Update Swift configuration with keystone latest.
- Update Swift to use the new tokenauth and swift_auth from keystone.
- Drop swift-keystone2.
- Add swift3 / s3token in swift proxy pipeline (TODO: figure out
testing).
- Fix exercises/swift.sh (workaround until review #3712 get merged).
Change-Id: Ie85d30e14cee21c6f80043fccde92dfb229f0e80
diff --git a/exercises/swift.sh b/exercises/swift.sh
index f7be099..3a57744 100755
--- a/exercises/swift.sh
+++ b/exercises/swift.sh
@@ -23,18 +23,22 @@
# Testing Swift
# =============
+# FIXME(chmou): when review https://review.openstack.org/#change,3712
+# is merged we would be able to use the common openstack options and
+# remove the trailing slash to v2.0 auth url.
+#
# Check if we have to swift via keystone
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD stat
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD stat
# We start by creating a test container
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD post testcontainer
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD post testcontainer
# add some files into it.
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD upload testcontainer /etc/issue
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD upload testcontainer /etc/issue
# list them
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD list testcontainer
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD list testcontainer
# And we may want to delete them now that we have tested that
# everything works.
-swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin -K $ADMIN_PASSWORD delete testcontainer
+swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0/ -U admin -K $ADMIN_PASSWORD delete testcontainer
diff --git a/files/swift/proxy-server.conf b/files/swift/proxy-server.conf
index 3ef0276..d6db117 100644
--- a/files/swift/proxy-server.conf
+++ b/files/swift/proxy-server.conf
@@ -8,7 +8,7 @@
log_level = DEBUG
[pipeline:main]
-pipeline = healthcheck cache %AUTH_SERVER% proxy-server
+pipeline = healthcheck cache swift3 %AUTH_SERVER% proxy-server
[app:proxy-server]
use = egg:swift#proxy
@@ -16,10 +16,32 @@
account_autocreate = true
[filter:keystone]
-use = egg:swiftkeystone2#keystone2
-keystone_admin_token = %SERVICE_TOKEN%
-keystone_url = http://localhost:35357/v2.0
-keystone_swift_operator_roles = Member,admin
+paste.filter_factory = keystone.middleware.swift_auth:filter_factory
+operator_roles = Member,admin
+
+[filter:s3token]
+paste.filter_factory = keystone.middleware.s3_token:filter_factory
+service_port = %KEYSTONE_SERVICE_PORT%
+service_host = %KEYSTONE_SERVICE_HOST%
+auth_port = %KEYSTONE_AUTH_PORT%
+auth_host = %KEYSTONE_AUTH_HOST%
+auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
+auth_token = %SERVICE_TOKEN%
+admin_token = %SERVICE_TOKEN%
+
+[filter:tokenauth]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_port = %KEYSTONE_SERVICE_PORT%
+service_host = %KEYSTONE_SERVICE_HOST%
+auth_port = %KEYSTONE_AUTH_PORT%
+auth_host = %KEYSTONE_AUTH_HOST%
+auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
+auth_token = %SERVICE_TOKEN%
+admin_token = %SERVICE_TOKEN%
+cache = swift.cache
+
+[filter:swift3]
+use = egg:swift#swift3
[filter:tempauth]
use = egg:swift#tempauth
diff --git a/stack.sh b/stack.sh
index fef0127..067ea7e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -162,7 +162,6 @@
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
NOVNC_DIR=$DEST/noVNC
SWIFT_DIR=$DEST/swift
-SWIFT_KEYSTONE_DIR=$DEST/swift-keystone2
QUANTUM_DIR=$DEST/quantum
QUANTUM_CLIENT_DIR=$DEST/python-quantumclient
MELANGE_DIR=$DEST/melange
@@ -570,8 +569,6 @@
if is_service_enabled swift; then
# storage service
git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH
- # swift + keystone middleware
- git_clone $SWIFT_KEYSTONE_REPO $SWIFT_KEYSTONE_DIR $SWIFT_KEYSTONE_BRANCH
fi
if is_service_enabled g-api n-api; then
# image catalog service
@@ -615,7 +612,6 @@
fi
if is_service_enabled swift; then
cd $SWIFT_DIR; sudo python setup.py develop
- cd $SWIFT_KEYSTONE_DIR; sudo python setup.py develop
fi
if is_service_enabled g-api n-api; then
cd $GLANCE_DIR; sudo python setup.py develop
@@ -1007,19 +1003,24 @@
# which has some default username and password if you have
# configured keystone it will checkout the directory.
if is_service_enabled key; then
- swift_auth_server=keystone
-
- # We install the memcache server as this is will be used by the
- # middleware to cache the tokens auths for a long this is needed.
- apt_get install memcached
+ swift_auth_server="s3token tokenauth keystone"
else
swift_auth_server=tempauth
fi
# We do the install of the proxy-server and swift configuration
# replacing a few directives to match our configuration.
- sed "s,%SWIFT_CONFIG_LOCATION%,${SWIFT_CONFIG_LOCATION},;s/%USER%/$USER/;s/%SERVICE_TOKEN%/${SERVICE_TOKEN}/;s/%AUTH_SERVER%/${swift_auth_server}/" \
- $FILES/swift/proxy-server.conf|sudo tee ${SWIFT_CONFIG_LOCATION}/proxy-server.conf
+ sed -e "s,%SWIFT_CONFIG_LOCATION%,${SWIFT_CONFIG_LOCATION},g;
+ s,%USER%,$USER,g;
+ s,%SERVICE_TOKEN%,${SERVICE_TOKEN},g;
+ s,%KEYSTONE_SERVICE_PORT%,${KEYSTONE_SERVICE_PORT},g;
+ s,%KEYSTONE_SERVICE_HOST%,${KEYSTONE_SERVICE_HOST},g;
+ s,%KEYSTONE_AUTH_PORT%,${KEYSTONE_AUTH_PORT},g;
+ s,%KEYSTONE_AUTH_HOST%,${KEYSTONE_AUTH_HOST},g;
+ s,%KEYSTONE_AUTH_PROTOCOL%,${KEYSTONE_AUTH_PROTOCOL},g;
+ s/%AUTH_SERVER%/${swift_auth_server}/g;" \
+ $FILES/swift/proxy-server.conf | \
+ sudo tee ${SWIFT_CONFIG_LOCATION}/proxy-server.conf
sed -e "s/%SWIFT_HASH%/$SWIFT_HASH/" $FILES/swift/swift.conf > ${SWIFT_CONFIG_LOCATION}/swift.conf