puppet-swift/tests/site.pp
Mathieu Gagné 178f4b18dc Various Puppet lint fixes
* Fix following warnings:
    * double quoted string containing no variables
    * indentation of => is not properly aligned
    * mode should be represented as a 4 digit octal value or symbolic mode
    * string containing only a variable
    * top-scope variable being used without an explicit namespace
    * unquoted file mode
    * variable not enclosed in {}
* Fix following errors:
    * trailing whitespace found
    * two-space soft tabs not used
* Remove quotes around class in include/require statements

Change-Id: Ia920d848e1955612a6486ec8731309e6d3a70f63
2013-08-02 11:51:57 -04:00

263 lines
7.2 KiB
Puppet

#
# Example file for building out a multi-node environment
#
# This example creates nodes of the following roles:
# swift_storage - nodes that host storage servers
# swift_proxy - nodes that serve as a swift proxy
# swift_ringbuilder - nodes that are responsible for
# rebalancing the rings
#
# This example assumes a few things:
# * the multi-node scenario requires a puppetmaster
# * it assumes that networking is correctly configured
#
# These nodes need to be brought up in a certain order
#
# 1. storage nodes
# 2. ringbuilder
# 3. run the storage nodes again (to synchronize the ring db)
# 4. run the proxy
# 5. test that everything works!!
# this site manifest serves as an example of how to
# deploy various swift environments
#$swift_admin_password = 'admin_password'
$swift_admin_password = hiera('admin_password', 'admin_password')
# swift specific configurations
#$swift_shared_secret = 'changeme'
$swift_shared_secret = hiera('swift_shared_secret', 'changeme')
#$swift_local_net_ip = $ipaddress_eth0
$swift_local_net_ip = hiera('swift_local_net_ip', $ipaddress_eth0)
#$swift_keystone_node = '172.16.0.21'
$swift_keystone_node = hiera('swift_keystone_node', '172.16.0.25')
#$swift_proxy_node = '172.168.0.25'
$swift_proxy_node = hiera('swift_proxy_node', '172.16.0.21')
$swift_zone = hiera('swift_zone', 1)
# configurations that need to be applied to all swift nodes
$swift_keystone_db_password = hiera('keystone_db_password', 'keystone_db_password')
$keystone_admin_token = hiera('admin_token', 'service_token')
$swift_keystone_admin_email = hiera('admin_email', 'keystone@localhost')
$swift_keystone_admin_password = hiera('admin_password', 'ChangeMe')
$swift_verbose = hiera('verbose', 'True')
# This node can be used to deploy a keystone service.
# This service only contains the credentials for authenticating
# swift
node swift-keystone {
# set up mysql server
class { 'mysql::server':
config_hash => {
# the priv grant fails on precise if I set a root password
# TODO I should make sure that this works
# 'root_password' => $mysql_root_password,
'bind_address' => '0.0.0.0'
}
}
keystone_config {
'DEFAULT/log_config': ensure => absent,
}
# set up all openstack databases, users, grants
class { 'keystone::db::mysql':
password => $swift_keystone_db_password,
}
class { '::keystone':
verbose => $verbose,
debug => $verbose,
catalog_type => 'sql',
admin_token => $admin_token,
enabled => $enabled,
sql_connection => "mysql://keystone_admin:${swift_keystone_db_password}@127.0.0.1/keystone",
}
# Setup the Keystone Identity Endpoint
class { 'keystone::endpoint': }
# set up keystone admin users
class { 'keystone::roles::admin':
email => $swift_keystone_admin_email,
password => $swift_keystone_admin_password,
}
# configure the keystone service user and endpoint
class { 'swift::keystone::auth':
password => $swift_admin_password,
address => $swift_proxy_node,
}
}
node swift_base {
class { 'swift':
# not sure how I want to deal with this shared secret
swift_hash_suffix => $swift_shared_secret,
package_ensure => latest,
}
}
#
# The example below is used to model swift storage nodes that
# manage 2 endpoints.
#
# The endpoints are actually just loopback devices. For real deployments
# they would need to be replaced with something that create and mounts xfs
# partitions
#
node /swift-storage/ inherits swift_base {
# create xfs partitions on a loopback device and mount them
swift::storage::loopback { ['1', '2']:
base_dir => '/srv/loopback-device',
mnt_base_dir => '/srv/node',
require => Class['swift'],
}
# install all swift storage servers together
class { 'swift::storage::all':
storage_local_net_ip => $swift_local_net_ip,
}
# specify endpoints per device to be added to the ring specification
@@ring_object_device { "${swift_local_net_ip}:6000/1":
zone => $swift_zone,
weight => 1,
}
@@ring_object_device { "${swift_local_net_ip}:6000/2":
zone => $swift_zone,
weight => 1,
}
@@ring_container_device { "${swift_local_net_ip}:6001/1":
zone => $swift_zone,
weight => 1,
}
@@ring_container_device { "${swift_local_net_ip}:6001/2":
zone => $swift_zone,
weight => 1,
}
# TODO should device be changed to volume
@@ring_account_device { "${swift_local_net_ip}:6002/1":
zone => $swift_zone,
weight => 1,
}
@@ring_account_device { "${swift_local_net_ip}:6002/2":
zone => $swift_zone,
weight => 1,
}
# collect resources for synchronizing the ring databases
Swift::Ringsync<<||>>
}
node /swift-proxy/ inherits swift_base {
# curl is only required so that I can run tests
package { 'curl': ensure => present }
class { 'memcached':
listen_ip => '127.0.0.1',
}
# specify swift proxy and all of its middlewares
class { 'swift::proxy':
proxy_local_net_ip => $swift_local_net_ip,
pipeline => [
'catch_errors',
'healthcheck',
'cache',
'ratelimit',
'swift3',
's3token',
'authtoken',
'keystone',
'proxy-server'
],
account_autocreate => true,
# TODO where is the ringbuilder class?
require => Class['swift::ringbuilder'],
}
# configure all of the middlewares
class { [
'swift::proxy::catch_errors',
'swift::proxy::healthcheck',
'swift::proxy::cache',
'swift::proxy::swift3',
]: }
class { 'swift::proxy::ratelimit':
clock_accuracy => 1000,
max_sleep_time_seconds => 60,
log_sleep_time_seconds => 0,
rate_buffer_seconds => 5,
account_ratelimit => 0
}
class { 'swift::proxy::s3token':
# assume that the controller host is the swift api server
auth_host => $swift_keystone_node,
auth_port => '35357',
}
class { 'swift::proxy::keystone':
operator_roles => ['admin', 'SwiftOperator'],
}
class { 'swift::proxy::authtoken':
admin_user => 'swift',
admin_tenant_name => 'services',
admin_password => $swift_admin_password,
# assume that the controller host is the swift api server
auth_host => $swift_keystone_node,
}
# collect all of the resources that are needed
# to balance the ring
Ring_object_device <<| |>>
Ring_container_device <<| |>>
Ring_account_device <<| |>>
# create the ring
class { 'swift::ringbuilder':
# the part power should be determined by assuming 100 partitions per drive
part_power => '18',
replicas => '3',
min_part_hours => 1,
require => Class['swift'],
}
# sets up an rsync db that can be used to sync the ring DB
class { 'swift::ringserver':
local_net_ip => $swift_local_net_ip,
}
# exports rsync gets that can be used to sync the ring files
@@swift::ringsync { ['account', 'object', 'container']:
ring_server => $swift_local_net_ip
}
# deploy a script that can be used for testing
class { 'swift::test_file':
auth_server => $swift_keystone_node,
password => $swift_keystone_admin_password,
}
}