diff options
author | Tim Burke <tim.burke@gmail.com> | 2020-04-23 16:26:53 -0700 |
---|---|---|
committer | Tim Burke <tim.burke@gmail.com> | 2020-05-22 16:04:52 -0700 |
commit | bb9b0326fde08768e6d609a210a1d1a5ec1c32ff (patch) | |
tree | 41d9dcae57571010710a96cdfc1fcf0f60e86127 /roles | |
parent | 9581254e6617f1bb51c7de0599107999622fbe82 (diff) | |
download | swift-bb9b0326fde08768e6d609a210a1d1a5ec1c32ff.tar.gz |
swift-dsvm: Enable s3api
Depends-On: https://review.opendev.org/#/c/571021/
Change-Id: I3ac3288cd61b745ce7dbf2bded8eade026d0418f
Diffstat (limited to 'roles')
-rw-r--r-- | roles/additional-keystone-users/tasks/main.yaml | 61 | ||||
-rw-r--r-- | roles/dsvm-additional-middlewares/tasks/main.yaml | 39 |
2 files changed, 96 insertions, 4 deletions
diff --git a/roles/additional-keystone-users/tasks/main.yaml b/roles/additional-keystone-users/tasks/main.yaml new file mode 100644 index 000000000..3e2b01342 --- /dev/null +++ b/roles/additional-keystone-users/tasks/main.yaml @@ -0,0 +1,61 @@ +- name: Set S3 endpoint + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_storage_url + value: http://localhost:8080 + become: true + +- name: Create primary S3 user + shell: > + openstack --os-auth-url http://localhost/identity + --os-project-domain-id default --os-project-name admin + --os-user-domain-id default --os-username admin + --os-password secretadmin + credential create --type ec2 --project swiftprojecttest1 swiftusertest1 + '{"access": "s3-user1", "secret": "s3-secret1"}' +- name: Add primary S3 user to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_access_key + value: s3-user1 + become: true +- name: Add primary S3 user secret to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_secret_key + value: s3-secret1 + become: true + +- name: Clear secondary S3 user from test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_access_key2 + value: "" + become: true + +- name: Create restricted S3 user + shell: > + openstack --os-auth-url http://localhost/identity + --os-project-domain-id default --os-project-name admin + --os-user-domain-id default --os-username admin + --os-password secretadmin + credential create --type ec2 --project swiftprojecttest1 swiftusertest3 + '{"access": "s3-user3", "secret": "s3-secret3"}' +- name: Add restricted S3 user to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_access_key3 + value: s3-user3 + become: true +- name: Add restricted S3 user secret to test.conf + ini_file: + path: /etc/swift/test.conf + section: func_test + option: s3_secret_key3 + value: s3-secret3 + become: true diff --git a/roles/dsvm-additional-middlewares/tasks/main.yaml b/roles/dsvm-additional-middlewares/tasks/main.yaml index f149e519f..66e186a3f 100644 --- a/roles/dsvm-additional-middlewares/tasks/main.yaml +++ b/roles/dsvm-additional-middlewares/tasks/main.yaml @@ -1,8 +1,15 @@ -- name: Add more middlewares to pipeline +- name: Add domain_remap and etag-quoter to pipeline replace: - path: "/etc/swift/proxy-server.conf" - regexp: "cache listing_formats" - replace: "cache domain_remap etag-quoter listing_formats" + path: "/etc/swift/proxy-server.conf" + regexp: "cache listing_formats" + replace: "cache domain_remap etag-quoter listing_formats" + become: true + +- name: Add s3api and s3token to pipeline + replace: + path: "/etc/swift/proxy-server.conf" + regexp: "authtoken keystoneauth tempauth" + replace: "authtoken s3api s3token keystoneauth tempauth" become: true - name: Set domain_remap domain @@ -29,6 +36,30 @@ value: true become: true +- name: Configure s3api force_swift_request_proxy_log + ini_file: + path: /etc/swift/proxy-server.conf + section: filter:s3api + option: force_swift_request_proxy_log + value: true + become: true + +- name: Configure s3token auth_uri + ini_file: + path: /etc/swift/proxy-server.conf + section: filter:s3token + option: auth_uri + value: http://localhost/identity/v3 + become: true + +- name: Configure s3token delay_auth_decision + ini_file: + path: /etc/swift/proxy-server.conf + section: filter:s3token + option: delay_auth_decision + value: true + become: true + - name: Copy ring for Policy-1 copy: remote_src: true |