stackforge/puppet-openstack-cloud
Code Issues Proposed changes
Files
23d00d7edec830c4325c3b5528d2fa15c639b9f6
puppet-openstack-cloud/manifests/object/controller.pp

180 lines
5.8 KiB
Puppet
Raw Blame History

#
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::object::controller
#
# Swift Proxy node
#
# === Parameters:
#
# [*ks_keystone_admin_host*]
# (optional) Admin Hostname or IP to connect to Keystone API
# Defaults to '127.0.0.1'
#
# [*ks_keystone_admin_port*]
# (optional) TCP port to connect to Keystone API from admin network
# Defaults to '35357'
#
# [*ks_keystone_internal_host*]
# (optional) Internal Hostname or IP to connect to Keystone API
# Defaults to '127.0.0.1'
#
# [*ks_keystone_internal_port*]
# (optional) TCP port to connect to Keystone API from internal network
# Defaults to '5000'
#
# [*ks_keystone_internal_proto*]
# (optional) Protocol for public endpoint. Could be 'http' or 'https'.
# Defaults to 'http'
#
# [*ks_keystone_admin_proto*]
# (optional) Protocol for admin endpoint. Could be 'http' or 'https'.
# Defaults to 'http'
#
# [*ks_swift_internal_port*]
# (optional) TCP port to connect to Swift from internal network
# Defaults to '8080'
#
# [*ks_swift_password*]
# (optional) Password used by Swift to connect to Keystone API
# Defaults to 'swiftpassword'
#
# [*ks_swift_dispersion_password*]
# (optional) Password of the dispersion tenant, used for swift-dispersion-report
# and swift-dispersion-populate tools.
# Defaults to 'dispersion'
#
# [*api_eth*]
# (optional) Which interface we bind the Swift proxy server.
# Defaults to '127.0.0.1'
#
# [*memcache_servers*]
# (optionnal) Memcached servers used by Keystone. Should be an array.
# Defaults to ['127.0.0.1:11211']
#
# [*statsd_host*]
# (optional) Hostname or IP of the statd server.
# Defaults to '127.0.0.1'
#
# [*statsd_port*]
# (optional) TCP port of the statd server
# Defaults to '4125'
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::object::controller(
$ks_keystone_admin_host = '127.0.0.1',
$ks_keystone_admin_port = 35357,
$ks_keystone_internal_host = '127.0.0.1',
$ks_keystone_internal_port = 5000,
$ks_swift_dispersion_password = 'dispersion',
$ks_swift_internal_port = 8080,
$ks_keystone_internal_proto = 'http',
$ks_keystone_admin_proto = 'http',
$ks_swift_password = 'swiftpassword',
$statsd_host = '127.0.0.1',
$statsd_port = 4125,
$memcache_servers = ['127.0.0.1:11211'],
$api_eth = '127.0.0.1',
$firewall_settings = {},
) {
include 'cloud::object'
class { 'swift::proxy':
proxy_local_net_ip => $api_eth,
port => $ks_swift_internal_port,
pipeline => [
'catch_errors', 'healthcheck', 'cache', 'bulk', 'ratelimit',
'swift3', 's3token', 'container_quotas', 'account_quotas', 'tempurl',
'formpost', 'ceilometer', 'authtoken', 'keystone', 'staticweb',
'proxy-logging', 'proxy-server'],
account_autocreate => true,
log_level => 'DEBUG',
workers => inline_template('<%= @processorcount.to_i * 2 %>
cors_allow_origin = <%= scope.lookupvar("swift_cors_allow_origin") %>
log_statsd_host = <%= scope.lookupvar("statsd_host") %>
log_statsd_port = <%= scope.lookupvar("statsd_port") %>
log_statsd_default_sample_rate = 1
'),
}
class{'swift::proxy::cache':
memcache_servers => inline_template(
'<%= scope.lookupvar("memcache_servers").join(",") %>'),
}
class { 'swift::proxy::account_quotas': }
class { 'swift::proxy::bulk': }
class { 'swift::proxy::catch_errors': }
class { 'swift::proxy::ceilometer': }
class { 'swift::proxy::container_quotas': }
class { 'swift::proxy::formpost': }
class { 'swift::proxy::healthcheck': }
class { 'swift::proxy::proxy_logging': }
class { 'swift::proxy::ratelimit': }
class { 'swift::proxy::slo': }
class { 'swift::proxy::staticweb': }
class { 'swift::proxy::tempurl': }
class { 'swift::proxy::keystone':
operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'],
}
class { 'swift::proxy::authtoken':
admin_password => $ks_swift_password,
auth_host => $ks_keystone_admin_host,
auth_port => $ks_keystone_admin_port,
auth_protocol => $ks_keystone_admin_proto,
delay_auth_decision => inline_template('1
cache = swift.cache')
}
class { 'swift::proxy::swift3':
ensure => 'latest',
}
class { 'swift::proxy::s3token':
auth_host => $ks_keystone_admin_host,
auth_port => $ks_keystone_admin_port,
auth_protocol => $ks_keystone_internal_proto
}
class { 'swift::dispersion':
auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0",
swift_dir => '/etc/swift',
auth_pass => $ks_swift_dispersion_password,
endpoint_type => 'internalURL'
}
Swift::Ringsync<<| |>> #~> Service["swift-proxy"]
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow swift-proxy access':
port => $ks_swift_internal_port,
extras => $firewall_settings,
}
}
@@haproxy::balancermember{"${::fqdn}-swift_api":
listening_service => 'swift_api_cluster',
server_names => $::hostname,
ipaddresses => $api_eth,
ports => $ks_swift_internal_port,
options => 'check inter 2000 rise 2 fall 5'
}
}
View Git Blame Copy Permalink