Allow replication servers to handle all request methods

Previously, the replication_server setting could take one of three states: * If unspecified, the server would handle all available methods. * If "true", "yes", "on", etc. it would only handle replication methods (REPLICATE, SSYNC). * If any other value (including blank), it would only handle non-replication methods. However, because SSYNC tunnels PUTs, POSTs, and DELETEs through the same object-server app that's responding to SSYNC, setting `replication_server = true` would break the protocol. This has been the case ever since ssync was introduced. Now, get rid of that second state -- operators can still set `replication_server = false` as a principle-of-least-privilege guard to ensure proxy-servers can't make replication requests, but replication servers will be able to serve all traffic. This will allow replication servers to be used as general internal-to-the-cluster endpoints, leaving non-replication servers to handle client-driven traffic. Closes-Bug: #1446873 Change-Id: Ica2b41a52d11cb10c94fa8ad780a201318c4fc87
2020-07-07 21:28:36 -07:00
parent 0dbf3d0a95
commit 9eb81f6e69
8 changed files with 73 additions and 67 deletions
--- a/etc/account-server.conf-sample
+++ b/etc/account-server.conf-sample
@@ -91,13 +91,13 @@ use = egg:swift#account
 # set log_requests = true
 # set log_address = /dev/log
 #
-# Configure parameter for creating specific server
-# To handle all verbs, including replication verbs, do not specify
-# "replication_server" (this is the default). To only handle replication,
-# set to a True value (e.g. "True" or "1"). To handle only non-replication
-# verbs, set to "False". Unless you have a separate replication network, you
-# should not specify any value for "replication_server". Default is empty.
-# replication_server = false
+# You can disable REPLICATE handling (default is to allow it). When deploying
+# a cluster with a separate replication network, you'll want multiple
+# account-server processes running: one for client-driven traffic and another
+# for replication traffic. The server handling client-driven traffic may set
+# this to false. If there is only one account-server process, leave this as
+# true.
+# replication_server = true
 #
 # You can set scheduling priority of processes. Niceness values range from -20
 # (most favorable to the process) to 19 (least favorable to the process).
--- a/etc/container-server.conf-sample
+++ b/etc/container-server.conf-sample
@@ -101,13 +101,13 @@ use = egg:swift#container
 # conn_timeout = 0.5
 # allow_versions = false
 #
-# Configure parameter for creating specific server
-# To handle all verbs, including replication verbs, do not specify
-# "replication_server" (this is the default). To only handle replication,
-# set to a True value (e.g. "True" or "1"). To handle only non-replication
-# verbs, set to "False". Unless you have a separate replication network, you
-# should not specify any value for "replication_server".
-# replication_server = false
+# You can disable REPLICATE handling (default is to allow it). When deploying
+# a cluster with a separate replication network, you'll want multiple
+# container-server processes running: one for client-driven traffic and another
+# for replication traffic. The server handling client-driven traffic may set
+# this to false. If there is only one container-server process, leave this as
+# true.
+# replication_server = true
 #
 # You can set scheduling priority of processes. Niceness values range from -20
 # (most favorable to the process) to 19 (least favorable to the process).
--- a/etc/object-server.conf-sample
+++ b/etc/object-server.conf-sample
@@ -156,13 +156,13 @@ use = egg:swift#object
 #
 # eventlet_tpool_num_threads = auto

-# Configure parameter for creating specific server
-# To handle all verbs, including replication verbs, do not specify
-# "replication_server" (this is the default). To only handle replication,
-# set to a True value (e.g. "True" or "1"). To handle only non-replication
-# verbs, set to "False". Unless you have a separate replication network, you
-# should not specify any value for "replication_server".
-# replication_server = false
+# You can disable REPLICATE and SSYNC handling (default is to allow it). When
+# deploying a cluster with a separate replication network, you'll want multiple
+# object-server processes running: one for client-driven traffic and another
+# for replication traffic. The server handling client-driven traffic may set
+# this to false. If there is only one object-server process, leave this as
+# true.
+# replication_server = true
 #
 # Set to restrict the number of concurrent incoming SSYNC requests
 # Set to 0 for unlimited