puppet-openstack-cloud/manifests/object/controller.pp

#
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::object::controller
#
# Swift Proxy node
#
# === Parameters:
#
# [*ks_keystone_admin_host*]
#   (optional) Admin Hostname or IP to connect to Keystone API
#   Defaults to '127.0.0.1'
#
# [*ks_keystone_admin_port*]
#   (optional) TCP port to connect to Keystone API from admin network
#   Defaults to '35357'
#
# [*ks_keystone_internal_host*]
#   (optional) Internal Hostname or IP to connect to Keystone API
#   Defaults to '127.0.0.1'
#
# [*ks_keystone_internal_port*]
#   (optional) TCP port to connect to Keystone API from internal network
#   Defaults to '5000'
#
# [*ks_keystone_internal_proto*]
#   (optional) Protocol for public endpoint. Could be 'http' or 'https'.
#   Defaults to 'http'
#
# [*ks_keystone_admin_proto*]
#   (optional) Protocol for admin endpoint. Could be 'http' or 'https'.
#   Defaults to 'http'
#
# [*ks_swift_internal_port*]
#   (optional) TCP port to connect to Swift from internal network
#   Defaults to '8080'
#
# [*ks_swift_password*]
#   (optional) Password used by Swift to connect to Keystone API
#   Defaults to 'swiftpassword'
#
# [*ks_swift_dispersion_password*]
#   (optional) Password of the dispersion tenant, used for swift-dispersion-report
#   and swift-dispersion-populate tools.
#   Defaults to 'dispersion'
#
# [*api_eth*]
#   (optional) Which interface we bind the Swift proxy server.
#   Defaults to '127.0.0.1'
#
# [*memcache_servers*]
#   (optionnal) Memcached servers used by Keystone. Should be an array.
#   Defaults to ['127.0.0.1:11211']
#
# [*statsd_host*]
#   (optional) Hostname or IP of the statd server.
#   Defaults to '127.0.0.1'
#
# [*statsd_port*]
#   (optional) TCP port of the statd server
#   Defaults to '4125'
#
# [*firewall_settings*]
#   (optional) Allow to add custom parameters to firewall rules
#   Should be an hash.
#   Default to {}
#
class cloud::object::controller(
  $ks_keystone_admin_host       = '127.0.0.1',
  $ks_keystone_admin_port       = 35357,
  $ks_keystone_internal_host    = '127.0.0.1',
  $ks_keystone_internal_port    = 5000,
  $ks_swift_dispersion_password = 'dispersion',
  $ks_swift_internal_port       = 8080,
  $ks_keystone_internal_proto   = 'http',
  $ks_keystone_admin_proto      = 'http',
  $ks_swift_password            = 'swiftpassword',
  $statsd_host                  = '127.0.0.1',
  $statsd_port                  = 4125,
  $memcache_servers             = ['127.0.0.1:11211'],
  $api_eth                      = '127.0.0.1',
  $firewall_settings            = {},
) {

  include 'cloud::object'

  class { 'swift::proxy':
    proxy_local_net_ip => $api_eth,
    port               => $ks_swift_internal_port,
    pipeline           => [
      'catch_errors', 'healthcheck', 'cache', 'bulk', 'ratelimit',
      'swift3', 's3token', 'container_quotas', 'account_quotas', 'tempurl',
      'formpost', 'authtoken', 'keystone', 'staticweb',
      'proxy-logging', 'proxy-server'],
    account_autocreate => true,
    log_level          => 'DEBUG',
    workers            => inline_template('<%= @processorcount.to_i * 2 %>
cors_allow_origin = <%= scope.lookupvar("swift_cors_allow_origin") %>
log_statsd_host = <%= scope.lookupvar("statsd_host") %>
log_statsd_port = <%= scope.lookupvar("statsd_port") %>
log_statsd_default_sample_rate = 1
'),
  }

  class{'swift::proxy::cache':
    memcache_servers => inline_template(
      '<%= scope.lookupvar("memcache_servers").join(",") %>'),
  }
  class { 'swift::proxy::account_quotas': }
  class { 'swift::proxy::bulk': }
  class { 'swift::proxy::catch_errors': }
  class { 'swift::proxy::container_quotas': }
  class { 'swift::proxy::formpost': }
  class { 'swift::proxy::healthcheck': }
  class { 'swift::proxy::proxy_logging': }
  class { 'swift::proxy::ratelimit': }
  class { 'swift::proxy::slo': }
  class { 'swift::proxy::staticweb': }
  class { 'swift::proxy::tempurl': }

  class { 'swift::proxy::keystone':
    operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'],
  }

  class { 'swift::proxy::authtoken':
    admin_password      => $ks_swift_password,
    auth_host           => $ks_keystone_admin_host,
    auth_port           => $ks_keystone_admin_port,
    auth_protocol       => $ks_keystone_admin_proto,
    delay_auth_decision => inline_template('1
cache = swift.cache')
  }
  class { 'swift::proxy::swift3':
    ensure => 'latest',
  }
  class { 'swift::proxy::s3token':
    auth_host     => $ks_keystone_admin_host,
    auth_port     => $ks_keystone_admin_port,
    auth_protocol => $ks_keystone_internal_proto
  }

  class { 'swift::dispersion':
    auth_url      => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0",
    swift_dir     => '/etc/swift',
    auth_pass     => $ks_swift_dispersion_password,
    endpoint_type => 'internalURL'
  }

  Swift::Ringsync<<| |>> #~> Service["swift-proxy"]

  if $::cloud::manage_firewall {
    cloud::firewall::rule{ '100 allow swift-proxy access':
      port   => $ks_swift_internal_port,
      extras => $firewall_settings,
    }
  }

  @@haproxy::balancermember{"${::fqdn}-swift_api":
      listening_service => 'swift_api_cluster',
      server_names      => $::hostname,
      ipaddresses       => $api_eth,
      ports             => $ks_swift_internal_port,
      options           => 'check inter 2000 rise 2 fall 5'
  }

}