Added S3 authentication changes

changed the proxy-server.conf to enable authentication and scripts to add user Signed-off-by: venkata edara <redara@redhat.com>
author: venkata edara <redara@redhat.com> 2017-07-31 16:17:49 +0530
committer: venkata edara <redara@redhat.com> 2017-07-31 16:28:01 +0530
commit: 438b216ffa44c8da6ba8cd5930862694a8e3a2e6 (patch)
tree: 99f32d10e60b28430c53fbe1c81ac219fa0f4657
parent: 4757dd977452d15baae91d46a7895cd3d5b7863e (diff)
download: gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.tar.gz
gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.tar.bz2
gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.tar.xz
gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.zip
8 files changed, 46 insertions, 6 deletions
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
index 9ec1e2f..fdfb0ec 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
+++ b/gluster-s3object/CentOS/docker-gluster-s3/Dockerfile
@@ -54,6 +54,7 @@ COPY swift-proxy.service /lib/systemd/system/
 COPY swift-account.service /lib/systemd/system/
 COPY swift-container.service /lib/systemd/system/
 COPY swift-object.service /lib/systemd/system/
+COPY swift-adduser.service /lib/systemd/system/
 
 # Replace openstack swift conf files with local gluster-swift ones
 COPY etc/swift/* /etc/swift/
@@ -62,6 +63,9 @@ COPY etc/swift/* /etc/swift/
 COPY update_gluster_vol.sh /usr/local/bin/update_gluster_vol.sh
 RUN chmod +x /usr/local/bin/update_gluster_vol.sh
 
+COPY gluster-swift-add-user /usr/local/bin/gluster-swift-add-user
+RUN chmod +x /usr/local/bin/gluster-swift-add-user
+
 # volumes to be exposed as object storage is present in swift-volumes file
 COPY etc/sysconfig/swift-volumes /etc/sysconfig/swift-volumes
 
@@ -76,7 +80,8 @@ systemctl enable memcached.service;\
 systemctl enable swift-proxy.service;\
 systemctl enable swift-account.service;\
 systemctl enable swift-container.service;\
-systemctl enable swift-object.service;
+systemctl enable swift-object.service;\
+systemctl enable swift-adduser.service;
 
 ENTRYPOINT ["/usr/local/bin/update_gluster_vol.sh"]
 CMD ["/usr/sbin/init"]
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/README.md b/gluster-s3object/CentOS/docker-gluster-s3/README.md
index baa6d28..a8bd935 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/README.md
+++ b/gluster-s3object/CentOS/docker-gluster-s3/README.md
@@ -30,7 +30,7 @@ Where tv1 is the volume name.
 **Example:**
 
 ```bash
-# docker run -d --privileged  -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" gluster-s3
+# docker run -d --privileged  -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -p 8080:8080 -v /mnt/gluster-object:/mnt/gluster-object -e GLUSTER_VOLUMES="tv1" -e GLUSTER_USER="admin" -e GLUSTER_PASSWORD="redhat" gluster-s3
 ```
 
 If you have selinux set to enforced on the host machine, refer to the
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
index 979b735..8e6ecc5 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
+++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/swift/proxy-server.conf
@@ -5,7 +5,7 @@ user = root
 workers = 1
 
 [pipeline:main]
-pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 staticweb slo dlo proxy-logging proxy-server
+pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk ratelimit swift3 gswauth staticweb slo dlo proxy-logging proxy-server
 
 [app:proxy-server]
 use = egg:gluster_swift#proxy
@@ -97,3 +97,10 @@ user_test5_tester5 = testing5 service
 
 [filter:swift3]
 use = egg:swift3#swift3
+
+[filter:gswauth]
+use = egg:gluster_swift#gswauth
+set log_name = gswauth
+super_admin_key = gswauthkey
+metadata_volume = gsmetadata
+s3_support = on
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
index 8b49f07..3aeb7ec 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
+++ b/gluster-s3object/CentOS/docker-gluster-s3/etc/sysconfig/swift-volumes
@@ -1,2 +1,4 @@
 # Set Gluster volumes to be used by gluster-object service
 GLUSTER_VOLUMES="tv1"
+GLUSTER_USER="admin"
+GLUSTER_PASSWORD="redhat"
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
new file mode 100755
index 0000000..59eb1b2
--- /dev/null
+++ b/gluster-s3object/CentOS/docker-gluster-s3/gluster-swift-add-user
@@ -0,0 +1,13 @@
+#!/bin/bash
+if [ "$#" -lt 3 ]; then
+	echo "Incorrect args. invoke gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES"
+	exit 1
+else
+	GLUSTER_USER=$1
+	GLUSTER_PASSWORD=$2
+	GLUSTER_VOLUMES=$(echo $3 | cut -d" " -f1)
+	sleep 5
+	gswauth-prep -A http://0.0.0.0:8080/auth -K gswauthkey
+        gswauth-add-account -K gswauthkey $GLUSTER_VOLUMES
+	gswauth-add-user -K gswauthkey -a $GLUSTER_VOLUMES $GLUSTER_USER $GLUSTER_PASSWORD
+fi
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
new file mode 100644
index 0000000..ee4c8d7
--- /dev/null
+++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-adduser.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Swift Add User
+After=swift-object.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=-/etc/sysconfig/swift-volumes
+ExecStart=/usr/local/bin/gluster-swift-add-user $GLUSTER_USER $GLUSTER_PASSWORD $GLUSTER_VOLUMES
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
index ab30a7c..efafca5 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
+++ b/gluster-s3object/CentOS/docker-gluster-s3/swift-gen-builders.service
@@ -5,7 +5,7 @@ Before=memcached.service
 [Service]
 Type=oneshot
 EnvironmentFile=-/etc/sysconfig/swift-volumes
-ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES
+ExecStart=/usr/bin/gluster-swift-gen-builders $GLUSTER_VOLUMES gsmetadata
 
 [Install]
 WantedBy=multi-user.target
diff --git a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
index dfb891d..9e9c60e 100644
--- a/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
+++ b/gluster-s3object/CentOS/docker-gluster-s3/update_gluster_vol.sh
@@ -1,12 +1,14 @@
 #!/bin/bash
 
 # To update gluster volume name in swift-volumes, used by swift-gen-builders.service
-if [ -z "$GLUSTER_VOLUMES" ]; then
-        echo "You need to set GLUSTER_VOLUMES env variable"
+if [[ -z "$GLUSTER_VOLUMES" || -z "$GLUSTER_USER" || -z "$GLUSTER_PASSWORD" ]]; then
+        echo "You need to set GLUSTER_VOLUMES, GLUSTER_USER, GLUSTER_PASSWORD env variable"
         exit 1
 else
         echo "GLUSTER_VOLUMES env variable is set. Update in swift-volumes"
         sed -i.bak '/^GLUSTER_VOLUMES=/s/=.*/='\""$GLUSTER_VOLUMES"\"'/' /etc/sysconfig/swift-volumes
+	sed -i.bak '/^GLUSTER_USER=/s/=.*/='\""$GLUSTER_USER"\"'/' /etc/sysconfig/swift-volumes
+	sed -i.bak '/^GLUSTER_PASSWORD=/s/=.*/='\""$GLUSTER_PASSWORD"\"'/' /etc/sysconfig/swift-volumes
 fi
 
 # Hand off to CMD
author	venkata edara <redara@redhat.com>	2017-07-31 16:17:49 +0530
committer	venkata edara <redara@redhat.com>	2017-07-31 16:28:01 +0530
commit	438b216ffa44c8da6ba8cd5930862694a8e3a2e6 (patch)
tree	99f32d10e60b28430c53fbe1c81ac219fa0f4657
parent	4757dd977452d15baae91d46a7895cd3d5b7863e (diff)
download	gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.tar.gz gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.tar.bz2 gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.tar.xz gluster-438b216ffa44c8da6ba8cd5930862694a8e3a2e6.zip