Merge "Allow dispersion tools to use keystone server with insecure certificate"

This commit is contained in:
Jenkins 2013-08-05 22:23:44 +00:00 committed by Gerrit Code Review
commit 3741fbe779
6 changed files with 53 additions and 12 deletions

View File

@ -17,7 +17,8 @@
import traceback
from ConfigParser import ConfigParser
from cStringIO import StringIO
from sys import exit, argv, stdout
from optparse import OptionParser
from sys import exit, stdout
from time import time
from uuid import uuid4
@ -26,7 +27,10 @@ from eventlet.pools import Pool
from swiftclient import Connection, get_auth
from swift.common.ring import Ring
from swift.common.utils import compute_eta, get_time_units
from swift.common.utils import compute_eta, get_time_units, config_true_value
insecure = False
def put_container(connpool, container, report):
@ -78,10 +82,19 @@ if __name__ == '__main__':
patcher.monkey_patch()
conffile = '/etc/swift/dispersion.conf'
if len(argv) == 2:
conffile = argv[1]
elif len(argv) > 2:
exit('Syntax: %s [conffile]' % argv[0])
parser = OptionParser(usage='''
Usage: %%prog [options] [conf_file]
[conf_file] defaults to %s'''.strip() % conffile)
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
conffile = args.pop(0)
c = ConfigParser()
if not c.read(conffile):
exit('Unable to read config file: %s' % conffile)
@ -91,6 +104,8 @@ if __name__ == '__main__':
retries = int(conf.get('retries', 5))
concurrency = int(conf.get('concurrency', 25))
endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
coropool = GreenPool(size=concurrency)
retries_done = 0
@ -100,14 +115,16 @@ if __name__ == '__main__':
url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'),
os_options=os_options)
os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(conf['auth_url'],
conf['auth_user'], conf['auth_key'],
retries=retries,
preauthurl=url, preauthtoken=token,
os_options=os_options)
os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container')
parts_left = dict((x, x) for x in xrange(container_ring.partition_count))

View File

@ -37,6 +37,7 @@ unmounted = []
notfound = []
json_output = False
debug = False
insecure = False
def get_error_log(prefix):
@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file]
help='Only run container report')
parser.add_option('--object-only', action='store_true', default=False,
help='Only run object report')
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file]
and not options.container_only
if not (object_report or container_report):
exit("Neither container or object report is set to run")
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
if options.debug:
debug = True
@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file]
url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'),
os_options=os_options)
os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(
conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
preauthurl=url, preauthtoken=token, os_options=os_options)
preauthurl=url, preauthtoken=token, os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container')
object_ring = Ring(swift_dir, ring_name='object')

View File

@ -69,6 +69,7 @@ Whether to run the object report. The default is yes.
.IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift"
.IP "# keystone_api_insecure = no"
.IP "# dispersion_coverage = 1.0"
.IP "# retries = 5"
.IP "# concurrency = 25"

View File

@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
.B swift-dispersion-populate
.B swift-dispersion-populate [--insecure] [conf_file]
.SH DESCRIPTION
.PP
@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
tool should be a dedicated account for the dispersion stats and also have admin
privileges.
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION
.PD 0
Example \fI/etc/swift/dispersion.conf\fR:

View File

@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file]
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]
.SH DESCRIPTION
.PP
@ -84,6 +84,13 @@ Only run the container report
.IP "\fB--object-only\fR"
Only run the object report
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION
.PD 0
Example \fI/etc/swift/dispersion.conf\fR:

View File

@ -7,6 +7,7 @@ auth_key = testing
# auth_key = testing
# auth_version = 2.0
# endpoint_type = publicURL
# keystone_api_insecure = no
#
# swift_dir = /etc/swift
# dispersion_coverage = 1.0