Revision history [back]

Swift: proxy architecture and auth system

Hi all,

In case of simultaneous http and https for proxies, is it a correct implementation to create two proxy farms behind a load-balancer ?

For example:

                                                Load Balancer
                                                           |
              |.............................|.............................|.............................| 
      proxy1 (http)^^^^proxy2 (http)^^^^proxy3 (https)^^^^proxy4 (https)

I looked at https://answers.launchpad.net/swift/+question/152909 and found not easy to handle it (2 services not really managed on the same server).

If I configure first webfarm with http only and set swift cluster url to http://<load_balancer_hostname>, then I configure second webfarm with https only and set swift cluster url to https://<load_balancer_hostname>, is it a good way to implement it ?

As swith auth system is important, which middleware is the good one to choose between swauth and keystone ? My guess is swauth, as I can read from keystone documentation: "Keystone currently allows any valid token to do anything with any account."

The platform is actually using 1.4.1 version.

Thanks !