Allow dispersion tools to use keystone server with insecure certificate
The swift-dispersion-populate and swift-dispersion-report tools now accept a --insecure option. Also, dispersion.conf now has a keystone_api_insecure option. Default is obviously to use the secure path. DocImpact Change-Id: I4000352e547d9ce5b08ade54e0c886281caff891
This commit is contained in:
6 changed files with 53 additions and 12 deletions
@@ -17,7 +17,8 @@
import traceback
from ConfigParser import ConfigParser
from cStringIO import StringIO
from sys import exit, argv, stdout
from optparse import OptionParser
from sys import exit, stdout
from time import time
from uuid import uuid4
@@ -26,7 +27,10 @@ from eventlet.pools import Pool
from swiftclient import Connection, get_auth
from swift.common.ring import Ring
from swift.common.utils import compute_eta, get_time_units
from swift.common.utils import compute_eta, get_time_units, config_true_value
insecure = False
def put_container(connpool, container, report):
@@ -78,10 +82,19 @@ if __name__ == '__main__':
patcher.monkey_patch()
conffile = '/etc/swift/dispersion.conf'
if len(argv) == 2:
conffile = argv[1]
elif len(argv) > 2:
exit('Syntax: %s [conffile]' % argv[0])
parser = OptionParser(usage='''
Usage: %%prog [options] [conf_file]
[conf_file] defaults to %s'''.strip() % conffile)
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
conffile = args.pop(0)
c = ConfigParser()
if not c.read(conffile):
exit('Unable to read config file: %s' % conffile)
@@ -91,6 +104,8 @@ if __name__ == '__main__':
retries = int(conf.get('retries', 5))
concurrency = int(conf.get('concurrency', 25))
endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
coropool = GreenPool(size=concurrency)
retries_done = 0
@@ -100,14 +115,16 @@ if __name__ == '__main__':
url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'),
os_options=os_options)
os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(conf['auth_url'],
conf['auth_user'], conf['auth_key'],
retries=retries,
preauthurl=url, preauthtoken=token,
os_options=os_options)
os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container')
parts_left = dict((x, x) for x in xrange(container_ring.partition_count))
@@ -37,6 +37,7 @@ unmounted = []
notfound = []
json_output = False
debug = False
insecure = False
def get_error_log(prefix):
@@ -314,6 +315,9 @@ Usage: %%prog [options] [conf_file]
help='Only run container report')
parser.add_option('--object-only', action='store_true', default=False,
help='Only run object report')
parser.add_option('--insecure', action='store_true', default=False,
help='Allow accessing insecure keystone server. '
'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
@@ -335,6 +339,8 @@ Usage: %%prog [options] [conf_file]
and not options.container_only
if not (object_report or container_report):
exit("Neither container or object report is set to run")
insecure = options.insecure \
or config_true_value(conf.get('keystone_api_insecure', 'no'))
if options.debug:
debug = True
@@ -345,12 +351,14 @@ Usage: %%prog [options] [conf_file]
url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'),
os_options=os_options)
os_options=os_options,
insecure=insecure)
account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(
conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
preauthurl=url, preauthtoken=token, os_options=os_options)
preauthurl=url, preauthtoken=token, os_options=os_options,
insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container')
object_ring = Ring(swift_dir, ring_name='object')
@@ -69,6 +69,7 @@ Whether to run the object report. The default is yes.
.IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift"
.IP "# keystone_api_insecure = no"
.IP "# dispersion_coverage = 1.0"
.IP "# retries = 5"
.IP "# concurrency = 25"
@@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
.B swift-dispersion-populate
.B swift-dispersion-populate [--insecure] [conf_file]
.SH DESCRIPTION
.PP
@@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
tool should be a dedicated account for the dispersion stats and also have admin
privileges.
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION
.PD 0
Example \fI/etc/swift/dispersion.conf\fR:
@@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file]
.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]
.SH DESCRIPTION
.PP
@@ -84,6 +84,13 @@ Only run the container report
.IP "\fB--object-only\fR"
Only run the object report
.SH OPTIONS
.RS 0
.PD 1
.IP "\fB--insecure\fR"
Allow accessing insecure keystone server. The keystone's certificate will not
be verified.
.SH CONFIGURATION
.PD 0
Example \fI/etc/swift/dispersion.conf\fR:
@@ -7,6 +7,7 @@ auth_key = testing
# auth_key = testing
# auth_version = 2.0
# endpoint_type = publicURL
# keystone_api_insecure = no
#
# swift_dir = /etc/swift
# dispersion_coverage = 1.0
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.