diff --git a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml index 53ad5ea576..28bcc294f3 100644 --- a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml +++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml @@ -2,6 +2,7 @@ disabled_charts: - aodh - barbican - ceilometer +- ceph-rgw - gnocchi - ironic - panko diff --git a/puppet-manifests/src/modules/platform/manifests/ceph.pp b/puppet-manifests/src/modules/platform/manifests/ceph.pp index 9050457e58..943ae5881c 100644 --- a/puppet-manifests/src/modules/platform/manifests/ceph.pp +++ b/puppet-manifests/src/modules/platform/manifests/ceph.pp @@ -22,6 +22,7 @@ class platform::ceph::params( $mon_2_host = undef, $mon_2_ip = undef, $mon_2_addr = undef, + $rgw_enabled = false, $rgw_client_name = 'radosgw.gateway', $rgw_user_name = 'root', $rgw_frontend_type = 'civetweb', @@ -30,10 +31,6 @@ class platform::ceph::params( $rgw_service_domain = undef, $rgw_service_project = undef, $rgw_service_password = undef, - $rgw_admin_domain = undef, - $rgw_admin_project = undef, - $rgw_admin_user = 'swift', - $rgw_admin_password = undef, $rgw_max_put_size = '53687091200', $rgw_gc_max_objs = '977', $rgw_gc_obj_min_wait = '600', @@ -411,7 +408,7 @@ class platform::ceph::osds( class platform::ceph::haproxy inherits ::platform::ceph::params { - if $service_enabled { + if $rgw_enabled { platform::haproxy::proxy { 'ceph-radosgw-restapi': server_name => 's-ceph-radosgw', public_port => $rgw_port, @@ -420,60 +417,48 @@ class platform::ceph::haproxy } } -class platform::ceph::rgw::runtime - inherits ::platform::ceph::params { - if $service_enabled { - include ::platform::params +class platform::ceph::rgw::keystone ( + $swift_endpts_enabled = false, + $rgw_admin_domain = undef, + $rgw_admin_project = undef, + $rgw_admin_user = 'swift', + $rgw_admin_password = undef, +) inherits ::platform::ceph::params { + include ::openstack::keystone::params + if $rgw_enabled { - include ::openstack::keystone::params - - ceph::rgw::keystone { $rgw_client_name: - rgw_keystone_admin_token => '', - rgw_keystone_url => $::openstack::keystone::params::openstack_auth_uri, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - user => $rgw_user_name, - use_pki => false, - rgw_keystone_admin_domain => $rgw_service_domain, - rgw_keystone_admin_project => $rgw_service_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_service_password, - } - exec { 'sm-restart-safe service ceph-radosgw': - command => 'sm-restart-safe service ceph-radosgw' - } + if $swift_endpts_enabled { + $url = $::openstack::keystone::params::openstack_auth_uri + } else { + $url = $::openstack::keystone::params::auth_uri } + + ceph::rgw::keystone { $rgw_client_name: + # keystone admin token is disabled after initial keystone configuration + # for security reason. Use keystone service tenant credentials instead. + rgw_keystone_admin_token => '', + rgw_keystone_url => $url, + rgw_keystone_version => $::openstack::keystone::params::api_version, + rgw_keystone_accepted_roles => 'admin,_member_', + user => $rgw_user_name, + use_pki => false, + rgw_keystone_revocation_interval => 0, + rgw_keystone_token_cache_size => 0, + rgw_keystone_admin_domain => $rgw_admin_domain, + rgw_keystone_admin_project => $rgw_admin_project, + rgw_keystone_admin_user => $rgw_admin_user, + rgw_keystone_admin_password => $rgw_admin_password, + } + } } -class platform::ceph::rgw::runtime_revert - inherits ::platform::ceph::params { - if $service_enabled { - include ::platform::params - - include ::openstack::keystone::params - - ceph::rgw::keystone { $rgw_client_name: - rgw_keystone_admin_token => '', - rgw_keystone_url => $::openstack::keystone::params::auth_uri, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - user => $rgw_user_name, - use_pki => false, - rgw_keystone_admin_domain => $rgw_admin_domain, - rgw_keystone_admin_project => $rgw_admin_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_admin_password, - } - exec { 'sm-restart-safe service ceph-radosgw': - command => 'sm-restart-safe service ceph-radosgw' - } - } -} class platform::ceph::rgw inherits ::platform::ceph::params { + include ::ceph::params + include ::ceph::profile::params - if $service_enabled { + if $rgw_enabled { include ::platform::params include ::openstack::keystone::params @@ -491,19 +476,7 @@ class platform::ceph::rgw log_file => $rgw_log_file, } - ceph::rgw::keystone { $rgw_client_name: - # keystone admin token is disabled after initial keystone configuration - # for security reason. Use keystone service tenant credentials instead. - rgw_keystone_admin_token => '', - rgw_keystone_url => $::openstack::keystone::params::auth_uri, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - use_pki => false, - rgw_keystone_admin_domain => $rgw_admin_domain, - rgw_keystone_admin_project => $rgw_admin_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_admin_password, - } + include ::platform::ceph::rgw::keystone ceph_config { # increase limit for single operation uploading to 50G (50*1024*1024*1024) @@ -599,3 +572,36 @@ class platform::ceph::runtime_osds { } } } + +# Used to configure optional radosgw platform service +class platform::ceph::rgw::runtime + inherits ::platform::ceph::params { + + include platform::ceph::rgw + + # Make sure the ceph configuration is complete before sm dynamically + # provisions/deprovisions the service + Class[$name] -> Class['::platform::sm::rgw::runtime'] + + unless $rgw_enabled { + # SM's current behavior will not stop the service being de-provisioned, so + # stop it when needed + exec { 'Stopping ceph-radosgw service': + command => '/etc/init.d/ceph-radosgw stop' + } + } +} + +# Used to configure radosgw keystone info based on containerized swift endpoints +# being enabled/disabled +class platform::ceph::rgw::keystone::runtime + inherits ::platform::ceph::params { + + include ::platform::ceph::rgw::keystone + + exec { 'sm-restart-safe service ceph-radosgw': + command => 'sm-restart-safe service ceph-radosgw' + } +} + + diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp index 3cfbfe46bd..3fbbb68cab 100644 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ b/puppet-manifests/src/modules/platform/manifests/sm.pp @@ -175,6 +175,7 @@ class platform::sm # Ceph-Rados-Gateway include ::platform::ceph::params $ceph_configured = $::platform::ceph::params::service_enabled + $rgw_configured = $::platform::ceph::params::rgw_enabled if $system_mode == 'simplex' { $hostunit = '0' @@ -818,13 +819,20 @@ class platform::sm } # Ceph-Rados-Gateway - if $ceph_configured { + if $rgw_configured { exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw' } -> exec { 'Provision Ceph-Rados-Gateway (service ceph-radosgw)': command => 'sm-provision service ceph-radosgw', } + } else { + exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': + command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw' + } + -> exec { 'Deprovision Ceph-Rados-Gateway (service ceph-radosgw)': + command => 'sm-deprovision service ceph-radosgw', + } } if $ldapserver_remote { @@ -989,3 +997,17 @@ class platform::sm::stx_openstack::runtime { } } } + +class platform::sm::rgw::runtime { + $rgw_configured = $::platform::ceph::params::rgw_enabled + + if $rgw_configured { + exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': + command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw --apply' + } + } else { + exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': + command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw --apply' + } + } +} diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py index 547974b59c..9020eafc39 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/constants.py +++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py @@ -906,7 +906,7 @@ SERVICE_TYPE_HORIZON = "horizon" SERVICE_TYPE_CEPH = 'ceph' SERVICE_TYPE_CINDER = 'cinder' SERVICE_TYPE_PLATFORM = 'platform' -SERVICE_TYPE_SWIFT = 'swift' +SERVICE_TYPE_RADOSGW = 'radosgw' SERVICE_TYPE_GLANCE = 'glance' SERVICE_TYPE_BARBICAN = 'barbican' SERVICE_TYPE_DOCKER = 'docker' @@ -954,9 +954,9 @@ SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT = 0 # default time to live seconds PM_TTL_DEFAULT = 86400 -SERVICE_PARAM_SECTION_SWIFT_CONFIG = 'config' -SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED = 'service_enabled' -SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB = 'fs_size_mb' +SERVICE_PARAM_SECTION_RADOSGW_CONFIG = 'config' +SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED = 'service_enabled' +SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB = 'fs_size_mb' # docker parameters SERVICE_PARAM_SECTION_DOCKER_PROXY = 'proxy' @@ -976,7 +976,7 @@ SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates' SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan' # default filesystem size to 25 MB -SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT = 25 +SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT = 25 # HTTP Service Parameters SERVICE_PARAM_SECTION_HTTP_CONFIG = 'config' @@ -1139,7 +1139,7 @@ PARTITION_MANAGE_LOCK = "partition-manage" # Optional services ALL_OPTIONAL_SERVICES = [SERVICE_TYPE_CINDER, - SERVICE_TYPE_SWIFT] + SERVICE_TYPE_RADOSGW] # System mode SYSTEM_MODE_DUPLEX = "duplex" diff --git a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py index 5046b28a19..15c804e267 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py +++ b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py @@ -14,9 +14,7 @@ import wsme from sysinv.common import constants from sysinv.common import exception -from sysinv.common.storage_backend_conf import StorageBackendConfig from sysinv.common import utils as cutils -from sysinv.db import api as db_api from sysinv.openstack.common import log from sysinv.openstack.common.gettextutils import _ @@ -262,16 +260,10 @@ def _rpm_pkg_is_installed(pkg_name): return (sum > 0) -def _validate_swift_enabled(name, value): - _validate_boolean(name, value) - if not value: - return - dbapi = db_api.get_instance() - ceph_backend = StorageBackendConfig.get_backend_conf( - dbapi, constants.CINDER_BACKEND_CEPH) - if ceph_backend and ceph_backend.object_gateway: +def _validate_radosgw_enabled(name, value): + if not cutils.is_valid_boolstr(value): raise wsme.exc.ClientSideError(_( - "Swift API is already supported by Ceph Object Gateway.")) + "Parameter '%s' must be a valid bool string." % name)) def _validate_docker_proxy_address(name, value): @@ -405,28 +397,28 @@ PLATFORM_MTCE_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT: 'platform::mtce::params::mnfa_timeout', } -SWIFT_CONFIG_PARAMETER_MANDATORY = [ - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED, +RADOSGW_CONFIG_PARAMETER_MANDATORY = [ + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED, ] -SWIFT_CONFIG_PARAMETER_OPTIONAL = [ - constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB, +RADOSGW_CONFIG_PARAMETER_OPTIONAL = [ + constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB, ] -SWIFT_CONFIG_PARAMETER_VALIDATOR = { - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: _validate_swift_enabled, - constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: _validate_integer, +RADOSGW_CONFIG_PARAMETER_VALIDATOR = { + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: _validate_radosgw_enabled, + constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: _validate_integer, } -SWIFT_CONFIG_PARAMETER_RESOURCE = { - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: - 'openstack::swift::params::service_enabled', - constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: - 'openstack::swift::params::fs_size_mb', +RADOSGW_CONFIG_PARAMETER_RESOURCE = { + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: + 'openstack::radosgw::params::service_enabled', + constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: + 'openstack::radosgw::params::fs_size_mb', } -SWIFT_CONFIG_PARAMETER_DATA_FORMAT = { - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN, +RADOSGW_CONFIG_PARAMETER_DATA_FORMAT = { + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN, } DOCKER_PROXY_PARAMETER_OPTIONAL = [ @@ -563,13 +555,13 @@ SERVICE_PARAMETER_SCHEMA = { SERVICE_PARAM_RESOURCE: HORIZON_AUTH_PARAMETER_RESOURCE, }, }, - constants.SERVICE_TYPE_SWIFT: { - constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG: { - SERVICE_PARAM_MANDATORY: SWIFT_CONFIG_PARAMETER_MANDATORY, - SERVICE_PARAM_OPTIONAL: SWIFT_CONFIG_PARAMETER_OPTIONAL, - SERVICE_PARAM_VALIDATOR: SWIFT_CONFIG_PARAMETER_VALIDATOR, - SERVICE_PARAM_RESOURCE: SWIFT_CONFIG_PARAMETER_RESOURCE, - SERVICE_PARAM_DATA_FORMAT: SWIFT_CONFIG_PARAMETER_DATA_FORMAT, + constants.SERVICE_TYPE_RADOSGW: { + constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG: { + SERVICE_PARAM_MANDATORY: RADOSGW_CONFIG_PARAMETER_MANDATORY, + SERVICE_PARAM_OPTIONAL: RADOSGW_CONFIG_PARAMETER_OPTIONAL, + SERVICE_PARAM_VALIDATOR: RADOSGW_CONFIG_PARAMETER_VALIDATOR, + SERVICE_PARAM_RESOURCE: RADOSGW_CONFIG_PARAMETER_RESOURCE, + SERVICE_PARAM_DATA_FORMAT: RADOSGW_CONFIG_PARAMETER_DATA_FORMAT, }, }, constants.SERVICE_TYPE_DOCKER: { diff --git a/sysinv/sysinv/sysinv/sysinv/common/utils.py b/sysinv/sysinv/sysinv/sysinv/common/utils.py index 8756cfc7cf..420ec2cf8c 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/utils.py +++ b/sysinv/sysinv/sysinv/sysinv/common/utils.py @@ -2063,3 +2063,29 @@ def generate_armada_manifest_dir(app_name, app_version): def generate_armada_manifest_filename_abs(armada_mfile_dir, app_name, manifest_filename): return os.path.join(armada_mfile_dir, app_name + '-' + manifest_filename) + + +def is_chart_enabled(dbapi, app_name, chart_name, namespace): + """ + Check if the chart is enable at an application level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + try: + db_app = dbapi.kube_app_get(app_name) + db_chart = dbapi.helm_override_get(db_app.id, chart_name, namespace) + except exception.KubeAppNotFound: + LOG.exception("is_chart_enabled: %s application unknown" % (app_name)) + return True + except exception.HelmOverrideNotFound: + LOG.exception("is_chart_enabled: %s/%s/%s overrides missing" % ( + app_name, chart_name, namespace)) + return True + + return db_chart.system_overrides.get(helm_common.HELM_CHART_ATTR_ENABLED, + False) diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 771916f9a1..4e43f8d7f0 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -462,14 +462,14 @@ class ConductorManager(service.PeriodicService): 'name': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT, 'value': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT, }, - {'service': constants.SERVICE_TYPE_SWIFT, - 'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG, - 'name': constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED, + {'service': constants.SERVICE_TYPE_RADOSGW, + 'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + 'name': constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED, 'value': False}, - {'service': constants.SERVICE_TYPE_SWIFT, - 'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG, - 'name': constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB, - 'value': constants.SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT}, + {'service': constants.SERVICE_TYPE_RADOSGW, + 'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + 'name': constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB, + 'value': constants.SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT}, {'service': constants.SERVICE_TYPE_HTTP, 'section': constants.SERVICE_PARAM_SECTION_HTTP_CONFIG, 'name': constants.SERVICE_PARAM_HTTP_PORT_HTTP, @@ -6211,21 +6211,6 @@ class ConductorManager(service.PeriodicService): config_uuid, config_dict) - def _revert_cephrgw_config(self, context): - """ Revert ceph rgw configuration. """ - personalities = [constants.CONTROLLER] - - config_uuid = self._config_update_hosts(context, personalities) - - config_dict = { - "personalities": personalities, - "classes": ['platform::ceph::rgw::runtime_revert'] - } - - self._config_apply_runtime_manifest(context, - config_uuid, - config_dict) - def _update_config_for_stx_openstack(self, context): """ Update the runtime configurations that are required for stx-openstack application @@ -6244,15 +6229,15 @@ class ConductorManager(service.PeriodicService): config_uuid, config_dict) - def _update_cephrgw_config(self, context): - """ Update ceph rgw configuration. """ + def _update_radosgw_config(self, context): + """ Update ceph radosgw configuration. """ personalities = [constants.CONTROLLER] config_uuid = self._config_update_hosts(context, personalities) config_dict = { "personalities": personalities, - "classes": ['platform::ceph::rgw::runtime'] + "classes": ['platform::ceph::rgw::keystone::runtime'] } self._config_apply_runtime_manifest(context, @@ -7015,11 +7000,13 @@ class ConductorManager(service.PeriodicService): } self._config_apply_runtime_manifest(context, config_uuid, config_dict) - elif service == constants.SERVICE_TYPE_SWIFT: + elif service == constants.SERVICE_TYPE_RADOSGW: personalities = [constants.CONTROLLER] config_dict = { "personalities": personalities, - "classes": ['openstack::swift::runtime'] + "classes": ['platform::ceph::rgw::runtime', + 'platform::sm::rgw::runtime', + 'platform::haproxy::runtime'] } self._config_apply_runtime_manifest(context, config_uuid, config_dict) @@ -10191,12 +10178,15 @@ class ConductorManager(service.PeriodicService): # generate .unlock_ready flag cutils.touch(constants.UNLOCK_READY_FLAG) else: - self._update_cephrgw_config(context) # apply any runtime configurations that are needed for # stx_openstack application self._update_config_for_stx_openstack(context) self._update_pciirqaffinity_config(context) + # The radosgw chart may have been enabled/disabled. Regardless of + # the prior apply state, update the ceph config + self._update_radosgw_config(context) + return app_applied def perform_app_update(self, context, from_rpc_app, to_rpc_app, tarfile, operation): @@ -10231,10 +10221,10 @@ class ConductorManager(service.PeriodicService): app_removed = self._app.perform_app_remove(rpc_app) if constants.HELM_APP_OPENSTACK == appname and app_removed: - self._revert_cephrgw_config(context) # Update the VIM and PciIrqAffinity configuration. self._update_vim_config(context) self._update_pciirqaffinity_config(context) + self._update_radosgw_config(context) return app_removed def perform_app_abort(self, context, rpc_app): diff --git a/sysinv/sysinv/sysinv/sysinv/helm/base.py b/sysinv/sysinv/sysinv/sysinv/helm/base.py index 6c0dbcfe7e..21bd43af25 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/base.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/base.py @@ -263,12 +263,5 @@ class BaseHelm(object): Returns true by default if an exception occurs as most charts are enabled. """ - try: - db_app = self.dbapi.kube_app_get(app_name) - db_chart = self.dbapi.helm_override_get(db_app.id, chart_name, namespace) - except exception.KubeAppNotFound: - return True - except exception.HelmOverrideNotFound: - return True - - return db_chart.system_overrides.get(common.HELM_CHART_ATTR_ENABLED, False) + return utils.is_chart_enabled( + self.dbapi, app_name, chart_name, namespace) diff --git a/sysinv/sysinv/sysinv/sysinv/helm/swift.py b/sysinv/sysinv/sysinv/sysinv/helm/swift.py index f6c63899cd..5ac8e31d69 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/swift.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/swift.py @@ -13,6 +13,10 @@ from sysinv.helm import openstack LOG = logging.getLogger(__name__) +# These are set in hiera data and applied via puppet to the radosgw +RADOSGW_SERVICE_DOMAIN_NAME = 'service' +RADOSGW_SERVICE_PROJECT_NAME = 'service' + class SwiftHelm(openstack.OpenstackBaseHelm): """Class to encapsulate helm operations for the swift chart""" diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/base.py b/sysinv/sysinv/sysinv/sysinv/puppet/base.py index 7de53c2cd0..b6a1c221c0 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/base.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/base.py @@ -25,7 +25,6 @@ class BasePuppet(object): CONFIG_WORKDIR = '/tmp/config' DEFAULT_REGION_NAME = 'RegionOne' DEFAULT_SERVICE_PROJECT_NAME = 'services' - SWIFT_SERVICE_PROJECT_NAME = 'service' DEFAULT_KERNEL_OPTIONS = constants.SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_DEFAULT_OPTS SYSTEM_CONTROLLER_SERVICES = [ @@ -127,9 +126,6 @@ class BasePuppet(object): system = self._get_system() return system.region_name - def _get_swift_service_project_name(self): - return self.SWIFT_SERVICE_PROJECT_NAME - def _get_service_project_name(self): if self.dbapi is None: return self.DEFAULT_SERVICE_PROJECT_NAME diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py b/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py index 2b7484ce91..f25f425d14 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py @@ -11,10 +11,14 @@ from sysinv.common import constants from sysinv.common import exception from sysinv.common import utils from sysinv.common.storage_backend_conf import StorageBackendConfig +from sysinv.openstack.common import log as logging from sysinv.helm import common +from sysinv.helm import swift from sysinv.puppet import openstack +LOG = logging.getLogger(__name__) + # NOTE: based on openstack service for providing swift object storage services # via Ceph RGW @@ -81,8 +85,6 @@ class CephPuppet(openstack.OpenstackBasePuppet): ms_bind_ipv6 = (netaddr.IPAddress(mon_0_ip).version == constants.IPV6_FAMILY) - ksuser = self._get_service_user_name(self.SERVICE_NAME_RGW) - skip_osds_during_restore = \ (utils.is_std_system(self.dbapi) and ceph_backend.task == constants.SB_TASK_RESTORE) @@ -110,17 +112,26 @@ class CephPuppet(openstack.OpenstackBasePuppet): 'platform::ceph::params::mon_1_addr': mon_1_addr, 'platform::ceph::params::mon_2_addr': mon_2_addr, - 'platform::ceph::params::rgw_admin_user': - ksuser, - 'platform::ceph::params::rgw_admin_domain': + 'platform::ceph::params::rgw_enabled': + self._is_radosgw_enabled(), + 'platform::ceph::rgw::keystone::swift_endpts_enabled': False, + 'platform::ceph::rgw::keystone::rgw_admin_user': + self._get_service_user_name(self.SERVICE_NAME_RGW), + 'platform::ceph::rgw::keystone::rgw_admin_password': + self._get_service_password(self.SERVICE_NAME_RGW), + 'platform::ceph::rgw::keystone::rgw_admin_domain': self._get_service_user_domain_name(), - 'platform::ceph::params::rgw_admin_project': + 'platform::ceph::rgw::keystone::rgw_admin_project': self._get_service_tenant_name(), 'platform::ceph::params::skip_osds_during_restore': skip_osds_during_restore, } - if utils.is_openstack_applied(self.dbapi): + if (utils.is_openstack_applied(self.dbapi) and + utils.is_chart_enabled(self.dbapi, + constants.HELM_APP_OPENSTACK, + common.HELM_CHART_SWIFT, + common.HELM_NS_OPENSTACK)): app = self.dbapi.kube_app_get(constants.HELM_APP_OPENSTACK) override = self.dbapi.helm_override_get( app.id, @@ -130,13 +141,19 @@ class CephPuppet(openstack.OpenstackBasePuppet): self.SERVICE_NAME_RGW, None) if password: swift_auth_password = password.encode('utf8', 'strict') - config['platform::ceph::params::rgw_service_password'] = \ - swift_auth_password - - config['platform::ceph::params::rgw_service_domain'] = \ - self._get_swift_service_user_domain_name() - config['platform::ceph::params::rgw_service_project'] = \ - self._get_swift_service_tenant_name() + config.update( + {'platform::ceph::rgw::keystone::swift_endpts_enabled': + True}) + config.pop('platform::ceph::rgw::keystone::rgw_admin_user') + config.update({'platform::ceph::rgw::keystone::rgw_admin_password': + swift_auth_password}) + config.update({'platform::ceph::rgw::keystone::rgw_admin_domain': + swift.RADOSGW_SERVICE_DOMAIN_NAME}) + config.update({'platform::ceph::rgw::keystone::rgw_admin_project': + swift.RADOSGW_SERVICE_PROJECT_NAME}) + else: + raise exception.SysinvException( + "Unable to retreive containerized swift auth password") return config @@ -274,3 +291,25 @@ class CephPuppet(openstack.OpenstackBasePuppet): if ceph_mons: return ceph_mons[0] return None + + def _is_radosgw_enabled(self): + enabled = False + try: + radosgw_enabled = self.dbapi.service_parameter_get_one( + service=constants.SERVICE_TYPE_RADOSGW, + section=constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + name=constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED) + if radosgw_enabled and radosgw_enabled.value.lower() == 'true': + enabled = True + except exception.NotFound: + LOG.error("Service parameter not found: %s/%s/%s" % + (constants.SERVICE_TYPE_RADOSGW, + constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED)) + + except exception.MultipleResults: + LOG.error("Multiple service parameters found for %s/%s/%s" % + (constants.SERVICE_TYPE_RADOSGW, + constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED)) + return enabled diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py b/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py index c500b5832f..f764d100cb 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py @@ -31,7 +31,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet): ADMIN_USER = 'admin' DEFAULT_DOMAIN_NAME = 'Default' - SWIFT_DOMAIN_NAME = 'service' def _region_config(self): # A wrapper over the Base region_config check. @@ -299,9 +298,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet): return service_config.capabilities.get('admin_project_domain') return self.DEFAULT_DOMAIN_NAME - def get_swift_service_user_domain(self): - return self.SWIFT_DOMAIN_NAME - def get_service_user_domain(self): if self._region_config(): service_config = self._get_service_config(self.SERVICE_NAME) diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py b/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py index ea53747546..c01bf7e07c 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py @@ -160,9 +160,6 @@ class OpenstackBasePuppet(base.BasePuppet): return self._region_name() - def _get_swift_service_tenant_name(self): - return self._get_swift_service_project_name() - def _get_service_tenant_name(self): return self._get_service_project_name()