From 0c4359564ca75fbf00b65dd2a0a7c65dbd5b05bc Mon Sep 17 00:00:00 2001 From: Proskurin Kirill Date: Thu, 16 Feb 2017 12:38:29 +0000 Subject: [PATCH] [WIP] swift-proxy service Change-Id: Ic50bc775cc03b419252ed977d7a6c5e26452cfdf --- docker/swift-proxy/Dockerfile.j2 | 8 +++ service/files/defaults.yaml | 4 ++ service/files/swift-proxy.conf.j2 | 96 +++++++++++++++++++++++++++++++ service/swift-proxy.yaml | 45 +++++++++++++++ 4 files changed, 153 insertions(+) create mode 100644 docker/swift-proxy/Dockerfile.j2 create mode 100644 service/files/swift-proxy.conf.j2 create mode 100644 service/swift-proxy.yaml diff --git a/docker/swift-proxy/Dockerfile.j2 b/docker/swift-proxy/Dockerfile.j2 new file mode 100644 index 0000000..789ab1d --- /dev/null +++ b/docker/swift-proxy/Dockerfile.j2 @@ -0,0 +1,8 @@ +FROM {{ image_spec("openstack-base") }} +MAINTAINER {{ maintainer }} + +RUN apt-get update \ + && apt-get install -y -t jessie-backports --no-install-recommends swift-proxy \ + && apt-get clean + +USER swift diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml index 688abee..91cc3b1 100644 --- a/service/files/defaults.yaml +++ b/service/files/defaults.yaml @@ -7,6 +7,10 @@ configs: cont: 7480 ingress: object-store key: "Changeme" + swift: + proxy: + port: + cont: 8080 url: ceph: debian: diff --git a/service/files/swift-proxy.conf.j2 b/service/files/swift-proxy.conf.j2 new file mode 100644 index 0000000..95e30d8 --- /dev/null +++ b/service/files/swift-proxy.conf.j2 @@ -0,0 +1,96 @@ +[DEFAULT] +swift_dir = /var/swift +bind_ip = {{ network_topology["private"]["address"] }} +bind_port = {{ swift.proxy.port.cont }} +use_syslog = false +use_stderr = true + +workers = 2 +user = swift + +[pipeline:main] +pipeline = catch_errors crossdomain healthcheck cache bulk tempurl ratelimit formpost swift3 s3token authtoken keystone staticweb container_quotas account_quotas slo ceilometer proxy-server + +[app:proxy-server] +use = egg:swift#proxy +log_handoffs = true +allow_account_management = true +account_autocreate = true + +[filter:bulk] +use = egg:swift#bulk +max_containers_per_extraction = 10000 +max_failed_extractions = 1000 +max_deletes_per_request = 10000 +yield_frequency = 60 + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +{{ keystone_authtoken.keystone_authtoken(swift.user, swift.password) }} + +[filter:cache] +use = egg:swift#memcache +memcache_servers = {{ address('memcached', memcached.port) }} + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:ratelimit] +use = egg:swift#ratelimit +clock_accuracy = 1000 +max_sleep_time_seconds = 60 +log_sleep_time_seconds = 0 +rate_buffer_seconds = 5 +account_ratelimit = 0 + +[filter:swift3] +use = egg:swift3#swift3 + +[filter:s3token] +paste.filter_factory = keystonemiddleware.s3_token:filter_factory +#auth_port = 35357 +#auth_protocol = http +#auth_host = + +{{ keystone_authtoken.keystone_authtoken(swift.user, swift.password) }} + +[filter:tempurl] +use = egg:swift#tempurl + +[filter:formpost] +use = egg:swift#formpost + +[filter:staticweb] +use = egg:swift#staticweb + +[filter:ceilometer] +use = egg:ceilometer#swift + +[filter:crossdomain] +use = egg:swift#crossdomain +cross_domain_policy = + +[filter:slo] +use = egg:swift#slo +max_manifest_segments = 1000 +max_manifest_size = 2097152 +min_segment_size = 1048576 +rate_limit_after_segment = 10 +rate_limit_segments_per_sec = 0 +max_get_time = 86400 + +[filter:keystone] +use = egg:swift#keystoneauth +operator_roles = admin, SwiftOperator, _member_ +is_admin = true +reseller_prefix = AUTH_ + +[filter:account_quotas] +use = egg:swift#account_quotas + +[filter:container_quotas] +use = egg:swift#container_quotas diff --git a/service/swift-proxy.yaml b/service/swift-proxy.yaml new file mode 100644 index 0000000..b5c2d07 --- /dev/null +++ b/service/swift-proxy.yaml @@ -0,0 +1,45 @@ +dsl_version: 0.7.0 +service: + name: swift-proxy + ports: + - {{ swift.proxy.port }} + containers: + - name: swift-proxy + image: swift-proxy + volumes: + - name: swift-rings + path: "/var/swift" + type: host + readOnly: false + pre: + - name: swift-proxy-create-swift-service + type: single + command: openstack service create --name swift --description "Swift Service" object-store + dependencies: + - keystone + - name: swift-proxy-create-swift-public-endpoint + type: single + command: openstack endpoint create --region RegionOne swift public + "{{ address('swift-proxy', swift.proxy.port, external=True, with_scheme=True) }}/v1/AUTH_%(tenant_id)s" + dependencies: + - swift-proxy-create-swift-service + - name: swift-proxy-create-swift-admin-endpoint + type: single + command: openstack endpoint create --region RegionOne swift admin + "{{ address('swift-proxy', swift.proxy.port, with_scheme=True) }}/v1/AUTH_%(tenant_id)s" + dependencies: + - swift-proxy-create-swift-service + - name: swift-proxy-create-swift-internal-endpoint + type: single + command: openstack endpoint create --region RegionOne swift internal + "{{ address('swift-proxy', swift.proxy.port, with_scheme=True) }}/v1/AUTH_%(tenant_id)s" + dependencies: + - swift-proxy-create-swift-service + daemon: + command: swift-proxy-server /etc/swift/proxy-server.conf --verbose + files: + - swift-proxy-conf +files: + swift-proxy-conf: + path: /etc/swift/proxy-server.conf + content: swift-proxy.conf.j2