Allow dispersion tools to use keystone server with insecure certificate

The swift-dispersion-populate and swift-dispersion-report tools now accept a --insecure option. Also, dispersion.conf now has a keystone_api_insecure option. Default is obviously to use the secure path. DocImpact Change-Id: I4000352e547d9ce5b08ade54e0c886281caff891
2013-07-12 08:11:27 +02:00 · 2013-07-12 08:11:27 +02:00 · 7f1aa9d1e8
parent 657a0e4e26
commit 7f1aa9d1e8
6 changed files with 53 additions and 12 deletions
--- a/bin/swift-dispersion-populate
+++ b/bin/swift-dispersion-populate
@ -17,7 +17,8 @@
 import traceback
 from ConfigParser import ConfigParser
 from cStringIO import StringIO
-from sys import exit, argv, stdout
+from optparse import OptionParser
+from sys import exit, stdout
 from time import time
 from uuid import uuid4

@ -26,7 +27,10 @@ from eventlet.pools import Pool

 from swiftclient import Connection, get_auth
 from swift.common.ring import Ring
-from swift.common.utils import compute_eta, get_time_units
+from swift.common.utils import compute_eta, get_time_units, config_true_value
+
+
+insecure = False


 def put_container(connpool, container, report):
@ -78,10 +82,19 @@ if __name__ == '__main__':
    patcher.monkey_patch()

    conffile = '/etc/swift/dispersion.conf'
-    if len(argv) == 2:
-        conffile = argv[1]
-    elif len(argv) > 2:
-        exit('Syntax: %s [conffile]' % argv[0])
+
+    parser = OptionParser(usage='''
+Usage: %%prog [options] [conf_file]
+
+[conf_file] defaults to %s'''.strip() % conffile)
+    parser.add_option('--insecure', action='store_true', default=False,
+                      help='Allow accessing insecure keystone server. '
+                           'The keystone\'s certificate will not be verified.')
+    options, args = parser.parse_args()
+
+    if args:
+        conffile = args.pop(0)
+
    c = ConfigParser()
    if not c.read(conffile):
        exit('Unable to read config file: %s' % conffile)
@ -91,6 +104,8 @@ if __name__ == '__main__':
    retries = int(conf.get('retries', 5))
    concurrency = int(conf.get('concurrency', 25))
    endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
+    insecure = options.insecure \
+        or config_true_value(conf.get('keystone_api_insecure', 'no'))

    coropool = GreenPool(size=concurrency)
    retries_done = 0
@ -100,14 +115,16 @@ if __name__ == '__main__':
    url, token = get_auth(conf['auth_url'], conf['auth_user'],
                          conf['auth_key'],
                          auth_version=conf.get('auth_version', '1.0'),
-                          os_options=os_options)
+                          os_options=os_options,
+                          insecure=insecure)
    account = url.rsplit('/', 1)[1]
    connpool = Pool(max_size=concurrency)
    connpool.create = lambda: Connection(conf['auth_url'],
                                         conf['auth_user'], conf['auth_key'],
                                         retries=retries,
                                         preauthurl=url, preauthtoken=token,
-                                         os_options=os_options)
+                                         os_options=os_options,
+                                         insecure=insecure)

    container_ring = Ring(swift_dir, ring_name='container')
    parts_left = dict((x, x) for x in xrange(container_ring.partition_count))
--- a/bin/swift-dispersion-report
+++ b/bin/swift-dispersion-report
@ -37,6 +37,7 @@ unmounted = []
 notfound = []
 json_output = False
 debug = False
+insecure = False


 def get_error_log(prefix):
@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file]
                      help='Only run container report')
    parser.add_option('--object-only', action='store_true', default=False,
                      help='Only run object report')
+    parser.add_option('--insecure', action='store_true', default=False,
+                      help='Allow accessing insecure keystone server. '
+                           'The keystone\'s certificate will not be verified.')
    options, args = parser.parse_args()

    if args:
@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file]
        and not options.container_only
    if not (object_report or container_report):
        exit("Neither container or object report is set to run")
+    insecure = options.insecure \
+        or config_true_value(conf.get('keystone_api_insecure', 'no'))
    if options.debug:
        debug = True

@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file]
    url, token = get_auth(conf['auth_url'], conf['auth_user'],
                          conf['auth_key'],
                          auth_version=conf.get('auth_version', '1.0'),
-                          os_options=os_options)
+                          os_options=os_options,
+                          insecure=insecure)
    account = url.rsplit('/', 1)[1]
    connpool = Pool(max_size=concurrency)
    connpool.create = lambda: Connection(
        conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
-        preauthurl=url, preauthtoken=token, os_options=os_options)
+        preauthurl=url, preauthtoken=token, os_options=os_options,
+        insecure=insecure)

    container_ring = Ring(swift_dir, ring_name='container')
    object_ring = Ring(swift_dir, ring_name='object')
--- a/doc/manpages/dispersion.conf.5
+++ b/doc/manpages/dispersion.conf.5
@ -69,6 +69,7 @@ Whether to run the object report. The default is yes.
 .IP "auth_user = dpstats:dpstats"
 .IP "auth_key = dpstats"
 .IP "swift_dir = /etc/swift"
+.IP "# keystone_api_insecure = no"
 .IP "# dispersion_coverage = 1.0"
 .IP "# retries = 5"
 .IP "# concurrency = 25"
--- a/doc/manpages/swift-dispersion-populate.1
+++ b/doc/manpages/swift-dispersion-populate.1
@ -24,7 +24,7 @@

 .SH SYNOPSIS
 .LP
-.B swift-dispersion-populate
+.B swift-dispersion-populate [--insecure] [conf_file]

 .SH DESCRIPTION 
 .PP
@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
 tool should be a dedicated account for the dispersion stats and also have admin
 privileges. 

+.SH OPTIONS
+.RS 0
+.PD 1
+.IP "\fB--insecure\fR"
+Allow accessing insecure keystone server. The keystone's certificate will not
+be verified.
+
 .SH CONFIGURATION
 .PD 0 
 Example \fI/etc/swift/dispersion.conf\fR: 
--- a/doc/manpages/swift-dispersion-report.1
+++ b/doc/manpages/swift-dispersion-report.1
@ -24,7 +24,7 @@

 .SH SYNOPSIS
 .LP
-.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file]
+.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]

 .SH DESCRIPTION 
 .PP
@ -84,6 +84,13 @@ Only run the container report
 .IP "\fB--object-only\fR"
 Only run the object report

+.SH OPTIONS
+.RS 0
+.PD 1
+.IP "\fB--insecure\fR"
+Allow accessing insecure keystone server. The keystone's certificate will not
+be verified.
+
 .SH CONFIGURATION
 .PD 0 
 Example \fI/etc/swift/dispersion.conf\fR: 
--- a/etc/dispersion.conf-sample
+++ b/etc/dispersion.conf-sample
@ -7,6 +7,7 @@ auth_key = testing
 # auth_key = testing
 # auth_version = 2.0
 # endpoint_type = publicURL
+# keystone_api_insecure = no
 #
 # swift_dir = /etc/swift
 # dispersion_coverage = 1.0