From 0472cf262f63108a9f53f4796901356aa0e3a6f6 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Mon, 23 Oct 2023 11:57:12 +0200 Subject: [PATCH] Use kolla-ceph-rgw role to add swift endpoint (#1813) Signed-off-by: Christian Berendt --- environments/ceph/configuration.yml | 9 ++++--- environments/ceph/secrets.yml | 3 +-- environments/kolla/configuration.yml | 19 ++++++++++++++ .../overlays/haproxy/services.d/haproxy.cfg | 25 ------------------- .../kolla-ceph-rgw-baf79d526034f91f.yaml | 5 ++++ scripts/bootstrap/300-openstack-services.sh | 1 - .../deploy/300-openstack-services-basic.sh | 1 + 7 files changed, 31 insertions(+), 32 deletions(-) create mode 100644 releasenotes/notes/kolla-ceph-rgw-baf79d526034f91f.yaml diff --git a/environments/ceph/configuration.yml b/environments/ceph/configuration.yml index 7a0698c3..54b8d8f7 100644 --- a/environments/ceph/configuration.yml +++ b/environments/ceph/configuration.yml @@ -41,17 +41,18 @@ ceph_conf_overrides: "client.rgw.{{ hostvars[inventory_hostname]['ansible_hostname'] }}.rgw0": "rgw content length compat": "true" "rgw enable apis": "swift, s3, admin" - "rgw keystone accepted roles": "member, admin" "rgw keystone accepted admin roles": "admin" + "rgw keystone accepted roles": "member, admin" "rgw keystone admin domain": "default" - "rgw keystone admin password": "{{ swift_keystone_password }}" + "rgw keystone admin password": "{{ ceph_rgw_keystone_password }}" "rgw keystone admin project": "service" "rgw keystone admin tenant": "service" - "rgw keystone admin user": "swift" + "rgw keystone admin user": "ceph_rgw" "rgw keystone api version": "3" + "rgw keystone implicit tenants": "true" "rgw keystone url": "https://api-int.testbed.osism.xyz:5000" "rgw keystone verify ssl": "false" - "rgw keystone implicit tenants": "true" "rgw s3 auth use keystone": "true" "rgw swift account in url": "true" "rgw swift versioning enabled": "true" + "rgw verify ssl": "false" diff --git a/environments/ceph/secrets.yml b/environments/ceph/secrets.yml index 0e15cbc5..55b4e476 100644 --- a/environments/ceph/secrets.yml +++ b/environments/ceph/secrets.yml @@ -1,4 +1,3 @@ --- ceph_dashboard_password: password - -swift_keystone_password: hF6NWPG4rWTpK00oANEcRAiKbwbEcKFHHYYskar2 +ceph_rgw_keystone_password: AEG973UFjZvUhef4FgTorudoDe7OH98H07XsEPGi diff --git a/environments/kolla/configuration.yml b/environments/kolla/configuration.yml index c3f8ce88..5fbda222 100644 --- a/environments/kolla/configuration.yml +++ b/environments/kolla/configuration.yml @@ -99,6 +99,25 @@ enable_metering: "yes" ceilometer_metering_pushgateway_host: "testbed-manager.testbed.osism.xyz" ceilometer_metering_pushgateway_port: 8088 +# rgw integration + +enable_ceph_rgw: true +enable_ceph_rgw_keystone: true + +ceph_rgw_swift_compatibility: false +ceph_rgw_swift_account_in_url: true + +ceph_rgw_hosts: + - host: testbed-node-0 + ip: 192.168.16.10 + port: 8081 + - host: testbed-node-1 + ip: 192.168.16.11 + port: 8081 + - host: testbed-node-2 + ip: 192.168.16.12 + port: 8081 + ########################################################## # external ceph diff --git a/environments/kolla/files/overlays/haproxy/services.d/haproxy.cfg b/environments/kolla/files/overlays/haproxy/services.d/haproxy.cfg index bdc8abca..2fdde3c8 100644 --- a/environments/kolla/files/overlays/haproxy/services.d/haproxy.cfg +++ b/environments/kolla/files/overlays/haproxy/services.d/haproxy.cfg @@ -2,32 +2,7 @@ # OSISM specific configuration -{%- set external_tls_bind_info = 'ssl crt /etc/haproxy/haproxy.pem' if kolla_enable_tls_external|bool else '' %} {%- set internal_tls_bind_info = 'ssl crt /etc/haproxy/haproxy-internal.pem' if kolla_enable_tls_internal|bool else '' %} -{% set radosgw_frontend_port = 8081 %} - -listen swift_api_internal - mode http - http-request del-header X-Forwarded-Proto - option httplog - option forwardfor - {{ "bind %s:%s %s"|e|format(kolla_internal_vip_address, swift_proxy_server_port, internal_tls_bind_info)|trim() }} -{% for host in groups['ceph-rgw'] %} - server {{ hostvars[host]['ansible_facts']['hostname'] }} {{ hostvars[host]['radosgw_address'] }}:{{ radosgw_frontend_port }} check inter 2000 rise 2 fall 5 -{% endfor %} -{% if haproxy_enable_external_vip | bool %} - -listen swift_api_external - mode http - http-request del-header X-Forwarded-Proto - option httplog - option forwardfor - http-request set-header X-Forwarded-Proto https if { ssl_fc } - {{ "bind %s:%s %s"|e|format(kolla_external_vip_address, swift_proxy_server_port, external_tls_bind_info)|trim() }} -{% for host in groups['ceph-rgw'] %} - server {{ hostvars[host]['ansible_facts']['hostname'] }} {{ hostvars[host]['radosgw_address'] }}:{{ radosgw_frontend_port }} check inter 2000 rise 2 fall 5 -{% endfor %} -{% endif %} listen ceph_dashboard option httpchk diff --git a/releasenotes/notes/kolla-ceph-rgw-baf79d526034f91f.yaml b/releasenotes/notes/kolla-ceph-rgw-baf79d526034f91f.yaml new file mode 100644 index 00000000..0a97a2b3 --- /dev/null +++ b/releasenotes/notes/kolla-ceph-rgw-baf79d526034f91f.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Instead of a custom playbook for creating the Swift endpoint, the role ceph-rgw, + which is available in Kolla for this purpose, is used from now on. diff --git a/scripts/bootstrap/300-openstack-services.sh b/scripts/bootstrap/300-openstack-services.sh index 7ef134ee..a00a16b1 100755 --- a/scripts/bootstrap/300-openstack-services.sh +++ b/scripts/bootstrap/300-openstack-services.sh @@ -8,7 +8,6 @@ OPENSTACK_VERSION=$(docker inspect --format '{{ index .Config.Labels "de.osism.r osism apply --environment openstack bootstrap-flavors osism apply --environment openstack bootstrap-basic -e openstack_version=$OPENSTACK_VERSION -osism apply --environment openstack bootstrap-ceph-rgw # osism manage images is only available since 5.0.0. To enable the # testbed to be used with < 5.0.0, here is this check. diff --git a/scripts/deploy/300-openstack-services-basic.sh b/scripts/deploy/300-openstack-services-basic.sh index 5e851988..14ff832c 100755 --- a/scripts/deploy/300-openstack-services-basic.sh +++ b/scripts/deploy/300-openstack-services-basic.sh @@ -16,6 +16,7 @@ osism apply glance osism apply cinder osism apply designate osism apply octavia +osism apply kolla-ceph-rgw if [[ $MANAGER_VERSION =~ ^6\.[0-9]\.[0-9][a-z]?$ || $MANAGER_VERSION == "latest" ]]; then osism apply magnum