Fuel Library
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

proxy_storage.pp 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
  1. class openstack_tasks::swift::proxy_storage {
  2. notice('MODULAR: swift/proxy_storage.pp')
  3. $network_scheme = hiera_hash('network_scheme', {})
  4. $network_metadata = hiera_hash('network_metadata', {})
  5. prepare_network_config($network_scheme)
  6. $swift_hash = hiera_hash('swift')
  7. $swift_master_role = hiera('swift_master_role', 'primary-controller')
  8. $swift_nodes = hiera_hash('swift_nodes', {})
  9. $swift_operator_roles = pick($swift_hash['swift_operator_roles'], ['admin', 'SwiftOperator', '_member_'])
  10. $swift_host_ip_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', {}), 'swift/api')
  11. $swift_proxies_addr_list = sorted_hosts($swift_host_ip_map, 'ip', 'ip')
  12. $memcached_servers = hiera('memcached_servers')
  13. $is_primary_swift_proxy = hiera('is_primary_swift_proxy', false)
  14. $proxy_port = hiera('proxy_port', '8080')
  15. $storage_hash = hiera_hash('storage')
  16. $management_vip = hiera('management_vip')
  17. $public_ssl_hash = hiera_hash('public_ssl')
  18. $swift_api_ipaddr = get_network_role_property('swift/api', 'ipaddr')
  19. $swift_storage_ipaddr = get_network_role_property('swift/replication', 'ipaddr')
  20. $debug = pick($swift_hash['debug'], hiera('debug', false))
  21. $verbose = pick($swift_hash['verbose'], hiera('verbose', false))
  22. # NOTE(mattymo): Changing ring_part_power or part_hours on redeploy leads to data loss
  23. $ring_part_power = pick($swift_hash['ring_part_power'], 10)
  24. $ring_min_part_hours = hiera('swift_ring_min_part_hours', 1)
  25. $deploy_swift_proxy = hiera('deploy_swift_proxy', true)
  26. $swift_realm1_key = hiera('swift_realm1_key', 'realm1key')
  27. #Keystone settings
  28. $keystone_user = pick($swift_hash['user'], 'swift')
  29. $keystone_password = pick($swift_hash['user_password'], 'passsword')
  30. $keystone_tenant = pick($swift_hash['tenant'], 'services')
  31. $workers_max = hiera('workers_max', $::os_workers)
  32. $service_workers = pick($swift_hash['workers'], min(max($::processorcount, 2), $workers_max))
  33. $ssl_hash = hiera_hash('use_ssl', {})
  34. $rabbit_hash = hiera_hash('rabbit')
  35. $transport_url = hiera('transport_url','rabbit://guest:password@127.0.0.1:5672/')
  36. #storage settings
  37. $mp_hash = hiera('mp')
  38. $deploy_swift_storage = hiera('deploy_swift_storage', true)
  39. $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', [pick($swift_hash['auth_protocol'], 'http')])
  40. $internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('service_endpoint', ''), $management_vip])
  41. $admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [pick($swift_hash['auth_protocol'], 'http')])
  42. $admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('service_endpoint', ''), $management_vip])
  43. $auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
  44. $identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/"
  45. $swift_internal_protocol = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'protocol', 'http')
  46. $swift_internal_address = get_ssl_property($ssl_hash, {}, 'swift', 'internal', 'hostname', [$swift_api_ipaddr, $management_vip])
  47. $swift_public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'swift', 'public', 'protocol', 'http')
  48. $swift_public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'swift', 'public', 'hostname', [hiera('public_vip')])
  49. $swift_url_base = "${swift_public_protocol}:"
  50. $swift_proxies_num = size(hiera('swift_proxies'))
  51. # Use Swift if it isn't replaced by Ceph for BOTH images and objects
  52. $master_swift_proxy_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role])
  53. $master_swift_proxy_nodes_list = values($master_swift_proxy_nodes)
  54. $master_swift_proxy_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/api'], '\/\d+$', '')
  55. $master_swift_replication_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/replication'], '\/\d+$', '')
  56. $swift_partition = hiera('swift_partition', '/var/lib/glance/node')
  57. if $is_primary_swift_proxy {
  58. ring_devices {'all':
  59. storages => $swift_nodes,
  60. require => Class['swift'],
  61. }
  62. }
  63. if ($swift_proxies_num < 2) {
  64. $ring_replicas = 2
  65. } else {
  66. $ring_replicas = 3
  67. }
  68. if $deploy_swift_proxy {
  69. class { 'openstack_tasks::swift::parts::proxy':
  70. swift_user_password => $swift_hash['user_password'],
  71. swift_operator_roles => $swift_operator_roles,
  72. memcached_servers => $memcached_servers,
  73. ring_part_power => $ring_part_power,
  74. ring_replicas => $ring_replicas,
  75. primary_proxy => $is_primary_swift_proxy,
  76. swift_proxy_local_ipaddr => $swift_api_ipaddr,
  77. swift_replication_local_ipaddr => $swift_storage_ipaddr,
  78. master_swift_proxy_ip => $master_swift_proxy_ip,
  79. master_swift_replication_ip => $master_swift_replication_ip,
  80. proxy_port => $proxy_port,
  81. proxy_workers => $service_workers,
  82. debug => $debug,
  83. verbose => $verbose,
  84. log_facility => 'LOG_SYSLOG',
  85. ceilometer => hiera('use_ceilometer',false),
  86. ring_min_part_hours => $ring_min_part_hours,
  87. admin_user => $keystone_user,
  88. admin_tenant_name => $keystone_tenant,
  89. admin_password => $keystone_password,
  90. auth_host => $internal_auth_address,
  91. auth_protocol => $internal_auth_protocol,
  92. auth_uri => $auth_uri,
  93. identity_uri => $identity_uri,
  94. transport_url => $transport_url,
  95. swift_url_base => $swift_url_base,
  96. }
  97. # Check swift proxy and internal VIP are from the same IP network. If no
  98. # then it's possible to get network failure, so proxy couldn't access
  99. # Keystone via VIP. In such cases swift health check returns OK, but all
  100. # requests forwarded from HAproxy fail, see LP#1459772 In order to detect
  101. # such bad swift backends we enable a service which checks Keystone
  102. # availability from swift node. HAProxy monitors that service to get
  103. # proper backend status.
  104. # NOTE: this is the same logic in the HAproxy configuration so if it's
  105. # updated there, this must be updated. See LP#1548275
  106. $swift_api_network = get_network_role_property('swift/api', 'network')
  107. $bind_to_one = has_ip_in_network($management_vip, $swift_api_network)
  108. if !$bind_to_one {
  109. $storage_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
  110. $mgmt_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')
  111. class { 'openstack_tasks::swift::parts::status':
  112. endpoint => "${swift_internal_protocol}://${swift_internal_address}:${proxy_port}",
  113. scan_target => "${internal_auth_address}:5000",
  114. only_from => "127.0.0.1 240.0.0.2 ${storage_nets} ${mgmt_nets}",
  115. con_timeout => 5
  116. }
  117. Class['openstack_tasks::swift::parts::status'] -> Class['swift::dispersion']
  118. }
  119. class { 'swift::dispersion':
  120. auth_url => "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/",
  121. auth_user => $keystone_user,
  122. auth_tenant => $keystone_tenant,
  123. auth_pass => $keystone_password,
  124. auth_version => '2.0',
  125. }
  126. Class['openstack_tasks::swift::parts::proxy'] -> Class['swift::dispersion']
  127. Service<| tag == 'swift-service' |> -> Class['swift::dispersion']
  128. }
  129. if $deploy_swift_storage {
  130. if !defined(File['/var/lib/glance']) {
  131. file {'/var/lib/glance':
  132. ensure => 'directory',
  133. group => 'glance',
  134. require => Package['swift'],
  135. } -> Service <| tag == 'swift-service' |>
  136. } else {
  137. File['/var/lib/glance'] {
  138. ensure => 'directory',
  139. group => 'glance',
  140. require +> Package['swift'],
  141. }
  142. File['/var/lib/glance'] -> Service <| tag == 'swift-service' |>
  143. }
  144. class { 'openstack_tasks::swift::parts::storage_node':
  145. storage_type => false,
  146. loopback_size => '5243780',
  147. storage_mnt_base_dir => $swift_partition,
  148. storage_devices => filter_hash($mp_hash,'point'),
  149. swift_zone => $master_swift_proxy_nodes_list[0]['swift_zone'],
  150. swift_local_net_ip => $swift_storage_ipaddr,
  151. master_swift_proxy_ip => $master_swift_proxy_ip,
  152. master_swift_replication_ip => $master_swift_replication_ip,
  153. sync_rings => ! $is_primary_swift_proxy,
  154. debug => $debug,
  155. verbose => $verbose,
  156. log_facility => 'LOG_SYSLOG',
  157. }
  158. # TODO(mmalchuk) remove this 'unless' workaround made for LP#1610947 after
  159. # corresponding Trusty packages in upstream backported from Xenial or even
  160. # the whole block with services when they would be controlled by the swift
  161. # puppet module (for example as in the LP#1554835) in Xenial or later
  162. unless ($::os_package_type == 'ubuntu' and $::operatingsystemrelease =~ /^14/) {
  163. service { 'swift-container-reconciler':
  164. ensure => stopped,
  165. enable => false,
  166. require => Package['swift-container'],
  167. }
  168. service { 'swift-object-reconstructor':
  169. ensure => stopped,
  170. enable => false,
  171. require => Package['swift-object'],
  172. }
  173. }
  174. }
  175. # We need this line for proper upgrade process LP#1619282
  176. User <| title == swift |> { groups +> ['glance'] }
  177. # swift_container_sync_realms file specifying
  178. # the allowable clusters and their information.
  179. # Changes in this file don't require restart services.
  180. # This config should be present on proxy and containers nodes.
  181. if $deploy_swift_storage or $deploy_swift_proxy {
  182. swift_container_sync_realms_config {
  183. 'realm1/key': value => $swift_realm1_key;
  184. 'realm1/cluster_name1': value => "${swift_public_protocol}://${swift_public_address}:8080/v1";
  185. }
  186. }
  187. }