289 lines
		
	
	
		
			7.9 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
			
		
		
	
	
			289 lines
		
	
	
		
			7.9 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
| #
 | |
| # Example file for building out a multi-node environment
 | |
| #
 | |
| # This example creates nodes of the following roles:
 | |
| #   swift_storage - nodes that host storage servers
 | |
| #   swift_proxy - nodes that serve as a swift proxy
 | |
| #   swift_ringbuilder - nodes that are responsible for
 | |
| #     rebalancing the rings
 | |
| #
 | |
| # This example assumes a few things:
 | |
| #   * the multi-node scenario requires a puppetmaster
 | |
| #   * it assumes that networking is correctly configured
 | |
| #
 | |
| # These nodes need to be brought up in a certain order
 | |
| #
 | |
| # 1. storage nodes
 | |
| # 2. ringbuilder
 | |
| # 3. run the storage nodes again (to synchronize the ring db)
 | |
| # 4. run the proxy
 | |
| # 5. test that everything works!!
 | |
| # this site manifest serves as an example of how to
 | |
| # deploy various swift environments
 | |
| 
 | |
| 
 | |
| #$swift_admin_password = 'admin_password'
 | |
| $swift_admin_password = hiera('admin_password', 'admin_password')
 | |
| 
 | |
| # swift specific configurations
 | |
| #$swift_shared_secret = 'changeme'
 | |
| $swift_shared_secret = hiera('swift_shared_secret', 'changeme')
 | |
| 
 | |
| 
 | |
| #$swift_local_net_ip   = $ipaddress_eth0
 | |
| $swift_local_net_ip = hiera('swift_local_net_ip', $ipaddress_eth0)
 | |
| 
 | |
| # Swift storage configurations
 | |
| $rings = [
 | |
|   'account',
 | |
|   'object',
 | |
|   'container']
 | |
| $account_pipeline = [
 | |
|   'healthcheck',
 | |
|   'recon',
 | |
|   'account-server']
 | |
| $container_pipeline = [
 | |
|   'healthcheck',
 | |
|   'recon',
 | |
|   'container-server']
 | |
| $object_pipeline = [
 | |
|   'healthcheck',
 | |
|   'recon',
 | |
|   'object-server']
 | |
| 
 | |
| #$swift_keystone_node = '172.16.0.21'
 | |
| $swift_keystone_node    = hiera('swift_keystone_node', '172.16.0.25')
 | |
| #$swift_proxy_node    = '172.168.0.25'
 | |
| $swift_proxy_node       = hiera('swift_proxy_node', '172.16.0.21')
 | |
| 
 | |
| $swift_zone = hiera('swift_zone', 1)
 | |
| # configurations that need to be applied to all swift nodes
 | |
| 
 | |
| $swift_keystone_db_password    = hiera('keystone_db_password', 'keystone_db_password')
 | |
| $swift_keystone_admin_email    = hiera('admin_email', 'keystone@localhost')
 | |
| $swift_keystone_admin_password = hiera('admin_password', 'ChangeMe')
 | |
| 
 | |
| # This node can be used to deploy a keystone service.
 | |
| # This service only contains the credentials for authenticating
 | |
| # swift
 | |
| node 'swift-keystone' {
 | |
| 
 | |
|   # set up mysql server
 | |
|   class { 'mysql::server':
 | |
|     config_hash => {
 | |
|       # the priv grant fails on precise if I set a root password
 | |
|       # TODO I should make sure that this works
 | |
|       # 'root_password' => $mysql_root_password,
 | |
|       'bind_address' => '0.0.0.0',
 | |
|     },
 | |
|   }
 | |
| 
 | |
|   keystone_config {
 | |
|     'DEFAULT/log_config': ensure => absent,
 | |
|   }
 | |
| 
 | |
|   # set up all openstack databases, users, grants
 | |
|   class { 'keystone::db::mysql':
 | |
|     password => $swift_keystone_db_password,
 | |
|   }
 | |
| 
 | |
|   class { 'keystone':
 | |
|     debug          => $debug,
 | |
|     catalog_type   => 'sql',
 | |
|     admin_password => $swift_keystone_admin_password,
 | |
|     enabled        => $enabled,
 | |
|     sql_connection => "mysql://keystone_admin:${swift_keystone_db_password}@127.0.0.1/keystone",
 | |
|   }
 | |
| 
 | |
|   # Setup the Keystone Identity Endpoint
 | |
|   class { 'keystone::endpoint': }
 | |
| 
 | |
|   # set up keystone admin users
 | |
|   class { 'keystone::roles::admin':
 | |
|     email    => $swift_keystone_admin_email,
 | |
|     password => $swift_keystone_admin_password,
 | |
|   }
 | |
|   # configure the keystone service user and endpoint
 | |
|   class { 'swift::keystone::auth':
 | |
|     password       => $swift_admin_password,
 | |
|     public_address => $swift_proxy_node,
 | |
|   }
 | |
| 
 | |
| }
 | |
| 
 | |
| #
 | |
| # The example below is used to model swift storage nodes that
 | |
| # manage 2 endpoints.
 | |
| #
 | |
| # The endpoints are actually just loopback devices. For real deployments
 | |
| # they would need to be replaced with something that create and mounts xfs
 | |
| # partitions
 | |
| #
 | |
| node /swift-storage/ {
 | |
| 
 | |
|   class { 'swift':
 | |
|     # not sure how I want to deal with this shared secret
 | |
|     swift_hash_path_suffix => $swift_shared_secret,
 | |
|     package_ensure         => latest,
 | |
|   }
 | |
| 
 | |
|   # create xfs partitions on a loopback device and mount them
 | |
|   swift::storage::loopback { ['1', '2']:
 | |
|     base_dir     => '/srv/loopback-device',
 | |
|     mnt_base_dir => '/srv/node',
 | |
|     require      => Class['swift'],
 | |
|   }
 | |
| 
 | |
|   # configure account/container/object server middlewares
 | |
|   swift::storage::filter::recon { $rings: }
 | |
|   swift::storage::filter::healthcheck { $rings: }
 | |
| 
 | |
|   # install all swift storage servers together
 | |
|   class { 'swift::storage::all':
 | |
|     storage_local_net_ip => $swift_local_net_ip,
 | |
|     object_pipeline      => $object_pipeline,
 | |
|     container_pipeline   => $container_pipeline,
 | |
|     account_pipeline     => $account_pipeline,
 | |
|   }
 | |
| 
 | |
|   # specify endpoints per device to be added to the ring specification
 | |
|   @@ring_object_device { "${swift_local_net_ip}:6000/1":
 | |
|     zone   => $swift_zone,
 | |
|     weight => 1,
 | |
|   }
 | |
| 
 | |
|   @@ring_object_device { "${swift_local_net_ip}:6000/2":
 | |
|     zone   => $swift_zone,
 | |
|     weight => 1,
 | |
|   }
 | |
| 
 | |
|   @@ring_container_device { "${swift_local_net_ip}:6001/1":
 | |
|     zone   => $swift_zone,
 | |
|     weight => 1,
 | |
|   }
 | |
| 
 | |
|   @@ring_container_device { "${swift_local_net_ip}:6001/2":
 | |
|     zone   => $swift_zone,
 | |
|     weight => 1,
 | |
|   }
 | |
|   # TODO should device be changed to volume
 | |
|   @@ring_account_device { "${swift_local_net_ip}:6002/1":
 | |
|     zone   => $swift_zone,
 | |
|     weight => 1,
 | |
|   }
 | |
| 
 | |
|   @@ring_account_device { "${swift_local_net_ip}:6002/2":
 | |
|     zone   => $swift_zone,
 | |
|     weight => 1,
 | |
|   }
 | |
| 
 | |
|   # collect resources for synchronizing the ring databases
 | |
|   Swift::Ringsync<<||>>
 | |
| 
 | |
| }
 | |
| 
 | |
| 
 | |
| node /swift-proxy/ {
 | |
| 
 | |
|   class { 'swift':
 | |
|     # not sure how I want to deal with this shared secret
 | |
|     swift_hash_path_suffix => $swift_shared_secret,
 | |
|     package_ensure         => latest,
 | |
|   }
 | |
| 
 | |
|   # curl is only required so that I can run tests
 | |
|   package { 'curl': ensure => present }
 | |
| 
 | |
|   class { 'memcached':
 | |
|     listen_ip => '127.0.0.1',
 | |
|   }
 | |
| 
 | |
|   # specify swift proxy and all of its middlewares
 | |
|   class { 'swift::proxy':
 | |
|     proxy_local_net_ip => $swift_local_net_ip,
 | |
|     pipeline           => [
 | |
|       'bulk',
 | |
|       'catch_errors',
 | |
|       'healthcheck',
 | |
|       'cache',
 | |
|       'ratelimit',
 | |
|       's3api',
 | |
|       's3token',
 | |
|       'authtoken',
 | |
|       'keystone',
 | |
|       'account_quotas',
 | |
|       'container_quotas',
 | |
|       'proxy-server'],
 | |
|     account_autocreate => true,
 | |
|     # TODO where is the  ringbuilder class?
 | |
|     require            => Class['swift::ringbuilder'],
 | |
|   }
 | |
| 
 | |
|   # configure all of the middlewares
 | |
|   class { [
 | |
|     'swift::proxy::account_quotas',
 | |
|     'swift::proxy::catch_errors',
 | |
|     'swift::proxy::container_quotas',
 | |
|     'swift::proxy::healthcheck',
 | |
|     'swift::proxy::cache',
 | |
|     'swift::proxy::s3api',
 | |
|   ]: }
 | |
|   class { 'swift::proxy::bulk':
 | |
|     max_containers_per_extraction => 10000,
 | |
|     max_failed_extractions        => 1000,
 | |
|     max_deletes_per_request       => 10000,
 | |
|     yield_frequency               => 60,
 | |
|   }
 | |
|   class { 'swift::proxy::ratelimit':
 | |
|     clock_accuracy         => 1000,
 | |
|     max_sleep_time_seconds => 60,
 | |
|     log_sleep_time_seconds => 0,
 | |
|     rate_buffer_seconds    => 5,
 | |
|     account_ratelimit      => 0,
 | |
|   }
 | |
|   class { 'swift::proxy::s3token':
 | |
|     # assume that the controller host is the swift api server
 | |
|     auth_host => $swift_keystone_node,
 | |
|     auth_port => '5000',
 | |
|   }
 | |
|   class { 'swift::proxy::keystone':
 | |
|     operator_roles => ['admin', 'SwiftOperator'],
 | |
|   }
 | |
|   class { 'swift::proxy::authtoken':
 | |
|     password  => $swift_admin_password,
 | |
|     # assume that the controller host is the swift api server
 | |
|     auth_host => $swift_keystone_node,
 | |
|   }
 | |
| 
 | |
|   # collect all of the resources that are needed
 | |
|   # to balance the ring
 | |
|   Ring_object_device <<| |>>
 | |
|   Ring_container_device <<| |>>
 | |
|   Ring_account_device <<| |>>
 | |
| 
 | |
|   # create the ring
 | |
|   class { 'swift::ringbuilder':
 | |
|     # the part power should be determined by assuming 100 partitions per drive
 | |
|     part_power     => '18',
 | |
|     replicas       => '3',
 | |
|     min_part_hours => 1,
 | |
|     require        => Class['swift'],
 | |
|   }
 | |
| 
 | |
|   # sets up an rsync db that can be used to sync the ring DB
 | |
|   class { 'swift::ringserver':
 | |
|     local_net_ip => $swift_local_net_ip,
 | |
|   }
 | |
| 
 | |
|   # exports rsync gets that can be used to sync the ring files
 | |
|   @@swift::ringsync { ['account', 'object', 'container']:
 | |
|     ring_server => $swift_local_net_ip,
 | |
|   }
 | |
| 
 | |
|   # deploy a script that can be used for testing
 | |
|   class { 'swift::test_file':
 | |
|     auth_server => $swift_keystone_node,
 | |
|     password    => $swift_keystone_admin_password,
 | |
|   }
 | |
| }
 | 
