x
/
fuel-plugin-swiftstack
Code Issues Proposed changes

Refactor original code for Fuel 8.0 

* Plugin was splitted on 3 separate tasks
* Task for TLS configuration was added
* Regex for IP address UI field was reworked to not allow
empty values
* UI element for downloading Swift certificate was added and disabled
* Add plugin-guide.rst and update documents

Change-Id: I4428afefc68aa2e95d16f72dce66ae3402a525ca
This commit is contained in:
Charels Hsu 2016-03-21 02:37:00 +00:00 committed by Charles Hsu
parent 59b3b5c8d5
commit 9cd121cce9
25 changed files with 575 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
deployment_scripts/puppet/manifests/sscluster-glance.pp Executable file
View File

@ -0,0 +1,49 @@
notice('MODULAR: SwiftStack Swift cluster integration/sscluster-glance.pp')
$swiftstack = hiera_hash('swiftstack', {})
if $swiftstack['metadata']['enabled'] {
# Plugin options
$swift_as_glance_backend = $swiftstack['swift_as_glance_backend']
$glance_hash = hiera_hash('glance', {})
$management_vip = hiera('management_vip')
$ssl_hash = hiera_hash('use_ssl', {})
# Glance options
$glance_user = pick($glance_hash['user'],'glance')
$glance_user_password = $glance_hash['user_password']
$glance_tenant = pick($glance_hash['tenant'],'services')
$region = hiera('region','RegionOne')
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('service_endpoint', ''), $management_vip])
$auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
if $swift_as_glance_backend {
notice("Switch Glance backend to Swift Cluster")
class { 'glance::backend::swift':
swift_store_user => "${glance_tenant}:${glance_user}",
swift_store_key => $glance_user_password,
swift_store_create_container_on_put => 'True',
swift_store_auth_address => "${auth_uri}/v2.0/",
swift_store_region => $region,
}
glance_api_config {
'glance_store/stores': value => 'glance.store.swift.Store';
}
Class['glance::backend::swift'] ->
Glance_api_config['glance_store/stores'] ~>
Service['glance-api']
}
notice("Start Glance API Service")
service { 'glance-api':
ensure => "running",
hasrestart => true,
hasstatus => true,
}
}

50
deployment_scripts/puppet/manifests/sscluster-keystone.pp Executable file
View File

@ -0,0 +1,50 @@
notice('MODULAR: SwiftStack Swift cluster integration/sscluster-keystone.pp')
$swiftstack = hiera_hash('swiftstack', {})
if $swiftstack['metadata']['enabled'] {
# Plugin options
$swift_api_address = $swiftstack['swift_api_address']
$swift_api_fqdn = $swiftstack['swift_api_fqdn']
$swift_tls_enabled = pick($swiftstack['swift_tls_enabled'], false)
$swift_endpoint_prefix = pick($swiftstack['swift_endpoint_prefix'], 'KEY')
$swift_hash = hiera_hash('swift', {})
# swift_hash options
$password = $swift_hash['user_password']
$auth_name = pick($swift_hash['auth_name'], 'swift')
$configure_endpoint = pick($swift_hash['configure_endpoint'], true)
$service_name = pick($swift_hash['service_name'], 'swift')
$tenant = pick($swift_hash['tenant'], 'services')
$region = pick($swift_hash['region'], hiera('region', 'RegionOne'))
$api_address = pick($swift_api_fqdn, $swift_api_address)
if $swift_tls_enabled {
$swift_protocol = 'https'
$swift_port = pick($swiftstack['port'], 443)
}
else {
$swift_protocol = 'http'
$swift_port = pick($swiftstack['port'], 80)
}
$swift_url = "${swift_protocol}://${api_address}:${swift_port}/v1/${swift_endpoint_prefix}_%(tenant_id)s"
$swift_s3_url = "${swift_protocol}://${api_address}:${swift_port}"
class { '::swift::keystone::auth':
password => $password,
auth_name => $auth_name,
configure_endpoint => $configure_endpoint,
service_name => $service_name,
public_url => $swift_url,
internal_url => $swift_url,
admin_url => $swift_url,
public_url_s3=> $swift_s3_url,
internal_url_s3 => $swift_s3_url,
admin_url_s3 => $swift_s3_url,
region => $region,
tenant => $tenant,
}
}

76
deployment_scripts/puppet/manifests/sscluster-tls-setup.pp Executable file
View File

@ -0,0 +1,76 @@
notice('MODULAR: SwiftStack Swift cluster integration/sscluster-tls-setup.pp')
$swiftstack = hiera_hash('swiftstack', {})
if $swiftstack['metadata']['enabled'] {
# Plugin options
$swift_api_address = $swiftstack['swift_api_address']
$swift_api_fqdn = $swiftstack['swift_api_fqdn']
$swift_tls_enabled = pick($swiftstack['swift_tls_enabled'], false)
$swift_tls_cert = $swiftstack['swift_tls_cert']
$swift_modify_hosts = $swiftstack['swift_modify_hosts']
if $swift_modify_hosts and !empty($swift_api_fqdn) {
host { $swift_api_fqdn:
name => $swift_api_fqdn,
ensure => present,
ip => $swift_api_address,
}
}
# Add TLS certificate
File {
owner => 'root',
group => 'root',
mode => '0644',
}
if $swift_tls_enabled and !empty($swift_tls_cert) {
Exec {
path => '/bin:/usr/bin:/sbin:/usr/sbin',
}
case $::osfamily {
'RedHat': {
file { '/etc/pki/ca-trust/source/anchors/swiftstack.pem':
ensure => file,
content => $swift_tls_cert['content'],
notify => Exec['enable_trust'],
}
exec { 'enable_trust':
command => 'update-ca-trust force-enable',
refreshonly => true,
notify => Exec['add_trust_redhat'],
}
exec { 'add_trust_redhat':
command => 'update-ca-trust extract',
refreshonly => true,
}
}
'Debian': {
file { '/usr/local/share/ca-certificates/swiftstack.crt':
ensure => file,
content => $swift_tls_cert['content'],
notify => Exec['add_trust_debian'],
}
exec { 'add_trust_debian':
command => 'update-ca-certificates',
refreshonly => true,
}
}
default: {
fail("Unsupported OS: ${::osfamily}/${::operatingsystem}")
}
}
}
else {
notice("WARNING: you enabled TLS for SwiftStack plugin but did not specified self-signed certificate for adding to OS trust chain. Assuming usage of trusted SwiftStack cert")
}
}

47
deployment_scripts/puppet/manifests/sscluster.pp
View File

@ -1,47 +0,0 @@
notice('PLUGIN: SwiftStack Swift cluster integration/sscluster.pp')
$swiftstack = hiera_hash('swiftstack', {})
$swift = hiera_hash('swift', {})
$glance = hiera_hash('glance', {})
if $swiftstack['metadata']['enabled'] {
notice("Enable SwiftStack Swift cluster ingegtation in $deployment_mode")
$role = hiera('roles')
$deployment_mode = hiera('deployment_mode')
$keystone_vip = pick($swift['management_vip'], hiera('management_vip'))
$swift_api_address = $swiftstack['swift_api_address']
$swift_api_fqdn = $swiftstack['swift_api_fqdn']
$swift_user = pick($swift['user'], 'swift')
$swift_password = $swift['user_password']
$glance_user = pick($glance['user'],'glance')
$glance_password = $glance['user_password']
$default_tenant = pick($swift['tenant'], 'services')
case $swift_api_fqdn {
'': {
$api_address = $swift_api_address
}
default: {
$api_address = $swift_api_fqdn
}
}
class {'sscluster':
deployment_mode => $deployment_mode,
keystone_vip => $keystone_vip,
api_address => $api_address,
swift_user => $swift_user,
swift_password => $swift_password,
glance_user => $glance_user,
glance_password => $glance_password,
tenant => $default_tenant,
role => $role,
}
} else {
notice("Disable SwiftStack Swift cluster ingegration")
}

87
deployment_scripts/puppet/modules/sscluster/manifests/init.pp
View File

@ -1,87 +0,0 @@
class sscluster (
$deployment_mode,
$keystone_vip,
$api_address,
$swift_user,
$swift_password,
$glance_user,
$glance_password,
$tenant,
$role = 'controller',
)
{
$swiftstack = hiera_hash('swiftstack', {})
$swift_hash = hiera_hash('swift', {})
$region = pick($swift_hash['region'], hiera('region', 'RegionOne'))
$ssl_hash = hiera_hash('use_ssl', {})
$swift_tls_enabled = pick($swiftstack['swift_tls_enabled'])
case $swift_tls_enabled {
true: {
$ssl_enabled = 'https'
$swift_port = 443
}
default: {
$ssl_enabled = 'http'
$swift_port = 80
}
}
$public_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'public', 'protocol', $ssl_enabled)
$admin_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'admin', 'protocol', $ssl_enabled)
$internal_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'protocol', $ssl_enabled)
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('service_endpoint', ''), $keystone_vip])
$auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0"
$swift_as_glance_backend = $swiftstack['swift_as_glance_backend']
if $swift_as_glance_backend {
notice("Switch Glance backend to Swift Cluster: ${api_address}")
class {'glance::backend::swift':
swift_store_user => "$tenant:$glance_user",
swift_store_key => $glance_password,
swift_store_region => $region,
swift_store_auth_address => $auth_uri,
swift_store_create_container_on_put => true,
}
glance_api_config {
'glance_store/stores': value => 'glance.store.swift.Store';
}
}
if 'primary-controller' in $role {
notice("Update a keystone user for Swift Cluster: ${tenant}:${swift_user}")
class {'swift::keystone::auth':
auth_name => $swift_user,
password => $swift_password,
tenant => $tenant,
region => $region,
port => $swift_port,
public_protocol => $public_protocol,
public_address => $api_address,
admin_protocol => $admin_protocol,
admin_address => $api_address,
internal_protocol => $internal_protocol,
internal_address => $api_address,
endpoint_prefix => 'KEY',
}
Class['swift::keystone::auth'] ~> Service['glance-api']
}
notice("Start Glance API Service")
service { 'glance-api':
ensure => "running",
hasrestart => true,
hasstatus => true,
}
if $swift_as_glance_backend {
Class['glance::backend::swift'] ~> Service['glance-api']
Glance_api_config<||> ~> Service['glance-api']
}
}

44
deployment_tasks.yaml
View File

@ -1,34 +1,66 @@
- id: swift
version: 2.0.0
type: skipped
- id: primary-swift
version: 2.0.0
type: skipped
- id: openstack-haproxy-swift
version: 2.0.0
type: skipped
- id: swift-rebalance-cron
version: 2.0.0
type: skipped
- id: swift-keystone
version: 2.0.0
type: skipped
- id: swift_zone
version: 2.0.0
type: skipped
- id: upload_cirros
version: 2.0.0
type: shell
role: ['primary-controller']
role: [primary-controller]
condition: "settings:swiftstack.upload_cirros_test.value == true"
- id: swiftstack_configure_swift_endpoint
role: ['primary-controller','controller']
required_for: [post_deployment_end]
- id: swiftstack-tls-setup
version: 2.0.0
role: [primary-controller, controller, compute, compute-vmware, cinder, cinder-vmware, primary-mongo, mongo, ceph-osd, virt]
requires: [post_deployment_start]
required_for: [post_deployment_end]
type: puppet
parameters:
puppet_manifest: puppet/manifests/sscluster.pp
puppet_modules: "puppet/modules:/etc/puppet/modules/"
puppet_manifest: puppet/manifests/sscluster-tls-setup.pp
puppet_modules: puppet/modules:/etc/puppet/modules/
timeout: 420
- id: swiftstack-configure-swift-endpoint
version: 2.0.0
role: [primary-controller]
required_for: [post_deployment_end, swiftstack-enable-glance-backend]
requires: [post_deployment_start,swiftstack-tls-setup]
type: puppet
parameters:
puppet_manifest: puppet/manifests/sscluster-keystone.pp
puppet_modules: puppet/modules:/etc/puppet/modules/
timeout: 420
- id: swiftstack-enable-glance-backend
version: 2.0.0
role: [primary-controller, controller]
required_for: [post_deployment_end]
requires: [post_deployment_start, swiftstack-tls-setup]
cross-depends:
- name: swiftstack-configure-swift-endpoint
type: puppet
parameters:
puppet_manifest: puppet/manifests/sscluster-glance.pp
puppet_modules: puppet/modules:/etc/puppet/modules/
timeout: 420

6
doc/conf.py
View File

@ -55,9 +55,9 @@ author = u'Charles Hsu'
# built documents.
#
# The short X.Y version.
version = u'0.2.0'
version = u'0.3.0'
# The full version, including alpha/beta/rc tags.
release = u'0.2-0.2.0-1'
release = u'0.3-0.3.0-1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@ -123,7 +123,7 @@ todo_include_todos = False
# The name for this set of Sphinx documents.
# "<project> v<release> documentation" by default.
html_title = 'SwiftStack Plugin for Fuel (v0.2.0)'
html_title = 'SwiftStack Plugin for Fuel (v0.3.0)'
# A shorter title for the navigation bar. Default is the same as html_title.
html_short_title = 'SwiftStack Plugin for Fuel'

BIN
doc/images/1_add_nodes.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 81 KiB

After

Width:  |  Height:  |  Size: 96 KiB

BIN
doc/images/2_enable_plugin.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 77 KiB

BIN
doc/images/3-1_proxy_outwarding-facing.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 45 KiB

BIN
doc/images/3-2_swift_api_ip.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 74 KiB

BIN
doc/images/3_config_network.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 42 KiB

BIN
doc/images/4_config_interfaces.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 103 KiB

After

Width:  |  Height:  |  Size: 108 KiB

BIN
doc/images/5_config_key1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 693 KiB

After

Width:  |  Height:  |  Size: 152 KiB

BIN
doc/images/8_deploy_verify2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 714 KiB

BIN
doc/images/use_on_prem.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 82 KiB

After

Width:  |  Height:  |  Size: 50 KiB

BIN
doc/images/use_platform.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 85 KiB

After

Width:  |  Height:  |  Size: 51 KiB

2
doc/index.rst
View File

@ -1,5 +1,5 @@
Guide to the Swiftstack plugin for Fuel ver. 0.2-0.2.0-1
Guide to the Swiftstack plugin for Fuel ver. 0.3.0.3.0-1
========================================================
.. toctree::

8
doc/install.rst
View File

@ -1,8 +1,6 @@
Installation Guide
==================
Prepare Fuel Environment
------------------------
#. Prepare a Fuel Master node to install `MOS 8.0`_
@ -20,13 +18,13 @@ Install Plugin
.. code-block:: bash
$ scp swiftstack-0.2-0.2.0-1.noarch.rpm root@<THE_FUEL_MASTER_NODE_IP>:/tmp/
$ scp swiftstack-0.3.0.3.0-1.noarch.rpm root@<THE_FUEL_MASTER_NODE_IP>:/tmp/
#. Install SwiftStack plugin
.. code-block:: bash
[root@fuel ~]$ fuel plugins --install swiftstack-0.2-0.2.0-1.noarch.rpm
[root@fuel ~]$ fuel plugins --install swiftstack-0.3.0.3.0-1.noarch.rpm
#. List all Fuel plugins and make sure its running
@ -36,7 +34,7 @@ Install Plugin
id | name | version | package_version
---|------------|---------|----------------
2 | swiftstack | 0.2.0 | 3.0.0
2 | swiftstack | 0.3.0 | 4.0.0

45
doc/overview.rst
View File

@ -1,7 +1,27 @@
SwiftStack Fuel Plugin
======================
Allow Mirantis OpenStack environment able to use a running Swift cluster managed by SwiftStack Controller. SwiftStack fuel plugin disables the default Swift cluster that deployed on the Controller or Primary-Controller nodes, and then reconfigures Swift API endpoints, Keystone and Glance settings to the running SwiftStack Swift cluster.
Allow Mirantis OpenStack environment able to use a running Swift cluster managed by
a SwiftStack Controller. In SwiftStack fuel plugin, it disables the default Swift cluster
on Controller and Primary-Controller nodes, and then reconfigures Swift API endpoints,
Keystone, Glance settings and point them to a running SwiftStack Swift cluster.
Key terms, acronyms and abbreviations
-------------------------------------
SwiftStack On-Premises controller
Provides a management service inside user's private place to help users to deploy
and manage Swift clusters.
SwiftStack Public Controller
Provides a public management service in public cloud that help users to deploy and
manage Swift clusters.
SwiftStack Nodes
A node installed SwiftStack agents and packages, that can be managed by a
SwiftStack Controller, the node could be assigned a Swift role likes ``Swift node``
(Proxy/Account/Container/Object services are running in a single node)
Requirements
-----------
@ -20,5 +40,24 @@ Requirements
Limitations
-----------
The plugin only supports a running SwiftStack Swift, able to reach from the OpenStack environment.
Make sure you have correct network configuration for the Swift cluster and OpenStack environment before you enable this plugin.
The plugin only supports a running SwiftStack Swift cluster and it able to reach
from the OpenStack environment. Make sure you have the correct network configuration
for the Swift cluster and Mirantis OpenStack environment before you enable this plugin.
Known issues
------------
#. Need DNS server support to map Swift APIs hostname and IP
SwiftStack provides a software load balancer, which requries an external DNS server
to operate. Please use DNS server insteand of static hostname records in /etc/hosts.
#. Self-signed SSL certificates are not supported in the SwiftStack plugin
Self-signed certificates could be an issue when used in a production environment
because all clients need to trust the cert to pass the TLS/SSL verification.
It is highly recommended to use certificates signed by a known, trusted Certificate
Authority if you require TLS/SSL for your Swift cluster endpoint.

107
doc/plugin-guide.rst Normal file
View File

@ -0,0 +1,107 @@
************************************************************
Guide to the SwiftStack Plugin version 0.3-0.3.0-1 for Fuel
************************************************************
This document provides instructions for installing, configuring and using
SwiftStack plugin for Fuel.
Key terms, acronyms and abbreviations
=====================================
SwiftStack On-Premises controller
Provides a management service inside user's private place to help users to deploy
and manage Swift clusters.
SwiftStack Public Controller
Provides a public management service in public cloud that help users to deploy and
manage Swift clusters.
SwiftStack Nodes
A node installed SwiftStack agents and packages, that can be managed by a
SwiftStack ccontroller, the node could be assigned a Swift role likes ``Swift node``
(Proxy/Account/Container/Object services are running in a single node)
SwiftStack Fuel Plugin
======================
Allow Mirantis OpenStack environment able to use a running Swift cluster managed by
a SwiftStack Controller. SwiftStack fuel plugin disables the default Swift cluster
that deployed on the Controller or Primary-Controller nodes, and then reconfigures
Swift API endpoints, Keystone and Glance settings to a running SwiftStack Swift cluster.
Requirements
------------
License
-------
========================== ==================
Component License type
========================== ==================
No components are present
========================== ==================
Requirements
------------
+-----------------------------------+---------------------------------------------+
|Requirement | Version/Comment |
+===================================+=============================================+
|Mirantis OpenStack compatibility | 8.0 |
+-----------------------------------+---------------------------------------------+
|A running SwiftStack Swift cluster | All versions |
| | |
| | Please enable **Keystone Auth** and |
| | **Keystone Auth Token Support** middlewares |
+-----------------------------------+---------------------------------------------+
Limitations
-----------
The plugin only supports a running SwiftStack Swift cluster and it able to reach
from the OpenStack environment. Make sure you have the correct network configuration
for the Swift cluster and Mirantis OpenStack environment before you enable this plugin.
Installation Guide
==================
.. toctree::
:maxdepth: 2
install
User Guide
==========
.. toctree::
:maxdepth: 2
user
Known issues
============
#. Need DNS server support to map Swift APIs hostname and IP
SwiftStack provides a software load balancer, which requries an external DNS server
to operate. Please use DNS server insteand of static hostname records in /etc/hosts.
#. Self-signed SSL certificates are not supported in the SwiftStack plugin
Self-signed certificates could be an issue when used in a production environment
because all clients need to trust the cert to pass the TLS/SSL verification.
It is highly recommended to use certificates signed by a known, trusted Certificate
Appendix
========
#. SwiftStack docs can be found at https://swiftstack.com/docs/

274
doc/user.rst
View File

@ -12,15 +12,18 @@ SwiftStack Swift Cluster
In SwiftStack Swift cluster, that have three network interfaces need to configure for each node.
#. Outward-facing interface
#. Outward-facing interface:
The clients traffic come into this interface, so if you consider putting an external
load balancer in front of the cluster, you should add these outward-facing IPs to the load
balancer pool.
#. Cluster-facing interface
#. Cluster-facing interface:
The interface for Swift internal traffic likes proxy-server from/to object-server.
#. Data replication interface
#. Data replication interface:
This interface is dedicated for object replication.
If the node only has one network interface, you can assign all network interfaces to this
@ -33,23 +36,31 @@ these three network. Check `Configure network`_ to get more detail.
SwiftStack Controller
---------------------
SwiftStack provide two types of controllers, first one is **public controller** (we called `platform controller`)
SwiftStack provide two types of controllers, first one is **public controller** (we called `Platform controller`)
and the second one is **On-Premises controller**. The public controller is for customers they don't want to setup
a SwiftStack Controller on their data center and also allow the nodes have internet connectivity for management
purpose. So, if you don't have an controller account yet, `try to create it`_ .
In On-Premises controller, you need to get the setup script and tarball from SwiftStack sales, and they'll help
you to setup an on-premises controller.
you to setup an On-Premises controller.
And make sure you have an account can login to controller and able to setup a swift cluster before you start
to test the plugin,
And make sure you have an account can login to controller and able to setup a Swift cluster before you start
to test the plugin.
The network configuration in SwiftStack Controller is quite simple, just check the SwiftStack Nodes can reach
SwiftStack controller because SwiftStack Nodes communciate with controller over OpenVPN connections. But if
you have a firewall in the middle; please check `SwiftStack Controller Security`_ and `SwiftStack Node Security`_
to configure the firewall.
.. _platform controller: https://platform.swiftstack.com
.. note::
There is no difference when you use On-Premises or Platform controller to create you own Swift cluster,
and do the integration with SwiftStack Fuel plugin. All configuration of SwiftStack Fuel plugin will
be the same.
The Swift cluster is outside of Fuel environment, so using the Controller to create and configure your
external Swift cluster which will be more efficienct from scratch.
.. _Platform controller: https://platform.swiftstack.com
.. _try to create it: https://www.swiftstack.com/try-it-now/
.. _SwiftStack Controller Security: https://swiftstack.com/docs/security/controller.html#swiftstack-controller-security
@ -60,13 +71,13 @@ Fuel Slave Nodes
----------------
Fuel slave nodes have three network interfaces to configure, so if SwiftStack Nodes are connected to these
three networks and use same IP range of `fuel's configuration`_, you need to skip the IPs that used for SwiftStack
Nodes. The reason is the fuel master doesn't know which IP is taken from SwiftStack Nodes.
three networks and use same IP range of `Fuel's configuration`_, you need to skip the IPs that used for SwiftStack
Nodes. The reason is the Fuel master doesn't know which IP is taken from SwiftStack Nodes.
The SwiftStack Swift cluster is a standalone cluster, and each client should come from Outward-facing network.
So connected to the fuel slave nodes with Outward-facing network should be enough.
The SwiftStack Swift cluster is a standalone cluster, and each client should come from Outward-facing network
(Fuel Public Network). So connected to the Fuel slave nodes with Outward-facing network should be enough.
.. _fuel's configuration: http://docs.openstack.org/developer/fuel-docs/userdocs/fuel-install-guide/install/install_change_network_interface.html#configure-a-network-interface-for-the-fuel-web-ui
.. _Fuel's configuration: http://docs.openstack.org/developer/fuel-docs/userdocs/fuel-install-guide/install/install_change_network_interface.html#configure-a-network-interface-for-the-fuel-web-ui
Network summary
---------------
@ -75,52 +86,100 @@ Please make sure the network configuration like:
1. Fuel controller nodes (Keystone, Glance) can talk to Swift Proxy-server (i.e.,
Proxy-only, PAC, PACO node) for :ref:`Outward-facing IP<proxy_outward_facing_ip>`.
2. Clients can talk to :ref:`Swift API IP Address<swift_api_ip>` (Swift Proxy or External/Internal Load Balancer)
3. SwiftStack nodes can talk to SwiftStack Controller
2. Clients can talk to :ref:`Swift API IP Address<swift_api_ip>` (Swift Proxy or
External/Internal Load Balancer)
3. SwiftStack nodes can talk to SwiftStack Controller via Management (SwiftStack)
network (for On-Premises) or Public network (for public Swiftstack Controller)
.. note::
We only use one PACO (Proxy/Account/Comtainer/Object) nodes to deploy a all-in-one
Swift cluster in this document and is a minimum deployment.
In real environment, you might setup ten nodes or more for a Swift cluster,
so follow the roles can help you do integration.
In real environment, as the cluster scales, it might be necessary to specalize nodes
into separate Proxy/Account/Container/Object tiers.
User token validation
---------------------
In this document, Swift cluster only connected to ``Fuel Public network``, that means Swift
proxy will veridate user's token through this network, and the admin port ``35357`` is not
available for public url, but use auth port ``5000`` with public url shoud be ok, because
the ``swift`` user has service role in Keystone and it can do token validation in public url.
So the identity and auth url should be same likes ``http[s]://<PUBLIC_VIP>:5000/``.
If you have another avaialbe interface on SwiftStack nodes can connect to ``Fuel Management network``,
you can switch to admin rul with admin port, so identity url will be ``http[s]://<MANAGEMENT_VIP>:35357/``.
.. note::
You can find the ``<MANAGEMENT_VIP>`` in Fuel environment variables
(deployment_*/primary-controller*.yaml.) Here is the command to help you to find it.
$ sed -e '/ management:/,/ipaddr:/!d' deployment_*/primary-controller*.yaml | grep ipaddr | awk '{print $2}'
Swift Proxy server validates user's token to keystone through Public network, so the keystone indi
Use SwiftStack On-Premises Controller
-------------------------------------
* 1 Controller Node
* 1 Compute Node (have **Compute** and **Storage - Cinder** roles)
* 1 Swift cluster
Please setup an On-Premises SwiftStack controller first, and then setup a single node Swift
cluster with SwiftStack controller, here is our `quick start guide`_.
* 1 SwiftStack On-Premises controller
* 1 Swift cluster (single node)
Also prepare two Fuel slave nodes:
* 1 Controller Node
* 1 Compute Node (have **Compute** and **Storage - Cinder** roles)
.. note::
In this diagram, the Swift cluster is also connected to management and public network,
for our use case, just make sure the storage network is connected should be enough,
Other interfaces of SwiftStack Nodes, should be used for cluster-facing and replication
networks.
In this diagram, the Swift cluster is also connected to cluster-facing and data replication
network (SwiftStack) outside of Fuel network, which prevents network starvation on Fuel
networks when Swift service daemons are moving data or clients send large data into Swift
cluster. So, just make sure the public network is connected should be enough, Other
interfaces of SwiftStack Nodes, should be used for cluster-facing and replication networks.
Also, the SwiftStack Nodes need to communicate with the SwiftStack controller, so please make
sure they can talked to each other, you can combined ``management (SwiftStack)`` to Fuel
Network as well, that depends on your network design.
.. image:: images/use_on_prem.png
Use SwiftStack Public Controller (Platform)
-------------------------------------------
Please setup a single node Swift cluster with our public controller, here is our `quick start guide`_.
* 1 Swift cluster (single node)
Also prepare two Fuel slave nodes:
* 1 Controller Node
* 1 Compute Node (have **Compute** and **Storage - Cinder** roles)
* 1 Swift cluster
.. note::
In this diagram, the Swift cluster is also connected to management and public network,
for our use case, just make sure the storage network is connected should be enough,
Other interfaces of SwiftStack Nodes, should be used for cluster-facing and replication
networks.
In this diagram, the Swift cluster is also connected to cluster-facing and data replication
network (SwiftStack) outside of Fuel network, which prevents network starvation on Fuel
networks when Swift service daemons are moving data or clients send large data into Swift
cluster. So, just make sure the storage network is connected should be enough, Other
interfaces of SwiftStack Nodes, should be used for cluster-facing and replication networks.
In this case, we use SwiftStack Public controller, so please make sure the SwiftStack
Nodes able to reach Internet.
.. image:: images/use_platform.png
.. _quick start guide: https://swiftstack.com/docs/install/index.html
Deploying Mirantis OpenStack with a SwiftStack Swift cluster
------------------------------------------------------------
@ -129,8 +188,8 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
* Select **Liberty on Ubuntu Trusty (14.04)** as the distribution
* Select **Neutron with VLAN segmentation** as the networking setup
* Use all default settings
* 1 Controller Node (has **Controller** and **Storage - Cinder** roles)
* 1 Compute Node (has **Compute** role)
* 1 Controller Node (has **Controller**)
* 1 Compute Node (has **Compute** and **Storage - Cinder** role)
.. image:: images/1_add_nodes.png
@ -143,7 +202,7 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
#. **Enable TLS for Swift endpoints**:
This option will use HTTPS for swift endpoints include public, admin and internal urls.
This option will use HTTPS for Swift endpoints include public, admin and internal urls.
#. **Swift API IP Address** and **Swift API hostname**:
@ -156,7 +215,7 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
.. note::
If **Use Swift as Glance backend** is disabled,
please consider to enable **Ceph RBD for images (Glance)** or other storage for Glance backend.
please consider enabling **Ceph RBD for images (Glance)** or other storage for Glance backend.
If **Enable upload test** is disabled, Fuel won't upload testVM image(cirros-testvm)
to Glance and store in Swift cluster. That means some **Functional tests** won't pass:
@ -164,21 +223,28 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
The settings in below,
#. Swift API IP Address: ``192.168.1.100``.
#. Swift API IP Address: ``172.16.0.100``.
#. Use Swift as Glance backend: ``Checked``
#. Enable upload test: ``Checked``
.. image:: images/2_enable_plugin.png
#. Go to the **Networks** tab, scroll down to **Storage** section and then
uncheck **Use VLAN tagging** and modify **IP Range** to skip the Swift Proxy IP
(Outwarding-facing) and Swift API IP Address.
#. Go to the **Networks** tab, scroll down to **Public** section and then
modify **IP Range** to skip the Swift Proxy IP (Outwarding-facing) and
Swift API IP Address.
.. image:: images/3_config_network.png
If you install SwiftStack node on fuel slave nodes with role ``Operating System``,
please also skip the IPs in Public and Managent IP ranges, because the fuel master
doesn't know which IP addresses used for SwiftStack nodes.
.. note::
If you install SwiftStack node on Fuel slave nodes with role ``Operating System`` and
please also skip the IPs in Storage and Management IP ranges, because the Fuel master
doesn't know which IP addresses used for SwiftStack nodes.
In this use case, if you use Storage and Management network for cluster-facing
and data replication network, the Swift cluster interal traffic (Swift proxy to
object server and data replication) will consume more bandwidth on these two networks,
that increase network latency when other OpenStack services are running on the same
networks.
.. _proxy_outward_facing_ip:
.. _swift_api_ip:
@ -186,7 +252,7 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
.. note::
If you have more than one Proxy server (Proxy-only, PAC, PACO nodes),
or you use external/internal load balancer (Swift API IP Address) for
your swift cluster, please consider to skip these IPs.
your Swift cluster, please consider to skip these IPs.
* ``Outtward-facing IP from SwiftStack Controller UI``
@ -205,10 +271,10 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
.. _find_keystone_password:
#. Find the settings from deployment information:
* Keystone IP Address (management_vip)
* Keystone IP Address (public_vip)
* Swift password
Please login to the fuel master and create a script file called **swiftstack.sh**
Please login to the Fuel master and create a script file called **swiftstack.sh**
with contents in below,
.. code-block:: bash
@ -223,7 +289,7 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
fuel deployment --env $environment --default
# put error checking here
SwiftIP=$(sed -e '/vips:/,/ipaddr:/!d' \
SwiftIP=$(sed -e '/ public:/,/ipaddr:/!d' \
deployment_*/primary-controller*.yaml \
| grep ipaddr | awk '{print $2}')
SwiftPW=$(sed -e '/swift:/,/user_password:/!d' \
@ -232,7 +298,7 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
echo "Configure Keystone Auth Token Support middleware with the parameters below :"
echo "----------------------------------------------------------------------------"
echo " identity URL : http://$SwiftIP:35357/"
echo " identity_url : http://$SwiftIP:5000/"
echo " auth_url : http://$SwiftIP:5000/"
echo " admin_user : swift"
echo " admin_password : $SwiftPW"
@ -253,24 +319,24 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
Default deployment info was downloaded to /root/deployment_5
Configure Keystone Auth Token Support middleware with the parameters below :
----------------------------------------------------------------------------
identity URL : http://192.168.0.2:35357/
auth_url : http://192.168.0.2:5000/
identity_url : http://172.16.0.3:5000/
auth_url : http://172.16.0.3:5000/
admin_user : swift
admin_password : Ym35Y7j43K6LgsY9xYkJ5TbW
admin_password : v4LiGbh6xPU0vtqXQSMeDjxc
.. _setup_swift_middleware:
#. Once we get Keystone IP (192.168.0.2) and Swift users password (``Ym35Y7j43K6LgsY9xYkJ5TbW``), \
#. Once we get Keystone IP (172.16.0.3) and Swift users password (``v4LiGbh6xPU0vtqXQSMeDjxc``), \
lets login to SwiftStack Controller UI to configure Swift cluster
* Go to the **Middleware** tab, enable and configure **Keystone Auth Token Support** middleware as below:
.. code-block:: bash
identity_url: http://192.168.0.2:35357/
auth_url: http://192.168.0.2:5000/
identity_url: http://172.16.0.3:5000/
auth_url: http://172.16.0.3:5000/
admin_user: swift
admin_password: Ym35Y7j43K6LgsY9xYkJ5TbW
admin_password: v4LiGbh6xPU0vtqXQSMeDjxc
admin_tenant_name: services
@ -297,11 +363,25 @@ Deploying Mirantis OpenStack with a SwiftStack Swift cluster
Verification
++++++++++++
Please run the verification steps below to ensure your Swiftstack plugin is configured properly:
Please run the verification steps below to ensure your SwiftStack plugin is configured properly:
#. Check API endpoints from OpenStack Dashboard:
#. Check API endpoints with Keystone CLI:
.. image:: images/8_deploy_verify2.png
.. code-block:: bash
root@node-23:~# source ~/openrc
##
## Make sure the keystone VIP is correct
##
root@node-23:~# export OS_AUTH_URL='http://192.168.0.2:5000/v2.0'
root@node-23:~# keystone endpoint-list |grep KEY
| b858f41ee3704f32a05060932492943b | RegionOne
| http://172.16.0.100:80/v1/KEY_%(tenant_id)s
| http://172.16.0.100:80/v1/KEY_%(tenant_id)s
| http://172.16.0.100:80/v1/KEY_%(tenant_id)s
| 19966ec76f0d455d94caa87d9569a347 |
.. _verity_cluster_swift_cli:
@ -316,34 +396,27 @@ Please run the verification steps below to ensure your Swiftstack plugin is conf
# Test admin account
~$ cat rc.admin
export ST_AUTH=http://192.168.0.2:5000/v2.0
export ST_AUTH=http://172.16.0.3:5000/v2.0
export ST_USER=admin:admin
export ST_KEY=admin
export ST_AUTH_VERSION=2
~$ source rc.admin
~$ swift stat -v
StorageURL: http://192.168.1.100:80/v1/KEY_c59857e
9f07a44e691e1a12d3ef71d59
Auth Token: gAAAAABW77vTlydZxpTB0yiRimVlTorg6IC9GR
lB5moChyd-P6NlsQ_rJva114IecQxxHB4YR5cd
RECCY4VQZnDSP9wgneG-xSi6P4XKwLDmX9lQKb
YGpCb1l19JyiuBdRZyoc3JC0uiFtW6YfQ0mvPp
VOEWgQJ02tL-vBqfFNcuiiWthn20Rok
Account: KEY_c59857e9f07a44e691e1a12d3ef71d59
Containers: 0
Objects: 0
Bytes: 0
Containers in policy "standard-replica": 0
Objects in policy "standard-replica": 0
Bytes in policy "standard-replica": 0
Accept-Ranges: bytes
X-Account-Project-Domain-Id: default
X-Timestamp: 1458550300.21393
X-Trans-Id: tx1d579f93ee7846fab0eaa-0056efbbd3
Content-Type: text/plain; charset=utf-8
StorageURL: http://172.16.0.100:80/v1/KEY_9f12acc2fc1c4b4cb
75916b2724e2903
Auth Token: gAAAAABXV5CFn_cx-Y2pJK4de7XDDXvEmfo4SlhmCAAOweG
-RHLkSCCqfc_mGHoJ-7ee4cACSzzx5bXijCtopbRA-Mh2vr
_SGK9GKSB1AIt-Q1kSsUJTNgjL0T6Hws66r7gh4PmiTFwhO
uhV9BTswzF9GzIHdUpKusd3jhrclcc9ipQdnF_bF1c
Account: KEY_9f12acc2fc1c4b4cb75916b2724e2903
Containers: 0
Objects: 0
Bytes: 0
X-Put-Timestamp: 1465356423.33437
X-Timestamp: 1465356423.33437
X-Trans-Id: txf07064e2471544b29f84d-0057579086
Content-Type: text/plain; charset=utf-8
* Check glance account when **Use Swift as Glance backend** is enabled
@ -355,39 +428,38 @@ Please run the verification steps below to ensure your Swiftstack plugin is conf
glance:
db_password: XkyxjTF4LKu7FgaY2YyXlUMI
image_cache_max_size: '13928339865'
user_password: ZHFGFM7ivEi0XPuL7l4tt5jE
user_password: iqxWViMcHUjxbWD0hqkvjbon
# Test glance account
~$ cat rc.glance
export ST_AUTH=http://192.168.0.2:5000/v2.0
export ST_AUTH=http://172.16.0.3:5000/v2.0
export ST_USER=services:glance
export ST_KEY=ZHFGFM7ivEi0XPuL7l4tt5jE
export ST_KEY=iqxWViMcHUjxbWD0hqkvjbon
export ST_AUTH_VERSION=2
~$ swift stat -v
StorageURL: http://192.168.1.100:80/v1/KEY_fc5bc05137
09448da632c525728cf79
Auth Token: gAAAAABW77t5VpWr7tzqAtOhYhWiQOo11kqeoSS_0
mnX1WgNprVkAl5Sj8Ut0DuHYnBcg7UdwH00OHfotq
sS9PmetqQSP-RTuQwmwVLH8JAHtpZLm5CFa0ocIJj
o35oFavevzrjsokY4MefxyNlIhByshPelV6Dp3RD0
C9aBygH96gedpOEUw
Account: KEY_fc5bc0513709448da632c525728cf794
Containers: 1
Objects: 1
Bytes: 13287936
Containers in policy "standard-replica": 1
Objects in policy "standard-replica": 1
Bytes in policy "standard-replica": 13287936
Accept-Ranges: bytes
X-Account-Project-Domain-Id: default
X-Timestamp: 1458547227.84808
X-Trans-Id: txac14e38486ea45c98bc6d-0056efbb8d
Content-Type: text/plain; charset=utf-8
StorageURL: http://172.16.0.100:80/v1/KEY_63bda2
0adcb24e2eb37d2dcb13d2a29b
Auth Token: gAAAAABXV4-d_FKAboXyxKOoWVdmbiDCLtgX
0diSqMed9gzXTPHkt5ko7AMffp28iKBX984g
KXqUKk82pjqQ9tpSIu-TA9cTLoZYz0Cabp9Y
s-zIH-BJOP1DZsEaOIOB8wTrvU2i_eGyPKgN
25iaARIahh2MYUkNU21Xfzg7Q7bQlwvFFhMo
d7g
Account: KEY_63bda20adcb24e2eb37d2dcb13d2a29b
Containers: 1
Objects: 1
Bytes: 13287936
Containers in policy "standard-replica": 1
Objects in policy "standard-replica": 1
Bytes in policy "standard-replica": 13287936
Accept-Ranges: bytes
X-Account-Project-Domain-Id: default
X-Timestamp: 1465322384.96195
X-Trans-Id: txa59a5b16d6724fc68adb7-0057578f9e
Content-Type: text/plain; charset=utf-8
Appendix

45
environment_config.yaml
View File

@ -3,35 +3,41 @@ attributes:
toggleable: true
group: 'storage'
restrictions:
- condition: "settings:storage.objects_ceph.value == true"
- condition: "settings:storage.objects_ceph.value == true"
action: disable
swift_api_address:
value: '192.168.1.100'
label: 'Swift API IP Address'
description: |
If enabled,
If enabled,
* Swift deployment in controller nodes will be disabled
* Swift API endpoint in Keysthone DB will redirect to external Swift cluster.
weight: 10
weight: 5
type: "text"
regex:
source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})|(?:^)$'
error: "Invalid IP address"
restrictions:
- condition: "settings:swiftstack.swift_api_fqdn.value != ''"
action: disable
message: "Configures Swift endpoint with hostname"
source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})$'
error: "Invalid IP address. NOTE: it cannot be empty"
swift_api_fqdn:
value: ''
label: 'Swift API Hostname'
description: "Swift API Hostname"
weight: 15
weight: 10
type: "text"
# swift_modify_hosts:
# weight: 15
# type: "checkbox"
# value: True
# label: "Add SwiftStack FQDN to /etc/hosts"
# description: |
# Use this option when you need to use domain name for your SwiftStack cluster,
# but it cannot be resolved by DNS server specifed for Fuel environment
# (f.e. in case of self-signed certificates usage). Enabled by default.
swift_tls_enabled:
weight: 5
weight: 20
type: "checkbox"
value: False
label: "Enable TLS for Swift endpoints"
@ -42,8 +48,18 @@ attributes:
message: "TLS for OpenStack public endpoints is enabled"
action: none
# swift_tls_cert:
# value: ''
# label: 'SwiftStack self-signed certificate'
# description: "If you use self-signed certificate for your SwiftStack cluster, please add it here for distribution of Fuel nodes"
# weight: 25
# type: "file"
# restrictions:
# - condition: "settings:swiftstack.swift_tls_enabled.value == false"
# action: hide
swift_as_glance_backend:
weight: 20
weight: 30
type: "checkbox"
value: false
label: "Use Swift as Glance backend"
@ -53,7 +69,7 @@ attributes:
action: disable
upload_cirros_test:
weight: 30
weight: 35
type: "checkbox"
value: false
label: "Enable upload test"
@ -62,4 +78,3 @@ attributes:
- condition: "settings:swiftstack.swift_as_glance_backend.value == false"
action: disable

5
metadata.yaml
View File

@ -3,11 +3,12 @@ name: swiftstack
# Human-readable name for your plugin
title: Enable SwiftStack Swift cluster integration
# Plugin version
version: '0.2.0'
version: '0.3.0'
# Description
description: Integrate Keystone, Glance and an existing SwiftStack Swift cluster
# Required fuel version
fuel_version: ['8.0']
is_hotpluggable: true
# The plugin is compatible with releases in the list
releases:
@ -18,7 +19,7 @@ releases:
repository_path: repositories/ubuntu
# Version of plugin package
package_version: '3.0.0'
package_version: '4.0.0'
# Licences
licenses: ['Apache License Version 2.0']
# Specify author or company name

31
pre_build_hook
View File

@ -1,31 +0,0 @@
#!/bin/bash
set -eux
ROOT="$(dirname `readlink -f $0`)"
MODULES="${ROOT}"/deployment_scripts/puppet/modules
RPM_REPO="${ROOT}"/repositories/centos/
DEB_REPO="${ROOT}"/repositories/ubuntu/
# Puppet manifests from fuel-lib
FUEL_LIB_VERSION="7.0"
FUEL_LIB_TARBALL_URL="https://github.com/openstack/fuel-library/archive/${FUEL_LIB_VERSION}.tar.gz"
# Puppet std library
STDLIB_TARBALL_URL="https://forgeapi.puppetlabs.com/v3/files/puppetlabs-stdlib-4.7.0.tar.gz"
INIFILE_TARBALL_URL="https://forgeapi.puppetlabs.com/v3/files/puppetlabs-inifile-1.4.2.tar.gz"
rm -rf "${MODULES:?}"/{openstacklib,glance,swift,keystone,stdlib,inifile}
# Include dependent manifests from fuel-library
wget -qO- "${FUEL_LIB_TARBALL_URL}" | \
tar -C "${MODULES}" --strip-components=3 -zxvf - \
fuel-library-${FUEL_LIB_VERSION}/deployment/puppet/{openstacklib,glance,swift,keystone}
mkdir -p "${MODULES}"/{stdlib,inifile}
wget -qO- "${STDLIB_TARBALL_URL}" | tar -C "${MODULES}/stdlib" --strip-components=1 -xz
wget -qO- "${INIFILE_TARBALL_URL}" | tar -C "${MODULES}/inifile" --strip-components=1 -xz