fuel-library/deployment/puppet/openstack_tasks/manifests/swift/parts/proxy.pp

class openstack_tasks::swift::parts::proxy (
  $swift_user_password               = 'swift_pass',
  $swift_hash_suffix                 = 'swift_secret',
  $swift_max_header_size             = '32768',
  $swift_proxy_local_ipaddr          = $::ipaddress_eth0,
  $swift_replication_local_ipaddr    = $::ipaddress_eth0,
  $ring_part_power                   = 18,
  $ring_replicas                     = 3,
  $ring_min_part_hours               = 1,
  $proxy_pipeline                    = [
    'catch_errors',
    'crossdomain',
    'healthcheck',
    'cache',
    'container_sync',
    'bulk',
    'tempurl',
    'ratelimit',
    'formpost',
    'swift3',
    's3token',
    'authtoken',
    'keystone',
    'staticweb',
    'container_quotas',
    'account_quotas',
    'slo',
    'proxy-server'],
  $proxy_workers                     = $::os_workers,
  $proxy_port                        = '8080',
  $proxy_allow_account_management    = true,
  $proxy_account_autocreate          = true,
  $ratelimit_clock_accuracy          = 1000,
  $ratelimit_max_sleep_time_seconds  = 60,
  $ratelimit_log_sleep_time_seconds  = 0,
  $ratelimit_rate_buffer_seconds     = 5,
  $ratelimit_account_ratelimit       = 0,
  $package_ensure                    = 'present',
  $memcached_servers                 = '127.0.0.1:11211',
  $primary_proxy                     = false,
  $swift_devices                     = undef,
  $master_swift_proxy_ip             = undef,
  $master_swift_replication_ip       = undef,
  $collect_exported                  = false,
  $rings                             = ['account', 'object', 'container'],
  $debug                             = false,
  $verbose                           = true,
  $log_facility                      = 'LOG_LOCAL1',
  $ceilometer                        = false,
  $admin_user                        = 'swift',
  $admin_tenant_name                 = 'services',
  $admin_password                    = 'password',
  $auth_host                         = '10.0.0.1',
  $auth_protocol                     = 'http',
  $auth_uri                          = 'http://127.0.0.1:5000',
  $identity_uri                      = 'http://127.0.0.1:35357',
  $swift_operator_roles              = ['admin', 'SwiftOperator'],
  $transport_url                     = 'rabbit://guest:password@127.0.0.1:5672/'
) {
  if !defined(Class['swift']) {
    class { 'swift':
      swift_hash_path_suffix => $swift_hash_suffix,
      package_ensure         => $package_ensure,
      max_header_size        => $swift_max_header_size,
    }
  }

  if !defined(Class['rsync::server']) {
    class { '::rsync::server':
      use_xinetd => true,
      address    => $local_net_ip,
      use_chroot => 'no',
    }
  }

  # calculate log_level
  if $debug {
    $log_level = 'DEBUG'
  }
  elsif $verbose {
    $log_level = 'INFO'
  }
  else {
    $log_level = 'WARNING'
  }

  if $ceilometer {
    $new_proxy_pipeline = split(
      inline_template(
        "<%=
            @proxy_pipeline.insert(-2, 'ceilometer').join(',')
         %>"), ',')
    class { '::swift::proxy::ceilometer':
      default_transport_url => $transport_url,
    }
  }
  else {
    $new_proxy_pipeline = $proxy_pipeline
  }

  class { '::swift::proxy':
    proxy_local_net_ip       => $swift_proxy_local_ipaddr,
    pipeline                 => $new_proxy_pipeline,
    port                     => $proxy_port,
    workers                  => $proxy_workers,
    allow_account_management => $proxy_allow_account_management,
    account_autocreate       => $proxy_account_autocreate,
    package_ensure           => $package_ensure,
    log_facility             => $log_facility,
    log_level                => $log_level,
    log_name                 => 'swift-proxy-server',
  }

  # configure all of the middlewares
  class { ['::swift::proxy::catch_errors', '::swift::proxy::crossdomain', '::swift::proxy::healthcheck',
    '::swift::proxy::bulk', '::swift::proxy::tempurl', '::swift::proxy::formpost', '::swift::proxy::swift3',
    '::swift::proxy::staticweb', '::swift::proxy::container_quotas', '::swift::proxy::account_quotas',
    '::swift::proxy::slo', '::swift::proxy::container_sync']:
  }

  class { '::swift::proxy::cache': memcache_servers => $memcached_servers }

  class { '::swift::proxy::ratelimit':
    clock_accuracy         => $ratelimit_clock_accuracy,
    max_sleep_time_seconds => $ratelimit_max_sleep_time_seconds,
    log_sleep_time_seconds => $ratelimit_log_sleep_time_seconds,
    rate_buffer_seconds    => $ratelimit_rate_buffer_seconds,
    account_ratelimit      => $ratelimit_account_ratelimit,
  }

  class { '::swift::proxy::s3token':
    auth_host     => $auth_host,
    auth_port     => '35357',
    auth_protocol => $auth_protocol,
  }

  class { '::swift::proxy::keystone':
    operator_roles => $swift_operator_roles,
  }

  class { '::swift::proxy::authtoken':
    admin_user        => $admin_user,
    admin_tenant_name => $admin_tenant_name,
    admin_password    => $admin_password,
    auth_uri          => $auth_uri,
    identity_uri      => $identity_uri,
  }

  if $primary_proxy {
    # we need to exec swift ringrebuilder commands under swift user
    Exec { user => 'swift' }
    # Exit codes should be equal to 0 and 1 (bug #1402701)
    Exec <| title == "rebalance_account" or title == "rebalance_container" or title == "rebalance_object" |> { returns => [0,1] }

    # collect all of the resources that are needed
    # to balance the ring
    if $collect_exported {
      Ring_object_device <<| tag == "${::deployment_id}::${::environment}" |>>
      Ring_container_device <<| tag == "${::deployment_id}::${::environment}" |>>
      Ring_account_device <<| tag == "${::deployment_id}::${::environment}" |>>
    }

    # create the ring
    class { 'swift::ringbuilder':
      # the part power should be determined by assuming 100 partitions per drive
      part_power     => $ring_part_power,
      replicas       => $ring_replicas,
      min_part_hours => $ring_min_part_hours,
    }

    # sets up an rsync db that can be used to sync the ring DB
    class { 'swift::ringserver':
      local_net_ip => $swift_replication_local_ipaddr,
    }

    rsync::server::module { 'swift_backups':
      path            => '/etc/swift/backups',
      lock_file       => '/var/lock/swift_backups.lock',
      uid             => 'swift',
      gid             => 'swift',
      incoming_chmod  => false,
      outgoing_chmod  => false,
      max_connections => '5',
      read_only       => true,
    }

    # resource ordering
    Swift::Ringbuilder::Rebalance <||> -> Service <| tag == swift-service |>
    Swift::Ringbuilder::Create<||> ->
    Ring_devices<||> ~>
    Swift::Ringbuilder::Rebalance <||>
  } else {
    validate_string($master_swift_replication_ip)

    if member($rings, 'account') and ! defined(Swift::Ringsync['account']) {
      swift::ringsync { 'account': ring_server => $master_swift_replication_ip }
    }

    if member($rings, 'object') and ! defined(Swift::Ringsync['object']) {
      swift::ringsync { 'object': ring_server => $master_swift_replication_ip }
    }

    if member($rings, 'container') and ! defined(Swift::Ringsync['container']) {
      swift::ringsync { 'container': ring_server => $master_swift_replication_ip }
    }

    rsync::get { "/etc/swift/backups/":
      source    => "rsync://${master_swift_replication_ip}/swift_backups/",
      recursive => true,
    }

    anchor { 'openstack_tasks_proxy_start' :} ->
    Swift::Ringsync <| |> ~>
    Service['swift-proxy-server'] ->
    anchor { 'openstack_tasks_proxy_end' :}

  }
}