openstack/kolla-ansible
Code Issues Proposed changes

Remove Swift role

Browse Source 
Since Swift is broken and since deprecation nobody did
pick up the work to make it working - let's remove
swift role and associated integrations/CI scripts.

Change-Id: I08e92aaeea644053fd25f80ce1f276a495cebbfc
This commit is contained in:
Michal Nasiadka 2025-03-20 15:48:56 +01:00
parent 88e94f29bb
commit adb1a9b918
86 changed files with 24 additions and 2963 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.rst
View File

@ -62,7 +62,6 @@ Kolla Ansible deploys containers for the following OpenStack projects:
- `Nova <https://docs.openstack.org/nova/latest/>`__
- `Octavia <https://docs.openstack.org/octavia/latest/>`__
- Skyline (`APIServer <https://docs.openstack.org/skyline-apiserver/latest/>`__ and `Console <https://docs.openstack.org/skyline-console/latest/>`__)
- `Swift <https://docs.openstack.org/swift/latest/>`__
- `Tacker <https://docs.openstack.org/tacker/latest/>`__
- `Trove <https://docs.openstack.org/trove/latest/>`__
- `Venus <https://docs.openstack.org/venus/latest/>`__

27
ansible/group_vars/all.yml
View File

@ -286,8 +286,6 @@ network_interface: "eth0"
neutron_external_interface: "eth1"
kolla_external_vip_interface: "{{ network_interface }}"
api_interface: "{{ network_interface }}"
swift_storage_interface: "{{ network_interface }}"
swift_replication_interface: "{{ swift_storage_interface }}"
migration_interface: "{{ api_interface }}"
tunnel_interface: "{{ network_interface }}"
octavia_network_interface: "{{ 'o-hm0' if octavia_network_type == 'tenant' else api_interface }}"
@ -302,8 +300,6 @@ ironic_tftp_interface: "{{ api_interface }}"
network_address_family: "ipv4"
api_address_family: "{{ network_address_family }}"
storage_address_family: "{{ network_address_family }}"
swift_storage_address_family: "{{ storage_address_family }}"
swift_replication_address_family: "{{ swift_storage_address_family }}"
migration_address_family: "{{ api_address_family }}"
tunnel_address_family: "{{ network_address_family }}"
octavia_network_address_family: "{{ api_address_family }}"
@ -703,17 +699,6 @@ skyline_console_listen_port: "{{ skyline_console_port }}"
skyline_console_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else skyline_console_port }}"
skyline_enable_sso: "{{ enable_keystone_federation | bool and keystone_identity_providers | selectattr('protocol', 'equalto', 'openid') | list | count > 0 }}"
swift_internal_fqdn: "{{ kolla_internal_fqdn }}"
swift_external_fqdn: "{{ kolla_external_fqdn }}"
swift_internal_base_endpoint: "{{ swift_internal_fqdn | kolla_url(internal_protocol, swift_proxy_server_port) }}"
swift_public_base_endpoint: "{{ swift_external_fqdn | kolla_url(public_protocol, swift_proxy_server_port) }}"
swift_proxy_server_port: "8080"
swift_proxy_server_listen_port: "{{ swift_proxy_server_port }}"
swift_object_server_port: "6000"
swift_account_server_port: "6001"
swift_container_server_port: "6002"
swift_rsync_port: "10873"
syslog_udp_port: "{{ fluentd_syslog_port }}"
tacker_internal_fqdn: "{{ kolla_internal_fqdn }}"
@ -938,9 +923,6 @@ enable_prometheus: "no"
enable_proxysql: "yes"
enable_redis: "no"
enable_skyline: "no"
enable_swift: "no"
enable_swift_s3api: "no"
enable_swift_recon: "no"
enable_tacker: "no"
enable_telegraf: "no"
enable_trove: "no"
@ -1097,12 +1079,11 @@ openstack_auth:
#######################
# Glance options
#######################
glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_s3 | bool or glance_backend_swift | bool or glance_backend_vmware | bool) }}"
glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_s3 | bool or glance_backend_vmware | bool) }}"
glance_backend_ceph: "no"
glance_backend_vmware: "no"
glance_backend_s3: "no"
enable_glance_image_cache: "no"
glance_backend_swift: "{{ enable_swift | bool }}"
glance_file_datadir_volume: "glance"
glance_enable_rolling_upgrade: "no"
glance_enable_property_protection: "no"
@ -1121,8 +1102,8 @@ barbican_library_path: "/usr/lib/libCryptoki2_64.so"
#################
# Gnocchi options
#################
# Valid options are [ file, ceph, swift ]
gnocchi_backend_storage: "{% if enable_swift | bool %}swift{% else %}file{% endif %}"
# Valid options are [ file, ceph ]
gnocchi_backend_storage: "file"
# Valid options are [redis, '']
gnocchi_incoming_storage: "{{ 'redis' if enable_redis | bool else '' }}"
@ -1141,7 +1122,7 @@ cinder_target_helper: "{{ 'lioadm' if ansible_facts.os_family == 'RedHat' else '
# Valid options are [ '', redis, etcd ]
cinder_coordination_backend: "{{ 'redis' if enable_redis | bool else 'etcd' if enable_etcd | bool else '' }}"
# Valid options are [ nfs, swift, ceph, s3 ]
# Valid options are [ nfs, ceph, s3 ]
cinder_backup_driver: "ceph"
cinder_backup_share: ""
cinder_backup_mount_options_nfs: ""

16
ansible/inventory/all-in-one
View File

@ -94,9 +94,6 @@ control
[horizon:children]
control
[swift:children]
control
[barbican:children]
control
@ -306,19 +303,6 @@ network
[manila-data:children]
manila
# Swift
[swift-proxy-server:children]
swift
[swift-account-server:children]
storage
[swift-container-server:children]
storage
[swift-object-server:children]
storage
# Barbican
[barbican-api:children]
barbican

16
ansible/inventory/multinode
View File

@ -118,9 +118,6 @@ control
[horizon:children]
control
[swift:children]
control
[barbican:children]
control
@ -325,19 +322,6 @@ network
[manila-data:children]
manila
# Swift
[swift-proxy-server:children]
swift
[swift-account-server:children]
storage
[swift-container-server:children]
storage
[swift-object-server:children]
storage
# Barbican
[barbican-api:children]
barbican

8
ansible/library/kolla_container_facts.py
View File

@ -140,8 +140,8 @@ class ContainerFactsWorker():
def get_containers_state(self):
"""Handle when module is called with action get_containers_state"""
# NOTE(r-krcek): This function can be removed when bifrost and swift
# roles switch to modern format
# NOTE(r-krcek): This function can be removed when bifrost
# role switches to modern format
names = self.params.get('name')
self.result['states'] = dict()
@ -152,8 +152,8 @@ class ContainerFactsWorker():
def get_containers_env(self):
"""Handle when module is called with action get_containers_state"""
# NOTE(r-krcek): This function can be removed when bifrost and swift
# roles switch to modern format
# NOTE(r-krcek): This function can be removed when bifrost
# role switches to modern format
names = self.params.get('name')
self.result['envs'] = dict()

16
ansible/roles/ceilometer/tasks/register.yml
View File

@ -4,19 +4,3 @@
vars:
service_ks_register_auth: "{{ openstack_ceilometer_auth }}"
service_ks_register_users: "{{ ceilometer_ks_users }}"
- name: Associate the ResellerAdmin role and ceilometer user
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: openstack.cloud.role_assignment
module_args:
project: "service"
user: "{{ ceilometer_keystone_user }}"
role: "ResellerAdmin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ceilometer_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
when: enable_swift | bool
run_once: True

8
ansible/roles/cinder/templates/cinder.conf.j2
View File

@ -46,14 +46,6 @@ backup_mount_options = {{ cinder_backup_mount_options_nfs }}
backup_mount_point_base = /var/lib/cinder/backup
backup_share = {{ cinder_backup_share }}
backup_file_size = 327680000
{% elif enable_swift | bool and cinder_backup_driver == "swift" %}
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
backup_swift_url = {{ swift_internal_base_endpoint }}/v1/AUTH_
backup_swift_ca_cert_file = {{ openstack_cacert }}
backup_swift_auth = per_user
backup_swift_auth_version = 1
backup_swift_user =
backup_swift_key =
{% elif cinder_backup_driver == "s3" %}
backup_driver = cinder.backup.drivers.s3.S3BackupDriver
backup_s3_endpoint_url = {{ cinder_backup_s3_url }}

8
ansible/roles/common/defaults/main.yml
View File

@ -74,19 +74,11 @@ fluentd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_
fluentd_tag: "{{ common_tag }}"
fluentd_image_full: "{{ fluentd_image }}:{{ fluentd_tag }}"
syslog_swift_facility: "local0"
syslog_haproxy_facility: "local1"
syslog_glance_tls_proxy_facility: "local2"
syslog_neutron_tls_proxy_facility: "local4"
syslog_facilities:
- name: "swift"
enabled: "{{ enable_swift | bool and (inventory_hostname in groups['swift-proxy-server'] or inventory_hostname in groups['swift-account-server'] or inventory_hostname in groups['swift-container-server'] or inventory_hostname in groups['swift-object-server']) }}"
facility: "{{ syslog_swift_facility }}"
logdir: "swift"
logfile: "swift_latest"
output_tag: true
output_time: true
- name: "haproxy"
enabled: "{{ enable_haproxy | bool and inventory_hostname in groups['loadbalancer'] }}"
facility: "{{ syslog_haproxy_facility }}"

1
ansible/roles/common/tasks/config.yml
View File

@ -199,7 +199,6 @@
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" }
- { name: "redis", enabled: "{{ enable_redis | bool }}" }
- { name: "skyline", enabled: "{{ enable_skyline | bool }}" }
- { name: "swift", enabled: "{{ enable_swift | bool }}" }
- { name: "tacker", enabled: "{{ enable_tacker | bool }}" }
- { name: "trove", enabled: "{{ enable_trove | bool }}" }
- { name: "venus", enabled: "{{ enable_venus | bool }}" }

1
ansible/roles/destroy/tasks/cleanup_host.yml
View File

@ -4,7 +4,6 @@
script: ../tools/cleanup-host
environment:
enable_haproxy: "{{ enable_haproxy }}"
enable_swift: "{{ enable_swift }}"
glance_file_datadir_volume: "{{ glance_file_datadir_volume }}"
nova_instance_datadir_volume: "{{ nova_instance_datadir_volume }}"
gnocchi_metric_datadir_volume: "{{ gnocchi_metric_datadir_volume }}"

5
ansible/roles/glance/defaults/main.yml
View File

@ -237,9 +237,6 @@ glance_backends:
- name: cinder
type: cinder
enabled: "{{ enable_cinder | bool }}"
- name: swift
type: swift
enabled: "{{ glance_backend_swift | bool }}"
glance_ceph_backends:
- name: "rbd"
@ -250,7 +247,7 @@ glance_ceph_backends:
enabled: "{{ glance_backend_ceph | bool }}"
glance_store_backends: "{{ glance_backends | selectattr('enabled', 'equalto', true) | list + glance_ceph_backends | selectattr('enabled', 'equalto', true) | list }}"
glance_default_backend: "{% if glance_backend_vmware | bool %}vmware{% elif glance_backend_ceph | bool %}{{ glance_ceph_backends[0].name }}{% elif glance_backend_swift | bool %}swift{% elif glance_backend_s3 | bool %}s3{% else %}file{% endif %}"
glance_default_backend: "{% if glance_backend_vmware | bool %}vmware{% elif glance_backend_ceph | bool %}{{ glance_ceph_backends[0].name }}{% elif glance_backend_s3 | bool %}s3{% else %}file{% endif %}"
####################
# OpenStack

16
ansible/roles/glance/tasks/config.yml
View File

@ -87,22 +87,6 @@
- service | service_enabled_and_mapped_to_host
- enable_glance_image_cache | bool
- name: Copying over glance-swift.conf for glance_api
vars:
service: "{{ glance_services['glance-api'] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/glance-swift.conf.j2"
- "{{ node_custom_config }}/glance-swift.conf"
- "{{ node_custom_config }}/glance/glance-swift.conf"
- "{{ node_custom_config }}/glance/{{ inventory_hostname }}/glance-swift.conf"
dest: "{{ node_config_directory }}/glance-api/glance-swift.conf"
mode: "0660"
become: true
when:
- service | service_enabled_and_mapped_to_host
- glance_backend_swift | bool
- name: Copying over glance-image-import.conf
vars:
service: "{{ glance_services['glance-api'] }}"

12
ansible/roles/glance/templates/glance-api.conf.j2
View File

@ -74,18 +74,6 @@ rbd_store_ceph_conf = /etc/ceph/{{ backend.cluster }}.conf
{% endfor %}
{% endif %}
{% if glance_backend_swift | bool %}
[swift]
swift_store_container = glance
swift_store_multiple_containers_seed = 0
swift_store_multi_tenant = false
swift_store_create_container_on_put = true
swift_store_region = {{ openstack_region_name }}
default_swift_reference = swift
swift_store_config_file = /etc/glance/glance-swift.conf
swift_store_auth_insecure = true
{% endif %}
{% if glance_backend_s3 | bool %}
[s3]
s3_store_host = {{ glance_backend_s3_url }}

6
ansible/roles/glance/templates/glance-api.json.j2
View File

@ -18,12 +18,6 @@
"dest": "/etc/ceph",
"owner": "glance",
"perm": "0600"
}{% endif %}{% if glance_backend_swift | bool %},
{
"source": "{{ container_config_directory }}/glance-swift.conf",
"dest": "/etc/glance/glance-swift.conf",
"owner": "glance",
"perm": "0600"
}{% endif %}{% if enable_glance_image_cache | bool %},
{
"source": "{{ container_config_directory }}/glance-cache.conf",

8
ansible/roles/glance/templates/glance-swift.conf.j2
View File

@ -1,8 +0,0 @@
[swift]
auth_version = 3
auth_address = {{ openstack_auth.auth_url }}
user = service:{{ glance_keystone_user }}
key = {{ glance_keystone_password }}
project_domain_id = default
user_domain_id = default
cafile = {{ openstack_cacert }}

7
ansible/roles/gnocchi/defaults/main.yml
View File

@ -50,13 +50,6 @@ gnocchi_config_validation:
- generator: "/gnocchi/gnocchi/gnocchi-config-generator.conf"
config: "/etc/gnocchi/gnocchi.conf"
####################
# Swift
####################
swift_keystone_user: "swift"
swift_admin_tenant_name: "admin"
####################
# Database
####################

11
ansible/roles/gnocchi/templates/gnocchi.conf.j2
View File

@ -70,9 +70,6 @@ policy_file = {{ gnocchi_policy_file }}
driver = redis
redis_url = {{ redis_connection_string }}
{% endif %}
{% if gnocchi_backend_storage == 'swift' %}
swift_cacert = {{ openstack_cacert }}
{% endif %}
[storage]
{% if gnocchi_backend_storage == 'file' %}
@ -84,14 +81,6 @@ ceph_pool = {{ ceph_gnocchi_pool_name }}
ceph_username = {{ ceph_gnocchi_user }}
ceph_keyring = /etc/ceph/{{ ceph_cluster }}.client.{{ ceph_gnocchi_user }}.keyring
ceph_conffile = /etc/ceph/{{ ceph_cluster }}.conf
{% elif gnocchi_backend_storage == 'swift' %}
driver = swift
swift_authurl = {{ keystone_internal_url }}
swift_cacert = {{ openstack_cacert }}
swift_auth_version = 3
swift_user = service:{{ swift_keystone_user }}
swift_key = {{ swift_keystone_password }}
swift_project_name = {{ swift_admin_tenant_name }}
{% endif %}
{% if enable_grafana | bool %}

6
ansible/roles/horizon/templates/_9998-kolla-settings.py.j2
View File

@ -130,7 +130,6 @@ HORIZON_IMAGES_UPLOAD_MODE = 'direct'
OPENSTACK_ENDPOINT_TYPE = "internalURL"
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = "UTC"
POLICY_FILES_PATH = '/etc/openstack-dashboard'
@ -232,11 +231,6 @@ LOGGING = {
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',

14
ansible/roles/ironic/templates/ironic.conf.j2
View File

@ -153,20 +153,6 @@ valid_interfaces = internal
cafile = {{ openstack_cacert }}
{% endif %}
{% if enable_swift | bool %}
[swift]
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
region_name = {{ openstack_region_name }}
valid_interfaces = internal
cafile = {{ openstack_cacert }}
{% endif %}
[inspector]
{% if ironic_enable_keystone_integration | bool %}
auth_url = {{ keystone_internal_url }}

13
ansible/roles/loadbalancer/tasks/precheck.yml
View File

@ -686,19 +686,6 @@
- haproxy_stat.find('rabbitmq_management') == -1
- haproxy_vip_prechecks
- name: Checking free port for Swift Proxy Server HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
port: "{{ swift_proxy_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- enable_swift | bool
- inventory_hostname in groups['loadbalancer']
- haproxy_stat.find('swift_api') == -1
- haproxy_vip_prechecks
- name: Checking free port for Tacker Server HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"

7
ansible/roles/prometheus/defaults/main.yml
View File

@ -293,10 +293,6 @@ prometheus_blackbox_exporter_endpoints_default:
- "skyline_console:os_endpoint:{{ skyline_console_public_endpoint }}"
- "{{ ('skyline_console_internal:os_endpoint:' + skyline_console_internal_endpoint) if not kolla_same_external_internal_vip | bool }}"
enabled: "{{ enable_skyline | bool }}"
- endpoints:
- "swift:os_endpoint:{{ swift_public_base_endpoint }}"
- "{{ ('swift_internal:os_endpoint:' + swift_internal_base_endpoint) if not kolla_same_external_internal_vip | bool }}"
enabled: "{{ enable_swift | bool }}"
- endpoints:
- "tacker:os_endpoint:{{ tacker_public_endpoint }}"
- "{{ ('tacker_internal:os_endpoint:' + tacker_internal_endpoint) if not kolla_same_external_internal_vip | bool }}"
@ -477,9 +473,8 @@ prometheus_libvirt_exporter_extra_volumes: "{{ prometheus_extra_volumes }}"
prometheus_openstack_exporter_disabled_volume: "{{ '--disable-service.volume' if not enable_cinder | bool else '' }}"
prometheus_openstack_exporter_disabled_dns: "{{ '--disable-service.dns' if not enable_designate | bool else '' }}"
prometheus_openstack_exporter_disabled_object: "{{ '--disable-service.object-store' if not enable_swift | bool else '' }}"
prometheus_openstack_exporter_disabled_lb: "{{ '--disable-service.load-balancer --disable-metric=neutron-loadbalancers --disable-metric=neutron-loadbalancers_not_active' if not enable_octavia | bool else '' }}"
prometheus_openstack_exporter_disabled_items: "{{ [prometheus_openstack_exporter_disabled_volume, prometheus_openstack_exporter_disabled_dns, prometheus_openstack_exporter_disabled_object, prometheus_openstack_exporter_disabled_lb | trim] | join(' ') | trim }}"
prometheus_openstack_exporter_disabled_items: "{{ [prometheus_openstack_exporter_disabled_volume, prometheus_openstack_exporter_disabled_dns, prometheus_openstack_exporter_disabled_lb | trim] | join(' ') | trim }}"
prometheus_server_command: >-
/opt/prometheus/prometheus --web.config.file=/etc/prometheus/web.yml --config.file /etc/prometheus/prometheus.yml

12
ansible/roles/skyline/templates/nginx.conf.j2
View File

@ -288,17 +288,7 @@ http {
}
{% endif %}
{% if enable_swift | bool %}# Region: {{ openstack_region_name }}, Service: swift
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift {
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/;
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift/;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% elif enable_ceph_rgw | bool %}# Region: {{ openstack_region_name }}, Service: ceph_rgw
{% if enable_ceph_rgw | bool %}# Region: {{ openstack_region_name }}, Service: ceph_rgw
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift {
proxy_pass {{ internal_protocol }}://{{ ceph_rgw_internal_fqdn }}:{{ ceph_rgw_port }}/{{ 'swift' if not ceph_rgw_swift_compatibility | bool }};
proxy_redirect {{ internal_protocol }}://{{ ceph_rgw_internal_fqdn }}:{{ ceph_rgw_port }}/{{ 'swift' if not ceph_rgw_swift_compatibility | bool }} {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift/;

2
ansible/roles/skyline/templates/skyline.yaml.j2
View File

@ -74,7 +74,7 @@ openstack:
{% if enable_neutron | bool %}
network: neutron
{% endif %}
{% if enable_swift | bool or enable_ceph_rgw | bool or skyline_external_swift | bool %}
{% if enable_ceph_rgw | bool or skyline_external_swift | bool %}
object-store: swift
{% endif %}
{% if enable_heat | bool %}

110
ansible/roles/swift/defaults/main.yml
View File

@ -1,110 +0,0 @@
---
swift_services:
swift-proxy-server:
group: swift-proxy-server
enabled: true
haproxy:
swift_api:
enabled: "{{ enable_swift }}"
mode: "http"
external: false
port: "{{ swift_proxy_server_listen_port }}"
backend_http_extra:
- "option httpchk /info"
swift_api_external:
enabled: "{{ enable_swift }}"
mode: "http"
external: true
external_fqdn: "{{ swift_external_fqdn }}"
port: "{{ swift_proxy_server_listen_port }}"
backend_http_extra:
- "option httpchk /info"
####################
# Docker
####################
swift_tag: "{{ openstack_tag }}"
swift_proxy_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}swift-proxy-server"
swift_proxy_server_tag: "{{ swift_tag }}"
swift_proxy_server_image_full: "{{ swift_proxy_server_image }}:{{ swift_proxy_server_tag }}"
swift_account_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}swift-account"
swift_account_tag: "{{ swift_tag }}"
swift_account_image_full: "{{ swift_account_image }}:{{ swift_account_tag }}"
swift_container_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}swift-container"
swift_container_tag: "{{ swift_tag }}"
swift_container_image_full: "{{ swift_container_image }}:{{ swift_container_tag }}"
swift_object_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}swift-object"
swift_object_tag: "{{ swift_tag }}"
swift_object_image_full: "{{ swift_object_image }}:{{ swift_object_tag }}"
swift_object_expirer_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}swift-object-expirer"
swift_object_expirer_tag: "{{ swift_tag }}"
swift_object_expirer_image_full: "{{ swift_object_expirer_image }}:{{ swift_object_expirer_tag }}"
swift_rsyncd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}swift-rsyncd"
swift_rsyncd_tag: "{{ swift_tag }}"
swift_rsyncd_image_full: "{{ swift_rsyncd_image }}:{{ swift_rsyncd_tag }}"
swift_log_level: "{{ 'DEBUG' if openstack_logging_debug | bool else 'INFO' }}"
####################
# OpenStack
####################
swift_internal_endpoint: "{{ swift_internal_base_endpoint }}/v1/AUTH_%(tenant_id)s"
swift_public_endpoint: "{{ swift_public_base_endpoint }}/v1/AUTH_%(tenant_id)s"
swift_logging_debug: "{{ openstack_logging_debug }}"
swift_keystone_user: "swift"
swift_admin_tenant_name: "admin"
swift_devices_mount_point: "/srv/node"
swift_devices_match_mode: "strict"
swift_devices_name: "KOLLA_SWIFT_DATA"
# For S3 API we need to defer the auth decision to allow s3api and s3token
# middlewares to process requests using EC2 credentials.
swift_delay_auth_decision: "{{ enable_swift_s3api | bool }}"
# Boolean, true if there is a dedicated replication network.
swift_has_replication_network: "{{ swift_storage_interface != swift_replication_interface }}"
openstack_swift_auth: "{{ openstack_auth }}"
syslog_server: "{{ api_interface_address }}"
syslog_swift_facility: "local0"
swift_enable_rolling_upgrade: "yes"
swift_extra_ring_files: []
swift_account_workers: "{{ openstack_service_workers }}"
swift_container_workers: "{{ openstack_service_workers }}"
swift_object_workers: "{{ openstack_service_workers }}"
swift_proxy_server_workers: "{{ openstack_service_workers }}"
####################
# Keystone
####################
swift_ks_services:
- name: "swift"
type: "object-store"
description: "Openstack Object Storage"
endpoints:
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
swift_ks_users:
- project: "service"
user: "{{ swift_keystone_user }}"
password: "{{ swift_keystone_password }}"
role: "admin"
# FIXME(yoctozepto): These are copied from service-images-pull role.
# Remove when the Swift role is finally migrated to new style.
service_images_pull_retries: 3
service_images_pull_delay: 5

4
ansible/roles/swift/handlers/main.yml
View File

@ -1,4 +0,0 @@
---
- name: Restart swift-proxy-server container
debug:
msg: "Noop. No need to restart the swift-proxy-server container"

1
ansible/roles/swift/tasks/check.yml
View File

@ -1 +0,0 @@
---

230
ansible/roles/swift/tasks/config.yml
View File

@ -1,230 +0,0 @@
---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
with_items:
- "swift"
- "swift-account-auditor"
- "swift-account-reaper"
- "swift-account-replication-server"
- "swift-account-replicator"
- "swift-account-server"
- "swift-container-auditor"
- "swift-container-replication-server"
- "swift-container-replicator"
- "swift-container-server"
- "swift-container-updater"
- "swift-object-auditor"
- "swift-object-expirer"
- "swift-object-replication-server"
- "swift-object-replicator"
- "swift-object-server"
- "swift-object-updater"
- "swift-proxy-server"
- "swift-rsyncd"
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
mode: "0660"
become: true
with_items:
- "swift-account-auditor"
- "swift-account-reaper"
- "swift-account-replication-server"
- "swift-account-replicator"
- "swift-account-server"
- "swift-container-auditor"
- "swift-container-replication-server"
- "swift-container-replicator"
- "swift-container-server"
- "swift-container-updater"
- "swift-object-auditor"
- "swift-object-expirer"
- "swift-object-replication-server"
- "swift-object-replicator"
- "swift-object-server"
- "swift-object-updater"
- "swift-proxy-server"
- "swift-rsyncd"
- name: Copying over swift.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/swift.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift.conf"
- "{{ node_custom_config }}/swift/{{ item }}/swift.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}/swift.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/swift.conf"
mode: "0660"
become: true
with_items:
- "account-auditor"
- "account-reaper"
- "account-replication-server"
- "account-replicator"
- "account-server"
- "container-auditor"
- "container-replication-server"
- "container-replicator"
- "container-server"
- "container-updater"
- "object-auditor"
- "object-expirer"
- "object-replication-server"
- "object-replicator"
- "object-server"
- "object-updater"
- "proxy-server"
- name: Copying over account-*.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/account.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/account.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
when: inventory_hostname in groups['swift-account-server']
with_items:
- "account-auditor"
- "account-reaper"
- "account-replication-server"
- "account-replicator"
- "account-server"
- name: Copying over container-*.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/container.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/container.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
when: inventory_hostname in groups['swift-container-server']
with_items:
- "container-auditor"
- "container-replication-server"
- "container-replicator"
- "container-server"
- "container-updater"
- name: Copying over object-*.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/object.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/object.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
when: inventory_hostname in groups['swift-object-server']
with_items:
- "object-auditor"
- "object-expirer"
- "object-replication-server"
- "object-replicator"
- "object-server"
- "object-updater"
- name: Copying over proxy-server.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/proxy-server.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
when: inventory_hostname in groups['swift-proxy-server']
with_items:
- "proxy-server"
- name: Copying over rsyncd.conf
template:
src: "rsyncd.conf.j2"
dest: "{{ node_config_directory }}/swift-rsyncd/rsyncd.conf"
mode: "0660"
become: true
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
- name: Copying over Swift ring files
copy:
src: "{{ node_custom_config }}/swift/{{ item }}"
dest: "{{ node_config_directory }}/swift/{{ item }}"
backup: yes
mode: "0660"
become: true
with_items:
- "account.builder"
- "account.ring.gz"
- "container.builder"
- "container.ring.gz"
- "object.builder"
- "object.ring.gz"
- "{{ swift_extra_ring_files }}"
- name: Check if policies shall be overwritten
stat:
path: "{{ node_custom_config }}/swift/policy.json"
delegate_to: localhost
run_once: True
register: swift_policy
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/swift/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
mode: "0660"
with_items:
- "swift-account-auditor"
- "swift-account-reaper"
- "swift-account-replication-server"
- "swift-account-replicator"
- "swift-account-server"
- "swift-container-auditor"
- "swift-container-replication-server"
- "swift-container-replicator"
- "swift-container-server"
- "swift-container-updater"
- "swift-object-auditor"
- "swift-object-expirer"
- "swift-object-replication-server"
- "swift-object-replicator"
- "swift-object-server"
- "swift-object-updater"
- "swift-proxy-server"
when:
swift_policy.stat.exists

1
ansible/roles/swift/tasks/config_validate.yml
View File

@ -1 +0,0 @@
---

6
ansible/roles/swift/tasks/copy-certs.yml
View File

@ -1,6 +0,0 @@
---
- name: "Copy certificates and keys for {{ project_name }}"
import_role:
role: service-cert-copy
vars:
project_services: "{{ swift_services }}"

2
ansible/roles/swift/tasks/deploy-containers.yml
View File

@ -1,2 +0,0 @@
---
- import_tasks: start.yml

10
ansible/roles/swift/tasks/deploy.yml
View File

@ -1,10 +0,0 @@
---
- import_tasks: register.yml
- import_tasks: config.yml
- import_tasks: start.yml
vars:
run_start_swift_proxy_server: "yes"
- import_tasks: check.yml

35
ansible/roles/swift/tasks/legacy_upgrade.yml
View File

@ -1,35 +0,0 @@
---
- import_tasks: config.yml
# NOTE(pbourke): because the images that are used to start Swift containers
# were refactored for Mitaka, we need to completely remove the existing
# containers or we get a conflict when attempting to start the new ones.
- name: "Cleaning out old Swift containers"
become: true
kolla_container:
common_options: "{{ docker_common_options }}"
name: "{{ item }}"
action: "stop_container"
with_items:
- "swift_rsyncd"
- "swift_account_server"
- "swift_account_auditor"
- "swift_account_replication_server"
- "swift_account_replicator"
- "swift_account_reaper"
- "swift_container_server"
- "swift_container_auditor"
- "swift_container_replication_server"
- "swift_container_replicator"
- "swift_container_updater"
- "swift_object_server"
- "swift_object_auditor"
- "swift_object_replication_server"
- "swift_object_replicator"
- "swift_object_updater"
- "swift_object_expirer"
- "swift_proxy_server"
- import_tasks: start.yml
vars:
run_start_swift_proxy_server: "yes"

7
ansible/roles/swift/tasks/loadbalancer.yml
View File

@ -1,7 +0,0 @@
---
- name: "Configure loadbalancer for {{ project_name }}"
import_role:
name: loadbalancer-config
vars:
project_services: "{{ swift_services }}"
tags: always

2
ansible/roles/swift/tasks/main.yml
View File

@ -1,2 +0,0 @@
---
- include_tasks: "{{ kolla_action }}.yml"

132
ansible/roles/swift/tasks/precheck.yml
View File

@ -1,132 +0,0 @@
---
- import_role:
name: service-precheck
vars:
service_precheck_services: "{{ swift_services }}"
service_name: "{{ project_name }}"
- name: Get container facts
become: true
kolla_container_facts:
action: get_containers
container_engine: "{{ kolla_container_engine }}"
name:
- swift_account_server
- swift_container_server
- swift_object_server
- swift_proxy_server
check_mode: false
register: container_facts
- name: Checking free port for Swift Account Server
wait_for:
host: "{{ 'swift_storage' | kolla_address }}"
port: "{{ swift_account_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_account_server'] is not defined
- inventory_hostname in groups['swift-account-server']
- name: Checking free port for Swift Container Server
wait_for:
host: "{{ 'swift_storage' | kolla_address }}"
port: "{{ swift_container_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_container_server'] is not defined
- inventory_hostname in groups['swift-container-server']
- name: Checking free port for Swift Object Server
wait_for:
host: "{{ 'swift_storage' | kolla_address }}"
port: "{{ swift_object_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_object_server'] is not defined
- inventory_hostname in groups['swift-object-server']
- name: Checking free port for Swift Account Replication Server
wait_for:
host: "{{ 'swift_replication' | kolla_address }}"
port: "{{ swift_account_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_account_server'] is not defined
- inventory_hostname in groups['swift-account-server']
- name: Checking free port for Swift Container Replication Server
wait_for:
host: "{{ 'swift_replication' | kolla_address }}"
port: "{{ swift_container_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_container_server'] is not defined
- inventory_hostname in groups['swift-container-server']
- name: Checking free port for Swift Object Replication Server
wait_for:
host: "{{ 'swift_replication' | kolla_address }}"
port: "{{ swift_object_server_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_object_server'] is not defined
- inventory_hostname in groups['swift-object-server']
- name: Checking free port for Rsync
wait_for:
host: "{{ 'swift_replication' | kolla_address }}"
port: "873"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_object_server'] is not defined
- inventory_hostname in groups['swift-object-server']
- name: Checking free port for Swift Proxy Server
wait_for:
host: "{{ api_interface_address }}"
port: "{{ swift_proxy_server_listen_port }}"
connect_timeout: 1
timeout: 1
state: stopped
when:
- container_facts.containers['swift_proxy_server'] is not defined
- inventory_hostname in groups['swift-proxy-server']
- name: Checking Swift ring files
run_once: True
stat:
path: "{{ node_custom_config }}/swift/{{ item }}"
delegate_to: localhost
register: swift_ring_files
with_items:
- "account.builder"
- "account.ring.gz"
- "container.builder"
- "container.ring.gz"
- "object.builder"
- "object.ring.gz"
- "{{ swift_extra_ring_files }}"
- name: Fail if ring files don't exist
run_once: True
fail:
msg: >-
Swift ring files do not exist.
Ensure .builder and .gz are available for each of account/container/object under {{ node_custom_config }}/swift before deploying Swift.
with_items: '{{ swift_ring_files.results }}'
when:
- not item.stat.exists

74
ansible/roles/swift/tasks/pull.yml
View File

@ -1,74 +0,0 @@
---
- name: Pulling rsyncd image
become: true
kolla_container:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ swift_rsyncd_image_full }}"
retries: "{{ service_images_pull_retries }}"
delay: "{{ service_images_pull_delay }}"
register: result
until: result is success
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
- name: Pulling swift-proxy-server image
become: true
kolla_container:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ swift_proxy_server_image_full }}"
retries: "{{ service_images_pull_retries }}"
delay: "{{ service_images_pull_delay }}"
register: result
until: result is success
when: inventory_hostname in groups['swift-proxy-server']
- name: Pulling swift-account image
become: true
kolla_container:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ swift_account_image_full }}"
retries: "{{ service_images_pull_retries }}"
delay: "{{ service_images_pull_delay }}"
register: result
until: result is success
when: inventory_hostname in groups['swift-account-server']
- name: Pulling swift-container image
become: true
kolla_container:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ swift_container_image_full }}"
retries: "{{ service_images_pull_retries }}"
delay: "{{ service_images_pull_delay }}"
register: result
until: result is success
when: inventory_hostname in groups['swift-container-server']
- name: Pulling swift-object image
become: true
kolla_container:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ swift_object_image_full }}"
retries: "{{ service_images_pull_retries }}"
delay: "{{ service_images_pull_delay }}"
register: result
until: result is success
when: inventory_hostname in groups['swift-object-server']
- name: Pulling swift-object-expirer image
become: true
kolla_container:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ swift_object_expirer_image_full }}"
retries: "{{ service_images_pull_retries }}"
delay: "{{ service_images_pull_delay }}"
register: result
until: result is success
when: inventory_hostname in groups['swift-object-server']

111
ansible/roles/swift/tasks/reconfigure.yml
View File

@ -1,111 +0,0 @@
---
- name: Prepare Swift containers list
set_fact:
swift_containers:
- { name: swift_account_server, group: swift-account-server }
- { name: swift_account_auditor, group: swift-account-server }
- { name: swift_account_replicator, group: swift-account-server }
- { name: swift_account_reaper, group: swift-account-server }
- { name: swift_rsyncd, group: swift-account-server }
- { name: swift_container_server, group: swift-container-server }
- { name: swift_container_auditor, group: swift-container-server }
- { name: swift_container_replicator, group: swift-container-server }
- { name: swift_container_updater, group: swift-container-server }
- { name: swift_rsyncd, group: swift-container-server }
- { name: swift_object_server, group: swift-object-server }
- { name: swift_object_auditor, group: swift-object-server }
- { name: swift_object_replicator, group: swift-object-server }
- { name: swift_object_updater, group: swift-object-server }
- { name: swift_object_expirer, group: swift-object-server }
- { name: swift_rsyncd, group: swift-object-server }
- { name: swift_proxy_server, group: swift-proxy-server }
swift_replication_server_containers:
- { name: swift_account_replication_server, group: swift-account-server }
- { name: swift_container_replication_server, group: swift-container-server }
- { name: swift_object_replication_server, group: swift-object-server }
- name: Add _replication_server containers to the list
set_fact:
swift_containers: "{{ swift_containers + swift_replication_server_containers }}"
when: swift_has_replication_network
- name: Ensuring the containers up
become: true
kolla_container_facts:
name: "{{ item.name }}"
action: "get_containers_state"
container_engine: "{{ kolla_container_engine }}"
register: container_state
failed_when: container_state.states[item.name] != "running"
when: inventory_hostname in groups[item.group]
with_items:
- "{{ swift_containers }}"
- import_tasks: config.yml
- name: Check the configs
become: true
command: "{{ kolla_container_engine }} exec -u root {{ item.name }} /usr/local/bin/kolla_set_configs --check"
changed_when: false
failed_when: false
register: check_results
when: inventory_hostname in groups[item.group]
with_items:
- "{{ swift_containers }}"
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
# just remove the container and start again
- name: Containers config strategy
become: true
kolla_container_facts:
name: "{{ item.name }}"
action: "get_containers_env"
container_engine: "{{ kolla_container_engine }}"
register: container_envs
when: inventory_hostname in groups[item.group]
with_items:
- "{{ swift_containers }}"
- name: Remove the containers
become: true
vars:
container_name: "{{ item[0]['name'] }}"
container_config_strategy: "{{ item[1].envs[container_name] }}"
kolla_container:
common_options: "{{ docker_common_options }}"
name: "{{ container_name }}"
action: "remove_container"
register: remove_containers
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == "COPY_ONCE" or container_config_strategy == 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- "{{ swift_containers }}"
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include_tasks: start.yml
vars:
run_start_swift_proxy_server: "yes"
when: remove_containers.changed
- name: Restart containers
become: true
vars:
container_name: "{{ item[0]['name'] }}"
container_config_strategy: "{{ item[1].envs[container_name] }}"
kolla_container:
common_options: "{{ docker_common_options }}"
name: "{{ container_name }}"
action: "restart_container"
when:
- inventory_hostname in groups[item[0]['group']]
- config_strategy == 'COPY_ALWAYS'
- container_config_strategy != 'COPY_ONCE'
- item[2]['rc'] == 1
with_together:
- "{{ swift_containers }}"
- "{{ container_envs.results }}"
- "{{ check_results.results }}"

20
ansible/roles/swift/tasks/register.yml
View File

@ -1,20 +0,0 @@
---
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_swift_auth }}"
service_ks_register_services: "{{ swift_ks_services }}"
service_ks_register_users: "{{ swift_ks_users }}"
- name: Creating the ResellerAdmin role
become: true
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: openstack.cloud.identity_role
module_args:
name: "ResellerAdmin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_swift_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True

68
ansible/roles/swift/tasks/rolling_upgrade.yml
View File

@ -1,68 +0,0 @@
---
- name: Prepare Swift containers list
set_fact:
swift_containers:
- { name: swift_account_server, group: swift-account-server }
- { name: swift_account_auditor, group: swift-account-server }
- { name: swift_account_replicator, group: swift-account-server }
- { name: swift_account_reaper, group: swift-account-server }
- { name: swift_rsyncd, group: swift-account-server }
- { name: swift_container_server, group: swift-container-server }
- { name: swift_container_auditor, group: swift-container-server }
- { name: swift_container_replicator, group: swift-container-server }
- { name: swift_container_updater, group: swift-container-server }
- { name: swift_rsyncd, group: swift-container-server }
- { name: swift_object_server, group: swift-object-server }
- { name: swift_object_auditor, group: swift-object-server }
- { name: swift_object_replicator, group: swift-object-server }
- { name: swift_object_updater, group: swift-object-server }
- { name: swift_object_expirer, group: swift-object-server }
- { name: swift_rsyncd, group: swift-object-server }
# Upgrade swift storage nodes first
- include_tasks: config.yml
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
# TODO(donghm): Below tasks should be run in serial nodes to
# decrease downtime. Update once the module ansible strategy for
# rolling upgrade will be finished.
- name: Gracefully shutdown swift services in storage nodes
become: true
kolla_container:
common_options: "{{ docker_common_options }}"
action: "stop_container"
name: "{{ item.name }}"
when: inventory_hostname in groups[item.group]
with_items:
- "{{ swift_containers }}"
- import_tasks: start.yml
vars:
run_start_swift_proxy_server: "no"
# Upgrade swift proxy nodes
- include_tasks: config.yml
when: inventory_hostname in groups['swift-proxy-server']
- name: Gracefully shutdown swift proxy services in proxy nodes
become: true
kolla_container:
common_options: "{{ docker_common_options }}"
action: "stop_container"
name: "swift_proxy_server"
when: inventory_hostname in groups['swift-proxy-server']
- name: Start new swift proxy server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_proxy_server_image_full }}"
name: "swift_proxy_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-proxy-server/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
when: inventory_hostname in groups['swift-proxy-server']

317
ansible/roles/swift/tasks/start.yml
View File

@ -1,317 +0,0 @@
---
- name: Looking up disks for Swift
become: true
command: "{{ kolla_container_engine }} exec -t kolla_toolbox sudo -E ansible localhost
-m find_disks
-a \"name={{ swift_devices_name }}
match_mode={{ swift_devices_match_mode }}\""
register: swift_disk_lookup
changed_when: swift_disk_lookup.stdout.find('localhost | SUCCESS => ') != -1 and
(swift_disk_lookup.stdout.split('localhost | SUCCESS => ')[1] | from_json).changed
failed_when: swift_disk_lookup.stdout.split()[2] != 'SUCCESS'
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
- name: Reading data from variable
set_fact:
swift_disks: "{{ (swift_disk_lookup.stdout.split('localhost | SUCCESS => ')[1] | from_json).disks | from_json }}"
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
- name: Mounting Swift disks
become: true
mount:
src: "UUID={{ item.fs_uuid }}"
fstype: xfs
opts: "noatime,nodiratime,logbufs=8"
state: mounted
name: "{{ swift_devices_mount_point }}/{{ item['fs_label'] }}"
with_items: "{{ swift_disks }}"
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
- name: Starting swift-rsyncd container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_rsyncd_image_full }}"
name: "swift_rsyncd"
volumes:
- "{{ node_config_directory }}/swift-rsyncd/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
when: inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']
- name: Starting swift-account-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
name: "swift_account_server"
image: "{{ swift_account_image_full }}"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-account-server/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-account-server']
- name: Starting swift-account-auditor container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_account_image_full }}"
name: "swift_account_auditor"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-account-auditor/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-account-server']
- name: Starting swift-account-replication-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
environment:
RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
image: "{{ swift_account_image_full }}"
name: "swift_account_replication_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-account-replication-server/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
when:
- inventory_hostname in groups['swift-account-server']
- swift_has_replication_network
- name: Starting swift-account-replicator container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
environment:
RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
image: "{{ swift_account_image_full }}"
name: "swift_account_replicator"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-account-replicator/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-account-server']
- name: Starting swift-account-reaper container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_account_image_full }}"
name: "swift_account_reaper"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-account-reaper/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
when: inventory_hostname in groups['swift-account-server']
- name: Starting swift-container-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_container_image_full }}"
name: "swift_container_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-container-server/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-container-server']
- name: Starting swift-container-auditor container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_container_image_full }}"
name: "swift_container_auditor"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-container-auditor/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-container-server']
- name: Starting swift-container-replication-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
environment:
RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
image: "{{ swift_container_image_full }}"
name: "swift_container_replication_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-container-replication-server/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
when:
- inventory_hostname in groups['swift-container-server']
- swift_has_replication_network
- name: Starting swift-container-replicator container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
environment:
RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
image: "{{ swift_container_image_full }}"
name: "swift_container_replicator"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-container-replicator/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-container-server']
- name: Starting swift-container-updater container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_container_image_full }}"
name: "swift_container_updater"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-container-updater/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-container-server']
- name: Starting swift-object-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_object_image_full }}"
name: "swift_object_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-object-server/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift:ro"
when: inventory_hostname in groups['swift-object-server']
- name: Starting swift-object-auditor container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_object_image_full }}"
name: "swift_object_auditor"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-object-auditor/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-object-server']
- name: Starting swift-object-replication-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
environment:
RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
image: "{{ swift_object_image_full }}"
name: "swift_object_replication_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-object-replication-server/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
when:
- inventory_hostname in groups['swift-object-server']
- swift_has_replication_network
- name: Starting swift-object-replicator container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
environment:
RSYNC_CONNECT_PROG: "nc %H {{ swift_rsync_port }}"
image: "{{ swift_object_image_full }}"
name: "swift_object_replicator"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-object-replicator/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-object-server']
- name: Starting swift-object-updater container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_object_image_full }}"
name: "swift_object_updater"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-object-updater/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-object-server']
- name: Starting swift-object-expirer container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_object_expirer_image_full }}"
name: "swift_object_expirer"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-object-expirer/:{{ container_config_directory }}/:ro"
- "{{ swift_devices_mount_point }}:{{ swift_devices_mount_point }}:shared"
- "/etc/localtime:/etc/localtime:ro"
- "swift_recon_cache:/var/cache/swift"
when: inventory_hostname in groups['swift-object-server']
- name: Starting swift-proxy-server container
become: true
kolla_container:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ swift_proxy_server_image_full }}"
name: "swift_proxy_server"
volumes:
- "{{ node_config_directory }}/swift/:/var/lib/kolla/swift/:ro"
- "{{ node_config_directory }}/swift-proxy-server/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
when: inventory_hostname in groups['swift-proxy-server'] and
run_start_swift_proxy_server | bool

151
ansible/roles/swift/tasks/stop.yml
View File

@ -1,151 +0,0 @@
---
- name: Stopping swift-rsyncd container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_rsyncd"
when: (inventory_hostname in groups['swift-account-server'] or
inventory_hostname in groups['swift-container-server'] or
inventory_hostname in groups['swift-object-server']) and
'swift_rsyncd' not in skip_stop_containers
- name: Stopping swift-account-server container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_account_server"
when:
- inventory_hostname in groups['swift-account-server']
- "'swift_account_server' not in skip_stop_containers"
- name: Stopping swift-account-auditor container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_account_auditor"
when:
- inventory_hostname in groups['swift-account-server']
- "'swift_object_auditor' not in skip_stop_containers"
- name: Stopping swift-account-replicator container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_account_replicator"
when:
- inventory_hostname in groups['swift-account-server']
- "'swift_account_replicator' not in skip_stop_containers"
- name: Stopping swift-account-reaper container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_account_reaper"
when:
- inventory_hostname in groups['swift-account-server']
- "'swift_account_reaper' not in skip_stop_containers"
- name: Stopping swift-container-server container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_container_server"
when:
- inventory_hostname in groups['swift-container-server']
- "'swift_container_server' not in skip_stop_containers"
- name: Stopping swift-container-auditor container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_container_auditor"
when:
- inventory_hostname in groups['swift-container-server']
- "'swift_container_auditor' not in skip_stop_containers"
- name: Stopping swift-container-replicator container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_container_replicator"
when:
- inventory_hostname in groups['swift-container-server']
- "'swift_container_replicator' not in skip_stop_containers"
- name: Stopping swift-container-updater container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_container_updater"
when:
- inventory_hostname in groups['swift-container-server']
- "'swift_container_updater' not in skip_stop_containers"
- name: Stopping swift-object-server container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_object_server"
when:
- inventory_hostname in groups['swift-object-server']
- "'swift_object_server' not in skip_stop_containers"
- name: Stopping swift-object-auditor container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_object_auditor"
when:
- inventory_hostname in groups['swift-object-server']
- "'swift_object_auditor' not in skip_stop_containers"
- name: Stopping swift-object-replicator container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_object_replicator"
when:
- inventory_hostname in groups['swift-object-server']
- "'swift_object_replicator' not in skip_stop_containers"
- name: Stopping swift-object-updater container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_object_updater"
when:
- inventory_hostname in groups['swift-object-server']
- "'swift_object_updater' not in skip_stop_containers"
- name: Stopping swift-object-expirer container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_object_expirer"
when:
- inventory_hostname in groups['swift-object-server']
- "'swift_object_expirer' not in skip_stop_containers"
- name: Stopping swift-proxy-server container
become: true
kolla_container:
action: "stop_container"
common_options: "{{ docker_common_options }}"
name: "swift_proxy_server"
when:
- inventory_hostname in groups['swift-proxy-server']
- "'swift_proxy_server' not in skip_stop_containers"

6
ansible/roles/swift/tasks/upgrade.yml
View File

@ -1,6 +0,0 @@
---
- include_tasks: rolling_upgrade.yml
when: swift_enable_rolling_upgrade | bool
- include_tasks: legacy_upgrade.yml
when: not swift_enable_rolling_upgrade | bool

40
ansible/roles/swift/templates/account.conf.j2
View File

@ -1,40 +0,0 @@
{% set network = 'swift_replication' if 'replicat' in service_name else 'swift_storage' %}
[DEFAULT]
bind_ip = {{ network | kolla_address }}
bind_port = {{ swift_account_server_port }}
devices = {{ swift_devices_mount_point }}
mount_check = false
log_udp_host = {{ syslog_server }}
log_udp_port = {{ syslog_udp_port }}
log_name = {{ service_name }}
log_facility = {{ syslog_swift_facility }}
log_level = {{ swift_log_level }}
workers = {{ swift_account_workers }}
[pipeline:main]
pipeline = {% if enable_swift_recon %}recon {% endif %}account-server
{% if enable_swift_recon %}
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
{% endif %}
[app:account-server]
use = egg:swift#account
{% if swift_has_replication_network %}
replication_server = {{ service_name == 'swift-account-replication-server' }}
{% endif %}
{% if service_name == 'swift-account-auditor' %}
[account-auditor]
{% endif %}
{% if service_name == 'swift-account-replicator' %}
[account-replicator]
rsync_module = {replication_ip}::account
{% endif %}
{% if service_name == 'swift-account-reaper' %}
[account-reaper]
{% endif %}

41
ansible/roles/swift/templates/container.conf.j2
View File

@ -1,41 +0,0 @@
{% set network = 'swift_replication' if 'replicat' in service_name else 'swift_storage' %}
[DEFAULT]
bind_ip = {{ network | kolla_address }}
bind_port = {{ swift_container_server_port }}
devices = {{ swift_devices_mount_point }}
mount_check = false
log_udp_host = {{ syslog_server }}
log_udp_port = {{ syslog_udp_port }}
log_name = {{ service_name }}
log_facility = {{ syslog_swift_facility }}
log_level = {{ swift_log_level }}
workers = {{ swift_container_workers }}
[pipeline:main]
pipeline = {% if enable_swift_recon %}recon {% endif %}container-server
{% if enable_swift_recon %}
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
{% endif %}
[app:container-server]
use = egg:swift#container
allow_versions = true
{% if swift_has_replication_network %}
replication_server = {{ service_name == 'swift-container-replication-server' }}
{% endif %}
{% if service_name == 'swift-container-auditor' %}
[container-auditor]
{% endif %}
{% if service_name == 'swift-container-replicator' %}
[container-replicator]
rsync_module = {replication_ip}::container
{% endif %}
{% if service_name == 'swift-container-updater' %}
[container-updater]
{% endif %}

52
ansible/roles/swift/templates/object.conf.j2
View File

@ -1,52 +0,0 @@
{% set network = 'swift_replication' if 'replicat' in service_name else 'swift_storage' %}
[DEFAULT]
bind_ip = {{ network | kolla_address }}
bind_port = {{ swift_object_server_port }}
devices = {{ swift_devices_mount_point }}
mount_check = false
log_udp_host = {{ syslog_server }}
log_udp_port = {{ syslog_udp_port }}
log_name = {{ service_name }}
log_facility = {{ syslog_swift_facility }}
log_level = {{ swift_log_level }}
workers = {{ swift_object_workers }}
[pipeline:main]
{% if service_name == 'swift-object-expirer' %}
pipeline = proxy-server
{% else %}
pipeline = {% if enable_swift_recon %}recon {% endif %}object-server
{% endif %}
{% if enable_swift_recon %}
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
{% endif %}
[app:object-server]
use = egg:swift#object
{% if swift_has_replication_network %}
replication_server = {{ service_name == 'swift-object-replication-server' }}
{% endif %}
{% if service_name == 'swift-object-auditor' %}
[object-auditor]
{% endif %}
[object-replicator]
{% if service_name == 'swift-object-replicator' %}
rsync_module = {replication_ip}::object
{% endif %}
{% if service_name == 'swift-object-updater' %}
[object-updater]
{% endif %}
{% if service_name == 'swift-object-expirer' %}
[object-expirer]
[app:proxy-server]
use = egg:swift#proxy
{% endif %}

103
ansible/roles/swift/templates/proxy-server.conf.j2
View File

@ -1,103 +0,0 @@
[DEFAULT]
bind_ip = {{ api_interface_address }}
bind_port = {{ swift_proxy_server_listen_port }}
log_udp_host = {{ syslog_server }}
log_udp_port = {{ syslog_udp_port }}
log_name = {{ service_name }}
log_facility = {{ syslog_swift_facility }}
log_level = {{ swift_log_level }}
workers = {{ swift_proxy_server_workers }}
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk tempurl ratelimit authtoken {% if enable_swift_s3api | bool %}s3api s3token {% endif %}keystoneauth container_quotas account_quotas slo dlo {% if enable_ceilometer | bool %}ceilometer {% endif %}proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:tempurl]
use = egg:swift#tempurl
[filter:cache]
use = egg:swift#memcache
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ swift_keystone_user }}
password = {{ swift_keystone_password }}
delay_auth_decision = {{ swift_delay_auth_decision }}
cafile = {{ openstack_cacert }}
memcache_security_strategy = {{ memcache_security_strategy }}
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,{{ keystone_default_user_role }},ResellerAdmin
{% if enable_ceilometer | bool %}
[filter:ceilometer]
paste.filter_factory = ceilometermiddleware.swift:filter_factory
control_exchange = swift
url = {{ notify_transport_url }}
driver = messagingv2
topic = notifications
log_level = WARN
{% endif %}
[filter:container_sync]
use = egg:swift#container_sync
[filter:bulk]
use = egg:swift#bulk
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:account_quotas]
use = egg:swift#account_quotas
[filter:container_quotas]
use = egg:swift#container_quotas
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:versioned_writes]
use = egg:swift#versioned_writes
allow_versioned_writes = true
{% if enable_swift_s3api | bool %}
[filter:s3api]
use = egg:swift#s3api
[filter:s3token]
use = egg:swift#s3token
auth_uri = {{ keystone_internal_url }}/v3
{% endif %}

28
ansible/roles/swift/templates/rsyncd.conf.j2
View File

@ -1,28 +0,0 @@
address = {{ 'swift_replication' | kolla_address }}
{% if inventory_hostname in groups['swift-account-server'] %}
[account]
max connections = 2
path = {{ swift_devices_mount_point }}
read only = false
use chroot = no
lock file = /var/lib/swift/lock/account.lock
{% endif %}
{% if inventory_hostname in groups['swift-container-server'] %}
[container]
max connections = 4
path = {{ swift_devices_mount_point }}
read only = false
use chroot = no
lock file = /var/lib/swift/lock/container.lock
{% endif %}
{% if inventory_hostname in groups['swift-object-server'] %}
[object]
max connections = 8
path = {{ swift_devices_mount_point }}
read only = false
use chroot = no
lock file = /var/lib/swift/lock/object.lock
{% endif %}

36
ansible/roles/swift/templates/swift-account-auditor.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-account-auditor /etc/swift/account-auditor.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/account-auditor.conf",
"dest": "/etc/swift/account-auditor.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-account-reaper.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-account-reaper /etc/swift/account-reaper.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/account-reaper.conf",
"dest": "/etc/swift/account-reaper.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-account-replication-server.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-account-server /etc/swift/account-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/account-replication-server.conf",
"dest": "/etc/swift/account-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-account-replicator.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-account-replicator /etc/swift/account-replicator.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/account-replicator.conf",
"dest": "/etc/swift/account-replicator.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-account-server.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-account-server /etc/swift/account-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/account-server.conf",
"dest": "/etc/swift/account-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-container-auditor.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-container-auditor /etc/swift/container-auditor.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/container-auditor.conf",
"dest": "/etc/swift/container-auditor.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-container-replication-server.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-container-server /etc/swift/container-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/container-replication-server.conf",
"dest": "/etc/swift/container-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-container-replicator.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-container-replicator /etc/swift/container-replicator.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/container-replicator.conf",
"dest": "/etc/swift/container-replicator.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

36
ansible/roles/swift/templates/swift-container-server.json.j2
View File

@ -1,36 +0,0 @@
{
"command": "swift-container-server /etc/swift/container-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/container-server.conf",
"dest": "/etc/swift/container-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

42
ansible/roles/swift/templates/swift-container-updater.json.j2
View File

@ -1,42 +0,0 @@
{
"command": "swift-container-updater /etc/swift/container-updater.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/container-updater.conf",
"dest": "/etc/swift/container-updater.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

50
ansible/roles/swift/templates/swift-object-auditor.json.j2
View File

@ -1,50 +0,0 @@
{
"command": "swift-object-auditor /etc/swift/object-auditor.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/object-auditor.conf",
"dest": "/etc/swift/object-auditor.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

56
ansible/roles/swift/templates/swift-object-expirer.json.j2
View File

@ -1,56 +0,0 @@
{
"command": "swift-object-expirer /etc/swift/object-expirer.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/object-expirer.conf",
"dest": "/etc/swift/object-expirer.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

50
ansible/roles/swift/templates/swift-object-replication-server.json.j2
View File

@ -1,50 +0,0 @@
{
"command": "swift-object-server /etc/swift/object-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/object-replication-server.conf",
"dest": "/etc/swift/object-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

50
ansible/roles/swift/templates/swift-object-replicator.json.j2
View File

@ -1,50 +0,0 @@
{
"command": "swift-object-replicator /etc/swift/object-replicator.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/object-replicator.conf",
"dest": "/etc/swift/object-replicator.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

50
ansible/roles/swift/templates/swift-object-server.json.j2
View File

@ -1,50 +0,0 @@
{
"command": "swift-object-server /etc/swift/object-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/object-server.conf",
"dest": "/etc/swift/object-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

50
ansible/roles/swift/templates/swift-object-updater.json.j2
View File

@ -1,50 +0,0 @@
{
"command": "swift-object-updater /etc/swift/object-updater.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/object-updater.conf",
"dest": "/etc/swift/object-updater.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

56
ansible/roles/swift/templates/swift-proxy-server.json.j2
View File

@ -1,56 +0,0 @@
{
"command": "swift-proxy-server /etc/swift/proxy-server.conf --verbose",
"config_files": [
{
"source": "/var/lib/kolla/swift/account.ring.gz",
"dest": "/etc/swift/account.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/container.ring.gz",
"dest": "/etc/swift/container.ring.gz",
"owner": "swift",
"perm": "0640"
},
{
"source": "/var/lib/kolla/swift/object.ring.gz",
"dest": "/etc/swift/object.ring.gz",
"owner": "swift",
"perm": "0640"
},
{% for ring in swift_extra_ring_files %}
{
"source": "/var/lib/kolla/swift/{{ ring }}",
"dest": "/etc/swift/{{ ring }}",
"owner": "swift",
"perm": "0640"
},
{% endfor %}
{
"source": "{{ container_config_directory }}/swift.conf",
"dest": "/etc/swift/swift.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/proxy-server.conf",
"dest": "/etc/swift/proxy-server.conf",
"owner": "swift",
"perm": "0640"
},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/swift/policy.json",
"owner": "swift",
"perm": "0600",
"optional": true
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

17
ansible/roles/swift/templates/swift-rsyncd.json.j2
View File

@ -1,17 +0,0 @@
{
"command": "/usr/bin/rsync --daemon --no-detach --port={{ swift_rsync_port }} --config=/etc/rsyncd.conf",
"config_files": [
{
"source": "{{ container_config_directory }}/rsyncd.conf",
"dest": "/etc/rsyncd.conf",
"owner": "swift",
"perm": "0640"
}{% if kolla_copy_ca_into_containers | bool %},
{
"source": "{{ container_config_directory }}/ca-certificates",
"dest": "/var/lib/kolla/share/ca-certificates",
"owner": "root",
"perm": "0600"
}{% endif %}
]
}

3
ansible/roles/swift/templates/swift.conf.j2
View File

@ -1,3 +0,0 @@
[swift-hash]
swift_hash_path_suffix = {{ swift_hash_path_suffix }}
swift_hash_path_prefix = {{ swift_hash_path_prefix }}

2
ansible/roles/swift/vars/main.yml
View File

@ -1,2 +0,0 @@
---
project_name: "swift"

1
ansible/roles/trove/templates/trove.conf.j2
View File

@ -27,7 +27,6 @@ remote_neutron_client = trove.common.clients_admin.neutron_client_trove_admin
nova_compute_endpoint_type = internalURL
neutron_endpoint_type = internalURL
cinder_endpoint_type = internalURL
swift_endpoint_type = internalURL
glance_endpoint_type = internalURL
trove_endpoint_type = internalURL

23
ansible/site.yml
View File

@ -65,7 +65,6 @@
- enable_rabbitmq_{{ enable_rabbitmq | bool }}
- enable_redis_{{ enable_redis | bool }}
- enable_skyline_{{ enable_skyline | bool }}
- enable_swift_{{ enable_swift | bool }}
- enable_tacker_{{ enable_tacker | bool }}
- enable_telegraf_{{ enable_telegraf | bool }}
- enable_trove_{{ enable_trove | bool }}
@ -291,11 +290,6 @@
tasks_from: loadbalancer
tags: skyline
when: enable_skyline | bool
- include_role:
name: swift
tasks_from: loadbalancer
tags: swift
when: enable_swift | bool
- include_role:
name: tacker
tasks_from: loadbalancer
@ -504,23 +498,6 @@
- { role: opensearch,
tags: opensearch }
- name: Apply role swift
gather_facts: false
hosts:
- swift-account-server
- swift-container-server
- swift-object-server
- swift-proxy-server
- '&enable_swift_True'
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ swift_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: swift,
tags: swift }
- name: Apply role ceph-rgw
gather_facts: false
hosts:

7
doc/source/admin/advanced-configuration.rst
View File

@ -253,7 +253,7 @@ it's advised to make above change before deploying.
Use an external Syslog server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By default, Fluentd is used as a syslog server to collect Swift and HAProxy
By default, Fluentd is used as a syslog server to collect HAProxy
logs. When Fluentd is disabled or you want to use an external syslog server,
You can set syslog parameters in ``globals.yml`` file. For example:
@ -262,12 +262,11 @@ You can set syslog parameters in ``globals.yml`` file. For example:
syslog_server: "172.29.9.145"
syslog_udp_port: "514"
You can also set syslog facility names for Swift and HAProxy logs.
By default, Swift and HAProxy use ``local0`` and ``local1``, respectively.
You can also set syslog facility names for HAProxy logs.
By default, HAProxy uses ``local1``.
.. code-block:: yaml
syslog_swift_facility: "local0"
syslog_haproxy_facility: "local1"
If Glance TLS backend is enabled (``glance_enable_tls_backend``), the syslog

10
doc/source/admin/production-architecture-guide.rst
View File

@ -25,7 +25,7 @@ A basic Kolla inventory consists of several types of nodes, known in Ansible as
* Compute - Compute nodes for compute services. This is where guest VMs
live.
* Storage - Storage nodes for cinder-volume, LVM or Swift.
* Storage - Storage nodes for cinder-volume, LVM.
* Monitoring - Monitor nodes which host monitoring services.
@ -54,14 +54,6 @@ In Kolla operators should configure following network interfaces:
``kolla_enable_tls_external`` is set to yes. Defaults to
``network_interface``.
* ``swift_storage_interface`` - This interface is used by Swift for storage
access traffic. This can be heavily utilized so it's recommended to use
a high speed network fabric. Defaults to ``network_interface``.
* ``swift_replication_interface`` - This interface is used by Swift for storage
replication traffic. This can be heavily utilized so it's recommended to use
a high speed network fabric. Defaults to ``swift_storage_interface``.
* ``tunnel_interface`` - This interface is used by Neutron for vm-to-vm traffic
over tunneled networks (like VxLan). Defaults to ``network_interface``.

1
doc/source/conf.py
View File

@ -111,7 +111,6 @@ openstack_projects = [
'oslo.messaging',
'oslotest',
'ovn-octavia-provider',
'swift',
'watcher',
]

15
doc/source/reference/shared-services/glance-guide.rst
View File

@ -16,7 +16,6 @@ backends:
* file
* ceph
* vmware
* swift
File backend
~~~~~~~~~~~~
@ -91,20 +90,6 @@ use the following variables:
All Glance S3 configurations use these options as default values.
Swift backend
~~~~~~~~~~~~~
To store glance images in a swift cluster, the ``swift`` backend should
be enabled. Refer to :doc:`../storage/swift-guide` on how to configure
swift in kolla.
If ceph is enabled, will have higher precedence over swift as glance backend.
To enable the swift backend manually:
.. code-block:: yaml
glance_backend_swift: "yes"
Upgrading glance
----------------

1
doc/source/reference/storage/index.rst
View File

@ -14,4 +14,3 @@ supported by kolla.
cinder-guide-pure
manila-guide
manila-hnas-guide
swift-guide

315
doc/source/reference/storage/swift-guide.rst
View File

@ -1,315 +0,0 @@
.. _swift-guide:
==============================
Swift - Object storage service
==============================
Overview
~~~~~~~~
Kolla can deploy a full working Swift setup in either a **all-in-one** or
**multinode** setup.
Networking
~~~~~~~~~~
The following interfaces are used by Swift:
External API interface (``kolla_external_vip_interface``)
This interface is used by users to access the Swift public API.
Internal API interface (``api_interface``)
This interface is used by users to access the Swift internal API. It is also
used by HAProxy to access the Swift proxy servers.
Swift Storage interface (``swift_storage_interface``)
This interface is used by the Swift proxy server to access the account,
container and object servers.
Swift replication interface (``swift_replication_interface``)
This interface is used for Swift storage replication traffic.
This is optional as the default configuration uses
the ``swift_storage_interface`` for replication traffic.
Disks with a partition table (recommended)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Swift requires block devices to be available for storage. To prepare a disk
for use as a Swift storage device, a special partition name and filesystem
label need to be added.
The following should be done on each storage node, the example is shown
for three disks:
.. warning::
ALL DATA ON DISK will be LOST!
.. code-block:: console
index=0
for d in sdc sdd sde; do
parted /dev/${d} -s -- mklabel gpt mkpart KOLLA_SWIFT_DATA 1 -1
sudo mkfs.xfs -f -L d${index} /dev/${d}1
(( index++ ))
done
For evaluation, loopback devices can be used in lieu of real disks:
.. code-block:: console
index=0
for d in sdc sdd sde; do
free_device=$(losetup -f)
fallocate -l 1G /tmp/$d
losetup $free_device /tmp/$d
parted $free_device -s -- mklabel gpt mkpart KOLLA_SWIFT_DATA 1 -1
sudo mkfs.xfs -f -L d${index} ${free_device}p1
(( index++ ))
done
Disks without a partition table
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kolla also supports unpartitioned disk (filesystem on ``/dev/sdc`` instead of
``/dev/sdc1``) detection purely based on filesystem label. This is generally
not a recommended practice but can be helpful for Kolla to take over Swift
deployment already using disk like this.
Given hard disks with labels swd1, swd2, swd3, use the following settings in
``ansible/roles/swift/defaults/main.yml``.
.. code-block:: yaml
swift_devices_match_mode: "prefix"
swift_devices_name: "swd"
Rings
~~~~~
Before running Swift we need to generate **rings**, which are binary compressed
files that at a high level let the various Swift services know where data is in
the cluster. We hope to automate this process in a future release.
The following example commands should be run from the ``operator`` node to
generate rings for a demo setup. The commands work with **disks with partition
table** example listed above. Please modify accordingly if your setup is
different.
If using a separate replication network it is necessary to add the replication
network IP addresses to the rings. See the :swift-doc:`Swift documentation
<replication_network.html#dedicated-replication-network>` for details on
how to do that.
Prepare for Rings generating
----------------------------
To prepare for Swift Rings generating, run the following commands to initialize
the environment variable and create ``/etc/kolla/config/swift`` directory:
.. code-block:: console
STORAGE_NODES=(192.168.0.2 192.168.0.3 192.168.0.4)
KOLLA_SWIFT_BASE_IMAGE="kolla/centos-source-swift-base:4.0.0"
mkdir -p /etc/kolla/config/swift
Generate Object Ring
--------------------
To generate Swift object ring, run the following commands:
.. code-block:: console
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/object.builder create 10 3 1
for node in ${STORAGE_NODES[@]}; do
for i in {0..2}; do
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/object.builder add r1z1-${node}:6000/d${i} 1;
done
done
Generate Account Ring
---------------------
To generate Swift account ring, run the following commands:
.. code-block:: console
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/account.builder create 10 3 1
for node in ${STORAGE_NODES[@]}; do
for i in {0..2}; do
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/account.builder add r1z1-${node}:6001/d${i} 1;
done
done
Generate Container Ring
-----------------------
To generate Swift container ring, run the following commands:
.. code-block:: console
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/container.builder create 10 3 1
for node in ${STORAGE_NODES[@]}; do
for i in {0..2}; do
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/container.builder add r1z1-${node}:6002/d${i} 1;
done
done
.. end
Rebalance
---------
To rebalance the ring files:
.. code-block:: console
for ring in object account container; do
docker run \
--rm \
-v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
$KOLLA_SWIFT_BASE_IMAGE \
swift-ring-builder \
/etc/kolla/config/swift/${ring}.builder rebalance;
done
For more information, see :swift-doc:`the Swift documentation
<install/initial-rings.html>`.
Deploying
~~~~~~~~~
Enable Swift in ``/etc/kolla/globals.yml``:
.. code-block:: yaml
enable_swift : "yes"
If you are to deploy multiple policies, override the variable
``swift_extra_ring_files`` with the list of your custom ring files, .builder
and .ring.gz all together. This will append them to the list of default rings.
.. code-block:: yaml
swift_extra_ring_files:
- object-1.builder
- object-1.ring.gz
Once the rings are in place, deploying Swift is the same as any other Kolla
Ansible service:
.. code-block:: console
# kolla-ansible deploy -i <path/to/inventory-file>
Verification
~~~~~~~~~~~~
A very basic smoke test:
.. code-block:: console
$ openstack container create mycontainer
+---------------------------------------+--------------+------------------------------------+
| account | container | x-trans-id |
+---------------------------------------+--------------+------------------------------------+
| AUTH_7b938156dba44de7891f311c751f91d8 | mycontainer | txb7f05fa81f244117ac1b7-005a0e7803 |
+---------------------------------------+--------------+------------------------------------+
$ openstack object create mycontainer README.rst
+---------------+--------------+----------------------------------+
| object | container | etag |
+---------------+--------------+----------------------------------+
| README.rst | mycontainer | 2634ecee0b9a52ba403a503cc7d8e988 |
+---------------+--------------+----------------------------------+
$ openstack container show mycontainer
+--------------+---------------------------------------+
| Field | Value |
+--------------+---------------------------------------+
| account | AUTH_7b938156dba44de7891f311c751f91d8 |
| bytes_used | 6684 |
| container | mycontainer |
| object_count | 1 |
+--------------+---------------------------------------+
$ openstack object store account show
+------------+---------------------------------------+
| Field | Value |
+------------+---------------------------------------+
| Account | AUTH_7b938156dba44de7891f311c751f91d8 |
| Bytes | 6684 |
| Containers | 1 |
| Objects | 1 |
+------------+---------------------------------------+
S3 API
~~~~~~
The Swift S3 API can be enabled by setting ``enable_swift_s3api`` to ``true``
in ``globals.yml``. It is disabled by default. In order to use this API it is
necessary to obtain EC2 credentials from Keystone. See the :swift-doc:`the
Swift documentation
<admin/middleware.html#module-swift.common.middleware.s3api.s3api>` for
details.
Swift Recon
~~~~~~~~~~~
Enable Swift Recon in ``/etc/kolla/globals.yml``:
.. code-block:: yaml
enable_swift_recon : "yes"
The Swift role in Kolla Ansible is still using the old role format. Unlike many
other Kolla Ansible roles, it won't automatically add the new volume to the
containers in existing deployments when running `kolla-ansible reconfigure`.
Instead we must use the `kolla-ansible upgrade` command, which will remove the
existing containers and then put them back again.
Example usage:
.. code-block:: console
$ sudo docker exec swift_object_server swift-recon --all`
For more information, see :swift-doc:`the Swift documentation
<admin/objectstorage-monitoring.html>`.

38
etc/kolla/globals.yml
View File

@ -138,8 +138,6 @@ workaround_ansible_issue_8743: yes
# the 'network_interface'. These interfaces must contain an IP address.
#kolla_external_vip_interface: "{{ network_interface }}"
#api_interface: "{{ network_interface }}"
#swift_storage_interface: "{{ network_interface }}"
#swift_replication_interface: "{{ swift_storage_interface }}"
#tunnel_interface: "{{ network_interface }}"
#dns_interface: "{{ network_interface }}"
#octavia_network_interface: "{{ api_interface }}"
@ -149,8 +147,6 @@ workaround_ansible_issue_8743: yes
#network_address_family: "ipv4"
#api_address_family: "{{ network_address_family }}"
#storage_address_family: "{{ network_address_family }}"
#swift_storage_address_family: "{{ storage_address_family }}"
#swift_replication_address_family: "{{ swift_storage_address_family }}"
#migration_address_family: "{{ api_address_family }}"
#tunnel_address_family: "{{ network_address_family }}"
#octavia_network_address_family: "{{ api_address_family }}"
@ -426,8 +422,6 @@ workaround_ansible_issue_8743: yes
#enable_proxysql: "yes"
#enable_redis: "no"
#enable_skyline: "no"
#enable_swift: "no"
#enable_swift_s3api: "no"
#enable_tacker: "no"
#enable_telegraf: "no"
#enable_trove: "no"
@ -518,7 +512,6 @@ workaround_ansible_issue_8743: yes
# Configure image backend.
#glance_backend_ceph: "no"
#glance_backend_file: "yes"
#glance_backend_swift: "no"
#glance_backend_vmware: "no"
#glance_backend_s3: "no"
#enable_glance_image_cache: "no"
@ -553,8 +546,8 @@ workaround_ansible_issue_8743: yes
#################
# Gnocchi options
#################
# Valid options are [ file, ceph, swift ]
#gnocchi_backend_storage: "{% if enable_swift | bool %}swift{% else %}file{% endif %}"
# Valid options are [ file, ceph ]
#gnocchi_backend_storage: "file"
# Valid options are [redis, '']
#gnocchi_incoming_storage: "{{ 'redis' if enable_redis | bool else '' }}"
@ -570,7 +563,7 @@ workaround_ansible_issue_8743: yes
# Valid options are [ '', redis, etcd ]
#cinder_coordination_backend: "{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"
# Valid options are [ nfs, swift, ceph, s3 ]
# Valid options are [ nfs, ceph, s3 ]
#cinder_backup_driver: "ceph"
#cinder_backup_share: ""
#cinder_backup_mount_options_nfs: ""
@ -711,31 +704,6 @@ workaround_ansible_issue_8743: yes
#manila_glusterfs_target:
#manila_glusterfs_mount_point_base:
################################
# Swift - Object Storage Options
################################
# Swift expects block devices to be available for storage. Two types of storage
# are supported: 1 - storage device with a special partition name and filesystem
# label, 2 - unpartitioned disk with a filesystem. The label of this filesystem
# is used to detect the disk which Swift will be using.
# Swift support two matching modes, valid options are [ prefix, strict ]
#swift_devices_match_mode: "strict"
# This parameter defines matching pattern: if "strict" mode was selected,
# for swift_devices_match_mode then swift_device_name should specify the name of
# the special swift partition for example: "KOLLA_SWIFT_DATA", if "prefix" mode was
# selected then swift_devices_name should specify a pattern which would match to
# filesystems' labels prepared for swift.
#swift_devices_name: "KOLLA_SWIFT_DATA"
# Configure swift upgrade option, due to currently kolla support
# two upgrade ways for swift: legacy_upgrade and rolling_upgrade
# The variable "swift_enable_rolling_upgrade: yes" is meaning rolling_upgrade
# were enabled and opposite
# Rolling upgrade were enable by default
#swift_enable_rolling_upgrade: "yes"
###################################
# VMware - OpenStack VMware support
###################################

4
etc/kolla/passwords.yml
View File

@ -99,10 +99,6 @@ designate_pool_id:
# This option must be HMAC-MD5 value in string format
designate_rndc_key:
swift_keystone_password:
swift_hash_path_suffix:
swift_hash_path_prefix:
heat_database_password:
heat_keystone_password:
heat_domain_admin_password:

4
releasenotes/notes/remove-swift-5ebd7b5c4a2cb5b7.yaml Normal file
View File

@ -0,0 +1,4 @@
---
upgrade:
- |
Support for deploying ``Swift`` has been removed.

4
roles/openstack-clients/defaults/main.yml
View File

@ -20,10 +20,6 @@ openstack_clients_pip_packages:
enabled: "{{ scenario in ['octavia', 'ovn'] }}"
- package: python-openstackclient
enabled: true
# python-openstackclient 6.6.0 didn't work with swift due to https://review.opendev.org/c/openstack/python-openstackclient/+/920001
# TODO: remove the simplejson once new package released on pypi.org.
- package: simplejson
enabled: "{{ scenario == 'swift' }}"
- package: python-tackerclient
enabled: "{{ scenario == 'scenario_nfv' }}"
- package: python-troveclient

2
tests/pre.yml
View File

@ -66,7 +66,7 @@
become: true
package:
name: lvm2
when: scenario in ['cephadm', 'zun', 'swift']
when: scenario in ['cephadm', 'zun']
- name: Ensure /tmp/logs/ dir
file:

8
tests/setup_disks.sh
View File

@ -14,14 +14,6 @@ if [ $1 = 'zun' ]; then
losetup $free_device /var/lib/cinder_data.img
pvcreate $free_device
vgcreate cinder-volumes $free_device
elif [ $1 = 'swift' ]; then
# swift partition
free_device=$(losetup -f)
fallocate -l 5G /var/lib/swift_data.img
losetup $free_device /var/lib/swift_data.img
parted $free_device -s -- mklabel gpt mkpart KOLLA_SWIFT_DATA 1 -1
free_partition=${free_device}p1
mkfs.xfs -L d0 $free_partition
elif [ $1 = 'ceph-lvm' ]; then
free_device=$(losetup -f)
fallocate -l 5G /var/lib/ceph-osd1.img

4
tests/setup_gate.sh
View File

@ -49,10 +49,6 @@ function prepare_images {
GATE_IMAGES+=",^masakari-,^hacluster-"
fi
if [[ $SCENARIO == "swift" ]]; then
GATE_IMAGES+=",^swift"
fi
if [[ $SCENARIO == "ovn" ]]; then
GATE_IMAGES+=",^redis,^octavia,^ovn"
fi

4
tests/templates/globals-default.j2
View File

@ -103,10 +103,6 @@ enable_cinder_backup: "no"
enable_cinder_backend_lvm: "yes"
{% endif %}
{% if scenario == "swift" %}
enable_swift: "yes"
{% endif %}
{% if scenario == "ipv6" %}
enable_prometheus: "yes"
enable_prometheus_openstack_exporter: "no"

16
tests/templates/inventory.j2
View File

@ -170,9 +170,6 @@ control
[horizon:children]
control
[swift:children]
control
[barbican:children]
control
@ -377,19 +374,6 @@ network
[manila-data:children]
manila
# Swift
[swift-proxy-server:children]
swift
[swift-account-server:children]
storage
[swift-container-server:children]
storage
[swift-object-server:children]
storage
# Barbican
[barbican-api:children]
barbican

6
tools/cleanup-host
View File

@ -37,12 +37,6 @@ fi
echo "Creating a fstab backup..."
sudo cp /etc/fstab /etc/fstab_backup
if [[ "$enable_swift" == "yes" ]]; then
echo "Removing swift references from fstab..."
cat /etc/fstab | grep "/srv/node/d*" | xargs umount
sed -i '/\/srv\/node\//d' /etc/fstab
fi
if [[ "$glance_file_datadir_volume" != "glance" && -d "$glance_file_datadir_volume" ]]; then
echo "Removing glance volume if it is customized"
rm -rfv $glance_file_datadir_volume

2
tools/validate-all-file.py
View File

@ -43,8 +43,6 @@ YAML_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git',
KOLLA_NETWORKS = [
'api',
'storage',
'swift_storage',
'swift_replication',
'migration',
'tunnel',
'octavia_network',