632afe18c0
When the swift /info endpoint is queried, Tempest fails checking the following missing keys: 1. max_meta_count 2. max_meta_name_length 3. max_meta_value_length Those keys are not present because the related rgw settings are missing, and as per [1], nothing is generated if the rgw_max_* are not set. This patch is a workaround, on the TripleO side, to provide the missing keys to the cluster. [1] https://github.com/ceph/ceph/blob/master/src/rgw/rgw_rest_swift.cc#L1883-L1900 Closes-Bug: #1950486 Change-Id: I0b199e47cce9dc72490110105f6a4ff94f90934d
207 lines
7.5 KiB
YAML
207 lines
7.5 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
Ceph RadosGW service.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
SwiftPassword:
|
|
description: The password for the swift service account
|
|
type: string
|
|
hidden: true
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
CephEnableDashboard:
|
|
type: boolean
|
|
default: false
|
|
description: Parameter used to trigger the dashboard deployment.
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CertificateKeySize:
|
|
type: string
|
|
default: '2048'
|
|
description: Specifies the private key size used when creating the
|
|
certificate.
|
|
CephRgwCertificateKeySize:
|
|
type: string
|
|
default: ''
|
|
description: Override the private key size used when creating the
|
|
certificate for this service
|
|
|
|
conditions:
|
|
key_size_override_set:
|
|
not: {equals: [{get_param: CephRgwCertificateKeySize}, '']}
|
|
|
|
resources:
|
|
CephBase:
|
|
type: ./ceph-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
CephRgwAnsibleVars:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
vars:
|
|
radosgw_keystone: true
|
|
radosgw_keystone_ssl: false
|
|
radosgw_address_block:
|
|
list_join:
|
|
- ','
|
|
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephRgwNetwork]}]
|
|
radosgw_frontend_port:
|
|
yaql:
|
|
data: {get_param: [EndpointMap, CephRgwInternal]}
|
|
expression: int($.data.port)
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ceph RadosGW service.
|
|
value:
|
|
service_name: ceph_rgw
|
|
firewall_rules:
|
|
'122 ceph rgw':
|
|
dport:
|
|
list_concat:
|
|
- - {get_param: [EndpointMap, CephRgwInternal, port]}
|
|
- {get_param: [EndpointMap, CephRgwPublic, port]}
|
|
- if:
|
|
- {get_param: CephEnableDashboard}
|
|
- - '9100'
|
|
keystone_resources:
|
|
swift:
|
|
endpoints:
|
|
public: {get_param: [EndpointMap, CephRgwPublic, uri]}
|
|
internal: {get_param: [EndpointMap, CephRgwInternal, uri]}
|
|
admin: {get_param: [EndpointMap, CephRgwAdmin, uri]}
|
|
users:
|
|
swift:
|
|
password: {get_param: SwiftPassword}
|
|
roles:
|
|
- admin
|
|
- member
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'object-store'
|
|
roles:
|
|
- member
|
|
- ResellerAdmin
|
|
- swiftoperator
|
|
upgrade_tasks: {get_attr: [CephBase, role_data, upgrade_tasks]}
|
|
post_upgrade_tasks: {get_attr: [CephBase, role_data, post_upgrade_tasks]}
|
|
puppet_config: {}
|
|
docker_config: {}
|
|
external_deploy_tasks:
|
|
list_concat:
|
|
- {get_attr: [CephBase, role_data, external_deploy_tasks]}
|
|
- - name: ceph_rgw_external_deploy_init
|
|
when: step|int == 1
|
|
tags:
|
|
- ceph
|
|
block:
|
|
- name: set ceph-ansible group vars rgws
|
|
set_fact:
|
|
cephadm_rgw_vars:
|
|
if:
|
|
- {get_param: EnableInternalTLS}
|
|
- map_merge:
|
|
- {get_attr: [CephRgwAnsibleVars, value, vars]}
|
|
- radosgw_frontend_ssl_certificate: '/etc/pki/tls/certs/ceph_rgw.pem'
|
|
- {get_attr: [CephRgwAnsibleVars, value, vars]}
|
|
ceph_rgw_config_overrides:
|
|
global:
|
|
rgw_keystone_api_version: 3
|
|
rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
rgw_keystone_accepted_roles: 'member, Member, admin'
|
|
rgw_keystone_accepted_admin_roles: ResellerAdmin, swiftoperator
|
|
rgw_keystone_admin_domain: default
|
|
rgw_keystone_admin_project: service
|
|
rgw_keystone_admin_user: swift
|
|
rgw_keystone_admin_password: {get_param: SwiftPassword}
|
|
rgw_keystone_implicit_tenants: 'true'
|
|
rgw_keystone_revocation_interval: '0'
|
|
rgw_s3_auth_use_keystone: 'true'
|
|
rgw_swift_versioning_enabled: 'true'
|
|
rgw_swift_account_in_url: 'true'
|
|
rgw_trust_forwarded_https: 'true'
|
|
# NOTE(fpantano) swift defaults
|
|
# https://github.com/openstack/swift/blob/master/swift/common/constraints.py
|
|
rgw_max_attr_name_len: 128
|
|
rgw_max_attrs_num_in_req: 90
|
|
rgw_max_attr_size: 256
|
|
|
|
metadata_settings:
|
|
if:
|
|
- {get_param: EnableInternalTLS}
|
|
- - service: ceph_rgw
|
|
network: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
|
type: node
|
|
deploy_steps_tasks:
|
|
- name: Certificate generation
|
|
when:
|
|
- step|int == 1
|
|
- enable_internal_tls
|
|
block:
|
|
- include_role:
|
|
name: linux-system-roles.certificate
|
|
vars:
|
|
certificate_requests:
|
|
- name: ceph_rgw
|
|
dns:
|
|
str_replace:
|
|
template: "{{fqdn_$NETWORK}}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "ceph_rgw/{{fqdn_$NETWORK}}@{{idm_realm}}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
|
run_after: |
|
|
# Create PEM file
|
|
pemfile=/etc/pki/tls/certs/ceph_rgw.pem
|
|
cat /etc/pki/tls/certs/ceph_rgw.crt /etc/ipa/ca.crt /etc/pki/tls/private/ceph_rgw.key > $pemfile
|
|
chmod 0640 $pemfile
|
|
chown 472:472 $pemfile
|
|
# Get ceph rgw systemd unit
|
|
rgw_unit=$(systemctl list-unit-files | awk '/radosgw/ {print $1}')
|
|
# Restart the rgw systemd unit
|
|
if [ -n "$rgw_unit" ]; then
|
|
systemctl restart "$rgw_unit"
|
|
fi
|
|
key_size:
|
|
if:
|
|
- key_size_override_set
|
|
- {get_param: CephRgwCertificateKeySize}
|
|
- {get_param: CertificateKeySize}
|
|
ca: ipa
|