diff --git a/docker/swift-proxy/Dockerfile.j2 b/docker/swift-proxy/Dockerfile.j2 new file mode 100644 index 0000000..30812f5 --- /dev/null +++ b/docker/swift-proxy/Dockerfile.j2 @@ -0,0 +1,19 @@ +FROM {{ image_spec("openstack-base") }} +MAINTAINER {{ maintainer }} + +COPY swift_sudoers /etc/sudoers.d/swift_sudoers +{{ copy_sources("openstack/swift", "/swift") }} +{{ copy_sources("openstack/swift3", "/swift3") }} + +RUN apt-get update \ + && apt-get install -y liberasurecode-dev \ + && apt-get clean \ + && useradd --user-group --create-home --home-dir /etc/swift -G microservices swift \ + && /var/lib/microservices/venv/bin/pip install --upgrade /swift \ + && /var/lib/microservices/venv/bin/pip install --upgrade /swift3 \ + && mkdir -p /etc/swift \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/swift_sudoers \ + && chown -R swift: /etc/swift + +USER swift diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml index 688abee..613aa05 100644 --- a/service/files/defaults.yaml +++ b/service/files/defaults.yaml @@ -7,6 +7,35 @@ configs: cont: 7480 ingress: object-store key: "Changeme" + swift: + proxy: + pipelines: + - catch_errors + - crossdomain + - healthcheck + - cache + - bulk + - tempurl + - ratelimit + - formpost + - swift3 + - s3token + - authtoken + - keystone + - staticweb + - container_quotas + - account_quotas + - slo + - proxy-server + port: + cont: 8080 +sources: + openstack/swift: + git_url: https://git.openstack.org/openstack/swift.git + git_ref: stable/newton + openstack/swift3: + git_url: https://git.openstack.org/openstack/swift3.git + git_ref: master url: ceph: debian: diff --git a/service/files/swift-proxy.conf.j2 b/service/files/swift-proxy.conf.j2 new file mode 100644 index 0000000..ef13925 --- /dev/null +++ b/service/files/swift-proxy.conf.j2 @@ -0,0 +1,96 @@ +[DEFAULT] +swift_dir = /var/swift +bind_ip = {{ network_topology["private"]["address"] }} +bind_port = {{ swift.proxy.port.cont }} +use_syslog = false +use_stderr = true + +workers = 2 +user = swift + +[pipeline:main] +pipeline = {{ swift.proxy.pipelines | join(" ") }} + +[app:proxy-server] +use = egg:swift#proxy +log_handoffs = true +allow_account_management = true +account_autocreate = true + +[filter:bulk] +use = egg:swift#bulk +max_containers_per_extraction = 10000 +max_failed_extractions = 1000 +max_deletes_per_request = 10000 +yield_frequency = 60 + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +{{ keystone_authtoken.keystone_authtoken(swift.user, swift.password) }} + +[filter:cache] +use = egg:swift#memcache +memcache_servers = {{ address('memcached', memcached.port) }} + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:ratelimit] +use = egg:swift#ratelimit +clock_accuracy = 1000 +max_sleep_time_seconds = 60 +log_sleep_time_seconds = 0 +rate_buffer_seconds = 5 +account_ratelimit = 0 + +[filter:swift3] +use = egg:swift3#swift3 + +[filter:s3token] +paste.filter_factory = keystonemiddleware.s3_token:filter_factory +#auth_port = 35357 +#auth_protocol = http +#auth_host = + +{{ keystone_authtoken.keystone_authtoken(swift.user, swift.password) }} + +[filter:tempurl] +use = egg:swift#tempurl + +[filter:formpost] +use = egg:swift#formpost + +[filter:staticweb] +use = egg:swift#staticweb + +[filter:ceilometer] +use = egg:ceilometer#swift + +[filter:crossdomain] +use = egg:swift#crossdomain +cross_domain_policy = + +[filter:slo] +use = egg:swift#slo +max_manifest_segments = 1000 +max_manifest_size = 2097152 +min_segment_size = 1048576 +rate_limit_after_segment = 10 +rate_limit_segments_per_sec = 0 +max_get_time = 86400 + +[filter:keystone] +use = egg:swift#keystoneauth +operator_roles = admin, SwiftOperator, _member_ +is_admin = true +reseller_prefix = AUTH_ + +[filter:account_quotas] +use = egg:swift#account_quotas + +[filter:container_quotas] +use = egg:swift#container_quotas diff --git a/service/swift-proxy.yaml b/service/swift-proxy.yaml new file mode 100644 index 0000000..b9c64c6 --- /dev/null +++ b/service/swift-proxy.yaml @@ -0,0 +1,51 @@ +dsl_version: 0.7.0 +service: + name: swift-proxy + ports: + - {{ swift.proxy.port }} + containers: + - name: swift-proxy + image: swift-proxy + volumes: + - name: swift-rings + path: "/var/swift" + type: host + readOnly: false + pre: + - name: chown-datadir + command: sudo /bin/chown -R swift:swift /var/swift + - name: swift-proxy-create-swift-service + type: single + command: exit 0 ; openstack service create --name swift --description "Swift Service" object-store + dependencies: + - keystone + #- name: swift-proxy-create-swift-public-endpoint + # type: single + # command: openstack endpoint create --region RegionOne swift public + # "{{ address('swift-proxy', swift.proxy.port, external=True, with_scheme=True) }}/v1/AUTH_%(tenant_id)s" + # dependencies: + # - swift-proxy-create-swift-service + - name: swift-proxy-create-swift-admin-endpoint + type: single + command: openstack endpoint create --region RegionOne swift admin + "{{ address('swift-proxy', swift.proxy.port, with_scheme=True) }}/v1/AUTH_%(tenant_id)s" + dependencies: + - swift-proxy-create-swift-service + - name: swift-proxy-create-swift-internal-endpoint + type: single + command: openstack endpoint create --region RegionOne swift internal + "{{ address('swift-proxy', swift.proxy.port, with_scheme=True) }}/v1/AUTH_%(tenant_id)s" + dependencies: + - swift-proxy-create-swift-service + daemon: + command: swift-proxy-server /etc/swift/proxy-server.conf --verbose + files: + - swift-proxy-conf + - swift-conf +files: + swift-proxy-conf: + path: /etc/swift/proxy-server.conf + content: swift-proxy.conf.j2 + swift-conf: + path: /etc/swift/swift.conf + content: swift.conf