openstack
/
cookbook-openstack-object-storage
Code Issues Proposed changes
RETIRED, Chef Cookbook - OpenStack Object Storage
95 Commits 3 Branches 4 Tags 1.5 MiB
Go to file
Mark Vanderwiel 1fff96638a swift updates for roles and services 
* update role to match our chef repo
* allow platform service names
* improved logging
* use memcache list from common
* remove old unneeded templates and service providers
* add ring gzone and region attributes
* cleanup deprecated get_secret calls
* add templates for sync, expirer and recon
* added more tests

Sorry for the long patch, but this cookbook has been difficult
to deal with.

Change-Id: I2373d65b02c56ada1be8703be0492fab3597be26
Implements: blueprint object-storage-cleanup
 		2015-03-11 10:23:41 -05:00
attributes swift updates for roles and services 2015-03-11 10:23:41 -05:00
files/default Use keystone as default authenication 2015-02-10 13:34:38 -06:00
libraries swift updates for roles and services 2015-03-11 10:23:41 -05:00
providers swift updates for roles and services 2015-03-11 10:23:41 -05:00
recipes swift updates for roles and services 2015-03-11 10:23:41 -05:00
resources Add ability to determine pass value for mount resource 2015-03-06 17:17:53 +00:00
spec swift updates for roles and services 2015-03-11 10:23:41 -05:00
templates/default swift updates for roles and services 2015-03-11 10:23:41 -05:00
.gitignore Initial kilo updates 2015-03-04 16:13:13 -06:00
.gitreview Added .gitreview 2013-05-08 20:05:10 +00:00
.rubocop.yml Initial kilo updates 2015-03-04 16:13:13 -06:00
.rubocop_todo.yml Initial kilo updates 2015-03-04 16:13:13 -06:00
Berksfile point berkshelf at supermarket.chef.io 2015-02-16 19:50:54 -06:00
CONTRIBUTING.md Workflow documentation is now in infra-manual 2014-12-05 03:30:44 +00:00
Gemfile Initial kilo updates 2015-03-04 16:13:13 -06:00
README.md swift updates for roles and services 2015-03-11 10:23:41 -05:00
Rakefile add a Rakefile to structure test runs 2014-09-30 14:43:54 +02:00
TESTING.md Cleanup cookbook contact info 2014-10-14 10:12:20 -05:00
metadata.rb Initial kilo updates 2015-03-04 16:13:13 -06:00

README.md

Description

Installs the OpenStack Object Storage service Swift as part of the OpenStack reference deployment Chef for OpenStack. The http://github.com/stackforge/chef-openstack-repo contains documentation for using this cookbook in the context of a full OpenStack deployment. Swift is currently installed from packages.

https://wiki.openstack.org/wiki/Swift

Requirements

Clients

  • CentOS >= 7
  • Ubuntu >= 14.04

Chef

  • 12

Dependent Cookbooks

  • openstack-common
  • openstack-identity
  • memcached
  • statsd

Roles

  • swift-account-server - storage node for account data
  • swift-container-server - storage node for container data
  • swift-management-server - responsible for ring generation
  • swift-object-server - storage node for object server
  • swift-proxy-server - proxy for swift storage nodes
  • swift-setup - server responsible for generating initial settings

The swift-management-server role performs the following functions:

  • proxy node that knows super admin password
  • ring repository and ring building workstation
  • generally always has the swift-setup role too
  • there can only be one swift-management-server

There must be a node with the the swift-management-server role to act as the ring repository.

In small environments, it is likely that all storage machines will have all-in-one roles, with a load balancer ahead of it

In larger environments, where it is cost effective to split the proxy and storage layer, storage nodes will carry swift-{account,container,object}-server roles, and there will be dedicated hosts with the swift-proxy-server role.

In really really huge environments, it's possible that the storage node will be split into swift-{container,account}-server nodes and swift-object-server nodes.

Recipes

client

  • Install the swift client packages

Attributes

There are other attributes that must be set depending on authmode. For "swauth", the following attributes are used:

  • default[:swift][:authkey] - swauth super admin key if using swauth (defaults to test)

The following secrets can be defined in the databag defined in Common ['openstack']['secret']['secrets_data_bag']

        {
          "swift_hash": "1a7c0568fa84"
          "swift_authkey": "keY4all"
          "dispersion_auth_user": "ops:dispersion",
          "dispersion_auth_key": "dispersionpass"
        }

In addition, because swift is typically deployed as a cluster there are some attributes used to find interfaces and ip addresses on storage nodes:

  • default[:swift][:git_builder_ip] - the IP address of the management server which other cluster members will use as their git pull target for ring updates (defaults to 127.0.0.1)
  • default[:swift][:network][:proxy-bind-ip] - the IP address to bind to on the proxy servers (defaults to 0.0.0.0 for all addresses)
  • default[:swift][:network][:proxy-bind-port] - the port to bind to on the proxy servers (defaults to 8080)
  • default[:swift][:network][:account-bind-ip] - the IP address to bind to on the account servers (defaults to 0.0.0.0 for all addresses)
  • default[:swift][:network][:account-bind-port] - the port to bind to on the account servers (defaults to 6002)
  • default[:swift][:network][:container-bind-ip] - the IP address to bind to on the container servers (defaults to 0.0.0.0 for all addresses)
  • default[:swift][:network][:container-bind-port] - the port to bind to on the container servers (defaults to 6002)
  • default[:swift][:network][:object-bind-ip] - the IP address to bind to on the object servers (defaults to 0.0.0.0 for all addresses)
  • default[:swift][:network][:object-bind-port] - the port to bind to on the container servers (defaults to 6002)
  • default[:swift][:network][:object-cidr] - the CIDR network for your object servers in order to build the ring (defaults to 10.0.0.0/24)

Proxy Plugins

Formpost

  • default[:swift][:formpost][:enabled] - optionally enable the formpost proxy plugin (defaults to false)

TempURL

  • default[:swift][:tempurl][:enabled] - optionally enable the tempurl proxy plugin (defaults to false)
  • default[:swift][:tempurl][:incoming_remove_headers] - The headers to remove from incoming requests (defaults to x-timestamp)
  • default[:swift][:tempurl][:incoming_allow_headers] - The headers allowed as exceptions to incoming_remove_headers (defaults to empty string)
  • default[:swift][:tempurl][:incoming_allow_headers] - The headers allowed as exceptions to incoming_remove_headers (defaults to empty string)
  • default[:swift][:tempurl][:outgoing_remove_headers] - The headers to remove from outgoing responses (defaults to x-object-meta-*)
  • default[:swift][:tempurl][:outgoing_allow_headers] - The headers allowed as exceptions to outgoing_remove_headers (defaults x-object-meta-public-*)

Domain Remap

  • default[:swift][:domain_remap][:enabled] - optionally enable the domain remap proxy plugin (defaults to false)
  • default[:swift][:domain_remap][:storage_domain] - The domain remap reseller domain (defaults to example.com)
  • default[:swift][:domain_remap][:root_path] - The domain remap root path (defaults to v1)
  • default[:swift][:domain_remap][:reseller_prefixes] - The domain remap reseller prefixes (defaults to AUTH)

Staticweb

  • default[:swift][:staticweb][:enabled] - optionally enable the staticweb proxy plugin (defaults to false)
  • default[:swift][:staticweb][:cache_timeout] - Seconds to cache container x-container-meta-web-* header values (defaults to 300)

Examples

Example environment

{
  "default_attributes": {
    "swift": {
        "swift_hash": "107c0568ea84",
        "authmode": "swauth",
        "authkey": "test",
        "auto_rebuild_rings": false,
        "git_builder_ip": "10.0.0.10",
        "swauth": {
            "url": "http://10.0.0.10:8080/v1/"
      }
    }
  },
  "name": "swift",
  "chef_type": "environment",
  "json_class": "Chef::Environment"
}

This sets up defaults for a swauth-based cluster with the storage network on 10.0.0.0/24.

Standalone Storage Server

{
  "name": "swift-object-server",
  "json_class": "Chef::Role",
  "run_list": [
    "recipe[swift::object-server]"
  ],
  "description": "A storage server role.",
  "chef_type": "role"
}

Standalone Proxy Server

  "run_list": [
    "role[swift-proxy-server]"
  ]

Testing

Please refer to the TESTING.md for instructions for testing the cookbook.

Berkshelf

Berks will resolve version requirements and dependencies on first run and store these in Berksfile.lock. If new cookbooks become available you can run berks update to update the references in Berksfile.lock. Berksfile.lock will be included in stable branches to provide a known good set of dependencies. Berksfile.lock will not be included in development branches to encourage development against the latest cookbooks.

License and Author
Author Alan Meadows (alan.meadows@gmail.com)
Author Oisin Feeley (of3434@att.com)
Author Ron Pedde (ron.pedde@rackspace.com)
Author Will Kelly (will.kelly@rackspace.com)
Author Chen Zhiwei (zhiwchen@cn.ibm.com)
Author Mark Vanderwiel (vanderwl@us.ibm.com)
Copyright Copyright (c) 2013, AT&T, Inc.
Copyright Copyright (c) 2012, Rackspace US, Inc.
Copyright Copyright (c) 2013-2015 IBM, Corp.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.