- Update Swift to use the new tokenauth and swift_auth from keystone.
- Drop swift-keystone2.
- Add swift3 / s3token in swift proxy pipeline (TODO: figure out
testing).
- Fix exercises/swift.sh (workaround until review #3712 get merged).
Change-Id: Ie85d30e14cee21c6f80043fccde92dfb229f0e80
... | ... |
@@ -23,18 +23,22 @@ popd |
23 | 23 |
# Testing Swift |
24 | 24 |
# ============= |
25 | 25 |
|
26 |
+# FIXME(chmou): when review https://review.openstack.org/#change,3712 |
|
27 |
+# is merged we would be able to use the common openstack options and |
|
28 |
+# remove the trailing slash to v2.0 auth url. |
|
29 |
+# |
|
26 | 30 |
# Check if we have to swift via keystone |
27 |
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD stat |
|
31 |
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD stat |
|
28 | 32 |
|
29 | 33 |
# We start by creating a test container |
30 |
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD post testcontainer |
|
34 |
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD post testcontainer |
|
31 | 35 |
|
32 | 36 |
# add some files into it. |
33 |
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD upload testcontainer /etc/issue |
|
37 |
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD upload testcontainer /etc/issue |
|
34 | 38 |
|
35 | 39 |
# list them |
36 |
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD list testcontainer |
|
40 |
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD list testcontainer |
|
37 | 41 |
|
38 | 42 |
# And we may want to delete them now that we have tested that |
39 | 43 |
# everything works. |
40 |
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD delete testcontainer |
|
44 |
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD delete testcontainer |
... | ... |
@@ -8,7 +8,7 @@ log_facility = LOG_LOCAL1 |
8 | 8 |
log_level = DEBUG |
9 | 9 |
|
10 | 10 |
[pipeline:main] |
11 |
-pipeline = healthcheck cache %AUTH_SERVER% proxy-server |
|
11 |
+pipeline = healthcheck cache swift3 %AUTH_SERVER% proxy-server |
|
12 | 12 |
|
13 | 13 |
[app:proxy-server] |
14 | 14 |
use = egg:swift#proxy |
... | ... |
@@ -16,10 +16,32 @@ allow_account_management = true |
16 | 16 |
account_autocreate = true |
17 | 17 |
|
18 | 18 |
[filter:keystone] |
19 |
-use = egg:swiftkeystone2#keystone2 |
|
20 |
-keystone_admin_token = %SERVICE_TOKEN% |
|
21 |
-keystone_url = http://localhost:35357/v2.0 |
|
22 |
-keystone_swift_operator_roles = Member,admin |
|
19 |
+paste.filter_factory = keystone.middleware.swift_auth:filter_factory |
|
20 |
+operator_roles = Member,admin |
|
21 |
+ |
|
22 |
+[filter:s3token] |
|
23 |
+paste.filter_factory = keystone.middleware.s3_token:filter_factory |
|
24 |
+service_port = %KEYSTONE_SERVICE_PORT% |
|
25 |
+service_host = %KEYSTONE_SERVICE_HOST% |
|
26 |
+auth_port = %KEYSTONE_AUTH_PORT% |
|
27 |
+auth_host = %KEYSTONE_AUTH_HOST% |
|
28 |
+auth_protocol = %KEYSTONE_AUTH_PROTOCOL% |
|
29 |
+auth_token = %SERVICE_TOKEN% |
|
30 |
+admin_token = %SERVICE_TOKEN% |
|
31 |
+ |
|
32 |
+[filter:tokenauth] |
|
33 |
+paste.filter_factory = keystone.middleware.auth_token:filter_factory |
|
34 |
+service_port = %KEYSTONE_SERVICE_PORT% |
|
35 |
+service_host = %KEYSTONE_SERVICE_HOST% |
|
36 |
+auth_port = %KEYSTONE_AUTH_PORT% |
|
37 |
+auth_host = %KEYSTONE_AUTH_HOST% |
|
38 |
+auth_protocol = %KEYSTONE_AUTH_PROTOCOL% |
|
39 |
+auth_token = %SERVICE_TOKEN% |
|
40 |
+admin_token = %SERVICE_TOKEN% |
|
41 |
+cache = swift.cache |
|
42 |
+ |
|
43 |
+[filter:swift3] |
|
44 |
+use = egg:swift#swift3 |
|
23 | 45 |
|
24 | 46 |
[filter:tempauth] |
25 | 47 |
use = egg:swift#tempauth |
... | ... |
@@ -162,7 +162,6 @@ NOVACLIENT_DIR=$DEST/python-novaclient |
162 | 162 |
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient |
163 | 163 |
NOVNC_DIR=$DEST/noVNC |
164 | 164 |
SWIFT_DIR=$DEST/swift |
165 |
-SWIFT_KEYSTONE_DIR=$DEST/swift-keystone2 |
|
166 | 165 |
QUANTUM_DIR=$DEST/quantum |
167 | 166 |
QUANTUM_CLIENT_DIR=$DEST/python-quantumclient |
168 | 167 |
MELANGE_DIR=$DEST/melange |
... | ... |
@@ -570,8 +569,6 @@ fi |
570 | 570 |
if is_service_enabled swift; then |
571 | 571 |
# storage service |
572 | 572 |
git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH |
573 |
- # swift + keystone middleware |
|
574 |
- git_clone $SWIFT_KEYSTONE_REPO $SWIFT_KEYSTONE_DIR $SWIFT_KEYSTONE_BRANCH |
|
575 | 573 |
fi |
576 | 574 |
if is_service_enabled g-api n-api; then |
577 | 575 |
# image catalog service |
... | ... |
@@ -615,7 +612,6 @@ if is_service_enabled key g-api n-api swift; then |
615 | 615 |
fi |
616 | 616 |
if is_service_enabled swift; then |
617 | 617 |
cd $SWIFT_DIR; sudo python setup.py develop |
618 |
- cd $SWIFT_KEYSTONE_DIR; sudo python setup.py develop |
|
619 | 618 |
fi |
620 | 619 |
if is_service_enabled g-api n-api; then |
621 | 620 |
cd $GLANCE_DIR; sudo python setup.py develop |
... | ... |
@@ -1007,19 +1003,24 @@ if is_service_enabled swift; then |
1007 | 1007 |
# which has some default username and password if you have |
1008 | 1008 |
# configured keystone it will checkout the directory. |
1009 | 1009 |
if is_service_enabled key; then |
1010 |
- swift_auth_server=keystone |
|
1011 |
- |
|
1012 |
- # We install the memcache server as this is will be used by the |
|
1013 |
- # middleware to cache the tokens auths for a long this is needed. |
|
1014 |
- apt_get install memcached |
|
1010 |
+ swift_auth_server="s3token tokenauth keystone" |
|
1015 | 1011 |
else |
1016 | 1012 |
swift_auth_server=tempauth |
1017 | 1013 |
fi |
1018 | 1014 |
|
1019 | 1015 |
# We do the install of the proxy-server and swift configuration |
1020 | 1016 |
# replacing a few directives to match our configuration. |
1021 |
- sed "s,%SWIFT_CONFIG_LOCATION%,${SWIFT_CONFIG_LOCATION},;s/%USER%/$USER/;s/%SERVICE_TOKEN%/${SERVICE_TOKEN}/;s/%AUTH_SERVER%/${swift_auth_server}/" \ |
|
1022 |
- $FILES/swift/proxy-server.conf|sudo tee ${SWIFT_CONFIG_LOCATION}/proxy-server.conf |
|
1017 |
+ sed -e "s,%SWIFT_CONFIG_LOCATION%,${SWIFT_CONFIG_LOCATION},g; |
|
1018 |
+ s,%USER%,$USER,g; |
|
1019 |
+ s,%SERVICE_TOKEN%,${SERVICE_TOKEN},g; |
|
1020 |
+ s,%KEYSTONE_SERVICE_PORT%,${KEYSTONE_SERVICE_PORT},g; |
|
1021 |
+ s,%KEYSTONE_SERVICE_HOST%,${KEYSTONE_SERVICE_HOST},g; |
|
1022 |
+ s,%KEYSTONE_AUTH_PORT%,${KEYSTONE_AUTH_PORT},g; |
|
1023 |
+ s,%KEYSTONE_AUTH_HOST%,${KEYSTONE_AUTH_HOST},g; |
|
1024 |
+ s,%KEYSTONE_AUTH_PROTOCOL%,${KEYSTONE_AUTH_PROTOCOL},g; |
|
1025 |
+ s/%AUTH_SERVER%/${swift_auth_server}/g;" \ |
|
1026 |
+ $FILES/swift/proxy-server.conf | \ |
|
1027 |
+ sudo tee ${SWIFT_CONFIG_LOCATION}/proxy-server.conf |
|
1023 | 1028 |
|
1024 | 1029 |
sed -e "s/%SWIFT_HASH%/$SWIFT_HASH/" $FILES/swift/swift.conf > ${SWIFT_CONFIG_LOCATION}/swift.conf |
1025 | 1030 |
|