swift dispersion does not support keystone auth v3

Bug #1468374 reported by Falk Reimann
This bug affects 6 people
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Fix Released
Falk Reimann

Bug Description

The swift dispersion tools swift-dispersion-populate and swift-dispersion-report do not fully support keystone auth version 3. If the project which should be used for the dispersion account is not in the default domain, there is no chance to specify the domain in the config file /etc/swift/dispersion, although the swiftclient, if installed, used by swift-dispersion is capable to handle this.

I have already prepared a patch, I will submit for review in the next hours.

CVE References

Changed in swift:
assignee: nobody → Falk Reimann (falk-reimann)
assignee: Falk Reimann (falk-reimann) → nobody
Revision history for this message
Falk Reimann (falk-reimann) wrote :

Patch for review provided:

Changed in swift:
status: New → In Progress
Changed in swift:
assignee: nobody → Falk Reimann (falk-reimann)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.openstack.org/195131
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=363a256e58ee0f3e9f059352c2de968e3dc398e3
Submitter: Jenkins
Branch: master

commit 363a256e58ee0f3e9f059352c2de968e3dc398e3
Author: Falk Reimann <email address hidden>
Date: Wed Jun 24 16:54:02 2015 +0200

    Support keystone v3 domains in swift-dispersion

    This provides the capability to specify a project_name,
    project_domain_name and user_domain_name in /etc/swift/dispersion.conf.
    If this values are set in dispersion.conf they get populated to the
    swift-client. With this it is possible to have a specific dispersion
    project specified, which is not the keystone default domain. Changes
    were applied to swift-dispersion-populate and swift-dispersion-report.
    Relevant man pages, the example dispersion.conf and the admin guide were
    updated accordingly.

    Closes-Bug: #1468374

    Change-Id: I0e716f8d281b4d0f510bc568bcee4a13fc480ff7

Changed in swift:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to swift (feature/crypto)

Fix proposed to branch: feature/crypto
Review: https://review.openstack.org/208513

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (feature/crypto)
Download full text (17.4 KiB)

Reviewed: https://review.openstack.org/208513
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=942c9bb45c6b8124bcaa407eb9b9ac7f0589c743
Submitter: Jenkins
Branch: feature/crypto

commit 207dd9b49d7d53a9faa4849af2c40bb875416fce
Author: Darrell Bishop <email address hidden>
Date: Thu Jul 30 14:32:08 2015 -0700

    Fix regression in WSGI server SIGHUP behavior

    The SIGHUP receipt used to pop us out of an os.wait() where now, it's in
    a "green" wait() and Timeout() combo, some part of which eats the signal
    receipt. This causes the while loop condition to never get checked and
    SIGHUP no longer works as a server reload command.

    The fix is to loop at least every 0.5 seconds, as a trade-off between
    not busy-waiting and checking the "keep running" condition often enough
    to feel responsive.

    Change-Id: I95283b8b7cfc2998ab5813e0ad3ca1fa231696c8
    Closes-Bug: #1479972

commit bcd00d9461603db1477c5f1e9f8dd6405a319eb9
Author: Alistair Coles <email address hidden>
Date: Mon Jun 8 19:40:56 2015 +0100

    Refactor diskfile

    This patch mostly eliminates the duplicate code that was
    deliberately left in place during EC review to avoid major
    churn of the diskfile module prior to the kilo release.

    This focuses on obvious de-duplication and shuffling code
    between classes. It deliberately does not attempt to
    hammer out every last piece of de-duplication where that
    would introduce more complex changes - that can come later.

    Code is moved from the module level and from ECDiskFile*
    classes into new BaseDiskFile* classes.

    Concrete classes for replication and EC policy retain their
    existing names i.e. DiskFile[Manager|Writer|Reader|] and
    ECDiskFile[Manager|Writer|Reader|] respectively.

    Knock-on changes:

    - fix bug whereby get_hashes was ignoring self.reclaim_age
      and always using the default arg value.

    - replication diskfile manager now deletes a tombstone that is older
      than reclaim_age even when there is a newer .meta file.

    - replication diskfile manager will no longer raise an
      AssertionError if only a .meta file is found during

    - fix stale test in test_auditor.py: test_with_tombstone test
      setup was convoluted (probably dates back to when object puts
      did not clean up the object dir). Now that they do you have to
      try harder to create a dir with a tombstone and a data file.

    Change-Id: I963e0d0ae0d6569ad1de605034c529529cbb4f9a

commit 9cb7eb4a4b6cdab8a5f16b3dc800b39ab4068522
Author: Victor Stinner <email address hidden>
Date: Mon Jul 27 11:34:07 2015 +0200

    Update hacking to 0.10.0

    Replace the whitelist of flake8 checks (select) with a blacklist
    (ignore). It makes possible to disable a single check, which was not
    possible before. This new approach permits to enable new tests more
    easily and see which checks are currently disabled.

    Only new checks are disabled, this change doesn't run less checks than
    before. Currently, many checks are disabled, but following changes will

tags: added: in-feature-crypto
Thierry Carrez (ttx)
Changed in swift:
milestone: none → 2.4.0
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to swift (feature/hummingbird)

Fix proposed to branch: feature/hummingbird
Review: https://review.openstack.org/221410

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (feature/hummingbird)
Download full text (70.7 KiB)

Reviewed: https://review.openstack.org/221410
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=eb8f1f83f1cfc63d8452bc30096fd1c145781527
Submitter: Jenkins
Branch: feature/hummingbird

commit cb683d391cb66d0f52830de16760c80fd2afedf9
Author: OpenStack Proposal Bot <email address hidden>
Date: Sat Sep 5 06:17:51 2015 +0000

    Imported Translations from Transifex

    For more information about this automatic import see:

    Change-Id: I2d92b8e34a665fb0bb4c048cfb0c59de295dfce6

commit e4542455c8a07b7981c247df8b737816062c1655
Author: Emett Speer <email address hidden>
Date: Wed Sep 2 17:18:03 2015 -0700

    [Labs] Update links to Cloud Admin Guide

    Update links to the Cloud Admin Guide after the
    RST conversion of that book altered URLs.

    Change-Id: I899f8938498b744e62887968a65e58c00ef27f1b

commit 58fcc07523978306cd3889ada73af5d9e664cf59
Author: Christian Schwede <email address hidden>
Date: Wed Sep 2 10:52:34 2015 +0000

    Test if container_sweep is executed on unmounted devices

    This change ensures that container_sweep is not run if a device is not mounted
    and mount_check is set to True.

    Change-Id: I823083c8431d9e61fd426508033ec9188503957b

commit e02609c66a804845672413b06830b87395afef31
Author: Samuel Merritt <email address hidden>
Date: Tue Sep 1 15:19:50 2015 -0700

    Preserve traceback in swift-dispersion-report

    Commit c690bcb fixed a bug in the dispersion report, but changed this
    from a bare "raise" to "raise err", which loses the traceback. Not a
    big deal, but worth putting back IMO.

    Change-Id: Id5b72153a4b8df8e3faaf1fa3fb2040e28ba85cc

commit d06d4ad0fd2dfe69da8008e729651264522c6c06
Author: Minwoo Bae <email address hidden>
Date: Tue Sep 1 15:08:44 2015 -0500

    Included reference in swift.obj.diskfile to enumerate the string
    used for data file paths.

    Change-Id: Ie22caa678bc00dfc43fabec7efbbb9f34490f1b5

commit 615c7a204b9386e05c5bab658bfe96766ad1e680
Author: Brian Cline <email address hidden>
Date: Tue Sep 1 10:51:20 2015 -0500

    Adds useful dispersion info from changelog

    Change-Id: I1a45088fc32620b02ff9a754b02ec1eb75a59d6e

commit 3b8755098a1786c5447abf158bd686293a82977c
Author: janonymous <email address hidden>
Date: Sun Aug 2 21:29:13 2015 +0530

    Replace a / b with a // b to use integer division where needed

    Change-Id: I72c81faa62786e140b0de00e3a04934bf1b5adbd

commit 524c89b7eeff037b8a6b421888771e15f98c2da2
Author: John Dickinson <email address hidden>
Date: Fri Aug 21 13:39:41 2015 -0700

    Updated CHANGELOG, AUTHORS, and .mailmap for 2.4.0 release.

    Change-Id: Ic6301146b839c9921bb85c4f4c1e585c9ab66661

commit 05de1305a903ee4ce9c8c50fde53c552d5b90d51
Author: Clay Gerrard <email address hidden>
Date: Thu Aug 27 18:35:09 2015 -0700

    Make ssync_sender send valid chunked requests

    The connect method of ssync_sender tells the remote connection that it's
    going to send a valid HTTP chunked request, but if the remote end needs
    to respond with an error of any kind sender th...

tags: added: in-feature-hummingbird
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers