b328838104
* Use username/password instead of service token for service auth to Keystone
* Updates files/glance-*-paste.ini and files/swift/proxy-server.conf
* keystone_data.sh creates 'service' tenant, 'nova' and 'glance' users
('swift' and 'quantum' if those services are enabled)
* Uses $SERVICE_PASSWORD for the service auth password. There is no default;
to default to $ADMIN_PASSWORD, place the assignment in localrc.
Fixes bug 942983
Change-Id: If78eed1b509a9c1e8441bb4cfa095da9052f9395
64 lines
1.7 KiB
Plaintext
64 lines
1.7 KiB
Plaintext
[DEFAULT]
|
|
bind_port = 8080
|
|
user = %USER%
|
|
swift_dir = %SWIFT_CONFIG_LOCATION%
|
|
workers = 1
|
|
log_name = swift
|
|
log_facility = LOG_LOCAL1
|
|
log_level = DEBUG
|
|
|
|
[pipeline:main]
|
|
pipeline = healthcheck cache swift3 %AUTH_SERVER% proxy-server
|
|
|
|
[app:proxy-server]
|
|
use = egg:swift#proxy
|
|
allow_account_management = true
|
|
account_autocreate = true
|
|
|
|
[filter:keystone]
|
|
paste.filter_factory = keystone.middleware.swift_auth:filter_factory
|
|
operator_roles = Member,admin
|
|
|
|
[filter:s3token]
|
|
paste.filter_factory = keystone.middleware.s3_token:filter_factory
|
|
service_port = %KEYSTONE_SERVICE_PORT%
|
|
service_host = %KEYSTONE_SERVICE_HOST%
|
|
auth_port = %KEYSTONE_AUTH_PORT%
|
|
auth_host = %KEYSTONE_AUTH_HOST%
|
|
auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
|
|
auth_token = %SERVICE_TOKEN%
|
|
admin_token = %SERVICE_TOKEN%
|
|
|
|
[filter:tokenauth]
|
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
|
# FIXME(dtroyer): remove these service_* entries after auth_token is updated
|
|
service_port = %KEYSTONE_SERVICE_PORT%
|
|
service_host = %KEYSTONE_SERVICE_HOST%
|
|
auth_port = %KEYSTONE_AUTH_PORT%
|
|
auth_host = %KEYSTONE_AUTH_HOST%
|
|
auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
|
|
auth_token = %SERVICE_TOKEN%
|
|
# FIXME(dtroyer): remove admin_token after auth_token is updated
|
|
admin_token = %SERVICE_TOKEN%
|
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
|
admin_user = %SERVICE_USERNAME%
|
|
admin_password = %SERVICE_PASSWORD%
|
|
cache = swift.cache
|
|
|
|
[filter:swift3]
|
|
use = egg:swift#swift3
|
|
|
|
[filter:tempauth]
|
|
use = egg:swift#tempauth
|
|
user_admin_admin = admin .admin .reseller_admin
|
|
user_test_tester = testing .admin
|
|
user_test2_tester2 = testing2 .admin
|
|
user_test_tester3 = testing3
|
|
bind_ip = 0.0.0.0
|
|
|
|
[filter:healthcheck]
|
|
use = egg:swift#healthcheck
|
|
|
|
[filter:cache]
|
|
use = egg:swift#memcache
|