Openstack swift quotas (grizzly)

The swift component is an object storage solution of openstack. In earlier versions, Swift has no restrictions on quotas and cannot restrict the space used by different users. Later, the open-source middleware swquota (https://github.com/cschwede/swquota) can limit Swift's quota, and now in the Grizzly version of openstack released in April 2013, SWIFT (1.8.0) Integrated swquota middleware, the following is a preliminary exploration of this function.

The quotas in the new version of SWIFT are mainly reflected in the functions of container quotas and account quotas, which restrict the size and number of files uploaded by the container and account, respectively, to use this feature, first configure it in the/etc/SWIFT/proxy-server.conf file and restart the swift service after modification:

#1. Modify [pipeline: Main]

[Pipeline: Main]

Pipeline = catch_errors healthcheck cache ratelimit authtoken keystoneauth account-quotas container-quotas proxy-logging proxy-Server

#2. Add [filter: container-quotas] and [filter: account-quotas]
[Filter: container-quotas]
Use = egg: swift # container_quotas
[Filter: account-quotas]
Use = egg: swift # account_quotas

After the configuration is restarted, you need to set the quota. In this process, you need to set the reseller user role.
1. Add a tenant named bingo.
Keystone -- OS-username admin -- OS _password adminpwd -- OS _tenant_name admin -- OS _auth_url http: // localhost: 5000/V2.0 tenant-create -- name bingo -- Description bingo_tenant -- enabled true
2. Add a user reseller under Bingo
Keystone -- OS-username admin -- OS _password adminpwd -- OS _tenant_name admin -- OS _auth_url http: // localhost: 5000/V2.0 user-create -- name reseller -- tenant-ID tenant_id -- pass bingo -- email bingo@example.com -- enabled true
3. Add the reseller to the reselleradmin role.
Keystone role-list
Keystone user-role-add -- User-id xxxxx -- Role-id xxxxx -- tenant-ID XXXXX

After adding the reseller user, you can set the relevant quota:

Container_quotas:

1.X-container-meta-quota-bytes-- Maximum number of bytes that can be uploaded by the target container

2.X-container-meta-quota-count-- Maximum number of objects that can be uploaded by the target container

Account_quotas:

1.X-account-meta-quota-bytes-- Maximum number of bytes for a single upload

2.Quota-byes --1 must be used together with 2 to achieve results

Setting method:

Swift-V 2-A http: // 192.168.65.203: 5000/V2.0-U test: RESELLER-K reseller post-M quota-Bytes: 5000

Note: The reseller user must be in the reselleradmin role. This limit is only valid for test tenant.

Unset

Swift-V 2-A http: // 192.168.65.203: 5000/V2.0-U test: RESELLER-K reseller post-M quota-Bytes:

Bug fix:

When keystone is used for authenticationQuota-byes[403 forbidden] error may occur during the setting.

Modify Swift/common/Middleware/Account _Quotas.PY
File

new_quota = request.headers.get('X-Account-Meta-Quota-Bytes')#Add by kevin starteccp_roles = request.environ.get('HTTP_X_ROLES', '')if isinstance(eccp_roles, basestring):    if (set(eccp_roles.split(',')) & set({'reseller','reseller_admin','ResellerAdmin'})):        request.environ['reseller_request'] = True#Add by kevin endif request.environ.get('reseller_request') is True:    if new_quota and not new_quota.isdigit():        return HTTPBadRequest()    return self.app

This allows the user to pass verification after joining the reselleradmin role.

In addition, it should be noted that the 401 unauthorized verification problem between SWIFT and keystone is constantly occurring during the experiment, after debugging, we found that the registered IP address of the SWIFT endpoint in Keystone uses the IP address allocated by the Virtual Machine (I installed the Virtual Machine experiment in the virtual machine environment, therefore, the IP address of the first-level virtual machine is the fixed ip10.0.0.x type automatically allocated by openstack, so that other machines may encounter problems if they use this IP address for permission verification, the solution is to change the endpoint address to a floating IP address) and use winpdb (http://winpdb.org/) for debugging is pretty good.

Good luck