From d6b413ac8c7062f4e12dca5765c6aeda14756978 Mon Sep 17 00:00:00 2001
From: Andrey Shestakov <ashestakov@mirantis.com>
Date: Tue, 27 Dec 2016 13:28:44 +0200
Subject: [PATCH] Add local radosgw and API to ironic-conductor pod.

Currenty ironic depends on external dns, ingress, ssl, and network routing.
To download image to baremetal node in provisioning network, traffic going
from ceph to radosgw to ingress proxy and then to node. It utilizes all
networks (storage, public, provisioning) and loads radosgw and ingress on
controller nodes.

This change introduces local radosgw and ironic API inside of ironic-conductor
pod. For provision baremetal node, traffic will go from ceph to radosgw on
ironic-conductor node and then to baremetal node. Also ironic provisioning will
not depends on external network access, ingress, valid ssl, external dns.

Change-Id: Ib2e2027ae80ad222e64c7e85cf7ddb1da95ca5ed
---
 service/files/ceph.client.radosgw.keyring.j2 |  3 ++
 service/files/ceph.conf.j2                   | 26 ++++++++++++++++
 service/files/ironic.conf.j2                 |  6 ++--
 service/ironic-conductor.yaml                | 32 ++++++++++++++++++--
 4 files changed, 61 insertions(+), 6 deletions(-)
 create mode 100644 service/files/ceph.client.radosgw.keyring.j2
 create mode 100644 service/files/ceph.conf.j2

diff --git a/service/files/ceph.client.radosgw.keyring.j2 b/service/files/ceph.client.radosgw.keyring.j2
new file mode 100644
index 0000000..1cd3972
--- /dev/null
+++ b/service/files/ceph.client.radosgw.keyring.j2
@@ -0,0 +1,3 @@
+[client.radosgw.gateway]
+        key = {{ radosgw.key }}
+
diff --git a/service/files/ceph.conf.j2 b/service/files/ceph.conf.j2
new file mode 100644
index 0000000..a6eed7e
--- /dev/null
+++ b/service/files/ceph.conf.j2
@@ -0,0 +1,26 @@
+[global]
+fsid = {{ ceph.fsid }}
+mon_host = {{ ceph.mon_host }}
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+debug_rgw = 20
+
+[client.radosgw.gateway]
+keyring = /var/lib/ceph/radosgw/ceph-rgw/keyring
+rgw socket path = /tmp/radosgw.sock
+log file = /var/log/ceph/ceph-rgw-{{ namespace }}.log
+rgw data = /var/lib/ceph/radosgw/ceph-rgw
+rgw frontends = civetweb port={{ radosgw.port.cont }} num_threads=50
+
+rgw keystone api version = 3
+rgw keystone admin domain = default
+rgw keystone admin project = admin
+rgw keystone url = address("keystone", keystone.admin_port, with_scheme=True)
+rgw keystone accepted roles = Member, _member_, admin
+rgw keystone revocation interval = 900
+rgw s3 auth use keystone = true
+rgw keystone verify ssl = {{ keystone.tls.enabled }}
+rgw keystone admin user = admin
+rgw keystone admin password = password
+
diff --git a/service/files/ironic.conf.j2 b/service/files/ironic.conf.j2
index a85ba55..ef87998 100644
--- a/service/files/ironic.conf.j2
+++ b/service/files/ironic.conf.j2
@@ -11,7 +11,7 @@ enabled_network_interfaces = noop,flat
 default_network_interface = flat
 
 [api]
-public_endpoint = http://{{ address('ironic', ironic.api_port, external=True, with_scheme=False) }}
+public_endpoint = http://{{ network_topology["private"]["address"] }}:{{ ironic.api_port.cont }}
 host_ip = {{ network_topology["private"]["address"] }}
 port = {{ ironic.api_port.cont }}
 
@@ -31,7 +31,7 @@ username = {{ ironic.username }}
 password = {{ ironic.password }}
 
 [conductor]
-api_url = http://{{ address('ironic', ironic.api_port, external=True, with_scheme=False) }}
+api_url = http://{{ network_topology["private"]["address"] }}:{{ ironic.api_port.cont }}
 automated_clean = {{ ironic.automated_clean }}
 
 [neutron]
@@ -56,7 +56,7 @@ password = {{ ironic.password }}
 
 glance_api_servers = {{ address('glance-api', glance.api_port, with_scheme=True) }}
 
-swift_endpoint_url = http://{{ address('radosgw', radosgw.port, external=True, with_scheme=False) }}
+swift_endpoint_url = http://{{ network_topology["private"]["address"] }}:{{ radosgw.port.cont }}/swift
 swift_temp_url_key = {{ ironic.swift.temp_url_key }}
 temp_url_endpoint_type = radosgw
 
diff --git a/service/ironic-conductor.yaml b/service/ironic-conductor.yaml
index bd7e469..7e9aa64 100644
--- a/service/ironic-conductor.yaml
+++ b/service/ironic-conductor.yaml
@@ -4,7 +4,7 @@ service:
   hostNetwork: true
   kind: DaemonSet
   containers:
-    - name: ironic-conductor
+    - name: conductor
       image: ironic-conductor
       probes:
         readiness: "true"
@@ -33,7 +33,7 @@ service:
         dependencies:
           - ironic-db-sync
           - ironic-post-swift-tempurl-key
-    - name: ironic-pxe
+    - name: pxe
       image: ironic-pxe
       probes:
         readiness: "true"
@@ -53,7 +53,7 @@ service:
                  /var/lib/ironic/tftpboot
         files:
           - pxe-bootstrap.sh
-    - name: ironic-ipxe
+    - name: ipxe
       image: ironic-ipxe
       probes:
         readiness: "true"
@@ -68,6 +68,23 @@ service:
         command: nginx -g 'daemon off; error_log stderr;'
         files:
           - nginx-ipxe.conf
+    - name: radosgw
+      image: radosgw
+      daemon:
+        command: radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway -d
+        files:
+          - ceph-conf
+          - radosgw-ceph-key
+          - radosgw-keyring
+    - name: api
+      image: ironic-api
+      daemon:
+        command: ironic-api --config-file /etc/ironic/ironic.conf
+        files:
+          - ironic.conf
+        dependencies:
+          - rpc
+          - ironic-db-sync
 files:
   ironic.conf:
     path: /etc/ironic/ironic.conf
@@ -85,3 +102,12 @@ files:
     path: /home/ironic/.ssh/id_rsa
     content: ssh_key.j2
     perm: "0400"
+  ceph-conf:
+    path: /etc/ceph/ceph.conf
+    content: ceph.conf.j2
+  radosgw-ceph-key:
+    path: /etc/ceph/ceph.client.radosgw.keyring
+    content: ceph.client.radosgw.keyring.j2
+  radosgw-keyring:
+    path: /var/lib/ceph/radosgw/ceph-rgw/keyring
+    content: ceph.client.radosgw.keyring.j2