diff --git a/doc/source/overview_auth.rst b/doc/source/overview_auth.rst index aa1cfbc9e9..ab637fc798 100644 --- a/doc/source/overview_auth.rst +++ b/doc/source/overview_auth.rst @@ -27,11 +27,17 @@ validation. Swift will make calls to the auth system, giving the auth token to be validated. For a valid token, the auth system responds with an overall expiration in seconds from now. Swift will cache the token up to the expiration -time. The included TempAuth also has the concept of admin and non-admin users -within an account. Admin users can do anything within the account. Non-admin -users can only perform operations per container based on the container's -X-Container-Read and X-Container-Write ACLs. For more information on ACLs, see -:mod:`swift.common.middleware.acl` +time. + +The included TempAuth also has the concept of admin and non-admin users within +an account. Admin users can do anything within the account. Non-admin users can +only perform operations per container based on the container's X-Container-Read +and X-Container-Write ACLs. For more information on ACLs, see +:mod:`swift.common.middleware.acl`. + +Additionally, if the auth system sets the request environ's swift_owner key to +True, the proxy will return additional header information in some requests, +such as the X-Container-Sync-Key for a container GET or HEAD. The user starts a session by sending a ReST request to the auth system to receive the auth token and a URL to the Swift system. diff --git a/doc/source/overview_container_sync.rst b/doc/source/overview_container_sync.rst index b18ccf3465..3cc046989a 100644 --- a/doc/source/overview_container_sync.rst +++ b/doc/source/overview_container_sync.rst @@ -46,16 +46,18 @@ container-server.conf file:: # Maximum amount of time to spend syncing each container # container_time = 60 +Tracking sync progress, problems, and just general activity can only be +achieved with log processing for this first release of container +synchronization. In that light, you may wish to set the above `log_` options to +direct the container-sync logs to a different file for easier monitoring. +Additionally, it should be noted there is no way for an end user to detect sync +progress or problems other than HEADing both containers and comparing the +overall information. + The authentication system also needs to be configured to allow synchronization -requests. Here are examples with DevAuth and Swauth:: +requests. Here is an example with TempAuth:: - [filter:auth] - # This is a comma separated list of hosts allowed to send - # X-Container-Sync-Key requests. - # allowed_sync_hosts = 127.0.0.1 - allowed_sync_hosts = host1,host2,etc. - - [filter:swauth] + [filter:tempauth] # This is a comma separated list of hosts allowed to send # X-Container-Sync-Key requests. # allowed_sync_hosts = 127.0.0.1 diff --git a/swift/container/sync.py b/swift/container/sync.py index 40288b967d..22630ed75b 100644 --- a/swift/container/sync.py +++ b/swift/container/sync.py @@ -372,7 +372,7 @@ class ContainerSync(Daemon): body = this_body except ClientException, err: # If any errors are not 404, make sure we report the - # non-404 one. We don't want to mistankely assume the + # non-404 one. We don't want to mistakenly assume the # object no longer exists just because one says so and # the others errored for some other reason. if not exc or exc.http_status == 404: @@ -399,18 +399,16 @@ class ContainerSync(Daemon): except ClientException, err: if err.http_status == 401: self.logger.info(_('Unauth %(sync_from)r ' - '=> %(sync_to)r key: %(sync_key)r'), + '=> %(sync_to)r'), {'sync_from': '%s/%s' % (quote(info['account']), quote(info['container'])), - 'sync_to': sync_to, - 'sync_key': sync_key}) + 'sync_to': sync_to}) elif err.http_status == 404: self.logger.info(_('Not found %(sync_from)r ' - '=> %(sync_to)r key: %(sync_key)r'), + '=> %(sync_to)r'), {'sync_from': '%s/%s' % (quote(info['account']), quote(info['container'])), - 'sync_to': sync_to, - 'sync_key': sync_key}) + 'sync_to': sync_to}) else: self.logger.exception( _('ERROR Syncing %(db_file)s %(row)s'),