Implement additional proxy middlewares
This commit implements additional proxy middlewares - catch_errors - handles errors - ratelimit - limits incoming requests - s3token - misddleware for s3auth - swift3 - implement swift APIs These middlewares needed to be modeled b/c they are configurable interfaces that needed to be configurable via Puppet.
This commit is contained in:
parent
d831ec1c45
commit
caad4e3732
27
manifests/proxy/catch_errors.pp
Normal file
27
manifests/proxy/catch_errors.pp
Normal file
@ -0,0 +1,27 @@
|
||||
#
|
||||
# Configure swift cache_errors.
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# include 'swift::proxy::catch_errors'
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# François Charlier fcharlier@ploup.net
|
||||
#
|
||||
# == Copyright
|
||||
#
|
||||
# Copyright 2012 eNovance licensing@enovance.com
|
||||
#
|
||||
|
||||
class swift::proxy::catch_errors() {
|
||||
|
||||
concat::fragment { 'swift_catch_errors':
|
||||
target => '/etc/swift/proxy-server.conf',
|
||||
content => template('swift/proxy/catch_errors.conf.erb'),
|
||||
order => '24',
|
||||
}
|
||||
|
||||
}
|
46
manifests/proxy/ratelimit.pp
Normal file
46
manifests/proxy/ratelimit.pp
Normal file
@ -0,0 +1,46 @@
|
||||
#
|
||||
# Configure swift ratelimit.
|
||||
#
|
||||
# See Swift's ratelimit documentation for more detail about the values.
|
||||
#
|
||||
# == Parameters
|
||||
# [clock_accuracy] The accuracy of swift proxy servers' clocks.
|
||||
# 1000 is 1ms max difference. No rate should be higher than this.
|
||||
# Optional. Defaults to 1000
|
||||
# [max_sleep_time_seconds] Time before the app returns a 498 response.
|
||||
# Optional. Defaults to 60.
|
||||
# [log_sleep_time_seconds] if >0, enables logging of sleeps longer than
|
||||
# the value.
|
||||
# Optional. Defaults to 0.
|
||||
# [rate_buffer_seconds] Time in second the rate counter can skip.
|
||||
# Optional. Defaults to 5.
|
||||
# [account_ratelimit] if >0, limits PUT and DELETE requests to containers
|
||||
# Optional. Defaults to 0.
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# François Charlier fcharlier@ploup.net
|
||||
#
|
||||
# == Copyright
|
||||
#
|
||||
# Copyright 2012 eNovance licensing@enovance.com
|
||||
#
|
||||
class swift::proxy::ratelimit(
|
||||
$clock_accuracy = 1000,
|
||||
$max_sleep_time_seconds = 60,
|
||||
$log_sleep_time_seconds = 0,
|
||||
$rate_buffer_seconds = 5,
|
||||
$account_ratelimit = 0
|
||||
) {
|
||||
|
||||
concat::fragment { 'swift_ratelimit':
|
||||
target => '/etc/swift/proxy-server.conf',
|
||||
content => template('swift/proxy/ratelimit.conf.erb'),
|
||||
order => '26',
|
||||
}
|
||||
|
||||
}
|
37
manifests/proxy/s3token.pp
Normal file
37
manifests/proxy/s3token.pp
Normal file
@ -0,0 +1,37 @@
|
||||
#
|
||||
# Configure swift s3token.
|
||||
#
|
||||
# == Parameters
|
||||
# [auth_host] the keystone host
|
||||
# Optional. Defaults to 127.0.0.1
|
||||
# [auth_port] the Keystone client API port
|
||||
# Optional. Defaults to 5000
|
||||
# [auth_protocol] http or https
|
||||
# Optional. Defaults to http
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# François Charlier fcharlier@ploup.net
|
||||
#
|
||||
# == Copyright
|
||||
#
|
||||
# Copyright 2012 eNovance licensing@enovance.com
|
||||
#
|
||||
class swift::proxy::s3token(
|
||||
auth_host = '127.0.0.1',
|
||||
auth_port = 5000,
|
||||
auth_protocol = 'http'
|
||||
) {
|
||||
|
||||
concat::fragment { 'swift_s3token':
|
||||
target => '/etc/swift/proxy-server.conf',
|
||||
content => template('swift/proxy/s3token.conf.erb'),
|
||||
order => '28',
|
||||
}
|
||||
|
||||
include 'keystone::python'
|
||||
}
|
24
manifests/proxy/swift3.pp
Normal file
24
manifests/proxy/swift3.pp
Normal file
@ -0,0 +1,24 @@
|
||||
#
|
||||
# Configure swift swift3.
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# François Charlier fcharlier@ploup.net
|
||||
#
|
||||
# == Copyright
|
||||
#
|
||||
# Copyright 2012 eNovance licensing@enovance.com
|
||||
#
|
||||
class swift::proxy::swift3() {
|
||||
|
||||
concat::fragment { 'swift_swift3':
|
||||
target => '/etc/swift/proxy-server.conf',
|
||||
content => template('swift/proxy/swift3.conf.erb'),
|
||||
order => '27',
|
||||
}
|
||||
|
||||
}
|
35
spec/classes/swift_proxy_authtoken_spec.rb
Normal file
35
spec/classes/swift_proxy_authtoken_spec.rb
Normal file
@ -0,0 +1,35 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'swift::proxy::authtoken' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:concat_basedir => '/var/lib/puppet/concat',
|
||||
}
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
'
|
||||
include concat::setup
|
||||
concat { "/etc/swift/proxy-server.conf": }
|
||||
'
|
||||
end
|
||||
|
||||
let :params do
|
||||
{
|
||||
:admin_token => 'admin_token',
|
||||
:admin_user => 'admin_user',
|
||||
:admin_tenant_name => 'admin_tenant_name',
|
||||
:admin_password => 'admin_password',
|
||||
:delay_auth_decision => 42,
|
||||
:auth_host => '1.2.3.4',
|
||||
:auth_port => 4682,
|
||||
:auth_protocol => 'https'
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_keystone__client__authtoken('/etc/swift/proxy-server.conf').with(
|
||||
params
|
||||
)}
|
||||
|
||||
end
|
23
spec/classes/swift_proxy_catch_errors_spec.rb
Normal file
23
spec/classes/swift_proxy_catch_errors_spec.rb
Normal file
@ -0,0 +1,23 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'swift::proxy::catch_errors' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:concat_basedir => '/var/lib/puppet/concat'
|
||||
}
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
'class { "concat::setup": }
|
||||
concat { "/etc/swift/proxy-server.conf": }'
|
||||
end
|
||||
|
||||
let :fragment_file do
|
||||
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/24_swift_catch_errors"
|
||||
end
|
||||
|
||||
it { should contain_file(fragment_file).with_content(/[filter:catch_errors]/) }
|
||||
it { should contain_file(fragment_file).with_content(/use = egg:swift#catch_errors/) }
|
||||
|
||||
end
|
@ -19,6 +19,8 @@ describe 'swift::proxy::keystone' do
|
||||
'
|
||||
end
|
||||
|
||||
it { should include_class('keystone::python') }
|
||||
|
||||
it { should contain_file(fragment_file).with_content(/[filter:keystone]/) }
|
||||
|
||||
it { should contain_file(fragment_file).with_content(/paste.filter_factory = keystone.middleware.swift_auth:filter_factory/) }
|
||||
@ -29,8 +31,6 @@ describe 'swift::proxy::keystone' do
|
||||
it { should contain_file(fragment_file).with_content(/is_admin = true/) }
|
||||
it { should contain_file(fragment_file).with_content(/cache = swift.cache/) }
|
||||
|
||||
it { should contain_keystone__client__authtoken('/etc/swift/proxy-server.conf') }
|
||||
|
||||
end
|
||||
|
||||
describe 'with parameter overrides' do
|
||||
|
61
spec/classes/swift_proxy_ratelimit_spec.rb
Normal file
61
spec/classes/swift_proxy_ratelimit_spec.rb
Normal file
@ -0,0 +1,61 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'swift::proxy::ratelimit' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:concat_basedir => '/var/lib/puppet/concat'
|
||||
}
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
'class { "concat::setup": }
|
||||
concat { "/etc/swift/proxy-server.conf": }'
|
||||
end
|
||||
|
||||
let :fragment_file do
|
||||
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/26_swift_ratelimit"
|
||||
end
|
||||
|
||||
describe "when using default parameters" do
|
||||
it 'should build the fragment with correct parameters' do
|
||||
verify_contents(subject, fragment_file,
|
||||
[
|
||||
'[filter:ratelimit]',
|
||||
'use = egg:swift#ratelimit',
|
||||
'clock_accuracy = 1000',
|
||||
'max_sleep_time_seconds = 60',
|
||||
'log_sleep_time_seconds = 0',
|
||||
'rate_buffer_seconds = 5',
|
||||
'account_ratelimit = 0',
|
||||
]
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe "when overriding default parameters" do
|
||||
let :params do
|
||||
{
|
||||
:clock_accuracy => 9436,
|
||||
:max_sleep_time_seconds => 3600,
|
||||
:log_sleep_time_seconds => 42,
|
||||
:rate_buffer_seconds => 51,
|
||||
:account_ratelimit => 69
|
||||
}
|
||||
end
|
||||
it 'should build the fragment with correct parameters' do
|
||||
verify_contents(subject, fragment_file,
|
||||
[
|
||||
'[filter:ratelimit]',
|
||||
'use = egg:swift#ratelimit',
|
||||
'clock_accuracy = 9436',
|
||||
'max_sleep_time_seconds = 3600',
|
||||
'log_sleep_time_seconds = 42',
|
||||
'rate_buffer_seconds = 51',
|
||||
'account_ratelimit = 69',
|
||||
]
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
57
spec/classes/swift_proxy_s3token_spec.rb
Normal file
57
spec/classes/swift_proxy_s3token_spec.rb
Normal file
@ -0,0 +1,57 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'swift::proxy::s3token' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:concat_basedir => '/var/lib/puppet/concat'
|
||||
}
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
'class { "concat::setup": }
|
||||
concat { "/etc/swift/proxy-server.conf": }'
|
||||
end
|
||||
|
||||
let :fragment_file do
|
||||
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/28_swift_s3token"
|
||||
end
|
||||
|
||||
it { should include_class('keystone::python') }
|
||||
|
||||
describe "when using default parameters" do
|
||||
it 'should build the fragment with correct parameters' do
|
||||
verify_contents(subject, fragment_file,
|
||||
[
|
||||
'[filter:s3token]',
|
||||
'paste.filter_factory = keystone.middleware.s3_token:filter_factory',
|
||||
'auth_port = 5000',
|
||||
'auth_protocol = http',
|
||||
'auth_host = 127.0.0.1'
|
||||
]
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe "when overriding default parameters" do
|
||||
let :params do
|
||||
{
|
||||
:auth_port => 4212,
|
||||
:auth_protocol => 'https',
|
||||
:auth_host => '1.2.3.4'
|
||||
}
|
||||
end
|
||||
it 'should build the fragment with correct parameters' do
|
||||
verify_contents(subject, fragment_file,
|
||||
[
|
||||
'[filter:s3token]',
|
||||
'paste.filter_factory = keystone.middleware.s3_token:filter_factory',
|
||||
'auth_port = 4212',
|
||||
'auth_protocol = https',
|
||||
'auth_host = 1.2.3.4'
|
||||
]
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
23
spec/classes/swift_proxy_swift3_spec.rb
Normal file
23
spec/classes/swift_proxy_swift3_spec.rb
Normal file
@ -0,0 +1,23 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'swift::proxy::swift3' do
|
||||
|
||||
let :facts do
|
||||
{
|
||||
:concat_basedir => '/var/lib/puppet/concat'
|
||||
}
|
||||
end
|
||||
|
||||
let :pre_condition do
|
||||
'class { "concat::setup": }
|
||||
concat { "/etc/swift/proxy-server.conf": }'
|
||||
end
|
||||
|
||||
let :fragment_file do
|
||||
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/27_swift_swift3"
|
||||
end
|
||||
|
||||
it { should contain_file(fragment_file).with_content(/[filter:swift3]/) }
|
||||
it { should contain_file(fragment_file).with_content(/use = egg:swift#swift3/) }
|
||||
|
||||
end
|
3
templates/proxy/catch_errors.conf.erb
Normal file
3
templates/proxy/catch_errors.conf.erb
Normal file
@ -0,0 +1,3 @@
|
||||
[filter:catch_errors]
|
||||
use = egg:swift#catch_errors
|
||||
|
8
templates/proxy/ratelimit.conf.erb
Normal file
8
templates/proxy/ratelimit.conf.erb
Normal file
@ -0,0 +1,8 @@
|
||||
[filter:ratelimit]
|
||||
use = egg:swift#ratelimit
|
||||
clock_accuracy = <%= clock_accuracy %>
|
||||
max_sleep_time_seconds = <%= max_sleep_time_seconds %>
|
||||
log_sleep_time_seconds = <%= log_sleep_time_seconds %>
|
||||
rate_buffer_seconds = <%= rate_buffer_seconds %>
|
||||
account_ratelimit = <%= account_ratelimit %>
|
||||
|
5
templates/proxy/s3token.conf.erb
Normal file
5
templates/proxy/s3token.conf.erb
Normal file
@ -0,0 +1,5 @@
|
||||
[filter:s3token]
|
||||
paste.filter_factory = keystone.middleware.s3_token:filter_factory
|
||||
auth_port = <%= auth_port %>
|
||||
auth_protocol = <%= auth_protocol %>
|
||||
auth_host = <%= auth_host %>
|
3
templates/proxy/swift3.conf.erb
Normal file
3
templates/proxy/swift3.conf.erb
Normal file
@ -0,0 +1,3 @@
|
||||
[filter:swift3]
|
||||
use = egg:swift#swift3
|
||||
|
Loading…
Reference in New Issue
Block a user