Refactor openstack_tasks::swift
cherry picked from commit 52716670dc
Change-Id: I7ff5778367a30b00975ba41069dd6e11332a5c38
Related-bug: 1582646
This commit is contained in:
parent
e41c957b9e
commit
765af856b6
|
@ -0,0 +1,12 @@
|
|||
# create dirs for devices
|
||||
define openstack_tasks::swift::parts::device_directory($devices) {
|
||||
if (!defined(File[$devices])) {
|
||||
file { $devices:
|
||||
ensure => 'directory',
|
||||
owner => 'swift',
|
||||
group => 'swift',
|
||||
recurse => true,
|
||||
recurselimit => 1,
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,227 @@
|
|||
class openstack_tasks::swift::parts::proxy (
|
||||
$swift_user_password = 'swift_pass',
|
||||
$swift_hash_suffix = 'swift_secret',
|
||||
$swift_max_header_size = '32768',
|
||||
$swift_proxy_local_ipaddr = $::ipaddress_eth0,
|
||||
$swift_replication_local_ipaddr = $::ipaddress_eth0,
|
||||
$ring_part_power = 18,
|
||||
$ring_replicas = 3,
|
||||
$ring_min_part_hours = 1,
|
||||
$proxy_pipeline = [
|
||||
'catch_errors',
|
||||
'crossdomain',
|
||||
'healthcheck',
|
||||
'cache',
|
||||
'bulk',
|
||||
'tempurl',
|
||||
'ratelimit',
|
||||
'formpost',
|
||||
'swift3',
|
||||
's3token',
|
||||
'authtoken',
|
||||
'keystone',
|
||||
'staticweb',
|
||||
'container_quotas',
|
||||
'account_quotas',
|
||||
'slo',
|
||||
'proxy-server'],
|
||||
$proxy_workers = $::processorcount,
|
||||
$proxy_port = '8080',
|
||||
$proxy_allow_account_management = true,
|
||||
$proxy_account_autocreate = true,
|
||||
$ratelimit_clock_accuracy = 1000,
|
||||
$ratelimit_max_sleep_time_seconds = 60,
|
||||
$ratelimit_log_sleep_time_seconds = 0,
|
||||
$ratelimit_rate_buffer_seconds = 5,
|
||||
$ratelimit_account_ratelimit = 0,
|
||||
$package_ensure = 'present',
|
||||
$swift_proxies_cache = ['127.0.0.1'],
|
||||
$cache_server_port = '11211',
|
||||
$primary_proxy = false,
|
||||
$swift_devices = undef,
|
||||
$master_swift_proxy_ip = undef,
|
||||
$master_swift_replication_ip = undef,
|
||||
$collect_exported = false,
|
||||
$rings = ['account', 'object', 'container'],
|
||||
$debug = false,
|
||||
$verbose = true,
|
||||
$log_facility = 'LOG_LOCAL1',
|
||||
$ceilometer = false,
|
||||
$admin_user = 'swift',
|
||||
$admin_tenant_name = 'services',
|
||||
$admin_password = 'password',
|
||||
$auth_host = '10.0.0.1',
|
||||
$auth_protocol = 'http',
|
||||
$auth_uri = 'http://127.0.0.1:5000',
|
||||
$identity_uri = 'http://127.0.0.1:35357',
|
||||
$swift_operator_roles = ['admin', 'SwiftOperator'],
|
||||
$rabbit_user = 'guest',
|
||||
$rabbit_password = 'password',
|
||||
$rabbit_hosts = '127.0.0.1:5672',
|
||||
) {
|
||||
if !defined(Class['swift']) {
|
||||
class { 'swift':
|
||||
swift_hash_suffix => $swift_hash_suffix,
|
||||
package_ensure => $package_ensure,
|
||||
max_header_size => $swift_max_header_size,
|
||||
}
|
||||
}
|
||||
|
||||
if !defined(Class['rsync::server']) {
|
||||
class { '::rsync::server':
|
||||
use_xinetd => true,
|
||||
address => $local_net_ip,
|
||||
use_chroot => 'no',
|
||||
}
|
||||
}
|
||||
|
||||
# calculate log_level
|
||||
if $debug {
|
||||
$log_level = 'DEBUG'
|
||||
}
|
||||
elsif $verbose {
|
||||
$log_level = 'INFO'
|
||||
}
|
||||
else {
|
||||
$log_level = 'WARNING'
|
||||
}
|
||||
|
||||
if $ceilometer {
|
||||
$new_proxy_pipeline = split(
|
||||
inline_template(
|
||||
"<%=
|
||||
@proxy_pipeline.insert(-2, 'ceilometer').join(',')
|
||||
%>"), ',')
|
||||
class { '::swift::proxy::ceilometer':
|
||||
rabbit_user => $rabbit_user,
|
||||
rabbit_password => $rabbit_password,
|
||||
rabbit_hosts => $rabbit_hosts,
|
||||
}
|
||||
}
|
||||
else {
|
||||
$new_proxy_pipeline = $proxy_pipeline
|
||||
}
|
||||
|
||||
class { '::swift::proxy':
|
||||
proxy_local_net_ip => $swift_proxy_local_ipaddr,
|
||||
pipeline => $new_proxy_pipeline,
|
||||
port => $proxy_port,
|
||||
workers => $proxy_workers,
|
||||
allow_account_management => $proxy_allow_account_management,
|
||||
account_autocreate => $proxy_account_autocreate,
|
||||
package_ensure => $package_ensure,
|
||||
log_facility => $log_facility,
|
||||
log_level => $log_level,
|
||||
log_name => 'swift-proxy-server',
|
||||
}
|
||||
|
||||
# configure all of the middlewares
|
||||
class { ['::swift::proxy::catch_errors', '::swift::proxy::crossdomain', '::swift::proxy::healthcheck',
|
||||
'::swift::proxy::bulk', '::swift::proxy::tempurl', '::swift::proxy::formpost', '::swift::proxy::swift3',
|
||||
'::swift::proxy::staticweb', '::swift::proxy::container_quotas', '::swift::proxy::account_quotas',
|
||||
'::swift::proxy::slo',]:
|
||||
}
|
||||
|
||||
$cache_addresses = join(suffix($swift_proxies_cache, ":${cache_server_port}"), ',')
|
||||
|
||||
class { '::swift::proxy::cache': memcache_servers => split($cache_addresses, ',') }
|
||||
|
||||
class { '::swift::proxy::ratelimit':
|
||||
clock_accuracy => $ratelimit_clock_accuracy,
|
||||
max_sleep_time_seconds => $ratelimit_max_sleep_time_seconds,
|
||||
log_sleep_time_seconds => $ratelimit_log_sleep_time_seconds,
|
||||
rate_buffer_seconds => $ratelimit_rate_buffer_seconds,
|
||||
account_ratelimit => $ratelimit_account_ratelimit,
|
||||
}
|
||||
|
||||
class { '::swift::proxy::s3token':
|
||||
auth_host => $auth_host,
|
||||
auth_port => '35357',
|
||||
auth_protocol => $auth_protocol,
|
||||
}
|
||||
|
||||
class { '::swift::proxy::keystone':
|
||||
operator_roles => $swift_operator_roles,
|
||||
}
|
||||
|
||||
class { '::swift::proxy::authtoken':
|
||||
admin_user => $admin_user,
|
||||
admin_tenant_name => $admin_tenant_name,
|
||||
admin_password => $admin_password,
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
}
|
||||
|
||||
if $primary_proxy {
|
||||
# we need to exec swift ringrebuilder commands under swift user
|
||||
Exec { user => 'swift' }
|
||||
# Exit codes should be equal to 0 and 1 (bug #1402701)
|
||||
Exec <| title == "rebalance_account" or title == "rebalance_container" or title == "rebalance_object" |> { returns => [0,1] }
|
||||
|
||||
# collect all of the resources that are needed
|
||||
# to balance the ring
|
||||
if $collect_exported {
|
||||
Ring_object_device <<| tag == "${::deployment_id}::${::environment}" |>>
|
||||
Ring_container_device <<| tag == "${::deployment_id}::${::environment}" |>>
|
||||
Ring_account_device <<| tag == "${::deployment_id}::${::environment}" |>>
|
||||
}
|
||||
|
||||
# create the ring
|
||||
class { 'swift::ringbuilder':
|
||||
# the part power should be determined by assuming 100 partitions per drive
|
||||
part_power => $ring_part_power,
|
||||
replicas => $ring_replicas,
|
||||
min_part_hours => $ring_min_part_hours,
|
||||
require => Class['swift'],
|
||||
before => [Class['::swift::proxy']],
|
||||
}
|
||||
|
||||
# sets up an rsync db that can be used to sync the ring DB
|
||||
class { 'swift::ringserver':
|
||||
local_net_ip => $swift_replication_local_ipaddr,
|
||||
}
|
||||
|
||||
rsync::server::module { 'swift_backups':
|
||||
path => '/etc/swift/backups',
|
||||
lock_file => '/var/lock/swift_backups.lock',
|
||||
uid => 'swift',
|
||||
gid => 'swift',
|
||||
incoming_chmod => false,
|
||||
outgoing_chmod => false,
|
||||
max_connections => '5',
|
||||
read_only => true,
|
||||
}
|
||||
|
||||
# resource ordering
|
||||
Swift::Ringbuilder::Rebalance <||> -> Service['swift-proxy-server']
|
||||
Swift::Ringbuilder::Rebalance <||> -> Swift::Storage::Generic <| |>
|
||||
Swift::Ringbuilder::Create<||> ->
|
||||
Ring_devices<||> ~>
|
||||
Swift::Ringbuilder::Rebalance <||>
|
||||
} else {
|
||||
validate_string($master_swift_replication_ip)
|
||||
|
||||
if member($rings, 'account') and ! defined(Swift::Ringsync['account']) {
|
||||
swift::ringsync { 'account': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'object') and ! defined(Swift::Ringsync['object']) {
|
||||
swift::ringsync { 'object': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'container') and ! defined(Swift::Ringsync['container']) {
|
||||
swift::ringsync { 'container': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
rsync::get { "/etc/swift/backups/":
|
||||
source => "rsync://${master_swift_replication_ip}/swift_backups/",
|
||||
recursive => true,
|
||||
}
|
||||
|
||||
anchor { 'openstack_tasks_proxy_start' :} ->
|
||||
Swift::Ringsync <| |> ~>
|
||||
Service['swift-proxy-server'] ->
|
||||
anchor { 'openstack_tasks_proxy_end' :}
|
||||
|
||||
}
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
class openstack_tasks::swift::parts::rebalance_cronjob(
|
||||
$master_swift_replication_ip,
|
||||
$primary_proxy = false,
|
||||
$rings = ['account', 'object', 'container'],
|
||||
$ring_rebalance_period = 23,
|
||||
) {
|
||||
|
||||
# setup a cronjob to rebalance rings periodically on primary
|
||||
file { '/usr/local/bin/swift-rings-rebalance.sh':
|
||||
ensure => $primary_proxy ? {
|
||||
true => file,
|
||||
default => absent,
|
||||
},
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('openstack/swift/swift-rings-rebalance.sh.erb'),
|
||||
}
|
||||
|
||||
cron { 'swift-rings-rebalance':
|
||||
ensure => $primary_proxy ? {
|
||||
true => present,
|
||||
default => absent,
|
||||
},
|
||||
command => '/usr/local/bin/swift-rings-rebalance.sh &>/dev/null',
|
||||
user => 'swift',
|
||||
hour => "*/$ring_rebalance_period",
|
||||
minute => '15',
|
||||
}
|
||||
|
||||
# setup a cronjob to download rings periodically on secondaries
|
||||
file { '/usr/local/bin/swift-rings-sync.sh':
|
||||
ensure => $primary_proxy ? {
|
||||
true => absent,
|
||||
default => file,
|
||||
},
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('openstack/swift/swift-rings-sync.sh.erb'),
|
||||
}
|
||||
|
||||
cron { 'swift-rings-sync':
|
||||
ensure => $primary_proxy ? {
|
||||
true => absent,
|
||||
default => present,
|
||||
},
|
||||
command => '/usr/local/bin/swift-rings-sync.sh &>/dev/null',
|
||||
user => 'swift',
|
||||
hour => "*/$ring_rebalance_period",
|
||||
minute => '25',
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
class openstack_tasks::swift::parts::status (
|
||||
$address = '0.0.0.0',
|
||||
$only_from = '127.0.0.1',
|
||||
$port = '49001',
|
||||
$endpoint = 'http://127.0.0.1:8080',
|
||||
$scan_target = '127.0.0.1:5000',
|
||||
$con_timeout = '5',
|
||||
) {
|
||||
|
||||
augeas { 'swiftcheck':
|
||||
context => '/files/etc/services',
|
||||
changes => [
|
||||
"set /files/etc/services/service-name[port = '${port}']/port ${port}",
|
||||
"set /files/etc/services/service-name[port = '${port}'] swiftcheck",
|
||||
"set /files/etc/services/service-name[port = '${port}']/protocol tcp",
|
||||
"set /files/etc/services/service-name[port = '${port}']/#comment 'Swift Health Check'",
|
||||
],
|
||||
}
|
||||
|
||||
$group = $::osfamily ? {
|
||||
'RedHat' => 'nobody',
|
||||
'Debian' => 'nogroup',
|
||||
default => 'nobody',
|
||||
}
|
||||
|
||||
include xinetd
|
||||
xinetd::service { 'swiftcheck':
|
||||
bind => $address,
|
||||
port => $port,
|
||||
only_from => $only_from,
|
||||
cps => '512 10',
|
||||
per_source => 'UNLIMITED',
|
||||
server => '/usr/bin/swiftcheck',
|
||||
server_args => "${endpoint} ${scan_target} ${con_timeout}",
|
||||
user => 'nobody',
|
||||
group => $group,
|
||||
flags => 'IPv4',
|
||||
require => Augeas['swiftcheck'],
|
||||
}
|
||||
}
|
|
@ -0,0 +1,120 @@
|
|||
class openstack_tasks::swift::parts::storage_node (
|
||||
$swift_zone,
|
||||
$swift_hash_suffix = 'swift_secret',
|
||||
$swift_max_header_size = '32768',
|
||||
$swift_local_net_ip = $::ipaddress_eth0,
|
||||
$storage_type = 'loopback',
|
||||
$storage_base_dir = '/srv/loopback-device',
|
||||
$storage_mnt_base_dir = '/srv/node',
|
||||
$storage_devices = [
|
||||
'1',
|
||||
'2'],
|
||||
$storage_weight = 1,
|
||||
$package_ensure = 'present',
|
||||
$loopback_size = '1048756',
|
||||
$master_swift_proxy_ip,
|
||||
$master_swift_replication_ip,
|
||||
$rings = [
|
||||
'account',
|
||||
'object',
|
||||
'container'],
|
||||
$sync_rings = true,
|
||||
$incoming_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
$outgoing_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
# if the cinder management components should be installed
|
||||
$cinder = true,
|
||||
$manage_volumes = false,
|
||||
$nv_physical_volume = undef,
|
||||
$cinder_volume_group = 'cinder-volumes',
|
||||
$cinder_user_password = 'cinder_user_pass',
|
||||
$cinder_db_password = 'cinder_db_pass',
|
||||
$cinder_db_user = 'cinder',
|
||||
$cinder_db_dbname = 'cinder',
|
||||
$cinder_iscsi_bind_addr = false,
|
||||
$cinder_rate_limits = false,
|
||||
$db_host = '127.0.0.1',
|
||||
$service_endpoint = '127.0.0.1',
|
||||
$use_syslog = false,
|
||||
$syslog_log_facility_cinder = 'LOG_LOCAL3',
|
||||
$debug = false,
|
||||
$verbose = true,
|
||||
# Rabbit details necessary for cinder
|
||||
$rabbit_nodes = false,
|
||||
$rabbit_password = 'rabbit_pw',
|
||||
$rabbit_host = false,
|
||||
$rabbit_user = 'nova',
|
||||
$rabbit_ha_virtual_ip = false,
|
||||
$queue_provider = 'rabbitmq',
|
||||
$qpid_password = 'qpid_pw',
|
||||
$qpid_user = 'nova',
|
||||
$qpid_nodes = ['127.0.0.1'],
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
) {
|
||||
if !defined(Class['swift']) {
|
||||
class { 'swift':
|
||||
swift_hash_suffix => $swift_hash_suffix,
|
||||
package_ensure => $package_ensure,
|
||||
max_header_size => $swift_max_header_size,
|
||||
}
|
||||
}
|
||||
|
||||
if $storage_type == 'loopback' {
|
||||
# create xfs partitions on a loopback device and mount them
|
||||
swift::storage::loopback { $storage_devices:
|
||||
base_dir => $storage_base_dir,
|
||||
mnt_base_dir => $storage_mnt_base_dir,
|
||||
seek => $loopback_size,
|
||||
require => Class['swift'],
|
||||
}
|
||||
}
|
||||
|
||||
if $storage_devices != undef {
|
||||
anchor {'swift-device-directories-start': } ->
|
||||
openstack_tasks::swift::parts::device_directory { $storage_devices:
|
||||
devices => $storage_mnt_base_dir,
|
||||
}
|
||||
}
|
||||
|
||||
# install all swift storage servers together
|
||||
class { 'swift::storage::all':
|
||||
storage_local_net_ip => $swift_local_net_ip,
|
||||
devices => $storage_mnt_base_dir,
|
||||
log_facility => $log_facility,
|
||||
# We use directory for swift
|
||||
mount_check => false,
|
||||
}
|
||||
# override log_name defaults for Swift::Storage::Server
|
||||
# TODO (adidenko) move this into Hiera when it's ready
|
||||
Swift::Storage::Server <| title == '6000' |> {
|
||||
log_name => 'swift-object-server',
|
||||
}
|
||||
Swift::Storage::Server <| title == '6001' |> {
|
||||
log_name => 'swift-container-server',
|
||||
allow_versions => true,
|
||||
}
|
||||
Swift::Storage::Server <| title == '6002' |> {
|
||||
log_name => 'swift-account-server',
|
||||
}
|
||||
|
||||
Swift::Storage::Server <| |> {
|
||||
incoming_chmod => $incoming_chmod,
|
||||
outgoing_chmod => $outgoing_chmod,
|
||||
}
|
||||
|
||||
validate_string($master_swift_replication_ip)
|
||||
|
||||
if $sync_rings {
|
||||
if member($rings, 'account') and !defined(Swift::Ringsync['account']) {
|
||||
swift::ringsync { 'account': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'object') and !defined(Swift::Ringsync['object']) {
|
||||
swift::ringsync { 'object': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'container') and !defined(Swift::Ringsync['container']) {
|
||||
swift::ringsync { 'container': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
Swift::Ringsync <| |> ~> Class["swift::storage::all"]
|
||||
}
|
||||
}
|
|
@ -29,8 +29,7 @@ class openstack_tasks::swift::proxy_storage {
|
|||
$keystone_password = pick($swift_hash['user_password'], 'passsword')
|
||||
$keystone_tenant = pick($swift_hash['tenant'], 'services')
|
||||
$workers_max = hiera('workers_max', 16)
|
||||
$service_workers = pick($swift_hash['workers'],
|
||||
min(max($::processorcount, 2), $workers_max))
|
||||
$service_workers = pick($swift_hash['workers'], min(max($::processorcount, 2), $workers_max))
|
||||
$ssl_hash = hiera_hash('use_ssl', {})
|
||||
$rabbit_hash = hiera_hash('rabbit')
|
||||
$rabbit_hosts = hiera('amqp_hosts')
|
||||
|
@ -73,7 +72,7 @@ class openstack_tasks::swift::proxy_storage {
|
|||
}
|
||||
|
||||
if $deploy_swift_proxy {
|
||||
class { 'openstack::swift::proxy':
|
||||
class { 'openstack_tasks::swift::parts::proxy':
|
||||
swift_user_password => $swift_hash['user_password'],
|
||||
swift_operator_roles => $swift_operator_roles,
|
||||
swift_proxies_cache => $memcaches_addr_list,
|
||||
|
@ -120,14 +119,14 @@ class openstack_tasks::swift::proxy_storage {
|
|||
$storage_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
|
||||
$mgmt_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')
|
||||
|
||||
class { 'openstack::swift::status':
|
||||
class { 'openstack_tasks::swift::parts::status':
|
||||
endpoint => "${swift_internal_protocol}://${swift_internal_address}:${proxy_port}",
|
||||
scan_target => "${internal_auth_address}:5000",
|
||||
only_from => "127.0.0.1 240.0.0.2 ${storage_nets} ${mgmt_nets}",
|
||||
con_timeout => 5
|
||||
}
|
||||
|
||||
Class['openstack::swift::status'] -> Class['swift::dispersion']
|
||||
Class['openstack_tasks::swift::parts::status'] -> Class['swift::dispersion']
|
||||
}
|
||||
|
||||
class { 'swift::dispersion':
|
||||
|
@ -138,11 +137,11 @@ class openstack_tasks::swift::proxy_storage {
|
|||
auth_version => '2.0',
|
||||
}
|
||||
|
||||
Class['openstack::swift::proxy'] -> Class['swift::dispersion']
|
||||
Class['openstack_tasks::swift::parts::proxy'] -> Class['swift::dispersion']
|
||||
Service<| tag == 'swift-service' |> -> Class['swift::dispersion']
|
||||
}
|
||||
|
||||
if ($deploy_swift_storage){
|
||||
if $deploy_swift_storage {
|
||||
if !defined(File['/var/lib/glance']) {
|
||||
file {'/var/lib/glance':
|
||||
ensure => 'directory',
|
||||
|
@ -158,7 +157,7 @@ class openstack_tasks::swift::proxy_storage {
|
|||
File['/var/lib/glance'] -> Service <| tag == 'swift-service' |>
|
||||
}
|
||||
|
||||
class { 'openstack::swift::storage_node':
|
||||
class { 'openstack_tasks::swift::parts::storage_node':
|
||||
storage_type => false,
|
||||
loopback_size => '5243780',
|
||||
storage_mnt_base_dir => $swift_partition,
|
||||
|
@ -173,405 +172,6 @@ class openstack_tasks::swift::proxy_storage {
|
|||
log_facility => 'LOG_SYSLOG',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# FIXME(bogdando) requires decomposition and unit tests
|
||||
class openstack::swift::status (
|
||||
$address = '0.0.0.0',
|
||||
$only_from = '127.0.0.1',
|
||||
$port = '49001',
|
||||
$endpoint = 'http://127.0.0.1:8080',
|
||||
$scan_target = '127.0.0.1:5000',
|
||||
$con_timeout = '5',
|
||||
) {
|
||||
|
||||
augeas { 'swiftcheck':
|
||||
context => '/files/etc/services',
|
||||
changes => [
|
||||
"set /files/etc/services/service-name[port = '${port}']/port ${port}",
|
||||
"set /files/etc/services/service-name[port = '${port}'] swiftcheck",
|
||||
"set /files/etc/services/service-name[port = '${port}']/protocol tcp",
|
||||
"set /files/etc/services/service-name[port = '${port}']/#comment 'Swift Health Check'",
|
||||
],
|
||||
}
|
||||
|
||||
$group = $::osfamily ? {
|
||||
'RedHat' => 'nobody',
|
||||
'Debian' => 'nogroup',
|
||||
default => 'nobody',
|
||||
}
|
||||
|
||||
include xinetd
|
||||
xinetd::service { 'swiftcheck':
|
||||
bind => $address,
|
||||
port => $port,
|
||||
only_from => $only_from,
|
||||
cps => '512 10',
|
||||
per_source => 'UNLIMITED',
|
||||
server => '/usr/bin/swiftcheck',
|
||||
server_args => "${endpoint} ${scan_target} ${con_timeout}",
|
||||
user => 'nobody',
|
||||
group => $group,
|
||||
flags => 'IPv4',
|
||||
require => Augeas['swiftcheck'],
|
||||
}
|
||||
}
|
||||
|
||||
class openstack::swift::proxy (
|
||||
$swift_user_password = 'swift_pass',
|
||||
$swift_hash_suffix = 'swift_secret',
|
||||
$swift_max_header_size = '32768',
|
||||
$swift_proxy_local_ipaddr = $::ipaddress_eth0,
|
||||
$swift_replication_local_ipaddr = $::ipaddress_eth0,
|
||||
$ring_part_power = 18,
|
||||
$ring_replicas = 3,
|
||||
$ring_min_part_hours = 1,
|
||||
$proxy_pipeline = [
|
||||
'catch_errors',
|
||||
'crossdomain',
|
||||
'healthcheck',
|
||||
'cache',
|
||||
'bulk',
|
||||
'tempurl',
|
||||
'ratelimit',
|
||||
'formpost',
|
||||
'swift3',
|
||||
's3token',
|
||||
'authtoken',
|
||||
'keystone',
|
||||
'staticweb',
|
||||
'container_quotas',
|
||||
'account_quotas',
|
||||
'slo',
|
||||
'proxy-server'],
|
||||
$proxy_workers = $::processorcount,
|
||||
$proxy_port = '8080',
|
||||
$proxy_allow_account_management = true,
|
||||
$proxy_account_autocreate = true,
|
||||
$ratelimit_clock_accuracy = 1000,
|
||||
$ratelimit_max_sleep_time_seconds = 60,
|
||||
$ratelimit_log_sleep_time_seconds = 0,
|
||||
$ratelimit_rate_buffer_seconds = 5,
|
||||
$ratelimit_account_ratelimit = 0,
|
||||
$package_ensure = 'present',
|
||||
$swift_proxies_cache = ['127.0.0.1'],
|
||||
$cache_server_port = '11211',
|
||||
$primary_proxy = false,
|
||||
$swift_devices = undef,
|
||||
$master_swift_proxy_ip = undef,
|
||||
$master_swift_replication_ip = undef,
|
||||
$collect_exported = false,
|
||||
$rings = ['account', 'object', 'container'],
|
||||
$debug = false,
|
||||
$verbose = true,
|
||||
$log_facility = 'LOG_LOCAL1',
|
||||
$ceilometer = false,
|
||||
$admin_user = 'swift',
|
||||
$admin_tenant_name = 'services',
|
||||
$admin_password = 'password',
|
||||
$auth_host = '10.0.0.1',
|
||||
$auth_protocol = 'http',
|
||||
$auth_uri = 'http://127.0.0.1:5000',
|
||||
$identity_uri = 'http://127.0.0.1:35357',
|
||||
$swift_operator_roles = ['admin', 'SwiftOperator'],
|
||||
$rabbit_user = 'guest',
|
||||
$rabbit_password = 'password',
|
||||
$rabbit_hosts = '127.0.0.1:5672',
|
||||
) {
|
||||
if !defined(Class['swift']) {
|
||||
class { 'swift':
|
||||
swift_hash_suffix => $swift_hash_suffix,
|
||||
package_ensure => $package_ensure,
|
||||
max_header_size => $swift_max_header_size,
|
||||
}
|
||||
}
|
||||
|
||||
if !defined(Class['rsync::server']) {
|
||||
class { '::rsync::server':
|
||||
use_xinetd => true,
|
||||
address => $local_net_ip,
|
||||
use_chroot => 'no',
|
||||
}
|
||||
}
|
||||
|
||||
# calculate log_level
|
||||
if $debug {
|
||||
$log_level = 'DEBUG'
|
||||
}
|
||||
elsif $verbose {
|
||||
$log_level = 'INFO'
|
||||
}
|
||||
else {
|
||||
$log_level = 'WARNING'
|
||||
}
|
||||
|
||||
if $ceilometer {
|
||||
$new_proxy_pipeline = split(
|
||||
inline_template(
|
||||
"<%=
|
||||
@proxy_pipeline.insert(-2, 'ceilometer').join(',')
|
||||
%>"), ',')
|
||||
class { '::swift::proxy::ceilometer':
|
||||
rabbit_user => $rabbit_user,
|
||||
rabbit_password => $rabbit_password,
|
||||
rabbit_hosts => $rabbit_hosts,
|
||||
}
|
||||
}
|
||||
else {
|
||||
$new_proxy_pipeline = $proxy_pipeline
|
||||
}
|
||||
|
||||
class { '::swift::proxy':
|
||||
proxy_local_net_ip => $swift_proxy_local_ipaddr,
|
||||
pipeline => $new_proxy_pipeline,
|
||||
port => $proxy_port,
|
||||
workers => $proxy_workers,
|
||||
allow_account_management => $proxy_allow_account_management,
|
||||
account_autocreate => $proxy_account_autocreate,
|
||||
package_ensure => $package_ensure,
|
||||
log_facility => $log_facility,
|
||||
log_level => $log_level,
|
||||
log_name => 'swift-proxy-server',
|
||||
}
|
||||
|
||||
# configure all of the middlewares
|
||||
class { ['::swift::proxy::catch_errors', '::swift::proxy::crossdomain', '::swift::proxy::healthcheck',
|
||||
'::swift::proxy::bulk', '::swift::proxy::tempurl', '::swift::proxy::formpost', '::swift::proxy::swift3',
|
||||
'::swift::proxy::staticweb', '::swift::proxy::container_quotas', '::swift::proxy::account_quotas',
|
||||
'::swift::proxy::slo',]:
|
||||
}
|
||||
|
||||
$cache_addresses = join(suffix($swift_proxies_cache, ":${cache_server_port}"), ',')
|
||||
|
||||
class { '::swift::proxy::cache': memcache_servers => split($cache_addresses, ',') }
|
||||
|
||||
class { '::swift::proxy::ratelimit':
|
||||
clock_accuracy => $ratelimit_clock_accuracy,
|
||||
max_sleep_time_seconds => $ratelimit_max_sleep_time_seconds,
|
||||
log_sleep_time_seconds => $ratelimit_log_sleep_time_seconds,
|
||||
rate_buffer_seconds => $ratelimit_rate_buffer_seconds,
|
||||
account_ratelimit => $ratelimit_account_ratelimit,
|
||||
}
|
||||
|
||||
class { '::swift::proxy::s3token':
|
||||
auth_host => $auth_host,
|
||||
auth_port => '35357',
|
||||
auth_protocol => $auth_protocol,
|
||||
}
|
||||
|
||||
class { '::swift::proxy::keystone':
|
||||
operator_roles => $swift_operator_roles,
|
||||
}
|
||||
|
||||
class { '::swift::proxy::authtoken':
|
||||
admin_user => $admin_user,
|
||||
admin_tenant_name => $admin_tenant_name,
|
||||
admin_password => $admin_password,
|
||||
auth_uri => $auth_uri,
|
||||
identity_uri => $identity_uri,
|
||||
}
|
||||
|
||||
if $primary_proxy {
|
||||
# we need to exec swift ringrebuilder commands under swift user
|
||||
Exec { user => 'swift' }
|
||||
# Exit codes should be equal to 0 and 1 (bug #1402701)
|
||||
Exec <| title == "rebalance_account" or title == "rebalance_container" or title == "rebalance_object" |> { returns => [0,1] }
|
||||
|
||||
# collect all of the resources that are needed
|
||||
# to balance the ring
|
||||
if $collect_exported {
|
||||
Ring_object_device <<| tag == "${::deployment_id}::${::environment}" |>>
|
||||
Ring_container_device <<| tag == "${::deployment_id}::${::environment}" |>>
|
||||
Ring_account_device <<| tag == "${::deployment_id}::${::environment}" |>>
|
||||
}
|
||||
|
||||
# create the ring
|
||||
class { 'swift::ringbuilder':
|
||||
# the part power should be determined by assuming 100 partitions per drive
|
||||
part_power => $ring_part_power,
|
||||
replicas => $ring_replicas,
|
||||
min_part_hours => $ring_min_part_hours,
|
||||
require => Class['swift'],
|
||||
before => [Class['::swift::proxy']],
|
||||
}
|
||||
|
||||
# sets up an rsync db that can be used to sync the ring DB
|
||||
class { 'swift::ringserver':
|
||||
local_net_ip => $swift_replication_local_ipaddr,
|
||||
}
|
||||
|
||||
rsync::server::module { 'swift_backups':
|
||||
path => '/etc/swift/backups',
|
||||
lock_file => '/var/lock/swift_backups.lock',
|
||||
uid => 'swift',
|
||||
gid => 'swift',
|
||||
incoming_chmod => false,
|
||||
outgoing_chmod => false,
|
||||
max_connections => '5',
|
||||
read_only => true,
|
||||
}
|
||||
|
||||
# resource ordering
|
||||
Swift::Ringbuilder::Rebalance <||> -> Service['swift-proxy-server']
|
||||
Swift::Ringbuilder::Rebalance <||> -> Swift::Storage::Generic <| |>
|
||||
Swift::Ringbuilder::Create<||> ->
|
||||
Ring_devices<||> ~>
|
||||
Swift::Ringbuilder::Rebalance <||>
|
||||
} else {
|
||||
validate_string($master_swift_replication_ip)
|
||||
|
||||
if member($rings, 'account') and ! defined(Swift::Ringsync['account']) {
|
||||
swift::ringsync { 'account': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'object') and ! defined(Swift::Ringsync['object']) {
|
||||
swift::ringsync { 'object': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'container') and ! defined(Swift::Ringsync['container']) {
|
||||
swift::ringsync { 'container': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
rsync::get { "/etc/swift/backups/":
|
||||
source => "rsync://${master_swift_replication_ip}/swift_backups/",
|
||||
recursive => true,
|
||||
}
|
||||
|
||||
Swift::Ringsync <| |> ~> Service['swift-proxy-server']
|
||||
}
|
||||
}
|
||||
|
||||
# FIXME(bogdando) requires decomposition and unit tests
|
||||
class openstack::swift::storage_node (
|
||||
$swift_zone,
|
||||
$swift_hash_suffix = 'swift_secret',
|
||||
$swift_max_header_size = '32768',
|
||||
$swift_local_net_ip = $::ipaddress_eth0,
|
||||
$storage_type = 'loopback',
|
||||
$storage_base_dir = '/srv/loopback-device',
|
||||
$storage_mnt_base_dir = '/srv/node',
|
||||
$storage_devices = [
|
||||
'1',
|
||||
'2'],
|
||||
$storage_weight = 1,
|
||||
$package_ensure = 'present',
|
||||
$loopback_size = '1048756',
|
||||
$master_swift_proxy_ip,
|
||||
$master_swift_replication_ip,
|
||||
$rings = [
|
||||
'account',
|
||||
'object',
|
||||
'container'],
|
||||
$sync_rings = true,
|
||||
$incoming_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
$outgoing_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
# if the cinder management components should be installed
|
||||
$cinder = true,
|
||||
$manage_volumes = false,
|
||||
$nv_physical_volume = undef,
|
||||
$cinder_volume_group = 'cinder-volumes',
|
||||
$cinder_user_password = 'cinder_user_pass',
|
||||
$cinder_db_password = 'cinder_db_pass',
|
||||
$cinder_db_user = 'cinder',
|
||||
$cinder_db_dbname = 'cinder',
|
||||
$cinder_iscsi_bind_addr = false,
|
||||
$cinder_rate_limits = false,
|
||||
$db_host = '127.0.0.1',
|
||||
$service_endpoint = '127.0.0.1',
|
||||
$use_syslog = false,
|
||||
$syslog_log_facility_cinder = 'LOG_LOCAL3',
|
||||
$debug = false,
|
||||
$verbose = true,
|
||||
# Rabbit details necessary for cinder
|
||||
$rabbit_nodes = false,
|
||||
$rabbit_password = 'rabbit_pw',
|
||||
$rabbit_host = false,
|
||||
$rabbit_user = 'nova',
|
||||
$rabbit_ha_virtual_ip = false,
|
||||
$queue_provider = 'rabbitmq',
|
||||
$qpid_password = 'qpid_pw',
|
||||
$qpid_user = 'nova',
|
||||
$qpid_nodes = ['127.0.0.1'],
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
) {
|
||||
if !defined(Class['swift']) {
|
||||
class { 'swift':
|
||||
swift_hash_suffix => $swift_hash_suffix,
|
||||
package_ensure => $package_ensure,
|
||||
max_header_size => $swift_max_header_size,
|
||||
}
|
||||
}
|
||||
|
||||
if $storage_type == 'loopback' {
|
||||
# create xfs partitions on a loopback device and mount them
|
||||
swift::storage::loopback { $storage_devices:
|
||||
base_dir => $storage_base_dir,
|
||||
mnt_base_dir => $storage_mnt_base_dir,
|
||||
seek => $loopback_size,
|
||||
require => Class['swift'],
|
||||
}
|
||||
}
|
||||
|
||||
# create dirs for devices
|
||||
define device_directory($devices) {
|
||||
if(!defined(File[$devices])) {
|
||||
file { $devices:
|
||||
ensure => 'directory',
|
||||
owner => 'swift',
|
||||
group => 'swift',
|
||||
recurse => true,
|
||||
recurselimit => 1,
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($storage_devices != undef) {
|
||||
anchor {'swift-device-directories-start': } ->
|
||||
device_directory { $storage_devices:
|
||||
devices => $storage_mnt_base_dir,
|
||||
}
|
||||
}
|
||||
|
||||
# install all swift storage servers together
|
||||
class { 'swift::storage::all':
|
||||
storage_local_net_ip => $swift_local_net_ip,
|
||||
devices => $storage_mnt_base_dir,
|
||||
log_facility => $log_facility,
|
||||
# We use directory for swift
|
||||
mount_check => false,
|
||||
}
|
||||
# override log_name defaults for Swift::Storage::Server
|
||||
# TODO (adidenko) move this into Hiera when it's ready
|
||||
Swift::Storage::Server <| title == '6000' |> {
|
||||
log_name => 'swift-object-server',
|
||||
}
|
||||
Swift::Storage::Server <| title == '6001' |> {
|
||||
log_name => 'swift-container-server',
|
||||
allow_versions => true,
|
||||
}
|
||||
Swift::Storage::Server <| title == '6002' |> {
|
||||
log_name => 'swift-account-server',
|
||||
}
|
||||
|
||||
Swift::Storage::Server <| |> {
|
||||
incoming_chmod => $incoming_chmod,
|
||||
outgoing_chmod => $outgoing_chmod,
|
||||
}
|
||||
|
||||
validate_string($master_swift_replication_ip)
|
||||
|
||||
if $sync_rings {
|
||||
if member($rings, 'account') and !defined(Swift::Ringsync['account']) {
|
||||
swift::ringsync { 'account': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'object') and !defined(Swift::Ringsync['object']) {
|
||||
swift::ringsync { 'object': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
|
||||
if member($rings, 'container') and !defined(Swift::Ringsync['container']) {
|
||||
swift::ringsync { 'container': ring_server => $master_swift_replication_ip }
|
||||
}
|
||||
Swift::Ringsync <| |> ~> Class["swift::storage::all"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,63 +15,11 @@ class openstack_tasks::swift::rebalance_cronjob {
|
|||
$master_swift_replication_ip = $master_swift_replication_nodes_list[0]['network_roles']['swift/replication']
|
||||
|
||||
# setup a cronjob to rebalance and repush rings periodically
|
||||
class { 'openstack::swift::rebalance_cronjob':
|
||||
class { 'openstack_tasks::swift::parts::rebalance_cronjob':
|
||||
ring_rebalance_period => min($ring_min_part_hours * 2, 23),
|
||||
master_swift_replication_ip => $master_swift_replication_ip,
|
||||
primary_proxy => hiera('is_primary_swift_proxy'),
|
||||
}
|
||||
}
|
||||
|
||||
class openstack::swift::rebalance_cronjob(
|
||||
$master_swift_replication_ip,
|
||||
$primary_proxy = false,
|
||||
$rings = ['account', 'object', 'container'],
|
||||
$ring_rebalance_period = 23,
|
||||
) {
|
||||
|
||||
# setup a cronjob to rebalance rings periodically on primary
|
||||
file { '/usr/local/bin/swift-rings-rebalance.sh':
|
||||
ensure => $primary_proxy ? {
|
||||
true => file,
|
||||
default => absent,
|
||||
},
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('openstack/swift/swift-rings-rebalance.sh.erb'),
|
||||
}
|
||||
cron { 'swift-rings-rebalance':
|
||||
ensure => $primary_proxy ? {
|
||||
true => present,
|
||||
default => absent,
|
||||
},
|
||||
command => '/usr/local/bin/swift-rings-rebalance.sh &>/dev/null',
|
||||
user => 'swift',
|
||||
hour => "*/$ring_rebalance_period",
|
||||
minute => '15',
|
||||
}
|
||||
|
||||
# setup a cronjob to download rings periodically on secondaries
|
||||
file { '/usr/local/bin/swift-rings-sync.sh':
|
||||
ensure => $primary_proxy ? {
|
||||
true => absent,
|
||||
default => file,
|
||||
},
|
||||
mode => '0755',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('openstack/swift/swift-rings-sync.sh.erb'),
|
||||
}
|
||||
cron { 'swift-rings-sync':
|
||||
ensure => $primary_proxy ? {
|
||||
true => absent,
|
||||
default => present,
|
||||
},
|
||||
command => '/usr/local/bin/swift-rings-sync.sh &>/dev/null',
|
||||
user => 'swift',
|
||||
hour => "*/$ring_rebalance_period",
|
||||
minute => '25',
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue