diff --git a/manifests/all.pp b/manifests/all.pp index 9543db2..6c4200d 100644 --- a/manifests/all.pp +++ b/manifests/all.pp @@ -62,7 +62,7 @@ class openstack::all( $network_manager = 'nova.network.manager.FlatDHCPManager', $network_config = {}, # middleware credentials - $mysql_root_password = 'sql_pass', + $mysql_root_password = undef, $rabbit_password = 'rabbit_pw', $rabbit_user = 'nova', # opestack credentials @@ -70,6 +70,7 @@ class openstack::all( $admin_password = 'ChangeMe', $keystone_db_password = 'keystone_pass', $keystone_admin_token = 'keystone_admin_token', + $keystone_admin_tenant = 'openstack', $nova_db_password = 'nova_pass', $nova_user_password = 'nova_pass', $glance_db_password = 'glance_pass', @@ -98,7 +99,7 @@ class openstack::all( class { 'mysql::server': config_hash => { # the priv grant fails on precise if I set a root password - # 'root_password' => $mysql_root_password, + 'root_password' => $mysql_root_password, 'bind_address' => '127.0.0.1' } } @@ -123,8 +124,9 @@ class openstack::all( } # set up keystone admin users class { 'keystone::roles::admin': - email => $admin_email, - password => $admin_password, + email => $admin_email, + password => $admin_password, + admin_tenant => $keystone_admin_tenant, } # set up the keystone service and endpoint class { 'keystone::endpoint': } diff --git a/manifests/controller.pp b/manifests/controller.pp index d9bf7bc..0257018 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -54,11 +54,12 @@ class openstack::controller( $internal_address, $admin_address = $internal_address, # connection information - $mysql_root_password = 'sql_pass', + $mysql_root_password = undef, $admin_email = 'some_user@some_fake_email_address.foo', $admin_password = 'ChangeMe', $keystone_db_password = 'keystone_pass', $keystone_admin_token = 'keystone_admin_token', + $keystone_admin_tenant = 'openstack', $glance_db_password = 'glance_pass', $glance_user_password = 'glance_pass', $nova_db_password = 'nova_pass', @@ -119,7 +120,7 @@ class openstack::controller( config_hash => { # the priv grant fails on precise if I set a root password # TODO I should make sure that this works - # 'root_password' => $mysql_root_password, + 'root_password' => $mysql_root_password, 'bind_address' => '0.0.0.0' }, enabled => $enabled, @@ -164,8 +165,9 @@ class openstack::controller( if ($enabled) { # set up keystone admin users class { 'keystone::roles::admin': - email => $admin_email, - password => $admin_password, + email => $admin_email, + password => $admin_password, + admin_tenant => $keystone_admin_tenant, } # set up the keystone service and endpoint class { 'keystone::endpoint': diff --git a/manifests/swift/proxy.pp b/manifests/swift/proxy.pp new file mode 100644 index 0000000..a7804af --- /dev/null +++ b/manifests/swift/proxy.pp @@ -0,0 +1,104 @@ +class openstack::swift::proxy ( + $swift_user_password = 'swift_pass', + $swift_hash_suffix = 'swift_secret', + $swift_local_net_ip = $::ipaddress_eth0, + $ring_part_power = 18, + $ring_replicas = 3, + $ring_min_part_hours = 1, + $proxy_pipeline = ['catch_errors', 'healthcheck', 'cache', 'ratelimit', 'swift3', 's3token', 'authtoken', 'keystone', 'proxy-server'], + $proxy_workers = $::processorcount, + $proxy_port = '8080', + $proxy_allow_account_management = true, + $proxy_account_autocreate = true, + $ratelimit_clock_accuracy = 1000, + $ratelimit_max_sleep_time_seconds = 60, + $ratelimit_log_sleep_time_seconds = 0, + $ratelimit_rate_buffer_seconds = 5, + $ratelimit_account_ratelimit = 0, + $package_ensure = 'present', + $controller_node_address = '10.0.0.1', + $memcached = true +) { + + class { 'swift': + swift_hash_suffix => $swift_hash_suffix, + package_ensure => $package_ensure, + } + + if $memcached { + class { 'memcached': + listen_ip => '127.0.0.1', + } + } + + class { '::swift::proxy': + proxy_local_net_ip => $swift_local_net_ip, + pipeline => $proxy_pipeline, + port => $proxy_port, + workers => $proxy_workers, + allow_account_management => $proxy_allow_account_management, + account_autocreate => $proxy_account_autocreate, + package_ensure => $package_ensure, + require => Class['swift::ringbuilder'], + } + + # configure all of the middlewares + class { [ + '::swift::proxy::catch_errors', + '::swift::proxy::healthcheck', + '::swift::proxy::cache', + '::swift::proxy::swift3', + ]: } + + class { '::swift::proxy::ratelimit': + clock_accuracy => $ratelimit_clock_accuracy, + max_sleep_time_seconds => $ratelimit_max_sleep_time_seconds, + log_sleep_time_seconds => $ratelimit_log_sleep_time_seconds, + rate_buffer_seconds => $ratelimit_rate_buffer_seconds, + account_ratelimit => $ratelimit_account_ratelimit, + } + + class { '::swift::proxy::s3token': + auth_host => $controller_node_address, + auth_port => '35357', + } + class { '::swift::proxy::keystone': + operator_roles => ['admin', 'SwiftOperator'], + } + class { '::swift::proxy::authtoken': + admin_user => 'swift', + admin_tenant_name => 'services', + admin_password => $swift_user_password, + auth_host => $controller_node_address, + } + + # collect all of the resources that are needed + # to balance the ring + Ring_object_device <<| |>> + Ring_container_device <<| |>> + Ring_account_device <<| |>> + + # create the ring + class { 'swift::ringbuilder': + # the part power should be determined by assuming 100 partitions per drive + part_power => $ring_part_power, + replicas => $ring_replicas, + min_part_hours => $ring_min_part_hours, + require => Class['swift'], + } + + # sets up an rsync db that can be used to sync the ring DB + class { 'swift::ringserver': + local_net_ip => $swift_local_net_ip, + } + + # exports rsync gets that can be used to sync the ring files + @@swift::ringsync { ['account', 'object', 'container']: + ring_server => $swift_local_net_ip + } + + # deploy a script that can be used for testing + file { '/tmp/swift_keystone_test.rb': + source => 'puppet:///modules/swift/swift_keystone_test.rb' + } +} diff --git a/manifests/swift/storage-node.pp b/manifests/swift/storage-node.pp new file mode 100644 index 0000000..e74856b --- /dev/null +++ b/manifests/swift/storage-node.pp @@ -0,0 +1,58 @@ +class openstack::swift::storage-node ( + $swift_zone, + $swift_hash_suffix = 'swift_secret', + $swift_local_net_ip = $::ipaddress_eth0, + $storage_type = 'loopback', + $storage_base_dir = '/srv/loopback-device', + $storage_mnt_base_dir = '/srv/node', + $storage_devices = ['1', '2'], + $storage_weight = 1, + $package_ensure = 'present' +) { + + class { 'swift': + swift_hash_suffix => $swift_hash_suffix, + package_ensure => $package_ensure, + } + + case $storage_type { + 'loopback': { + # create xfs partitions on a loopback device and mount them + swift::storage::loopback { $storage_devices: + base_dir => $storage_base_dir, + mnt_base_dir => $storage_mnt_base_dir, + require => Class['swift'], + } + } + } + + # install all swift storage servers together + class { 'swift::storage::all': + storage_local_net_ip => $swift_local_net_ip, + } + + define device_endpoint ($swift_local_net_ip, $zone, $weight) { + @@ring_object_device { "${swift_local_net_ip}:6000/${name}": + zone => $swift_zone, + weight => $weight, + } + @@ring_container_device { "${swift_local_net_ip}:6001/${name}": + zone => $swift_zone, + weight => $weight, + } + @@ring_account_device { "${swift_local_net_ip}:6002/${name}": + zone => $swift_zone, + weight => $weight, + } + } + + device_endpoint { $storage_devices: + swift_local_net_ip => $swift_local_net_ip, + zone => $swift_zone, + weight => $storage_weight, + } + + # collect resources for synchronizing the ring databases + Swift::Ringsync<<||>> + +}