[WIP] swift-proxy service

Change-Id: Ic50bc775cc03b419252ed977d7a6c5e26452cfdf

docker/swift-proxy/Dockerfile.j2

@@ -0,0 +1,19 @@
+FROM {{ image_spec("openstack-base") }}
+MAINTAINER {{ maintainer }}
+
+COPY swift_sudoers /etc/sudoers.d/swift_sudoers
+{{ copy_sources("openstack/swift", "/swift") }}
+{{ copy_sources("openstack/swift3", "/swift3") }}
+
+RUN apt-get update \
+    && apt-get install -y liberasurecode-dev  \
+    && apt-get clean \
+    && useradd --user-group --create-home --home-dir /etc/swift -G microservices swift \
+    && /var/lib/microservices/venv/bin/pip install --upgrade /swift \
+    && /var/lib/microservices/venv/bin/pip install --upgrade /swift3 \
+    && mkdir -p /etc/swift \
+    && chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/swift_sudoers \
+    && chown -R swift: /etc/swift
+
+USER swift

service/files/defaults.yaml

@@ -7,6 +7,35 @@ configs:
       cont: 7480
       ingress: object-store
     key: "Changeme"
+  swift:
+    proxy:
+      pipelines:
+        - catch_errors
+        - crossdomain
+        - healthcheck
+        - cache
+        - bulk
+        - tempurl
+        - ratelimit
+        - formpost
+        - swift3
+        - s3token
+        - authtoken
+        - keystone
+        - staticweb
+        - container_quotas
+        - account_quotas
+        - slo
+        - proxy-server
+      port:
+        cont: 8080
+sources:
+  openstack/swift:
+    git_url: https://git.openstack.org/openstack/swift.git
+    git_ref: stable/newton
+  openstack/swift3:
+    git_url: https://git.openstack.org/openstack/swift3.git
+    git_ref: master
 url:
   ceph:
     debian:

service/files/swift-proxy.conf.j2

@@ -0,0 +1,96 @@
+[DEFAULT]
+swift_dir = /var/swift
+bind_ip = {{ network_topology["private"]["address"] }}
+bind_port = {{ swift.proxy.port.cont }}
+use_syslog = false
+use_stderr = true
+
+workers = 2
+user = swift
+
+[pipeline:main]
+pipeline = {{ swift.proxy.pipelines | join(" ") }}
+
+[app:proxy-server]
+use = egg:swift#proxy
+log_handoffs = true
+allow_account_management = true
+account_autocreate = true
+
+[filter:bulk]
+use = egg:swift#bulk
+max_containers_per_extraction = 10000
+max_failed_extractions = 1000
+max_deletes_per_request = 10000
+yield_frequency = 60
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+{{ keystone_authtoken.keystone_authtoken(swift.user, swift.password) }}
+
+[filter:cache]
+use = egg:swift#memcache
+memcache_servers = {{ address('memcached', memcached.port) }}
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+
+[filter:ratelimit]
+use = egg:swift#ratelimit
+clock_accuracy = 1000
+max_sleep_time_seconds = 60
+log_sleep_time_seconds = 0
+rate_buffer_seconds = 5
+account_ratelimit = 0
+
+[filter:swift3]
+use = egg:swift3#swift3
+
+[filter:s3token]
+paste.filter_factory = keystonemiddleware.s3_token:filter_factory
+#auth_port = 35357
+#auth_protocol = http
+#auth_host = 
+
+{{ keystone_authtoken.keystone_authtoken(swift.user, swift.password) }}
+
+[filter:tempurl]
+use = egg:swift#tempurl
+
+[filter:formpost]
+use = egg:swift#formpost
+
+[filter:staticweb]
+use = egg:swift#staticweb
+
+[filter:ceilometer]
+use = egg:ceilometer#swift
+
+[filter:crossdomain]
+use = egg:swift#crossdomain
+cross_domain_policy = <allow-access-from domain="*" secure="false" />
+
+[filter:slo]
+use = egg:swift#slo
+max_manifest_segments = 1000
+max_manifest_size = 2097152
+min_segment_size = 1048576
+rate_limit_after_segment = 10
+rate_limit_segments_per_sec = 0
+max_get_time = 86400
+
+[filter:keystone]
+use = egg:swift#keystoneauth
+operator_roles = admin, SwiftOperator, _member_
+is_admin = true
+reseller_prefix = AUTH_
+
+[filter:account_quotas]
+use = egg:swift#account_quotas
+
+[filter:container_quotas]
+use = egg:swift#container_quotas

service/swift-proxy.yaml

@@ -0,0 +1,51 @@
+dsl_version: 0.7.0
+service:
+  name: swift-proxy
+  ports:
+    - {{ swift.proxy.port }}
+  containers:
+    - name: swift-proxy
+      image: swift-proxy
+      volumes:
+        - name: swift-rings
+          path: "/var/swift"
+          type: host
+          readOnly: false
+      pre:
+        - name: chown-datadir
+          command: sudo /bin/chown -R swift:swift /var/swift
+        - name: swift-proxy-create-swift-service
+          type: single
+          command: exit 0 ; openstack service create --name swift --description "Swift Service" object-store
+          dependencies:
+            - keystone
+        #- name: swift-proxy-create-swift-public-endpoint
+        #  type: single
+        #  command: openstack endpoint create --region RegionOne swift public
+        #           "{{ address('swift-proxy', swift.proxy.port, external=True, with_scheme=True) }}/v1/AUTH_%(tenant_id)s"
+        #  dependencies:
+        #    - swift-proxy-create-swift-service
+        - name: swift-proxy-create-swift-admin-endpoint
+          type: single
+          command: openstack endpoint create --region RegionOne swift admin
+                   "{{ address('swift-proxy', swift.proxy.port, with_scheme=True) }}/v1/AUTH_%(tenant_id)s"
+          dependencies:
+            - swift-proxy-create-swift-service
+        - name: swift-proxy-create-swift-internal-endpoint
+          type: single
+          command: openstack endpoint create --region RegionOne swift internal
+                   "{{ address('swift-proxy', swift.proxy.port, with_scheme=True) }}/v1/AUTH_%(tenant_id)s"
+          dependencies:
+            - swift-proxy-create-swift-service
+      daemon:
+        command: swift-proxy-server /etc/swift/proxy-server.conf --verbose
+        files:
+          - swift-proxy-conf
+          - swift-conf
+files:
+  swift-proxy-conf:
+    path: /etc/swift/proxy-server.conf
+    content: swift-proxy.conf.j2
+  swift-conf:
+    path: /etc/swift/swift.conf
+    content: swift.conf