File swift-dispersion-insecure-ssl.patch of Package openstack-swift
From: Vincent Untz <vuntz@suse.com>
Date: Fri, 12 Jul 2013 06:11:27 +0000 (+0200)
Subject: Allow dispersion tools to use keystone server with insecure certificate
X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fswift.git;a=commitdiff_plain;h=82986ab4bfab3ae7bd192bdd42795d56f9711c9d
Allow dispersion tools to use keystone server with insecure certificate
The swift-dispersion-populate and swift-dispersion-report tools now
accept a --insecure option.
Also, dispersion.conf now has a keystone_api_insecure option.
Default is obviously to use the secure path.
Change-Id: I4000352e547d9ce5b08ade54e0c886281caff891
---
diff --git a/bin/swift-dispersion-populate b/bin/swift-dispersion-populate
index 324c644..20159c9 100755
--- a/bin/swift-dispersion-populate
+++ b/bin/swift-dispersion-populate
@@ -18,7 +18,8 @@
import traceback
from ConfigParser import ConfigParser
from cStringIO import StringIO
-from sys import exit, argv, stdout
+from optparse import OptionParser
+from sys import exit, stdout
from time import time
from uuid import uuid4
@@ -27,7 +28,10 @@ from eventlet.pools import Pool
from swiftclient import Connection, get_auth
from swift.common.ring import Ring
-from swift.common.utils import compute_eta, get_time_units
+from swift.common.utils import compute_eta, get_time_units, config_true_value
+
+
+insecure = False
def put_container(connpool, container, report):
@@ -79,10 +83,19 @@ if __name__ == '__main__':
patcher.monkey_patch()
conffile = '/etc/swift/dispersion.conf'
- if len(argv) == 2:
- conffile = argv[1]
- elif len(argv) > 2:
- exit('Syntax: %s [conffile]' % argv[0])
+
+ parser = OptionParser(usage='''
+Usage: %%prog [options] [conf_file]
+
+[conf_file] defaults to %s'''.strip() % conffile)
+ parser.add_option('--insecure', action='store_true', default=False,
+ help='Allow accessing insecure keystone server. '
+ 'The keystone\'s certificate will not be verified.')
+ options, args = parser.parse_args()
+
+ if args:
+ conffile = args.pop(0)
+
c = ConfigParser()
if not c.read(conffile):
exit('Unable to read config file: %s' % conffile)
@@ -92,6 +105,8 @@ if __name__ == '__main__':
retries = int(conf.get('retries', 5))
concurrency = int(conf.get('concurrency', 25))
endpoint_type = str(conf.get('endpoint_type', 'publicURL'))
+ insecure = options.insecure \
+ or config_true_value(conf.get('keystone_api_insecure', 'no'))
coropool = GreenPool(size=concurrency)
retries_done = 0
@@ -101,14 +116,16 @@ if __name__ == '__main__':
url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'),
- os_options=os_options)
+ os_options=os_options,
+ insecure=insecure)
account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(conf['auth_url'],
conf['auth_user'], conf['auth_key'],
retries=retries,
preauthurl=url, preauthtoken=token,
- os_options=os_options)
+ os_options=os_options,
+ insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container')
parts_left = dict((x, x) for x in xrange(container_ring.partition_count))
diff --git a/bin/swift-dispersion-report b/bin/swift-dispersion-report
index f96baab..dd7219c 100755
--- a/bin/swift-dispersion-report
+++ b/bin/swift-dispersion-report
@@ -37,6 +37,7 @@ unmounted = []
notfound = []
json_output = False
debug = False
+insecure = False
def get_error_log(prefix):
@@ -322,6 +323,9 @@ Usage: %%prog [options] [conf_file]
help='Only run container report')
parser.add_option('--object-only', action='store_true', default=False,
help='Only run object report')
+ parser.add_option('--insecure', action='store_true', default=False,
+ help='Allow accessing insecure keystone server. '
+ 'The keystone\'s certificate will not be verified.')
options, args = parser.parse_args()
if args:
@@ -344,6 +348,8 @@ Usage: %%prog [options] [conf_file]
and not options.container_only
if not (object_report or container_report):
exit("Neither container or object report is set to run")
+ insecure = options.insecure \
+ or config_true_value(conf.get('keystone_api_insecure', 'no'))
if options.debug:
debug = True
@@ -354,12 +360,14 @@ Usage: %%prog [options] [conf_file]
url, token = get_auth(conf['auth_url'], conf['auth_user'],
conf['auth_key'],
auth_version=conf.get('auth_version', '1.0'),
- os_options=os_options)
+ os_options=os_options,
+ insecure=insecure)
account = url.rsplit('/', 1)[1]
connpool = Pool(max_size=concurrency)
connpool.create = lambda: Connection(
conf['auth_url'], conf['auth_user'], conf['auth_key'], retries=retries,
- preauthurl=url, preauthtoken=token, os_options=os_options)
+ preauthurl=url, preauthtoken=token, os_options=os_options,
+ insecure=insecure)
container_ring = Ring(swift_dir, ring_name='container')
object_ring = Ring(swift_dir, ring_name='object')
diff --git a/doc/manpages/dispersion.conf.5 b/doc/manpages/dispersion.conf.5
index ec6029a..b1188a6 100644
--- a/doc/manpages/dispersion.conf.5
+++ b/doc/manpages/dispersion.conf.5
@@ -67,6 +67,7 @@ Whether to run the object report. The default is yes.
.IP "auth_user = dpstats:dpstats"
.IP "auth_key = dpstats"
.IP "swift_dir = /etc/swift"
+.IP "# keystone_api_insecure = no"
.IP "# dispersion_coverage = 1"
.IP "# retries = 5"
.IP "# concurrency = 25"
diff --git a/doc/manpages/swift-dispersion-populate.1 b/doc/manpages/swift-dispersion-populate.1
index 63fd36e..7fa132d 100644
--- a/doc/manpages/swift-dispersion-populate.1
+++ b/doc/manpages/swift-dispersion-populate.1
@@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
-.B swift-dispersion-populate
+.B swift-dispersion-populate [--insecure] [conf_file]
.SH DESCRIPTION
.PP
@@ -56,6 +56,13 @@ same configuration file, /etc/swift/dispersion.conf . The account used by these
tool should be a dedicated account for the dispersion stats and also have admin
privileges.
+.SH OPTIONS
+.RS 0
+.PD 1
+.IP "\fB--insecure\fR"
+Allow accessing insecure keystone server. The keystone's certificate will not
+be verified.
+
.SH CONFIGURATION
.PD 0
Example \fI/etc/swift/dispersion.conf\fR:
diff --git a/doc/manpages/swift-dispersion-report.1 b/doc/manpages/swift-dispersion-report.1
index 6f19b34..a1273bf 100644
--- a/doc/manpages/swift-dispersion-report.1
+++ b/doc/manpages/swift-dispersion-report.1
@@ -24,7 +24,7 @@
.SH SYNOPSIS
.LP
-.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [conf_file]
+.B swift-dispersion-report [-d|--debug] [-j|--dump-json] [-p|--partitions] [--container-only|--object-only] [--insecure] [conf_file]
.SH DESCRIPTION
.PP
@@ -84,6 +84,13 @@ Only run the container report
.IP "\fB--object-only\fR"
Only run the object report
+.SH OPTIONS
+.RS 0
+.PD 1
+.IP "\fB--insecure\fR"
+Allow accessing insecure keystone server. The keystone's certificate will not
+be verified.
+
.SH CONFIGURATION
.PD 0
Example \fI/etc/swift/dispersion.conf\fR:
diff --git a/etc/dispersion.conf-sample b/etc/dispersion.conf-sample
index fb62b86..fb36519 100644
--- a/etc/dispersion.conf-sample
+++ b/etc/dispersion.conf-sample
@@ -7,6 +7,7 @@ auth_key = testing
# auth_key = testing
# auth_version = 2.0
# endpoint_type = publicURL
+# keystone_api_insecure = no
#
# swift_dir = /etc/swift
# dispersion_coverage = 1
