Add support for swift user/key authentication

By default the swift backup service uses keystone authentication to
communicate with the swift endpoint. This patch adds three optional
parameters to allow username/key authentication

Change-Id: I54ad7d91785ade5375f317aceb80b3374b59f5fe

diff --git a/cinder/backup/services/swift.py b/cinder/backup/services/swift.py
index 7e2aa287abdfd187221b645da2a956e4ba623d89..8f5d6e2994818ca3a1c6fcc8dd92e7674e89c0bc 100644 (file)
--- a/cinder/backup/services/swift.py
+++ b/cinder/backup/services/swift.py
@@ -53,6 +53,15 @@ swiftbackup_service_opts = [
     cfg.StrOpt('backup_swift_url',
                default='http://localhost:8080/v1/AUTH_',
                help='The URL of the Swift endpoint'),
+    cfg.StrOpt('backup_swift_auth',
+               default='per_user',
+               help='Swift authentication mechanism'),
+    cfg.StrOpt('backup_swift_user',
+               default=None,
+               help='Swift user name'),
+    cfg.StrOpt('backup_swift_key',
+               default=None,
+               help='Swift key for authentication'),
     cfg.StrOpt('backup_swift_container',
                default='volumebackups',
                help='The default Swift container to use'),
@@ -106,11 +115,25 @@ class SwiftBackupService(base.Base):
         self.swift_backoff = CONF.backup_swift_retry_backoff
         self.compressor = \
             self._get_compressor(CONF.backup_compression_algorithm)
-        self.conn = swift.Connection(None, None, None,
-                                     retries=self.swift_attempts,
-                                     preauthurl=self.swift_url,
-                                     preauthtoken=self.context.auth_token,
-                                     starting_backoff=self.swift_backoff)
+        LOG.debug('Connect to %s in "%s" mode' % (CONF.backup_swift_url,
+                                                  CONF.backup_swift_auth))
+        if CONF.backup_swift_auth == 'single_user':
+            if CONF.backup_swift_user is None:
+                LOG.error(_("single_user auth mode enabled, "
+                            "but %(param)s not set")
+                          % {'param': 'backup_swift_user'})
+                raise exception.ParameterNotFound(param='backup_swift_user')
+            self.conn = swift.Connection(authurl=CONF.backup_swift_url,
+                                         user=CONF.backup_swift_user,
+                                         key=CONF.backup_swift_key,
+                                         retries=self.swift_attempts,
+                                         starting_backoff=self.swift_backoff)
+        else:
+            self.conn = swift.Connection(retries=self.swift_attempts,
+                                         preauthurl=self.swift_url,
+                                         preauthtoken=self.context.auth_token,
+                                         starting_backoff=self.swift_backoff)
+
         super(SwiftBackupService, self).__init__(db_driver)
 
     def _check_container_exists(self, container):

diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index ba5bbeea7fb55366a231712c996d4acda9b47163..67e84c889de021aefea5535611800f090d431fcf 100644 (file)
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -333,6 +333,17 @@
 # The URL of the Swift endpoint (string value)
 #backup_swift_url=http://localhost:8080/v1/AUTH_
 
+# The Swift authentication mechanism
+#  - Set to "per_user": uses keystone authentication for every user
+#  - Set to "single_user": uses one user+pw for all backups
+#backup_swift_auth=per_user
+
+# The Swift user name (use only if backup_swift_auth is set to single_user)
+#backup_swift_user=username
+
+# The Swift password (use only if backup_swift_auth is set to single_user)
+#backup_swift_key=his9ZxhZuabG1rqv3vjRqOXf2/iSg4KFUZEp3net
+
 # The default Swift container to use (string value)
 #backup_swift_container=volumebackups