From 79f745ca099462a46ad697b9fec9ebf7c8cf340e Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Wed, 2 May 2018 10:16:12 +0100 Subject: [PATCH] Move radosgw keystone config tasks to their own playbook This is a precursor to integrating externally provisioned radosgw instances which require keystone config but not deployment via OSA. Change-Id: I1b95c70fa77840d3defdde92f6723b066ef737d0 --- inventory/group_vars/all/ceph-rgw.yml | 20 ++++ inventory/group_vars/ceph-rgw.yml | 20 ---- inventory/group_vars/haproxy/haproxy.yml | 2 +- playbooks/ceph-rgw-install.yml | 125 +-------------------- playbooks/ceph-rgw-keystone-setup.yml | 131 +++++++++++++++++++++++ 5 files changed, 156 insertions(+), 142 deletions(-) create mode 100644 inventory/group_vars/all/ceph-rgw.yml create mode 100644 playbooks/ceph-rgw-keystone-setup.yml diff --git a/inventory/group_vars/all/ceph-rgw.yml b/inventory/group_vars/all/ceph-rgw.yml new file mode 100644 index 0000000000..3d34703273 --- /dev/null +++ b/inventory/group_vars/all/ceph-rgw.yml @@ -0,0 +1,20 @@ +--- +radosgw_service_name: "radosgw" +radosgw_service_type: "object-store" +radosgw_service_description: "Object Storage Service" +radosgw_service_region: "{{ service_region }}" +radosgw_admin_user: radosgw +radosgw_admin_tenant: service + +radosgw_service_port: "{{ (groups['swift_proxy'] is defined and groups['swift_proxy'] | length > 0) | ternary(7980,8080) }}" +radosgw_address: "{{ container_address }}" +radosgw_service_proto: http +radosgw_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(radosgw_service_proto) }}" +radosgw_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(radosgw_service_proto) }}" +radosgw_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(radosgw_service_proto) }}" +radosgw_service_publicuri: "{{ radosgw_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ radosgw_service_port }}" +radosgw_service_publicurl: "{{ radosgw_service_publicuri }}/swift/v1" +radosgw_service_adminuri: "{{ radosgw_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ radosgw_service_port }}" +radosgw_service_adminurl: "{{ radosgw_service_adminuri }}/swift/v1" +radosgw_service_internaluri: "{{ radosgw_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ radosgw_service_port }}" +radosgw_service_internalurl: "{{ radosgw_service_internaluri }}/swift/v1" diff --git a/inventory/group_vars/ceph-rgw.yml b/inventory/group_vars/ceph-rgw.yml index d5fb0800fa..4334752754 100644 --- a/inventory/group_vars/ceph-rgw.yml +++ b/inventory/group_vars/ceph-rgw.yml @@ -1,24 +1,4 @@ --- -radosgw_service_name: "radosgw" -radosgw_service_type: "object-store" -radosgw_service_description: "Object Storage Service" -radosgw_service_region: "{{ service_region }}" -radosgw_admin_user: radosgw -radosgw_admin_tenant: service - -radosgw_service_port: "{{ (groups['swift_proxy'] is defined and groups['swift_proxy'] | length > 0) | ternary(7980,8080) }}" -radosgw_address: "{{ container_address }}" -radosgw_service_proto: http -radosgw_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(radosgw_service_proto) }}" -radosgw_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(radosgw_service_proto) }}" -radosgw_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(radosgw_service_proto) }}" -radosgw_service_publicuri: "{{ radosgw_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ radosgw_service_port }}" -radosgw_service_publicurl: "{{ radosgw_service_publicuri }}/swift/v1" -radosgw_service_adminuri: "{{ radosgw_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ radosgw_service_port }}" -radosgw_service_adminurl: "{{ radosgw_service_adminuri }}/swift/v1" -radosgw_service_internaluri: "{{ radosgw_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ radosgw_service_port }}" -radosgw_service_internalurl: "{{ radosgw_service_internaluri }}/swift/v1" - ceph_conf_overrides_rgw: "client.rgw.{{ hostvars[inventory_hostname]['ansible_hostname'] }}": # OpenStack integration with Keystone diff --git a/inventory/group_vars/haproxy/haproxy.yml b/inventory/group_vars/haproxy/haproxy.yml index 8454561347..5dcc09e898 100644 --- a/inventory/group_vars/haproxy/haproxy.yml +++ b/inventory/group_vars/haproxy/haproxy.yml @@ -358,7 +358,7 @@ haproxy_default_services: haproxy_backend_nodes: "{{ groups['ceph-rgw'] | default([]) }}" haproxy_ssl: "{{ haproxy_ssl }}" haproxy_balance_alg: source - haproxy_port: "{{ hostvars[(groups['ceph-rgw'] | default(['localhost']))[0] | default('localhost')]['radosgw_service_port'] | default(7980) }}" + haproxy_port: "{{ radosgw_service_port | default(7980) }}" haproxy_balance_type: http haproxy_backend_options: - httpchk HEAD / diff --git a/playbooks/ceph-rgw-install.yml b/playbooks/ceph-rgw-install.yml index 8581451812..1340b7566e 100644 --- a/playbooks/ceph-rgw-install.yml +++ b/playbooks/ceph-rgw-install.yml @@ -13,129 +13,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +- include: ceph-rgw-keystone-setup.yml + when: groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0 + - name: Install ceph radosgw hosts: ceph-rgw user: root - pre_tasks: - - name: Ensure RGW service - keystone: - command: "ensure_service" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - service_name: "{{ radosgw_service_name }}" - service_type: "{{ radosgw_service_type }}" - description: "{{ radosgw_service_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - delegate_to: "{{ groups['utility_all'][0] }}" - run_once: true - when: radosgw_keystone | bool - register: add_service - until: add_service|success - retries: 5 - delay: 2 - no_log: True - tags: - - ceph-rgw-setup - - rgw-service-add - - - name: Ensure RGW user - keystone: - command: "ensure_user" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - user_name: "{{ radosgw_admin_user }}" - tenant_name: "{{ radosgw_admin_tenant }}" - role_name: "{{ radosgw_role_name | default('service') }}" - password: "{{ radosgw_admin_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - delegate_to: "{{ groups['utility_all'][0] }}" - run_once: true - when: radosgw_keystone | bool - register: add_user - until: add_user|success - retries: 5 - delay: 10 - no_log: True - tags: - - ceph-rgw-setup - - rgw-service-add - - - name: Ensure RGW user to admin role - keystone: - command: "ensure_user_role" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - user_name: "{{ radosgw_admin_user }}" - tenant_name: "{{ radosgw_admin_tenant }}" - role_name: "{{ radosgw_role_name | default('admin') }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - delegate_to: "{{ groups['utility_all'][0] }}" - run_once: true - register: add_admin_role - when: radosgw_keystone | bool - until: add_admin_role|success - retries: 5 - delay: 10 - no_log: True - tags: - - ceph-rgw-setup - - rgw-service-add - - - name: Ensure swiftoperator role - keystone: - command: "ensure_role" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - role_name: "swiftoperator" - insecure: "{{ keystone_service_adminuri_insecure }}" - delegate_to: "{{ groups['utility_all'][0] }}" - register: add_swiftoperator_role - until: add_swiftoperator_role|success - retries: 5 - delay: 10 - no_log: True - tags: - - ceph-rgw-setup - - rgw-service-add - - - name: Ensure RGW endpoint - keystone: - command: "ensure_endpoint" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - region_name: "{{ radosgw_service_region }}" - service_name: "{{ radosgw_service_name }}" - service_type: "{{ radosgw_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - endpoint_list: - - url: "{{ radosgw_service_publicurl }}" - interface: "public" - - url: "{{ radosgw_service_adminurl }}" - interface: "admin" - - url: "{{ radosgw_service_internalurl }}" - interface: "internal" - delegate_to: "{{ groups['utility_all'][0] }}" - run_once: true - register: add_endpoint - when: radosgw_keystone | bool - until: add_endpoint|success - retries: 5 - delay: 10 - no_log: True - tags: - - ceph-rgw-setup - - rgw-service-add - + tasks: - include: common-tasks/os-log-dir-setup.yml vars: log_dirs: @@ -178,7 +62,6 @@ - "system-crontab-coordination" vars: is_metal: "{{ properties.is_metal|default(false) }}" - radosgw_keystone: yes radosgw_civetweb_port: "{{ radosgw_service_port }}" tags: - ceph-rgw diff --git a/playbooks/ceph-rgw-keystone-setup.yml b/playbooks/ceph-rgw-keystone-setup.yml new file mode 100644 index 0000000000..da66bd5f77 --- /dev/null +++ b/playbooks/ceph-rgw-keystone-setup.yml @@ -0,0 +1,131 @@ +--- +# Copyright 2017, Logan Vig +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Configure keystone for radosgw + hosts: utility_all + user: root + tasks: + - name: Ensure RGW service + keystone: + command: "ensure_service" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + service_name: "{{ radosgw_service_name }}" + service_type: "{{ radosgw_service_type }}" + description: "{{ radosgw_service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + run_once: true + register: add_service + until: add_service|success + retries: 5 + delay: 2 + no_log: True + tags: + - ceph-rgw-setup + - rgw-service-add + + - name: Ensure RGW user + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ radosgw_admin_user }}" + tenant_name: "{{ radosgw_admin_tenant }}" + role_name: "{{ radosgw_role_name | default('service') }}" + password: "{{ radosgw_admin_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + run_once: true + register: add_user + until: add_user|success + retries: 5 + delay: 10 + no_log: True + tags: + - ceph-rgw-setup + - rgw-service-add + + - name: Ensure RGW user to admin role + keystone: + command: "ensure_user_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + user_name: "{{ radosgw_admin_user }}" + tenant_name: "{{ radosgw_admin_tenant }}" + role_name: "{{ radosgw_role_name | default('admin') }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + run_once: true + register: add_admin_role + until: add_admin_role|success + retries: 5 + delay: 10 + no_log: True + tags: + - ceph-rgw-setup + - rgw-service-add + + - name: Ensure swiftoperator role + keystone: + command: "ensure_role" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + role_name: "swiftoperator" + insecure: "{{ keystone_service_adminuri_insecure }}" + run_once: true + register: add_swiftoperator_role + until: add_swiftoperator_role|success + retries: 5 + delay: 10 + no_log: True + tags: + - ceph-rgw-setup + - rgw-service-add + + - name: Ensure RGW endpoint + keystone: + command: "ensure_endpoint" + endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + region_name: "{{ radosgw_service_region }}" + service_name: "{{ radosgw_service_name }}" + service_type: "{{ radosgw_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ radosgw_service_publicurl }}" + interface: "public" + - url: "{{ radosgw_service_adminurl }}" + interface: "admin" + - url: "{{ radosgw_service_internalurl }}" + interface: "internal" + run_once: true + register: add_endpoint + until: add_endpoint|success + retries: 5 + delay: 10 + no_log: True + tags: + - ceph-rgw-setup + - rgw-service-add + tags: + - ceph-rgw