openstack/tripleo-docs
Code Issues Proposed changes
Files
ca0cf030e6d73d3145612f3dec565c99ca4691cc
tripleo-docs/deploy-guide/source/features/swift_external.rst
Alex Schultz c6918e5da6 Migrate install to deploy-guide 
The deployment guide is currently pointed at triplo-docs but it has been
requested that we actually publish a deployment guide. This change
extracts many of the installation doc pages and moves them into the
deploy-guide source tree.  Once the deploy-guide is published, we will
follow up to reference the deployment guide from tripleo-docs.

Change-Id: I0ebd26f014180a92c6cf4ab0929d99b2d860796f
2019-08-16 15:42:17 -06:00

62 lines
2.5 KiB
ReStructuredText
Raw Blame History

Use an external Swift Proxy with the Overcloud
===============================================
|project| supports use of an external Swift proxy already available to the
operator, that may need to configure at deploy time.
This happens by enabling a particular environment file when deploying the
Overcloud, specifically `environments/swift-external.yaml`.
In the environment file above user must adjust the parameters to fit
its setup by creating a custom environment file (i.e.
*~/my-swift-settings.yaml*)::
parameter_defaults:
ExternalPublicUrl: 'http://<Public Swift endpoint or loadbalancer>:9024/v1/AUTH_%(tenant_id)s'
ExternalInternalUrl: 'http://<Internal Swift endpoint>:9024/v1/AUTH_%(tenant_id)s'
ExternalAdminUrl: 'http://<Admin Swift endpoint>:9024'
ExternalSwiftUserTenant: 'service'
SwiftPassword: 'choose_a_random_password'
The user can create an environment file with the required settings
and add the files above to the deploy commandline::
openstack overcloud deploy --templates -e /usr/share/openstack-tripleo-heat-templates/environments/swift-external.yaml -e ~/my-swift-settings.yaml
Once the deploy has succeeded, user has to complete the
configuration on the external swift proxy, configuring it to use the
keystone authentication provider. This environment files creates also
a service user called *swift* that can be used for this purpose. The
password for this user is defined by using the *SwiftPassword*
parameter, as shown above.
The external Swift proxy must use Keystone from the overcloud, otherwise
authentication will fail. The public Keystone endpoint must be
accessible from the proxy therefore.
The following snippet from `/etc/swift/proxy-server.conf` is an example
how to configure the Swift proxy to use Keystone from the overcloud::
[pipeline:main]
pipeline = [... other middlewares ...] authtoken keystone [... other middlewares ...]
[filter:keystone]
use = egg:swift#keystoneauth
operator_roles = admin, SwiftOperator
cache = swift.cache
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
signing_dir = /tmp/keystone-signing-swift
www_authenticate_uri = http://<public Keystone endpoint>:5000/
auth_url = http://<admin Keystone endpoint>:5000/
password = <Password as defined in the environment parameters>
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
cache = swift.cache
include_service_catalog = False
delay_auth_decision = True
View Git Blame Copy Permalink