openstack/tripleo-heat-templates
Code Issues Proposed changes

flatten the swift service configurations

Browse Source 
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for all swift services.

With this patch the baremetal version of each swift service has been removed
except for swift-dispersion which only exists in baremetal form.

Related-Blueprint: services-yaml-flattening

Change-Id: I7986efed381a2149bdff42526048ae72e0bf36c0
This commit is contained in:
Dan Prince 2019-01-22 15:16:58 -05:00
parent 560ec36685
commit f0aecdd362
12 changed files with 356 additions and 603 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
puppet/services/swift-base.yaml → deployment/swift/swift-base.yaml
View File

0
puppet/services/swift-dispersion.yaml → deployment/swift/swift-dispersion-baremetal-puppet.yaml
View File

233
docker/services/swift-proxy.yaml → deployment/swift/swift-proxy-container-puppet.yaml
View File

@ -40,9 +40,6 @@ parameters:
description: Set to True to enable data-at-rest encryption in Swift
default: false
type: boolean
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
@ -53,19 +50,76 @@ parameters:
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
SwiftProxyNodeTimeout:
default: 60
description: Timeout for requests going from swift-proxy to swift a/c/o services.
type: number
SwiftWorkers:
default: 0
description: Number of workers for Swift service.
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionSwiftProxy:
default: 'overcloud-swift-proxy'
type: string
SwiftCeilometerPipelineEnabled:
description: Set to False to disable the swift proxy ceilometer pipeline.
default: false
type: boolean
SwiftCeilometerIgnoreProjects:
default: ['service']
description: Comma-seperated list of project names to ignore.
type: comma_delimited_list
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
RpcUserName:
default: guest
description: The username for messaging backend
type: string
RpcPassword:
description: The password for messaging backend
type: string
hidden: true
RpcUseSSL:
default: false
description: >
Messaging client subscriber parameter to specify
an SSL connection to the messaging host.
type: string
EnableInternalTLS:
type: boolean
default: false
SwiftCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
swift_encryption_enabled: {equals : [{get_param: SwiftEncryptionEnabled}, true]}
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
cors_allowed_origin_unset: {equals : [{get_param: SwiftCorsAllowedOrigin}, '']}
swift_workers_zero: {equals : [{get_param: SwiftWorkers}, '0']}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
SwiftProxyBase:
type: ../../puppet/services/swift-proxy.yaml
SwiftBase:
type: ./swift-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -74,19 +128,174 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the swift proxy.
value:
service_name: {get_attr: [SwiftProxyBase, role_data, service_name]}
config_settings: {get_attr: [SwiftProxyBase, role_data, config_settings]}
service_config_settings: {get_attr: [SwiftProxyBase, role_data, service_config_settings]}
service_name: swift_proxy
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- swift::proxy::cors_allow_origin: {get_param: SwiftCorsAllowedOrigin}
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::s3token::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
-
if:
- swift_workers_zero
- {}
- swift::proxy::workers: {get_param: SwiftWorkers}
-
if:
- ceilometer_pipeline_enabled
-
# TODO(ansmith): remove once p-t-o switches to oslo params
swift::proxy::ceilometer::rabbit_user: {get_param: RpcUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RpcPassword}
swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RpcUseSSL}
swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::ceilometer::password: {get_param: SwiftPassword}
swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
swift::proxy::ceilometer::nonblocking_notify: true
- {}
- swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RpcPort}
tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RpcUseSSL}
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
tripleo::swift_proxy::firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::versioned_writes::allow_versioned_writes: true
- if:
- swift_encryption_enabled
-
swift::keymaster::key_id: 'test_id'
swift::keymaster::username: 'swift'
swift::keymaster::password: {get_param: SwiftPassword}
swift::keymaster::project_name: 'service'
swift::keymaster::project_domain_id: 'default'
swift::keymaster::user_domain_id: 'default'
swift::keymaster::auth_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri]}
- {}
- swift::proxy::pipeline:
yaql:
expression: $.data.pipeline.where($ != '')
data:
pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 's3api'
- 's3token'
- 'keystone'
- 'staticweb'
- 'copy'
- 'container_quotas'
- 'account_quotas'
- 'slo'
- 'dlo'
- 'versioned_writes'
-
if:
- ceilometer_pipeline_enabled
- 'ceilometer'
- ''
-
if:
- swift_encryption_enabled
- 'kms_keymaster'
- ''
-
if:
- swift_encryption_enabled
- 'encryption'
- ''
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_port:
get_param: [EndpointMap, SwiftInternal, port]
swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
swift::proxy::proxy_local_net_ip:
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
service_config_settings:
keystone:
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: swift
puppet_tags: swift_config,swift_proxy_config,swift_keymaster_config
step_config:
get_attr: [SwiftProxyBase, role_data, step_config]
step_config: |
include ::tripleo::profile::base::swift::proxy
config_image: {get_param: DockerSwiftConfigImage}
kolla_config:
/var/lib/kolla/config_files/swift_proxy.json:
@ -288,7 +497,7 @@ outputs:
ignore_errors: True
when: remove_swift_proxy_package|bool
metadata_settings:
get_attr: [SwiftProxyBase, role_data, metadata_settings]
get_attr: [TLSProxyBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:

53
docker/services/swift-ringbuilder.yaml → deployment/swift/swift-ringbuilder-container-puppet.yaml
View File

@ -7,10 +7,6 @@ parameters:
DockerSwiftConfigImage:
description: The container image to use for the swift config_volume
type: string
DockerSwiftRingbuilderConfigImage:
description: Fake parameter to bypass config_volume yaml validation
type: string
default: ''
ServiceData:
default: {}
description: Dictionary packing service data
@ -70,34 +66,47 @@ parameters:
description: A temporary Swift URL to upload rings to.
type: string
resources:
SwiftRingbuilderBase:
type: ../../puppet/services/swift-ringbuilder.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
swift_use_local_dir:
and:
- equals:
- get_param: SwiftUseLocalDir
- true
- equals:
- get_param: SwiftRawDisks
- {}
outputs:
role_data:
description: Role data for Swift Ringbuilder configuration in containers.
value:
service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
service_name: swift_ringbuilder
config_settings:
map_merge:
- {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
- tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
tripleo::profile::base::swift::ringbuilder::swift_ring_get_tempurl: {get_param: SwiftRingGetTempurl}
tripleo::profile::base::swift::ringbuilder::swift_ring_put_tempurl: {get_param: SwiftRingPutTempurl}
tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
tripleo::profile::base::swift::ringbuilder::part_power: {get_param: SwiftPartPower}
tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours}
tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-'
tripleo::profile::base::swift::ringbuilder::raw_disks:
yaql:
expression: $.data.raw_disk_lists.flatten()
data:
raw_disk_lists:
- {if: [swift_use_local_dir, [':%PORT%/d1'], []]}
- repeat:
template: ':%PORT%/DEVICE'
for_each:
DEVICE: {get_param: SwiftRawDisks}
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'swift_ringbuilder'
puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
step_config:
get_attr: [SwiftRingbuilderBase, role_data, step_config]
step_config: |
include ::tripleo::profile::base::swift::ringbuilder
config_image: &swift_ringbuilder_image {get_param: DockerSwiftConfigImage}
kolla_config: {}
docker_config:

99
docker/services/swift-storage.yaml → deployment/swift/swift-storage-container-puppet.yaml
View File

@ -65,18 +65,60 @@ parameters:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
SwiftMountCheck:
default: false
description: Value of mount_check in Swift account/container/object -server.conf
type: boolean
SwiftAccountWorkers:
default: 0
description: Number of workers for Swift account service.
type: string
SwiftContainerWorkers:
default: 0
description: Number of workers for Swift account service.
type: string
SwiftObjectWorkers:
default: 0
description: Number of workers for Swift account service.
type: string
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
ControllerEnableSwiftStorage:
default: true
description: Whether to enable Swift Storage on the Controller
type: boolean
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- ControllerEnableSwiftStorage
conditions:
single_replica_mode: {equals: [{get_param: SwiftReplicas}, 1]}
swift_container_sharder_enabled: {equals : [{get_param: SwiftContainerSharderEnabled}, true]}
swift_mount_check:
or:
- equals:
- get_param: SwiftMountCheck
- true
- not:
equals:
- get_param: SwiftRawDisks
- {}
account_workers_zero: {equals : [{get_param: SwiftAccountWorkers}, '0']}
container_workers_zero: {equals : [{get_param: SwiftContainerWorkers}, '0']}
object_workers_zero: {equals : [{get_param: SwiftObjectWorkers}, '0']}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
SwiftStorageBase:
type: ../../puppet/services/swift-storage.yaml
SwiftBase:
type: ./swift-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -89,13 +131,56 @@ outputs:
role_data:
description: Role data for the swift storage services.
value:
service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
service_name: swift_storage
config_settings:
map_merge:
- {get_attr: [SwiftStorageBase, role_data, config_settings]}
- {get_attr: [SwiftBase, role_data, config_settings]}
# FIXME (cschwede): re-enable this once checks works inside containers
# swift::storage::all::mount_check: {if: [swift_mount_check, true, false]}
- swift::storage::all::mount_check: false
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
tripleo::profile::base::swift::storage::use_local_dir: {get_param: SwiftUseLocalDir}
tripleo::swift_storage::firewall_rules:
'123 swift storage':
dport:
- 873
- 6000
- 6001
- 6002
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::object_pipeline:
- healthcheck
- recon
- object-server
swift::storage::all::container_pipeline:
- healthcheck
- container-server
swift::storage::all::account_pipeline:
- healthcheck
- account-server
swift::storage::disks::args: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
-
if:
- account_workers_zero
- {}
- swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
-
if:
- container_workers_zero
- {}
- swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
-
if:
- object_workers_zero
- {}
- swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: swift
@ -105,7 +190,7 @@ outputs:
- "\n"
- - "class xinetd() {}"
- "define xinetd::service($bind='',$port='',$server='',$server_args='') {}"
- {get_attr: [SwiftStorageBase, role_data, step_config]}
- "include ::tripleo::profile::base::swift::storage"
config_image: {get_param: DockerSwiftConfigImage}
kolla_config:
/var/lib/kolla/config_files/swift_account_auditor.json:

8
environments/baremetal-services.yaml
View File

@ -52,10 +52,10 @@ resource_registry:
OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml
OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml
OS::TripleO::Services::Sshd: ../deployment/sshd/sshd-baremetal-puppet.yaml
OS::TripleO::Services::SwiftDispersion: ../puppet/services/swift-dispersion.yaml
OS::TripleO::Services::SwiftProxy: ../puppet/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../puppet/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../puppet/services/swift-storage.yaml
OS::TripleO::Services::SwiftDispersion: ../deployment/swift/swift-dispersion-baremetal-puppet.yaml
OS::TripleO::Services::SwiftProxy: ../deployment/swift/swift-proxy-container-puppet.yaml
OS::TripleO::Services::SwiftRingBuilder: ../deployment/swift/swift-ringbuilder-container-puppet.yaml
OS::TripleO::Services::SwiftStorage: ../deployment/swift/swift-storage-container-puppet.yaml
# If SR-IOV is enabled on the compute nodes, it will need the SR-IOV

6
environments/docker-uc-light.yaml
View File

@ -22,9 +22,9 @@ resource_registry:
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/messaging/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
OS::TripleO::Services::SwiftProxy: ../deployment/swift/swift-proxy-container-puppet.yaml
OS::TripleO::Services::SwiftRingBuilder: ../deployment/swift/swift-ringbuilder-container-puppet.yaml
OS::TripleO::Services::SwiftStorage: ../deployment/swift/swift-storage-container-puppet.yaml
OS::TripleO::Services::Zaqar: ../deployment/zaqar/zaqar-container-puppet.yaml
parameter_defaults:

6
overcloud-resource-registry-puppet.j2.yaml
View File

@ -207,11 +207,11 @@ resource_registry:
OS::TripleO::Services::OpenShift::Worker: OS::Heat::None
OS::TripleO::Services::OpenShift::Infra: OS::Heat::None
OS::TripleO::Services::OpenShift::GlusterFS: OS::Heat::None
OS::TripleO::Services::SwiftProxy: docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftProxy: deployment/swift/swift-proxy-container-puppet.yaml
OS::TripleO::Services::SwiftDispersion: OS::Heat::None
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: docker/services/swift-storage.yaml
OS::TripleO::Services::SwiftRingBuilder: docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: deployment/swift/swift-storage-container-puppet.yaml
OS::TripleO::Services::SwiftRingBuilder: deployment/swift/swift-ringbuilder-container-puppet.yaml
OS::TripleO::Services::Snmp: deployment/snmp/snmp-baremetal-puppet.yaml
OS::TripleO::Services::Tacker: OS::Heat::None
OS::TripleO::Services::Timezone: deployment/time/timezone-baremetal-puppet.yaml

279
puppet/services/swift-proxy.yaml
View File

@ -1,279 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Swift Proxy service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftPassword:
description: The password for the swift service account
type: string
hidden: true
SwiftProxyNodeTimeout:
default: 60
description: Timeout for requests going from swift-proxy to swift a/c/o services.
type: number
SwiftWorkers:
default: 0
description: Number of workers for Swift service.
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
MonitoringSubscriptionSwiftProxy:
default: 'overcloud-swift-proxy'
type: string
SwiftCeilometerPipelineEnabled:
description: Set to False to disable the swift proxy ceilometer pipeline.
default: false
type: boolean
SwiftCeilometerIgnoreProjects:
default: ['service']
description: Comma-seperated list of project names to ignore.
type: comma_delimited_list
SwiftEncryptionEnabled:
description: Set to True to enable data-at-rest encryption in Swift
default: false
type: boolean
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
RpcUserName:
default: guest
description: The username for messaging backend
type: string
RpcPassword:
description: The password for messaging backend
type: string
hidden: true
RpcUseSSL:
default: false
description: >
Messaging client subscriber parameter to specify
an SSL connection to the messaging host.
type: string
EnableInternalTLS:
type: boolean
default: false
SwiftCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
conditions:
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
swift_encryption_enabled: {equals : [{get_param: SwiftEncryptionEnabled}, true]}
cors_allowed_origin_unset: {equals : [{get_param: SwiftCorsAllowedOrigin}, '']}
swift_workers_zero: {equals : [{get_param: SwiftWorkers}, '0']}
resources:
SwiftBase:
type: ./swift-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Swift proxy service.
value:
service_name: swift_proxy
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- swift::proxy::cors_allow_origin: {get_param: SwiftCorsAllowedOrigin}
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
swift::proxy::authtoken::project_name: 'service'
swift::proxy::s3token::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
-
if:
- swift_workers_zero
- {}
- swift::proxy::workers: {get_param: SwiftWorkers}
-
if:
- ceilometer_pipeline_enabled
-
# TODO(ansmith): remove once p-t-o switches to oslo params
swift::proxy::ceilometer::rabbit_user: {get_param: RpcUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RpcPassword}
swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RpcUseSSL}
swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::ceilometer::password: {get_param: SwiftPassword}
swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects}
swift::proxy::ceilometer::nonblocking_notify: true
- {}
- swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RpcPort}
tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RpcUseSSL}
tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
tripleo::swift_proxy::firewall_rules:
'122 swift proxy':
dport:
- 8080
- 13808
swift::proxy::keystone::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
swift::proxy::versioned_writes::allow_versioned_writes: true
- if:
- swift_encryption_enabled
-
swift::keymaster::key_id: 'test_id'
swift::keymaster::username: 'swift'
swift::keymaster::password: {get_param: SwiftPassword}
swift::keymaster::project_name: 'service'
swift::keymaster::project_domain_id: 'default'
swift::keymaster::user_domain_id: 'default'
swift::keymaster::auth_endpoint: {get_param: [EndpointMap, KeystoneInternal, uri]}
- {}
- swift::proxy::pipeline:
yaql:
expression: $.data.pipeline.where($ != '')
data:
pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 's3api'
- 's3token'
- 'keystone'
- 'staticweb'
- 'copy'
- 'container_quotas'
- 'account_quotas'
- 'slo'
- 'dlo'
- 'versioned_writes'
-
if:
- ceilometer_pipeline_enabled
- 'ceilometer'
- ''
-
if:
- swift_encryption_enabled
- 'kms_keymaster'
- ''
-
if:
- swift_encryption_enabled
- 'encryption'
- ''
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
tripleo::profile::base::swift::proxy::tls_proxy_port:
get_param: [EndpointMap, SwiftInternal, port]
swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
swift::proxy::proxy_local_net_ip:
if:
- use_tls_proxy
- 'localhost'
- str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:
keystone:
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
swift::keystone::auth::password: {get_param: SwiftPassword}
swift::keystone::auth::region: {get_param: KeystoneRegion}
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
- ResellerAdmin
upgrade_tasks:
- name: Stop swift_proxy service
when: step|int == 1
service: name=openstack-swift-proxy state=stopped
metadata_settings:
get_attr: [TLSProxyBase, role_data, metadata_settings]

100
puppet/services/swift-ringbuilder.yaml
View File

@ -1,100 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Swift Ringbuilder
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftMinPartHours:
type: number
default: 1
description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance.
SwiftPartPower:
default: 10
description: Partition Power to use when building Swift rings
type: number
SwiftRingBuild:
default: true
description: Whether to manage Swift rings or not
type: boolean
SwiftReplicas:
type: number
default: 3
description: How many replicas to use in the swift rings.
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
SwiftUseLocalDir:
default: true
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
SwiftRingGetTempurl:
default: ''
description: A temporary Swift URL to download rings from.
type: string
SwiftRingPutTempurl:
default: ''
description: A temporary Swift URL to upload rings to.
type: string
conditions:
swift_use_local_dir:
and:
- equals:
- get_param: SwiftUseLocalDir
- true
- equals:
- get_param: SwiftRawDisks
- {}
outputs:
role_data:
description: Role data for Swift Ringbuilder configuration.
value:
service_name: swift_ringbuilder
config_settings:
tripleo::profile::base::swift::ringbuilder::swift_ring_get_tempurl: {get_param: SwiftRingGetTempurl}
tripleo::profile::base::swift::ringbuilder::swift_ring_put_tempurl: {get_param: SwiftRingPutTempurl}
tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
tripleo::profile::base::swift::ringbuilder::part_power: {get_param: SwiftPartPower}
tripleo::profile::base::swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours}
tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-'
tripleo::profile::base::swift::ringbuilder::raw_disks:
yaql:
expression: $.data.raw_disk_lists.flatten()
data:
raw_disk_lists:
- {if: [swift_use_local_dir, [':%PORT%/d1'], []]}
- repeat:
template: ':%PORT%/DEVICE'
for_each:
DEVICE: {get_param: SwiftRawDisks}
step_config: |
include ::tripleo::profile::base::swift::ringbuilder

171
puppet/services/swift-storage.yaml
View File

@ -1,171 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Swift Storage service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SwiftMountCheck:
default: false
description: Value of mount_check in Swift account/container/object -server.conf
type: boolean
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
MonitoringSubscriptionSwiftStorage:
default: 'overcloud-swift-storage'
type: string
SwiftAccountWorkers:
default: 0
description: Number of workers for Swift account service.
type: string
SwiftContainerWorkers:
default: 0
description: Number of workers for Swift account service.
type: string
SwiftObjectWorkers:
default: 0
description: Number of workers for Swift account service.
type: string
SwiftUseLocalDir:
default: true
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
ControllerEnableSwiftStorage:
default: true
description: Whether to enable Swift Storage on the Controller
type: boolean
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- ControllerEnableSwiftStorage
resources:
SwiftBase:
type: ./swift-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
swift_mount_check:
or:
- equals:
- get_param: SwiftMountCheck
- true
- not:
equals:
- get_param: SwiftRawDisks
- {}
account_workers_zero: {equals : [{get_param: SwiftAccountWorkers}, '0']}
container_workers_zero: {equals : [{get_param: SwiftContainerWorkers}, '0']}
object_workers_zero: {equals : [{get_param: SwiftObjectWorkers}, '0']}
outputs:
role_data:
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::storage::all::mount_check: {if: [swift_mount_check, true, false]}
tripleo::profile::base::swift::storage::use_local_dir: {get_param: SwiftUseLocalDir}
tripleo::swift_storage::firewall_rules:
'123 swift storage':
dport:
- 873
- 6000
- 6001
- 6002
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::object_pipeline:
- healthcheck
- recon
- object-server
swift::storage::all::container_pipeline:
- healthcheck
- container-server
swift::storage::all::account_pipeline:
- healthcheck
- account-server
swift::storage::disks::args: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
-
if:
- account_workers_zero
- {}
- swift::storage::all::account_server_workers: {get_param: SwiftAccountWorkers}
-
if:
- container_workers_zero
- {}
- swift::storage::all::container_server_workers: {get_param: SwiftContainerWorkers}
-
if:
- object_workers_zero
- {}
- swift::storage::all::object_server_workers: {get_param: SwiftObjectWorkers}
step_config: |
include ::tripleo::profile::base::swift::storage
upgrade_tasks:
- name: Stop swift storage services
when: step|int == 1
service: name={{ item }} state=stopped
with_items:
- openstack-swift-account-auditor
- openstack-swift-account-reaper
- openstack-swift-account-replicator
- openstack-swift-account
- openstack-swift-container-auditor
- openstack-swift-container-replicator
- openstack-swift-container-updater
- openstack-swift-container
- openstack-swift-object-auditor
- openstack-swift-object-expirer
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object

4
sample-env-generator/standalone.yaml
View File

@ -25,7 +25,7 @@ environments:
openstack overcloud roles generate -o ~/roles_data.yaml Standalone
files:
docker/services/swift-storage.yaml:
deployment/swift/swift-storage-container-puppet.yaml:
parameters:
- SwiftReplicas
deployment/time/ntp-baremetal-puppet.yaml:
@ -165,7 +165,7 @@ environments:
openstack overcloud roles generate -o ~/roles_data.yaml Standalone
files:
docker/services/swift-storage.yaml:
deployment/swift/swift-storage-container-puppet.yaml:
parameters:
- SwiftReplicas
deployment/time/ntp-baremetal-puppet.yaml: