Merge "Update swift proxy logic for healthcheck service" into stable/mitaka

This commit is contained in:
Jenkins 2016-04-21 07:35:32 +00:00 committed by Gerrit Code Review
commit 96cf220fdf
3 changed files with 33 additions and 33 deletions

View File

@ -100,7 +100,19 @@ class openstack_tasks::swift::proxy {
rabbit_hosts => split($rabbit_hosts, ', '),
}
if $swift_api_ipaddr == $swift_storage_ipaddr {
# Check swift proxy and internal VIP are from the same IP network. If no
# then it's possible to get network failure, so proxy couldn't access
# Keystone via VIP. In such cases swift health check returns OK, but all
# requests forwarded from HAproxy fail, see LP#1459772 In order to detect
# such bad swift backends we enable a service which checks Keystone
# availability from swift node. HAProxy monitors that service to get
# proper backend status.
# NOTE: this is the same logic in the HAproxy configuration so if it's
# updated there, this must be updated. See LP#1548275
$swift_api_network = get_network_role_property('swift/api', 'network')
$bind_to_one = has_ip_in_network($management_vip, $swift_api_network)
if !$bind_to_one {
$storage_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
$mgmt_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')

View File

@ -42,6 +42,8 @@ class osnailyfacter::openstack_haproxy::openstack_haproxy_swift {
# health check returns OK, but all requests forwarded from HAproxy fail, see LP#1459772
# In order to detect such bad swift backends we enable a service which checks Keystone
# availability from swift node. HAProxy monitors that service to get proper backend status.
# NOTE: this is the same logic in the swift proxy task so if this is updated
# then it must be updated overthere as well. See LP#1548275
$swift_api_network = get_network_role_property('swift/api', 'network')
$bind_to_one = has_ip_in_network($internal_virtual_ip, $swift_api_network)

View File

@ -62,6 +62,11 @@ describe manifest do
let(:identity_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" }
let(:proxy_port) { Noop.hiera 'proxy_port', '8080' }
let(:swift_api_ipaddr) { Noop.puppet_function 'get_network_role_property', 'swift/api', 'ipaddr' }
let(:swift_internal_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'swift','internal','protocol','http' }
let(:swift_interal_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'swift','internal','hostname',[swift_api_ipaddr, management_vip] }
# Swift
if !(storage_hash['images_ceph'] and storage_hash['objects_ceph']) and !storage_hash['images_vcenter']
swift_partition = Noop.hiera 'swift_partition'
@ -106,38 +111,6 @@ describe manifest do
)
end
if Noop.hiera('use_ssl', false)
context 'with enabled internal TLS for swift' do
swift_endpoint = Noop.hiera_structure 'use_ssl/swift_internal_hostname'
it {
unless bind_to_one
should contain_class('openstack::swift::status').with(
'endpoint' => "https://#{swift_endpoint}:8080",
'only_from' => "127.0.0.1 240.0.0.2 #{storage_nets} #{mgmt_nets}",
'scan_target' => "#{internal_virtual_ip}:5000",
).that_comes_before('Class[swift::dispersion]')
else
should_not contain_class('openstack::swift::status')
end
}
end
else
keystone_endpoint = Noop.hiera 'service_endpoint'
context 'with disabled internal TLS for swift' do
it {
unless bind_to_one
should contain_class('openstack::swift::status').with(
'only_from' => "127.0.0.1 240.0.0.2 #{storage_nets} #{mgmt_nets}",
'scan_target' => "#{internal_virtual_ip}:5000",
).that_comes_before('Class[swift::dispersion]')
else
should_not contain_class('openstack::swift::status')
end
}
end
end
it 'should configure proxy workers' do
fallback_workers = [[facts[:processorcount].to_i, 2].max, workers_max.to_i].min
workers = swift_hash.fetch('workers', fallback_workers)
@ -173,6 +146,19 @@ describe manifest do
)
end
it 'should configure health check service correctly' do
if !bind_to_one
should_not contain_class('openstack::swift:status').with(
:endpoint => "#{swift_internal_protocol}://#{swift_internal_address}:#{proxy_port}",
:scan_target => "#{internal_auth_address}:5000",
:only_from => "127.0.0.1 240.0.0.2 #{storage_nets} #{mgmt_nets}",
:con_timeout => 5
).that_comes_before('Class[swift::dispersion]')
else
should_not contain_class('openstack::swift:status')
end
end
it 'should contain valid auth uris' do
should contain_class('swift::proxy::authtoken').with(
'auth_uri' => auth_uri,