openstack/devstack
Code Issues Proposed changes

Configure auth_token middleware manually in swift.

Browse Source 
Swift doesn't use olso.config and so the method of configuring swift via the
[keystone_authtoken] config options will not work. Go back to configuring swift
manually.

This will need to be fixed in either keystonemiddleware or swift as configuring
via plugin is the path to v3 authentication, service domains and new forms of
service user authentication.

Closes-Bug: #1415795
Change-Id: Ibe27116a11756072d5a300a6d3691c5f8c32317e
This commit is contained in:
Jamie Lennox 2015-01-30 02:15:42 +00:00
parent b43b359506
commit 38c95b8eba
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/swift
View File

@ -409,16 +409,27 @@ function configure_swift {
# Configure Crossdomain # Configure Crossdomain
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
# Configure Keystone
sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
# This causes the authtoken middleware to use the same python logging # This causes the authtoken middleware to use the same python logging
# adapter provided by the swift proxy-server, so that request transaction # adapter provided by the swift proxy-server, so that request transaction
# IDs will included in all of its log messages. # IDs will included in all of its log messages.
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use # NOTE(jamielennox): swift cannot use the regular configure_auth_token_middleware function because swift
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles # doesn't use oslo.config which is the only way to configure auth plugins with the middleare.
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken identity_uri $KEYSTONE_AUTH_URI
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_URI
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $SSL_BUNDLE_FILE
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth"
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
# Configure Tempauth. In the sample config file, Keystoneauth is commented # Configure Tempauth. In the sample config file, Keystoneauth is commented