Merge "Make HAProxy check of swift proxy backends via management VIP"

2015-06-01 18:38:41 +00:00 · 2015-06-01 18:38:41 +00:00 · 5a2146c801
commit 5a2146c801
parent c9a86ac0e6 42df864217
9 changed files with 150 additions and 3 deletions
--- a/debian/fuel-ha-utils.install
+++ b/debian/fuel-ha-utils.install
@ -2,4 +2,5 @@ files/fuel-ha-utils/ocf/* /usr/lib/ocf/resource.d/fuel
 files/fuel-ha-utils/tools/q-agent-cleanup.py /usr/bin
 files/fuel-ha-utils/tools/wsrepclustercheckrc /etc
 files/fuel-ha-utils/tools/clustercheck /usr/bin
+files/fuel-ha-utils/tools/swiftcheck /usr/bin

--- a/deployment/puppet/openstack/manifests/firewall.pp
+++ b/deployment/puppet/openstack/manifests/firewall.pp
@ -8,6 +8,7 @@ class openstack::firewall (
  $mysql_gcomm_port             = 4567,
  $galera_ist_port              = 4568,
  $galera_clustercheck_port     = 49000,
+  $swift_proxy_check_port       = 49001,
  $keystone_public_port         = 5000,
  $swift_proxy_port             = 8080,
  $swift_object_port            = 6000,
@ -104,7 +105,8 @@ class openstack::firewall (
  }

  firewall {'103 swift':
-    port   => [$swift_proxy_port, $swift_object_port, $swift_container_port, $swift_account_port],
+    port   => [$swift_proxy_port, $swift_object_port, $swift_container_port,
+               $swift_account_port, $swift_proxy_check_port],
    proto  => 'tcp',
    action => 'accept',
  }
--- a/deployment/puppet/openstack/manifests/ha/swift.pp
+++ b/deployment/puppet/openstack/manifests/ha/swift.pp
@ -9,5 +9,9 @@ class openstack::ha::swift (
    server_names => filter_hash($servers, 'name'),
    ipaddresses  => filter_hash($servers, 'storage_address'),
    public       => true,
+    haproxy_config_options => {
+        'option'         => ['httpchk', 'httplog', 'httpclose'],
+    },
+    balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
  }
 }
--- a/deployment/puppet/openstack/manifests/reserved_ports.pp
+++ b/deployment/puppet/openstack/manifests/reserved_ports.pp
@ -16,7 +16,7 @@
 # class { 'openstack::reserved_ports': }
 #

-class openstack::reserved_ports ( $ports = '49000,35357,41055,58882' ) {
+class openstack::reserved_ports ( $ports = '49000,49001,35357,41055,58882' ) {
  sysctl::value { 'net.ipv4.ip_local_reserved_ports': value => $ports }
 }

--- a/deployment/puppet/openstack/manifests/swift/status.pp
+++ b/deployment/puppet/openstack/manifests/swift/status.pp
@ -0,0 +1,71 @@
+# == Class: openstack::swift::status
+#
+# Configures a script that will check the health
+# of swift proxy backend via given endpoint, assumes swift module is in catalog
+#
+# === Parameters:
+#
+# [*address*]
+# (optional) xinet.d bind address for swiftcheck
+# Defaults to 0.0.0.0
+#
+# [*only_from*]
+# (optional) xinet.d only_from address for swiftcheck
+# Defaults to 127.0.0.1
+#
+# [*port*]
+# (optional) Port for swift check service
+# Defaults to 49001
+#
+# [*endpoint*]
+#  (optional) The Swift endpoint host for swift healthcheck
+#  Defaults to http://127.0.0.1:8080
+#
+# [*vip*]
+#  (optional) The VIP address for the ICMP connectivity check
+#  Defaults to 127.0.0.1
+#
+# [*con_timeout*]
+#  (optional) The timeout for Swift endpoint connection for swift healthcheck
+#  Defaults to 5 seconds
+#
+
+class openstack::swift::status (
+  $address     = '0.0.0.0',
+  $only_from   = '127.0.0.1',
+  $port        = '49001',
+  $endpoint    = 'http://127.0.0.1:8080',
+  $vip         = '127.0.0.1',
+  $con_timeout = '5',
+) {
+
+  augeas { 'swiftcheck':
+    context => '/files/etc/services',
+    changes => [
+      "set /files/etc/services/service-name[port = '${port}']/port ${port}",
+      "set /files/etc/services/service-name[port = '${port}'] swiftcheck",
+      "set /files/etc/services/service-name[port = '${port}']/protocol tcp",
+      "set /files/etc/services/service-name[port = '${port}']/#comment 'Swift Health Check'",
+    ],
+  }
+
+  $group = $::osfamily ? {
+    'redhat' => 'nobody',
+    'debian' => 'nogroup',
+    default  => 'nobody',
+  }
+
+  include xinetd
+  xinetd::service { 'swiftcheck':
+    bind        => $address,
+    port        => $port,
+    only_from   => $only_from,
+    cps         => '512 10',
+    per_source  => 'UNLIMITED',
+    server      => '/usr/bin/swiftcheck',
+    server_args => "${endpoint} ${vip} ${con_timeout}",
+    user        => 'nobody',
+    group       => $group,
+    flags       => 'IPv4',
+  }
+}
--- a/deployment/puppet/osnailyfacter/modular/netconfig/netconfig.pp
+++ b/deployment/puppet/osnailyfacter/modular/netconfig/netconfig.pp
@ -14,7 +14,7 @@ sysctl::value { 'net.ipv4.conf.all.arp_accept':   value => '1'  }
 sysctl::value { 'net.ipv4.conf.default.arp_accept':   value => '1'  }

 # setting kernel reserved ports
-# defaults are 49000,35357,41055,58882
+# defaults are 49000,49001,35357,41055,58882
 class { 'openstack::reserved_ports': }

 ### TCP connections keepalives and failover related parameters ###
--- a/deployment/puppet/osnailyfacter/modular/swift/swift.pp
+++ b/deployment/puppet/osnailyfacter/modular/swift/swift.pp
@ -1,6 +1,8 @@
 notice('MODULAR: swift.pp')

 $swift_hash          = hiera('swift_hash')
+$proxy_port          = hiera('proxy_port', '8080')
+$network_scheme      = hiera('network_scheme', {})
 $storage_hash        = hiera('storage_hash')
 $mp_hash             = hiera('mp')
 $management_vip      = hiera('management_vip')
@ -50,6 +52,8 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
  }

  $ring_part_power = calc_ring_part_power($controllers,$swift_hash['resize_value'])
+  $sto_net = $network_scheme['endpoints']['br-storage']['IP']
+  $man_net = $network_scheme['endpoints']['br-mgmt']['IP']

  class { 'openstack::swift::proxy':
    swift_user_password     => $swift_hash[user_password],
@ -59,11 +63,19 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
    controller_node_address => $management_vip,
    swift_local_net_ip      => $storage_address,
    master_swift_proxy_ip   => $master_swift_proxy_ip,
+    proxy_port              => $proxy_port,
    debug                   => $debug,
    verbose                 => $verbose,
    log_facility            => 'LOG_SYSLOG',
    ceilometer              => hiera('use_ceilometer'),
    ring_min_part_hours     => $ring_min_part_hours,
+  } ->
+
+  class { 'openstack::swift::status':
+    endpoint    => "http://${storage_address}:${proxy_port}",
+    vip         => $management_vip,
+    only_from   => "127.0.0.1 240.0.0.2 ${sto_net} ${man_net}",
+    con_timeout => 5
  }

  class { 'swift::keystone::auth':
--- a/files/fuel-ha-utils/tools/swiftcheck
+++ b/files/fuel-ha-utils/tools/swiftcheck
@ -0,0 +1,55 @@
+#!/bin/bash
+#
+# Script to make a HAProxy capable of monitoring the Swift proxy backends status.
+# This script checks the given management VIP via ICMP and also performs a Swift
+# healthcheck via the given Swift endpoint with the given connect timeout.
+# Reports an HTTP 200 OK, if all of the results are OK.
+# If the healthcheck result was not OK or the Swift endpoint/VIP was not reachable,
+# it would report an HTTP 503 Error.
+#
+# Author: Bogdan Dobrelya <bdobrelia@mirantis.com>
+#
+
+if [[ $1 == '-h' || $1 == '--help' || "$#" -ne 3 ]];then
+    echo "Usage: $0 <local_swift_endpoint> <management_vip> <connect_timeout>"
+    exit
+fi
+
+# Remove trailing slash
+url=`echo $1 | sed 's#/*$##'`
+
+# Check for the management VIP avail.
+ping -c3 $2 2>&1 >/dev/null
+rc=$?
+rc2=1
+result="ERROR"
+
+# Also check for the swift healthcheck report via given endpoint url
+if [[ $rc == 0 ]]; then
+    result=`/usr/bin/curl --connect-timeout ${3} -XGET ${url}/healthcheck 2>/dev/null`
+    rc2=$?
+fi
+
+if [[ $result == "OK" && $rc2 == 0 ]] ; then
+    # Swift healthcheck is OK and endpoint is reachable
+    # return HTTP 200. Shell return-code is 0
+    echo -en "HTTP/1.1 200 OK\r\n"
+    echo -en "Content-Type: text/plain\r\n"
+    echo -en "Connection: close\r\n"
+    echo -en "Content-Length: 5\r\n"
+    echo -en "\r\n"
+    echo -en "OK.\r\n"
+    sleep 0.1
+    exit 0
+else
+    # Swift healthcheck failed or endpoint was not reachable,
+    # return HTTP 503. Shell return-code is 1
+    echo -en "HTTP/1.1 503 Service Unavailable\r\n"
+    echo -en "Content-Type: text/plain\r\n"
+    echo -en "Connection: close\r\n"
+    echo -en "Content-Length: 8\r\n"
+    echo -en "\r\n"
+    echo -en "Error.\r\n"
+    sleep 0.1
+    exit 1
+fi
--- a/specs/fuel-library6.1.spec
+++ b/specs/fuel-library6.1.spec
@ -72,6 +72,7 @@ install -m 0755 %{files_source}/fuel-ha-utils/ocf/ceilometer-agent-central %{bui
 install -m 0755 %{files_source}/fuel-ha-utils/ocf/ceilometer-alarm-evaluator %{buildroot}/usr/lib/ocf/resource.d/fuel/ceilometer-alarm-evaluator
 install -m 0755 %{files_source}/fuel-ha-utils/tools/q-agent-cleanup.py %{buildroot}/usr/bin/q-agent-cleanup.py
 install -m 0755 %{files_source}/fuel-ha-utils/tools/clustercheck %{buildroot}/usr/bin/clustercheck
+install -m 0755 %{files_source}/fuel-ha-utils/tools/swiftcheck %{buildroot}/usr/bin/swiftcheck
 install -m 0644 %{files_source}/fuel-ha-utils/tools/wsrepclustercheckrc %{buildroot}/etc/wsrepclustercheckrc
 install -m 0755 %{files_source}/rabbit-fence/rabbit-fence.py %{buildroot}/usr/bin/rabbit-fence.py
 install -m 0755 %{files_source}/rabbit-fence/rabbit-fence.init %{buildroot}/etc/init.d/rabbit-fence
@ -171,6 +172,7 @@ For further information go to http://wiki.openstack.org/Fuel
 /usr/lib/ocf/resource.d/fuel
 /usr/bin/q-agent-cleanup.py
 /usr/bin/clustercheck
+/usr/bin/swiftcheck
 %config(noreplace) /etc/wsrepclustercheckrc
 #