From 438b216ffa44c8da6ba8cd5930862694a8e3a2e6 Mon Sep 17 00:00:00 2001 From: venkata edara Date: Mon, 31 Jul 2017 16:17:49 +0530 Subject: Added S3 authentication changes changed the proxy-server.conf to enable authentication and scripts to add user Signed-off-by: venkata edara --- gluster-s3object/CentOS/docker-gluster-s3/Dockerfile | 7 ++++++- gluster-s3object/CentOS/docker-gluster-s3/README.md | 2 +- .../CentOS/docker-gluster-s3/etc/swift/proxy-server.conf | 9 ++++++++- .../CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes | 2 ++ .../CentOS/docker-gluster-s3/gluster-swift-add-user | 13 +++++++++++++ .../CentOS/docker-gluster-s3/swift-adduser.service | 11 +++++++++++ .../CentOS/docker-gluster-s3/swift-gen-builders.service | 2 +- .../CentOS/docker-gluster-s3/update_gluster_vol.sh | 6 ++++-- 8 files changed, 46 insertions(+), 6 deletions(-) create mode 100755 gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user create mode 100644 gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service (limited to 'gluster-s3object/CentOS/docker-gluster-s3') diff --git a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile index 9ec1e2f..fdfb0ec 100644 --- a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile +++ b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile @@ -54,6 +54,7 @@ COPY swift-proxy.service /lib/systemd/system/ COPY swift-account.service /lib/systemd/system/ COPY swift-container.service /lib/systemd/system/ COPY swift-object.service /lib/systemd/system/ +COPY swift-adduser.service /lib/systemd/system/ # Replace openstack swift conf files with local gluster-swift ones COPY etc/swift/* /etc/swift/ @@ -62,6 +63,9 @@ COPY etc/swift/* /etc/swift/ COPY update_gluster_vol.sh /usr/local/bin/update_gluster_vol.sh RUN chmod +x /usr/local/bin/update_gluster_vol.sh +COPY gluster-swift-add-user /usr/local/bin/gluster-swift-add-user +RUN chmod +x /usr/local/bin/gluster-swift-add-user + # volumes to be exposed as object storage is present in swift-volumes file COPY etc/sysconfig/swift-volumes /etc/sysconfig/swift-volumes @@ -76,7 +80,8 @@ systemctl enable memcached.service;\ systemctl enable swift-proxy.service;\ systemctl enable swift-account.service;\ systemctl enable swift-container.service;\ -systemctl enable swift-object.service; +systemctl enable swift-object.service;\ +systemctl enable swift-adduser.service; ENTRYPOINT ["/usr/local/bin/update_gluster_vol.sh"] CMD ["/usr/sbin/init"] diff --git a/gluster-s3object/CentOS/docker-gluster-s3/README.md b/gluster-s3object/CentOS/docker-gluster-s3/README.md index baa6d28..a8bd935 100644 --- a/gluster-s3object/CentOS/docker-gluster-s3/README.md +++ b/gluster-s3object/CentOS/docker-gluster-s3/README.md @@ -30,7 +30,7 @@ Where tv1 is the volume name. **Example:** ```bash -# docker run -d --privileged -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" gluster-s3 +# docker run -d --privileged -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" -e GLUSTER_USER="admin" -e GLUSTER_PASSWORD="redhat" gluster-s3 ``` If you have selinux set to enforced on the host machine, refer to the diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf index 979b735..8e6ecc5 100644 --- a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf +++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf @@ -5,7 +5,7 @@ user = root workers = 1 [pipeline:main] -pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 staticweb slo dlo proxy-logging proxy-server +pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 gswauth staticweb slo dlo proxy-logging proxy-server [app:proxy-server] use = egg:gluster_swift#proxy @@ -97,3 +97,10 @@ user_test5_tester5 = testing5 service [filter:swift3] use = egg:swift3#swift3 + +[filter:gswauth] +use = egg:gluster_swift#gswauth +set log_name = gswauth +super_admin_key = gswauthkey +metadata_volume = gsmetadata +s3_support = on diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes index 8b49f07..3aeb7ec 100644 --- a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes +++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes @@ -1,2 +1,4 @@ # Set Gluster volumes to be used by gluster-object service GLUSTER_VOLUMES="tv1" +GLUSTER_USER="admin" +GLUSTER_PASSWORD="redhat" diff --git a/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user new file mode 100755 index 0000000..59eb1b2 --- /dev/null +++ b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user @@ -0,0 +1,13 @@ +#!/bin/bash +if [ "$#" -lt 3 ]; then + echo "Incorrect args. invoke gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES" + exit 1 +else + GLUSTER_USER=$1 + GLUSTER_PASSWORD=$2 + GLUSTER_VOLUMES=$(echo $3 | cut -d" " -f1) + sleep 5 + gswauth-prep -A http://0.0.0.0:8080/auth -K gswauthkey + gswauth-add-account -K gswauthkey $GLUSTER_VOLUMES + gswauth-add-user -K gswauthkey -a $GLUSTER_VOLUMES $GLUSTER_USER $GLUSTER_PASSWORD +fi diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service new file mode 100644 index 0000000..ee4c8d7 --- /dev/null +++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service @@ -0,0 +1,11 @@ +[Unit] +Description=Swift Add User +After=swift-object.service + +[Service] +Type=oneshot +EnvironmentFile=-/etc/sysconfig/swift-volumes +ExecStart=/usr/local/bin/gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES + +[Install] +WantedBy=multi-user.target diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service index ab30a7c..efafca5 100644 --- a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service +++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service @@ -5,7 +5,7 @@ Before=memcached.service [Service] Type=oneshot EnvironmentFile=-/etc/sysconfig/swift-volumes -ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES +ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES gsmetadata [Install] WantedBy=multi-user.target diff --git a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh index dfb891d..9e9c60e 100644 --- a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh +++ b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh @@ -1,12 +1,14 @@ #!/bin/bash # To update gluster volume name in swift-volumes, used by swift-gen-builders.service -if [ -z "$GLUSTER_VOLUMES" ]; then - echo "You need to set GLUSTER_VOLUMES env variable" +if [[ -z "$GLUSTER_VOLUMES" || -z "$GLUSTER_USER" || -z "$GLUSTER_PASSWORD" ]]; then + echo "You need to set GLUSTER_VOLUMES, GLUSTER_USER, GLUSTER_PASSWORD env variable" exit 1 else echo "GLUSTER_VOLUMES env variable is set. Update in swift-volumes" sed -i.bak '/^GLUSTER_VOLUMES=/s/=.*/='\""$GLUSTER_VOLUMES"\"'/' /etc/sysconfig/swift-volumes + sed -i.bak '/^GLUSTER_USER=/s/=.*/='\""$GLUSTER_USER"\"'/' /etc/sysconfig/swift-volumes + sed -i.bak '/^GLUSTER_PASSWORD=/s/=.*/='\""$GLUSTER_PASSWORD"\"'/' /etc/sysconfig/swift-volumes fi # Hand off to CMD -- cgit v1.2.3