From e9708581209e6d97cf67810f5ec007c60bab07cd Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 30 Jul 2023 02:11:32 +0900 Subject: [PATCH] rgw profile: Support keystone integration This introduces a few new parameters to the profile class so that users can enable keystone integration of RADOS Gateway. This allows us to fix some ignored profile parameters, and also remove the references from the non-profile manifest to the profile parameters. The rgw_keystone_version parameter is removed by this change. The actual parameter was deprecated[1] and was removed[2] from the rgw class very long ago. [1] 85b9d61c40430de32d311cea201a2a33ec91a6b8 [2] 0377da4e088ab88b97af1143191be8da39e1623b Change-Id: I4026d3c2d40ae9b7ed9c3a60529011854b878f89 --- manifests/profile/params.pp | 46 +++++++++++++------ manifests/profile/rgw.pp | 21 +++++++++ manifests/rgw/keystone/auth.pp | 19 ++++---- ...profole-rgw-keystone-ae3e12516963d52e.yaml | 11 +++++ spec/classes/ceph_profile_rgw_spec.rb | 41 +++++++++++++++++ spec/fixtures/hieradata/common.yaml | 14 ++++++ 6 files changed, 126 insertions(+), 26 deletions(-) create mode 100644 releasenotes/notes/profole-rgw-keystone-ae3e12516963d52e.yaml create mode 100644 spec/classes/ceph_profile_rgw_spec.rb diff --git a/manifests/profile/params.pp b/manifests/profile/params.pp index 21eb3e62..b7f36b47 100644 --- a/manifests/profile/params.pp +++ b/manifests/profile/params.pp @@ -115,11 +115,14 @@ # Optional. # # [*frontend_type*] What type of frontend to use -# Optional. Options are apache-fastcgi, apache-proxy-fcgi or civetweb +# Optional. Options are civetweb, beast, apache-proxy-fcgi or apache-fastcgi. # # [*rgw_frontends*] Arguments to the rgw frontend # Optional. Example: "civetweb port=7480" # +# [*rgw_swift_url*] The URL for the Ceph Object Gateway Swift API. +# Optional. +# # [*osd_max_backfills*] The maximum number of backfills allowed to or from a single OSD. # Optional. Default provided by Ceph # @@ -140,25 +143,32 @@ # Set to 0 to disable it. # Optional. Default provided by Ceph # -# [*rgw_keystone_version*] The api version for keystone. -# Possible values 'v2.0', 'v3' -# Optional. Default is 'v2.0' +# [*rgw_keystone_integration*] Enables RGW integration with OpenStack Keystone +# Optional. Default is false # -# [*rgw_keystone_admin_domain*] The name of OpenStack domain with admin -# privilege when using OpenStack Identity API v3 +# [*rgw_keystone_url*] The internal or admin url for keystone. # Optional. Default is undef # -# [*rgw_keystone_admin_project*] The name of OpenStack project with admin -# privilege when using OpenStack Identity API v3 +# [*rgw_keystone_admin_domain*] The name of OpenStack domain with admin privilege. # Optional. Default is undef # -# [*rgw_keystone_admin_user*] The user name of OpenStack tenant with admin -# privilege (Service Tenant) -# Required if is 'v3'. +# [*rgw_keystone_admin_project*] The name of OpenStack project with admin privilege. +# Required when RGW integration with Keystone is enabled. +# +# [*rgw_keystone_admin_user*] The user name of OpenStack tenant with admin privilege. +# Required when RGW integration with Keystone is enabled. # # [*rgw_keystone_admin_password*] The password for OpenStack admin user -# Required if is 'v3'. -# +# Required when RGW integration with Keystone is enabled. +# +# [*rgw_swift_public_url*] The public URL of Swift API. Optional. +# +# [*rgw_swift_admin_url*] The admin URL of Swift API. Optional. +# +# [*rgw_swift_internal_url*] The internal URL of Swift API. Optional. +# +# [*rgw_swift_region*] The region for Swift API. Optional +# # [*rbd_mirror_client_name*] Name of the cephx client key used for rbd mirroring # Optional. Default is undef # @@ -173,7 +183,7 @@ # # [*rbd_default_features*] Set RBD features configuration. # Optional. String. Defaults to undef. -# +# # **DEPRECATED PARAMS** # # [*pid_max*] Value for pid_max. Defaults to undef. Optional. @@ -213,17 +223,23 @@ class ceph::profile::params ( $rgw_print_continue = undef, $frontend_type = undef, $rgw_frontends = undef, + $rgw_swift_url = undef, $osd_max_backfills = undef, $osd_recovery_max_active = undef, $osd_recovery_op_priority = undef, $osd_recovery_max_single_start = undef, $osd_max_scrubs = undef, $osd_op_threads = undef, - $rgw_keystone_version = 'v2.0', + Boolean $rgw_keystone_integration = false, + $rgw_keystone_url = undef, $rgw_keystone_admin_domain = undef, $rgw_keystone_admin_project = undef, $rgw_keystone_admin_user = undef, $rgw_keystone_admin_password = undef, + $rgw_swift_public_url = undef, + $rgw_swift_admin_url = undef, + $rgw_swift_internal_url = undef, + $rgw_swift_region = undef, $rbd_mirror_client_name = undef, $fs_metadata_pool = undef, $fs_data_pool = undef, diff --git a/manifests/profile/rgw.pp b/manifests/profile/rgw.pp index 09623af3..034d6794 100644 --- a/manifests/profile/rgw.pp +++ b/manifests/profile/rgw.pp @@ -30,5 +30,26 @@ class ceph::profile::rgw { rgw_print_continue => $ceph::profile::params::rgw_print_continue, frontend_type => $ceph::profile::params::frontend_type, rgw_frontends => $ceph::profile::params::rgw_frontends, + rgw_swift_url => $ceph::profile::params::rgw_swift_url, + } + + if $ceph::profile::params::rgw_keystone_integration { + ceph::rgw::keystone { $rgw_name: + rgw_keystone_admin_domain => $ceph::profile::params::rgw_keystone_admin_domain, + rgw_keystone_admin_project => $ceph::profile::params::rgw_keystone_admin_project, + rgw_keystone_admin_user => $ceph::profile::params::rgw_keystone_admin_user, + rgw_keystone_admin_password => $ceph::profile::params::rgw_keystone_admin_password, + rgw_keystone_url => $ceph::profile::params::rgw_keystone_url, + } + + class { 'ceph::rgw::keystone::auth': + password => $ceph::profile::params::rgw_keystone_admin_password, + user => $ceph::profile::params::rgw_keystone_admin_user, + tenant => $ceph::profile::params::rgw_keystone_admin_project, + public_url => $ceph::profile::params::rgw_swift_public_url, + admin_url => $ceph::profile::params::rgw_swift_admin_url, + internal_url => $ceph::profile::params::rgw_swift_internal_url, + region => $ceph::profile::params::rgw_swift_region, + } } } diff --git a/manifests/rgw/keystone/auth.pp b/manifests/rgw/keystone/auth.pp index c4ca9061..f8118bd1 100644 --- a/manifests/rgw/keystone/auth.pp +++ b/manifests/rgw/keystone/auth.pp @@ -5,12 +5,13 @@ # === Parameters # # [*password*] -# Password for the RGW user. -# Defaults to ceph::profile::params::rgw_keystone_admin_password +# Password for the RGW user. Required. # # [*user*] -# Username for the RGW user. Optional. -# Defaults to ceph::profile::params::rgw_keystone_admin_use +# Username for the RGW user. Required. +# +# [*tenant*] +# Tenant for user. Required. # # [*email*] # Email for the RGW user. Optional. @@ -36,10 +37,6 @@ # Region for endpoint. Optional. # Defaults to 'RegionOne' # -# [*tenant*] -# Tenant for user. Optional. -# Defaults to ceph::profile::params::rgw_keystone_admin_project -# # [*service_description*] # (Optional) Description of the service. # Default to 'Ceph RGW Service' @@ -59,15 +56,15 @@ # Defaults to undef # class ceph::rgw::keystone::auth ( - $password = $ceph::profile::params::rgw_keystone_admin_password, - $user = $ceph::profile::params::rgw_keystone_admin_user, + $password, + $user, + $tenant, $email = 'rgwuser@localhost', $roles = ['admin'], $public_url = 'http://127.0.0.1:8080/swift/v1', $admin_url = 'http://127.0.0.1:8080/swift/v1', $internal_url = 'http://127.0.0.1:8080/swift/v1', $region = 'RegionOne', - $tenant = $ceph::profile::params::rgw_keystone_admin_project, $service_description = 'Ceph RGW Service', $service_name = 'swift', $service_type = 'object-store', diff --git a/releasenotes/notes/profole-rgw-keystone-ae3e12516963d52e.yaml b/releasenotes/notes/profole-rgw-keystone-ae3e12516963d52e.yaml new file mode 100644 index 00000000..35e9b841 --- /dev/null +++ b/releasenotes/notes/profole-rgw-keystone-ae3e12516963d52e.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + The new ``ceph::profile::params::rgw_keystone_integration`` parameter has + been added. This allows enabling Ceph RADOS Gateway integration with + OpenStack Keystone. + +upgrade: + - | + The ``ceph::profile::params::rgw_keystone_version`` parameter has been + removed. diff --git a/spec/classes/ceph_profile_rgw_spec.rb b/spec/classes/ceph_profile_rgw_spec.rb new file mode 100644 index 00000000..88af2dc1 --- /dev/null +++ b/spec/classes/ceph_profile_rgw_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'ceph::profile::rgw' do + + shared_examples 'ceph profile rgw' do + + it { should contain_ceph__rgw('radosgw.gateway').with( + :user => 'ceph', + :frontend_type => 'beast', + :rgw_frontends => 'beast endpoint=127.0.0.1:8080', + :rgw_swift_url => 'http://127.0.0.1:8080', + ) } + it { should contain_ceph__rgw__keystone('radosgw.gateway').with( + :rgw_keystone_admin_domain => 'Default', + :rgw_keystone_admin_project => 'services', + :rgw_keystone_admin_user => 'rgwuser', + :rgw_keystone_admin_password => 'secret', + :rgw_keystone_url => 'http://127.0.0.1:5000' + ) } + it { should contain_class('ceph::rgw::keystone::auth').with( + :password => 'secret', + :user => 'rgwuser', + :tenant => 'services', + :public_url => 'http://127.0.0.1:8080/swift/v1', + :admin_url => 'http://127.0.0.1:8080/swift/v1', + :internal_url => 'http://127.0.0.1:8080/swift/v1', + ) } + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'ceph profile rgw' + end + end +end diff --git a/spec/fixtures/hieradata/common.yaml b/spec/fixtures/hieradata/common.yaml index 270e3afe..4b5abeb7 100644 --- a/spec/fixtures/hieradata/common.yaml +++ b/spec/fixtures/hieradata/common.yaml @@ -26,6 +26,20 @@ ceph::profile::params::osd_op_threads: '2' ceph::profile::params::fs_name: 'fs_name' ceph::profile::params::fs_metadata_pool: 'metadata_pool' ceph::profile::params::fs_data_pool: 'data_pool' +ceph::profile::params::rgw_user: 'ceph' +ceph::profile::params::frontend_type: 'beast' +ceph::profile::params::rgw_frontends: 'beast endpoint=127.0.0.1:8080' +ceph::profile::params::rgw_swift_url: 'http://127.0.0.1:8080' +ceph::profile::params::rgw_keystone_integration: true +ceph::profile::params::rgw_keystone_url: 'http://127.0.0.1:5000' +ceph::profile::params::rgw_keystone_admin_domain: 'Default' +ceph::profile::params::rgw_keystone_admin_project: 'services' +ceph::profile::params::rgw_keystone_admin_user: 'rgwuser' +ceph::profile::params::rgw_keystone_admin_password: 'secret' +ceph::profile::params::rgw_swift_public_url: 'http://127.0.0.1:8080/swift/v1' +ceph::profile::params::rgw_swift_admin_url: 'http://127.0.0.1:8080/swift/v1' +ceph::profile::params::rgw_swift_internal_url: 'http://127.0.0.1:8080/swift/v1' +ceph::profile::params::rgw_swift_region: 'RegionOne' ######## Keys ceph::profile::params::mds_key: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='