Browse Source

Support separate Swift storage networks

Adds support to seperate Swift access and replication traffic from other storage traffic.

In a deployment where both Ceph and Swift have been deployed,
this changes adds functionalality to support optional seperation
of storage network traffic. This adds two new network interfaces
'swift_storage_interface' and 'swift_replication_interface' which maintain
backwards compatibility.

The Swift access network interface is configured via 'swift_storage_interface',
which defaults to 'storage_interface'. The Swift replication network
interface is configured via 'swift_replication_interface', which
defaults to 'swift_storage_interface'.

If a separate replication network is used, Kolla Ansible now deploys separate
replication servers for the accounts, containers and objects, that listen on
this network. In this case, these services handle only replication traffic, and
the original account-, container- and object- servers only handle storage
user requests.

Change-Id: Ib39e081574e030126f2d08f51de89641ddb0d42e
tags/8.0.0.0rc1
Scott Solkhon 2 months ago
parent
commit
a781c64319

+ 2
- 0
ansible/group_vars/all.yml View File

@@ -167,6 +167,8 @@ kolla_external_vip_interface: "{{ network_interface }}"
167 167
 api_interface: "{{ network_interface }}"
168 168
 storage_interface: "{{ network_interface }}"
169 169
 cluster_interface: "{{ network_interface }}"
170
+swift_storage_interface: "{{ storage_interface }}"
171
+swift_replication_interface: "{{ swift_storage_interface }}"
170 172
 migration_interface: "{{ network_interface }}"
171 173
 tunnel_interface: "{{ network_interface }}"
172 174
 octavia_network_interface: "{{ api_interface }}"

+ 3
- 0
ansible/roles/swift/defaults/main.yml View File

@@ -66,6 +66,9 @@ swift_devices_match_mode: "strict"
66 66
 swift_devices_name: "KOLLA_SWIFT_DATA"
67 67
 swift_delay_auth_decision: "False"
68 68
 
69
+# Boolean, true if there is a dedicated replication network.
70
+swift_has_replication_network: "{{ swift_storage_interface != swift_replication_interface }}"
71
+
69 72
 openstack_swift_auth: "{{ openstack_auth }}"
70 73
 
71 74
 syslog_server: "{{ api_interface_address }}"

+ 15
- 0
ansible/roles/swift/tasks/config.yml View File

@@ -11,14 +11,17 @@
11 11
     - "swift"
12 12
     - "swift-account-auditor"
13 13
     - "swift-account-reaper"
14
+    - "swift-account-replication-server"
14 15
     - "swift-account-replicator"
15 16
     - "swift-account-server"
16 17
     - "swift-container-auditor"
18
+    - "swift-container-replication-server"
17 19
     - "swift-container-replicator"
18 20
     - "swift-container-server"
19 21
     - "swift-container-updater"
20 22
     - "swift-object-auditor"
21 23
     - "swift-object-expirer"
24
+    - "swift-object-replication-server"
22 25
     - "swift-object-replicator"
23 26
     - "swift-object-server"
24 27
     - "swift-object-updater"
@@ -34,14 +37,17 @@
34 37
   with_items:
35 38
     - "swift-account-auditor"
36 39
     - "swift-account-reaper"
40
+    - "swift-account-replication-server"
37 41
     - "swift-account-replicator"
38 42
     - "swift-account-server"
39 43
     - "swift-container-auditor"
44
+    - "swift-container-replication-server"
40 45
     - "swift-container-replicator"
41 46
     - "swift-container-server"
42 47
     - "swift-container-updater"
43 48
     - "swift-object-auditor"
44 49
     - "swift-object-expirer"
50
+    - "swift-object-replication-server"
45 51
     - "swift-object-replicator"
46 52
     - "swift-object-server"
47 53
     - "swift-object-updater"
@@ -64,14 +70,17 @@
64 70
   with_items:
65 71
     - "account-auditor"
66 72
     - "account-reaper"
73
+    - "account-replication-server"
67 74
     - "account-replicator"
68 75
     - "account-server"
69 76
     - "container-auditor"
77
+    - "container-replication-server"
70 78
     - "container-replicator"
71 79
     - "container-server"
72 80
     - "container-updater"
73 81
     - "object-auditor"
74 82
     - "object-expirer"
83
+    - "object-replication-server"
75 84
     - "object-replicator"
76 85
     - "object-server"
77 86
     - "object-updater"
@@ -93,6 +102,7 @@
93 102
   with_items:
94 103
     - "account-auditor"
95 104
     - "account-reaper"
105
+    - "account-replication-server"
96 106
     - "account-replicator"
97 107
     - "account-server"
98 108
 
@@ -111,6 +121,7 @@
111 121
   become: true
112 122
   with_items:
113 123
     - "container-auditor"
124
+    - "container-replication-server"
114 125
     - "container-replicator"
115 126
     - "container-server"
116 127
     - "container-updater"
@@ -131,6 +142,7 @@
131 142
   with_items:
132 143
     - "object-auditor"
133 144
     - "object-expirer"
145
+    - "object-replication-server"
134 146
     - "object-replicator"
135 147
     - "object-server"
136 148
     - "object-updater"
@@ -184,14 +196,17 @@
184 196
   with_items:
185 197
     - "swift-account-auditor"
186 198
     - "swift-account-reaper"
199
+    - "swift-account-replication-server"
187 200
     - "swift-account-replicator"
188 201
     - "swift-account-server"
189 202
     - "swift-container-auditor"
203
+    - "swift-container-replication-server"
190 204
     - "swift-container-replicator"
191 205
     - "swift-container-server"
192 206
     - "swift-container-updater"
193 207
     - "swift-object-auditor"
194 208
     - "swift-object-expirer"
209
+    - "swift-object-replication-server"
195 210
     - "swift-object-replicator"
196 211
     - "swift-object-server"
197 212
     - "swift-object-updater"

+ 3
- 0
ansible/roles/swift/tasks/legacy_upgrade.yml View File

@@ -13,14 +13,17 @@
13 13
     - "swift_rsyncd"
14 14
     - "swift_account_server"
15 15
     - "swift_account_auditor"
16
+    - "swift_account_replication_server"
16 17
     - "swift_account_replicator"
17 18
     - "swift_account_reaper"
18 19
     - "swift_container_server"
19 20
     - "swift_container_auditor"
21
+    - "swift_container_replication_server"
20 22
     - "swift_container_replicator"
21 23
     - "swift_container_updater"
22 24
     - "swift_object_server"
23 25
     - "swift_object_auditor"
26
+    - "swift_object_replication_server"
24 27
     - "swift_object_replicator"
25 28
     - "swift_object_updater"
26 29
     - "swift_object_expirer"

+ 37
- 4
ansible/roles/swift/tasks/precheck.yml View File

@@ -10,7 +10,7 @@
10 10
 
11 11
 - name: Checking free port for Swift Account Server
12 12
   wait_for:
13
-    host: "{{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}"
13
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_storage_interface]['ipv4']['address'] }}"
14 14
     port: "{{ swift_account_server_port }}"
15 15
     connect_timeout: 1
16 16
     timeout: 1
@@ -21,7 +21,7 @@
21 21
 
22 22
 - name: Checking free port for Swift Container Server
23 23
   wait_for:
24
-    host: "{{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}"
24
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_storage_interface]['ipv4']['address'] }}"
25 25
     port: "{{ swift_container_server_port }}"
26 26
     connect_timeout: 1
27 27
     timeout: 1
@@ -32,7 +32,40 @@
32 32
 
33 33
 - name: Checking free port for Swift Object Server
34 34
   wait_for:
35
-    host: "{{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}"
35
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_storage_interface]['ipv4']['address'] }}"
36
+    port: "{{ swift_object_server_port }}"
37
+    connect_timeout: 1
38
+    timeout: 1
39
+    state: stopped
40
+  when:
41
+    - container_facts['swift_object_server'] is not defined
42
+    - inventory_hostname in groups['swift-object-server']
43
+
44
+- name: Checking free port for Swift Account Replication Server
45
+  wait_for:
46
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_replication_interface]['ipv4']['address'] }}"
47
+    port: "{{ swift_account_server_port }}"
48
+    connect_timeout: 1
49
+    timeout: 1
50
+    state: stopped
51
+  when:
52
+    - container_facts['swift_account_server'] is not defined
53
+    - inventory_hostname in groups['swift-account-server']
54
+
55
+- name: Checking free port for Swift Container Replication Server
56
+  wait_for:
57
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_replication_interface]['ipv4']['address'] }}"
58
+    port: "{{ swift_container_server_port }}"
59
+    connect_timeout: 1
60
+    timeout: 1
61
+    state: stopped
62
+  when:
63
+    - container_facts['swift_container_server'] is not defined
64
+    - inventory_hostname in groups['swift-container-server']
65
+
66
+- name: Checking free port for Swift Object Replication Server
67
+  wait_for:
68
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_replication_interface]['ipv4']['address'] }}"
36 69
     port: "{{ swift_object_server_port }}"
37 70
     connect_timeout: 1
38 71
     timeout: 1
@@ -43,7 +76,7 @@
43 76
 
44 77
 - name: Checking free port for Rsync
45 78
   wait_for:
46
-    host: "{{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}"
79
+    host: "{{ hostvars[inventory_hostname]['ansible_' + swift_replication_interface]['ipv4']['address'] }}"
47 80
     port: "873"
48 81
     connect_timeout: 1
49 82
     timeout: 1

+ 15
- 0
ansible/roles/swift/tasks/reconfigure.yml View File

@@ -10,16 +10,19 @@
10 10
   with_items:
11 11
     - { name: swift_account_server, group: swift-account-server }
12 12
     - { name: swift_account_auditor, group: swift-account-server }
13
+    - { name: swift_account_replication_server, group: swift-account-server }
13 14
     - { name: swift_account_replicator, group: swift-account-server }
14 15
     - { name: swift_account_reaper, group: swift-account-server }
15 16
     - { name: swift_rsyncd, group: swift-account-server }
16 17
     - { name: swift_container_server, group: swift-container-server }
17 18
     - { name: swift_container_auditor, group: swift-container-server }
19
+    - { name: swift_container_replication_server, group: swift-container-server }
18 20
     - { name: swift_container_replicator, group: swift-container-server }
19 21
     - { name: swift_container_updater, group: swift-container-server }
20 22
     - { name: swift_rsyncd, group: swift-container-server }
21 23
     - { name: swift_object_server, group: swift-object-server }
22 24
     - { name: swift_object_auditor, group: swift-object-server }
25
+    - { name: swift_object_replication_server, group: swift-object-server }
23 26
     - { name: swift_object_replicator, group: swift-object-server }
24 27
     - { name: swift_object_updater, group: swift-object-server }
25 28
     - { name: swift_object_expirer, group: swift-object-server }
@@ -37,16 +40,19 @@
37 40
   with_items:
38 41
     - { name: swift_account_server, group: swift-account-server }
39 42
     - { name: swift_account_auditor, group: swift-account-server }
43
+    - { name: swift_account_replication_server, group: swift-account-server }
40 44
     - { name: swift_account_replicator, group: swift-account-server }
41 45
     - { name: swift_account_reaper, group: swift-account-server }
42 46
     - { name: swift_rsyncd, group: swift-account-server }
43 47
     - { name: swift_container_server, group: swift-container-server }
44 48
     - { name: swift_container_auditor, group: swift-container-server }
49
+    - { name: swift_container_replication_server, group: swift-container-server }
45 50
     - { name: swift_container_replicator, group: swift-container-server }
46 51
     - { name: swift_container_updater, group: swift-container-server }
47 52
     - { name: swift_rsyncd, group: swift-container-server }
48 53
     - { name: swift_object_server, group: swift-object-server }
49 54
     - { name: swift_object_auditor, group: swift-object-server }
55
+    - { name: swift_object_replication_server, group: swift-object-server }
50 56
     - { name: swift_object_replicator, group: swift-object-server }
51 57
     - { name: swift_object_updater, group: swift-object-server }
52 58
     - { name: swift_object_expirer, group: swift-object-server }
@@ -66,16 +72,19 @@
66 72
   with_items:
67 73
     - { name: swift_account_server, group: swift-account-server }
68 74
     - { name: swift_account_auditor, group: swift-account-server }
75
+    - { name: swift_account_replication_server, group: swift-account-server }
69 76
     - { name: swift_account_replicator, group: swift-account-server }
70 77
     - { name: swift_account_reaper, group: swift-account-server }
71 78
     - { name: swift_rsyncd, group: swift-account-server }
72 79
     - { name: swift_container_server, group: swift-container-server }
73 80
     - { name: swift_container_auditor, group: swift-container-server }
81
+    - { name: swift_container_replication_server, group: swift-container-server }
74 82
     - { name: swift_container_replicator, group: swift-container-server }
75 83
     - { name: swift_container_updater, group: swift-container-server }
76 84
     - { name: swift_rsyncd, group: swift-container-server }
77 85
     - { name: swift_object_server, group: swift-object-server }
78 86
     - { name: swift_object_auditor, group: swift-object-server }
87
+    - { name: swift_object_replication_server, group: swift-object-server }
79 88
     - { name: swift_object_replicator, group: swift-object-server }
80 89
     - { name: swift_object_updater, group: swift-object-server }
81 90
     - { name: swift_object_expirer, group: swift-object-server }
@@ -95,16 +104,19 @@
95 104
   with_together:
96 105
     - [{ name: swift_account_server, group: swift-account-server },
97 106
        { name: swift_account_auditor, group: swift-account-server },
107
+       { name: swift_account_replication_server, group: swift-account-server },
98 108
        { name: swift_account_replicator, group: swift-account-server },
99 109
        { name: swift_account_reaper, group: swift-account-server },
100 110
        { name: swift_rsyncd, group: swift-account-server },
101 111
        { name: swift_container_server, group: swift-container-server },
102 112
        { name: swift_container_auditor, group: swift-container-server },
113
+       { name: swift_container_replication_server, group: swift-container-server },
103 114
        { name: swift_container_replicator, group: swift-container-server },
104 115
        { name: swift_container_updater, group: swift-container-server },
105 116
        { name: swift_rsyncd, group: swift-container-server },
106 117
        { name: swift_object_server, group: swift-object-server },
107 118
        { name: swift_object_auditor, group: swift-object-server },
119
+       { name: swift_object_replication_server, group: swift-object-server },
108 120
        { name: swift_object_replicator, group: swift-object-server },
109 121
        { name: swift_object_updater, group: swift-object-server },
110 122
        { name: swift_object_expirer, group: swift-object-server },
@@ -131,16 +143,19 @@
131 143
   with_together:
132 144
     - [{ name: swift_account_server, group: swift-account-server },
133 145
        { name: swift_account_auditor, group: swift-account-server },
146
+       { name: swift_account_replication_server, group: swift-account-server },
134 147
        { name: swift_account_replicator, group: swift-account-server },
135 148
        { name: swift_account_reaper, group: swift-account-server },
136 149
        { name: swift_rsyncd, group: swift-account-server },
137 150
        { name: swift_container_server, group: swift-container-server },
138 151
        { name: swift_container_auditor, group: swift-container-server },
152
+       { name: swift_container_replication_server, group: swift-container-server },
139 153
        { name: swift_container_replicator, group: swift-container-server },
140 154
        { name: swift_container_updater, group: swift-container-server },
141 155
        { name: swift_rsyncd, group: swift-container-server },
142 156
        { name: swift_object_server, group: swift-object-server },
143 157
        { name: swift_object_auditor, group: swift-object-server },
158
+       { name: swift_object_replication_server, group: swift-object-server },
144 159
        { name: swift_object_replicator, group: swift-object-server },
145 160
        { name: swift_object_updater, group: swift-object-server },
146 161
        { name: swift_object_expirer, group: swift-object-server },

+ 54
- 0
ansible/roles/swift/tasks/start.yml View File

@@ -75,6 +75,24 @@
75 75
       - "/etc/localtime:/etc/localtime:ro"
76 76
   when: inventory_hostname in groups['swift-account-server']
77 77
 
78
+- name: Starting swift-account-replication-server container
79
+  become: true
80
+  kolla_docker:
81
+    action: "start_container"
82
+    common_options: "{{ docker_common_options }}"
83
+    environment:
84
+      RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
85
+    image: "{{ swift_account_image_full }}"
86
+    name: "swift_account_replication_server"
87
+    volumes:
88
+      - "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
89
+      - "{{ node_config_directory }}/swift-account-replication-server/:{{ container_config_directory }}/:ro"
90
+      - "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
91
+      - "/etc/localtime:/etc/localtime:ro"
92
+  when:
93
+    - inventory_hostname in groups['swift-account-server']
94
+    - swift_has_replication_network
95
+
78 96
 - name: Starting swift-account-replicator container
79 97
   become: true
80 98
   kolla_docker:
@@ -133,6 +151,24 @@
133 151
       - "/etc/localtime:/etc/localtime:ro"
134 152
   when: inventory_hostname in groups['swift-container-server']
135 153
 
154
+- name: Starting swift-container-replication-server container
155
+  become: true
156
+  kolla_docker:
157
+    action: "start_container"
158
+    common_options: "{{ docker_common_options }}"
159
+    environment:
160
+      RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
161
+    image: "{{ swift_container_image_full }}"
162
+    name: "swift_container_replication_server"
163
+    volumes:
164
+      - "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
165
+      - "{{ node_config_directory }}/swift-container-replication-server/:{{ container_config_directory }}/:ro"
166
+      - "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
167
+      - "/etc/localtime:/etc/localtime:ro"
168
+  when:
169
+    - inventory_hostname in groups['swift-container-server']
170
+    - swift_has_replication_network
171
+
136 172
 - name: Starting swift-container-replicator container
137 173
   become: true
138 174
   kolla_docker:
@@ -191,6 +227,24 @@
191 227
       - "/etc/localtime:/etc/localtime:ro"
192 228
   when: inventory_hostname in groups['swift-object-server']
193 229
 
230
+- name: Starting swift-object-replication-server container
231
+  become: true
232
+  kolla_docker:
233
+    action: "start_container"
234
+    common_options: "{{ docker_common_options }}"
235
+    environment:
236
+      RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
237
+    image: "{{ swift_object_image_full }}"
238
+    name: "swift_object_replication_server"
239
+    volumes:
240
+      - "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
241
+      - "{{ node_config_directory }}/swift-object-replication-server/:{{ container_config_directory }}/:ro"
242
+      - "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
243
+      - "/etc/localtime:/etc/localtime:ro"
244
+  when:
245
+    - inventory_hostname in groups['swift-object-server']
246
+    - swift_has_replication_network
247
+
194 248
 - name: Starting swift-object-replicator container
195 249
   become: true
196 250
   kolla_docker:

+ 5
- 1
ansible/roles/swift/templates/account.conf.j2 View File

@@ -1,5 +1,6 @@
1
+{% set interface = swift_replication_interface if 'replicat' in service_name else swift_storage_interface %}
1 2
 [DEFAULT]
2
-bind_ip = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}
3
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + interface]['ipv4']['address'] }}
3 4
 bind_port = {{ swift_account_server_port }}
4 5
 devices = {{ swift_devices_mount_point }}
5 6
 mount_check = false
@@ -15,6 +16,9 @@ pipeline = account-server
15 16
 
16 17
 [app:account-server]
17 18
 use = egg:swift#account
19
+{% if swift_has_replication_network %}
20
+replication_server = {{ service_name == 'swift-account-replication-server' }}
21
+{% endif %}
18 22
 
19 23
 {% if service_name == 'swift-account-auditor' %}
20 24
 [account-auditor]

+ 5
- 1
ansible/roles/swift/templates/container.conf.j2 View File

@@ -1,5 +1,6 @@
1
+{% set interface = swift_replication_interface if 'replicat' in service_name else swift_storage_interface %}
1 2
 [DEFAULT]
2
-bind_ip = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}
3
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + interface]['ipv4']['address'] }}
3 4
 bind_port = {{ swift_container_server_port }}
4 5
 devices = {{ swift_devices_mount_point }}
5 6
 mount_check = false
@@ -16,6 +17,9 @@ pipeline = container-server
16 17
 [app:container-server]
17 18
 use = egg:swift#container
18 19
 allow_versions = True
20
+{% if swift_has_replication_network %}
21
+replication_server = {{ service_name == 'swift-container-replication-server' }}
22
+{% endif %}
19 23
 
20 24
 {% if service_name == 'swift-container-auditor' %}
21 25
 [container-auditor]

+ 5
- 1
ansible/roles/swift/templates/object.conf.j2 View File

@@ -1,5 +1,6 @@
1
+{% set interface = swift_replication_interface if 'replicat' in service_name else swift_storage_interface %}
1 2
 [DEFAULT]
2
-bind_ip = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}
3
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + interface]['ipv4']['address'] }}
3 4
 bind_port = {{ swift_object_server_port }}
4 5
 devices = {{ swift_devices_mount_point }}
5 6
 mount_check = false
@@ -20,6 +21,9 @@ pipeline = object-server
20 21
 
21 22
 [app:object-server]
22 23
 use = egg:swift#object
24
+{% if swift_has_replication_network %}
25
+replication_server = {{ service_name == 'swift-object-replication-server' }}
26
+{% endif %}
23 27
 
24 28
 {% if service_name == 'swift-object-auditor' %}
25 29
 [object-auditor]

+ 1
- 1
ansible/roles/swift/templates/rsyncd.conf.j2 View File

@@ -1,4 +1,4 @@
1
-address = {{ api_interface_address }}
1
+address = {{ hostvars[inventory_hostname]['ansible_' + swift_replication_interface]['ipv4']['address'] }}
2 2
 
3 3
 {% if inventory_hostname in groups['swift-account-server'] %}
4 4
 [account]

+ 30
- 0
ansible/roles/swift/templates/swift-account-replication-server.json.j2 View File

@@ -0,0 +1,30 @@
1
+{
2
+    "command": "swift-account-server /etc/swift/account-server.conf --verbose",
3
+    "config_files": [
4
+        {
5
+            "source": "/var/lib/kolla/swift/account.ring.gz",
6
+            "dest": "/etc/swift/account.ring.gz",
7
+            "owner": "swift",
8
+            "perm": "0640"
9
+        },
10
+        {
11
+            "source": "{{ container_config_directory }}/swift.conf",
12
+            "dest": "/etc/swift/swift.conf",
13
+            "owner": "swift",
14
+            "perm": "0640"
15
+        },
16
+        {
17
+            "source": "{{ container_config_directory }}/account-replication-server.conf",
18
+            "dest": "/etc/swift/account-server.conf",
19
+            "owner": "swift",
20
+            "perm": "0640"
21
+        },
22
+        {
23
+            "source": "{{ container_config_directory }}/policy.json",
24
+            "dest": "/etc/swift/policy.json",
25
+            "owner": "swift",
26
+            "perm": "0600",
27
+            "optional": true
28
+        }
29
+    ]
30
+}

+ 30
- 0
ansible/roles/swift/templates/swift-container-replication-server.json.j2 View File

@@ -0,0 +1,30 @@
1
+{
2
+    "command": "swift-container-server /etc/swift/container-server.conf --verbose",
3
+    "config_files": [
4
+        {
5
+            "source": "/var/lib/kolla/swift/container.ring.gz",
6
+            "dest": "/etc/swift/container.ring.gz",
7
+            "owner": "swift",
8
+            "perm": "0640"
9
+        },
10
+        {
11
+            "source": "{{ container_config_directory }}/swift.conf",
12
+            "dest": "/etc/swift/swift.conf",
13
+            "owner": "swift",
14
+            "perm": "0640"
15
+        },
16
+        {
17
+            "source": "{{ container_config_directory }}/container-replication-server.conf",
18
+            "dest": "/etc/swift/container-server.conf",
19
+            "owner": "swift",
20
+            "perm": "0640"
21
+        },
22
+        {
23
+            "source": "{{ container_config_directory }}/policy.json",
24
+            "dest": "/etc/swift/policy.json",
25
+            "owner": "swift",
26
+            "perm": "0600",
27
+            "optional": true
28
+        }
29
+    ]
30
+}

+ 36
- 0
ansible/roles/swift/templates/swift-object-replication-server.json.j2 View File

@@ -0,0 +1,36 @@
1
+{
2
+    "command": "swift-object-server /etc/swift/object-server.conf --verbose",
3
+    "config_files": [
4
+        {
5
+            "source": "/var/lib/kolla/swift/container.ring.gz",
6
+            "dest": "/etc/swift/container.ring.gz",
7
+            "owner": "swift",
8
+            "perm": "0640"
9
+        },
10
+        {
11
+            "source": "/var/lib/kolla/swift/object.ring.gz",
12
+            "dest": "/etc/swift/object.ring.gz",
13
+            "owner": "swift",
14
+            "perm": "0640"
15
+        },
16
+        {
17
+            "source": "{{ container_config_directory }}/swift.conf",
18
+            "dest": "/etc/swift/swift.conf",
19
+            "owner": "swift",
20
+            "perm": "0640"
21
+        },
22
+        {
23
+            "source": "{{ container_config_directory }}/object-replication-server.conf",
24
+            "dest": "/etc/swift/object-server.conf",
25
+            "owner": "swift",
26
+            "perm": "0640"
27
+        },
28
+        {
29
+            "source": "{{ container_config_directory }}/policy.json",
30
+            "dest": "/etc/swift/policy.json",
31
+            "owner": "swift",
32
+            "perm": "0600",
33
+            "optional": true
34
+        }
35
+    ]
36
+}

+ 9
- 1
doc/source/admin/production-architecture-guide.rst View File

@@ -56,7 +56,7 @@ In Kolla operators should configure following network interfaces:
56 56
 
57 57
 * ``storage_interface`` - This is the interface that is used by virtual
58 58
   machines to communicate to Ceph. This can be heavily utilized so it's
59
-  recommended to put this network on 10Gig networking. Defaults to
59
+  recommended to use a high speed network fabric. Defaults to
60 60
   ``network_interface``.
61 61
 
62 62
 * ``cluster_interface`` - This is another interface used by Ceph. It's used for
@@ -64,6 +64,14 @@ In Kolla operators should configure following network interfaces:
64 64
   bottleneck it can affect data consistency and performance of whole cluster.
65 65
   Defaults to ``network_interface``.
66 66
 
67
+* ``swift_storage_interface`` - This interface is used by Swift for storage
68
+  access traffic.  This can be heavily utilized so it's recommended to use
69
+  a high speed network fabric. Defaults to ``storage_interface``.
70
+
71
+* ``swift_replication_interface`` - This interface is used by Swift for storage
72
+  replication traffic.  This can be heavily utilized so it's recommended to use
73
+  a high speed network fabric. Defaults to ``swift_storage_interface``.
74
+
67 75
 * ``tunnel_interface`` - This interface is used by Neutron for vm-to-vm traffic
68 76
   over tunneled networks (like VxLan). Defaults to ``network_interface``.
69 77
 

+ 32
- 0
doc/source/reference/storage/swift-guide.rst View File

@@ -10,6 +10,24 @@ Overview
10 10
 Kolla can deploy a full working Swift setup in either a **all-in-one** or
11 11
 **multinode** setup.
12 12
 
13
+Networking
14
+~~~~~~~~~~
15
+
16
+The following networks are used by Swift:
17
+
18
+External API network (``kolla_external_vip_interface``)
19
+  This network is used by users to access the Swift public API.
20
+Internal API network (``api_interface``)
21
+  This network is used by users to access the Swift internal API. It is also
22
+  used by HAProxy to access the Swift proxy servers.
23
+Swift Storage network (``swift_storage_interface``)
24
+  This network is used by the Swift proxy server to access the account,
25
+  container and object servers. Defaults to ``storage_interface``.
26
+Swift replication network (``swift_replication_network``)
27
+  This network is used for Swift storage replication traffic.
28
+  This is optional as the default configuration uses
29
+  the ``swift_storage_interface`` for replication traffic.
30
+
13 31
 Disks with a partition table (recommended)
14 32
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 33
 
@@ -75,6 +93,11 @@ generate rings for a demo setup. The commands work with **disks with partition
75 93
 table** example listed above. Please modify accordingly if your setup is
76 94
 different.
77 95
 
96
+If using a separate replication network it is necessary to add the replication
97
+network IP addresses to the rings. See the `Swift documentation
98
+<https://docs.openstack.org/swift/latest/replication_network.html#dedicated-replication-network>`__
99
+for details on how to do that.
100
+
78 101
 Prepare for Rings generating
79 102
 ----------------------------
80 103
 
@@ -162,6 +185,15 @@ To generate Swift container ring, run the following commands:
162 185
        done
163 186
    done
164 187
 
188
+.. end
189
+
190
+Rebalance
191
+---------
192
+
193
+To rebalance the ring files:
194
+
195
+.. code-block:: console
196
+
165 197
    for ring in object account container; do
166 198
      docker run \
167 199
        --rm \

+ 2
- 0
etc/kolla/globals.yml View File

@@ -90,6 +90,8 @@ kolla_internal_vip_address: "10.10.10.254"
90 90
 #api_interface: "{{ network_interface }}"
91 91
 #storage_interface: "{{ network_interface }}"
92 92
 #cluster_interface: "{{ network_interface }}"
93
+#swift_storage_interface: "{{ storage_interface }}"
94
+#swift_replication_interface: "{{ swift_storage_interface }}"
93 95
 #tunnel_interface: "{{ network_interface }}"
94 96
 #dns_interface: "{{ network_interface }}"
95 97
 #octavia_network_interface: "{{ api_interface }}"

+ 22
- 0
releasenotes/notes/swift-replication-network-40ecd13e4339f299.yaml View File

@@ -0,0 +1,22 @@
1
+---
2
+features:
3
+  - |
4
+    Adds support to seperate Swift access and replication traffic from other
5
+    storage traffic.
6
+
7
+    In a deployment where both Ceph and Swift have been deployed,
8
+    this changes adds functionalality to support optional seperation
9
+    of storage network traffic. This adds two new network interfaces
10
+    'swift_storage_interface' and 'swift_replication_interface' which maintain
11
+    backwards compatibility.
12
+
13
+    The Swift access network interface is configured via 'swift_storage_interface',
14
+    which defaults to 'storage_interface'. The Swift replication network
15
+    interface is configured via 'swift_replication_interface', which
16
+    defaults to 'swift_storage_interface'.
17
+
18
+    If a separate replication network is used, Kolla Ansible now deploys separate
19
+    replication servers for the accounts, containers and objects, that listen on
20
+    this network. In this case, these services handle only replication traffic, and
21
+    the original account-, container- and object- servers only handle storage
22
+    user requests.

Loading…
Cancel
Save