openstack/puppet-openstack-integration
Code Issues Proposed changes

Merge "Ceph: Enable Keystone integration of RADOS Gateway using profile"

Browse Source
This commit is contained in:
Zuul 2023-08-01 04:47:20 +00:00 committed by Gerrit Code Review
commit 596b153838
2 changed files with 23 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fixtures/scenario004.pp
View File

@ -64,7 +64,6 @@ class { 'openstack_integration::nova':
class { 'openstack_integration::ceph': class { 'openstack_integration::ceph':
deploy_rgw => true, deploy_rgw => true,
swift_dropin => true,
create_cephfs => true, create_cephfs => true,
} }
class { 'openstack_integration::horizon': class { 'openstack_integration::horizon':

75
manifests/ceph.pp
View File

@ -5,10 +5,6 @@
# configure various services to use Swift provided by RGW as a backend. # configure various services to use Swift provided by RGW as a backend.
# Defaults to false # Defaults to false
# #
# [*swift_dropin*]
# (optional) Flag if Ceph RGW will provide swift services for openstack
# Defaults to false
#
# [*pg_num*] # [*pg_num*]
# (optional) Number of PGs per pool. # (optional) Number of PGs per pool.
# Defaults to 16. # Defaults to 16.
@ -19,7 +15,6 @@
# #
class openstack_integration::ceph ( class openstack_integration::ceph (
$deploy_rgw = false, $deploy_rgw = false,
$swift_dropin = false,
$pg_num = 16, $pg_num = 16,
$create_cephfs = false, $create_cephfs = false,
) { ) {
@ -75,29 +70,36 @@ test -b /dev/ceph_vg/lv_data
osd_max_object_name_len => 256, osd_max_object_name_len => 256,
osd_max_object_namespace_len => 64, osd_max_object_namespace_len => 64,
client_keys => { client_keys => {
'client.admin' => { 'client.admin' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==', 'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'mode' => '0600', 'mode' => '0600',
'cap_mon' => 'allow *', 'cap_mon' => 'allow *',
'cap_osd' => 'allow *', 'cap_osd' => 'allow *',
'cap_mds' => 'allow *', 'cap_mds' => 'allow *',
}, },
'client.bootstrap-osd' => { 'client.bootstrap-osd' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==', 'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'keyring_path' => '/var/lib/ceph/bootstrap-osd/ceph.keyring', 'keyring_path' => '/var/lib/ceph/bootstrap-osd/ceph.keyring',
'cap_mon' => 'allow profile bootstrap-osd', 'cap_mon' => 'allow profile bootstrap-osd',
}, },
'client.openstack' => { 'client.openstack' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==', 'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'mode' => '0644', 'mode' => '0644',
'cap_mon' => 'profile rbd', 'cap_mon' => 'profile rbd',
'cap_osd' => 'profile rbd pool=cinder, profile rbd pool=nova, profile rbd pool=glance, profile rbd pool=gnocchi, profile rbd pool=backups', 'cap_osd' => 'profile rbd pool=cinder, profile rbd pool=nova, profile rbd pool=glance, profile rbd pool=gnocchi, profile rbd pool=backups',
}, },
'client.manila' => { 'client.manila' => {
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==', 'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'mode' => '0644', 'mode' => '0644',
'cap_mgr' => 'allow rw', 'cap_mgr' => 'allow rw',
'cap_mon' => 'allow r', 'cap_mon' => 'allow r',
},
'client.radosgw.gateway' => {
'user' => 'ceph',
'secret' => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
'cap_mon' => 'allow rwx',
'cap_osd' => 'allow rwx',
'inject' => true,
} }
}, },
osds => { osds => {
@ -108,6 +110,16 @@ test -b /dev/ceph_vg/lv_data
frontend_type => 'beast', frontend_type => 'beast',
rgw_frontends => "beast endpoint=${::openstack_integration::config::ip_for_url}:8080", rgw_frontends => "beast endpoint=${::openstack_integration::config::ip_for_url}:8080",
rgw_user => 'ceph', rgw_user => 'ceph',
rgw_keystone_integration => true,
rgw_keystone_url => $::openstack_integration::config::keystone_admin_uri,
rgw_keystone_admin_domain => 'Default',
rgw_keystone_admin_user => 'rgwuser',
rgw_keystone_admin_password => 'secret',
rgw_keystone_admin_project => 'services',
rgw_swift_url => "http://${::openstack_integration::config::ip_for_url}:8080",
rgw_swift_public_url => "http://${::openstack_integration::config::ip_for_url}:8080/swift/v1",
rgw_swift_admin_url => "http://${::openstack_integration::config::ip_for_url}:8080/swift/v1",
rgw_swift_internal_url => "http://${::openstack_integration::config::ip_for_url}:8080/swift/v1",
rbd_default_features => '15', rbd_default_features => '15',
} }
@ -147,48 +159,7 @@ test -b /dev/ceph_vg/lv_data
} }
if $deploy_rgw { if $deploy_rgw {
class { 'ceph::profile::rgw': }
ceph::key { 'client.radosgw.gateway': Service<| tag == 'ceph-radosgw' |> -> Service <| tag == 'glance-service' |>
user => 'ceph',
secret => 'AQD7kyJQQGoOBhAAqrPAqSopSwPrrfMMomzVdw==',
cap_mon => 'allow rwx',
cap_osd => 'allow rwx',
inject => true,
}
# FIXME(Xarses) switch to param when supported in puppet-ceph
class { 'ceph::profile::rgw':
# swift_dropin = $swift_dropin
}
$password = 'secret'
$auth_name = 'rgwuser'
$project = 'services'
$user_domain = 'default'
#configure rgw to use keystone
ceph::rgw::keystone { 'radosgw.gateway':
rgw_keystone_url => $::openstack_integration::config::keystone_admin_uri,
rgw_keystone_accepted_roles => ['admin', 'member'],
rgw_keystone_admin_domain => $user_domain,
rgw_keystone_admin_project => $project,
rgw_keystone_admin_user => $auth_name,
rgw_keystone_admin_password => $password,
}
if $swift_dropin {
class { 'ceph::rgw::keystone::auth':
password => $password,
user => $auth_name,
tenant => $project,
roles => ['admin', 'member'],
public_url => "http://${::openstack_integration::config::ip_for_url}:8080/swift/v1",
admin_url => "http://${::openstack_integration::config::ip_for_url}:8080/swift/v1",
internal_url => "http://${::openstack_integration::config::ip_for_url}:8080/swift/v1",
}
# FIXME(Xarses) remove when supported in puppet-ceph
Service<| tag == 'ceph-radosgw' |> -> Service <| tag == 'glance-service' |>
}
} }
} }