...
|
...
|
@@ -409,16 +409,27 @@ function configure_swift {
|
409
|
409
|
# Configure Crossdomain
|
410
|
410
|
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
|
411
|
411
|
|
412
|
|
- # Configure Keystone
|
413
|
|
- sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
|
414
|
|
- configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
|
|
412
|
+
|
415
|
413
|
# This causes the authtoken middleware to use the same python logging
|
416
|
414
|
# adapter provided by the swift proxy-server, so that request transaction
|
417
|
415
|
# IDs will included in all of its log messages.
|
418
|
416
|
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
|
419
|
417
|
|
420
|
|
- iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use
|
421
|
|
- iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
|
|
418
|
+ # NOTE(jamielennox): swift cannot use the regular configure_auth_token_middleware function because swift
|
|
419
|
+ # doesn't use oslo.config which is the only way to configure auth plugins with the middleare.
|
|
420
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
|
|
421
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken identity_uri $KEYSTONE_AUTH_URI
|
|
422
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
|
|
423
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
|
|
424
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
|
425
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_URI
|
|
426
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $SSL_BUNDLE_FILE
|
|
427
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
|
|
428
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
|
|
429
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
|
|
430
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
|
|
431
|
+
|
|
432
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth"
|
422
|
433
|
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
|
423
|
434
|
|
424
|
435
|
# Configure Tempauth. In the sample config file, Keystoneauth is commented
|