From 438b216ffa44c8da6ba8cd5930862694a8e3a2e6 Mon Sep 17 00:00:00 2001
From: venkata edara <redara@redhat.com>
Date: Mon, 31 Jul 2017 16:17:49 +0530
Subject: Added S3 authentication changes
changed the proxy-server.conf to enable authentication and scripts to add user
Signed-off-by: venkata edara <redara@redhat.com>
---
gluster-s3object/CentOS/docker-gluster-s3/Dockerfile | 7 ++++++-
gluster-s3object/CentOS/docker-gluster-s3/README.md | 2 +-
.../CentOS/docker-gluster-s3/etc/swift/proxy-server.conf | 9 ++++++++-
.../CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes | 2 ++
.../CentOS/docker-gluster-s3/gluster-swift-add-user | 13 +++++++++++++
.../CentOS/docker-gluster-s3/swift-adduser.service | 11 +++++++++++
.../CentOS/docker-gluster-s3/swift-gen-builders.service | 2 +-
.../CentOS/docker-gluster-s3/update_gluster_vol.sh | 6 ++++--
8 files changed, 46 insertions(+), 6 deletions(-)
create mode 100755 gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
create mode 100644 gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
index 9ec1e2f..fdfb0ec 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
+++ b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
@@ -54,6 +54,7 @@ COPY swift-proxy.service /lib/systemd/system/
COPY swift-account.service /lib/systemd/system/
COPY swift-container.service /lib/systemd/system/
COPY swift-object.service /lib/systemd/system/
+COPY swift-adduser.service /lib/systemd/system/
# Replace openstack swift conf files with local gluster-swift ones
COPY etc/swift/* /etc/swift/
@@ -62,6 +63,9 @@ COPY etc/swift/* /etc/swift/
COPY update_gluster_vol.sh /usr/local/bin/update_gluster_vol.sh
RUN chmod +x /usr/local/bin/update_gluster_vol.sh
+COPY gluster-swift-add-user /usr/local/bin/gluster-swift-add-user
+RUN chmod +x /usr/local/bin/gluster-swift-add-user
+
# volumes to be exposed as object storage is present in swift-volumes file
COPY etc/sysconfig/swift-volumes /etc/sysconfig/swift-volumes
@@ -76,7 +80,8 @@ systemctl enable memcached.service;\
systemctl enable swift-proxy.service;\
systemctl enable swift-account.service;\
systemctl enable swift-container.service;\
-systemctl enable swift-object.service;
+systemctl enable swift-object.service;\
+systemctl enable swift-adduser.service;
ENTRYPOINT ["/usr/local/bin/update_gluster_vol.sh"]
CMD ["/usr/sbin/init"]
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/README.md b/gluster-s3object/CentOS/docker-gluster-s3/README.md
index baa6d28..a8bd935 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/README.md
+++ b/gluster-s3object/CentOS/docker-gluster-s3/README.md
@@ -30,7 +30,7 @@ Where tv1 is the volume name.
**Example:**
```bash
-# docker run -d --privileged -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" gluster-s3
+# docker run -d --privileged -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" -e GLUSTER_USER="admin" -e GLUSTER_PASSWORD="redhat" gluster-s3
```
If you have selinux set to enforced on the host machine, refer to the
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
index 979b735..8e6ecc5 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
+++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
@@ -5,7 +5,7 @@ user = root
workers = 1
[pipeline:main]
-pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 staticweb slo dlo proxy-logging proxy-server
+pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 gswauth staticweb slo dlo proxy-logging proxy-server
[app:proxy-server]
use = egg:gluster_swift#proxy
@@ -97,3 +97,10 @@ user_test5_tester5 = testing5 service
[filter:swift3]
use = egg:swift3#swift3
+
+[filter:gswauth]
+use = egg:gluster_swift#gswauth
+set log_name = gswauth
+super_admin_key = gswauthkey
+metadata_volume = gsmetadata
+s3_support = on
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
index 8b49f07..3aeb7ec 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
+++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
@@ -1,2 +1,4 @@
# Set Gluster volumes to be used by gluster-object service
GLUSTER_VOLUMES="tv1"
+GLUSTER_USER="admin"
+GLUSTER_PASSWORD="redhat"
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
new file mode 100755
index 0000000..59eb1b2
--- /dev/null
+++ b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
@@ -0,0 +1,13 @@
+#!/bin/bash
+if [ "$#" -lt 3 ]; then
+ echo "Incorrect args. invoke gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES"
+ exit 1
+else
+ GLUSTER_USER=$1
+ GLUSTER_PASSWORD=$2
+ GLUSTER_VOLUMES=$(echo $3 | cut -d" " -f1)
+ sleep 5
+ gswauth-prep -A http://0.0.0.0:8080/auth -K gswauthkey
+ gswauth-add-account -K gswauthkey $GLUSTER_VOLUMES
+ gswauth-add-user -K gswauthkey -a $GLUSTER_VOLUMES $GLUSTER_USER $GLUSTER_PASSWORD
+fi
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
new file mode 100644
index 0000000..ee4c8d7
--- /dev/null
+++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Swift Add User
+After=swift-object.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=-/etc/sysconfig/swift-volumes
+ExecStart=/usr/local/bin/gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
index ab30a7c..efafca5 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
+++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
@@ -5,7 +5,7 @@ Before=memcached.service
[Service]
Type=oneshot
EnvironmentFile=-/etc/sysconfig/swift-volumes
-ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES
+ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES gsmetadata
[Install]
WantedBy=multi-user.target
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
index dfb891d..9e9c60e 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
+++ b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
@@ -1,12 +1,14 @@
#!/bin/bash
# To update gluster volume name in swift-volumes, used by swift-gen-builders.service
-if [ -z "$GLUSTER_VOLUMES" ]; then
- echo "You need to set GLUSTER_VOLUMES env variable"
+if [[ -z "$GLUSTER_VOLUMES" || -z "$GLUSTER_USER" || -z "$GLUSTER_PASSWORD" ]]; then
+ echo "You need to set GLUSTER_VOLUMES, GLUSTER_USER, GLUSTER_PASSWORD env variable"
exit 1
else
echo "GLUSTER_VOLUMES env variable is set. Update in swift-volumes"
sed -i.bak '/^GLUSTER_VOLUMES=/s/=.*/='\""$GLUSTER_VOLUMES"\"'/' /etc/sysconfig/swift-volumes
+ sed -i.bak '/^GLUSTER_USER=/s/=.*/='\""$GLUSTER_USER"\"'/' /etc/sysconfig/swift-volumes
+ sed -i.bak '/^GLUSTER_PASSWORD=/s/=.*/='\""$GLUSTER_PASSWORD"\"'/' /etc/sysconfig/swift-volumes
fi
# Hand off to CMD
--
cgit v1.2.3
From f8cde44e7c5a1a42a24e9993f4ebc088082a1deb Mon Sep 17 00:00:00 2001
From: venkata edara <redara@redhat.com>
Date: Mon, 31 Jul 2017 16:17:49 +0530
Subject: Added S3 authentication changes
changed the proxy-server.conf to enable authentication and scripts to add user
Signed-off-by: venkata edara <redara@redhat.com>
---
gluster-s3object/CentOS/docker-gluster-s3/Dockerfile | 7 ++++++-
gluster-s3object/CentOS/docker-gluster-s3/README.md | 2 +-
.../CentOS/docker-gluster-s3/etc/swift/proxy-server.conf | 9 ++++++++-
.../CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes | 2 ++
.../CentOS/docker-gluster-s3/gluster-swift-add-user | 13 +++++++++++++
.../CentOS/docker-gluster-s3/swift-adduser.service | 11 +++++++++++
.../CentOS/docker-gluster-s3/swift-gen-builders.service | 2 +-
.../CentOS/docker-gluster-s3/update_gluster_vol.sh | 6 ++++--
8 files changed, 46 insertions(+), 6 deletions(-)
create mode 100755 gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
create mode 100644 gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
index 9ec1e2f..fdfb0ec 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
+++ b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
@@ -54,6 +54,7 @@ COPY swift-proxy.service /lib/systemd/system/
COPY swift-account.service /lib/systemd/system/
COPY swift-container.service /lib/systemd/system/
COPY swift-object.service /lib/systemd/system/
+COPY swift-adduser.service /lib/systemd/system/
# Replace openstack swift conf files with local gluster-swift ones
COPY etc/swift/* /etc/swift/
@@ -62,6 +63,9 @@ COPY etc/swift/* /etc/swift/
COPY update_gluster_vol.sh /usr/local/bin/update_gluster_vol.sh
RUN chmod +x /usr/local/bin/update_gluster_vol.sh
+COPY gluster-swift-add-user /usr/local/bin/gluster-swift-add-user
+RUN chmod +x /usr/local/bin/gluster-swift-add-user
+
# volumes to be exposed as object storage is present in swift-volumes file
COPY etc/sysconfig/swift-volumes /etc/sysconfig/swift-volumes
@@ -76,7 +80,8 @@ systemctl enable memcached.service;\
systemctl enable swift-proxy.service;\
systemctl enable swift-account.service;\
systemctl enable swift-container.service;\
-systemctl enable swift-object.service;
+systemctl enable swift-object.service;\
+systemctl enable swift-adduser.service;
ENTRYPOINT ["/usr/local/bin/update_gluster_vol.sh"]
CMD ["/usr/sbin/init"]
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/README.md b/gluster-s3object/CentOS/docker-gluster-s3/README.md
index baa6d28..a8bd935 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/README.md
+++ b/gluster-s3object/CentOS/docker-gluster-s3/README.md
@@ -30,7 +30,7 @@ Where tv1 is the volume name.
**Example:**
```bash
-# docker run -d --privileged -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" gluster-s3
+# docker run -d --privileged -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" -e GLUSTER_USER="admin" -e GLUSTER_PASSWORD="redhat" gluster-s3
```
If you have selinux set to enforced on the host machine, refer to the
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
index 979b735..8e6ecc5 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
+++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
@@ -5,7 +5,7 @@ user = root
workers = 1
[pipeline:main]
-pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 staticweb slo dlo proxy-logging proxy-server
+pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 gswauth staticweb slo dlo proxy-logging proxy-server
[app:proxy-server]
use = egg:gluster_swift#proxy
@@ -97,3 +97,10 @@ user_test5_tester5 = testing5 service
[filter:swift3]
use = egg:swift3#swift3
+
+[filter:gswauth]
+use = egg:gluster_swift#gswauth
+set log_name = gswauth
+super_admin_key = gswauthkey
+metadata_volume = gsmetadata
+s3_support = on
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
index 8b49f07..3aeb7ec 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
+++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
@@ -1,2 +1,4 @@
# Set Gluster volumes to be used by gluster-object service
GLUSTER_VOLUMES="tv1"
+GLUSTER_USER="admin"
+GLUSTER_PASSWORD="redhat"
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
new file mode 100755
index 0000000..59eb1b2
--- /dev/null
+++ b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
@@ -0,0 +1,13 @@
+#!/bin/bash
+if [ "$#" -lt 3 ]; then
+ echo "Incorrect args. invoke gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES"
+ exit 1
+else
+ GLUSTER_USER=$1
+ GLUSTER_PASSWORD=$2
+ GLUSTER_VOLUMES=$(echo $3 | cut -d" " -f1)
+ sleep 5
+ gswauth-prep -A http://0.0.0.0:8080/auth -K gswauthkey
+ gswauth-add-account -K gswauthkey $GLUSTER_VOLUMES
+ gswauth-add-user -K gswauthkey -a $GLUSTER_VOLUMES $GLUSTER_USER $GLUSTER_PASSWORD
+fi
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
new file mode 100644
index 0000000..ee4c8d7
--- /dev/null
+++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Swift Add User
+After=swift-object.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=-/etc/sysconfig/swift-volumes
+ExecStart=/usr/local/bin/gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
index ab30a7c..efafca5 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
+++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
@@ -5,7 +5,7 @@ Before=memcached.service
[Service]
Type=oneshot
EnvironmentFile=-/etc/sysconfig/swift-volumes
-ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES
+ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES gsmetadata
[Install]
WantedBy=multi-user.target
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
index dfb891d..9e9c60e 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
+++ b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
@@ -1,12 +1,14 @@
#!/bin/bash
# To update gluster volume name in swift-volumes, used by swift-gen-builders.service
-if [ -z "$GLUSTER_VOLUMES" ]; then
- echo "You need to set GLUSTER_VOLUMES env variable"
+if [[ -z "$GLUSTER_VOLUMES" || -z "$GLUSTER_USER" || -z "$GLUSTER_PASSWORD" ]]; then
+ echo "You need to set GLUSTER_VOLUMES, GLUSTER_USER, GLUSTER_PASSWORD env variable"
exit 1
else
echo "GLUSTER_VOLUMES env variable is set. Update in swift-volumes"
sed -i.bak '/^GLUSTER_VOLUMES=/s/=.*/='\""$GLUSTER_VOLUMES"\"'/' /etc/sysconfig/swift-volumes
+ sed -i.bak '/^GLUSTER_USER=/s/=.*/='\""$GLUSTER_USER"\"'/' /etc/sysconfig/swift-volumes
+ sed -i.bak '/^GLUSTER_PASSWORD=/s/=.*/='\""$GLUSTER_PASSWORD"\"'/' /etc/sysconfig/swift-volumes
fi
# Hand off to CMD
--
cgit v1.2.3
From b214fff44235d8f011fcd9de12a9d2735deb50ee Mon Sep 17 00:00:00 2001
From: venkata edara <redara@redhat.com>
Date: Mon, 31 Jul 2017 17:27:44 +0530
Subject: changed travis.yml to include user and password
Signed-off-by: venkata edara <redara@redhat.com>
---
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.travis.yml b/.travis.yml
index e855878..cc7ecb5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,7 +26,7 @@ before_install:
- sleep 10
- docker exec -it gfedora systemctl is-active glusterd
- docker build -t gluster/s3object ./gluster-s3object/CentOS/docker-gluster-s3/
-- docker run -d --name s3object --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -e GLUSTER_VOLUMES=vol gluster/s3object
+- docker run -d --name s3object --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -e GLUSTER_VOLUMES=vol -e GLUSTER_USER="admin" -e GLUSTER_PASSWORD="redhat" gluster/s3object
- sleep 10
- docker exec -it s3object systemctl is-active swift-object
--
cgit v1.2.3