From 515cf2af687656d5b6660d1fbf5d6f83d43148a4 Mon Sep 17 00:00:00 2001 From: Paul Bourke Date: Tue, 18 Aug 2015 14:05:54 +0000 Subject: [PATCH] Implement Ansible role for Swift This currently deploys the core services for a working Swift which are account/container/object/proxy. I've included some basic docs in docs/swift-related.rst, which gives usage instructions and more context on this patch. These are really to give an overview of the state of Swift in Kolla as of now, so unless there's some major inaccuracy there please don't nitpick it. Change-Id: Id0c54be3e24c46459c40b16b7020f05bddbe1b19 Implements: blueprint ansible-swift --- ansible/group_vars/all.yml | 5 + ansible/inventory/all-in-one | 18 ++- ansible/inventory/multinode | 18 ++- ansible/roles/swift/defaults/main.yml | 58 ++++++++ ansible/roles/swift/meta/main.yml | 4 + ansible/roles/swift/tasks/bootstrap.yml | 19 +++ ansible/roles/swift/tasks/config.yml | 84 +++++++++++ ansible/roles/swift/tasks/main.yml | 8 ++ ansible/roles/swift/tasks/register.yml | 37 +++++ ansible/roles/swift/tasks/start.yml | 92 +++++++++++++ .../swift/templates/account-server.conf.j2 | 11 ++ .../swift/templates/container-server.conf.j2 | 11 ++ .../swift/templates/object-server.conf.j2 | 11 ++ .../swift/templates/proxy-server.conf.j2 | 57 ++++++++ ansible/roles/swift/templates/swift.conf.j2 | 3 + ansible/site.yml | 4 + .../swift-account-server/config-external.sh | 27 ++-- .../swift/swift-account-server/start.sh | 2 + .../common/swift/swift-base/config-swift.sh | 8 +- .../swift-container-server/config-external.sh | 27 ++-- .../swift/swift-container-server/start.sh | 2 + .../swift/swift-object-auditor/start.sh | 2 + .../swift/swift-object-expirer/start.sh | 2 + .../swift/swift-object-replicator/start.sh | 2 + .../swift-object-server/config-external.sh | 33 +++-- .../common/swift/swift-object-server/start.sh | 2 + .../swift/swift-object-updater/start.sh | 2 + .../swift-proxy-server/config-external.sh | 35 ++++- .../common/swift/swift-proxy-server/start.sh | 2 + docs/swift-readme.rst | 130 ++++++++++++++++++ etc/kolla/config/swift.conf | 0 etc/kolla/config/swift/account-server.conf | 0 etc/kolla/config/swift/container-server.conf | 0 etc/kolla/config/swift/object-server.conf | 0 etc/kolla/config/swift/proxy-server.conf | 0 etc/kolla/config/swift/swift.conf | 0 etc/kolla/passwords.yml | 4 + 37 files changed, 668 insertions(+), 52 deletions(-) create mode 100644 ansible/roles/swift/defaults/main.yml create mode 100644 ansible/roles/swift/meta/main.yml create mode 100644 ansible/roles/swift/tasks/bootstrap.yml create mode 100644 ansible/roles/swift/tasks/config.yml create mode 100644 ansible/roles/swift/tasks/main.yml create mode 100644 ansible/roles/swift/tasks/register.yml create mode 100644 ansible/roles/swift/tasks/start.yml create mode 100644 ansible/roles/swift/templates/account-server.conf.j2 create mode 100644 ansible/roles/swift/templates/container-server.conf.j2 create mode 100644 ansible/roles/swift/templates/object-server.conf.j2 create mode 100644 ansible/roles/swift/templates/proxy-server.conf.j2 create mode 100644 ansible/roles/swift/templates/swift.conf.j2 create mode 100644 docs/swift-readme.rst create mode 100644 etc/kolla/config/swift.conf create mode 100644 etc/kolla/config/swift/account-server.conf create mode 100644 etc/kolla/config/swift/container-server.conf create mode 100644 etc/kolla/config/swift/object-server.conf create mode 100644 etc/kolla/config/swift/proxy-server.conf create mode 100644 etc/kolla/config/swift/swift.conf diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 1119c8df82..1b19ebb271 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -91,6 +91,10 @@ cinder_api_port: "8776" memcached_port: "11211" +swift_proxy_server_port: "8080" +swift_object_server_port: "6000" +swift_account_server_port: "6001" +swift_container_server_port: "6002" #################### # Openstack options @@ -130,6 +134,7 @@ enable_rabbitmq: "yes" # Additional optional OpenStack services are specified here enable_cinder: "no" enable_horizon: "yes" +enable_swift: "no" #################### # RabbitMQ options diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index f00cc65a3c..b0cbdb457a 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -45,6 +45,9 @@ control [horizon:children] control +[swift:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. @@ -83,7 +86,7 @@ neutron [neutron-agents:children] neutron -#Cinder +# Cinder [cinder-api:children] cinder @@ -95,3 +98,16 @@ cinder [cinder-volume:children] storage + +# Swift +[swift-proxy-server:children] +swift + +[swift-account-server:children] +storage + +[swift-container-server:children] +storage + +[swift-object-server:children] +storage diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index e75805ff25..7db8c12a5f 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -51,6 +51,9 @@ control [horizon:children] control +[swift:children] +control + # Additional control implemented here. These groups allow you to control which # services run on which hosts at a per-service level. @@ -89,7 +92,7 @@ neutron [neutron-agents:children] neutron -#Cinder +# Cinder [cinder-api:children] cinder @@ -101,3 +104,16 @@ cinder [cinder-volume:children] storage + +# Swift +[swift-proxy-server:children] +storage + +[swift-account-server:children] +storage + +[swift-container-server:children] +storage + +[swift-object-server:children] +storage diff --git a/ansible/roles/swift/defaults/main.yml b/ansible/roles/swift/defaults/main.yml new file mode 100644 index 0000000000..6e156a8f39 --- /dev/null +++ b/ansible/roles/swift/defaults/main.yml @@ -0,0 +1,58 @@ +--- +project_name: "swift" + +#################### +# Docker +#################### +swift_proxy_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-proxy-server" +swift_proxy_server_tag: "{{ openstack_release }}" +swift_proxy_server_image_full: "{{ swift_proxy_server_image }}:{{ swift_proxy_server_tag }}" + +swift_data_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-data" +swift_data_tag: "{{ openstack_release }}" +swift_data_image_full: "{{ swift_data_image }}:{{ swift_data_tag }}" + +swift_account_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-account-server" +swift_account_server_tag: "{{ openstack_release }}" +swift_account_server_image_full: "{{ swift_account_server_image }}:{{ swift_account_server_tag }}" + +swift_container_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-container-server" +swift_container_server_tag: "{{ openstack_release }}" +swift_container_server_image_full: "{{ swift_container_server_image }}:{{ swift_container_server_tag }}" + +swift_object_auditor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-auditor" +swift_object_auditor_tag: "{{ openstack_release }}" +swift_object_auditor_image_full: "{{ swift_object_auditor_image }}:{{ swift_object_auditor_tag }}" + +swift_object_expirer_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-expirer" +swift_object_expirer_tag: "{{ openstack_release }}" +swift_object_expirer_image_full: "{{ swift_object_expirer_image }}:{{ swift_object_expirer_tag }}" + +swift_object_replicator_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-replicator" +swift_object_replicator_tag: "{{ openstack_release }}" +swift_object_replicator_image_full: "{{ swift_object_replicator_image }}:{{ swift_object_replicator_tag }}" + +swift_object_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-server" +swift_object_server_tag: "{{ openstack_release }}" +swift_object_server_image_full: "{{ swift_object_server_image }}:{{ swift_object_server_tag }}" + +swift_object_updater_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-updater" +swift_object_updater_tag: "{{ openstack_release }}" +swift_object_updater_image_full: "{{ swift_object_updater_image }}:{{ swift_object_updater_tag }}" + +#################### +# Openstack +#################### +swift_public_address: "{{ kolla_external_address }}" +swift_admin_address: "{{ kolla_internal_address }}" +swift_internal_address: "{{ kolla_internal_address }}" + +swift_logging_verbose: "{{ openstack_logging_verbose }}" +swift_logging_debug: "{{ openstack_logging_debug }}" + +swift_keystone_user: "swift" +swift_admin_tenant_name: "admin" + +swift_devices_mount_point: "/srv/node" + +openstack_swift_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" diff --git a/ansible/roles/swift/meta/main.yml b/ansible/roles/swift/meta/main.yml new file mode 100644 index 0000000000..f478e69120 --- /dev/null +++ b/ansible/roles/swift/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - { role: common } + - { role: memcached } diff --git a/ansible/roles/swift/tasks/bootstrap.yml b/ansible/roles/swift/tasks/bootstrap.yml new file mode 100644 index 0000000000..4d035fbb75 --- /dev/null +++ b/ansible/roles/swift/tasks/bootstrap.yml @@ -0,0 +1,19 @@ +--- +- name: Starting Swift data container + docker: + docker_api_version: "{{ docker_api_version }}" + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: swift_data + image: "{{ swift_data_image_full }}" + volumes: + - "/srv/node/sdb1" + - "/srv/node/sdb2" + - "/srv/node/sdb3" diff --git a/ansible/roles/swift/tasks/config.yml b/ansible/roles/swift/tasks/config.yml new file mode 100644 index 0000000000..b3ec2f1db7 --- /dev/null +++ b/ansible/roles/swift/tasks/config.yml @@ -0,0 +1,84 @@ +--- +# TODO(pbourke): There needs to be one swift.conf generated per service for updates to work +# correctly. Figure out a way (with_items seems to not be allowed when using include) +- include: ../../config.yml + vars: + service_name: "swift" + config_source: + - "roles/swift/templates/swift.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/swift/swift.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/swift.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/swift.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/swift.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/swift.conf" + +- include: ../../config.yml + vars: + service_name: "swift-proxy-server" + config_source: + - "roles/swift/templates/proxy-server.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/swift/proxy-server.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/proxy-server.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/proxy-server.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/proxy-server.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/proxy-server.conf" + when: inventory_hostname in groups['swift-proxy-server'] + +- include: ../../config.yml + vars: + service_name: "swift-account-server" + config_source: + - "roles/swift/templates/account-server.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/swift/account-server.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/account-server.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/account-server.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/account-server.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/account-server.conf" + when: inventory_hostname in groups['swift-account-server'] + +- include: ../../config.yml + vars: + service_name: "swift-container-server" + config_source: + - "roles/swift/templates/container-server.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/swift/container-server.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/container-server.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/container-server.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/container-server.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/container-server.conf" + when: inventory_hostname in groups['swift-container-server'] + +- include: ../../config.yml + vars: + service_name: "swift-object-server" + config_source: + - "roles/swift/templates/object-server.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/swift/object-server.conf" + config_template_dest: + - "{{ node_templates_directory }}/{{ service_name }}/object-server.conf_minimal" + - "{{ node_templates_directory }}/{{ service_name }}/object-server.conf_global" + - "{{ node_templates_directory }}/{{ service_name }}/object-server.conf_augment" + config_dest: "{{ node_config_directory }}/{{ service_name }}/object-server.conf" + when: inventory_hostname in groups['swift-object-server'] + +- name: Copying over Swift ring files + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + backup: yes + with_items: + - { src: "/etc/kolla/config/swift/object.ring.gz", + dest: "{{ node_config_directory }}/swift/object.ring.gz" } + - { src: "/etc/kolla/config/swift/container.ring.gz", + dest: "{{ node_config_directory }}/swift/container.ring.gz" } + - { src: "/etc/kolla/config/swift/account.ring.gz", + dest: "{{ node_config_directory }}/swift/account.ring.gz" } diff --git a/ansible/roles/swift/tasks/main.yml b/ansible/roles/swift/tasks/main.yml new file mode 100644 index 0000000000..5c48120b7c --- /dev/null +++ b/ansible/roles/swift/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- include: register.yml + +- include: config.yml + +- include: bootstrap.yml + +- include: start.yml diff --git a/ansible/roles/swift/tasks/register.yml b/ansible/roles/swift/tasks/register.yml new file mode 100644 index 0000000000..d2d61dd769 --- /dev/null +++ b/ansible/roles/swift/tasks/register.yml @@ -0,0 +1,37 @@ +--- +- name: Creating the Swift service and endpoint + command: docker exec -t kolla_ansible /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=swift + service_type=object-store + description='Openstack Object Storage' + endpoint_region={{ openstack_region_name }} + admin_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}' + internal_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' + public_url='http://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_swift_auth }}' }}" + -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}" + register: swift_endpoint + changed_when: "{{ swift_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (swift_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: swift_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + +- name: Creating the Swift project, user, and role + command: docker exec -t kolla_ansible /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user={{ swift_keystone_user }} + password={{ swift_keystone_password }} + role={{ swift_admin_tenant_name }} + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_swift_auth }}' }}" + -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}" + register: swift_user + changed_when: "{{ swift_user.stdout.find('localhost | SUCCESS => ') != -1 and (swift_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: swift_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True diff --git a/ansible/roles/swift/tasks/start.yml b/ansible/roles/swift/tasks/start.yml new file mode 100644 index 0000000000..eaf9c9a6cd --- /dev/null +++ b/ansible/roles/swift/tasks/start.yml @@ -0,0 +1,92 @@ +--- +- name: Starting Swift Proxy Server container + docker: + docker_api_version: "{{ docker_api_version }}" + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: swift_proxy_server + image: "{{ swift_proxy_server_image_full }}" + volumes: + - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro" + - "{{ node_config_directory }}/swift-proxy-server/:/opt/kolla/swift-proxy-server/:ro" + volumes_from: + - swift_data + env: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + when: inventory_hostname in groups['swift-proxy-server'] + +- name: Starting Swift Account Server container + docker: + docker_api_version: "{{ docker_api_version }}" + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: swift_account_server + image: "{{ swift_account_server_image_full }}" + volumes: + - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro" + - "{{ node_config_directory }}/swift-account-server/:/opt/kolla/swift-account-server/:ro" + volumes_from: + - swift_data + env: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + when: inventory_hostname in groups['swift-account-server'] + +- name: Starting Swift Container Server container + docker: + docker_api_version: "{{ docker_api_version }}" + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: swift_container_server + image: "{{ swift_container_server_image_full }}" + volumes: + - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro" + - "{{ node_config_directory }}/swift-container-server/:/opt/kolla/swift-container-server/:ro" + volumes_from: + - swift_data + env: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + when: inventory_hostname in groups['swift-container-server'] + +- name: Starting Swift Object Server container + docker: + docker_api_version: "{{ docker_api_version }}" + net: host + pull: "{{ docker_pull_policy }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + registry: "{{ docker_registry }}" + username: "{{ docker_registry_username }}" + password: "{{ docker_registry_password }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: swift_object_server + image: "{{ swift_object_server_image_full }}" + volumes: + - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro" + - "{{ node_config_directory }}/swift-object-server/:/opt/kolla/swift-object-server/:ro" + volumes_from: + - swift_data + env: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + when: inventory_hostname in groups['swift-object-server'] diff --git a/ansible/roles/swift/templates/account-server.conf.j2 b/ansible/roles/swift/templates/account-server.conf.j2 new file mode 100644 index 0000000000..db7a63c6e9 --- /dev/null +++ b/ansible/roles/swift/templates/account-server.conf.j2 @@ -0,0 +1,11 @@ +[DEFAULT] +bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +bind_port = {{ swift_account_server_port }} +devices = {{ swift_devices_mount_point }} +mount_check = false + +[pipeline:main] +pipeline = account-server + +[app:account-server] +use = egg:swift#account diff --git a/ansible/roles/swift/templates/container-server.conf.j2 b/ansible/roles/swift/templates/container-server.conf.j2 new file mode 100644 index 0000000000..2baf9b72ce --- /dev/null +++ b/ansible/roles/swift/templates/container-server.conf.j2 @@ -0,0 +1,11 @@ +[DEFAULT] +bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +bind_port = {{ swift_container_server_port }} +devices = {{ swift_devices_mount_point }} +mount_check = false + +[pipeline:main] +pipeline = container-server + +[app:container-server] +use = egg:swift#container diff --git a/ansible/roles/swift/templates/object-server.conf.j2 b/ansible/roles/swift/templates/object-server.conf.j2 new file mode 100644 index 0000000000..3f36d5e721 --- /dev/null +++ b/ansible/roles/swift/templates/object-server.conf.j2 @@ -0,0 +1,11 @@ +[DEFAULT] +bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +bind_port = {{ swift_object_server_port }} +devices = {{ swift_devices_mount_point }} +mount_check = false + +[pipeline:main] +pipeline = object-server + +[app:object-server] +use = egg:swift#object diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2 new file mode 100644 index 0000000000..44dddc12b6 --- /dev/null +++ b/ansible/roles/swift/templates/proxy-server.conf.j2 @@ -0,0 +1,57 @@ +[DEFAULT] +bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} +bind_port = {{ swift_proxy_server_port }} + +[pipeline:main] +pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk ratelimit authtoken keystoneauth slo dlo proxy-server + +[app:proxy-server] +use = egg:swift#proxy +allow_account_management = true +account_autocreate = true + +[filter:cache] +use = egg:swift#memcache +memcache_servers = {% for host in groups['swift-proxy-server'] %}{{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[filter:catch_errors] +use = egg:swift#catch_errors + +[filter:healthcheck] +use = egg:swift#healthcheck + +[filter:proxy-logging] +use = egg:swift#proxy_logging + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ swift_keystone_user }} +password = {{ swift_keystone_password }} + +[filter:keystoneauth] +use = egg:swift#keystoneauth +operator_roles = admin,user + +[filter:container_sync] +use = egg:swift#container_sync + +[filter:bulk] +use = egg:swift#bulk + +[filter:ratelimit] +use = egg:swift#ratelimit + +[filter:gatekeeper] +use = egg:swift#gatekeeper + +[filter:slo] +use = egg:swift#slo + +[filter:dlo] +use = egg:swift#dlo diff --git a/ansible/roles/swift/templates/swift.conf.j2 b/ansible/roles/swift/templates/swift.conf.j2 new file mode 100644 index 0000000000..917a32cf1c --- /dev/null +++ b/ansible/roles/swift/templates/swift.conf.j2 @@ -0,0 +1,3 @@ +[swift-hash] +swift_hash_path_suffix = {{ swift_hash_path_suffix }} +swift_hash_path_prefix = {{ swift_hash_path_prefix }} diff --git a/ansible/site.yml b/ansible/site.yml index ae1d348859..b395249023 100755 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -15,6 +15,10 @@ roles: - { role: keystone, tags: keystone, when: enable_keystone | bool } +- hosts: [swift-proxy-server, swift-account-server, swift-object-server, swift-container-server ] + roles: + - { role: swift, tags: swift, when: enable_swift | bool } + - hosts: [glance-api, glance-registry] roles: - { role: glance, tags: glance, when: enable_glance | bool } diff --git a/docker/common/swift/swift-account-server/config-external.sh b/docker/common/swift/swift-account-server/config-external.sh index 613fd30f08..61adefcd06 100644 --- a/docker/common/swift/swift-account-server/config-external.sh +++ b/docker/common/swift/swift-account-server/config-external.sh @@ -1,18 +1,19 @@ #!/bin/bash -SOURCE="/opt/kolla/swift/swift.conf" -TARGET="/etc/swift/swift.conf" -SOURCE_ACCOUNT_SERVER="/opt/kolla/swift/account-server.conf" -TARGET_ACCOUNT_SERVER="/etc/swift/account-server.conf" -OWNER="swift" -if [[ -f "$SOURCE" ]]; then - cp $SOURCE $TARGET - chown ${OWNER}: $TARGET - chmod 0640 $TARGET +if [[ -f /opt/kolla/swift/swift.conf ]]; then + cp /opt/kolla/swift/swift.conf /etc/swift/ + chown swift: /etc/swift/swift.conf + chmod 0640 /etc/swift/swift.conf fi -if [[ -f "$SOURCE_ACCOUNT_SERVER" ]]; then - cp $SOURCE_ACCOUNT_SERVER $TARGET_ACCOUNT_SERVER - chown ${OWNER}: $TARGET_ACCOUNT_SERVER - chmod 0640 $TARGET_ACCOUNT_SERVER +if [[ -f "/opt/kolla/swift/account.ring.gz" ]]; then + cp /opt/kolla/swift/account.ring.gz /etc/swift/account.ring.gz + chown swift: /etc/swift/account.ring.gz + chmod 0640 /etc/swift/account.ring.gz +fi + +if [[ -f /opt/kolla/swift-account-server/account-server.conf ]]; then + cp /opt/kolla/swift-account-server/account-server.conf /etc/swift/ + chown swift: /etc/swift/account-server.conf + chmod 0640 /etc/swift/account-server.conf fi diff --git a/docker/common/swift/swift-account-server/start.sh b/docker/common/swift/swift-account-server/start.sh index 1c205cb26f..402ee6f44f 100755 --- a/docker/common/swift/swift-account-server/start.sh +++ b/docker/common/swift/swift-account-server/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/account-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-base/config-swift.sh b/docker/common/swift/swift-base/config-swift.sh index 343abdcec8..b101b4e696 100755 --- a/docker/common/swift/swift-base/config-swift.sh +++ b/docker/common/swift/swift-base/config-swift.sh @@ -1,9 +1,3 @@ #!/bin/bash -. /opt/kolla/kolla-common.sh - -check_required_vars SWIFT_HASH_PATH_SUFFIX - -cfg=/etc/swift/swift.conf - -crudini --set $cfg swift-hash swift_hash_path_suffix "${SWIFT_HASH_PATH_SUFFIX}" +chown -R swift: /srv/node diff --git a/docker/common/swift/swift-container-server/config-external.sh b/docker/common/swift/swift-container-server/config-external.sh index 93f696349a..d81ba6cc41 100644 --- a/docker/common/swift/swift-container-server/config-external.sh +++ b/docker/common/swift/swift-container-server/config-external.sh @@ -1,18 +1,21 @@ #!/bin/bash -SOURCE="/opt/kolla/swift/swift.conf" -TARGET="/etc/swift/swift.conf" -SOURCE_CONTAINER_SERVER="/opt/kolla/swift/container-server.conf" -TARGET_CONTAINER_SERVER="/etc/swift/container-server.conf" + OWNER="swift" -if [[ -f "$SOURCE" ]]; then - cp $SOURCE $TARGET - chown ${OWNER}: $TARGET - chmod 0640 $TARGET +if [[ -f "/opt/kolla/swift/swift.conf" ]]; then + cp /opt/kolla/swift/swift.conf /etc/swift/swift.conf + chown ${OWNER}: /etc/swift/swift.conf + chmod 0640 /etc/swift/swift.conf fi -if [[ -f "$SOURCE_CONTAINER_SERVER" ]]; then - cp $SOURCE_CONTAINER_SERVER $TARGET_CONTAINER_SERVER - chown ${OWNER}: $TARGET_CONTAINER_SERVER - chmod 0640 $TARGET_CONTAINER_SERVER +if [[ -f "/opt/kolla/swift/container.ring.gz" ]]; then + cp /opt/kolla/swift/container.ring.gz /etc/swift/container.ring.gz + chown ${OWNER}: /etc/swift/container.ring.gz + chmod 0640 /etc/swift/container.ring.gz +fi + +if [[ -f "/opt/kolla/swift-container-server/container-server.conf" ]]; then + cp /opt/kolla/swift-container-server/container-server.conf /etc/swift/container-server.conf + chown ${OWNER}: /etc/swift/container-server.conf + chmod 0640 /etc/swift/container-server.conf fi diff --git a/docker/common/swift/swift-container-server/start.sh b/docker/common/swift/swift-container-server/start.sh index 2c8977d50b..78070ab29c 100755 --- a/docker/common/swift/swift-container-server/start.sh +++ b/docker/common/swift/swift-container-server/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/container-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-object-auditor/start.sh b/docker/common/swift/swift-object-auditor/start.sh index 18978e703e..6319eed6bd 100755 --- a/docker/common/swift/swift-object-auditor/start.sh +++ b/docker/common/swift/swift-object-auditor/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-object-expirer/start.sh b/docker/common/swift/swift-object-expirer/start.sh index 3d073fcc21..434e8dc499 100755 --- a/docker/common/swift/swift-object-expirer/start.sh +++ b/docker/common/swift/swift-object-expirer/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-object-replicator/start.sh b/docker/common/swift/swift-object-replicator/start.sh index 409661c6fa..203f8864d1 100755 --- a/docker/common/swift/swift-object-replicator/start.sh +++ b/docker/common/swift/swift-object-replicator/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-object-server/config-external.sh b/docker/common/swift/swift-object-server/config-external.sh index 0fa02e9855..a3fb1a2cc5 100644 --- a/docker/common/swift/swift-object-server/config-external.sh +++ b/docker/common/swift/swift-object-server/config-external.sh @@ -1,18 +1,27 @@ #!/bin/bash -SOURCE="/opt/kolla/swift/swift.conf" -TARGET="/etc/swift/swift.conf" -SOURCE_OBJECT_SERVER="/opt/kolla/swift/object-server.conf" -TARGET_OBJECT_SERVER="/etc/swift/object-server.conf" + OWNER="swift" -if [[ -f "$SOURCE" ]]; then - cp $SOURCE $TARGET - chown ${OWNER}: $TARGET - chmod 0640 $TARGET +if [[ -f "/opt/kolla/swift/swift.conf" ]]; then + cp /opt/kolla/swift/swift.conf /etc/swift/swift.conf + chown ${OWNER}: /etc/swift/swift.conf + chmod 0640 /etc/swift/swift.conf fi -if [[ -f "$SOURCE_OBJECT_SERVER" ]]; then - cp $SOURCE_OBJECT_SERVER $TARGET_OBJECT_SERVER - chown ${OWNER}: $TARGET_OBJECT_SERVER - chmod 0640 $TARGET_OBJECT_SERVER +if [[ -f "/opt/kolla/swift/object.ring.gz" ]]; then + cp /opt/kolla/swift/object.ring.gz /etc/swift/object.ring.gz + chown ${OWNER}: /etc/swift/object.ring.gz + chmod 0640 /etc/swift/object.ring.gz +fi + +if [[ -f "/opt/kolla/swift/container.ring.gz" ]]; then + cp /opt/kolla/swift/container.ring.gz /etc/swift/container.ring.gz + chown ${OWNER}: /etc/swift/container.ring.gz + chmod 0640 /etc/swift/container.ring.gz +fi + +if [[ -f "/opt/kolla/swift-object-server/object-server.conf" ]]; then + cp /opt/kolla/swift-object-server/object-server.conf /etc/swift/object-server.conf + chown ${OWNER}: /etc/swift/object-server.conf + chmod 0640 /etc/swift/object-server.conf fi diff --git a/docker/common/swift/swift-object-server/start.sh b/docker/common/swift/swift-object-server/start.sh index c5def0a7a0..f2a32b4d37 100755 --- a/docker/common/swift/swift-object-server/start.sh +++ b/docker/common/swift/swift-object-server/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-object-updater/start.sh b/docker/common/swift/swift-object-updater/start.sh index d264858248..744344f74c 100755 --- a/docker/common/swift/swift-object-updater/start.sh +++ b/docker/common/swift/swift-object-updater/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docker/common/swift/swift-proxy-server/config-external.sh b/docker/common/swift/swift-proxy-server/config-external.sh index 2b3327b33c..434cce7e5f 100755 --- a/docker/common/swift/swift-proxy-server/config-external.sh +++ b/docker/common/swift/swift-proxy-server/config-external.sh @@ -1,10 +1,33 @@ #!/bin/bash -SOURCE="/opt/kolla/swift-proxy-server/swift.conf" -TARGET="/etc/swift/swift.conf" + OWNER="swift" -if [[ -f "$SOURCE" ]]; then - cp $SOURCE $TARGET - chown ${OWNER}: $TARGET - chmod 0640 $TARGET +if [[ -f "/opt/kolla/swift/swift.conf" ]]; then + cp /opt/kolla/swift/swift.conf /etc/swift/swift.conf + chown ${OWNER}: /etc/swift/swift.conf + chmod 0640 /etc/swift/swift.conf +fi + +if [[ -f "/opt/kolla/swift/object.ring.gz" ]]; then + cp /opt/kolla/swift/object.ring.gz /etc/swift/object.ring.gz + chown ${OWNER}: /etc/swift/object.ring.gz + chmod 0640 /etc/swift/object.ring.gz +fi + +if [[ -f "/opt/kolla/swift/container.ring.gz" ]]; then + cp /opt/kolla/swift/container.ring.gz /etc/swift/container.ring.gz + chown ${OWNER}: /etc/swift/container.ring.gz + chmod 0640 /etc/swift/container.ring.gz +fi + +if [[ -f "/opt/kolla/swift/account.ring.gz" ]]; then + cp /opt/kolla/swift/account.ring.gz /etc/swift/account.ring.gz + chown ${OWNER}: /etc/swift/account.ring.gz + chmod 0640 /etc/swift/account.ring.gz +fi + +if [[ -f "/opt/kolla/swift-proxy-server/proxy-server.conf" ]]; then + cp /opt/kolla/swift-proxy-server/proxy-server.conf /etc/swift/proxy-server.conf + chown ${OWNER}: /etc/swift/proxy-server.conf + chmod 0640 /etc/swift/proxy-server.conf fi diff --git a/docker/common/swift/swift-proxy-server/start.sh b/docker/common/swift/swift-proxy-server/start.sh index da8bd088d0..99a142e526 100755 --- a/docker/common/swift/swift-proxy-server/start.sh +++ b/docker/common/swift/swift-proxy-server/start.sh @@ -8,6 +8,8 @@ ARGS="/etc/swift/proxy-server.conf --verbose" # Loading common functions. source /opt/kolla/kolla-common.sh +source /opt/kolla/config-swift.sh + # Execute config strategy set_configs diff --git a/docs/swift-readme.rst b/docs/swift-readme.rst new file mode 100644 index 0000000000..9f8e19ecda --- /dev/null +++ b/docs/swift-readme.rst @@ -0,0 +1,130 @@ +Swift in Kolla +============== + +Overview +-------- +Currently Kolla can deploy the "core" services required for a working Swift, in either an AIO or +multi node setup: + +- swift-proxy +- swift-account +- swift-container +- swift-object + +There are a variety of other services such the replicator, expirer, rsyncd, etc. which actually make +Swift useful, which are in progress and hope to be finished in liberty-rc1. + +Prerequisites +------------- +Before running Swift we need to generate "rings", which are binary compressed files that at a high +level let the various Swift services know where data is in the cluster. Again, we hope to be able to +generate these automatically for liberty-rc1. + +Swift also expects block devices to be available and partitioned on the host, which Swift uses in +combination with the rings to store data. Swift demos commonly just use directories created under +/srv/node to simulate these devices. In order to ease "out of the box" testing of Kolla, we offer a +similar setup with a data container. *Note*, data containers are very inefficient for this purpose. +In production setups operators will want to provision disks according to the Swift operator guide, +which can then be added the rings and used in Kolla. + +For an AIO setup, the following commands can be used, locally, to generate rings containing the data +container directories: + +:: + + export KOLLA_INTERNAL_ADDRESS=1.2.3.4 + + # Object ring + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base \ + swift-ring-builder /etc/kolla/config/swift/object.builder create 10 3 1 + + for partition in sdb1 sdb2 sdb3; do + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base swift-ring-builder \ + /etc/kolla/config/swift/object.builder add z1-${KOLLA_INTERNAL_ADDRESS}:6000/${partition} 1 + done + + # Account ring + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base \ + swift-ring-builder /etc/kolla/config/swift/account.builder create 10 3 1 + + for partition in sdb1 sdb2 sdb3; do + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base swift-ring-builder \ + /etc/kolla/config/swift/account.builder add z1-${KOLLA_INTERNAL_ADDRESS}:6001/${partition} 1 + done + + # Container ring + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base \ + swift-ring-builder /etc/kolla/config/swift/container.builder create 10 3 1 + + for partition in sdb1 sdb2 sdb3; do + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base swift-ring-builder \ + /etc/kolla/config/swift/container.builder add z1-${KOLLA_INTERNAL_ADDRESS}:6002/${partition} 1 + done + + for ring in object account container; do + docker run \ + -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \ + kollaglue/centos-binary-swift-base swift-ring-builder \ + /etc/kolla/config/swift/${ring}.builder rebalance + done + +Similar commands can be used for multinode, you will just need to run the the 'add' step for each IP +in the cluster. + +For more info, see +http://docs.openstack.org/kilo/install-guide/install/apt/content/swift-initial-rings.html + +Deploying +--------- +Once the rings are in place, deploying Swift is the same as any other Kolla Ansible service. Below +is the minimal command to bring up Swift AIO, and it's dependencies: + +:: + + ansible-playbook \ + -i ansible/inventory/all-in-one \ + -e @/etc/kolla/globals.yml \ + -e @etc/kolla/passwords.yml \ + ansible/site.yml \ + --tags=rabbitmq,mariadb,keystone,swift + +Validation +---------- +A very basic smoke test: + +:: + + $ swift stat + Account: AUTH_4c19d363b9cf432a80e34f06b1fa5749 + Containers: 1 + Objects: 0 + Bytes: 0 + Containers in policy "policy-0": 1 + Objects in policy "policy-0": 0 + Bytes in policy "policy-0": 0 + X-Account-Project-Domain-Id: default + X-Timestamp: 1440168098.28319 + X-Trans-Id: txf5a62b7d7fc541f087703-0055d73be7 + Content-Type: text/plain; charset=utf-8 + Accept-Ranges: bytes + + $ swift upload mycontainer README.rst + README.md + + $ swift list + mycontainer + + $ swift download mycontainer README.md + README.md [auth 0.248s, headers 0.939s, total 0.939s, 0.006 MB/s] diff --git a/etc/kolla/config/swift.conf b/etc/kolla/config/swift.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/swift/account-server.conf b/etc/kolla/config/swift/account-server.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/swift/container-server.conf b/etc/kolla/config/swift/container-server.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/swift/object-server.conf b/etc/kolla/config/swift/object-server.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/swift/proxy-server.conf b/etc/kolla/config/swift/proxy-server.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/swift/swift.conf b/etc/kolla/config/swift/swift.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index cfe3c08cb4..e73f573f72 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -36,6 +36,10 @@ metadata_secret: "password" cinder_database_password: "password" cinder_keystone_password: "password" +swift_keystone_password: "password" +swift_hash_path_suffix: "kolla" +swift_hash_path_prefix: "kolla" + #################### # RabbitMQ options ####################