Posts Tagged ‘keystone’
Just documenting for later (and for a friend and colleague who needs it now) – my notes for setting up openstack swift using juju. I need to go back and check whether keystone is required – I initially had issue with the test auth so switched to keystone.
First, create the config file to use keystone, local block-devices on the swift storage units (ie. no need to mount storage), and using openstack havana:
cat >swift.cfg <<END swift-proxy: zone-assignment: auto replicas: 3 auth-type: keystone openstack-origin: cloud:precise-havana/updates swift-storage: zone: 1 block-device: /etc/swift/storagedev1.img|2G openstack-origin: cloud:precise-havana/updates keystone: admin-token: somebigtoken openstack-origin: cloud:precise-havana/updates END
Deploy it (this could probably be replaced with a charm bundle?):
juju deploy --config=swift.cfg swift-proxy
juju deploy --config=swift.cfg --num-units 3 swift-storage
juju add-relation swift-proxy swift-storage
juju deploy --config=swift.cfg keystone
juju add-relation swift-proxy keystone
Once everything is up and running, create a tenant and user with the user having admin rights for the tenant (using your keystone unit’s IP address for keystone-ip). Note, below I’m using the names of tenant, user and role – which works with keystone 0.3.2, but apparently earlier versions require you to use the uuids instead. Check with `keystone help user-role-add`).
$ keystone --endpoint http://keystone-ip:35357/v2.0/ --token somebigtoken tenant-create --name mytenant
$ keystone --endpoint http://keystone-ip:35357/v2.0/ --token somebigtoken user-create --name myuser --tenant mytenant --pass userpassword
$ keystone --endpoint http://keystone-ip:35357/v2.0/ --token somebigtoken user-role-add --tenant mytenant --user myuser --role Admin
And finally, use our new admin user to create a container for use in our dev environment (specify auth version 2):
$ export OS_REGION_NAME=RegionOne
$ export OS_TENANT_NAME=mytenant
$ export OS_USERNAME=myuser
$ export OS_PASSWORD=userpassword
$ export OS_AUTH_URL=http://keystone-ip:5000/v2.0/
$ swift -V 2 post mycontainer
If you want the container to be readable without auth:
$ swift -V 2 post mycontainer -r '.r:*'
If you want another keystone user to have write access:
$ swift -V 2 post mycontainer -w mytenant:otheruser
Verify that the container is ready for use:
$ swift -V 2 stat mycontainer
Please let me know if you spot any issues (these notes are from a month or two ago, so I haven’t just tried this).