Merge "Allow dispersion tools to use keystone server with insecure certificate"
This commit is contained in:
commit
3741fbe779
@ -17,7 +17,8 @@
|
||||
import traceback
|
||||
from ConfigParser import ConfigParser
|
||||
from cStringIO import StringIO
|
||||
from sys import exit, argv, stdout
|
||||
from optparse import OptionParser
|
||||
from sys import exit, stdout
|
||||
from time import time
|
||||
from uuid import uuid4
|
||||
|
||||
@ -26,7 +27,10 @@ from eventlet.pools import Pool
|
||||
|
||||
from swiftclient import Connection, get_auth
|
||||
from swift.common.ring import Ring
|
||||
from swift.common.utils import compute_eta, get_time_units
|
||||
from swift.common.utils import compute_eta, get_time_units, config_true_value
|
||||
|
||||
|
||||
insecure = False
|
||||
|
||||
|
||||
def put_container(connpool, container, report):
|
||||
@ -78,10 +82,19 @@ if __name__ == '__main__':
|
||||
patcher.monkey_patch()
|
||||
|
||||
conffile = '/etc/swift/dispersion.conf'
|
||||
if len(argv) == 2:
|
||||
conffile = argv[1]
|
||||
elif len(argv) > 2:
|
||||
exit('Syntax: %s [conffile]' % argv[0])
|
||||
|
||||
parser = OptionParser(usage='''
|
||||
Usage: %%prog [options] [conf_file]
|
||||
|
||||
[conf_file] defaults to %s'''.strip() % conffile)
|
||||
parser.add_option('--insecure', action='store_true', default=False,
|
||||
help='Allow accessing insecure keystone server. '
|
||||
'The keystone\'s certificate will not be verified.')
|
||||
options, args = parser.parse_args()
|
||||
|
||||
if args:
|
||||
conffile = args.pop(0)
|
||||
|
||||
c = ConfigParser()
|
||||
if not c.read(conffile):
|
||||
exit('Unable to read config file: %s' % conffile)
|
||||
@ -91,6 +104,8 @@ if __name__ == '__main__':
|
||||
retries = int(conf.get('retries', 5))
|
||||
concurrency = int(conf.get('concurrency', 25))
|
||||
endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
|
||||
insecure = options.insecure \
|
||||
or config_true_value(conf.get('keystone_api_insecure', 'no'))
|
||||
|
||||
coropool = GreenPool(size=concurrency)
|
||||
retries_done = 0
|
||||
@ -100,14 +115,16 @@ if __name__ == '__main__':
|
||||
url, token = get_auth(conf['auth_url'], conf['auth_user'],
|
||||
conf['auth_key'],
|
||||
auth_version=conf.get('auth_version', '1.0'),
|
||||
os_options=os_options)
|
||||
os_options=os_options,
|
||||
insecure=insecure)
|
||||
account = url.rsplit('/', 1)[1]
|
||||
connpool = Pool(max_size=concurrency)
|
||||
connpool.create = lambda: Connection(conf['auth_url'],
|
||||
conf['auth_user'], conf['auth_key'],
|
||||
retries=retries,
|
||||
preauthurl=url, preauthtoken=token,
|
||||
os_options=os_options)
|
||||
os_options=os_options,
|
||||
insecure=insecure)
|
||||
|
||||
container_ring = Ring(swift_dir, ring_name='container')
|
||||
parts_left = dict((x, x) for x in xrange(container_ring.partition_count))
|
||||
|
@ -37,6 +37,7 @@ unmounted = []
|
||||
notfound = []
|
||||
json_output = False
|
||||
debug = False
|
||||
insecure = False
|
||||
|
||||
|
||||
def get_error_log(prefix):
|
||||
@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file]
|
||||
help='Only run container report')
|
||||
parser.add_option('--object-only', action='store_true', default=False,
|
||||
help='Only run object report')
|
||||
parser.add_option('--insecure', action='store_true', default=False,
|
||||
help='Allow accessing insecure keystone server. '
|
||||
'The keystone\'s certificate will not be verified.')
|
||||
options, args = parser.parse_args()
|
||||
|
||||
if args:
|
||||
@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file]
|
||||
and not options.container_only
|
||||
if not (object_report or container_report):
|
||||
exit("Neither container or object report is set to run")
|
||||
insecure = options.insecure \
|
||||
or config_true_value(conf.get('keystone_api_insecure', 'no'))
|
||||
if options.debug:
|
||||
debug = True
|
||||
|
||||
@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file]
|
||||
url, token = get_auth(conf['auth_url'], conf['auth_user'],
|
||||
conf['auth_key'],
|
||||
auth_version=conf.get('auth_version', '1.0'),
|
||||
os_options=os_options)
|
||||
os_options=os_options,
|
||||
insecure=insecure)
|
||||
account = url.rsplit('/', 1)[1]
|
||||
connpool = Pool(max_size=concurrency)
|
||||
connpool.create = lambda: Connection(
|
||||
conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
|
||||
preauthurl=url, preauthtoken=token, os_options=os_options)
|
||||
preauthurl=url, preauthtoken=token, os_options=os_options,
|
||||
insecure=insecure)
|
||||
|
||||
container_ring = Ring(swift_dir, ring_name='container')
|
||||
object_ring = Ring(swift_dir, ring_name='object')
|
||||
|
@ -69,6 +69,7 @@ Whether to run the object report. The default is yes.
|
||||
.IP "auth_user = dpstats:dpstats"
|
||||
.IP "auth_key = dpstats"
|
||||
.IP "swift_dir = /etc/swift"
|
||||
.IP "# keystone_api_insecure = no"
|
||||
.IP "# dispersion_coverage = 1.0"
|
||||
.IP "# retries = 5"
|
||||
.IP "# concurrency = 25"
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
.SH SYNOPSIS
|
||||
.LP
|
||||
.B swift-dispersion-populate
|
||||
.B swift-dispersion-populate [--insecure] [conf_file]
|
||||
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
|
||||
tool should be a dedicated account for the dispersion stats and also have admin
|
||||
privileges.
|
||||
|
||||
.SH OPTIONS
|
||||
.RS 0
|
||||
.PD 1
|
||||
.IP "\fB--insecure\fR"
|
||||
Allow accessing insecure keystone server. The keystone's certificate will not
|
||||
be verified.
|
||||
|
||||
.SH CONFIGURATION
|
||||
.PD 0
|
||||
Example \fI/etc/swift/dispersion.conf\fR:
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
.SH SYNOPSIS
|
||||
.LP
|
||||
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file]
|
||||
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]
|
||||
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@ -84,6 +84,13 @@ Only run the container report
|
||||
.IP "\fB--object-only\fR"
|
||||
Only run the object report
|
||||
|
||||
.SH OPTIONS
|
||||
.RS 0
|
||||
.PD 1
|
||||
.IP "\fB--insecure\fR"
|
||||
Allow accessing insecure keystone server. The keystone's certificate will not
|
||||
be verified.
|
||||
|
||||
.SH CONFIGURATION
|
||||
.PD 0
|
||||
Example \fI/etc/swift/dispersion.conf\fR:
|
||||
|
@ -7,6 +7,7 @@ auth_key = testing
|
||||
# auth_key = testing
|
||||
# auth_version = 2.0
|
||||
# endpoint_type = publicURL
|
||||
# keystone_api_insecure = no
|
||||
#
|
||||
# swift_dir = /etc/swift
|
||||
# dispersion_coverage = 1.0
|
||||
|
Loading…
Reference in New Issue
Block a user