From 7f1aa9d1e838f48b91966fa44e179c82b2b116b7 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Fri, 12 Jul 2013 08:11:27 +0200 Subject: [PATCH] Allow dispersion tools to use keystone server with insecure certificate The swift-dispersion-populate and swift-dispersion-report tools now accept a --insecure option. Also, dispersion.conf now has a keystone_api_insecure option. Default is obviously to use the secure path. DocImpact Change-Id: I4000352e547d9ce5b08ade54e0c886281caff891 --- bin/swift-dispersion-populate | 33 ++++++++++++++++++------ bin/swift-dispersion-report | 12 +++++++-- doc/manpages/dispersion.conf.5 | 1 + doc/manpages/swift-dispersion-populate.1 | 9 ++++++- doc/manpages/swift-dispersion-report.1 | 9 ++++++- etc/dispersion.conf-sample | 1 + 6 files changed, 53 insertions(+), 12 deletions(-) diff --git a/bin/swift-dispersion-populate b/bin/swift-dispersion-populate index 020c77d89f..1c48526f52 100755 --- a/bin/swift-dispersion-populate +++ b/bin/swift-dispersion-populate @@ -17,7 +17,8 @@ import traceback from ConfigParser import ConfigParser from cStringIO import StringIO -from sys import exit, argv, stdout +from optparse import OptionParser +from sys import exit, stdout from time import time from uuid import uuid4 @@ -26,7 +27,10 @@ from eventlet.pools import Pool from swiftclient import Connection, get_auth from swift.common.ring import Ring -from swift.common.utils import compute_eta, get_time_units +from swift.common.utils import compute_eta, get_time_units, config_true_value + + +insecure = False def put_container(connpool, container, report): @@ -78,10 +82,19 @@ if __name__ == '__main__': patcher.monkey_patch() conffile = '/etc/swift/dispersion.conf' - if len(argv) == 2: - conffile = argv[1] - elif len(argv) > 2: - exit('Syntax: %s [conffile]' % argv[0]) + + parser = OptionParser(usage=''' +Usage: %%prog [options] [conf_file] + +[conf_file] defaults to %s'''.strip() % conffile) + parser.add_option('--insecure', action='store_true', default=False, + help='Allow accessing insecure keystone server. ' + 'The keystone\'s certificate will not be verified.') + options, args = parser.parse_args() + + if args: + conffile = args.pop(0) + c = ConfigParser() if not c.read(conffile): exit('Unable to read config file: %s' % conffile) @@ -91,6 +104,8 @@ if __name__ == '__main__': retries = int(conf.get('retries', 5)) concurrency = int(conf.get('concurrency', 25)) endpoint_type = str(conf.get('endpoint_type', 'publicURL')) + insecure = options.insecure \ + or config_true_value(conf.get('keystone_api_insecure', 'no')) coropool = GreenPool(size=concurrency) retries_done = 0 @@ -100,14 +115,16 @@ if __name__ == '__main__': url, token = get_auth(conf['auth_url'], conf['auth_user'], conf['auth_key'], auth_version=conf.get('auth_version', '1.0'), - os_options=os_options) + os_options=os_options, + insecure=insecure) account = url.rsplit('/', 1)[1] connpool = Pool(max_size=concurrency) connpool.create = lambda: Connection(conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries, preauthurl=url, preauthtoken=token, - os_options=os_options) + os_options=os_options, + insecure=insecure) container_ring = Ring(swift_dir, ring_name='container') parts_left = dict((x, x) for x in xrange(container_ring.partition_count)) diff --git a/bin/swift-dispersion-report b/bin/swift-dispersion-report index 31c1fdafcb..601e76dda9 100755 --- a/bin/swift-dispersion-report +++ b/bin/swift-dispersion-report @@ -37,6 +37,7 @@ unmounted = [] notfound = [] json_output = False debug = False +insecure = False def get_error_log(prefix): @@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file] help='Only run container report') parser.add_option('--object-only', action='store_true', default=False, help='Only run object report') + parser.add_option('--insecure', action='store_true', default=False, + help='Allow accessing insecure keystone server. ' + 'The keystone\'s certificate will not be verified.') options, args = parser.parse_args() if args: @@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file] and not options.container_only if not (object_report or container_report): exit("Neither container or object report is set to run") + insecure = options.insecure \ + or config_true_value(conf.get('keystone_api_insecure', 'no')) if options.debug: debug = True @@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file] url, token = get_auth(conf['auth_url'], conf['auth_user'], conf['auth_key'], auth_version=conf.get('auth_version', '1.0'), - os_options=os_options) + os_options=os_options, + insecure=insecure) account = url.rsplit('/', 1)[1] connpool = Pool(max_size=concurrency) connpool.create = lambda: Connection( conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries, - preauthurl=url, preauthtoken=token, os_options=os_options) + preauthurl=url, preauthtoken=token, os_options=os_options, + insecure=insecure) container_ring = Ring(swift_dir, ring_name='container') object_ring = Ring(swift_dir, ring_name='object') diff --git a/doc/manpages/dispersion.conf.5 b/doc/manpages/dispersion.conf.5 index 9f0511f7de..162846a501 100644 --- a/doc/manpages/dispersion.conf.5 +++ b/doc/manpages/dispersion.conf.5 @@ -69,6 +69,7 @@ Whether to run the object report. The default is yes. .IP "auth_user = dpstats:dpstats" .IP "auth_key = dpstats" .IP "swift_dir = /etc/swift" +.IP "# keystone_api_insecure = no" .IP "# dispersion_coverage = 1.0" .IP "# retries = 5" .IP "# concurrency = 25" diff --git a/doc/manpages/swift-dispersion-populate.1 b/doc/manpages/swift-dispersion-populate.1 index 7cebdc0439..b4bed1c07b 100644 --- a/doc/manpages/swift-dispersion-populate.1 +++ b/doc/manpages/swift-dispersion-populate.1 @@ -24,7 +24,7 @@ .SH SYNOPSIS .LP -.B swift-dispersion-populate +.B swift-dispersion-populate [--insecure] [conf_file] .SH DESCRIPTION .PP @@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these tool should be a dedicated account for the dispersion stats and also have admin privileges. +.SH OPTIONS +.RS 0 +.PD 1 +.IP "\fB--insecure\fR" +Allow accessing insecure keystone server. The keystone's certificate will not +be verified. + .SH CONFIGURATION .PD 0 Example \fI/etc/swift/dispersion.conf\fR: diff --git a/doc/manpages/swift-dispersion-report.1 b/doc/manpages/swift-dispersion-report.1 index ebdea83ea5..357c177dc1 100644 --- a/doc/manpages/swift-dispersion-report.1 +++ b/doc/manpages/swift-dispersion-report.1 @@ -24,7 +24,7 @@ .SH SYNOPSIS .LP -.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file] +.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file] .SH DESCRIPTION .PP @@ -84,6 +84,13 @@ Only run the container report .IP "\fB--object-only\fR" Only run the object report +.SH OPTIONS +.RS 0 +.PD 1 +.IP "\fB--insecure\fR" +Allow accessing insecure keystone server. The keystone's certificate will not +be verified. + .SH CONFIGURATION .PD 0 Example \fI/etc/swift/dispersion.conf\fR: diff --git a/etc/dispersion.conf-sample b/etc/dispersion.conf-sample index 9eb5c0316b..47a7f305b9 100644 --- a/etc/dispersion.conf-sample +++ b/etc/dispersion.conf-sample @@ -7,6 +7,7 @@ auth_key = testing # auth_key = testing # auth_version = 2.0 # endpoint_type = publicURL +# keystone_api_insecure = no # # swift_dir = /etc/swift # dispersion_coverage = 1.0