openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Move Swift hiera settings into composable services 

This moves the swift local bind and hash prefix settings
into the relevant swift-* composable services.

Change-Id: I807ff14c4cc9afa39efee13849e0f8c22718f1c0
This commit is contained in:
Dan Prince 2016-08-24 15:26:13 -04:00
parent c58ed3b63e
commit a356bb65c9
6 changed files with 127 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
overcloud.yaml
View File

@ -91,11 +91,6 @@ parameters:
may be implementation specific, e.g puppet hieradata. Any role specific
ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig.
type: json
SwiftHashSuffix:
description: A random string to be used as a salt when hashing to determine mappings in the ring.
type: string
hidden: true
# Compute-specific params
ComputeCount:
@ -498,7 +493,6 @@ resources:
resource_def:
type: OS::TripleO::ObjectStorage
properties:
HashSuffix: {get_param: SwiftHashSuffix}
UpdateIdentifier: {get_param: UpdateIdentifier}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
Hostname:

14
puppet/controller.yaml
View File

@ -162,11 +162,6 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
SwiftHashSuffix:
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
type: string
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
@ -431,10 +426,7 @@ resources:
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
swift_hash_suffix: {get_param: SwiftHashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@ -522,12 +514,6 @@ resources:
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
# Swift
# FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
# Keystone
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}

33
puppet/services/swift-base.yaml Normal file
View File

@ -0,0 +1,33 @@
heat_template_version: 2016-04-08
description: >
OpenStack Swift Proxy service configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftHashSuffix:
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
type: string
outputs:
role_data:
description: Role data for the Swift common swift settings.
value:
service_name: swift_base
config_settings:
swift::swift_hash_path_suffix: {get_param: SwiftHashSuffix}

106
puppet/services/swift-proxy.yaml
View File

@ -39,6 +39,13 @@ parameters:
default: 'regionOne'
description: Keystone region for endpoint
resources:
SwiftBase:
type: ./swift-base.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@ -46,50 +53,59 @@ outputs:
value:
service_name: swift_proxy
config_settings:
# Swift
swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
swift::proxy::authtoken::admin_tenant_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
swift::proxy::authtoken::admin_tenant_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy

56
puppet/services/swift-storage.yaml
View File

@ -45,34 +45,44 @@ parameter_groups:
parameters:
- ControllerEnableSwiftStorage
resources:
SwiftBase:
type: ./swift-base.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
config_settings:
# Swift
swift::storage::all::mount_check: {get_param: SwiftMountCheck}
tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
tripleo.swift_storage.firewall_rules:
'123 swift storage':
dport:
- 873
- 6000
- 6001
- 6002
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::object_pipeline:
- healthcheck
- recon
- object-server
swift::storage::all::container_pipeline:
- healthcheck
- container-server
swift::storage::all::account_pipeline:
- healthcheck
- account-server
swift::storage::disks: {get_param: SwiftRawDisks}
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::storage::all::mount_check: {get_param: SwiftMountCheck}
tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
tripleo.swift_storage.firewall_rules:
'123 swift storage':
dport:
- 873
- 6000
- 6001
- 6002
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::object_pipeline:
- healthcheck
- recon
- object-server
swift::storage::all::container_pipeline:
- healthcheck
- container-server
swift::storage::all::account_pipeline:
- healthcheck
- account-server
swift::storage::disks: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage

22
puppet/swift-storage.yaml
View File

@ -7,11 +7,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
HashSuffix:
description: A random string to be used as a salt when hashing to determine mappings
in the ring.
hidden: true
type: string
SwiftStorageImage:
default: overcloud-full
type: string
@ -21,14 +16,6 @@ parameters:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
type: string
SnmpdReadonlyUserPassword:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
UpdateIdentifier:
default: ''
type: string
@ -266,10 +253,6 @@ resources:
mapped_data: {get_param: ExtraConfig}
object:
mapped_data: # data supplied directly to this deployment configuration, etc
swift::swift_hash_path_suffix: { get_input: swift_hash_suffix }
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@ -281,12 +264,7 @@ resources:
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageHieraConfig}
input_values:
local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
swift_hash_suffix: {get_param: HashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
# Resource for site-specific injection of root certificate
NodeTLSCAData: