Merge "Configure radosgw and ceph-rgw as optional services"

kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml

@@ -2,6 +2,7 @@ disabled_charts:
 - aodh
 - barbican
 - ceilometer
+- ceph-rgw
 - gnocchi
 - ironic
 - panko

puppet-manifests/src/modules/platform/manifests/ceph.pp

@@ -22,6 +22,7 @@ class platform::ceph::params(
   $mon_2_host = undef,
   $mon_2_ip = undef,
   $mon_2_addr = undef,
+  $rgw_enabled = false,
   $rgw_client_name = 'radosgw.gateway',
   $rgw_user_name = 'root',
   $rgw_frontend_type = 'civetweb',
@@ -30,10 +31,6 @@ class platform::ceph::params(
   $rgw_service_domain = undef,
   $rgw_service_project = undef,
   $rgw_service_password = undef,
-  $rgw_admin_domain = undef,
-  $rgw_admin_project = undef,
-  $rgw_admin_user = 'swift',
-  $rgw_admin_password = undef,
   $rgw_max_put_size = '53687091200',
   $rgw_gc_max_objs = '977',
   $rgw_gc_obj_min_wait = '600',
@@ -411,7 +408,7 @@ class platform::ceph::osds(
 class platform::ceph::haproxy
   inherits ::platform::ceph::params {
 
-  if $service_enabled {
+  if $rgw_enabled {
     platform::haproxy::proxy { 'ceph-radosgw-restapi':
       server_name  => 's-ceph-radosgw',
       public_port  => $rgw_port,
@@ -420,60 +417,48 @@ class platform::ceph::haproxy
   }
 }
 
-class platform::ceph::rgw::runtime
-  inherits ::platform::ceph::params {
-    if $service_enabled {
-      include ::platform::params
+class platform::ceph::rgw::keystone (
+  $swift_endpts_enabled = false,
+  $rgw_admin_domain = undef,
+  $rgw_admin_project = undef,
+  $rgw_admin_user = 'swift',
+  $rgw_admin_password = undef,
+) inherits ::platform::ceph::params {
+  include ::openstack::keystone::params
+  if $rgw_enabled {
 
-      include ::openstack::keystone::params
-
-      ceph::rgw::keystone { $rgw_client_name:
-        rgw_keystone_admin_token    => '',
-        rgw_keystone_url            => $::openstack::keystone::params::openstack_auth_uri,
-        rgw_keystone_version        => $::openstack::keystone::params::api_version,
-        rgw_keystone_accepted_roles => 'admin,_member_',
-        user                        => $rgw_user_name,
-        use_pki                     => false,
-        rgw_keystone_admin_domain   => $rgw_service_domain,
-        rgw_keystone_admin_project  => $rgw_service_project,
-        rgw_keystone_admin_user     => $rgw_admin_user,
-        rgw_keystone_admin_password => $rgw_service_password,
-      }
-      exec { 'sm-restart-safe service ceph-radosgw':
-        command => 'sm-restart-safe service ceph-radosgw'
-      }
+    if $swift_endpts_enabled {
+      $url = $::openstack::keystone::params::openstack_auth_uri
+    } else {
+      $url = $::openstack::keystone::params::auth_uri
     }
+
+    ceph::rgw::keystone { $rgw_client_name:
+      # keystone admin token is disabled after initial keystone configuration
+      # for security reason. Use keystone service tenant credentials instead.
+      rgw_keystone_admin_token         => '',
+      rgw_keystone_url                 => $url,
+      rgw_keystone_version             => $::openstack::keystone::params::api_version,
+      rgw_keystone_accepted_roles      => 'admin,_member_',
+      user                             => $rgw_user_name,
+      use_pki                          => false,
+      rgw_keystone_revocation_interval => 0,
+      rgw_keystone_token_cache_size    => 0,
+      rgw_keystone_admin_domain        => $rgw_admin_domain,
+      rgw_keystone_admin_project       => $rgw_admin_project,
+      rgw_keystone_admin_user          => $rgw_admin_user,
+      rgw_keystone_admin_password      => $rgw_admin_password,
+    }
+  }
 }
 
-class platform::ceph::rgw::runtime_revert
-  inherits ::platform::ceph::params {
-    if $service_enabled {
-      include ::platform::params
-
-      include ::openstack::keystone::params
-
-      ceph::rgw::keystone { $rgw_client_name:
-        rgw_keystone_admin_token    => '',
-        rgw_keystone_url            => $::openstack::keystone::params::auth_uri,
-        rgw_keystone_version        => $::openstack::keystone::params::api_version,
-        rgw_keystone_accepted_roles => 'admin,_member_',
-        user                        => $rgw_user_name,
-        use_pki                     => false,
-        rgw_keystone_admin_domain   => $rgw_admin_domain,
-        rgw_keystone_admin_project  => $rgw_admin_project,
-        rgw_keystone_admin_user     => $rgw_admin_user,
-        rgw_keystone_admin_password => $rgw_admin_password,
-      }
-      exec { 'sm-restart-safe service ceph-radosgw':
-        command => 'sm-restart-safe service ceph-radosgw'
-      }
-    }
-}
 
 class platform::ceph::rgw
   inherits ::platform::ceph::params {
+  include ::ceph::params
+  include ::ceph::profile::params
 
-  if $service_enabled {
+  if $rgw_enabled {
     include ::platform::params
 
     include ::openstack::keystone::params
@@ -491,19 +476,7 @@ class platform::ceph::rgw
       log_file      => $rgw_log_file,
     }
 
-    ceph::rgw::keystone { $rgw_client_name:
-      # keystone admin token is disabled after initial keystone configuration
-      # for security reason. Use keystone service tenant credentials instead.
-      rgw_keystone_admin_token    => '',
-      rgw_keystone_url            => $::openstack::keystone::params::auth_uri,
-      rgw_keystone_version        => $::openstack::keystone::params::api_version,
-      rgw_keystone_accepted_roles => 'admin,_member_',
-      use_pki                     => false,
-      rgw_keystone_admin_domain   => $rgw_admin_domain,
-      rgw_keystone_admin_project  => $rgw_admin_project,
-      rgw_keystone_admin_user     => $rgw_admin_user,
-      rgw_keystone_admin_password => $rgw_admin_password,
-    }
+    include ::platform::ceph::rgw::keystone
 
     ceph_config {
       # increase limit for single operation uploading to 50G (50*1024*1024*1024)
@@ -599,3 +572,36 @@ class platform::ceph::runtime_osds {
     }
   }
 }
+
+# Used to configure optional radosgw platform service
+class platform::ceph::rgw::runtime
+  inherits ::platform::ceph::params {
+
+  include platform::ceph::rgw
+
+  # Make sure the ceph configuration is complete before sm dynamically
+  # provisions/deprovisions the service
+  Class[$name] -> Class['::platform::sm::rgw::runtime']
+
+  unless $rgw_enabled {
+    # SM's current behavior will not stop the service being de-provisioned, so
+    # stop it when needed
+    exec { 'Stopping ceph-radosgw service':
+      command => '/etc/init.d/ceph-radosgw stop'
+    }
+  }
+}
+
+# Used to configure radosgw keystone info based on containerized swift endpoints
+# being enabled/disabled
+class platform::ceph::rgw::keystone::runtime
+  inherits ::platform::ceph::params {
+
+  include ::platform::ceph::rgw::keystone
+
+  exec { 'sm-restart-safe service ceph-radosgw':
+    command => 'sm-restart-safe service ceph-radosgw'
+  }
+}
+
+

puppet-manifests/src/modules/platform/manifests/sm.pp

@@ -175,6 +175,7 @@ class platform::sm
   # Ceph-Rados-Gateway
   include ::platform::ceph::params
   $ceph_configured = $::platform::ceph::params::service_enabled
+  $rgw_configured = $::platform::ceph::params::rgw_enabled
 
   if $system_mode == 'simplex' {
     $hostunit = '0'
@@ -818,13 +819,20 @@ class platform::sm
   }
 
   # Ceph-Rados-Gateway
-  if $ceph_configured {
+  if $rgw_configured {
     exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
       command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw'
     }
     -> exec { 'Provision Ceph-Rados-Gateway (service ceph-radosgw)':
       command => 'sm-provision service ceph-radosgw',
     }
+  } else {
+    exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
+      command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw'
+    }
+    -> exec { 'Deprovision Ceph-Rados-Gateway (service ceph-radosgw)':
+      command => 'sm-deprovision service ceph-radosgw',
+    }
   }
 
   if $ldapserver_remote {
@@ -989,3 +997,17 @@ class platform::sm::stx_openstack::runtime {
     }
   }
 }
+
+class platform::sm::rgw::runtime {
+  $rgw_configured = $::platform::ceph::params::rgw_enabled
+
+  if $rgw_configured {
+    exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
+      command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw --apply'
+    }
+  } else {
+    exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
+      command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw --apply'
+    }
+  }
+}

sysinv/sysinv/sysinv/sysinv/common/constants.py

@@ -906,7 +906,7 @@ SERVICE_TYPE_HORIZON = "horizon"
 SERVICE_TYPE_CEPH = 'ceph'
 SERVICE_TYPE_CINDER = 'cinder'
 SERVICE_TYPE_PLATFORM = 'platform'
-SERVICE_TYPE_SWIFT = 'swift'
+SERVICE_TYPE_RADOSGW = 'radosgw'
 SERVICE_TYPE_GLANCE = 'glance'
 SERVICE_TYPE_BARBICAN = 'barbican'
 SERVICE_TYPE_DOCKER = 'docker'
@@ -954,9 +954,9 @@ SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT = 0
 # default time to live seconds
 PM_TTL_DEFAULT = 86400
 
-SERVICE_PARAM_SECTION_SWIFT_CONFIG = 'config'
-SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED = 'service_enabled'
-SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB = 'fs_size_mb'
+SERVICE_PARAM_SECTION_RADOSGW_CONFIG = 'config'
+SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED = 'service_enabled'
+SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB = 'fs_size_mb'
 
 # docker parameters
 SERVICE_PARAM_SECTION_DOCKER_PROXY = 'proxy'
@@ -976,7 +976,7 @@ SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates'
 SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan'
 
 # default filesystem size to 25 MB
-SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT = 25
+SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT = 25
 
 # HTTP Service Parameters
 SERVICE_PARAM_SECTION_HTTP_CONFIG = 'config'
@@ -1139,7 +1139,7 @@ PARTITION_MANAGE_LOCK = "partition-manage"
 
 # Optional services
 ALL_OPTIONAL_SERVICES = [SERVICE_TYPE_CINDER,
-                         SERVICE_TYPE_SWIFT]
+                         SERVICE_TYPE_RADOSGW]
 
 # System mode
 SYSTEM_MODE_DUPLEX = "duplex"

sysinv/sysinv/sysinv/sysinv/common/service_parameter.py

@@ -14,9 +14,7 @@ import wsme
 
 from sysinv.common import constants
 from sysinv.common import exception
-from sysinv.common.storage_backend_conf import StorageBackendConfig
 from sysinv.common import utils as cutils
-from sysinv.db import api as db_api
 from sysinv.openstack.common import log
 from sysinv.openstack.common.gettextutils import _
 
@@ -262,16 +260,10 @@ def _rpm_pkg_is_installed(pkg_name):
     return (sum > 0)
 
 
-def _validate_swift_enabled(name, value):
-    _validate_boolean(name, value)
-    if not value:
-        return
-    dbapi = db_api.get_instance()
-    ceph_backend = StorageBackendConfig.get_backend_conf(
-        dbapi, constants.CINDER_BACKEND_CEPH)
-    if ceph_backend and ceph_backend.object_gateway:
+def _validate_radosgw_enabled(name, value):
+    if not cutils.is_valid_boolstr(value):
         raise wsme.exc.ClientSideError(_(
-            "Swift API is already supported by Ceph Object Gateway."))
+            "Parameter '%s' must be a valid bool string." % name))
 
 
 def _validate_docker_proxy_address(name, value):
@@ -405,28 +397,28 @@ PLATFORM_MTCE_PARAMETER_RESOURCE = {
     constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT: 'platform::mtce::params::mnfa_timeout',
 }
 
-SWIFT_CONFIG_PARAMETER_MANDATORY = [
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED,
+RADOSGW_CONFIG_PARAMETER_MANDATORY = [
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED,
 ]
 
-SWIFT_CONFIG_PARAMETER_OPTIONAL = [
-    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
+RADOSGW_CONFIG_PARAMETER_OPTIONAL = [
+    constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB,
 ]
 
-SWIFT_CONFIG_PARAMETER_VALIDATOR = {
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: _validate_swift_enabled,
-    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: _validate_integer,
+RADOSGW_CONFIG_PARAMETER_VALIDATOR = {
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: _validate_radosgw_enabled,
+    constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: _validate_integer,
 }
 
-SWIFT_CONFIG_PARAMETER_RESOURCE = {
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED:
-        'openstack::swift::params::service_enabled',
-    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB:
-        'openstack::swift::params::fs_size_mb',
+RADOSGW_CONFIG_PARAMETER_RESOURCE = {
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED:
+        'openstack::radosgw::params::service_enabled',
+    constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB:
+        'openstack::radosgw::params::fs_size_mb',
 }
 
-SWIFT_CONFIG_PARAMETER_DATA_FORMAT = {
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN,
+RADOSGW_CONFIG_PARAMETER_DATA_FORMAT = {
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN,
 }
 
 DOCKER_PROXY_PARAMETER_OPTIONAL = [
@@ -563,13 +555,13 @@ SERVICE_PARAMETER_SCHEMA = {
             SERVICE_PARAM_RESOURCE: HORIZON_AUTH_PARAMETER_RESOURCE,
         },
     },
-    constants.SERVICE_TYPE_SWIFT: {
-        constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG: {
-            SERVICE_PARAM_MANDATORY: SWIFT_CONFIG_PARAMETER_MANDATORY,
-            SERVICE_PARAM_OPTIONAL: SWIFT_CONFIG_PARAMETER_OPTIONAL,
-            SERVICE_PARAM_VALIDATOR: SWIFT_CONFIG_PARAMETER_VALIDATOR,
-            SERVICE_PARAM_RESOURCE: SWIFT_CONFIG_PARAMETER_RESOURCE,
-            SERVICE_PARAM_DATA_FORMAT: SWIFT_CONFIG_PARAMETER_DATA_FORMAT,
+    constants.SERVICE_TYPE_RADOSGW: {
+        constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG: {
+            SERVICE_PARAM_MANDATORY: RADOSGW_CONFIG_PARAMETER_MANDATORY,
+            SERVICE_PARAM_OPTIONAL: RADOSGW_CONFIG_PARAMETER_OPTIONAL,
+            SERVICE_PARAM_VALIDATOR: RADOSGW_CONFIG_PARAMETER_VALIDATOR,
+            SERVICE_PARAM_RESOURCE: RADOSGW_CONFIG_PARAMETER_RESOURCE,
+            SERVICE_PARAM_DATA_FORMAT: RADOSGW_CONFIG_PARAMETER_DATA_FORMAT,
         },
     },
     constants.SERVICE_TYPE_DOCKER: {

sysinv/sysinv/sysinv/sysinv/common/utils.py

@@ -2063,3 +2063,29 @@ def generate_armada_manifest_dir(app_name, app_version):
 
 def generate_armada_manifest_filename_abs(armada_mfile_dir, app_name, manifest_filename):
     return os.path.join(armada_mfile_dir, app_name + '-' + manifest_filename)
+
+
+def is_chart_enabled(dbapi, app_name, chart_name, namespace):
+    """
+    Check if the chart is enable at an application level
+
+    :param app_name: Application name
+    :param chart_name: Chart supplied with the application
+    :param namespace: Namespace where the chart will be executed
+
+    Returns true by default if an exception occurs as most charts are
+    enabled.
+    """
+    try:
+        db_app = dbapi.kube_app_get(app_name)
+        db_chart = dbapi.helm_override_get(db_app.id, chart_name, namespace)
+    except exception.KubeAppNotFound:
+        LOG.exception("is_chart_enabled: %s application unknown" % (app_name))
+        return True
+    except exception.HelmOverrideNotFound:
+        LOG.exception("is_chart_enabled: %s/%s/%s overrides missing" % (
+            app_name, chart_name, namespace))
+        return True
+
+    return db_chart.system_overrides.get(helm_common.HELM_CHART_ATTR_ENABLED,
+                                         False)

sysinv/sysinv/sysinv/sysinv/conductor/manager.py

@@ -462,14 +462,14 @@ class ConductorManager(service.PeriodicService):
          'name': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT,
          'value': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT,
          },
-        {'service': constants.SERVICE_TYPE_SWIFT,
-         'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
-         'name': constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED,
+        {'service': constants.SERVICE_TYPE_RADOSGW,
+         'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+         'name': constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED,
          'value': False},
-        {'service': constants.SERVICE_TYPE_SWIFT,
-         'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
-         'name': constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
-         'value': constants.SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT},
+        {'service': constants.SERVICE_TYPE_RADOSGW,
+         'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+         'name': constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB,
+         'value': constants.SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT},
         {'service': constants.SERVICE_TYPE_HTTP,
          'section': constants.SERVICE_PARAM_SECTION_HTTP_CONFIG,
          'name': constants.SERVICE_PARAM_HTTP_PORT_HTTP,
@@ -6211,21 +6211,6 @@ class ConductorManager(service.PeriodicService):
                                             config_uuid,
                                             config_dict)
 
-    def _revert_cephrgw_config(self, context):
-        """ Revert ceph rgw configuration. """
-        personalities = [constants.CONTROLLER]
-
-        config_uuid = self._config_update_hosts(context, personalities)
-
-        config_dict = {
-            "personalities": personalities,
-            "classes": ['platform::ceph::rgw::runtime_revert']
-        }
-
-        self._config_apply_runtime_manifest(context,
-                                            config_uuid,
-                                            config_dict)
-
     def _update_config_for_stx_openstack(self, context):
         """ Update the runtime configurations that are required
             for stx-openstack application
@@ -6244,15 +6229,15 @@ class ConductorManager(service.PeriodicService):
                                             config_uuid,
                                             config_dict)
 
-    def _update_cephrgw_config(self, context):
-        """ Update ceph rgw configuration. """
+    def _update_radosgw_config(self, context):
+        """ Update ceph radosgw configuration. """
         personalities = [constants.CONTROLLER]
 
         config_uuid = self._config_update_hosts(context, personalities)
 
         config_dict = {
             "personalities": personalities,
-            "classes": ['platform::ceph::rgw::runtime']
+            "classes": ['platform::ceph::rgw::keystone::runtime']
         }
 
         self._config_apply_runtime_manifest(context,
@@ -7015,11 +7000,13 @@ class ConductorManager(service.PeriodicService):
                 }
                 self._config_apply_runtime_manifest(context, config_uuid, config_dict)
 
-            elif service == constants.SERVICE_TYPE_SWIFT:
+            elif service == constants.SERVICE_TYPE_RADOSGW:
                 personalities = [constants.CONTROLLER]
                 config_dict = {
                     "personalities": personalities,
-                    "classes": ['openstack::swift::runtime']
+                    "classes": ['platform::ceph::rgw::runtime',
+                                'platform::sm::rgw::runtime',
+                                'platform::haproxy::runtime']
                 }
                 self._config_apply_runtime_manifest(context, config_uuid, config_dict)
 
@@ -10191,12 +10178,15 @@ class ConductorManager(service.PeriodicService):
                 # generate .unlock_ready flag
                 cutils.touch(constants.UNLOCK_READY_FLAG)
             else:
-                self._update_cephrgw_config(context)
                 # apply any runtime configurations that are needed for
                 # stx_openstack application
                 self._update_config_for_stx_openstack(context)
                 self._update_pciirqaffinity_config(context)
 
+            # The radosgw chart may have been enabled/disabled. Regardless of
+            # the prior apply state, update the ceph config
+            self._update_radosgw_config(context)
+
         return app_applied
 
     def perform_app_update(self, context, from_rpc_app, to_rpc_app, tarfile, operation):
@@ -10231,10 +10221,10 @@ class ConductorManager(service.PeriodicService):
 
         app_removed = self._app.perform_app_remove(rpc_app)
         if constants.HELM_APP_OPENSTACK == appname and app_removed:
-            self._revert_cephrgw_config(context)
             # Update the VIM and PciIrqAffinity configuration.
             self._update_vim_config(context)
             self._update_pciirqaffinity_config(context)
+            self._update_radosgw_config(context)
         return app_removed
 
     def perform_app_abort(self, context, rpc_app):

sysinv/sysinv/sysinv/sysinv/helm/base.py

@@ -263,12 +263,5 @@ class BaseHelm(object):
         Returns true by default if an exception occurs as most charts are
         enabled.
         """
-        try:
-            db_app = self.dbapi.kube_app_get(app_name)
-            db_chart = self.dbapi.helm_override_get(db_app.id, chart_name, namespace)
-        except exception.KubeAppNotFound:
-            return True
-        except exception.HelmOverrideNotFound:
-            return True
-
-        return db_chart.system_overrides.get(common.HELM_CHART_ATTR_ENABLED, False)
+        return utils.is_chart_enabled(
+            self.dbapi, app_name, chart_name, namespace)

sysinv/sysinv/sysinv/sysinv/helm/swift.py

@@ -13,6 +13,10 @@ from sysinv.helm import openstack
 
 LOG = logging.getLogger(__name__)
 
+# These are set in hiera data and applied via puppet to the radosgw
+RADOSGW_SERVICE_DOMAIN_NAME = 'service'
+RADOSGW_SERVICE_PROJECT_NAME = 'service'
+
 
 class SwiftHelm(openstack.OpenstackBaseHelm):
     """Class to encapsulate helm operations for the swift chart"""

sysinv/sysinv/sysinv/sysinv/puppet/base.py

@@ -25,7 +25,6 @@ class BasePuppet(object):
     CONFIG_WORKDIR = '/tmp/config'
     DEFAULT_REGION_NAME = 'RegionOne'
     DEFAULT_SERVICE_PROJECT_NAME = 'services'
-    SWIFT_SERVICE_PROJECT_NAME = 'service'
     DEFAULT_KERNEL_OPTIONS = constants.SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_DEFAULT_OPTS
 
     SYSTEM_CONTROLLER_SERVICES = [
@@ -127,9 +126,6 @@ class BasePuppet(object):
         system = self._get_system()
         return system.region_name
 
-    def _get_swift_service_project_name(self):
-        return self.SWIFT_SERVICE_PROJECT_NAME
-
     def _get_service_project_name(self):
         if self.dbapi is None:
             return self.DEFAULT_SERVICE_PROJECT_NAME

sysinv/sysinv/sysinv/sysinv/puppet/ceph.py

@@ -11,10 +11,14 @@ from sysinv.common import constants
 from sysinv.common import exception
 from sysinv.common import utils
 from sysinv.common.storage_backend_conf import StorageBackendConfig
+from sysinv.openstack.common import log as logging
 from sysinv.helm import common
+from sysinv.helm import swift
 
 from sysinv.puppet import openstack
 
+LOG = logging.getLogger(__name__)
+
 
 # NOTE: based on openstack service for providing swift object storage services
 # via Ceph RGW
@@ -81,8 +85,6 @@ class CephPuppet(openstack.OpenstackBasePuppet):
         ms_bind_ipv6 = (netaddr.IPAddress(mon_0_ip).version ==
                         constants.IPV6_FAMILY)
 
-        ksuser = self._get_service_user_name(self.SERVICE_NAME_RGW)
-
         skip_osds_during_restore = \
             (utils.is_std_system(self.dbapi) and
             ceph_backend.task == constants.SB_TASK_RESTORE)
@@ -110,17 +112,26 @@ class CephPuppet(openstack.OpenstackBasePuppet):
             'platform::ceph::params::mon_1_addr': mon_1_addr,
             'platform::ceph::params::mon_2_addr': mon_2_addr,
 
-            'platform::ceph::params::rgw_admin_user':
-                ksuser,
-            'platform::ceph::params::rgw_admin_domain':
+            'platform::ceph::params::rgw_enabled':
+                self._is_radosgw_enabled(),
+            'platform::ceph::rgw::keystone::swift_endpts_enabled': False,
+            'platform::ceph::rgw::keystone::rgw_admin_user':
+                self._get_service_user_name(self.SERVICE_NAME_RGW),
+            'platform::ceph::rgw::keystone::rgw_admin_password':
+            self._get_service_password(self.SERVICE_NAME_RGW),
+            'platform::ceph::rgw::keystone::rgw_admin_domain':
                 self._get_service_user_domain_name(),
-            'platform::ceph::params::rgw_admin_project':
+            'platform::ceph::rgw::keystone::rgw_admin_project':
                 self._get_service_tenant_name(),
             'platform::ceph::params::skip_osds_during_restore':
                 skip_osds_during_restore,
         }
 
-        if utils.is_openstack_applied(self.dbapi):
+        if (utils.is_openstack_applied(self.dbapi) and
+                utils.is_chart_enabled(self.dbapi,
+                                       constants.HELM_APP_OPENSTACK,
+                                       common.HELM_CHART_SWIFT,
+                                       common.HELM_NS_OPENSTACK)):
             app = self.dbapi.kube_app_get(constants.HELM_APP_OPENSTACK)
             override = self.dbapi.helm_override_get(
                         app.id,
@@ -130,13 +141,19 @@ class CephPuppet(openstack.OpenstackBasePuppet):
                         self.SERVICE_NAME_RGW, None)
             if password:
                 swift_auth_password = password.encode('utf8', 'strict')
-                config['platform::ceph::params::rgw_service_password'] = \
-                    swift_auth_password
-
-            config['platform::ceph::params::rgw_service_domain'] = \
-                self._get_swift_service_user_domain_name()
-            config['platform::ceph::params::rgw_service_project'] = \
-                self._get_swift_service_tenant_name()
+                config.update(
+                    {'platform::ceph::rgw::keystone::swift_endpts_enabled':
+                     True})
+                config.pop('platform::ceph::rgw::keystone::rgw_admin_user')
+                config.update({'platform::ceph::rgw::keystone::rgw_admin_password':
+                               swift_auth_password})
+                config.update({'platform::ceph::rgw::keystone::rgw_admin_domain':
+                               swift.RADOSGW_SERVICE_DOMAIN_NAME})
+                config.update({'platform::ceph::rgw::keystone::rgw_admin_project':
+                               swift.RADOSGW_SERVICE_PROJECT_NAME})
+            else:
+                raise exception.SysinvException(
+                    "Unable to retreive containerized swift auth password")
 
         return config
 
@@ -274,3 +291,25 @@ class CephPuppet(openstack.OpenstackBasePuppet):
         if ceph_mons:
             return ceph_mons[0]
         return None
+
+    def _is_radosgw_enabled(self):
+        enabled = False
+        try:
+            radosgw_enabled = self.dbapi.service_parameter_get_one(
+                service=constants.SERVICE_TYPE_RADOSGW,
+                section=constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+                name=constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED)
+            if radosgw_enabled and radosgw_enabled.value.lower() == 'true':
+                enabled = True
+        except exception.NotFound:
+            LOG.error("Service parameter not found:  %s/%s/%s" %
+                      (constants.SERVICE_TYPE_RADOSGW,
+                       constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+                       constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED))
+
+        except exception.MultipleResults:
+            LOG.error("Multiple service parameters found for %s/%s/%s" %
+                      (constants.SERVICE_TYPE_RADOSGW,
+                      constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+                      constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED))
+        return enabled

sysinv/sysinv/sysinv/sysinv/puppet/keystone.py

@@ -31,7 +31,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
     ADMIN_USER = 'admin'
 
     DEFAULT_DOMAIN_NAME = 'Default'
-    SWIFT_DOMAIN_NAME = 'service'
 
     def _region_config(self):
         # A wrapper over the Base region_config check.
@@ -299,9 +298,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
                 return service_config.capabilities.get('admin_project_domain')
         return self.DEFAULT_DOMAIN_NAME
 
-    def get_swift_service_user_domain(self):
-        return self.SWIFT_DOMAIN_NAME
-
     def get_service_user_domain(self):
         if self._region_config():
             service_config = self._get_service_config(self.SERVICE_NAME)

sysinv/sysinv/sysinv/sysinv/puppet/openstack.py

@@ -160,9 +160,6 @@ class OpenstackBasePuppet(base.BasePuppet):
 
         return self._region_name()
 
-    def _get_swift_service_tenant_name(self):
-        return self._get_swift_service_project_name()
-
     def _get_service_tenant_name(self):
         return self._get_service_project_name()