Merge "Allow dispersion tools to use keystone server with insecure certificate"

This commit is contained in:
Jenkins 2013-08-05 22:23:44 +00:00 committed by Gerrit Code Review
commit 3741fbe779
6 changed files with 53 additions and 12 deletions

View File

@ -17,7 +17,8 @@
import traceback import traceback
from ConfigParser import ConfigParser from ConfigParser import ConfigParser
from cStringIO import StringIO from cStringIO import StringIO
from sys import exit, argv, stdout from optparse import OptionParser
from sys import exit, stdout
from time import time from time import time
from uuid import uuid4 from uuid import uuid4
@ -26,7 +27,10 @@ from eventlet.pools import Pool
from swiftclient import Connection, get_auth from swiftclient import Connection, get_auth
from swift.common.ring import Ring from swift.common.ring import Ring
from swift.common.utils import compute_eta, get_time_units from swift.common.utils import compute_eta, get_time_units, config_true_value
insecure = False
def put_container(connpool, container, report): def put_container(connpool, container, report):
@ -78,10 +82,19 @@ if __name__ == '__main__':
patcher.monkey_patch() patcher.monkey_patch()
conffile = '/etc/swift/dispersion.conf' conffile = '/etc/swift/dispersion.conf'
if len(argv) == 2:
conffile = argv[1] parser = OptionParser(usage='''
elif len(argv) > 2: Usage: %%prog [options] [conf_file]
exit('Syntax: %s [conffile]' % argv[0])
[conf_file] defaults to %s'''.strip() % conffile)
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
conffile = args.pop(0)
c = ConfigParser() c = ConfigParser()
if not c.read(conffile): if not c.read(conffile):
exit('Unable to read config file: %s' % conffile) exit('Unable to read config file: %s' % conffile)
@ -91,6 +104,8 @@ if __name__ == '__main__':
retries = int(conf.get('retries', 5)) retries = int(conf.get('retries', 5))
concurrency = int(conf.get('concurrency', 25)) concurrency = int(conf.get('concurrency', 25))
endpoint_type = str(conf.get('endpoint_type', 'publicURL')) endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
coropool = GreenPool(size=concurrency) coropool = GreenPool(size=concurrency)
retries_done = 0 retries_done = 0
@ -100,14 +115,16 @@ if __name__ == '__main__':
url, token = get_auth(conf['auth_url'], conf['auth_user'], url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'], conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'), auth_version=conf.get('auth_version', '1.0'),
os_options=os_options) os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1] account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency) connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(conf['auth_url'], connpool.create = lambda: Connection(conf['auth_url'],
conf['auth_user'], conf['auth_key'], conf['auth_user'], conf['auth_key'],
retries=retries, retries=retries,
preauthurl=url, preauthtoken=token, preauthurl=url, preauthtoken=token,
os_options=os_options) os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container') container_ring = Ring(swift_dir, ring_name='container')
parts_left = dict((x, x) for x in xrange(container_ring.partition_count)) parts_left = dict((x, x) for x in xrange(container_ring.partition_count))

View File

@ -37,6 +37,7 @@ unmounted = []
notfound = [] notfound = []
json_output = False json_output = False
debug = False debug = False
insecure = False
def get_error_log(prefix): def get_error_log(prefix):
@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file]
help='Only run container report') help='Only run container report')
parser.add_option('--object-only', action='store_true', default=False, parser.add_option('--object-only', action='store_true', default=False,
help='Only run object report') help='Only run object report')
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args() options, args = parser.parse_args()
if args: if args:
@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file]
and not options.container_only and not options.container_only
if not (object_report or container_report): if not (object_report or container_report):
exit("Neither container or object report is set to run") exit("Neither container or object report is set to run")
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
if options.debug: if options.debug:
debug = True debug = True
@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file]
url, token = get_auth(conf['auth_url'], conf['auth_user'], url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'], conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'), auth_version=conf.get('auth_version', '1.0'),
os_options=os_options) os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1] account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency) connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection( connpool.create = lambda: Connection(
conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries, conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
preauthurl=url, preauthtoken=token, os_options=os_options) preauthurl=url, preauthtoken=token, os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container') container_ring = Ring(swift_dir, ring_name='container')
object_ring = Ring(swift_dir, ring_name='object') object_ring = Ring(swift_dir, ring_name='object')

View File

@ -69,6 +69,7 @@ Whether to run the object report. The default is yes.
.IP "auth_user = dpstats:dpstats" .IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats" .IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift" .IP "swift_dir = /etc/swift"
.IP "# keystone_api_insecure = no"
.IP "# dispersion_coverage = 1.0" .IP "# dispersion_coverage = 1.0"
.IP "# retries = 5" .IP "# retries = 5"
.IP "# concurrency = 25" .IP "# concurrency = 25"

View File

@ -24,7 +24,7 @@
.SH SYNOPSIS .SH SYNOPSIS
.LP .LP
.B swift-dispersion-populate .B swift-dispersion-populate [--insecure] [conf_file]
.SH DESCRIPTION .SH DESCRIPTION
.PP .PP
@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
tool should be a dedicated account for the dispersion stats and also have admin tool should be a dedicated account for the dispersion stats and also have admin
privileges. privileges.
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION .SH CONFIGURATION
.PD 0 .PD 0
Example \fI/etc/swift/dispersion.conf\fR: Example \fI/etc/swift/dispersion.conf\fR:

View File

@ -24,7 +24,7 @@
.SH SYNOPSIS .SH SYNOPSIS
.LP .LP
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file] .B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]
.SH DESCRIPTION .SH DESCRIPTION
.PP .PP
@ -84,6 +84,13 @@ Only run the container report
.IP "\fB--object-only\fR" .IP "\fB--object-only\fR"
Only run the object report Only run the object report
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION .SH CONFIGURATION
.PD 0 .PD 0
Example \fI/etc/swift/dispersion.conf\fR: Example \fI/etc/swift/dispersion.conf\fR:

View File

@ -7,6 +7,7 @@ auth_key = testing
# auth_key = testing # auth_key = testing
# auth_version = 2.0 # auth_version = 2.0
# endpoint_type = publicURL # endpoint_type = publicURL
# keystone_api_insecure = no
# #
# swift_dir = /etc/swift # swift_dir = /etc/swift
# dispersion_coverage = 1.0 # dispersion_coverage = 1.0