From: Marc Koderer Date: Thu, 20 Jun 2013 15:20:30 +0000 (+0200) Subject: Add support for swift user/key authentication X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=20b489ad79c12738e0ac11e1617dc17cd4f2cbc1;p=openstack-build%2Fcinder-build.git Add support for swift user/key authentication By default the swift backup service uses keystone authentication to communicate with the swift endpoint. This patch adds three optional parameters to allow username/key authentication Change-Id: I54ad7d91785ade5375f317aceb80b3374b59f5fe --- diff --git a/cinder/backup/services/swift.py b/cinder/backup/services/swift.py index 7e2aa287a..8f5d6e299 100644 --- a/cinder/backup/services/swift.py +++ b/cinder/backup/services/swift.py @@ -53,6 +53,15 @@ swiftbackup_service_opts = [ cfg.StrOpt('backup_swift_url', default='http://localhost:8080/v1/AUTH_', help='The URL of the Swift endpoint'), + cfg.StrOpt('backup_swift_auth', + default='per_user', + help='Swift authentication mechanism'), + cfg.StrOpt('backup_swift_user', + default=None, + help='Swift user name'), + cfg.StrOpt('backup_swift_key', + default=None, + help='Swift key for authentication'), cfg.StrOpt('backup_swift_container', default='volumebackups', help='The default Swift container to use'), @@ -106,11 +115,25 @@ class SwiftBackupService(base.Base): self.swift_backoff = CONF.backup_swift_retry_backoff self.compressor = \ self._get_compressor(CONF.backup_compression_algorithm) - self.conn = swift.Connection(None, None, None, - retries=self.swift_attempts, - preauthurl=self.swift_url, - preauthtoken=self.context.auth_token, - starting_backoff=self.swift_backoff) + LOG.debug('Connect to %s in "%s" mode' % (CONF.backup_swift_url, + CONF.backup_swift_auth)) + if CONF.backup_swift_auth == 'single_user': + if CONF.backup_swift_user is None: + LOG.error(_("single_user auth mode enabled, " + "but %(param)s not set") + % {'param': 'backup_swift_user'}) + raise exception.ParameterNotFound(param='backup_swift_user') + self.conn = swift.Connection(authurl=CONF.backup_swift_url, + user=CONF.backup_swift_user, + key=CONF.backup_swift_key, + retries=self.swift_attempts, + starting_backoff=self.swift_backoff) + else: + self.conn = swift.Connection(retries=self.swift_attempts, + preauthurl=self.swift_url, + preauthtoken=self.context.auth_token, + starting_backoff=self.swift_backoff) + super(SwiftBackupService, self).__init__(db_driver) def _check_container_exists(self, container): diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample index ba5bbeea7..67e84c889 100644 --- a/etc/cinder/cinder.conf.sample +++ b/etc/cinder/cinder.conf.sample @@ -333,6 +333,17 @@ # The URL of the Swift endpoint (string value) #backup_swift_url=http://localhost:8080/v1/AUTH_ +# The Swift authentication mechanism +# - Set to "per_user": uses keystone authentication for every user +# - Set to "single_user": uses one user+pw for all backups +#backup_swift_auth=per_user + +# The Swift user name (use only if backup_swift_auth is set to single_user) +#backup_swift_user=username + +# The Swift password (use only if backup_swift_auth is set to single_user) +#backup_swift_key=his9ZxhZuabG1rqv3vjRqOXf2/iSg4KFUZEp3net + # The default Swift container to use (string value) #backup_swift_container=volumebackups