From 338ed34ea380f9b73522ac9f8d8fde6e5a52ea7e Mon Sep 17 00:00:00 2001 From: Robert Church Date: Mon, 29 Jul 2019 01:14:26 -0400 Subject: [PATCH] Configure radosgw and ceph-rgw as optional services radosgw is a now an optional platform service which is provisioned via a system service parameter. To align with this optionality, the ceph-rgw chart which is used to enable the containerized swift endpoints also becomes optional. Changes include: - Update the stx-openstack application disabled_charts setting in the application metadata.yaml to include the ceph-rgw chart. This sets the initial chart state to disabled. - Optimize ceph.pp puppet manifests to provide two runtime classes: one for setting up the platform radosgw configuration which will set the haproxy configuration and the other for updating the keystone information in the ceph configuration based on if the ceph-rgw chart is enabled. - Update the sm.pp manifest to dynamically provision/deprovision the radosgw based on if it's enabled in the service parameters - Rename the SWIFT service parameters to RADOSGW as this is the platform service being enabled. - Restructure ceph.py/ceph.pp to generate and use hieradata such that _revert_cephrgw_config() and _update_cephrgw_config() can be combined into a single function for runtime updates. Change-Id: Id8d5c6b1159881d44810fc3622990456f1e54e75 Depends-On: If284f622ceac48c4ffd74e7022fdd390971d0fd8 Partial-Bug: #1833738 Signed-off-by: Robert Church --- .../stx-openstack-helm/files/metadata.yaml | 1 + .../src/modules/platform/manifests/ceph.pp | 134 +++++++++--------- .../src/modules/platform/manifests/sm.pp | 24 +++- .../sysinv/sysinv/sysinv/common/constants.py | 12 +- .../sysinv/sysinv/common/service_parameter.py | 56 ++++---- sysinv/sysinv/sysinv/sysinv/common/utils.py | 26 ++++ .../sysinv/sysinv/sysinv/conductor/manager.py | 48 +++---- sysinv/sysinv/sysinv/sysinv/helm/base.py | 11 +- sysinv/sysinv/sysinv/sysinv/helm/swift.py | 4 + sysinv/sysinv/sysinv/sysinv/puppet/base.py | 4 - sysinv/sysinv/sysinv/sysinv/puppet/ceph.py | 67 +++++++-- .../sysinv/sysinv/sysinv/puppet/keystone.py | 4 - .../sysinv/sysinv/sysinv/puppet/openstack.py | 3 - 13 files changed, 228 insertions(+), 166 deletions(-) diff --git a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml index 53ad5ea576..28bcc294f3 100644 --- a/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml +++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/stx-openstack-helm/files/metadata.yaml @@ -2,6 +2,7 @@ disabled_charts: - aodh - barbican - ceilometer +- ceph-rgw - gnocchi - ironic - panko diff --git a/puppet-manifests/src/modules/platform/manifests/ceph.pp b/puppet-manifests/src/modules/platform/manifests/ceph.pp index 9050457e58..943ae5881c 100644 --- a/puppet-manifests/src/modules/platform/manifests/ceph.pp +++ b/puppet-manifests/src/modules/platform/manifests/ceph.pp @@ -22,6 +22,7 @@ class platform::ceph::params( $mon_2_host = undef, $mon_2_ip = undef, $mon_2_addr = undef, + $rgw_enabled = false, $rgw_client_name = 'radosgw.gateway', $rgw_user_name = 'root', $rgw_frontend_type = 'civetweb', @@ -30,10 +31,6 @@ class platform::ceph::params( $rgw_service_domain = undef, $rgw_service_project = undef, $rgw_service_password = undef, - $rgw_admin_domain = undef, - $rgw_admin_project = undef, - $rgw_admin_user = 'swift', - $rgw_admin_password = undef, $rgw_max_put_size = '53687091200', $rgw_gc_max_objs = '977', $rgw_gc_obj_min_wait = '600', @@ -411,7 +408,7 @@ class platform::ceph::osds( class platform::ceph::haproxy inherits ::platform::ceph::params { - if $service_enabled { + if $rgw_enabled { platform::haproxy::proxy { 'ceph-radosgw-restapi': server_name => 's-ceph-radosgw', public_port => $rgw_port, @@ -420,60 +417,48 @@ class platform::ceph::haproxy } } -class platform::ceph::rgw::runtime - inherits ::platform::ceph::params { - if $service_enabled { - include ::platform::params +class platform::ceph::rgw::keystone ( + $swift_endpts_enabled = false, + $rgw_admin_domain = undef, + $rgw_admin_project = undef, + $rgw_admin_user = 'swift', + $rgw_admin_password = undef, +) inherits ::platform::ceph::params { + include ::openstack::keystone::params + if $rgw_enabled { - include ::openstack::keystone::params - - ceph::rgw::keystone { $rgw_client_name: - rgw_keystone_admin_token => '', - rgw_keystone_url => $::openstack::keystone::params::openstack_auth_uri, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - user => $rgw_user_name, - use_pki => false, - rgw_keystone_admin_domain => $rgw_service_domain, - rgw_keystone_admin_project => $rgw_service_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_service_password, - } - exec { 'sm-restart-safe service ceph-radosgw': - command => 'sm-restart-safe service ceph-radosgw' - } + if $swift_endpts_enabled { + $url = $::openstack::keystone::params::openstack_auth_uri + } else { + $url = $::openstack::keystone::params::auth_uri } + + ceph::rgw::keystone { $rgw_client_name: + # keystone admin token is disabled after initial keystone configuration + # for security reason. Use keystone service tenant credentials instead. + rgw_keystone_admin_token => '', + rgw_keystone_url => $url, + rgw_keystone_version => $::openstack::keystone::params::api_version, + rgw_keystone_accepted_roles => 'admin,_member_', + user => $rgw_user_name, + use_pki => false, + rgw_keystone_revocation_interval => 0, + rgw_keystone_token_cache_size => 0, + rgw_keystone_admin_domain => $rgw_admin_domain, + rgw_keystone_admin_project => $rgw_admin_project, + rgw_keystone_admin_user => $rgw_admin_user, + rgw_keystone_admin_password => $rgw_admin_password, + } + } } -class platform::ceph::rgw::runtime_revert - inherits ::platform::ceph::params { - if $service_enabled { - include ::platform::params - - include ::openstack::keystone::params - - ceph::rgw::keystone { $rgw_client_name: - rgw_keystone_admin_token => '', - rgw_keystone_url => $::openstack::keystone::params::auth_uri, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - user => $rgw_user_name, - use_pki => false, - rgw_keystone_admin_domain => $rgw_admin_domain, - rgw_keystone_admin_project => $rgw_admin_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_admin_password, - } - exec { 'sm-restart-safe service ceph-radosgw': - command => 'sm-restart-safe service ceph-radosgw' - } - } -} class platform::ceph::rgw inherits ::platform::ceph::params { + include ::ceph::params + include ::ceph::profile::params - if $service_enabled { + if $rgw_enabled { include ::platform::params include ::openstack::keystone::params @@ -491,19 +476,7 @@ class platform::ceph::rgw log_file => $rgw_log_file, } - ceph::rgw::keystone { $rgw_client_name: - # keystone admin token is disabled after initial keystone configuration - # for security reason. Use keystone service tenant credentials instead. - rgw_keystone_admin_token => '', - rgw_keystone_url => $::openstack::keystone::params::auth_uri, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - use_pki => false, - rgw_keystone_admin_domain => $rgw_admin_domain, - rgw_keystone_admin_project => $rgw_admin_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_admin_password, - } + include ::platform::ceph::rgw::keystone ceph_config { # increase limit for single operation uploading to 50G (50*1024*1024*1024) @@ -599,3 +572,36 @@ class platform::ceph::runtime_osds { } } } + +# Used to configure optional radosgw platform service +class platform::ceph::rgw::runtime + inherits ::platform::ceph::params { + + include platform::ceph::rgw + + # Make sure the ceph configuration is complete before sm dynamically + # provisions/deprovisions the service + Class[$name] -> Class['::platform::sm::rgw::runtime'] + + unless $rgw_enabled { + # SM's current behavior will not stop the service being de-provisioned, so + # stop it when needed + exec { 'Stopping ceph-radosgw service': + command => '/etc/init.d/ceph-radosgw stop' + } + } +} + +# Used to configure radosgw keystone info based on containerized swift endpoints +# being enabled/disabled +class platform::ceph::rgw::keystone::runtime + inherits ::platform::ceph::params { + + include ::platform::ceph::rgw::keystone + + exec { 'sm-restart-safe service ceph-radosgw': + command => 'sm-restart-safe service ceph-radosgw' + } +} + + diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp index 3cfbfe46bd..3fbbb68cab 100644 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ b/puppet-manifests/src/modules/platform/manifests/sm.pp @@ -175,6 +175,7 @@ class platform::sm # Ceph-Rados-Gateway include ::platform::ceph::params $ceph_configured = $::platform::ceph::params::service_enabled + $rgw_configured = $::platform::ceph::params::rgw_enabled if $system_mode == 'simplex' { $hostunit = '0' @@ -818,13 +819,20 @@ class platform::sm } # Ceph-Rados-Gateway - if $ceph_configured { + if $rgw_configured { exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw' } -> exec { 'Provision Ceph-Rados-Gateway (service ceph-radosgw)': command => 'sm-provision service ceph-radosgw', } + } else { + exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': + command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw' + } + -> exec { 'Deprovision Ceph-Rados-Gateway (service ceph-radosgw)': + command => 'sm-deprovision service ceph-radosgw', + } } if $ldapserver_remote { @@ -989,3 +997,17 @@ class platform::sm::stx_openstack::runtime { } } } + +class platform::sm::rgw::runtime { + $rgw_configured = $::platform::ceph::params::rgw_enabled + + if $rgw_configured { + exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': + command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw --apply' + } + } else { + exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': + command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw --apply' + } + } +} diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py index 547974b59c..9020eafc39 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/constants.py +++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py @@ -906,7 +906,7 @@ SERVICE_TYPE_HORIZON = "horizon" SERVICE_TYPE_CEPH = 'ceph' SERVICE_TYPE_CINDER = 'cinder' SERVICE_TYPE_PLATFORM = 'platform' -SERVICE_TYPE_SWIFT = 'swift' +SERVICE_TYPE_RADOSGW = 'radosgw' SERVICE_TYPE_GLANCE = 'glance' SERVICE_TYPE_BARBICAN = 'barbican' SERVICE_TYPE_DOCKER = 'docker' @@ -954,9 +954,9 @@ SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT = 0 # default time to live seconds PM_TTL_DEFAULT = 86400 -SERVICE_PARAM_SECTION_SWIFT_CONFIG = 'config' -SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED = 'service_enabled' -SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB = 'fs_size_mb' +SERVICE_PARAM_SECTION_RADOSGW_CONFIG = 'config' +SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED = 'service_enabled' +SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB = 'fs_size_mb' # docker parameters SERVICE_PARAM_SECTION_DOCKER_PROXY = 'proxy' @@ -976,7 +976,7 @@ SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES = 'certificates' SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST = 'apiserver_certsan' # default filesystem size to 25 MB -SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT = 25 +SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT = 25 # HTTP Service Parameters SERVICE_PARAM_SECTION_HTTP_CONFIG = 'config' @@ -1139,7 +1139,7 @@ PARTITION_MANAGE_LOCK = "partition-manage" # Optional services ALL_OPTIONAL_SERVICES = [SERVICE_TYPE_CINDER, - SERVICE_TYPE_SWIFT] + SERVICE_TYPE_RADOSGW] # System mode SYSTEM_MODE_DUPLEX = "duplex" diff --git a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py index 5046b28a19..15c804e267 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py +++ b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py @@ -14,9 +14,7 @@ import wsme from sysinv.common import constants from sysinv.common import exception -from sysinv.common.storage_backend_conf import StorageBackendConfig from sysinv.common import utils as cutils -from sysinv.db import api as db_api from sysinv.openstack.common import log from sysinv.openstack.common.gettextutils import _ @@ -262,16 +260,10 @@ def _rpm_pkg_is_installed(pkg_name): return (sum > 0) -def _validate_swift_enabled(name, value): - _validate_boolean(name, value) - if not value: - return - dbapi = db_api.get_instance() - ceph_backend = StorageBackendConfig.get_backend_conf( - dbapi, constants.CINDER_BACKEND_CEPH) - if ceph_backend and ceph_backend.object_gateway: +def _validate_radosgw_enabled(name, value): + if not cutils.is_valid_boolstr(value): raise wsme.exc.ClientSideError(_( - "Swift API is already supported by Ceph Object Gateway.")) + "Parameter '%s' must be a valid bool string." % name)) def _validate_docker_proxy_address(name, value): @@ -405,28 +397,28 @@ PLATFORM_MTCE_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT: 'platform::mtce::params::mnfa_timeout', } -SWIFT_CONFIG_PARAMETER_MANDATORY = [ - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED, +RADOSGW_CONFIG_PARAMETER_MANDATORY = [ + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED, ] -SWIFT_CONFIG_PARAMETER_OPTIONAL = [ - constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB, +RADOSGW_CONFIG_PARAMETER_OPTIONAL = [ + constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB, ] -SWIFT_CONFIG_PARAMETER_VALIDATOR = { - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: _validate_swift_enabled, - constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: _validate_integer, +RADOSGW_CONFIG_PARAMETER_VALIDATOR = { + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: _validate_radosgw_enabled, + constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: _validate_integer, } -SWIFT_CONFIG_PARAMETER_RESOURCE = { - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: - 'openstack::swift::params::service_enabled', - constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: - 'openstack::swift::params::fs_size_mb', +RADOSGW_CONFIG_PARAMETER_RESOURCE = { + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: + 'openstack::radosgw::params::service_enabled', + constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: + 'openstack::radosgw::params::fs_size_mb', } -SWIFT_CONFIG_PARAMETER_DATA_FORMAT = { - constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN, +RADOSGW_CONFIG_PARAMETER_DATA_FORMAT = { + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN, } DOCKER_PROXY_PARAMETER_OPTIONAL = [ @@ -563,13 +555,13 @@ SERVICE_PARAMETER_SCHEMA = { SERVICE_PARAM_RESOURCE: HORIZON_AUTH_PARAMETER_RESOURCE, }, }, - constants.SERVICE_TYPE_SWIFT: { - constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG: { - SERVICE_PARAM_MANDATORY: SWIFT_CONFIG_PARAMETER_MANDATORY, - SERVICE_PARAM_OPTIONAL: SWIFT_CONFIG_PARAMETER_OPTIONAL, - SERVICE_PARAM_VALIDATOR: SWIFT_CONFIG_PARAMETER_VALIDATOR, - SERVICE_PARAM_RESOURCE: SWIFT_CONFIG_PARAMETER_RESOURCE, - SERVICE_PARAM_DATA_FORMAT: SWIFT_CONFIG_PARAMETER_DATA_FORMAT, + constants.SERVICE_TYPE_RADOSGW: { + constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG: { + SERVICE_PARAM_MANDATORY: RADOSGW_CONFIG_PARAMETER_MANDATORY, + SERVICE_PARAM_OPTIONAL: RADOSGW_CONFIG_PARAMETER_OPTIONAL, + SERVICE_PARAM_VALIDATOR: RADOSGW_CONFIG_PARAMETER_VALIDATOR, + SERVICE_PARAM_RESOURCE: RADOSGW_CONFIG_PARAMETER_RESOURCE, + SERVICE_PARAM_DATA_FORMAT: RADOSGW_CONFIG_PARAMETER_DATA_FORMAT, }, }, constants.SERVICE_TYPE_DOCKER: { diff --git a/sysinv/sysinv/sysinv/sysinv/common/utils.py b/sysinv/sysinv/sysinv/sysinv/common/utils.py index 19ee89c9aa..e6afb9cb20 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/utils.py +++ b/sysinv/sysinv/sysinv/sysinv/common/utils.py @@ -2067,3 +2067,29 @@ def generate_armada_manifest_dir(app_name, app_version): def generate_armada_manifest_filename_abs(armada_mfile_dir, app_name, manifest_filename): return os.path.join(armada_mfile_dir, app_name + '-' + manifest_filename) + + +def is_chart_enabled(dbapi, app_name, chart_name, namespace): + """ + Check if the chart is enable at an application level + + :param app_name: Application name + :param chart_name: Chart supplied with the application + :param namespace: Namespace where the chart will be executed + + Returns true by default if an exception occurs as most charts are + enabled. + """ + try: + db_app = dbapi.kube_app_get(app_name) + db_chart = dbapi.helm_override_get(db_app.id, chart_name, namespace) + except exception.KubeAppNotFound: + LOG.exception("is_chart_enabled: %s application unknown" % (app_name)) + return True + except exception.HelmOverrideNotFound: + LOG.exception("is_chart_enabled: %s/%s/%s overrides missing" % ( + app_name, chart_name, namespace)) + return True + + return db_chart.system_overrides.get(helm_common.HELM_CHART_ATTR_ENABLED, + False) diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 0c68a81c7c..684d71712d 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -462,14 +462,14 @@ class ConductorManager(service.PeriodicService): 'name': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT, 'value': constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_DEFAULT, }, - {'service': constants.SERVICE_TYPE_SWIFT, - 'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG, - 'name': constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED, + {'service': constants.SERVICE_TYPE_RADOSGW, + 'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + 'name': constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED, 'value': False}, - {'service': constants.SERVICE_TYPE_SWIFT, - 'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG, - 'name': constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB, - 'value': constants.SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT}, + {'service': constants.SERVICE_TYPE_RADOSGW, + 'section': constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + 'name': constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB, + 'value': constants.SERVICE_PARAM_RADOSGW_FS_SIZE_MB_DEFAULT}, {'service': constants.SERVICE_TYPE_HTTP, 'section': constants.SERVICE_PARAM_SECTION_HTTP_CONFIG, 'name': constants.SERVICE_PARAM_HTTP_PORT_HTTP, @@ -6220,21 +6220,6 @@ class ConductorManager(service.PeriodicService): config_uuid, config_dict) - def _revert_cephrgw_config(self, context): - """ Revert ceph rgw configuration. """ - personalities = [constants.CONTROLLER] - - config_uuid = self._config_update_hosts(context, personalities) - - config_dict = { - "personalities": personalities, - "classes": ['platform::ceph::rgw::runtime_revert'] - } - - self._config_apply_runtime_manifest(context, - config_uuid, - config_dict) - def _update_config_for_stx_openstack(self, context): """ Update the runtime configurations that are required for stx-openstack application @@ -6253,15 +6238,15 @@ class ConductorManager(service.PeriodicService): config_uuid, config_dict) - def _update_cephrgw_config(self, context): - """ Update ceph rgw configuration. """ + def _update_radosgw_config(self, context): + """ Update ceph radosgw configuration. """ personalities = [constants.CONTROLLER] config_uuid = self._config_update_hosts(context, personalities) config_dict = { "personalities": personalities, - "classes": ['platform::ceph::rgw::runtime'] + "classes": ['platform::ceph::rgw::keystone::runtime'] } self._config_apply_runtime_manifest(context, @@ -7024,11 +7009,13 @@ class ConductorManager(service.PeriodicService): } self._config_apply_runtime_manifest(context, config_uuid, config_dict) - elif service == constants.SERVICE_TYPE_SWIFT: + elif service == constants.SERVICE_TYPE_RADOSGW: personalities = [constants.CONTROLLER] config_dict = { "personalities": personalities, - "classes": ['openstack::swift::runtime'] + "classes": ['platform::ceph::rgw::runtime', + 'platform::sm::rgw::runtime', + 'platform::haproxy::runtime'] } self._config_apply_runtime_manifest(context, config_uuid, config_dict) @@ -10200,12 +10187,15 @@ class ConductorManager(service.PeriodicService): # generate .unlock_ready flag cutils.touch(constants.UNLOCK_READY_FLAG) else: - self._update_cephrgw_config(context) # apply any runtime configurations that are needed for # stx_openstack application self._update_config_for_stx_openstack(context) self._update_pciirqaffinity_config(context) + # The radosgw chart may have been enabled/disabled. Regardless of + # the prior apply state, update the ceph config + self._update_radosgw_config(context) + return app_applied def perform_app_update(self, context, from_rpc_app, to_rpc_app, tarfile, operation): @@ -10240,10 +10230,10 @@ class ConductorManager(service.PeriodicService): app_removed = self._app.perform_app_remove(rpc_app) if constants.HELM_APP_OPENSTACK == appname and app_removed: - self._revert_cephrgw_config(context) # Update the VIM and PciIrqAffinity configuration. self._update_vim_config(context) self._update_pciirqaffinity_config(context) + self._update_radosgw_config(context) return app_removed def perform_app_abort(self, context, rpc_app): diff --git a/sysinv/sysinv/sysinv/sysinv/helm/base.py b/sysinv/sysinv/sysinv/sysinv/helm/base.py index 6c0dbcfe7e..21bd43af25 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/base.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/base.py @@ -263,12 +263,5 @@ class BaseHelm(object): Returns true by default if an exception occurs as most charts are enabled. """ - try: - db_app = self.dbapi.kube_app_get(app_name) - db_chart = self.dbapi.helm_override_get(db_app.id, chart_name, namespace) - except exception.KubeAppNotFound: - return True - except exception.HelmOverrideNotFound: - return True - - return db_chart.system_overrides.get(common.HELM_CHART_ATTR_ENABLED, False) + return utils.is_chart_enabled( + self.dbapi, app_name, chart_name, namespace) diff --git a/sysinv/sysinv/sysinv/sysinv/helm/swift.py b/sysinv/sysinv/sysinv/sysinv/helm/swift.py index f6c63899cd..5ac8e31d69 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/swift.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/swift.py @@ -13,6 +13,10 @@ from sysinv.helm import openstack LOG = logging.getLogger(__name__) +# These are set in hiera data and applied via puppet to the radosgw +RADOSGW_SERVICE_DOMAIN_NAME = 'service' +RADOSGW_SERVICE_PROJECT_NAME = 'service' + class SwiftHelm(openstack.OpenstackBaseHelm): """Class to encapsulate helm operations for the swift chart""" diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/base.py b/sysinv/sysinv/sysinv/sysinv/puppet/base.py index 7de53c2cd0..b6a1c221c0 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/base.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/base.py @@ -25,7 +25,6 @@ class BasePuppet(object): CONFIG_WORKDIR = '/tmp/config' DEFAULT_REGION_NAME = 'RegionOne' DEFAULT_SERVICE_PROJECT_NAME = 'services' - SWIFT_SERVICE_PROJECT_NAME = 'service' DEFAULT_KERNEL_OPTIONS = constants.SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_DEFAULT_OPTS SYSTEM_CONTROLLER_SERVICES = [ @@ -127,9 +126,6 @@ class BasePuppet(object): system = self._get_system() return system.region_name - def _get_swift_service_project_name(self): - return self.SWIFT_SERVICE_PROJECT_NAME - def _get_service_project_name(self): if self.dbapi is None: return self.DEFAULT_SERVICE_PROJECT_NAME diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py b/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py index 2b7484ce91..f25f425d14 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/ceph.py @@ -11,10 +11,14 @@ from sysinv.common import constants from sysinv.common import exception from sysinv.common import utils from sysinv.common.storage_backend_conf import StorageBackendConfig +from sysinv.openstack.common import log as logging from sysinv.helm import common +from sysinv.helm import swift from sysinv.puppet import openstack +LOG = logging.getLogger(__name__) + # NOTE: based on openstack service for providing swift object storage services # via Ceph RGW @@ -81,8 +85,6 @@ class CephPuppet(openstack.OpenstackBasePuppet): ms_bind_ipv6 = (netaddr.IPAddress(mon_0_ip).version == constants.IPV6_FAMILY) - ksuser = self._get_service_user_name(self.SERVICE_NAME_RGW) - skip_osds_during_restore = \ (utils.is_std_system(self.dbapi) and ceph_backend.task == constants.SB_TASK_RESTORE) @@ -110,17 +112,26 @@ class CephPuppet(openstack.OpenstackBasePuppet): 'platform::ceph::params::mon_1_addr': mon_1_addr, 'platform::ceph::params::mon_2_addr': mon_2_addr, - 'platform::ceph::params::rgw_admin_user': - ksuser, - 'platform::ceph::params::rgw_admin_domain': + 'platform::ceph::params::rgw_enabled': + self._is_radosgw_enabled(), + 'platform::ceph::rgw::keystone::swift_endpts_enabled': False, + 'platform::ceph::rgw::keystone::rgw_admin_user': + self._get_service_user_name(self.SERVICE_NAME_RGW), + 'platform::ceph::rgw::keystone::rgw_admin_password': + self._get_service_password(self.SERVICE_NAME_RGW), + 'platform::ceph::rgw::keystone::rgw_admin_domain': self._get_service_user_domain_name(), - 'platform::ceph::params::rgw_admin_project': + 'platform::ceph::rgw::keystone::rgw_admin_project': self._get_service_tenant_name(), 'platform::ceph::params::skip_osds_during_restore': skip_osds_during_restore, } - if utils.is_openstack_applied(self.dbapi): + if (utils.is_openstack_applied(self.dbapi) and + utils.is_chart_enabled(self.dbapi, + constants.HELM_APP_OPENSTACK, + common.HELM_CHART_SWIFT, + common.HELM_NS_OPENSTACK)): app = self.dbapi.kube_app_get(constants.HELM_APP_OPENSTACK) override = self.dbapi.helm_override_get( app.id, @@ -130,13 +141,19 @@ class CephPuppet(openstack.OpenstackBasePuppet): self.SERVICE_NAME_RGW, None) if password: swift_auth_password = password.encode('utf8', 'strict') - config['platform::ceph::params::rgw_service_password'] = \ - swift_auth_password - - config['platform::ceph::params::rgw_service_domain'] = \ - self._get_swift_service_user_domain_name() - config['platform::ceph::params::rgw_service_project'] = \ - self._get_swift_service_tenant_name() + config.update( + {'platform::ceph::rgw::keystone::swift_endpts_enabled': + True}) + config.pop('platform::ceph::rgw::keystone::rgw_admin_user') + config.update({'platform::ceph::rgw::keystone::rgw_admin_password': + swift_auth_password}) + config.update({'platform::ceph::rgw::keystone::rgw_admin_domain': + swift.RADOSGW_SERVICE_DOMAIN_NAME}) + config.update({'platform::ceph::rgw::keystone::rgw_admin_project': + swift.RADOSGW_SERVICE_PROJECT_NAME}) + else: + raise exception.SysinvException( + "Unable to retreive containerized swift auth password") return config @@ -274,3 +291,25 @@ class CephPuppet(openstack.OpenstackBasePuppet): if ceph_mons: return ceph_mons[0] return None + + def _is_radosgw_enabled(self): + enabled = False + try: + radosgw_enabled = self.dbapi.service_parameter_get_one( + service=constants.SERVICE_TYPE_RADOSGW, + section=constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + name=constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED) + if radosgw_enabled and radosgw_enabled.value.lower() == 'true': + enabled = True + except exception.NotFound: + LOG.error("Service parameter not found: %s/%s/%s" % + (constants.SERVICE_TYPE_RADOSGW, + constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED)) + + except exception.MultipleResults: + LOG.error("Multiple service parameters found for %s/%s/%s" % + (constants.SERVICE_TYPE_RADOSGW, + constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG, + constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED)) + return enabled diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py b/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py index c500b5832f..f764d100cb 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/keystone.py @@ -31,7 +31,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet): ADMIN_USER = 'admin' DEFAULT_DOMAIN_NAME = 'Default' - SWIFT_DOMAIN_NAME = 'service' def _region_config(self): # A wrapper over the Base region_config check. @@ -299,9 +298,6 @@ class KeystonePuppet(openstack.OpenstackBasePuppet): return service_config.capabilities.get('admin_project_domain') return self.DEFAULT_DOMAIN_NAME - def get_swift_service_user_domain(self): - return self.SWIFT_DOMAIN_NAME - def get_service_user_domain(self): if self._region_config(): service_config = self._get_service_config(self.SERVICE_NAME) diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py b/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py index ea53747546..c01bf7e07c 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/openstack.py @@ -160,9 +160,6 @@ class OpenstackBasePuppet(base.BasePuppet): return self._region_name() - def _get_swift_service_tenant_name(self): - return self._get_swift_service_project_name() - def _get_service_tenant_name(self): return self._get_service_project_name()