openstack/puppet-swift
Code Issues Proposed changes

Improve Proxy Signing Directory Support

Browse Source 
1. The signing_dir was being created on every swift node
when it's only needed on proxies:

  http://docs.openstack.org/grizzly/openstack-compute/install/apt/content/installing-and-configuring-the-proxy-node.html

2. The signing_dir was not configurable, even though
the OpenStack doc's show multiple references
(/var/cache/swift and /home/swift/keystone-signing).

Change-Id: I3eb00046fc535a32d7a1800d15489e9fe071373b
This commit is contained in:
Daneyon Hansen
2013-08-06 06:12:43 +00:00
parent a1a0a89ad1
commit f71d159c4d
5 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/init.pp
View File

@@ -69,8 +69,4 @@ class swift(
content => template('swift/swift.conf.erb'), content => template('swift/swift.conf.erb'),
} }
file { '/var/cache/swift':
ensure => directory,
}
} }

12
manifests/proxy/authtoken.pp
View File

@@ -27,6 +27,8 @@
# [auth_uri] The public auth url to redirect unauthenticated requests. # [auth_uri] The public auth url to redirect unauthenticated requests.
# Defaults to false to be expanded to '${auth_protocol}://${auth_host}:5000'. # Defaults to false to be expanded to '${auth_protocol}://${auth_host}:5000'.
# Should be set to your public keystone endpoint (without version). # Should be set to your public keystone endpoint (without version).
# [signing_dir] The cache directory for signing certificates.
# Defaults to '/var/cache/swift'
# #
# == Authors # == Authors
# #
@@ -47,7 +49,8 @@ class swift::proxy::authtoken(
$auth_admin_prefix = false, $auth_admin_prefix = false,
$auth_uri = false, $auth_uri = false,
$delay_auth_decision = 1, $delay_auth_decision = 1,
$admin_token = false $admin_token = false,
$signing_dir = '/var/cache/swift'
) { ) {
if $auth_uri { if $auth_uri {
@@ -61,6 +64,13 @@ class swift::proxy::authtoken(
validate_re($auth_admin_prefix, '^(/.+[^/])?$') validate_re($auth_admin_prefix, '^(/.+[^/])?$')
} }
file { $signing_dir:
ensure => directory,
mode => '0700',
owner => 'swift',
group => 'swift',
}
concat::fragment { 'swift_authtoken': concat::fragment { 'swift_authtoken':
target => '/etc/swift/proxy-server.conf', target => '/etc/swift/proxy-server.conf',
content => template('swift/proxy/authtoken.conf.erb'), content => template('swift/proxy/authtoken.conf.erb'),

20
spec/classes/swift_proxy_authtoken_spec.rb
View File

@@ -15,6 +15,19 @@ describe 'swift::proxy::authtoken' do
' '
end end
describe 'when using the default signing directory' do
let :file_defaults do
{
:mode => '0700',
:owner => 'swift',
:group => 'swift',
}
end
it {should contain_file('/var/cache/swift').with(
{:ensure => 'directory'}.merge(file_defaults)
)}
end
let :fragment_file do let :fragment_file do
"/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/22_swift_authtoken" "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/22_swift_authtoken"
end end
@@ -24,7 +37,7 @@ describe 'swift::proxy::authtoken' do
verify_contents(subject, fragment_file, verify_contents(subject, fragment_file,
[ [
'[filter:authtoken]', '[filter:authtoken]',
'signing_dir=/var/cache/swift', 'signing_dir = /var/cache/swift',
'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory', 'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
'auth_host = 127.0.0.1', 'auth_host = 127.0.0.1',
'auth_port = 35357', 'auth_port = 35357',
@@ -50,6 +63,7 @@ describe 'swift::proxy::authtoken' do
verify_contents(subject, fragment_file, verify_contents(subject, fragment_file,
[ [
'[filter:authtoken]', '[filter:authtoken]',
'signing_dir = /var/cache/swift',
'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory', 'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
'auth_host = 127.0.0.1', 'auth_host = 127.0.0.1',
'auth_port = 35357', 'auth_port = 35357',
@@ -72,7 +86,8 @@ describe 'swift::proxy::authtoken' do
:admin_tenant_name => 'admin', :admin_tenant_name => 'admin',
:admin_user => 'swiftuser', :admin_user => 'swiftuser',
:admin_password => 'swiftpassword', :admin_password => 'swiftpassword',
:delay_auth_decision => '0' :delay_auth_decision => '0',
:signing_dir => '/home/swift/keystone-signing'
} }
end end
@@ -80,6 +95,7 @@ describe 'swift::proxy::authtoken' do
verify_contents(subject, fragment_file, verify_contents(subject, fragment_file,
[ [
'[filter:authtoken]', '[filter:authtoken]',
'signing_dir = /home/swift/keystone-signing',
'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory', 'paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory',
'auth_host = some.host', 'auth_host = some.host',
'auth_port = 443', 'auth_port = 443',

3
spec/classes/swift_spec.rb
View File

@@ -42,9 +42,6 @@ describe 'swift' do
it {should contain_file('/var/run/swift').with( it {should contain_file('/var/run/swift').with(
{:ensure => 'directory'}.merge(file_defaults) {:ensure => 'directory'}.merge(file_defaults)
)} )}
it {should contain_file('/var/cache/swift').with(
{:ensure => 'directory'}.merge(file_defaults)
)}
it {should contain_file('/etc/swift/swift.conf').with( it {should contain_file('/etc/swift/swift.conf').with(
{:ensure => 'present', {:ensure => 'present',
:mode => '0660', :mode => '0660',

2
templates/proxy/authtoken.conf.erb
View File

@@ -1,5 +1,5 @@
[filter:authtoken] [filter:authtoken]
signing_dir=/var/cache/swift signing_dir = <%= @signing_dir %>
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = <%= @auth_host %> auth_host = <%= @auth_host %>
auth_port = <%= @auth_port %> auth_port = <%= @auth_port %>