Add keystone support with swift.

files/keystone_data.sh

@@ -30,12 +30,13 @@ $BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin
 $BIN_DIR/keystone-manage $* service add nova compute "Nova Compute Service"
 $BIN_DIR/keystone-manage $* service add glance image "Glance Image Service"
 $BIN_DIR/keystone-manage $* service add keystone identity "Keystone Identity Service"
+$BIN_DIR/keystone-manage $* service add swift object-store "Swift Service"
 
 #endpointTemplates
 $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
 $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
 $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:35357/v2.0 http://%HOST_IP%:5000/v2.0 1 1
-# $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
 
 # Tokens
 $BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00

files/swift-proxy-server.conf

@@ -4,13 +4,18 @@ user = stack
 log_facility = LOG_LOCAL1
 
 [pipeline:main]
-pipeline = healthcheck cache tempauth proxy-server
+pipeline = healthcheck cache %AUTH_SERVER% proxy-server
 
 [app:proxy-server]
 use = egg:swift#proxy
 allow_account_management = true
 account_autocreate = true
 
+[filter:keystone]
+use = egg:swiftkeystone2#keystone2
+keystone_admin_token = %SERVICE_TOKEN%
+keystone_url = http://localhost:35357/v2.0
+
 [filter:tempauth]
 use = egg:swift#tempauth
 user_admin_admin = admin .admin .reseller_admin

stack.sh

@@ -151,6 +151,7 @@ NOVACLIENT_DIR=$DEST/python-novaclient
 OPENSTACKX_DIR=$DEST/openstackx
 NOVNC_DIR=$DEST/noVNC
 SWIFT_DIR=$DEST/swift
+SWIFT_KEYSTONE_DIR=$DEST/swift-keystone2
 
 # Specify which services to launch.  These generally correspond to screen tabs
 ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,horizon,mysql,rabbit,swift}
@@ -363,6 +364,8 @@ function git_clone {
 git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
 # storage service
 git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH
+# swift + keystone middleware
+git_clone $SWIFT_KEYSTONE_REPO $SWIFT_KEYSTONE_DIR $SWIFT_KEYSTONE_BRANCH
 # image catalog service
 git_clone $GLANCE_REPO $GLANCE_DIR $GLANCE_BRANCH
 # unified auth system (manages accounts/tokens)
@@ -385,6 +388,7 @@ git_clone $OPENSTACKX_REPO $OPENSTACKX_DIR $OPENSTACKX_BRANCH
 # allowing ``import nova`` or ``import glance.client``
 cd $KEYSTONE_DIR; sudo python setup.py develop
 cd $SWIFT_DIR; sudo python setup.py develop
+cd $SWIFT_KEYSTONE_DIR; sudo python setup.py develop
 cd $GLANCE_DIR; sudo python setup.py develop
 cd $NOVACLIENT_DIR; sudo python setup.py develop
 cd $NOVA_DIR; sudo python setup.py develop
@@ -648,9 +652,18 @@ EOF
    # Add rsync file
    sed -e "s,%SWIFT_LOCATION%,$SWIFT_LOCATION," $FILES/swift-rsyncd.conf | sudo tee /etc/rsyncd.conf
    sudo sed -i '/^RSYNC_ENABLE=false/ { s/false/true/ }' /etc/default/rsync
-   
+
-   # Copy proxy-server configuration
+   if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
-   cp $FILES/swift-proxy-server.conf /etc/swift/proxy-server.conf
+       swift_auth_server=keystone
+       # Temporary until we get this integrated in swift.
+       sudo curl -s -o/usr/local/bin/swift \
+           'https://review.openstack.org/gitweb?p=openstack/swift.git;a=blob_plain;f=bin/swift;hb=48bfda6e2fdf3886c98bd15649887d54b9a2574e'
+   else
+       swift_auth_server=tempauth
+   fi
+
+   sed "s/%SERVICE_TOKEN%/${SERVICE_TOKEN}/;s/%AUTH_SERVER%/${swift_auth_server}/" \
+       $FILES/swift-proxy-server.conf|sudo tee  /etc/swift/proxy-server.conf
 
    # Generate swift.conf, we need to have the swift-hash being random
    # and unique.
@@ -664,6 +677,8 @@ EOF
        local server_type=$1
        local bind_port=$2
        local log_facility=$3
+       local node_number
+       
        for node_number in {1..4};do
            node_path=${SWIFT_LOCATION}/${node_number}
            sed -e "s,%NODE_PATH%,${node_path},;s,%BIND_PORT%,${bind_port},;s,%LOG_FACILITY%,${log_facility}," \
@@ -693,8 +708,7 @@ EOF
    
    # This should work (tempauth)
    # swift -A http://127.0.0.1:8080/auth/v1.0 -U test:tester -K testing stat
-   unset s swift_hasH
+   unset s swift_hash swift_auth_server tmpd
-   
 fi
 
 # Volume Service
@@ -976,6 +990,10 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
     echo "examples on using novaclient command line is in exercise.sh"
     echo "the default users are: admin and demo"
     echo "the password: $ADMIN_PASSWORD"
+    if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
+        echo "Swift: swift --auth-version 2 -A http://${HOST_IP}:5000/v2.0 -U admin:admin -K $ADMIN_PASSWORD stat"
+    fi
+
 fi
 
 # indicate how long this took to run (bash maintained variable 'SECONDS')

stackrc

@@ -6,6 +6,10 @@ NOVA_BRANCH=diablo
 SWIFT_REPO=https://github.com/openstack/swift.git
 SWIFT_BRANCH=1.4.3
 
+# swift and keystone integration
+SWIFT_KEYSTONE_REPO=https://github.com/cloudbuilders/swift-keystone2.git
+SWIFT_KEYSTONE_BRANCH=master
+
 # image catalog service
 GLANCE_REPO=https://github.com/cloudbuilders/glance.git
 GLANCE_BRANCH=diablo