEQ}; do |
084f51f7 |
local swift_node_config=${SWIFT_CONF_DIR}/object-server/${node_number}.conf |
ece6a332 |
cp ${SWIFT_DIR}/etc/object-server.conf-sample ${swift_node_config} |
6c585d73 |
generate_swift_config_services ${swift_node_config} ${node_number} $(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) object |
92ad1525 |
iniuncomment ${swift_node_config} DEFAULT bind_ip
iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS} |
8e5d2f0c |
iniset ${swift_node_config} filter:recon recon_cache_path ${SWIFT_DATA_DIR}/cache |
ece6a332 |
|
6ec72fab |
swift_node_config=${SWIFT_CONF_DIR}/container-server/${node_number}.conf |
ece6a332 |
cp ${SWIFT_DIR}/etc/container-server.conf-sample ${swift_node_config} |
6c585d73 |
generate_swift_config_services ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container |
92ad1525 |
iniuncomment ${swift_node_config} DEFAULT bind_ip
iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS} |
83e10957 |
iniuncomment ${swift_node_config} app:container-server allow_versions
iniset ${swift_node_config} app:container-server allow_versions "true" |
ece6a332 |
|
6ec72fab |
swift_node_config=${SWIFT_CONF_DIR}/account-server/${node_number}.conf |
ece6a332 |
cp ${SWIFT_DIR}/etc/account-server.conf-sample ${swift_node_config} |
6c585d73 |
generate_swift_config_services ${swift_node_config} ${node_number} $(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) account |
92ad1525 |
iniuncomment ${swift_node_config} DEFAULT bind_ip
iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS} |
ece6a332 |
done
|
0ce91a5c |
# Set new accounts in tempauth to match keystone tenant/user (to make testing easier)
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest1 "testing .admin"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest2_swiftusertest2 "testing2 .admin"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest3 "testing3 .admin"
testfile=${SWIFT_CONF_DIR}/test.conf
cp ${SWIFT_DIR}/test/sample.conf ${testfile}
# Set accounts for functional tests
iniset ${testfile} func_test account swifttenanttest1
iniset ${testfile} func_test username swiftusertest1
iniset ${testfile} func_test username3 swiftusertest3
iniset ${testfile} func_test account2 swifttenanttest2
iniset ${testfile} func_test username2 swiftusertest2 |
24779f65 |
iniset ${testfile} func_test account4 swifttenanttest4
iniset ${testfile} func_test username4 swiftusertest4
iniset ${testfile} func_test password4 testing4
iniset ${testfile} func_test domain4 swift_test |
0ce91a5c |
|
5ce44cd6 |
if is_service_enabled keystone; then |
0ce91a5c |
iniuncomment ${testfile} func_test auth_version |
24779f65 |
local auth_vers=$(iniget ${testfile} func_test auth_version) |
0ce91a5c |
iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT} |
24779f65 |
if [[ $auth_vers == "3" ]]; then
iniset ${testfile} func_test auth_prefix /v3/
else
iniset ${testfile} func_test auth_prefix /v2.0/
fi |
0ce91a5c |
fi
|
2f6576bf |
local user_group=$(id -g ${STACK_USER})
sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}
|
084f51f7 |
local swift_log_dir=${SWIFT_DATA_DIR}/logs |
2f6576bf |
sudo rm -rf ${swift_log_dir}
sudo install -d -o ${STACK_USER} -g adm ${swift_log_dir}/hourly |
f894c2ab |
if [[ $SYSLOG != "False" ]]; then
sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \
tee /etc/rsyslog.d/10-swift.conf
# restart syslog to take the changes
sudo killall -HUP rsyslogd
fi |
ad7e8c63 |
|
46455a34 |
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then |
d98a5d0a |
_config_swift_apache_wsgi
fi |
ece6a332 |
}
|
1c6c1125 |
# create_swift_disk - Create Swift backing disk |
aee18c74 |
function create_swift_disk { |
1c6c1125 |
local node_number
# First do a bit of setup by creating the directories and
# changing the permissions so we can run it as our user.
|
084f51f7 |
local user_group=$(id -g ${STACK_USER}) |
8421c2b9 |
sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}/{drives,cache,run,logs} |
1c6c1125 |
# Create a loopback disk and format it to XFS. |
e6024413 |
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then |
1c6c1125 |
if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
sudo umount ${SWIFT_DATA_DIR}/drives/sdb1 |
e6024413 |
sudo rm -f ${SWIFT_DISK_IMAGE} |
1c6c1125 |
fi
fi
mkdir -p ${SWIFT_DATA_DIR}/drives/images |
e6024413 |
sudo touch ${SWIFT_DISK_IMAGE} |
e578effb |
sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE} |
1c6c1125 |
|
e6024413 |
truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE} |
1c6c1125 |
# Make a fresh XFS filesystem |
fd034f00 |
/sbin/mkfs.xfs -f -i size=1024 ${SWIFT_DISK_IMAGE} |
1c6c1125 |
# Mount the disk with mount options to make it as efficient as possible
mkdir -p ${SWIFT_DATA_DIR}/drives/sdb1
if ! egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
sudo mount -t xfs -o loop,noatime,nodiratime,nobarrier,logbufs=8 \ |
e6024413 |
${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1 |
1c6c1125 |
fi
# Create a link to the above mount and
# create all of the directories needed to emulate a few different servers |
084f51f7 |
local node_number |
1c6c1125 |
for node_number in ${SWIFT_REPLICAS_SEQ}; do
sudo ln -sf ${SWIFT_DATA_DIR}/drives/sdb1/$node_number ${SWIFT_DATA_DIR}/$node_number; |
084f51f7 |
local drive=${SWIFT_DATA_DIR}/drives/sdb1/${node_number}
local node=${SWIFT_DATA_DIR}/${node_number}/node
local node_device=${node}/sdb1 |
1c6c1125 |
[[ -d $node ]] && continue
[[ -d $drive ]] && continue |
084f51f7 |
sudo install -o ${STACK_USER} -g $user_group -d $drive
sudo install -o ${STACK_USER} -g $user_group -d $node_device |
e578effb |
sudo chown -R ${STACK_USER}: ${node} |
1c6c1125 |
done
} |
dc97cb71 |
# create_swift_accounts() - Set up standard Swift accounts and extra |
ba313054 |
# one for tests we do this by attaching all words in the account name
# since we want to make it compatible with tempauth which use
# underscores for separators. |
0ce91a5c |
|
24779f65 |
# Tenant User Roles Domain |
0ce91a5c |
# ------------------------------------------------------------------ |
24779f65 |
# service swift service default
# swifttenanttest1 swiftusertest1 admin default
# swifttenanttest1 swiftusertest3 anotherrole default
# swifttenanttest2 swiftusertest2 admin default
# swifttenanttest4 swiftusertest4 admin swift_test |
0ce91a5c |
|
aee18c74 |
function create_swift_accounts { |
dc97cb71 |
# Defines specific passwords used by ``tools/create_userrc.sh``
# As these variables are used by ``create_userrc.sh,`` they must be exported
# The _password suffix is expected by ``create_userrc.sh``. |
7c6d005e |
export swiftusertest1_password=testing
export swiftusertest2_password=testing2
export swiftusertest3_password=testing3 |
24779f65 |
export swiftusertest4_password=testing4 |
1814e671 |
|
ba313054 |
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
|
dbdee698 |
local another_role=$(get_or_create_role "anotherrole") |
19685428 |
|
ae74ed77 |
# NOTE(jroll): Swift doesn't need the admin role here, however Ironic uses
# temp urls, which break when uploaded by a non-admin role
create_service_user "swift" "admin" |
ba313054 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
0abde393 |
|
b17ad756 |
get_or_create_service "swift" "object-store" "Swift Service"
get_or_create_endpoint "object-store" \ |
0abde393 |
"$REGION_NAME" \ |
18d4778c |
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080" \
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" |
ba313054 |
fi
|
b632c9ef |
local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default) |
084f51f7 |
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1" |
9d7e776b |
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
"default" "test@example.com") |
23178a99 |
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1" |
9b215db5 |
get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1 |
0ce91a5c |
|
9d7e776b |
local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
"default" "test3@example.com") |
084f51f7 |
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3" |
9b215db5 |
get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1 |
0ce91a5c |
|
b632c9ef |
local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default) |
084f51f7 |
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2" |
19685428 |
|
9d7e776b |
local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
"default" "test2@example.com") |
084f51f7 |
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2" |
9b215db5 |
get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2 |
24779f65 |
local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4" |
18f39bfb |
|
9d7e776b |
local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
$swift_domain "test4@example.com") |
24779f65 |
die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4" |
9b215db5 |
get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4 |
0ce91a5c |
} |
1c6c1125 |
|
ece6a332 |
# init_swift() - Initialize rings |
aee18c74 |
function init_swift { |
ece6a332 |
local node_number
# Make sure to kill all swift processes first |
ad8b2762 |
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true |
ece6a332 |
|
1c6c1125 |
# Forcibly re-create the backing filesystem
create_swift_disk
|
ece6a332 |
# This is where we create three different rings for swift with
# different object servers binding on different ports. |
6ec72fab |
pushd ${SWIFT_CONF_DIR} >/dev/null && { |
ece6a332 |
rm -f *.builder *.ring.gz backups/*.builder backups/*.ring.gz
swift-ring-builder object.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
swift-ring-builder container.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
swift-ring-builder account.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
for node_number in ${SWIFT_REPLICAS_SEQ}; do |
180f5eb6 |
swift-ring-builder object.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
swift-ring-builder container.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
swift-ring-builder account.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1 |
ece6a332 |
done
swift-ring-builder object.builder rebalance
swift-ring-builder container.builder rebalance
swift-ring-builder account.builder rebalance
} && popd >/dev/null
|
64ab7743 |
# Create cache dir |
8421c2b9 |
sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR |
64ab7743 |
rm -f $SWIFT_AUTH_CACHE_DIR/* |
ece6a332 |
}
|
aee18c74 |
function install_swift { |
ece6a332 |
git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH |
253a1a35 |
setup_develop $SWIFT_DIR |
46455a34 |
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then |
d98a5d0a |
install_apache_wsgi
fi |
ece6a332 |
}
|
aee18c74 |
function install_swiftclient { |
e08ab104 |
if use_library_from_git "python-swiftclient"; then
git_clone_by_name "python-swiftclient"
setup_dev_lib "python-swiftclient" |
5cb19069 |
fi |
ece6a332 |
}
|
1848b837 |
# install_ceilometermiddleware() - Collect source and prepare
# note that this doesn't really have anything to do with ceilometer;
# though ceilometermiddleware has ceilometer in its name as an
# artifact of history, it is not a ceilometer specific tool. It
# simply generates pycadf-based notifications about requests and
# responses on the swift proxy
function install_ceilometermiddleware {
if use_library_from_git "ceilometermiddleware"; then
git_clone_by_name "ceilometermiddleware"
setup_dev_lib "ceilometermiddleware"
else
pip_install_gr ceilometermiddleware
fi
}
|
ece6a332 |
# start_swift() - Start running processes, including screen |
aee18c74 |
function start_swift { |
8ecbb38d |
# (re)start memcached to make sure we have a clean memcache.
restart_service memcached
|
ece6a332 |
# Start rsync |
c18b9651 |
if is_ubuntu; then |
ece6a332 |
sudo /etc/init.d/rsync restart || : |
0e57b967 |
elif [ -e /etc/xinetd.d/rsync ]; then
start_service xinetd |
ece6a332 |
else |
0e57b967 |
start_service rsyncd |
ece6a332 |
fi
|
46455a34 |
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then |
d98a5d0a |
restart_apache_server
swift-init --run-dir=${SWIFT_DATA_DIR}/run rest start |
2f27a0ed |
tail_log s-proxy /var/log/$APACHE_NAME/proxy-server |
d98a5d0a |
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do |
2f27a0ed |
tail_log s-${type} /var/log/$APACHE_NAME/${type}-server-1 |
d98a5d0a |
done
fi
return 0
fi
|
101b4248 |
# By default with only one replica we are launching the proxy,
# container, account and object server in screen in foreground and |
dc97cb71 |
# other services in background. If we have ``SWIFT_REPLICAS`` set to something
# greater than one we first spawn all the Swift services then kill the proxy |
101b4248 |
# service so we can run it in foreground in screen. ``swift-init ...
# {stop|restart}`` exits with '1' if no servers are running, ignore it just
# in case |
084f51f7 |
local todo type |
101b4248 |
swift-init --run-dir=${SWIFT_DATA_DIR}/run all restart || true
if [[ ${SWIFT_REPLICAS} == 1 ]]; then |
0c3a5584 |
todo="object container account" |
101b4248 |
fi
for type in proxy ${todo}; do
swift-init --run-dir=${SWIFT_DATA_DIR}/run ${type} stop || true
done |
18d4778c |
if is_service_enabled tls-proxy; then
local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080}
start_tls_proxy '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT &
fi |
2f27a0ed |
run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v" |
101b4248 |
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do |
2f27a0ed |
run_process s-${type} "$SWIFT_DIR/bin/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v" |
101b4248 |
done
fi |
abbb0e9a |
if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then
swift_configure_tempurls
fi |
ece6a332 |
}
# stop_swift() - Stop running processes (non-screen) |
aee18c74 |
function stop_swift { |
084f51f7 |
local type |
d98a5d0a |
|
46455a34 |
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then |
d98a5d0a |
swift-init --run-dir=${SWIFT_DATA_DIR}/run rest stop && return 0
fi
|
dc97cb71 |
# screen normally killed by ``unstack.sh`` |
995eb927 |
if type -p swift-init >/dev/null; then |
0c3a5584 |
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
fi |
f36a9b21 |
# Dump all of the servers |
2f27a0ed |
# Maintain the iteration as stop_process() has some desirable side-effects |
1eae3e15 |
for type in proxy object container account; do |
2f27a0ed |
stop_process s-${type} |
1eae3e15 |
done
# Blast out any stragglers |
f750a6fe |
pkill -f swift- || true |
ece6a332 |
}
|
abbb0e9a |
function swift_configure_tempurls {
OS_USERNAME=swift \
OS_TENANT_NAME=$SERVICE_TENANT_NAME \
OS_PASSWORD=$SERVICE_PASSWORD \ |
3e3212b5 |
OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \ |
abbb0e9a |
swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
}
|
ece6a332 |
# Restore xtrace
$XTRACE |
584d90ec |
|
6a5aa7c6 |
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: |