feat: openstack swift support

Adds support for Openstack Swift as object
store backend for backups.

Author: paulczar

Makefile

@@ -36,4 +36,7 @@ test-unit:
 test-functional:
 	contrib/ci/test.sh ${IMAGE}
 
+test-functional-swift:
+	contrib/ci/test-swift.sh ${IMAGE}
+
 .PHONY: all docker-build docker-push test

contrib/ci/test-swift.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+
+set -eof pipefail
+
+# kill containers when this script exits or errors out
+trap exit-script INT TERM
+
+puts-step() {
+  echo "-----> $@"
+}
+
+puts-error() {
+  echo "!!!    $@"
+}
+
+exit-script() {
+  kill-containers
+  kill-swift
+}
+
+kill-containers() {
+  # docker containers
+  puts-step "destroying postgres container"
+  docker rm -f deis-postgres-swift
+}
+
+kill-swift() {
+  # swift containers
+  puts-step "cleaning swift"
+  swift delete deis-swift-test > /dev/null
+}
+
+# make sure we are in this dir
+CURRENT_DIR=$(cd $(dirname $0); pwd)
+
+puts-step "creating fake postgres credentials"
+
+# create fake postgres credentials
+mkdir -p $CURRENT_DIR/tmp/creds
+echo "testuser" > $CURRENT_DIR/tmp/creds/user
+echo "icanttellyou" > $CURRENT_DIR/tmp/creds/password
+
+puts-step "fetching openstack credentials"
+
+# check if openstack creds are not already in environment
+if [[ -z $OS_USERNAME ]]; then
+  echo "it appears that you have not loaded your openstack credentials into your environment"
+  exit 1
+fi
+
+# turn creds into something that we can use.
+mkdir -p $CURRENT_DIR/tmp/swift
+
+# guess which value to use for tenant:
+TENANT=${OS_TENANT_NAME:-$OS_PROJECT_NAME}
+TENANT=${TENANT:-$OS_USERNAME}
+
+echo ${OS_USERNAME} > $CURRENT_DIR/tmp/swift/username
+echo ${OS_PASSWORD} > $CURRENT_DIR/tmp/swift/password
+echo ${TENANT} > $CURRENT_DIR/tmp/swift/tenant
+echo ${OS_AUTH_URL} > $CURRENT_DIR/tmp/swift/authurl
+echo "deis-swift-test" > $CURRENT_DIR/tmp/swift/database-container
+
+# postgres container command
+PG_CMD="docker run -d -e BACKUP_FREQUENCY=3s \
+         -e DATABASE_STORAGE=swift \
+         -v $CURRENT_DIR/tmp/creds:/var/run/secrets/deis/database/creds \
+         -v $CURRENT_DIR/tmp/swift:/var/run/secrets/deis/objectstore/creds \
+         $1"
+
+# boot postgres
+PG_JOB=$(${PG_CMD})
+
+# wait for postgres to boot
+puts-step "sleeping for 90s while postgres is booting..."
+sleep 90s
+
+# display logs for debugging purposes
+puts-step "displaying postgres logs"
+docker logs $PG_JOB
+
+# check if postgres is running
+puts-step "checking if postgres is running"
+docker exec $PG_JOB is_running
+
+# check if swift has some backups ... 3 ?
+puts-step "checking if swift has at least 3 backups"
+
+BACKUPS="$(swift list deis-swift-test | grep basebackups_005 | grep json)"
+NUM_BACKUPS="$(swift list deis-swift-test | grep basebackups_005 | grep -c json)"
+if [[ ! "$NUM_BACKUPS" -gt "3" ]]; then
+  puts-error "did not find at least 3 base backups, which is the default (found $NUM_BACKUPS)"
+  puts-error "$BACKUPS"
+  exit-script
+  exit 1
+fi
+
+puts-step "found $NUM_BACKUPS"
+
+# kill off postgres, then reboot and see if it's running after recovering from backups
+puts-step "shutting off postgres, then rebooting to test data recovery"
+docker rm -f $PG_JOB
+PG_JOB=$(${PG_CMD})
+
+# wait for postgres to boot
+puts-step "sleeping for 90s while postgres is recovering from backup..."
+sleep 90s
+
+puts-step "displaying postgres logs"
+docker logs $PG_JOB
+
+# check if postgres is running
+puts-step "checking if postgres is running"
+docker exec $PG_JOB is_running
+
+puts-step "tests PASSED!"
+exit 0

rootfs/bin/create_bucket

@@ -1,11 +1,11 @@
 #!/usr/bin/env python
 
 import os
-import sys
 
 import boto3
 import botocore
 import json
+import swiftclient
 from botocore.utils import fix_s3_host
 from botocore.client import Config
 from oauth2client.service_account import ServiceAccountCredentials
@@ -30,7 +30,7 @@ if os.getenv('DATABASE_STORAGE') == "s3":
             raise
 
     if not exists:
-    	conn.create_bucket(Bucket=bucket_name)
+        conn.create_bucket(Bucket=bucket_name)
 
 elif os.getenv('DATABASE_STORAGE') == "gcs":
     scopes = ['https://www.googleapis.com/auth/devstorage.full_control']
@@ -46,28 +46,39 @@ elif os.getenv('DATABASE_STORAGE') == "gcs":
     except:
         raise
     if not exists:
-    	client.create_bucket(bucket_name)
+        client.create_bucket(bucket_name)
 
 elif os.getenv('DATABASE_STORAGE') == "azure":
-  block_blob_service = BlockBlobService(account_name=os.getenv('WABS_ACCOUNT_NAME'), account_key=os.getenv('WABS_ACCESS_KEY'))
-  #It doesn't throw an exception if the container exists by default(https://github.com/Azure/azure-storage-python/blob/master/azure/storage/blob/baseblobservice.py#L504).
-  block_blob_service.create_container(bucket_name)
+    block_blob_service = BlockBlobService(account_name=os.getenv('WABS_ACCOUNT_NAME'), account_key=os.getenv('WABS_ACCESS_KEY'))
+    #It doesn't throw an exception if the container exists by default(https://github.com/Azure/azure-storage-python/blob/master/azure/storage/blob/baseblobservice.py#L504).
+    block_blob_service.create_container(bucket_name)
 
-else :
-  conn = boto3.resource('s3', endpoint_url=os.getenv('S3_URL'), config=Config(signature_version='s3v4'))
-  # stop boto3 from automatically changing the endpoint
-  conn.meta.client.meta.events.unregister('before-sign.s3', fix_s3_host)
-  exists = True
-  try:
-      conn.meta.client.head_bucket(Bucket=bucket_name)
-  except botocore.exceptions.ClientError as e:
-      # If a client error is thrown, then check that it was a 404 error.
-      # If it was a 404 error, then the bucket does not exist.
-      error_code = int(e.response['Error']['Code'])
-      if error_code == 404:
-          exists = False
-      else:
-          raise
+elif os.getenv('DATABASE_STORAGE') == "swift":
+    conn = swiftclient.Connection(
+        user=os.getenv('SWIFT_USER'),
+        key=os.getenv('SWIFT_PASSWORD'),
+        authurl=os.getenv('SWIFT_AUTHURL'),
+        auth_version=os.getenv('SWIFT_AUTH_VERSION'),
+        tenant_name=os.getenv('SWIFT_TENANT')
+    )
+    # swift also does not throw exception if container already exists.
+    conn.put_container(os.getenv('BUCKET_NAME'))
 
-  if not exists:
-  	conn.create_bucket(Bucket=bucket_name)
+else:
+    conn = boto3.resource('s3', endpoint_url=os.getenv('S3_URL'), config=Config(signature_version='s3v4'))
+    # stop boto3 from automatically changing the endpoint
+    conn.meta.client.meta.events.unregister('before-sign.s3', fix_s3_host)
+    exists = True
+    try:
+        conn.meta.client.head_bucket(Bucket=bucket_name)
+    except botocore.exceptions.ClientError as e:
+        # If a client error is thrown, then check that it was a 404 error.
+        # If it was a 404 error, then the bucket does not exist.
+        error_code = int(e.response['Error']['Code'])
+        if error_code == 404:
+            exists = False
+        else:
+            raise
+
+    if not exists:
+        conn.create_bucket(Bucket=bucket_name)

rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh

@@ -40,4 +40,19 @@ elif [ "$DATABASE_STORAGE" == "azure" ]; then
   echo $WABS_ACCESS_KEY > WABS_ACCESS_KEY
   echo "wabs://$BUCKET_NAME" > WALE_WABS_PREFIX
   echo $BUCKET_NAME > BUCKET_NAME
+elif [ "$DATABASE_STORAGE" == "swift" ]; then
+  SWIFT_USER=$(cat /var/run/secrets/deis/objectstore/creds/username)
+  SWIFT_PASSWORD=$(cat /var/run/secrets/deis/objectstore/creds/password)
+  SWIFT_TENANT=$(cat /var/run/secrets/deis/objectstore/creds/tenant)
+  SWIFT_AUTHURL=$(cat /var/run/secrets/deis/objectstore/creds/authurl)
+  SWIFT_AUTH_VERSION=$(cat /var/run/secrets/deis/objectstore/creds/authversion)
+  BUCKET_NAME=$(cat /var/run/secrets/deis/objectstore/creds/database-container)
+  # set defaults for variables that we can guess at
+  echo $SWIFT_USER > SWIFT_USER
+  echo $SWIFT_PASSWORD > SWIFT_PASSWORD
+  echo $SWIFT_TENANT > SWIFT_TENANT
+  echo $SWIFT_AUTHURL > SWIFT_AUTHURL
+  echo $SWIFT_AUTH_VERSION > SWIFT_AUTH_VERSION
+  echo "swift://$BUCKET_NAME" > WALE_SWIFT_PREFIX
+  echo $BUCKET_NAME > BUCKET_NAME
 fi