diff --git a/deployment/swift/swift-proxy-container-puppet.yaml b/deployment/swift/swift-proxy-container-puppet.yaml index 4c354a3c5c..84b61063e0 100644 --- a/deployment/swift/swift-proxy-container-puppet.yaml +++ b/deployment/swift/swift-proxy-container-puppet.yaml @@ -92,16 +92,12 @@ parameters: "origin" header. conditions: - - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - swift_encryption_enabled: {equals : [{get_param: SwiftEncryptionEnabled}, true]} - ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]} - use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} - cors_allowed_origin_unset: {equals : [{get_param: SwiftCorsAllowedOrigin}, '']} - swift_workers_zero: {equals : [{get_param: SwiftWorkers}, '0']} + cors_allowed_origin_set: + not: {equals : [{get_param: SwiftCorsAllowedOrigin}, '']} + swift_workers_set: + not: {equals : [{get_param: SwiftWorkers}, '0']} resources: - ContainersCommon: type: ../containers-common.yaml @@ -151,12 +147,11 @@ outputs: map_merge: - get_attr: [SwiftBase, role_data, config_settings] - get_attr: [TLSProxyBase, role_data, config_settings] - - - if: - - cors_allowed_origin_unset - - {} - - swift::proxy::cors_allow_origin: {get_param: SwiftCorsAllowedOrigin} - - swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + - swift::proxy::cors_allow_origin: + if: + - cors_allowed_origin_set + - {get_param: SwiftCorsAllowedOrigin} + swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::authtoken::password: {get_param: SwiftPassword} swift::proxy::authtoken::project_name: 'service' @@ -165,22 +160,18 @@ outputs: swift::proxy::s3token::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]} swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::recoverable_node_timeout: {get_param: SwiftProxyRecoverableNodeTimeout} - - - if: - - swift_workers_zero - - {} - - swift::proxy::workers: {get_param: SwiftWorkers} - - - if: - - ceilometer_pipeline_enabled - - - swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::workers: + if: + - swift_workers_set + - {get_param: SwiftWorkers} + - if: + - {get_param: SwiftCeilometerPipelineEnabled} + - swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::ceilometer::password: {get_param: SwiftPassword} swift::proxy::ceilometer::project_name: 'service' swift::proxy::ceilometer::region_name: {get_param: KeystoneRegion} swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::ceilometer::nonblocking_notify: true - - {} - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} swift::proxy::keystone::operator_roles: @@ -189,20 +180,17 @@ outputs: - ResellerAdmin swift::proxy::versioned_writes::allow_versioned_writes: true - if: - - swift_encryption_enabled - - - swift::keymaster::key_id: 'test_id' + - {get_param: SwiftEncryptionEnabled} + - swift::keymaster::key_id: 'test_id' swift::keymaster::username: 'swift' swift::keymaster::password: {get_param: SwiftPassword} swift::keymaster::project_name: 'service' swift::keymaster::project_domain_id: 'default' swift::keymaster::user_domain_id: 'default' swift::keymaster::auth_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri]} - - {} - swift::proxy::pipeline: list_concat: - - - - 'catch_errors' + - - 'catch_errors' - 'gatekeeper' - 'healthcheck' - 'proxy-logging' @@ -223,20 +211,15 @@ outputs: - 'slo' - 'dlo' - 'versioned_writes' - - if: - - ceilometer_pipeline_enabled - - - - 'ceilometer' - - [] - - if: - - swift_encryption_enabled - - - - 'kms_keymaster' - - 'encryption' - - [] - - - 'proxy-logging' - 'proxy-server' + - if: + - {get_param: SwiftCeilometerPipelineEnabled} + - - 'ceilometer' + - if: + - {get_param: SwiftEncryptionEnabled} + - - 'kms_keymaster' + - 'encryption' swift::proxy::account_autocreate: true # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples @@ -261,7 +244,7 @@ outputs: swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]} swift::proxy::proxy_local_net_ip: if: - - use_tls_proxy + - {get_param: EnableInternalTLS} - "%{hiera('localhost_address')}" - str_replace: template: @@ -358,7 +341,7 @@ outputs: step_4: map_merge: - if: - - swift_encryption_enabled + - {get_param: SwiftEncryptionEnabled} - create_swift_secret: # NOTE: Barbican should be started before creating secrets start_order: 0 @@ -373,10 +356,7 @@ outputs: - /var/lib/container-config-scripts/create_swift_secret.sh:/create_swift_secret.sh:ro user: root command: "/usr/bin/bootstrap_host_exec swift_proxy /create_swift_secret.sh" - - {} - - if: - - swift_encryption_enabled - - set_swift_secret: + set_swift_secret: start_order: 1 image: *swift_proxy_image net: host @@ -393,7 +373,6 @@ outputs: # NOTE: this should force this container to re-run on each # update (scale-out, etc.) TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} - - {} - swift_proxy: image: *swift_proxy_image start_order: 2 @@ -414,7 +393,7 @@ outputs: environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - if: - - internal_tls_enabled + - {get_param: EnableInternalTLS} - swift_proxy_tls_proxy: start_order: 3 image: *swift_proxy_image @@ -431,7 +410,6 @@ outputs: - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - - {} host_prep_tasks: - name: create persistent directories file: diff --git a/deployment/swift/swift-ringbuilder-container-puppet.yaml b/deployment/swift/swift-ringbuilder-container-puppet.yaml index 538ce7fd6c..c55cecd172 100644 --- a/deployment/swift/swift-ringbuilder-container-puppet.yaml +++ b/deployment/swift/swift-ringbuilder-container-puppet.yaml @@ -76,12 +76,10 @@ parameters: conditions: swift_use_local_dir: and: - - equals: - get_param: SwiftUseLocalDir - - true - - equals: - - get_param: SwiftRawDisks - - {} + - equals: + - get_param: SwiftRawDisks + - {} outputs: role_data: @@ -99,8 +97,7 @@ outputs: tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours} tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-' - if: - - {get_param: SwiftUseNodeDataLookup} - - {} + - not: {get_param: SwiftUseNodeDataLookup} - tripleo::profile::base::swift::ringbuilder::raw_disks: list_concat: - if: diff --git a/deployment/swift/swift-storage-container-puppet.yaml b/deployment/swift/swift-storage-container-puppet.yaml index 81f285e57d..3cb28e24d1 100644 --- a/deployment/swift/swift-storage-container-puppet.yaml +++ b/deployment/swift/swift-storage-container-puppet.yaml @@ -109,23 +109,22 @@ parameter_groups: conditions: single_replica_mode: {equals: [{get_param: SwiftReplicas}, 1]} - swift_container_sharder_enabled: {equals : [{get_param: SwiftContainerSharderEnabled}, true]} swift_mount_check: or: - - equals: - - get_param: SwiftMountCheck - - true + - {get_param: SwiftMountCheck} - not: equals: - get_param: SwiftRawDisks - {} - account_workers_zero: {equals : [{get_param: SwiftAccountWorkers}, '0']} - container_workers_zero: {equals : [{get_param: SwiftContainerWorkers}, '0']} - object_workers_zero: {equals : [{get_param: SwiftObjectWorkers}, '0']} + account_workers_set: + not: {equals : [{get_param: SwiftAccountWorkers}, '0']} + container_workers_set: + not: {equals : [{get_param: SwiftContainerWorkers}, '0']} + object_workers_set: + not: {equals : [{get_param: SwiftObjectWorkers}, '0']} use_node_data_lookup: {equals : [{get_param: SwiftUseNodeDataLookup}, true]} resources: - ContainersCommon: type: ../containers-common.yaml @@ -174,12 +173,11 @@ outputs: - healthcheck - recon - account-server - - - if: - - use_node_data_lookup - - {} - - swift::storage::disks::args: {get_param: SwiftRawDisks} - - swift::storage::all::storage_local_net_ip: + swift::storage::disks::args: + if: + - {get_param: SwiftUseNodeDataLookup} + - {get_param: SwiftRawDisks} + swift::storage::all::storage_local_net_ip: str_replace: template: "%{hiera('$NETWORK')}" @@ -187,21 +185,18 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]} rsync::server::pid_file: 'UNSET' swift::objectexpirer::cache_tls_enabled: {get_param: MemcachedTLS} - - - if: - - account_workers_zero - - {} - - swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers} - - - if: - - container_workers_zero - - {} - - swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers} - - - if: - - object_workers_zero - - {} - - swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers} + swift::storage::all::account_server_workers: + if: + - account_workers_set + - {get_param: SwiftAccountWorkers} + swift::storage::all::container_server_workers: + if: + - container_workers_set + - {get_param: SwiftContainerWorkers} + swift::storage::all::object_server_workers: + if: + - object_workers_set + - {get_param: SwiftObjectWorkers} service_config_settings: {} # BEGIN DOCKER SETTINGS puppet_config: @@ -343,10 +338,8 @@ outputs: step_4: map_merge: - if: - - single_replica_mode - - {} - - - swift_account_auditor: + - not: single_replica_mode + - swift_account_auditor: image: *swift_account_image net: host user: swift @@ -591,9 +584,8 @@ outputs: # /var/cache/swift not needed in this container environment: *kolla_env - if: - - swift_container_sharder_enabled - - - swift_container_sharder: + - {get_param: SwiftContainerSharderEnabled} + - swift_container_sharder: image: *swift_container_image net: host user: swift @@ -601,14 +593,12 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/swift_container_sharder.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/swift_container_sharder.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/swift:/var/lib/kolla/config_files/src:ro - /srv/node:/srv/node - /dev:/dev - /var/cache/swift:/var/cache/swift - /var/log/containers/swift:/var/log/swift:z - - {} host_prep_tasks: # NOTE: we can't set fcontext for swift locations since they are