%define COMPONENT swift
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 2.21.0
-%define RPM_MINOR_VERSION 3
+%define RPM_MINOR_VERSION 4
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}
# See the License for the specific language governing permissions and
# limitations under the License.
-- import_tasks: password_handler.yml
+- import_tasks: password_handler.yml
- name: create directories
file:
- include_tasks: password_gen.yml
with_items:
- - "admin"
- "registry"
-- name: get admin password
- command: '/usr/bin/curl
- https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/admin
- --cacert /etc/etcd/ssl/ca.pem
- --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem
- --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem'
- register: admin_pass
- become_user: "root"
-
- name: get registry password
command: '/usr/bin/curl
https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/registry
- name: set registry pass
set_fact:
swift_registry_pass: "{{ registry_pass.stdout }}"
-
-- name: decode admin pass
- shell: echo {{ (admin_pass.stdout|from_json).node.value }} | /usr/bin/openssl enc -d -aes-256-cbc -a -pass pass:{{ name }}
- register: admin_pass
-
-- name: set admin pass
- set_fact:
- swift_admin_pass: "{{ admin_pass.stdout }}"
-
-- name: create dirs
- file:
- mode: 0750
- name: /etc/swift/usr/{{ item }}
- state: directory
- owner: swift
- group: swift
- with_items:
- - "admin"
- become_user: "root"
-
-- name: allowing cloud_admin_user to access /etc/swift folder
- acl:
- name: "/etc/swift"
- entity: "{{ users.admin_user_name }}"
- etype: user
- permissions: rx
- state: present
- become_user: "root"
-
-- name: allowing cloud_admin_user to access /etc/swift/usr folder
- acl:
- name: "/etc/swift/usr"
- entity: "{{ users.admin_user_name }}"
- etype: user
- permissions: rx
- state: present
- become_user: "root"
-
-- name: allowing cloud_admin_user to access /etc/swift/usr/admin folder
- acl:
- name: "/etc/swift/usr/admin"
- entity: "{{ users.admin_user_name }}"
- etype: user
- permissions: rx
- state: present
- become_user: "root"
-
-- name: copy admin env_file
- template:
- src: main/admin_envfile
- mode: 0640
- dest: /etc/swift/usr/admin/env_file
- become_user: "root"
-
-- name: Copy admin.yml
- template:
- src: main/admin.yml
- mode: 0640
- dest: /etc/swift/usr/admin/admin.yml
- become_user: "root"
-
-- name: allowing users.admin_user_name to access /etc/swift/usr/admin/env_file
- acl:
- name: "/etc/swift/usr/admin/env_file"
- entity: "{{ users.admin_user_name }}"
- etype: user
- permissions: r
- state: present
- become_user: "root"
-
-- name: allowing cloud_admin_user to access /etc/swift/usr/admin/admin.yml
- acl:
- name: "/etc/swift/usr/admin/admin.yml"
- entity: "{{ users.admin_user_name }}"
- etype: user
- permissions: r
- state: present
- become_user: "root"
-
# See the License for the specific language governing permissions and
# limitations under the License.
-- name: Get Swift pass from file
- shell: 'grep "export SWIFT_PASS=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"'
- register: swift_password_for_template
-
-- name: Get Swift pass from file
- shell: 'grep "export SWIFT_USER=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"'
- register: swift_user_for_template
-
-- name: Get Swift pass from file
- shell: 'grep "export SWIFT_TENANT=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"'
- register: swift_tenant_for_template
-
- name: template config files
template:
src: "main/{{ item }}"
+++ /dev/null
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
----
-swift_user: admin
-swift_tenant: admin
-swift_password: {{ swift_admin_pass }}
+++ /dev/null
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
-export SWIFT_USER=admin
-export SWIFT_TENANT=admin
-export SWIFT_PASS={{ swift_admin_pass }}
[DEFAULT]
bind_ip = 127.0.0.1
bind_port = 18084
-workers = 4
+workers = 4
user = swift
[pipeline:main]
storage_url_scheme = https
use = egg:swift#tempauth
# user_<tenant>_<username> = <password> <privileges>
-user_admin_admin = {{ swift_admin_pass }} .admin .reseller_admin
+user_admin_admin = {{ caas.swift_credential.password }} .admin .reseller_admin
user_admin_registry = {{ swift_registry_pass }} .admin
+++ /dev/null
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
-export SWIFT_USER=registry
-export SWIFT_TENANT=admin
-export SWIFT_PASS={{ swift_registry_pass }}
-
memory: "1Gi"
env:
- name: "SWIFT_USER"
- value: "{{ swift_user_for_template.stdout }}"
+ value: "{{ caas.swift_credential.user }}"
- name: "SWIFT_TENANT"
- value: "{{ swift_tenant_for_template.stdout }}"
+ value: "{{ caas.swift_credential.tenant }}"
- name: "SWIFT_PASS"
- value: "{{ swift_password_for_template.stdout }}"
+ value: "{{ caas.swift_credential.password }}"
- name: "SWIFT_PART_POWER"
value: "7"
- name: "SWIFT_PART_HOUR"
+++ /dev/null
----
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
-swift_user: admin
-swift_tenant: admin
-swift_password: {{ swift_admin_pass }}
+++ /dev/null
-{#
-Copyright 2019 Nokia
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-#}
-export SWIFT_USER=admin
-export SWIFT_TENANT=admin
-export SWIFT_PASS={{ swift_admin_pass }}
storage_url_scheme = https
use = egg:swift#tempauth
# user_<tenant>_<username> = <password> <privileges>
-user_admin_admin = {{ swift_admin_pass }} .admin .reseller_admin
+user_admin_admin = {{ caas.swift_credential.password }} .admin .reseller_admin
user_admin_registry = {{ swift_registry_pass }} .admin