Fix for all possible storage cases
* Enable swift only if images and objects ceph are disabled
* Set S3 endpoint using radosgw task
Change-Id: I8611669217827ccc8aad64b89557783470b3d0b3
Closes-Bug: #1604879
Closes-Bug: #1590700
(cherry picked from commit f1dd09eef8
)
This commit is contained in:
parent
8f51f0fce6
commit
6c87246952
|
@ -21,6 +21,10 @@ if $storage_hash['objects_ceph'] {
|
|||
$internal_url = "${internal_protocol}://${internal_address}:8080/swift/v1"
|
||||
$admin_url = "${admin_protocol}://${admin_address}:8080/swift/v1"
|
||||
|
||||
$public_url_s3 = "${public_protocol}://${public_address}:8080"
|
||||
$internal_url_s3 = "${internal_protocol}://${internal_address}:8080"
|
||||
$admin_url_s3 = "${admin_protocol}://${admin_address}:8080"
|
||||
|
||||
class {'::osnailyfacter::wait_for_keystone_backends': }
|
||||
|
||||
keystone::resource::service_identity { 'radosgw':
|
||||
|
@ -33,6 +37,18 @@ if $storage_hash['objects_ceph'] {
|
|||
public_url => $public_url,
|
||||
admin_url => $admin_url,
|
||||
internal_url => $internal_url,
|
||||
}->
|
||||
|
||||
keystone::resource::service_identity { 'radosgw_s3':
|
||||
configure_user => false,
|
||||
configure_user_role => false,
|
||||
service_type => 's3',
|
||||
service_description => 'Openstack Object-Store Service',
|
||||
service_name => 'swift_s3',
|
||||
region => $region,
|
||||
public_url => $public_url_s3,
|
||||
admin_url => $admin_url_s3,
|
||||
internal_url => $internal_url_s3,
|
||||
}
|
||||
|
||||
Class['::osnailyfacter::wait_for_keystone_backends'] -> Keystone::Resource::Service_Identity['radosgw']
|
||||
|
|
|
@ -54,6 +54,7 @@
|
|||
groups: [primary-controller]
|
||||
required_for: [deploy_end, controller_remaining_tasks]
|
||||
requires: [apache, ceph-mon, primary-ceph-mon]
|
||||
condition: "settings:storage.objects_ceph.value == true"
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ceph/radosgw.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
|
@ -71,6 +72,7 @@
|
|||
- name: primary-ceph-radosgw
|
||||
required_for: [deploy_end, controller_remaining_tasks]
|
||||
requires: [apache, ceph-mon, primary-ceph-mon]
|
||||
condition: "settings:storage.objects_ceph.value == true"
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/ceph/radosgw.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
|
@ -86,6 +88,7 @@
|
|||
groups: [primary-controller]
|
||||
required_for: [primary-ceph-radosgw, ceph-radosgw]
|
||||
requires: [primary-keystone, keystone]
|
||||
condition: "settings:storage.objects_ceph.value == true"
|
||||
cross-depends:
|
||||
- name: keystone
|
||||
parameters:
|
||||
|
|
|
@ -11,7 +11,7 @@ $ironic_hash = hiera_hash('ironic', {})
|
|||
$external_lb = hiera('external_lb', false)
|
||||
|
||||
if !$external_lb {
|
||||
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
|
||||
if (!$storage_hash['images_ceph'] and !$storage_hash['objects_ceph'] and !$storage_hash['images_vcenter']) {
|
||||
$use_swift = true
|
||||
} else {
|
||||
$use_swift = false
|
||||
|
|
|
@ -16,7 +16,7 @@ $ironic_hash = hiera_hash('ironic', {})
|
|||
|
||||
$external_lb = hiera('external_lb', false)
|
||||
|
||||
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
|
||||
if (!$storage_hash['images_ceph'] and !$storage_hash['objects_ceph'] and !$storage_hash['images_vcenter']) {
|
||||
$use_swift = true
|
||||
} else {
|
||||
$use_swift = false
|
||||
|
|
|
@ -51,122 +51,120 @@ $swift_internal_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'internal
|
|||
$swift_internal_address = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'hostname', [$swift_api_ipaddr, $management_vip])
|
||||
|
||||
# Use Swift if it isn't replaced by vCenter, Ceph for BOTH images and objects
|
||||
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
|
||||
$master_swift_proxy_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role])
|
||||
$master_swift_proxy_nodes_list = values($master_swift_proxy_nodes)
|
||||
$master_swift_proxy_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/api'], '\/\d+$', '')
|
||||
$master_swift_replication_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/replication'], '\/\d+$', '')
|
||||
$swift_partition = hiera('swift_partition', '/var/lib/glance/node')
|
||||
$master_swift_proxy_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role])
|
||||
$master_swift_proxy_nodes_list = values($master_swift_proxy_nodes)
|
||||
$master_swift_proxy_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/api'], '\/\d+$', '')
|
||||
$master_swift_replication_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/replication'], '\/\d+$', '')
|
||||
$swift_partition = hiera('swift_partition', '/var/lib/glance/node')
|
||||
|
||||
if ($deploy_swift_storage){
|
||||
if !defined(File['/var/lib/glance']) {
|
||||
file {'/var/lib/glance':
|
||||
ensure => 'directory',
|
||||
group => 'swift',
|
||||
require => Package['swift'],
|
||||
} -> Service <| tag == 'swift-service' |>
|
||||
} else {
|
||||
File['/var/lib/glance'] {
|
||||
ensure => 'directory',
|
||||
group => 'swift',
|
||||
require +> Package['swift'],
|
||||
}
|
||||
File['/var/lib/glance'] -> Service <| tag == 'swift-service' |>
|
||||
}
|
||||
|
||||
class { 'openstack::swift::storage_node':
|
||||
storage_type => false,
|
||||
loopback_size => '5243780',
|
||||
storage_mnt_base_dir => $swift_partition,
|
||||
storage_devices => filter_hash($mp_hash,'point'),
|
||||
swift_zone => $master_swift_proxy_nodes_list[0]['swift_zone'],
|
||||
swift_local_net_ip => $swift_storage_ipaddr,
|
||||
master_swift_proxy_ip => $master_swift_proxy_ip,
|
||||
master_swift_replication_ip => $master_swift_replication_ip,
|
||||
sync_rings => ! $is_primary_swift_proxy,
|
||||
debug => $debug,
|
||||
verbose => $verbose,
|
||||
log_facility => 'LOG_SYSLOG',
|
||||
if ($deploy_swift_storage){
|
||||
if !defined(File['/var/lib/glance']) {
|
||||
file {'/var/lib/glance':
|
||||
ensure => 'directory',
|
||||
group => 'swift',
|
||||
require => Package['swift'],
|
||||
} -> Service <| tag == 'swift-service' |>
|
||||
} else {
|
||||
File['/var/lib/glance'] {
|
||||
ensure => 'directory',
|
||||
group => 'swift',
|
||||
require +> Package['swift'],
|
||||
}
|
||||
File['/var/lib/glance'] -> Service <| tag == 'swift-service' |>
|
||||
}
|
||||
|
||||
if $is_primary_swift_proxy {
|
||||
ring_devices {'all':
|
||||
storages => $swift_nodes,
|
||||
require => Class['swift'],
|
||||
}
|
||||
class { 'openstack::swift::storage_node':
|
||||
storage_type => false,
|
||||
loopback_size => '5243780',
|
||||
storage_mnt_base_dir => $swift_partition,
|
||||
storage_devices => filter_hash($mp_hash,'point'),
|
||||
swift_zone => $master_swift_proxy_nodes_list[0]['swift_zone'],
|
||||
swift_local_net_ip => $swift_storage_ipaddr,
|
||||
master_swift_proxy_ip => $master_swift_proxy_ip,
|
||||
master_swift_replication_ip => $master_swift_replication_ip,
|
||||
sync_rings => ! $is_primary_swift_proxy,
|
||||
debug => $debug,
|
||||
verbose => $verbose,
|
||||
log_facility => 'LOG_SYSLOG',
|
||||
}
|
||||
}
|
||||
|
||||
if $is_primary_swift_proxy {
|
||||
ring_devices {'all':
|
||||
storages => $swift_nodes,
|
||||
require => Class['swift'],
|
||||
}
|
||||
}
|
||||
|
||||
if $deploy_swift_proxy {
|
||||
class { 'openstack::swift::proxy':
|
||||
swift_user_password => $swift_hash['user_password'],
|
||||
swift_operator_roles => $swift_operator_roles,
|
||||
swift_proxies_cache => $memcaches_addr_list,
|
||||
ring_part_power => $ring_part_power,
|
||||
primary_proxy => $is_primary_swift_proxy,
|
||||
swift_proxy_local_ipaddr => $swift_api_ipaddr,
|
||||
swift_replication_local_ipaddr => $swift_storage_ipaddr,
|
||||
master_swift_proxy_ip => $master_swift_proxy_ip,
|
||||
master_swift_replication_ip => $master_swift_replication_ip,
|
||||
proxy_port => $proxy_port,
|
||||
proxy_workers => $service_workers,
|
||||
debug => $debug,
|
||||
verbose => $verbose,
|
||||
log_facility => 'LOG_SYSLOG',
|
||||
ceilometer => hiera('use_ceilometer',false),
|
||||
ring_min_part_hours => $ring_min_part_hours,
|
||||
admin_user => $keystone_user,
|
||||
admin_tenant_name => $keystone_tenant,
|
||||
admin_password => $keystone_password,
|
||||
auth_host => $internal_auth_address,
|
||||
auth_protocol => $internal_auth_protocol,
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
rabbit_user => $rabbit_hash['user'],
|
||||
rabbit_password => $rabbit_hash['password'],
|
||||
rabbit_hosts => split($rabbit_hosts, ', '),
|
||||
}
|
||||
|
||||
if $deploy_swift_proxy {
|
||||
class { 'openstack::swift::proxy':
|
||||
swift_user_password => $swift_hash['user_password'],
|
||||
swift_operator_roles => $swift_operator_roles,
|
||||
swift_proxies_cache => $memcaches_addr_list,
|
||||
ring_part_power => $ring_part_power,
|
||||
primary_proxy => $is_primary_swift_proxy,
|
||||
swift_proxy_local_ipaddr => $swift_api_ipaddr,
|
||||
swift_replication_local_ipaddr => $swift_storage_ipaddr,
|
||||
master_swift_proxy_ip => $master_swift_proxy_ip,
|
||||
master_swift_replication_ip => $master_swift_replication_ip,
|
||||
proxy_port => $proxy_port,
|
||||
proxy_workers => $service_workers,
|
||||
debug => $debug,
|
||||
verbose => $verbose,
|
||||
log_facility => 'LOG_SYSLOG',
|
||||
ceilometer => hiera('use_ceilometer',false),
|
||||
ring_min_part_hours => $ring_min_part_hours,
|
||||
admin_user => $keystone_user,
|
||||
admin_tenant_name => $keystone_tenant,
|
||||
admin_password => $keystone_password,
|
||||
auth_host => $internal_auth_address,
|
||||
auth_protocol => $internal_auth_protocol,
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
rabbit_user => $rabbit_hash['user'],
|
||||
rabbit_password => $rabbit_hash['password'],
|
||||
rabbit_hosts => split($rabbit_hosts, ', '),
|
||||
# Check swift proxy and internal VIP are from the same IP network. If no
|
||||
# then it's possible to get network failure, so proxy couldn't access
|
||||
# Keystone via VIP. In such cases swift health check returns OK, but all
|
||||
# requests forwarded from HAproxy fail, see LP#1459772 In order to detect
|
||||
# such bad swift backends we enable a service which checks Keystone
|
||||
# availability from swift node. HAProxy monitors that service to get
|
||||
# proper backend status.
|
||||
# NOTE: this is the same logic in the HAproxy configuration so if it's
|
||||
# updated there, this must be updated. See LP#1548275
|
||||
$swift_api_network = get_network_role_property('swift/api', 'network')
|
||||
$bind_to_one = has_ip_in_network($management_vip, $swift_api_network)
|
||||
|
||||
if !$bind_to_one {
|
||||
$storage_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
|
||||
$mgmt_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')
|
||||
|
||||
class { 'openstack::swift::status':
|
||||
endpoint => "${swift_internal_protocol}://${swift_internal_address}:${proxy_port}",
|
||||
scan_target => "${internal_auth_address}:5000",
|
||||
only_from => "127.0.0.1 240.0.0.2 ${storage_nets} ${mgmt_nets}",
|
||||
con_timeout => 5
|
||||
}
|
||||
|
||||
# Check swift proxy and internal VIP are from the same IP network. If no
|
||||
# then it's possible to get network failure, so proxy couldn't access
|
||||
# Keystone via VIP. In such cases swift health check returns OK, but all
|
||||
# requests forwarded from HAproxy fail, see LP#1459772 In order to detect
|
||||
# such bad swift backends we enable a service which checks Keystone
|
||||
# availability from swift node. HAProxy monitors that service to get
|
||||
# proper backend status.
|
||||
# NOTE: this is the same logic in the HAproxy configuration so if it's
|
||||
# updated there, this must be updated. See LP#1548275
|
||||
$swift_api_network = get_network_role_property('swift/api', 'network')
|
||||
$bind_to_one = has_ip_in_network($management_vip, $swift_api_network)
|
||||
Class['openstack::swift::status'] -> Class['swift::dispersion']
|
||||
}
|
||||
|
||||
if !$bind_to_one {
|
||||
$storage_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
|
||||
$mgmt_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')
|
||||
class { 'swift::dispersion':
|
||||
auth_url => "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/",
|
||||
auth_user => $keystone_user,
|
||||
auth_tenant => $keystone_tenant,
|
||||
auth_pass => $keystone_password,
|
||||
auth_version => '2.0',
|
||||
}
|
||||
|
||||
class { 'openstack::swift::status':
|
||||
endpoint => "${swift_internal_protocol}://${swift_internal_address}:${proxy_port}",
|
||||
scan_target => "${internal_auth_address}:5000",
|
||||
only_from => "127.0.0.1 240.0.0.2 ${storage_nets} ${mgmt_nets}",
|
||||
con_timeout => 5
|
||||
}
|
||||
Class['openstack::swift::proxy'] -> Class['swift::dispersion']
|
||||
Service<| tag == 'swift-service' |> -> Class['swift::dispersion']
|
||||
|
||||
Class['openstack::swift::status'] -> Class['swift::dispersion']
|
||||
}
|
||||
|
||||
class { 'swift::dispersion':
|
||||
auth_url => "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/",
|
||||
auth_user => $keystone_user,
|
||||
auth_tenant => $keystone_tenant,
|
||||
auth_pass => $keystone_password,
|
||||
auth_version => '2.0',
|
||||
}
|
||||
|
||||
Class['openstack::swift::proxy'] -> Class['swift::dispersion']
|
||||
Service<| tag == 'swift-service' |> -> Class['swift::dispersion']
|
||||
|
||||
if defined(Class['openstack::swift::storage_node']) {
|
||||
Class['openstack::swift::storage_node'] -> Class['swift::dispersion']
|
||||
}
|
||||
if defined(Class['openstack::swift::storage_node']) {
|
||||
Class['openstack::swift::storage_node'] -> Class['swift::dispersion']
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
groups: [controller]
|
||||
required_for: [deploy_end, controller_remaining_tasks]
|
||||
requires: [openstack-controller]
|
||||
condition: "settings:storage.objects_ceph.value == false and settings:storage.images_ceph.value == false and settings:storage.images_vcenter.value == false"
|
||||
cross-depends:
|
||||
- name: primary-swift
|
||||
parameters:
|
||||
|
@ -21,6 +22,7 @@
|
|||
groups: [primary-controller]
|
||||
required_for: [deploy_end, controller_remaining_tasks]
|
||||
requires: [openstack-controller]
|
||||
condition: "settings:storage.objects_ceph.value == false and settings:storage.images_ceph.value == false and settings:storage.images_vcenter.value == false"
|
||||
cross-depends:
|
||||
- name: /(primary-)?rabbitmq/
|
||||
- name: swift-keystone
|
||||
|
@ -40,6 +42,7 @@
|
|||
groups: [primary-controller, controller]
|
||||
required_for: [deploy_end]
|
||||
requires: [primary-swift, swift]
|
||||
condition: "settings:storage.objects_ceph.value == false and settings:storage.images_ceph.value == false and settings:storage.images_vcenter.value == false"
|
||||
cross-depends:
|
||||
- name: /(primary-)?swift/
|
||||
role: self
|
||||
|
@ -57,6 +60,7 @@
|
|||
version: 2.0.0
|
||||
groups: [primary-controller]
|
||||
required_for: [primary-swift]
|
||||
condition: "settings:storage.objects_ceph.value == false and settings:storage.images_ceph.value == false and settings:storage.images_vcenter.value == false"
|
||||
cross-depends:
|
||||
- name: keystone
|
||||
requires: [primary-keystone, keystone]
|
||||
|
|
Loading…
Reference in New Issue