Add support for deploying RGW with ceph-ansible

This patch allows usage of ceph-ansible to configure the RGW service
in the overcloud. Still uses puppet-keystone to create the necessary
user and endpoint in the catalog.

Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Iafa17bb64c54e40350b2ba7d76dea3d82fcab0e4

docker/services/ceph-ansible/ceph-base.yaml

@@ -100,6 +100,14 @@ parameters:
   CephClientUserName:
     default: openstack
     type: string
+  CephRgwClientName:
+    default: radosgw
+    type: string
+  CephRgwKey:
+    description: The cephx key for the radosgw client. Can be created
+                 with ceph-authtool --gen-print-key.
+    type: string
+    hidden: true
   CephPoolDefaultSize:
     description: default minimum replication for RBD copies
     type: number
@@ -115,6 +123,10 @@ parameters:
   CephIPv6:
     default: False
     type: boolean
+  SwiftPassword:
+    description: The password for the swift service account
+    type: string
+    hidden: true
   DockerCephDaemonImage:
     description: image
     type: string
@@ -244,12 +256,29 @@ outputs:
             mds_cap: "allow *"
             osd_cap: "allow rw"
             mode: "0644"
+          - name:
+              list_join:
+              - '.'
+              - - client
+                - {get_param: CephRgwClientName}
+            key: {get_param: CephRgwKey}
+            mon_cap: "allow rw"
+            osd_cap: "allow rwx"
+            mode: "0644"
           keys: *openstack_keys
           pools: []
           ceph_conf_overrides:
             global:
               osd_pool_default_size: {get_param: CephPoolDefaultSize}
               osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+              rgw_keystone_api_version: 3
+              rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+              rgw_keystone_accepted_roles: 'Member, _member_, admin'
+              rgw_keystone_admin_domain: default
+              rgw_keystone_admin_project: service
+              rgw_keystone_admin_user: swift
+              rgw_keystone_admin_password: {get_param: SwiftPassword}
+              rgw_s3_auth_use_keystone: 'true'
           ntp_service_enabled: false
           generate_fsid: false
           ip_version:

docker/services/ceph-ansible/ceph-rgw.yaml

@@ -0,0 +1,87 @@
+heat_template_version: pike
+
+description: >
+  Ceph RadosGW service.
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  SwiftPassword:
+    description: The password for the swift service account
+    type: string
+    hidden: true
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint
+
+resources:
+  CephBase:
+    type: ./ceph-base.yaml
+    properties:
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Ceph RadosGW service.
+    value:
+      service_name: ceph_rgw
+      upgrade_tasks: []
+      step_config: ''
+      puppet_config:
+        config_image: ''
+        config_volume: ''
+        step_config: ''
+      docker_config: {}
+      service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+      config_settings:
+        map_merge:
+        - tripleo.ceph_rgw.firewall_rules:
+            '122 ceph rgw':
+              dport: {get_param: [EndpointMap, CephRgwInternal, port]}
+        - ceph_rgw_ansible_vars:
+            map_merge:
+            - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+            - radosgw_keystone: true
+              radosgw_keystone_ssl: false
+              radosgw_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]}
+              radosgw_civetweb_port: {get_param: [EndpointMap, CephRgwInternal, port]}
+      service_config_settings:
+        keystone:
+          ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]}
+          ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]}
+          ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]}
+          ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion}
+          ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ]
+          ceph::rgw::keystone::auth::tenant: service
+          ceph::rgw::keystone::auth::user: swift
+          ceph::rgw::keystone::auth::password: {get_param: SwiftPassword}

environments/ceph-ansible/ceph-rgw.yaml

@@ -0,0 +1,5 @@
+resource_registry:
+  OS::TripleO::Services::CephRgw: ../../docker/services/ceph-ansible/ceph-rgw.yaml
+  OS::TripleO::Services::SwiftProxy: OS::Heat::None
+  OS::TripleO::Services::SwiftStorage: OS::Heat::None
+  OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None