# # Example file for building out a multi-node environment # # This example creates nodes of the following roles: # swift_storage - nodes that host storage servers # swift_proxy - nodes that serve as a swift proxy # swift_ringbuilder - nodes that are responsible for # rebalancing the rings # # This example assumes a few things: # * the multi-node scenario requires a puppetmaster # * it assumes that networking is correctly configured # # These nodes need to be brought up in a certain order # # 1. storage nodes # 2. ringbuilder # 3. run the storage nodes again (to synchronize the ring db) # 4. run the proxy # 5. test that everything works!! # this site manifest serves as an example of how to # deploy various swift environments #$swift_admin_password = 'admin_password' $swift_admin_password = hiera('admin_password', 'admin_password') # swift specific configurations #$swift_shared_secret = 'changeme' $swift_shared_secret = hiera('swift_shared_secret', 'changeme') #$swift_local_net_ip = $ipaddress_eth0 $swift_local_net_ip = hiera('swift_local_net_ip', $ipaddress_eth0) # Swift storage configurations $rings = [ 'account', 'object', 'container'] $account_pipeline = [ 'healthcheck', 'recon', 'account-server'] $container_pipeline = [ 'healthcheck', 'recon', 'container-server'] $object_pipeline = [ 'healthcheck', 'recon', 'object-server'] #$swift_keystone_node = '172.16.0.21' $swift_keystone_node = hiera('swift_keystone_node', '172.16.0.25') #$swift_proxy_node = '172.168.0.25' $swift_proxy_node = hiera('swift_proxy_node', '172.16.0.21') $swift_zone = hiera('swift_zone', 1) # configurations that need to be applied to all swift nodes $swift_keystone_db_password = hiera('keystone_db_password', 'keystone_db_password') $swift_keystone_admin_email = hiera('admin_email', 'keystone@localhost') $swift_keystone_admin_password = hiera('admin_password', 'ChangeMe') # This node can be used to deploy a keystone service. # This service only contains the credentials for authenticating # swift node 'swift-keystone' { # set up mysql server class { 'mysql::server': config_hash => { # the priv grant fails on precise if I set a root password # TODO I should make sure that this works # 'root_password' => $mysql_root_password, 'bind_address' => '0.0.0.0', }, } keystone_config { 'DEFAULT/log_config': ensure => absent, } # set up all openstack databases, users, grants class { 'keystone::db::mysql': password => $swift_keystone_db_password, } class { 'keystone': debug => $debug, catalog_type => 'sql', admin_password => $swift_keystone_admin_password, enabled => $enabled, sql_connection => "mysql://keystone_admin:${swift_keystone_db_password}@127.0.0.1/keystone", } # Setup the Keystone Identity Endpoint class { 'keystone::endpoint': } # set up keystone admin users class { 'keystone::roles::admin': email => $swift_keystone_admin_email, password => $swift_keystone_admin_password, } # configure the keystone service user and endpoint class { 'swift::keystone::auth': password => $swift_admin_password, public_address => $swift_proxy_node, } } # # The example below is used to model swift storage nodes that # manage 2 endpoints. # # The endpoints are actually just loopback devices. For real deployments # they would need to be replaced with something that create and mounts xfs # partitions # node /swift-storage/ { class { 'swift': # not sure how I want to deal with this shared secret swift_hash_path_suffix => $swift_shared_secret, package_ensure => latest, } # create xfs partitions on a loopback device and mount them swift::storage::loopback { ['1', '2']: base_dir => '/srv/loopback-device', mnt_base_dir => '/srv/node', require => Class['swift'], } # configure account/container/object server middlewares swift::storage::filter::recon { $rings: } swift::storage::filter::healthcheck { $rings: } # install all swift storage servers together class { 'swift::storage::all': storage_local_net_ip => $swift_local_net_ip, object_pipeline => $object_pipeline, container_pipeline => $container_pipeline, account_pipeline => $account_pipeline, } # specify endpoints per device to be added to the ring specification @@ring_object_device { "${swift_local_net_ip}:6000/1": zone => $swift_zone, weight => 1, } @@ring_object_device { "${swift_local_net_ip}:6000/2": zone => $swift_zone, weight => 1, } @@ring_container_device { "${swift_local_net_ip}:6001/1": zone => $swift_zone, weight => 1, } @@ring_container_device { "${swift_local_net_ip}:6001/2": zone => $swift_zone, weight => 1, } # TODO should device be changed to volume @@ring_account_device { "${swift_local_net_ip}:6002/1": zone => $swift_zone, weight => 1, } @@ring_account_device { "${swift_local_net_ip}:6002/2": zone => $swift_zone, weight => 1, } # collect resources for synchronizing the ring databases Swift::Ringsync<<||>> } node /swift-proxy/ { class { 'swift': # not sure how I want to deal with this shared secret swift_hash_path_suffix => $swift_shared_secret, package_ensure => latest, } # curl is only required so that I can run tests package { 'curl': ensure => present } class { 'memcached': listen_ip => '127.0.0.1', } # specify swift proxy and all of its middlewares class { 'swift::proxy': proxy_local_net_ip => $swift_local_net_ip, pipeline => [ 'bulk', 'catch_errors', 'healthcheck', 'cache', 'ratelimit', 's3api', 's3token', 'authtoken', 'keystone', 'account_quotas', 'container_quotas', 'proxy-server'], account_autocreate => true, # TODO where is the ringbuilder class? require => Class['swift::ringbuilder'], } # configure all of the middlewares class { [ 'swift::proxy::account_quotas', 'swift::proxy::catch_errors', 'swift::proxy::container_quotas', 'swift::proxy::healthcheck', 'swift::proxy::cache', 'swift::proxy::s3api', ]: } class { 'swift::proxy::bulk': max_containers_per_extraction => 10000, max_failed_extractions => 1000, max_deletes_per_request => 10000, yield_frequency => 60, } class { 'swift::proxy::ratelimit': clock_accuracy => 1000, max_sleep_time_seconds => 60, log_sleep_time_seconds => 0, rate_buffer_seconds => 5, account_ratelimit => 0, } class { 'swift::proxy::s3token': # assume that the controller host is the swift api server auth_host => $swift_keystone_node, auth_port => '5000', } class { 'swift::proxy::keystone': operator_roles => ['admin', 'SwiftOperator'], } class { 'swift::proxy::authtoken': password => $swift_admin_password, # assume that the controller host is the swift api server auth_host => $swift_keystone_node, } # collect all of the resources that are needed # to balance the ring Ring_object_device <<| |>> Ring_container_device <<| |>> Ring_account_device <<| |>> # create the ring class { 'swift::ringbuilder': # the part power should be determined by assuming 100 partitions per drive part_power => '18', replicas => '3', min_part_hours => 1, require => Class['swift'], } # sets up an rsync db that can be used to sync the ring DB class { 'swift::ringserver': local_net_ip => $swift_local_net_ip, } # exports rsync gets that can be used to sync the ring files @@swift::ringsync { ['account', 'object', 'container']: ring_server => $swift_local_net_ip, } # deploy a script that can be used for testing class { 'swift::test_file': auth_server => $swift_keystone_node, password => $swift_keystone_admin_password, } }