b0f330e7b2
Performance testing of an OSA deployed Swift cluster hit several issues. Comparison of the proxy conf with the Swift Auth docu [1] found two settings that affect performance that that were not set in the template. include_service_catalog - This defaults to True which makes the proxy server fetch the service catalog on every request in the authtoken middleware. This hammers Keystone. cache - When using memcache this should be set so the authtoken middleware uses the correct cache and not go back to Keystone on every request. [1] http://docs.openstack.org/developer/swift/overview_auth.html Change-Id: Iddaf097e3ff5c1b7118b11cfc598a40a91d6f96f
200 lines
5.9 KiB
Django/Jinja
200 lines
5.9 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
|
|
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
|
|
|
|
[DEFAULT]
|
|
# Disable stderr logging
|
|
use_stderr = False
|
|
bind_ip = 0.0.0.0
|
|
bind_port = {{ swift_proxy_port }}
|
|
workers = {{ swift_proxy_server_workers | default(api_threads) }}
|
|
|
|
user = {{ swift_system_user_name }}
|
|
log_facility = LOG_LOCAL1
|
|
|
|
{% if swift_proxy_vars is defined %}
|
|
{% if swift_proxy_vars.statsd_host is defined %}
|
|
{% set statsd = 1 %}
|
|
log_statsd_host = {{ swift_proxy_vars.statsd_host | default(statsd_host) }}
|
|
{% elif swift.statsd_host is defined %}
|
|
{% set statsd = 1 %}
|
|
log_statsd_host = {{ swift.statsd_host | default(statsd_host) }}
|
|
{% endif %}
|
|
{% if statsd is defined %}
|
|
{% if swift_proxy_vars.statsd_port is defined %}
|
|
log_statsd_port = {{ swift_proxy_vars.statsd_port }}
|
|
{% else %}
|
|
log_statsd_port = {{ swift.statsd_port | default(statsd_port) }}
|
|
{% endif %}
|
|
{% if swift_proxy_vars.statsd_default_sample_rate is defined %}
|
|
log_statsd_default_sample_rate = {{ swift_proxy_vars.statsd_default_sample_rate }}
|
|
{% else %}
|
|
log_statsd_default_sample_rate = {{ swift.statsd_default_sample_rate | default(statsd_default_sample_rate) }}
|
|
{% endif %}
|
|
{% if swift_proxy_vars.statsd_sample_rate_factor is defined %}
|
|
log_statsd_sample_rate_factor = {{ swift_proxy_vars.statsd_sample_rate_factor }}
|
|
{% else %}
|
|
log_statsd_sample_rate_factor = {{ swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor) }}
|
|
{% endif %}
|
|
{% if swift_proxy_vars.statsd_metric_prefix is defined %}
|
|
log_statsd_metric_prefix = {{ swift_proxy_vars.statsd_metric_prefix }}
|
|
{% else %}
|
|
log_statsd_metric_prefix = {{ swift.statsd_metric_prefix | default(inventory_hostname) }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[pipeline:main]
|
|
pipeline = {{ swift_middleware_list | join(' ') }}
|
|
|
|
[app:proxy-server]
|
|
use = egg:swift#proxy
|
|
log_facility = LOG_LOCAL1
|
|
node_timeout = 60
|
|
conn_timeout = 3.5
|
|
account_autocreate = true
|
|
{% if swift_proxy_vars is defined %}
|
|
{% if swift_proxy_vars.read_affinity is defined %}
|
|
read_affinity = {{ swift_proxy_vars.read_affinity }}
|
|
{% set swift_sorting_method = 'affinity' %}
|
|
{% endif %}
|
|
{% if swift_proxy_vars.write_affinity is defined %}
|
|
write_affinity = {{ swift_proxy_vars.write_affinity }}
|
|
{% if swift_proxy_vars.write_affinity_node_count is defined %}
|
|
write_affinity_node_count = {{ swift_proxy_vars.write_affinity_node_count }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
sorting_method = {{ swift_sorting_method }}
|
|
|
|
{% if 'tempauth' in swift_middleware_list %}
|
|
[filter:tempauth]
|
|
use = egg:swift#tempauth
|
|
user_admin_admin = admin .admin .reseller_admin
|
|
user_test_tester = testing .admin
|
|
user_test2_tester2 = testing2 .admin
|
|
user_test_tester3 = testing3
|
|
{% endif %}
|
|
|
|
{% if 'authtoken' in swift_middleware_list %}
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
auth_plugin = {{ swift_keystone_auth_plugin }}
|
|
auth_url = {{ keystone_service_adminuri }}
|
|
auth_uri = {{ keystone_service_internaluri }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
region_name = {{ keystone_service_region }}
|
|
project_domain_id = {{ swift_service_project_domain_id }}
|
|
user_domain_id = {{ swift_service_user_domain_id }}
|
|
project_name = {{ swift_service_project_name }}
|
|
username = {{ swift_service_user_name }}
|
|
password = {{ swift_service_password }}
|
|
delay_auth_decision = {{ swift_delay_auth_decision }}
|
|
include_service_catalog = False
|
|
{% if memcached_servers is defined %}
|
|
memcached_servers = {{ memcached_servers }}
|
|
cache = swift.cache
|
|
|
|
token_cache_time = 300
|
|
revocation_cache_time = 60
|
|
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_encryption_key }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if 'keystoneauth' in swift_middleware_list %}
|
|
[filter:keystoneauth]
|
|
use = egg:swift#keystoneauth
|
|
{% if swift_allow_all_users is defined and swift_allow_all_users == True %}
|
|
{% if 'ceilometer' in swift_middleware_list %}
|
|
operator_roles = admin, swiftoperator, _member_, {{ swift_reselleradmin_role }}
|
|
{% else %}
|
|
operator_roles = admin, swiftoperator, _member_
|
|
{% endif %}
|
|
{% else %}
|
|
{% if 'ceilometer' in swift_middleware_list %}
|
|
operator_roles = admin, swiftoperator, {{ swift_reselleradmin_role }}
|
|
{% else %}
|
|
operator_roles = admin, swiftoperator
|
|
{% endif %}
|
|
{% endif %}
|
|
# The reseller admin role has the ability to create and delete accounts
|
|
reseller_admin_role = {{ swift_reselleradmin_role }}
|
|
{% endif %}
|
|
|
|
[filter:healthcheck]
|
|
use = egg:swift#healthcheck
|
|
|
|
[filter:cache]
|
|
use = egg:swift#memcache
|
|
|
|
[filter:ratelimit]
|
|
use = egg:swift#ratelimit
|
|
|
|
[filter:domain_remap]
|
|
use = egg:swift#domain_remap
|
|
|
|
[filter:catch_errors]
|
|
use = egg:swift#catch_errors
|
|
|
|
[filter:cname_lookup]
|
|
use = egg:swift#cname_lookup
|
|
|
|
[filter:staticweb]
|
|
use = egg:swift#staticweb
|
|
|
|
[filter:tempurl]
|
|
use = egg:swift#tempurl
|
|
|
|
[filter:formpost]
|
|
use = egg:swift#formpost
|
|
|
|
[filter:name_check]
|
|
use = egg:swift#name_check
|
|
|
|
[filter:list-endpoints]
|
|
use = egg:swift#list_endpoints
|
|
|
|
[filter:proxy-logging]
|
|
use = egg:swift#proxy_logging
|
|
|
|
[filter:bulk]
|
|
use = egg:swift#bulk
|
|
|
|
[filter:container-quotas]
|
|
use = egg:swift#container_quotas
|
|
|
|
[filter:slo]
|
|
use = egg:swift#slo
|
|
|
|
[filter:dlo]
|
|
use = egg:swift#dlo
|
|
|
|
[filter:account-quotas]
|
|
use = egg:swift#account_quotas
|
|
|
|
[filter:gatekeeper]
|
|
use = egg:swift#gatekeeper
|
|
|
|
[filter:container_sync]
|
|
use = egg:swift#container_sync
|
|
|
|
[filter:xprofile]
|
|
use = egg:swift#xprofile
|
|
|
|
{% if 'ceilometer' in swift_middleware_list %}
|
|
[filter:ceilometer]
|
|
paste.filter_factory = ceilometermiddleware.swift:filter_factory
|
|
control_exchange = swift
|
|
driver = messagingv2
|
|
url = rabbit://{% for host in swift_rabbitmq_telemetry_servers.split(',') %}{{ swift_rabbitmq_telemetry_userid }}:{{ swift_rabbitmq_telemetry_password }}@{{ host }}:{{ swift_rabbitmq_telemetry_port }}{% if not loop.last %},{% else %}/{{ swift_rabbitmq_telemetry_vhost }}{% endif %}{% endfor %}
|
|
|
|
topic = notifications
|
|
{% if swift_gnocchi_service_project_id is defined %}
|
|
ignore_projects = {{ swift_gnocchi_service_project_id }}
|
|
{% endif %}
|
|
log_level = WARN
|
|
{% endif %}
|