openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Simplify swift service templates 

Change-Id: I8416d17bcca6e1cc387a65fbf2ab9b15ed73cb23
This commit is contained in:
ramishra 2021-05-22 22:23:11 +05:30
parent b356d3d1e4
commit 4c9b1ba81a
3 changed files with 63 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
deployment/swift/swift-proxy-container-puppet.yaml
View File

@ -92,16 +92,12 @@ parameters:
"origin" header. "origin" header.
conditions: conditions:
cors_allowed_origin_set:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} not: {equals : [{get_param: SwiftCorsAllowedOrigin}, '']}
swift_encryption_enabled: {equals : [{get_param: SwiftEncryptionEnabled}, true]} swift_workers_set:
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]} not: {equals : [{get_param: SwiftWorkers}, '0']}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
cors_allowed_origin_unset: {equals : [{get_param: SwiftCorsAllowedOrigin}, '']}
swift_workers_zero: {equals : [{get_param: SwiftWorkers}, '0']}
resources: resources:
ContainersCommon: ContainersCommon:
type: ../containers-common.yaml type: ../containers-common.yaml
@ -151,12 +147,11 @@ outputs:
map_merge: map_merge:
- get_attr: [SwiftBase, role_data, config_settings] - get_attr: [SwiftBase, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings] - get_attr: [TLSProxyBase, role_data, config_settings]
- - swift::proxy::cors_allow_origin:
if: if:
- cors_allowed_origin_unset - cors_allowed_origin_set
- {} - {get_param: SwiftCorsAllowedOrigin}
- swift::proxy::cors_allow_origin: {get_param: SwiftCorsAllowedOrigin} swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword} swift::proxy::authtoken::password: {get_param: SwiftPassword}
swift::proxy::authtoken::project_name: 'service' swift::proxy::authtoken::project_name: 'service'
@ -165,22 +160,18 @@ outputs:
swift::proxy::s3token::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]} swift::proxy::s3token::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::recoverable_node_timeout: {get_param: SwiftProxyRecoverableNodeTimeout} swift::proxy::recoverable_node_timeout: {get_param: SwiftProxyRecoverableNodeTimeout}
- swift::proxy::workers:
if: if:
- swift_workers_zero - swift_workers_set
- {} - {get_param: SwiftWorkers}
- swift::proxy::workers: {get_param: SwiftWorkers} - if:
- - {get_param: SwiftCeilometerPipelineEnabled}
if: - swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- ceilometer_pipeline_enabled
-
swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::ceilometer::password: {get_param: SwiftPassword} swift::proxy::ceilometer::password: {get_param: SwiftPassword}
swift::proxy::ceilometer::project_name: 'service' swift::proxy::ceilometer::project_name: 'service'
swift::proxy::ceilometer::region_name: {get_param: KeystoneRegion} swift::proxy::ceilometer::region_name: {get_param: KeystoneRegion}
swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
swift::proxy::ceilometer::nonblocking_notify: true swift::proxy::ceilometer::nonblocking_notify: true
- {}
- swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
swift::proxy::keystone::operator_roles: swift::proxy::keystone::operator_roles:
@ -189,20 +180,17 @@ outputs:
- ResellerAdmin - ResellerAdmin
swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::versioned_writes::allow_versioned_writes: true
- if: - if:
- swift_encryption_enabled - {get_param: SwiftEncryptionEnabled}
- - swift::keymaster::key_id: 'test_id'
swift::keymaster::key_id: 'test_id'
swift::keymaster::username: 'swift' swift::keymaster::username: 'swift'
swift::keymaster::password: {get_param: SwiftPassword} swift::keymaster::password: {get_param: SwiftPassword}
swift::keymaster::project_name: 'service' swift::keymaster::project_name: 'service'
swift::keymaster::project_domain_id: 'default' swift::keymaster::project_domain_id: 'default'
swift::keymaster::user_domain_id: 'default' swift::keymaster::user_domain_id: 'default'
swift::keymaster::auth_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri]} swift::keymaster::auth_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri]}
- {}
- swift::proxy::pipeline: - swift::proxy::pipeline:
list_concat: list_concat:
- - - 'catch_errors'
- 'catch_errors'
- 'gatekeeper' - 'gatekeeper'
- 'healthcheck' - 'healthcheck'
- 'proxy-logging' - 'proxy-logging'
@ -223,20 +211,15 @@ outputs:
- 'slo' - 'slo'
- 'dlo' - 'dlo'
- 'versioned_writes' - 'versioned_writes'
- if:
- ceilometer_pipeline_enabled
-
- 'ceilometer'
- []
- if:
- swift_encryption_enabled
-
- 'kms_keymaster'
- 'encryption'
- []
-
- 'proxy-logging' - 'proxy-logging'
- 'proxy-server' - 'proxy-server'
- if:
- {get_param: SwiftCeilometerPipelineEnabled}
- - 'ceilometer'
- if:
- {get_param: SwiftEncryptionEnabled}
- - 'kms_keymaster'
- 'encryption'
swift::proxy::account_autocreate: true swift::proxy::account_autocreate: true
# NOTE: bind IP is found in hiera replacing the network name with the # NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples # local node IP for the given network; replacement examples
@ -261,7 +244,7 @@ outputs:
swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]} swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
swift::proxy::proxy_local_net_ip: swift::proxy::proxy_local_net_ip:
if: if:
- use_tls_proxy - {get_param: EnableInternalTLS}
- "%{hiera('localhost_address')}" - "%{hiera('localhost_address')}"
- str_replace: - str_replace:
template: template:
@ -358,7 +341,7 @@ outputs:
step_4: step_4:
map_merge: map_merge:
- if: - if:
- swift_encryption_enabled - {get_param: SwiftEncryptionEnabled}
- create_swift_secret: - create_swift_secret:
# NOTE: Barbican should be started before creating secrets # NOTE: Barbican should be started before creating secrets
start_order: 0 start_order: 0
@ -373,10 +356,7 @@ outputs:
- /var/lib/container-config-scripts/create_swift_secret.sh:/create_swift_secret.sh:ro - /var/lib/container-config-scripts/create_swift_secret.sh:/create_swift_secret.sh:ro
user: root user: root
command: "/usr/bin/bootstrap_host_exec swift_proxy /create_swift_secret.sh" command: "/usr/bin/bootstrap_host_exec swift_proxy /create_swift_secret.sh"
- {} set_swift_secret:
- if:
- swift_encryption_enabled
- set_swift_secret:
start_order: 1 start_order: 1
image: *swift_proxy_image image: *swift_proxy_image
net: host net: host
@ -393,7 +373,6 @@ outputs:
# NOTE: this should force this container to re-run on each # NOTE: this should force this container to re-run on each
# update (scale-out, etc.) # update (scale-out, etc.)
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
- {}
- swift_proxy: - swift_proxy:
image: *swift_proxy_image image: *swift_proxy_image
start_order: 2 start_order: 2
@ -414,7 +393,7 @@ outputs:
environment: environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if: - if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- swift_proxy_tls_proxy: - swift_proxy_tls_proxy:
start_order: 3 start_order: 3
image: *swift_proxy_image image: *swift_proxy_image
@ -431,7 +410,6 @@ outputs:
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment: environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:

11
deployment/swift/swift-ringbuilder-container-puppet.yaml
View File

@ -76,12 +76,10 @@ parameters:
conditions: conditions:
swift_use_local_dir: swift_use_local_dir:
and: and:
- equals:
- get_param: SwiftUseLocalDir - get_param: SwiftUseLocalDir
- true - equals:
- equals: - get_param: SwiftRawDisks
- get_param: SwiftRawDisks - {}
- {}
outputs: outputs:
role_data: role_data:
@ -99,8 +97,7 @@ outputs:
tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours} tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours}
tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-' tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-'
- if: - if:
- {get_param: SwiftUseNodeDataLookup} - not: {get_param: SwiftUseNodeDataLookup}
- {}
- tripleo::profile::base::swift::ringbuilder::raw_disks: - tripleo::profile::base::swift::ringbuilder::raw_disks:
list_concat: list_concat:
- if: - if:

68
deployment/swift/swift-storage-container-puppet.yaml
View File

@ -109,23 +109,22 @@ parameter_groups:
conditions: conditions:
single_replica_mode: {equals: [{get_param: SwiftReplicas}, 1]} single_replica_mode: {equals: [{get_param: SwiftReplicas}, 1]}
swift_container_sharder_enabled: {equals : [{get_param: SwiftContainerSharderEnabled}, true]}
swift_mount_check: swift_mount_check:
or: or:
- equals: - {get_param: SwiftMountCheck}
- get_param: SwiftMountCheck
- true
- not: - not:
equals: equals:
- get_param: SwiftRawDisks - get_param: SwiftRawDisks
- {} - {}
account_workers_zero: {equals : [{get_param: SwiftAccountWorkers}, '0']} account_workers_set:
container_workers_zero: {equals : [{get_param: SwiftContainerWorkers}, '0']} not: {equals : [{get_param: SwiftAccountWorkers}, '0']}
object_workers_zero: {equals : [{get_param: SwiftObjectWorkers}, '0']} container_workers_set:
not: {equals : [{get_param: SwiftContainerWorkers}, '0']}
object_workers_set:
not: {equals : [{get_param: SwiftObjectWorkers}, '0']}
use_node_data_lookup: {equals : [{get_param: SwiftUseNodeDataLookup}, true]} use_node_data_lookup: {equals : [{get_param: SwiftUseNodeDataLookup}, true]}
resources: resources:
ContainersCommon: ContainersCommon:
type: ../containers-common.yaml type: ../containers-common.yaml
@ -174,12 +173,11 @@ outputs:
- healthcheck - healthcheck
- recon - recon
- account-server - account-server
- swift::storage::disks::args:
if: if:
- use_node_data_lookup - {get_param: SwiftUseNodeDataLookup}
- {} - {get_param: SwiftRawDisks}
- swift::storage::disks::args: {get_param: SwiftRawDisks} swift::storage::all::storage_local_net_ip:
- swift::storage::all::storage_local_net_ip:
str_replace: str_replace:
template: template:
"%{hiera('$NETWORK')}" "%{hiera('$NETWORK')}"
@ -187,21 +185,18 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]} $NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
rsync::server::pid_file: 'UNSET' rsync::server::pid_file: 'UNSET'
swift::objectexpirer::cache_tls_enabled: {get_param: MemcachedTLS} swift::objectexpirer::cache_tls_enabled: {get_param: MemcachedTLS}
- swift::storage::all::account_server_workers:
if: if:
- account_workers_zero - account_workers_set
- {} - {get_param: SwiftAccountWorkers}
- swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers} swift::storage::all::container_server_workers:
- if:
if: - container_workers_set
- container_workers_zero - {get_param: SwiftContainerWorkers}
- {} swift::storage::all::object_server_workers:
- swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers} if:
- - object_workers_set
if: - {get_param: SwiftObjectWorkers}
- object_workers_zero
- {}
- swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}
service_config_settings: {} service_config_settings: {}
# BEGIN DOCKER SETTINGS # BEGIN DOCKER SETTINGS
puppet_config: puppet_config:
@ -343,10 +338,8 @@ outputs:
step_4: step_4:
map_merge: map_merge:
- if: - if:
- single_replica_mode - not: single_replica_mode
- {} - swift_account_auditor:
-
swift_account_auditor:
image: *swift_account_image image: *swift_account_image
net: host net: host
user: swift user: swift
@ -591,9 +584,8 @@ outputs:
# /var/cache/swift not needed in this container # /var/cache/swift not needed in this container
environment: *kolla_env environment: *kolla_env
- if: - if:
- swift_container_sharder_enabled - {get_param: SwiftContainerSharderEnabled}
- - swift_container_sharder:
swift_container_sharder:
image: *swift_container_image image: *swift_container_image
net: host net: host
user: swift user: swift
@ -601,14 +593,12 @@ outputs:
volumes: volumes:
list_concat: list_concat:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- - - /var/lib/kolla/config_files/swift_container_sharder.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/kolla/config_files/swift_container_sharder.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/swift:/var/lib/kolla/config_files/src:ro
- /srv/node:/srv/node - /srv/node:/srv/node
- /dev:/dev - /dev:/dev
- /var/cache/swift:/var/cache/swift - /var/cache/swift:/var/cache/swift
- /var/log/containers/swift:/var/log/swift:z - /var/log/containers/swift:/var/log/swift:z
- {}
host_prep_tasks: host_prep_tasks:
# NOTE: we can't set fcontext for swift locations since they are # NOTE: we can't set fcontext for swift locations since they are