chef/cookbooks/swift/templates/default/proxy-server.conf.erb
[DEFAULT]
bind_ip = <%= @bind_host %>
bind_port = <%= @bind_port %>
user = <%= @user %>
workers = <%= [node["cpu"]["total"], 2, 4].sort[1] %>
max_clients = 128
<%if @ssl_enabled -%>
cert_file = <%= @ssl_certfile %>
key_file = <%= @ssl_keyfile %>
<% end -%>
log_name = swift-p
log_level = <%= @debug? "DEBUG": "INFO" %>
<%
auth = ""
case @auth_method
when "swauth"
auth = "swauth"
when "keystone"
auth = "authtoken keystoneauth"
when "tempauth"
auth = "tempauth"
end
middlewares = node[:swift][:middlewares].keys.select{|mw| node[:swift][:middlewares][mw][:enabled]}
auth = "swift3 s3token " + auth if middlewares.delete("s3")
staticweb = middlewares.delete("staticweb")
tempurl = middlewares.delete("tempurl")
formpost = middlewares.delete("formpost")
domain_remap = middlewares.delete("domain_remap")
cname_lookup = middlewares.delete("cname_lookup")
ratelimit = middlewares.delete("ratelimit")
bulk = middlewares.delete("bulk")
ceilometer = middlewares.delete("ceilometer")
crossdomain = middlewares.delete("crossdomain")
%>
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync <%= bulk %> <%= tempurl %> <%= ratelimit %> <%= cname_lookup %> <%= domain_remap %> <%= formpost %> <%= crossdomain %> <%= auth %> <%= staticweb %> copy container-quotas account-quotas slo dlo versioned_writes proxy-logging <%= middlewares.join(' ') %> <%= ceilometer %> proxy-server
[app:proxy-server]
use = egg:swift#proxy
log_name = proxy-server
log_facility = LOG_LOCAL5
access_log_name = proxy-server
access_log_facility = LOG_LOCAL1
access_log_level = INFO
log_headers = true
log_requests = true
account_autocreate = <%= @auth_method == "keystone" ? "true" : "false" %>
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_type = password
auth_url = <%= @keystone_settings['internal_auth_url'] %>
www_authenticate_uri = <%= @keystone_settings['public_auth_url'] %>
project_domain_name = <%= @keystone_settings["admin_domain"]%>
user_domain_name = <%= @keystone_settings["admin_domain"] %>
project_name = <%= @keystone_settings['service_tenant'] %>
username = <%= @keystone_settings['service_user'] %>
password = <%= @keystone_settings['service_password'] %>
<% if @keystone_settings['insecure'] -%>
insecure = <%= @keystone_settings['insecure'] %>
<% end -%>
auth_version = <%= @keystone_settings['api_version_for_middleware'] %>
delay_auth_decision = <%= @keystone_delay_auth_decision %>
include_service_catalog = False
cache = swift.cache
service_token_roles_required = true
service_token_roles = admin
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = member, admin
reseller_prefix=<%= @reseller_prefix %>
log_facility = LOG_LOCAL0
log_level = <%= @debug? "DEBUG": "INFO" %>
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
use = egg:swift#memcache
log_name = cache
memcache_servers = <%= @memcached_ips.join(", ") %>
[filter:ratelimit]
use = egg:swift#ratelimit
clock_accuracy = <%= @clock_accuracy %>
max_sleep_time_seconds = <%= @max_sleep_time_seconds %>
log_sleep_time_seconds = <%= @log_sleep_time_seconds %>
rate_buffer_seconds = <%= @rate_buffer_seconds %>
account_ratelimit = <%= @account_ratelimit %>
account_whitelist = <%= @account_whitelist %>
account_blacklist = <%= @account_blacklist %>
<% @container_ratelimit_size.split(',').each do |limit| -%>
<%= "container_ratelimit_" + limit %>
<% end -%>
[filter:domain_remap]
use = egg:swift#domain_remap
storage_domain = <%= @storage_domain_remap %>
path_root = <%= @path_root %>
reseller_prefixes = <%= @reseller_prefix %>
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
storage_domain = <%= @storage_domain %>
lookup_depth = <%= @lookup_depth %>
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
max_containers_per_extraction = <%= @max_containers_per_extraction %>
max_failed_extractions = <%= @max_failed_extractions %>
max_deletes_per_request = <%= @max_deletes_per_request %>
max_failed_deletes = <%= @max_failed_deletes %>
yield_frequency = <%= @yield_frequency %>
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
allow_versioned_writes = true
use = egg:swift#versioned_writes
[filter:copy]
use = egg:swift#copy
[filter:swift3]
use = egg:swift3#swift3
[filter:s3token]
paste.filter_factory = keystonemiddleware.s3_token:filter_factory
service_port = <%= @keystone_settings['service_port'] %>
service_host = <%= @keystone_settings['internal_url_host'] %>
auth_port = <%= @keystone_settings['admin_port'] %>
auth_host = <%= @keystone_settings['internal_url_host'] %>
auth_protocol = <%= @keystone_settings['protocol'] %>
[filter:swauth]
use = egg:swauth#swauth
set default_swift_cluster = local#<%= @swift_protocol %>://<%= @admin_host %>:<%= @proxy_port %>/v1
super_admin_key = <%= @admin_key %>
[filter:ceilometer]
paste.filter_factory = ceilometermiddleware.swift:filter_factory
control_exchange = swift
url = <%= @rabbit_settings[:url] %>
driver = messaging
topic = notifications
set log_level = WARN
<% if !@cross_domain_policy.empty? %>
[filter:crossdomain]
use = egg:swift#crossdomain
cross_domain_policy = <%= @cross_domain_policy %>
<% end %>