swift proxy #0

Supports: trusty


Swift is a distributed virtual object store. This formula deploys the proxy node to be related to storage nodes.


This charm provides the swift-proxy component of the OpenStack Swift object storage system. It can be deployed as part of its own stand-alone storage cluster or it can be integrated with the other OpenStack components, assuming those are also managed by Juju. For Swift to function, you'll also need to deploy additional swift-storage nodes using the cs:precise/swift-storage charm.

For more information about Swift and its architecture, visit the official project website

This charm was developed to support deploying multiple version of Swift on Ubuntu Precise 12.04, as they relate to the release series of OpenStack. That is, OpenStack Essex corresponds to Swift 1.4.8 while OpenStack Folsom shipped 1.7.4. This charm can be used to deploy either (and future) versions of Swift onto an Ubuntu Precise 12.04 or Trusty 14.04 making use of the Ubuntu Cloud Archive when needed.


Currently, Swift may be deployed in two ways. In either case, additional storage nodes are required. The configuration option that dictates how to deploy this charm is the 'zone-assignment' setting. This section describes how to select the appropriate zone assignment policy, as well as a few other configuration settings of interest. Many of the configuration settings can be left as default.

Zone Assignment

This setting determines how the charm assigns new storage nodes to storage zones.

The default, 'manual' option is suggested for production as it allows administrators to carefully architect the storage cluster. It requires each swift-storage service to be deployed with an explicit storage zone configured in its deployment settings. Upon relation to a swift-proxy, the storage node will request membership to its configured zone and be assigned by the swift-proxy charm accordingly. Using the cs:precise/swift-storage charm with this charm, a deployment would look something like:

$ cat >swift.cfg <<END
        zone-assignment: manual
        replicas: 3
        zone: 1
        block-device: /etc/swift/storage.img|2G
        zone: 2
        block-device: /etc/swift/storage.img|2G
        zone: 3
        block-device: /etc/swift/storage.img|2G
$ juju deploy --config=swift.cfg swift-proxy
$ juju deploy --config=swift.cfg swift-storage swift-storage-zone1
$ juju deploy --config=swift.cfg swift-storage swift-storage-zone2
$ juju deploy --config=swift.cfg swift-storage swift-storage-zone3
$ juju add-relation swift-proxy swift-storage-zone1
$ juju add-relation swift-proxy swift-storage-zone2
$ juju add-relation swift-proxy swift-storage-zone3

This will result in a configured storage cluster of 3 zones, each with one node. To expand capacity of the storage system, nodes can be added to specific zones in the ring.

$ juju add-unit swift-storage-zone1
$ juju add-unit -n5 swift-storage-zone3    # Adds 5 units to zone3

This charm will not balance the storage ring until there are enough storage zones to meet its minimum replica requirement, in this case 3.

The other option for zone assignment is 'auto'. In this mode, swift-proxy gets a relation to a single swift-storage service unit. Each machine unit assigned to that service unit will be distributed evenly across zones.

$ cat >swift.cfg <<END
    zone-assignment: auto
    replicas: 3
    zone: 1
    block-device: /etc/swift/storage.img|2G
$ juju deploy --config=swift.cfg swift-proxy
$ juju deploy --config=swift.cfg swift-storage
$ juju add-relation swift-proxy swift-storage
# The swift-storage/0 unit ends up the first node in zone 1
$ juju add-unit swift-storage
# swift-storage/1 ends up the first node in zone 2.
$ juju add-unit swift-storage
# swift-storage/2 is the first in zone 3, replica requirement is satisfied
# the ring is balanced.

Extending the ring in the case is just a matter of adding more units to the single service unit. New units will be distributed across the existing zones.

$ juju add-unit swift-storage
# swift-storage/3 is assigned to zone 1.
$ juju add-unit swift-storage
# swift-storage/4 is assigned to zone 2.

Installation repository.

The 'openstack-origin' setting allows Swift to be installed from installation repositories and can be used to setup access to the Ubuntu Cloud Archive to support installing Swift versions more recent than what is shipped with Ubuntu 12.04 (1.4.8). For more information, see config.yaml.


By default, the charm will be deployed using the tempauth auth system. This is a simple and not-recommended auth system that functions without any external dependencies. See Swift documentation for details.

The charm may also be configured to use Keystone, either manually (via config) or automatically via a relation to an existing Keystone service using the cs:precise/keystone charm. The latter is preferred, however, if a Keystone service is desired but it is not managed by Juju, the configuration for the auth token middleware can be set manually via the charm's config. A relation to a Keystone server via the identity-service interface will configure swift-proxy with the appropriate credentials to make use of Keystone and is required for any integration with other OpenStack components.


Swift may be used to as a storage backend for the Glance image service. To do so, simply add a relation between swift-proxy and an existing Glance service deployed using the cs:precise/glance charm.


(string) Auth method to use, tempauth or keystone
(int) TCP port to listen on
(boolean) Delay authentication to downstream WSGI services.
(boolean) This provides similar support to min-hours but without having to modify the builders. If True, any changes to the builders will not result in a ring re-balance and sync until this value is set back to False.
(string) Default network interface on which HA cluster will bind to communication with the other members of the HA Cluster.
(int) Default multicast port number that will be used to communicate between HA Cluster nodes.
(string) Keystone admin password
(string) Keystone admin tenant name
(string) Keystone admin username
(string) Keystone authentication host
(int) Keystone authentication port
(string) Keystone authentication protocol
(int) This is the Swift ring builder min_part_hours parameter. This setting represents the amount of time in hours that Swift will wait between subsequent ring re-balances in order to avoid large i/o loads as data is re-balanced when new devices are added to the cluster. Once your cluster has been built, you can set this to a higher value e.g. 1 (upstream default). Note that changing this value will result in an attempt to re-balance and if successful, rings will be redistributed.
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
(int) How long the proxy server will wait on responses from the account/container/object servers.
(string) Repository from which to install. May be one of the following: distro (default), ppa:somecustom/ppa, a deb url sources entry, or a supported Cloud Archive release pocket. . Supported Cloud Archive sources include: - cloud:precise-folsom, - cloud:precise-folsom/updates - cloud:precise-folsom/staging - cloud:precise-folsom/proposed . Note that updating this setting to a source that is known to provide a later version of OpenStack will trigger a software upgrade.
(string) Comma-separated list of Swift operator roles.
(string) The IP address and netmask of the OpenStack Admin network (e.g., . This network will be used for admin endpoints.
(string) The IP address and netmask of the OpenStack Internal network (e.g., . This network will be used for internal endpoints.
(string) The IP address and netmask of the OpenStack Public network (e.g., . This network will be used for public endpoints.
(int) Partition power.
(boolean) If True enables IPv6 support. The charm will expect network interfaces to be configured with an IPv6 address. If set to False (default) IPv4 is expected. . NOTE: these charms do not currently support IPv6 privacy extension. In order for this charm to function correctly, the privacy extension must be disabled and a non-temporary address must be configured/available on your network interface.
(int) How long the proxy server will wait for an initial response and to read a chunk of data from the object servers while serving GET / HEAD requests. Timeouts from these requests can be recovered from so setting this to something lower than node-timeout would provide quicker error recovery while allowing for a longer timeout for non-recoverable requests (PUTs).
(string) OpenStack region that this swift-proxy supports.
(int) Minimum replicas.
(string) Base64 encoded SSL certificate to install and use for API ports. . juju set swift-proxy ssl_cert="$(cat cert | base64)" \ ssl_key="$(cat key | base64)" . Setting this value (and ssl_key) will enable reverse proxying, point Swifts's entry in the Keystone catalog to use https, and override any certficiate and key issued by Keystone (if it is configured to do so).
(string) Base64 encoded SSL key to use with certificate specified as ssl_cert.
(string) Hash to use across all swift-proxy servers - don't loose
(string) Virtual IP(s) to use to front API services in HA configuration. . If multiple networks are being used, a VIP should be provided for each network, separated by spaces.
(int) Number of TCP workers to launch (0 for the number of system cores).
(string) Which policy to use when assigning new storage nodes to zones. . manual - Allow swift-storage services to request zone membership. auto - Assign new swift-storage units to zones automatically. . The configured replica minimum must be met by an equal number of storage zones before the storage ring will be initially balance. Deployment requirements differ based on the zone-assignment policy configured, see this charm's README for details.