OpenStack Object Storage (swift)

Merge lp:~gholt/swift/cyberduckhowto into lp:~hudson-openstack/swift/trunk

  1. cyberduckhowto
  2. Merge into trunk
Proposed by gholt
Status: Merged
Approved by: Chuck Thier
Approved revision: 52
Merged at revision: 52
Proposed branch: lp:~gholt/swift/cyberduckhowto
Merge into: lp:~hudson-openstack/swift/trunk
Diff against target: 302 lines (+177/-12)
7 files modified
bin/swift-auth-create-account (+3/-1)
bin/swift-auth-recreate-accounts (+2/-1)
doc/source/howto_cyberduck.rst (+141/-0)
doc/source/index.rst (+7/-0)
etc/proxy-server.conf-sample (+1/-0)
swift/common/auth.py (+3/-1)
swift/common/bufferedhttp.py (+20/-9)
To merge this branch: bzr merge lp:~gholt/swift/cyberduckhowto
Reviewer Review Type Date Requested Status
Chuck Thier (community) Approve
Review via email: mp+32669@code.launchpad.net

Commit message

Cyberduck Support and How To

Description of the change

Cyberduck Support and How To

To post a comment you must log in.
lp:~gholt/swift/cyberduckhowto updated
52. By gholt

Fixed typo

Revision history for this message
Chuck Thier (cthier) wrote :

Looks good to me, and thanks ctennis for the contrib!

Ran unittests and functests on my vm and they are fine. I also verified that ctennis has signed the CLA.

review: Approve
Revision history for this message
Omar Ben Sassi (scarefaag) wrote :

how to run make ?????

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'bin/swift-auth-create-account'
2--- bin/swift-auth-create-account 2010-07-19 16:25:18 +0000
3+++ bin/swift-auth-create-account 2010-08-14 16:56:40 +0000
4@@ -36,8 +36,10 @@
5 conf = dict(c.items('auth-server'))
6 host = conf.get('bind_ip', '127.0.0.1')
7 port = int(conf.get('bind_port', 11000))
8+ ssl = conf.get('cert_file') is not None
9 path = '/account/%s/%s' % (new_account, new_user)
10- conn = http_connect(host, port, 'PUT', path, {'x-auth-key':new_password})
11+ conn = http_connect(host, port, 'PUT', path, {'x-auth-key':new_password},
12+ ssl=ssl)
13 resp = conn.getresponse()
14 if resp.status == 204:
15 print resp.getheader('x-storage-url')
16
17=== modified file 'bin/swift-auth-recreate-accounts'
18--- bin/swift-auth-recreate-accounts 2010-07-19 16:25:18 +0000
19+++ bin/swift-auth-recreate-accounts 2010-08-14 16:56:40 +0000
20@@ -31,8 +31,9 @@
21 conf = dict(c.items('auth-server'))
22 host = conf.get('bind_ip', '127.0.0.1')
23 port = int(conf.get('bind_port', 11000))
24+ ssl = conf.get('cert_file') is not None
25 path = '/recreate_accounts'
26- conn = http_connect(host, port, 'POST', path)
27+ conn = http_connect(host, port, 'POST', path, ssl=ssl)
28 resp = conn.getresponse()
29 if resp.status == 200:
30 print resp.read()
31
32=== added file 'doc/source/howto_cyberduck.rst'
33--- doc/source/howto_cyberduck.rst 1970-01-01 00:00:00 +0000
34+++ doc/source/howto_cyberduck.rst 2010-08-14 16:56:40 +0000
35@@ -0,0 +1,141 @@
36+===============================
37+Talking to Swift with Cyberduck
38+===============================
39+
40+.. note::
41+ Put together by Caleb Tennis, thanks Caleb!
42+
43+
44+#. Install Swift, or have credentials for an existing Swift installation. If
45+ you plan to install Swift on your own server, follow the general guidelines
46+ in the section following this one.
47+
48+#. Verify you can connect using the standard Swift Tool `st` from your
49+ "public" URL (yes I know this resolves privately inside EC2)::
50+
51+ ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ st -A https://ec2-184-72-156-130.compute-1.amazonaws.com:11000/v1.0 -U a3:b3 -K c3 stat
52+ Account: 06228ccf-6d0a-4395-889e-e971e8de8781
53+ Containers: 0
54+ Objects: 0
55+ Bytes: 0
56+
57+ .. note::
58+
59+ The Swift Tool `st` can be copied from Swift sources to most any
60+ machine with Python installed. You can grab it from
61+ http://bazaar.launchpad.net/%7Ehudson-openstack/swift/trunk/annotate/head%3A/bin/st
62+ if you don't have the Swift code handy.
63+
64+#. Download and extract the Cyberduck sources (3.5.1 as of this writing). They
65+ should be available at http://trac.cyberduck.ch/
66+
67+#. Edit the Cyberduck source. Look for lib/cloudfiles.properties, and edit
68+ this file. Change auth_url to your public auth URL (note the https)::
69+
70+ auth_url=https://ec2-184-72-156-130.compute-1.amazonaws.com:11000/v1.0
71+
72+#. Edit source/ch/cyberduck/core/Protocol.java. Look for the line saying
73+ "storage.clouddrive.com". Just above that, change::
74+
75+ public boolean isHostnameConfigurable() {
76+ return true;
77+ }
78+
79+#. In the root directory, run "make" to rebuild Cyberduck. When done, type:
80+ `open build/Release/Cyberduck.app/` to start the program.
81+
82+#. Go to "Open Connection", select Rackspace Cloud Files, and connect.
83+
84+ .. image:: howto_cyberduck_config.png
85+
86+#. If you get SSL errors, make sure your auth and proxy server are both setup
87+ for SSL. If you get certificate errors (specifically, 'unable to find valid
88+ certification path to requested target'), you are using a self signed
89+ certificate, you need to perform a few more steps:
90+
91+ .. note::
92+
93+ For some folks, just telling the OS to trust the cert works fine, for
94+ others use the following steps.
95+
96+#. As outlined here: http://blogs.sun.com/andreas/entry/no_more_unable_to_find,
97+ download http://blogs.sun.com/andreas/resource/InstallCert.java, run "javac
98+ InstallCert.java" to compile it, then run "java InstallCert
99+ https://your-auth-server-url:8080". This script will pull down that
100+ certificate and put it into a Java cert store, in your local directory. The
101+ file is jssecacerts.
102+
103+#. You need to move that file to $JAVA_HOME/jre/lib/security, so your java run
104+ time picks it up.
105+
106+#. Restart Cyberduck, and it should now allow you to use that certificate
107+ without an error.
108+
109+
110+---------------------------------------
111+Installing Swift For Use With Cyberduck
112+---------------------------------------
113+
114+#. Both the proxy and auth servers will ultimately need to be running with
115+ SSL. You will need a key and certificate to do this, self signed is ok (but
116+ a little more work getting Cyberduck to accept it). Put these in
117+ /etc/swift/cert.crt and /etc/swift/cert.key.
118+
119+ .. note::
120+
121+ Creating a self-signed cert can usually be done with::
122+
123+ cd /etc/swift
124+ openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
125+
126+#. Example proxy-server config::
127+
128+ [proxy-server]
129+ bind_port = 8080
130+ user = swift
131+ cert_file = /etc/swift/cert.crt
132+ key_file = /etc/swift/cert.key
133+
134+ [auth-server]
135+ ssl = true
136+
137+#. Example auth-server config::
138+
139+ [auth-server]
140+ default_cluster_url = https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1
141+ user = swift
142+ cert_file = /etc/swift/cert.crt
143+ key_file = /etc/swift/cert.key
144+
145+#. Use swift-auth-create-account to create a new account::
146+
147+ ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ swift-auth-create-account a3 b3 c3
148+ https://ec2-184-72-156-130.compute-1.amazonaws.com:8080/v1/06228ccf-6d0a-4395-889e-e971e8de8781
149+
150+ .. note::
151+ It's important that the URL that is given back to you be accessible
152+ publicly. This URL is tied to this account, and will be served
153+ back to Cyberduck after authorization. If this URL gives back
154+ something like: http://127.0.0.1/v1/... this won't work, because
155+ Cyberduck will attempt to connect to 127.0.0.1.
156+
157+ This URL is specified in the auth-server config's
158+ default_cluster_url. However, once you have created an
159+ account/user, this URL is fixed and won't change even if you change
160+ that configuration item. You will have to use sqlite to manually
161+ edit the auth.db in order to change it (limitation of using the
162+ development auth server, but perhaps someone will patch in this
163+ ability someday).
164+
165+#. Verify you can connect using the standard Swift Tool `st`::
166+
167+ ubuntu@domU-12-31-39-03-CD-06:/home/swift/swift/bin$ st -A https://127.0.0.1:11000/v1.0 -U a3:b3 -K c3 stat
168+ Account: 06228ccf-6d0a-4395-889e-e971e8de8781
169+ Containers: 0
170+ Objects: 0
171+ Bytes: 0
172+
173+.. note::
174+
175+ Please let me know if you find any changes that need to be made: ctennis on
176+ IRC
177
178=== added file 'doc/source/howto_cyberduck_config.png'
179Binary files doc/source/howto_cyberduck_config.png 1970-01-01 00:00:00 +0000 and doc/source/howto_cyberduck_config.png 2010-08-14 16:56:40 +0000 differ
180=== modified file 'doc/source/index.rst'
181--- doc/source/index.rst 2010-07-30 19:57:20 +0000
182+++ doc/source/index.rst 2010-08-14 16:56:40 +0000
183@@ -41,6 +41,13 @@
184 deployment_guide
185 admin_guide
186
187+End User Guides:
188+
189+.. toctree::
190+ :maxdepth: 1
191+
192+ howto_cyberduck
193+
194 Source:
195
196 .. toctree::
197
198=== modified file 'etc/proxy-server.conf-sample'
199--- etc/proxy-server.conf-sample 2010-07-30 19:57:20 +0000
200+++ etc/proxy-server.conf-sample 2010-08-14 16:56:40 +0000
201@@ -35,4 +35,5 @@
202 # class = swift.common.auth.DevAuthMiddleware
203 # ip = 127.0.0.1
204 # port = 11000
205+# ssl = false
206 # node_timeout = 10
207
208=== modified file 'swift/common/auth.py'
209--- swift/common/auth.py 2010-07-30 12:20:07 +0000
210+++ swift/common/auth.py 2010-08-14 16:56:40 +0000
211@@ -35,6 +35,8 @@
212 self.conf = conf
213 self.auth_host = conf.get('ip', '127.0.0.1')
214 self.auth_port = int(conf.get('port', 11000))
215+ self.ssl = \
216+ conf.get('ssl', 'false').lower() in ('true', 'on', '1', 'yes')
217 self.timeout = int(conf.get('node_timeout', 10))
218
219 def __call__(self, env, start_response):
220@@ -78,7 +80,7 @@
221 try:
222 with Timeout(self.timeout):
223 conn = http_connect(self.auth_host, self.auth_port, 'GET',
224- '/token/%s/%s' % (account, token))
225+ '/token/%s/%s' % (account, token), ssl=self.ssl)
226 resp = conn.getresponse()
227 resp.read()
228 conn.close()
229
230=== modified file 'swift/common/bufferedhttp.py'
231--- swift/common/bufferedhttp.py 2010-07-25 16:15:40 +0000
232+++ swift/common/bufferedhttp.py 2010-08-14 16:56:40 +0000
233@@ -30,8 +30,8 @@
234 import logging
235 import time
236
237-from eventlet.green.httplib import HTTPConnection, HTTPResponse, _UNKNOWN, \
238- CONTINUE, HTTPMessage
239+from eventlet.green.httplib import CONTINUE, HTTPConnection, HTTPMessage, \
240+ HTTPResponse, HTTPSConnection, _UNKNOWN
241
242
243 class BufferedHTTPResponse(HTTPResponse):
244@@ -106,10 +106,11 @@
245
246
247 def http_connect(ipaddr, port, device, partition, method, path,
248- headers=None, query_string=None):
249+ headers=None, query_string=None, ssl=False):
250 """
251- Helper function to create a HTTPConnection object that is buffered
252- for backend Swift services.
253+ Helper function to create an HTTPConnection object. If ssl is set True,
254+ HTTPSConnection will be used. However, if ssl=False, BufferedHTTPConnection
255+ will be used, which is buffered for backend Swift services.
256
257 :param ipaddr: IPv4 address to connect to
258 :param port: port to connect to
259@@ -119,9 +120,13 @@
260 :param path: request path
261 :param headers: dictionary of headers
262 :param query_string: request query string
263+ :param ssl: set True if SSL should be used (default: False)
264 :returns: HTTPConnection object
265 """
266- conn = BufferedHTTPConnection('%s:%s' % (ipaddr, port))
267+ if ssl:
268+ conn = HTTPSConnection('%s:%s' % (ipaddr, port))
269+ else:
270+ conn = BufferedHTTPConnection('%s:%s' % (ipaddr, port))
271 path = quote('/' + device + '/' + str(partition) + path)
272 if query_string:
273 path += '?' + query_string
274@@ -135,9 +140,11 @@
275
276
277 def http_connect_raw(ipaddr, port, method, path, headers=None,
278- query_string=None):
279+ query_string=None, ssl=False):
280 """
281- Helper function to create a HTTPConnection object that is buffered.
282+ Helper function to create an HTTPConnection object. If ssl is set True,
283+ HTTPSConnection will be used. However, if ssl=False, BufferedHTTPConnection
284+ will be used, which is buffered for backend Swift services.
285
286 :param ipaddr: IPv4 address to connect to
287 :param port: port to connect to
288@@ -145,9 +152,13 @@
289 :param path: request path
290 :param headers: dictionary of headers
291 :param query_string: request query string
292+ :param ssl: set True if SSL should be used (default: False)
293 :returns: HTTPConnection object
294 """
295- conn = BufferedHTTPConnection('%s:%s' % (ipaddr, port))
296+ if ssl:
297+ conn = HTTPSConnection('%s:%s' % (ipaddr, port))
298+ else:
299+ conn = BufferedHTTPConnection('%s:%s' % (ipaddr, port))
300 if query_string:
301 path += '?' + query_string
302 conn.path = path