rgw profile: Support keystone integration

This introduces a few new parameters to the profile class so that users
can enable keystone integration of RADOS Gateway.

This allows us to fix some ignored profile parameters, and also remove
the references from the non-profile manifest to the profile parameters.

The rgw_keystone_version parameter is removed by this change.
The actual parameter was deprecated[1] and was removed[2] from the rgw
class very long ago.

[1] 85b9d61c40
[2] 0377da4e08

Change-Id: I4026d3c2d40ae9b7ed9c3a60529011854b878f89

manifests/profile/params.pp

@@ -115,11 +115,14 @@
 #  Optional.
 #
 # [*frontend_type*] What type of frontend to use
-#   Optional. Options are apache-fastcgi, apache-proxy-fcgi or civetweb
+#   Optional. Options are civetweb, beast, apache-proxy-fcgi or apache-fastcgi.
 #
 # [*rgw_frontends*] Arguments to the rgw frontend
 #   Optional. Example: "civetweb port=7480"
 #
+# [*rgw_swift_url*] The URL for the Ceph Object Gateway Swift API.
+#   Optional.
+#
 # [*osd_max_backfills*] The maximum number of backfills allowed to or from a single OSD.
 #   Optional. Default provided by Ceph
 #
@@ -140,25 +143,32 @@
 #   Set to 0 to disable it.
 #   Optional. Default provided by Ceph
 #
-# [*rgw_keystone_version*] The api version for keystone.
-#   Possible values 'v2.0', 'v3'
-#   Optional. Default is 'v2.0'
+# [*rgw_keystone_integration*] Enables RGW integration with OpenStack Keystone
+#   Optional. Default is false
 #
-# [*rgw_keystone_admin_domain*] The name of OpenStack domain with admin
-#   privilege when using OpenStack Identity API v3
+# [*rgw_keystone_url*] The internal or admin url for keystone.
 #   Optional. Default is undef
 #
-# [*rgw_keystone_admin_project*] The name of OpenStack project with admin
-#   privilege when using OpenStack Identity API v3
+# [*rgw_keystone_admin_domain*] The name of OpenStack domain with admin privilege.
 #   Optional. Default is undef
 #
-# [*rgw_keystone_admin_user*] The user name of OpenStack tenant with admin
-#   privilege (Service Tenant)
-#   Required if is 'v3'.
+# [*rgw_keystone_admin_project*] The name of OpenStack project with admin privilege.
+#   Required when RGW integration with Keystone is enabled.
+#
+# [*rgw_keystone_admin_user*] The user name of OpenStack tenant with admin privilege.
+#   Required when RGW integration with Keystone is enabled.
 #
 # [*rgw_keystone_admin_password*] The password for OpenStack admin user
-#   Required if is 'v3'.
-# 
+#   Required when RGW integration with Keystone is enabled.
+#
+# [*rgw_swift_public_url*] The public URL of Swift API. Optional.
+#
+# [*rgw_swift_admin_url*] The admin URL of Swift API. Optional.
+#
+# [*rgw_swift_internal_url*] The internal URL of Swift API. Optional.
+#
+# [*rgw_swift_region*] The region for Swift API. Optional
+#
 # [*rbd_mirror_client_name*] Name of the cephx client key used for rbd mirroring
 #   Optional. Default is undef
 #
@@ -173,7 +183,7 @@
 #
 # [*rbd_default_features*] Set RBD features configuration.
 #   Optional. String. Defaults to undef.
-# 
+#
 # **DEPRECATED PARAMS**
 #
 # [*pid_max*] Value for pid_max. Defaults to undef. Optional.
@@ -213,17 +223,23 @@ class ceph::profile::params (
   $rgw_print_continue = undef,
   $frontend_type = undef,
   $rgw_frontends = undef,
+  $rgw_swift_url = undef,
   $osd_max_backfills = undef,
   $osd_recovery_max_active = undef,
   $osd_recovery_op_priority = undef,
   $osd_recovery_max_single_start = undef,
   $osd_max_scrubs = undef,
   $osd_op_threads = undef,
-  $rgw_keystone_version = 'v2.0',
+  Boolean $rgw_keystone_integration = false,
+  $rgw_keystone_url = undef,
   $rgw_keystone_admin_domain = undef,
   $rgw_keystone_admin_project = undef,
   $rgw_keystone_admin_user = undef,
   $rgw_keystone_admin_password = undef,
+  $rgw_swift_public_url = undef,
+  $rgw_swift_admin_url = undef,
+  $rgw_swift_internal_url = undef,
+  $rgw_swift_region = undef,
   $rbd_mirror_client_name = undef,
   $fs_metadata_pool = undef,
   $fs_data_pool = undef,

manifests/profile/rgw.pp

@@ -30,5 +30,26 @@ class ceph::profile::rgw {
     rgw_print_continue => $ceph::profile::params::rgw_print_continue,
     frontend_type      => $ceph::profile::params::frontend_type,
     rgw_frontends      => $ceph::profile::params::rgw_frontends,
+    rgw_swift_url      => $ceph::profile::params::rgw_swift_url,
+  }
+
+  if $ceph::profile::params::rgw_keystone_integration {
+    ceph::rgw::keystone { $rgw_name:
+      rgw_keystone_admin_domain   => $ceph::profile::params::rgw_keystone_admin_domain,
+      rgw_keystone_admin_project  => $ceph::profile::params::rgw_keystone_admin_project,
+      rgw_keystone_admin_user     => $ceph::profile::params::rgw_keystone_admin_user,
+      rgw_keystone_admin_password => $ceph::profile::params::rgw_keystone_admin_password,
+      rgw_keystone_url            => $ceph::profile::params::rgw_keystone_url,
+    }
+
+    class { 'ceph::rgw::keystone::auth':
+      password     => $ceph::profile::params::rgw_keystone_admin_password,
+      user         => $ceph::profile::params::rgw_keystone_admin_user,
+      tenant       => $ceph::profile::params::rgw_keystone_admin_project,
+      public_url   => $ceph::profile::params::rgw_swift_public_url,
+      admin_url    => $ceph::profile::params::rgw_swift_admin_url,
+      internal_url => $ceph::profile::params::rgw_swift_internal_url,
+      region       => $ceph::profile::params::rgw_swift_region,
+    }
   }
 }

manifests/rgw/keystone/auth.pp

@@ -5,12 +5,13 @@
 # === Parameters
 #
 # [*password*]
-#  Password for the RGW user. 
-#  Defaults to ceph::profile::params::rgw_keystone_admin_password
+#   Password for the RGW user. Required.
 #
 # [*user*]
-#   Username for the RGW user. Optional.
-#   Defaults to ceph::profile::params::rgw_keystone_admin_use
+#   Username for the RGW user. Required.
+#
+# [*tenant*]
+#   Tenant for user. Required.
 #
 # [*email*]
 #   Email for the RGW user. Optional.
@@ -36,10 +37,6 @@
 #   Region for endpoint. Optional.
 #   Defaults to 'RegionOne'
 #
-# [*tenant*]
-#   Tenant for user. Optional.
-#   Defaults to ceph::profile::params::rgw_keystone_admin_project
-#
 # [*service_description*]
 #   (Optional) Description of the service.
 #   Default to 'Ceph RGW Service'
@@ -59,15 +56,15 @@
 #   Defaults to undef
 #
 class ceph::rgw::keystone::auth (
-  $password            = $ceph::profile::params::rgw_keystone_admin_password,
-  $user                = $ceph::profile::params::rgw_keystone_admin_user,
+  $password,
+  $user,
+  $tenant,
   $email               = 'rgwuser@localhost',
   $roles               = ['admin'],
   $public_url          = 'http://127.0.0.1:8080/swift/v1',
   $admin_url           = 'http://127.0.0.1:8080/swift/v1',
   $internal_url        = 'http://127.0.0.1:8080/swift/v1',
   $region              = 'RegionOne',
-  $tenant              = $ceph::profile::params::rgw_keystone_admin_project,
   $service_description = 'Ceph RGW Service',
   $service_name        = 'swift',
   $service_type        = 'object-store',

releasenotes/notes/profole-rgw-keystone-ae3e12516963d52e.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - |
+    The new ``ceph::profile::params::rgw_keystone_integration`` parameter has
+    been added. This allows enabling Ceph RADOS Gateway integration with
+    OpenStack Keystone.
+
+upgrade:
+  - |
+    The ``ceph::profile::params::rgw_keystone_version`` parameter has been
+    removed.

spec/classes/ceph_profile_rgw_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe 'ceph::profile::rgw' do
+
+  shared_examples 'ceph profile rgw' do
+
+    it { should contain_ceph__rgw('radosgw.gateway').with(
+      :user          => 'ceph',
+      :frontend_type => 'beast',
+      :rgw_frontends => 'beast endpoint=127.0.0.1:8080',
+      :rgw_swift_url => 'http://127.0.0.1:8080',
+    ) }
+    it { should contain_ceph__rgw__keystone('radosgw.gateway').with(
+      :rgw_keystone_admin_domain   => 'Default',
+      :rgw_keystone_admin_project  => 'services',
+      :rgw_keystone_admin_user     => 'rgwuser',
+      :rgw_keystone_admin_password => 'secret',
+      :rgw_keystone_url            => 'http://127.0.0.1:5000'
+    ) }
+    it { should contain_class('ceph::rgw::keystone::auth').with(
+      :password     => 'secret',
+      :user         => 'rgwuser',
+      :tenant       => 'services',
+      :public_url   => 'http://127.0.0.1:8080/swift/v1',
+      :admin_url    => 'http://127.0.0.1:8080/swift/v1',
+      :internal_url => 'http://127.0.0.1:8080/swift/v1',
+    ) }
+  end
+
+  on_supported_os({
+    :supported_os => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'ceph profile rgw'
+    end
+  end
+end

spec/fixtures/hieradata/common.yaml

@@ -26,6 +26,20 @@ ceph::profile::params::osd_op_threads: '2'
 ceph::profile::params::fs_name: 'fs_name'
 ceph::profile::params::fs_metadata_pool: 'metadata_pool'
 ceph::profile::params::fs_data_pool: 'data_pool'
+ceph::profile::params::rgw_user: 'ceph'
+ceph::profile::params::frontend_type: 'beast'
+ceph::profile::params::rgw_frontends: 'beast endpoint=127.0.0.1:8080'
+ceph::profile::params::rgw_swift_url: 'http://127.0.0.1:8080'
+ceph::profile::params::rgw_keystone_integration: true
+ceph::profile::params::rgw_keystone_url: 'http://127.0.0.1:5000'
+ceph::profile::params::rgw_keystone_admin_domain: 'Default'
+ceph::profile::params::rgw_keystone_admin_project: 'services'
+ceph::profile::params::rgw_keystone_admin_user: 'rgwuser'
+ceph::profile::params::rgw_keystone_admin_password: 'secret'
+ceph::profile::params::rgw_swift_public_url: 'http://127.0.0.1:8080/swift/v1'
+ceph::profile::params::rgw_swift_admin_url: 'http://127.0.0.1:8080/swift/v1'
+ceph::profile::params::rgw_swift_internal_url: 'http://127.0.0.1:8080/swift/v1'
+ceph::profile::params::rgw_swift_region: 'RegionOne'
 
 ######## Keys
 ceph::profile::params::mds_key: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='