Configure radosgw and ceph-rgw as optional services

radosgw is a now an optional platform service which is provisioned via a
system service parameter. To align with this optionality, the ceph-rgw
chart which is used to enable the containerized swift endpoints also
becomes optional.

Changes include:
- Update the stx-openstack application disabled_charts setting in the
  application metadata.yaml to include the ceph-rgw chart. This sets the
  initial chart state to disabled.
- Optimize ceph.pp puppet manifests to provide two runtime classes: one
  for setting up the platform radosgw configuration which will set the
  haproxy configuration and the other for updating the keystone
  information in the ceph configuration based on if the ceph-rgw chart
  is enabled.
- Update the sm.pp manifest to dynamically provision/deprovision the
  radosgw based on if it's enabled in the service parameters
- Rename the SWIFT service parameters to RADOSGW as this is the platform
  service being enabled.
- Restructure ceph.py/ceph.pp to generate and use hieradata such that
  _revert_cephrgw_config() and _update_cephrgw_config() can be combined
  into a single function for runtime updates.

Change-Id: Id8d5c6b1159881d44810fc3622990456f1e54e75
Depends-On: If284f622ceac48c4ffd74e7022fdd390971d0fd8
Partial-Bug: #1833738
Signed-off-by: Robert Church <robert.church@windriver.com>

kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml

@@ -2,6 +2,7 @@ disabled_charts:
 - aodh
 - barbican
 - ceilometer
+- ceph-rgw
 - gnocchi
 - ironic
 - panko

puppet-manifests/src/modules/platform/manifests/ceph.pp

@@ -22,6 +22,7 @@ class platform::ceph::params(
   $mon_2_host = undef,
   $mon_2_ip = undef,
   $mon_2_addr = undef,
+  $rgw_enabled = false,
   $rgw_client_name = 'radosgw.gateway',
   $rgw_user_name = 'root',
   $rgw_frontend_type = 'civetweb',
@@ -30,10 +31,6 @@ class platform::ceph::params(
   $rgw_service_domain = undef,
   $rgw_service_project = undef,
   $rgw_service_password = undef,
-  $rgw_admin_domain = undef,
-  $rgw_admin_project = undef,
-  $rgw_admin_user = 'swift',
-  $rgw_admin_password = undef,
   $rgw_max_put_size = '53687091200',
   $rgw_gc_max_objs = '977',
   $rgw_gc_obj_min_wait = '600',
@@ -411,7 +408,7 @@ class platform::ceph::osds(
 class platform::ceph::haproxy
   inherits ::platform::ceph::params {
 
-  if $service_enabled {
+  if $rgw_enabled {
     platform::haproxy::proxy { 'ceph-radosgw-restapi':
       server_name  => 's-ceph-radosgw',
       public_port  => $rgw_port,
@@ -420,60 +417,48 @@ class platform::ceph::haproxy
   }
 }
 
-class platform::ceph::rgw::runtime
-  inherits ::platform::ceph::params {
-    if $service_enabled {
-      include ::platform::params
+class platform::ceph::rgw::keystone (
+  $swift_endpts_enabled = false,
+  $rgw_admin_domain = undef,
+  $rgw_admin_project = undef,
+  $rgw_admin_user = 'swift',
+  $rgw_admin_password = undef,
+) inherits ::platform::ceph::params {
+  include ::openstack::keystone::params
+  if $rgw_enabled {
 
-      include ::openstack::keystone::params
-
-      ceph::rgw::keystone { $rgw_client_name:
-        rgw_keystone_admin_token    => '',
-        rgw_keystone_url            => $::openstack::keystone::params::openstack_auth_uri,
-        rgw_keystone_version        => $::openstack::keystone::params::api_version,
-        rgw_keystone_accepted_roles => 'admin,_member_',
-        user                        => $rgw_user_name,
-        use_pki                     => false,
-        rgw_keystone_admin_domain   => $rgw_service_domain,
-        rgw_keystone_admin_project  => $rgw_service_project,
-        rgw_keystone_admin_user     => $rgw_admin_user,
-        rgw_keystone_admin_password => $rgw_service_password,
-      }
-      exec { 'sm-restart-safe service ceph-radosgw':
-        command => 'sm-restart-safe service ceph-radosgw'
-      }
+    if $swift_endpts_enabled {
+      $url = $::openstack::keystone::params::openstack_auth_uri
+    } else {
+      $url = $::openstack::keystone::params::auth_uri
     }
+
+    ceph::rgw::keystone { $rgw_client_name:
+      # keystone admin token is disabled after initial keystone configuration
+      # for security reason. Use keystone service tenant credentials instead.
+      rgw_keystone_admin_token         => '',
+      rgw_keystone_url                 => $url,
+      rgw_keystone_version             => $::openstack::keystone::params::api_version,
+      rgw_keystone_accepted_roles      => 'admin,_member_',
+      user                             => $rgw_user_name,
+      use_pki                          => false,
+      rgw_keystone_revocation_interval => 0,
+      rgw_keystone_token_cache_size    => 0,
+      rgw_keystone_admin_domain        => $rgw_admin_domain,
+      rgw_keystone_admin_project       => $rgw_admin_project,
+      rgw_keystone_admin_user          => $rgw_admin_user,
+      rgw_keystone_admin_password      => $rgw_admin_password,
+    }
+  }
 }
 
-class platform::ceph::rgw::runtime_revert
-  inherits ::platform::ceph::params {
-    if $service_enabled {
-      include ::platform::params
-
-      include ::openstack::keystone::params
-
-      ceph::rgw::keystone { $rgw_client_name:
-        rgw_keystone_admin_token    => '',
-        rgw_keystone_url            => $::openstack::keystone::params::auth_uri,
-        rgw_keystone_version        => $::openstack::keystone::params::api_version,
-        rgw_keystone_accepted_roles => 'admin,_member_',
-        user                        => $rgw_user_name,
-        use_pki                     => false,
-        rgw_keystone_admin_domain   => $rgw_admin_domain,
-        rgw_keystone_admin_project  => $rgw_admin_project,
-        rgw_keystone_admin_user     => $rgw_admin_user,
-        rgw_keystone_admin_password => $rgw_admin_password,
-      }
-      exec { 'sm-restart-safe service ceph-radosgw':
-        command => 'sm-restart-safe service ceph-radosgw'
-      }
-    }
-}
 
 class platform::ceph::rgw
   inherits ::platform::ceph::params {
+  include ::ceph::params
+  include ::ceph::profile::params
 
-  if $service_enabled {
+  if $rgw_enabled {
     include ::platform::params
 
     include ::openstack::keystone::params
@@ -491,19 +476,7 @@ class platform::ceph::rgw
       log_file      => $rgw_log_file,
     }
 
-    ceph::rgw::keystone { $rgw_client_name:
-      # keystone admin token is disabled after initial keystone configuration
-      # for security reason. Use keystone service tenant credentials instead.
-      rgw_keystone_admin_token    => '',
-      rgw_keystone_url            => $::openstack::keystone::params::auth_uri,
-      rgw_keystone_version        => $::openstack::keystone::params::api_version,
-      rgw_keystone_accepted_roles => 'admin,_member_',
-      use_pki                     => false,
-      rgw_keystone_admin_domain   => $rgw_admin_domain,
-      rgw_keystone_admin_project  => $rgw_admin_project,
-      rgw_keystone_admin_user     => $rgw_admin_user,
-      rgw_keystone_admin_password => $rgw_admin_password,
-    }
+    include ::platform::ceph::rgw::keystone
 
     ceph_config {
       # increase limit for single operation uploading to 50G (50*1024*1024*1024)
@@ -599,3 +572,36 @@ class platform::ceph::runtime_osds {
     }
   }
 }
+
+# Used to configure optional radosgw platform service
+class platform::ceph::rgw::runtime
+  inherits ::platform::ceph::params {
+
+  include platform::ceph::rgw
+
+  # Make sure the ceph configuration is complete before sm dynamically
+  # provisions/deprovisions the service
+  Class[$name] -> Class['::platform::sm::rgw::runtime']
+
+  unless $rgw_enabled {
+    # SM's current behavior will not stop the service being de-provisioned, so
+    # stop it when needed
+    exec { 'Stopping ceph-radosgw service':
+      command => '/etc/init.d/ceph-radosgw stop'
+    }
+  }
+}
+
+# Used to configure radosgw keystone info based on containerized swift endpoints
+# being enabled/disabled
+class platform::ceph::rgw::keystone::runtime
+  inherits ::platform::ceph::params {
+
+  include ::platform::ceph::rgw::keystone
+
+  exec { 'sm-restart-safe service ceph-radosgw':
+    command => 'sm-restart-safe service ceph-radosgw'
+  }
+}
+
+

puppet-manifests/src/modules/platform/manifests/sm.pp

@@ -175,6 +175,7 @@ class platform::sm
   # Ceph-Rados-Gateway
   include ::platform::ceph::params
   $ceph_configured = $::platform::ceph::params::service_enabled
+  $rgw_configured = $::platform::ceph::params::rgw_enabled
 
   if $system_mode == 'simplex' {
     $hostunit = '0'
@@ -818,13 +819,20 @@ class platform::sm
   }
 
   # Ceph-Rados-Gateway
-  if $ceph_configured {
+  if $rgw_configured {
     exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
       command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw'
     }
     -> exec { 'Provision Ceph-Rados-Gateway (service ceph-radosgw)':
       command => 'sm-provision service ceph-radosgw',
     }
+  } else {
+    exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
+      command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw'
+    }
+    -> exec { 'Deprovision Ceph-Rados-Gateway (service ceph-radosgw)':
+      command => 'sm-deprovision service ceph-radosgw',
+    }
   }
 
   if $ldapserver_remote {
@@ -989,3 +997,17 @@ class platform::sm::stx_openstack::runtime {
     }
   }
 }
+
+class platform::sm::rgw::runtime {
+  $rgw_configured = $::platform::ceph::params::rgw_enabled
+
+  if $rgw_configured {
+    exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
+      command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw --apply'
+    }
+  } else {
+    exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)':
+      command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw --apply'
+    }
+  }
+}

sysinv/sysinv/sysinv/sysinv/common/constants.py

@@ -906,7 +906,7 @@ SERVICE_TYPE_HORIZON = "horizon"
 SERVICE_TYPE_CEPH = 'ceph'
 SERVICE_TYPE_CINDER = 'cinder'
 SERVICE_TYPE_PLATFORM = 'platform'
-SERVICE_TYPE_SWIFT = 'swift'
+SERVICE_TYPE_RADOSGW = 'radosgw'
 SERVICE_TYPE_GLANCE = 'glance'
 SERVICE_TYPE_BARBICAN = 'barbican'
 SERVICE_TYPE_DOCKER = 'docker'
@@ -954,9 +954,9 @@ SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT = 0
 # default time to live seconds
 PM_TTL_DEFAULT = 86400
 
-SERVICE_PARAM_SECTION_SWIFT_CONFIG = 'config'
-SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED = 'service_enabled'
-SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB = 'fs_size_mb'
+SERVICE_PARAM_SECTION_RADOSGW_CONFIG = 'config'
+SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED = 'service_enabled'
+SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB = 'fs_size_mb'
 
 # docker parameters
 SERVICE_PARAM_SECTION_DOCKER_PROXY = 'proxy'
@@ -976,7 +976,7 @@ SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates'
 SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan'
 
 # default filesystem size to 25 MB
-SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT = 25
+SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT = 25
 
 # HTTP Service Parameters
 SERVICE_PARAM_SECTION_HTTP_CONFIG = 'config'
@@ -1139,7 +1139,7 @@ PARTITION_MANAGE_LOCK = "partition-manage"
 
 # Optional services
 ALL_OPTIONAL_SERVICES = [SERVICE_TYPE_CINDER,
-                         SERVICE_TYPE_SWIFT]
+                         SERVICE_TYPE_RADOSGW]
 
 # System mode
 SYSTEM_MODE_DUPLEX = "duplex"

sysinv/sysinv/sysinv/sysinv/common/service_parameter.py

@@ -14,9 +14,7 @@ import wsme
 
 from sysinv.common import constants
 from sysinv.common import exception
-from sysinv.common.storage_backend_conf import StorageBackendConfig
 from sysinv.common import utils as cutils
-from sysinv.db import api as db_api
 from sysinv.openstack.common import log
 from sysinv.openstack.common.gettextutils import _
 
@@ -262,16 +260,10 @@ def _rpm_pkg_is_installed(pkg_name):
     return (sum > 0)
 
 
-def _validate_swift_enabled(name, value):
-    _validate_boolean(name, value)
-    if not value:
-        return
-    dbapi = db_api.get_instance()
-    ceph_backend = StorageBackendConfig.get_backend_conf(
-        dbapi, constants.CINDER_BACKEND_CEPH)
-    if ceph_backend and ceph_backend.object_gateway:
+def _validate_radosgw_enabled(name, value):
+    if not cutils.is_valid_boolstr(value):
         raise wsme.exc.ClientSideError(_(
-            "Swift API is already supported by Ceph Object Gateway."))
+            "Parameter '%s' must be a valid bool string." % name))
 
 
 def _validate_docker_proxy_address(name, value):
@@ -405,28 +397,28 @@ PLATFORM_MTCE_PARAMETER_RESOURCE = {
     constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT: 'platform::mtce::params::mnfa_timeout',
 }
 
-SWIFT_CONFIG_PARAMETER_MANDATORY = [
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED,
+RADOSGW_CONFIG_PARAMETER_MANDATORY = [
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED,
 ]
 
-SWIFT_CONFIG_PARAMETER_OPTIONAL = [
-    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
+RADOSGW_CONFIG_PARAMETER_OPTIONAL = [
+    constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB,
 ]
 
-SWIFT_CONFIG_PARAMETER_VALIDATOR = {
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: _validate_swift_enabled,
-    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: _validate_integer,
+RADOSGW_CONFIG_PARAMETER_VALIDATOR = {
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: _validate_radosgw_enabled,
+    constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: _validate_integer,
 }
 
-SWIFT_CONFIG_PARAMETER_RESOURCE = {
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED:
-        'openstack::swift::params::service_enabled',
-    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB:
-        'openstack::swift::params::fs_size_mb',
+RADOSGW_CONFIG_PARAMETER_RESOURCE = {
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED:
+        'openstack::radosgw::params::service_enabled',
+    constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB:
+        'openstack::radosgw::params::fs_size_mb',
 }
 
-SWIFT_CONFIG_PARAMETER_DATA_FORMAT = {
-    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN,
+RADOSGW_CONFIG_PARAMETER_DATA_FORMAT = {
+    constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN,
 }
 
 DOCKER_PROXY_PARAMETER_OPTIONAL = [
@@ -563,13 +555,13 @@ SERVICE_PARAMETER_SCHEMA = {
             SERVICE_PARAM_RESOURCE: HORIZON_AUTH_PARAMETER_RESOURCE,
         },
     },
-    constants.SERVICE_TYPE_SWIFT: {
-        constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG: {
-            SERVICE_PARAM_MANDATORY: SWIFT_CONFIG_PARAMETER_MANDATORY,
-            SERVICE_PARAM_OPTIONAL: SWIFT_CONFIG_PARAMETER_OPTIONAL,
-            SERVICE_PARAM_VALIDATOR: SWIFT_CONFIG_PARAMETER_VALIDATOR,
-            SERVICE_PARAM_RESOURCE: SWIFT_CONFIG_PARAMETER_RESOURCE,
-            SERVICE_PARAM_DATA_FORMAT: SWIFT_CONFIG_PARAMETER_DATA_FORMAT,
+    constants.SERVICE_TYPE_RADOSGW: {
+        constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG: {
+            SERVICE_PARAM_MANDATORY: RADOSGW_CONFIG_PARAMETER_MANDATORY,
+            SERVICE_PARAM_OPTIONAL: RADOSGW_CONFIG_PARAMETER_OPTIONAL,
+            SERVICE_PARAM_VALIDATOR: RADOSGW_CONFIG_PARAMETER_VALIDATOR,
+            SERVICE_PARAM_RESOURCE: RADOSGW_CONFIG_PARAMETER_RESOURCE,
+            SERVICE_PARAM_DATA_FORMAT: RADOSGW_CONFIG_PARAMETER_DATA_FORMAT,
         },
     },
     constants.SERVICE_TYPE_DOCKER: {

sysinv/sysinv/sysinv/sysinv/common/utils.py

@@ -2067,3 +2067,29 @@ def generate_armada_manifest_dir(app_name, app_version):
 
 def generate_armada_manifest_filename_abs(armada_mfile_dir, app_name, manifest_filename):
     return os.path.join(armada_mfile_dir, app_name + '-' + manifest_filename)
+
+
+def is_chart_enabled(dbapi, app_name, chart_name, namespace):
+    """
+    Check if the chart is enable at an application level
+
+    :param app_name: Application name
+    :param chart_name: Chart supplied with the application
+    :param namespace: Namespace where the chart will be executed
+
+    Returns true by default if an exception occurs as most charts are
+    enabled.
+    """
+    try:
+        db_app = dbapi.kube_app_get(app_name)
+        db_chart = dbapi.helm_override_get(db_app.id, chart_name, namespace)
+    except exception.KubeAppNotFound:
+        LOG.exception("is_chart_enabled: %s application unknown" % (app_name))
+        return True
+    except exception.HelmOverrideNotFound:
+        LOG.exception("is_chart_enabled: %s/%s/%s overrides missing" % (
+            app_name, chart_name, namespace))
+        return True
+
+    return db_chart.system_overrides.get(helm_common.HELM_CHART_ATTR_ENABLED,
+                                         False)

sysinv/sysinv/sysinv/sysinv/conductor/manager.py

@@ -462,14 +462,14 @@ class ConductorManager(service.PeriodicService):
          'name': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT,
          'value': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT,
          },
-        {'service': constants.SERVICE_TYPE_SWIFT,
-         'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
-         'name': constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED,
+        {'service': constants.SERVICE_TYPE_RADOSGW,
+         'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+         'name': constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED,
          'value': False},
-        {'service': constants.SERVICE_TYPE_SWIFT,
-         'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
-         'name': constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
-         'value': constants.SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT},
+        {'service': constants.SERVICE_TYPE_RADOSGW,
+         'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+         'name': constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB,
+         'value': constants.SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT},
         {'service': constants.SERVICE_TYPE_HTTP,
          'section': constants.SERVICE_PARAM_SECTION_HTTP_CONFIG,
          'name': constants.SERVICE_PARAM_HTTP_PORT_HTTP,
@@ -6220,21 +6220,6 @@ class ConductorManager(service.PeriodicService):
                                             config_uuid,
                                             config_dict)
 
-    def _revert_cephrgw_config(self, context):
-        """ Revert ceph rgw configuration. """
-        personalities = [constants.CONTROLLER]
-
-        config_uuid = self._config_update_hosts(context, personalities)
-
-        config_dict = {
-            "personalities": personalities,
-            "classes": ['platform::ceph::rgw::runtime_revert']
-        }
-
-        self._config_apply_runtime_manifest(context,
-                                            config_uuid,
-                                            config_dict)
-
     def _update_config_for_stx_openstack(self, context):
         """ Update the runtime configurations that are required
             for stx-openstack application
@@ -6253,15 +6238,15 @@ class ConductorManager(service.PeriodicService):
                                             config_uuid,
                                             config_dict)
 
-    def _update_cephrgw_config(self, context):
-        """ Update ceph rgw configuration. """
+    def _update_radosgw_config(self, context):
+        """ Update ceph radosgw configuration. """
         personalities = [constants.CONTROLLER]
 
         config_uuid = self._config_update_hosts(context, personalities)
 
         config_dict = {
             "personalities": personalities,
-            "classes": ['platform::ceph::rgw::runtime']
+            "classes": ['platform::ceph::rgw::keystone::runtime']
         }
 
         self._config_apply_runtime_manifest(context,
@@ -7024,11 +7009,13 @@ class ConductorManager(service.PeriodicService):
                 }
                 self._config_apply_runtime_manifest(context, config_uuid, config_dict)
 
-            elif service == constants.SERVICE_TYPE_SWIFT:
+            elif service == constants.SERVICE_TYPE_RADOSGW:
                 personalities = [constants.CONTROLLER]
                 config_dict = {
                     "personalities": personalities,
-                    "classes": ['openstack::swift::runtime']
+                    "classes": ['platform::ceph::rgw::runtime',
+                                'platform::sm::rgw::runtime',
+                                'platform::haproxy::runtime']
                 }
                 self._config_apply_runtime_manifest(context, config_uuid, config_dict)
 
@@ -10200,12 +10187,15 @@ class ConductorManager(service.PeriodicService):
                 # generate .unlock_ready flag
                 cutils.touch(constants.UNLOCK_READY_FLAG)
             else:
-                self._update_cephrgw_config(context)
                 # apply any runtime configurations that are needed for
                 # stx_openstack application
                 self._update_config_for_stx_openstack(context)
                 self._update_pciirqaffinity_config(context)
 
+            # The radosgw chart may have been enabled/disabled. Regardless of
+            # the prior apply state, update the ceph config
+            self._update_radosgw_config(context)
+
         return app_applied
 
     def perform_app_update(self, context, from_rpc_app, to_rpc_app, tarfile, operation):
@@ -10240,10 +10230,10 @@ class ConductorManager(service.PeriodicService):
 
         app_removed = self._app.perform_app_remove(rpc_app)
         if constants.HELM_APP_OPENSTACK == appname and app_removed:
-            self._revert_cephrgw_config(context)
             # Update the VIM and PciIrqAffinity configuration.
             self._update_vim_config(context)
             self._update_pciirqaffinity_config(context)
+            self._update_radosgw_config(context)
         return app_removed
 
     def perform_app_abort(self, context, rpc_app):

sysinv/sysinv/sysinv/sysinv/helm/base.py

@@ -263,12 +263,5 @@ class BaseHelm(object):
         Returns true by default if an exception occurs as most charts are
         enabled.
         """
-        try:
-            db_app = self.dbapi.kube_app_get(app_name)
-            db_chart = self.dbapi.helm_override_get(db_app.id, chart_name, namespace)
-        except exception.KubeAppNotFound:
-            return True
-        except exception.HelmOverrideNotFound:
-            return True
-
-        return db_chart.system_overrides.get(common.HELM_CHART_ATTR_ENABLED, False)
+        return utils.is_chart_enabled(
+            self.dbapi, app_name, chart_name, namespace)

sysinv/sysinv/sysinv/sysinv/helm/swift.py

@@ -13,6 +13,10 @@ from sysinv.helm import openstack
 
 LOG = logging.getLogger(__name__)
 
+# These are set in hiera data and applied via puppet to the radosgw
+RADOSGW_SERVICE_DOMAIN_NAME = 'service'
+RADOSGW_SERVICE_PROJECT_NAME = 'service'
+
 
 class SwiftHelm(openstack.OpenstackBaseHelm):
     """Class to encapsulate helm operations for the swift chart"""

sysinv/sysinv/sysinv/sysinv/puppet/base.py

@@ -25,7 +25,6 @@ class BasePuppet(object):
     CONFIG_WORKDIR = '/tmp/config'
     DEFAULT_REGION_NAME = 'RegionOne'
     DEFAULT_SERVICE_PROJECT_NAME = 'services'
-    SWIFT_SERVICE_PROJECT_NAME = 'service'
     DEFAULT_KERNEL_OPTIONS = constants.SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_DEFAULT_OPTS
 
     SYSTEM_CONTROLLER_SERVICES = [
@@ -127,9 +126,6 @@ class BasePuppet(object):
         system = self._get_system()
         return system.region_name
 
-    def _get_swift_service_project_name(self):
-        return self.SWIFT_SERVICE_PROJECT_NAME
-
     def _get_service_project_name(self):
         if self.dbapi is None:
             return self.DEFAULT_SERVICE_PROJECT_NAME

sysinv/sysinv/sysinv/sysinv/puppet/ceph.py

@@ -11,10 +11,14 @@ from sysinv.common import constants
 from sysinv.common import exception
 from sysinv.common import utils
 from sysinv.common.storage_backend_conf import StorageBackendConfig
+from sysinv.openstack.common import log as logging
 from sysinv.helm import common
+from sysinv.helm import swift
 
 from sysinv.puppet import openstack
 
+LOG = logging.getLogger(__name__)
+
 
 # NOTE: based on openstack service for providing swift object storage services
 # via Ceph RGW
@@ -81,8 +85,6 @@ class CephPuppet(openstack.OpenstackBasePuppet):
         ms_bind_ipv6 = (netaddr.IPAddress(mon_0_ip).version ==
                         constants.IPV6_FAMILY)
 
-        ksuser = self._get_service_user_name(self.SERVICE_NAME_RGW)
-
         skip_osds_during_restore = \
             (utils.is_std_system(self.dbapi) and
             ceph_backend.task == constants.SB_TASK_RESTORE)
@@ -110,17 +112,26 @@ class CephPuppet(openstack.OpenstackBasePuppet):
             'platform::ceph::params::mon_1_addr': mon_1_addr,
             'platform::ceph::params::mon_2_addr': mon_2_addr,
 
-            'platform::ceph::params::rgw_admin_user':
-                ksuser,
-            'platform::ceph::params::rgw_admin_domain':
+            'platform::ceph::params::rgw_enabled':
+                self._is_radosgw_enabled(),
+            'platform::ceph::rgw::keystone::swift_endpts_enabled': False,
+            'platform::ceph::rgw::keystone::rgw_admin_user':
+                self._get_service_user_name(self.SERVICE_NAME_RGW),
+            'platform::ceph::rgw::keystone::rgw_admin_password':
+            self._get_service_password(self.SERVICE_NAME_RGW),
+            'platform::ceph::rgw::keystone::rgw_admin_domain':
                 self._get_service_user_domain_name(),
-            'platform::ceph::params::rgw_admin_project':
+            'platform::ceph::rgw::keystone::rgw_admin_project':
                 self._get_service_tenant_name(),
             'platform::ceph::params::skip_osds_during_restore':
                 skip_osds_during_restore,
         }
 
-        if utils.is_openstack_applied(self.dbapi):
+        if (utils.is_openstack_applied(self.dbapi) and
+                utils.is_chart_enabled(self.dbapi,
+                                       constants.HELM_APP_OPENSTACK,
+                                       common.HELM_CHART_SWIFT,
+                                       common.HELM_NS_OPENSTACK)):
             app = self.dbapi.kube_app_get(constants.HELM_APP_OPENSTACK)
             override = self.dbapi.helm_override_get(
                         app.id,
@@ -130,13 +141,19 @@ class CephPuppet(openstack.OpenstackBasePuppet):
                         self.SERVICE_NAME_RGW, None)
             if password:
                 swift_auth_password = password.encode('utf8', 'strict')
-                config['platform::ceph::params::rgw_service_password'] = \
-                    swift_auth_password
-
-            config['platform::ceph::params::rgw_service_domain'] = \
-                self._get_swift_service_user_domain_name()
-            config['platform::ceph::params::rgw_service_project'] = \
-                self._get_swift_service_tenant_name()
+                config.update(
+                    {'platform::ceph::rgw::keystone::swift_endpts_enabled':
+                     True})
+                config.pop('platform::ceph::rgw::keystone::rgw_admin_user')
+                config.update({'platform::ceph::rgw::keystone::rgw_admin_password':
+                               swift_auth_password})
+                config.update({'platform::ceph::rgw::keystone::rgw_admin_domain':
+                               swift.RADOSGW_SERVICE_DOMAIN_NAME})
+                config.update({'platform::ceph::rgw::keystone::rgw_admin_project':
+                               swift.RADOSGW_SERVICE_PROJECT_NAME})
+            else:
+                raise exception.SysinvException(
+                    "Unable to retreive containerized swift auth password")
 
         return config
 
@@ -274,3 +291,25 @@ class CephPuppet(openstack.OpenstackBasePuppet):
         if ceph_mons:
             return ceph_mons[0]
         return None
+
+    def _is_radosgw_enabled(self):
+        enabled = False
+        try:
+            radosgw_enabled = self.dbapi.service_parameter_get_one(
+                service=constants.SERVICE_TYPE_RADOSGW,
+                section=constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+                name=constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED)
+            if radosgw_enabled and radosgw_enabled.value.lower() == 'true':
+                enabled = True
+        except exception.NotFound:
+            LOG.error("Service parameter not found:  %s/%s/%s" %
+                      (constants.SERVICE_TYPE_RADOSGW,
+                       constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+                       constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED))
+
+        except exception.MultipleResults:
+            LOG.error("Multiple service parameters found for %s/%s/%s" %
+                      (constants.SERVICE_TYPE_RADOSGW,
+                      constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG,
+                      constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED))
+        return enabled

sysinv/sysinv/sysinv/sysinv/puppet/keystone.py

@@ -31,7 +31,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
     ADMIN_USER = 'admin'
 
     DEFAULT_DOMAIN_NAME = 'Default'
-    SWIFT_DOMAIN_NAME = 'service'
 
     def _region_config(self):
         # A wrapper over the Base region_config check.
@@ -299,9 +298,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
                 return service_config.capabilities.get('admin_project_domain')
         return self.DEFAULT_DOMAIN_NAME
 
-    def get_swift_service_user_domain(self):
-        return self.SWIFT_DOMAIN_NAME
-
     def get_service_user_domain(self):
         if self._region_config():
             service_config = self._get_service_config(self.SERVICE_NAME)

sysinv/sysinv/sysinv/sysinv/puppet/openstack.py

@@ -160,9 +160,6 @@ class OpenstackBasePuppet(base.BasePuppet):
 
         return self._region_name()
 
-    def _get_swift_service_tenant_name(self):
-        return self._get_swift_service_project_name()
-
     def _get_service_tenant_name(self):
         return self._get_service_project_name()