Proxy server acts as the gatekeeper to swift. It takes the responsibility of authenticating the user. Authentication verifies that a request actually comes from who it says it does. Authorization verifies the ‘who’ has access to the resource(s) the request wants. Authorization is done by identity services like keystone. Create and edit /etc/swift/proxy-server.conf and add the following lines.
[DEFAULT] bind_port = 8080 user = swift swift_dir = /etc/swift [pipeline:main] # Order of execution of modules defined below pipeline = catch_errors healthcheck cache authtoken keystone proxy-server [app:proxy-server] use = egg:swift#proxy allow_account_management = true account_autocreate = true set log_name = swift-proxy set log_facility = LOG_LOCAL0 set log_level = INFO set access_log_name = swift-proxy set access_log_facility = SYSLOG set access_log_level = INFO set log_headers = True account_autocreate = True [filter:healthcheck] use = egg:swift#healthcheck [filter:catch_errors] use = egg:swift#catch_errors [filter:cache] use = egg:swift#memcache set log_name = cache [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_protocol = http auth_host = 127.0.0.1 auth_port = 35357 auth_token = admin service_protocol = http service_host = 127.0.0.1 service_port = 5000 admin_token = admin admin_tenant_name = service admin_user = swift admin_password = swift delay_auth_decision = 0 [filter:keystone] paste.filter_factory = keystone.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator is_admin = true
Note: You can find sample configuration files at the "etc" directory in the source. Some documentation can be found under "/usr/share/doc/swift-doc/html" if you had installed the swift-doc package using apt-get.
