From d553514cb74c9cc29bad38bd6d4d9d392389cab8 Mon Sep 17 00:00:00 2001
From: Serguei Bezverkhi <sbezverk@cisco.com>
Date: Thu, 21 Apr 2016 12:47:15 -0400
Subject: [PATCH] Configures swift-rsyncd to use non-default port

This PS configures swift-rsyncd process to use non-default port
from the range above 1024.

Change-Id: I7c37c548a5185a2ffac789383fe012619e401131
Closes-Bug: #1573137
---
 ansible/group_vars/all.yml                         | 1 +
 ansible/roles/swift/templates/account.conf.j2      | 1 +
 ansible/roles/swift/templates/container.conf.j2    | 1 +
 ansible/roles/swift/templates/object.conf.j2       | 1 +
 ansible/roles/swift/templates/swift-rsyncd.json.j2 | 2 +-
 docker/swift/swift-base/swift_sudoers              | 4 +++-
 docker/swift/swift-rsyncd/Dockerfile.j2            | 1 -
 docker/swift/swift-rsyncd/extend_start.sh          | 2 +-
 8 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 9799483294..ab63645052 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -124,6 +124,7 @@ swift_proxy_server_port: "8080"
 swift_object_server_port: "6000"
 swift_account_server_port: "6001"
 swift_container_server_port: "6002"
+swift_rsync_port: "10873"
 
 heat_api_port: "8004"
 heat_api_cfn_port: "8000"
diff --git a/ansible/roles/swift/templates/account.conf.j2 b/ansible/roles/swift/templates/account.conf.j2
index ad54582cc7..df8437b946 100644
--- a/ansible/roles/swift/templates/account.conf.j2
+++ b/ansible/roles/swift/templates/account.conf.j2
@@ -20,6 +20,7 @@ use = egg:swift#account
 
 {% if service_name == 'swift-account-replicator' %}
 [account-replicator]
+sync_module = {replication_ip}:{meta}:account
 {% endif %}
 
 {% if service_name == 'swift-account-reaper' %}
diff --git a/ansible/roles/swift/templates/container.conf.j2 b/ansible/roles/swift/templates/container.conf.j2
index 55e0976dd0..2daad6bc15 100644
--- a/ansible/roles/swift/templates/container.conf.j2
+++ b/ansible/roles/swift/templates/container.conf.j2
@@ -20,6 +20,7 @@ use = egg:swift#container
 
 {% if service_name == 'swift-container-replicator' %}
 [container-replicator]
+sync_module = {replication_ip}:{meta}:container
 {% endif %}
 
 {% if service_name == 'swift-container-updater' %}
diff --git a/ansible/roles/swift/templates/object.conf.j2 b/ansible/roles/swift/templates/object.conf.j2
index 7499bbfd2f..ae4f08fd57 100644
--- a/ansible/roles/swift/templates/object.conf.j2
+++ b/ansible/roles/swift/templates/object.conf.j2
@@ -25,6 +25,7 @@ use = egg:swift#object
 
 {% if service_name == 'swift-object-replicator' %}
 [object-replicator]
+sync_module = {replication_ip}:{meta}:object
 {% endif %}
 
 {% if service_name == 'swift-object-updater' %}
diff --git a/ansible/roles/swift/templates/swift-rsyncd.json.j2 b/ansible/roles/swift/templates/swift-rsyncd.json.j2
index 3700a327fa..fb63f58f0f 100644
--- a/ansible/roles/swift/templates/swift-rsyncd.json.j2
+++ b/ansible/roles/swift/templates/swift-rsyncd.json.j2
@@ -1,5 +1,5 @@
 {
-    "command": "/usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf",
+    "command": "/usr/bin/rsync --daemon --no-detach --port={{swift_rsync_port}} --config=/etc/rsyncd.conf",
     "config_files": [
         {
             "source": "{{ container_config_directory }}/rsyncd.conf",
diff --git a/docker/swift/swift-base/swift_sudoers b/docker/swift/swift-base/swift_sudoers
index b20ac15fb8..b67c47df31 100644
--- a/docker/swift/swift-base/swift_sudoers
+++ b/docker/swift/swift-base/swift_sudoers
@@ -1 +1,3 @@
-swift ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/swift-rootwrap /etc/swift/rootwrap.conf *
+swift ALL=(root) NOPASSWD: /bin/chown -R swift\:swift /srv/node
+swift ALL=(root) NOPASSWD: /usr/bin/chown -R swift\:swift /srv/node
+swift ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/swift-rootwrap /etc/swift/rootwrap.conf *
diff --git a/docker/swift/swift-rsyncd/Dockerfile.j2 b/docker/swift/swift-rsyncd/Dockerfile.j2
index 8c6cc6ff2f..c2061c7741 100644
--- a/docker/swift/swift-rsyncd/Dockerfile.j2
+++ b/docker/swift/swift-rsyncd/Dockerfile.j2
@@ -15,7 +15,6 @@ RUN apt-get install -y --no-install-recommends \
 
 {% endif %}
 
-RUN setcap 'cap_net_bind_service=+ep' /usr/bin/rsync
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
diff --git a/docker/swift/swift-rsyncd/extend_start.sh b/docker/swift/swift-rsyncd/extend_start.sh
index b101b4e696..d432b82fb7 100644
--- a/docker/swift/swift-rsyncd/extend_start.sh
+++ b/docker/swift/swift-rsyncd/extend_start.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-chown -R swift: /srv/node
+sudo chown -R swift:swift /srv/node