Merge "Ability to define service_token_roles"
diff --git a/README.rst b/README.rst
index 9abb02c..261f234 100644
--- a/README.rst
+++ b/README.rst
@@ -640,6 +640,60 @@
ceph_chunk_size: 134217728
restore_discard_excess_bytes: false
+* Enable swift driver for cinder-backup service
+
+ .. code-block:: yaml
+
+ cinder:
+ controller:
+ backup:
+ engine: swift
+ swift:
+ driver: cinder.backup.drivers.swift
+ auth: per_user
+ auth_version: 3
+ block_size: 32768
+ object_size: 52428800
+ container: volumebackup
+ compression_algorithm: gzip
+ retry_attempts: 3
+ retry_backoff: 2
+ catalog_info: object-store:swift:internalURL
+ keystone_catalog_info: identity:Identity Service:publicURL
+ user: test
+ user_domain: localhost
+ key: AAAAAAAAAAA
+ tenant: admin
+ project_domain: localhost
+ project: service
+ enable_progress_timer: True
+ ca_cert_file: /etc/ssl/pki/ca.pem
+
+ cinder:
+ volume:
+ backup:
+ engine: swift
+ swift:
+ driver: cinder.backup.drivers.swift
+ auth: per_user
+ auth_version: 3
+ block_size: 32768
+ object_size: 52428800
+ container: volumebackup
+ compression_algorithm: gzip
+ retry_attempts: 3
+ retry_backoff: 2
+ catalog_info: object-store:swift:internalURL
+ keystone_catalog_info: identity:Identity Service:publicURL
+ user: test
+ user_domain: localhost
+ key: AAAAAAAAAAA
+ tenant: admin
+ project_domain: localhost
+ project: service
+ enable_progress_timer: True
+ ca_cert_file: /etc/ssl/pki/ca.pem
+
* Auditing filter (CADF) enablement:
.. code-block:: yaml
diff --git a/cinder/files/backup_backend/_swift.conf b/cinder/files/backup_backend/_swift.conf
new file mode 100644
index 0000000..ac20a4b
--- /dev/null
+++ b/cinder/files/backup_backend/_swift.conf
@@ -0,0 +1,110 @@
+{%- if _data.backup.swift is defined %}
+# Driver to use for backups. (string value)
+backup_driver = {{ _data.backup.swift.get('driver', 'cinder.backup.drivers.swift') }}
+
+# Swift authentication mechanism (per_user or single_user). (string value)
+# Possible values:
+# per_user - <No description provided>
+# single_user - <No description provided>
+backup_swift_auth = {{ _data.backup.swift.get('auth', 'per_user') }}
+
+# Swift authentication version. Specify "1" for auth 1.0, or "2" for auth 2.0
+# or "3" for auth 3.0 (string value)
+backup_swift_auth_version = {{ _data.backup.swift.get('auth_version', '3') }}
+
+# The size in bytes that changes are tracked for incremental backups.
+# backup_swift_object_size has to be multiple of backup_swift_block_size.
+# (integer value)
+backup_swift_block_size = {{ _data.backup.swift.get('block_size', '32768') }}
+
+# The size in bytes of Swift backup objects (integer value)
+backup_swift_object_size = {{ _data.backup.swift.get('object_size', '52428800') }}
+
+# The default Swift container to use (string value)
+backup_swift_container = {{ _data.backup.swift.get('container', 'volumebackup') }}
+
+# Compression algorithm (None to disable) (string value)
+# Possible values:
+# none - <No description provided>
+# off - <No description provided>
+# no - <No description provided>
+# zlib - <No description provided>
+# gzip - <No description provided>
+# bz2 - <No description provided>
+# bzip2 - <No description provided>
+backup_compression_algorithm = {{ _data.backup.swift.get('compression_algorithm', 'gzip') }}
+
+# The number of retries to make for Swift operations (integer value)
+backup_swift_retry_attempts = {{ _data.backup.swift.get('retry_attempts', '3') }}
+
+# The backoff time in seconds between Swift retries (integer value)
+backup_swift_retry_backoff = {{ _data.backup.swift.get('retry_backoff', '2') }}
+
+ {%- if _data.backup.swift.url is defined %}
+# The URL of the Swift endpoint (uri value)
+backup_swift_url = {{ _data.backup.swift.url }}
+ {%- else %}
+# Info to match when looking for swift in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if backup_swift_url is unset (string value)
+swift_catalog_info = {{ _data.backup.swift.get('catalog_info', 'object-store:swift:internalURL') }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.auth_url is defined %}
+# The URL of the Keystone endpoint (uri value)
+backup_swift_auth_url = {{ _data.backup.swift.auth_url }}
+ {%- else %}
+# Info to match when looking for keystone in the service catalog. Format is:
+# separated values of the form: <service_type>:<service_name>:<endpoint_type> -
+# Only used if backup_swift_auth_url is unset (string value)
+keystone_catalog_info = {{ _data.backup.swift.get('keystone_catalog_info', 'identity:Identity Service:publicURL') }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.user is defined %}
+# Swift user name (string value)
+backup_swift_user = {{ _data.backup.swift.user }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.user_domain is defined %}
+# Swift user domain name. Required when connecting to an auth 3.0 system
+# (string value)
+backup_swift_user_domain = {{ _data.backup.swift.user_domain }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.key is defined %}
+# Swift key for authentication (string value)
+backup_swift_key = {{ _data.backup.swift.key }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.tenant is defined %}
+# Swift tenant/account name. Required when connecting to an auth 2.0 system
+# (string value)
+backup_swift_tenant = {{ _data.backup.swift.tenant }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.project_domain is defined %}
+# Swift project domain name. Required when connecting to an auth 3.0 system
+# (string value)
+backup_swift_project_domain = {{ _data.backup.swift.project_domain }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.project is defined %}
+# Swift project/account name. Required when connecting to an auth 3.0 system
+# (string value)
+backup_swift_project = {{ _data.backup.swift.project }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.enable_progress_timer is defined %}
+# Enable or Disable the timer to send the periodic progress notifications to
+# Ceilometer when backing up the volume to the Swift backend storage. The
+# default value is True to enable the timer. (boolean value)
+backup_swift_enable_progress_timer = {{ _data.backup.swift.enable_progress_timer }}
+ {%- endif %}
+
+ {%- if _data.backup.swift.ca_cert_file is defined %}
+# Location of the CA certificate file to use for swift client requests. (string
+# value)
+backup_swift_ca_cert_file = {{ _data.backup.swift.ca_cert_file }}
+ {%- endif %}
+
+{%- endif %}
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index bb8315e..a4a65f0 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -99,6 +99,28 @@
policy:
'volume:delete': 'rule:admin_or_owner'
'volume:extend':
+ backup:
+ engine: swift
+ swift:
+ driver: cinder.backup.drivers.swift
+ auth: per_user
+ auth_version: 3
+ block_size: 32768
+ object_size: 52428800
+ container: volumebackup
+ compression_algorithm: gzip
+ retry_attempts: 3
+ retry_backoff: 2
+ catalog_info: object-store:swift:internalURL
+ keystone_catalog_info: identity:Identity Service:publicURL
+ user: test
+ user_domain: localhost
+ key: AAAAAAAAAAA
+ tenant: admin
+ project_domain: localhost
+ project: service
+ enable_progress_timer: True
+ ca_cert_file: /etc/ssl/pki/ca.pem
apache:
server:
enabled: true