Enable Swift on controllers

Enable Swift on controllers to provide low-capacity object storage for
users who don't want to rely on the Swift-over-Ceph solution.

Swift can be turned on after config_controller by CLI:
system service-parameter-modify swift config service_enabled=true
system service-parameter-modify swift config fs_size_mb=50 (optional)
system service-parameter-apply swift

By default the filesystem size is 25MB. Users can optionally modify the
size before issuing service-parameter-apply:
system service-parameter-modify swift config fs_size_mb=50

Story: 2003518
Task: 24793
Depends-On: https://review.openstack.org/595330

Change-Id: Ic28a2c21ee0823ce55b5d1f0e1123a418d20be04
Signed-off-by: Jack Ding <jack.ding@windriver.com>

puppet-manifests/src/manifests/controller.pp

@@ -125,6 +125,10 @@ include ::platform::dcmanager::api
 include ::platform::dcorch::snmp
 
 include ::platform::smapi
+
+include ::openstack::swift
+include ::openstack::swift::api
+
 include ::platform::sm
 
 class { '::platform::config::controller::post':

puppet-manifests/src/modules/openstack/manifests/swift.pp

@@ -0,0 +1,131 @@
+class openstack::swift::params (
+  $swift_hash_path_suffix = 'swift_secret',
+  $service_name = 'openstack-swift',
+  $service_enabled = false,
+  $api_port = 8080,
+  $api_host = '127.0.0.1',
+  $fs_size_mb = '25',
+) { }
+
+
+class openstack::swift::firewall
+  inherits ::openstack::swift::params {
+
+  platform::firewall::rule { 'swift-api':
+    service_name => 'swift',
+    ports => $api_port,
+  }
+}
+
+
+class openstack::swift::haproxy
+  inherits ::openstack::swift::params {
+
+  platform::haproxy::proxy { 'swift-restapi':
+    server_name => 's-swift',
+    public_port => $api_port,
+    private_port => $api_port,
+  }
+}
+
+
+class openstack::swift::api {
+  include ::openstack::swift::firewall
+  include ::openstack::swift::haproxy
+}
+
+
+class openstack::swift
+  inherits ::openstack::swift::params {
+
+  include ::platform::params
+  include ::openstack::keystone::params
+
+  if $service_enabled {
+    if str2bool($::is_controller_active) or
+       str2bool($::is_standalone_controller) {
+      class { '::swift::keystone::auth':
+        configure_s3_endpoint => false,
+      }
+    }
+
+    class { '::swift':
+      swift_hash_path_suffix => $swift_hash_path_suffix
+    }
+
+    include swift::proxy::healthcheck
+    include swift::proxy::proxy_logging
+    include swift::proxy::authtoken
+    include swift::proxy::keystone
+    include swift::proxy::container_quotas
+    class { 'swift::proxy':
+      account_autocreate => true,
+      proxy_local_net_ip => $api_host,
+      port               => $api_port,
+      pipeline           => ['healthcheck', 'authtoken', 'keystone', 'container-quotas' , 'proxy-logging', 'proxy-server'],
+    }
+
+    swift::storage::loopback { '1':
+      require      => Class['swift'],
+      base_dir     => '/srv/loopback-device',
+      mnt_base_dir => '/srv/node',
+      byte_size    => '1024',
+      seek         => $fs_size_mb*1024,
+    }
+
+    # remove dependency on xinetd
+    class { '::rsync::server':
+      use_xinetd => false,
+      address    => $api_host,
+      use_chroot => 'no',
+    }
+
+    class { 'swift::storage::all':
+      storage_local_net_ip => $api_host,
+      object_port          => '6200',
+      container_port       => '6201',
+      account_port         => '6202',
+      account_pipeline     => ['healthcheck', 'recon', 'account-server'],
+      container_pipeline   => ['healthcheck', 'recon', 'container-server'],
+      object_pipeline      => ['healthcheck', 'recon', 'object-server'],
+      # Turn on support for object versioning
+      allow_versions       => true,
+    }
+
+    $rings = [
+      'account',
+      'object',
+      'container']
+    swift::storage::filter::recon { $rings: }
+    swift::storage::filter::healthcheck { $rings: }
+
+    ring_object_device { "${api_host}:6200/1":
+      region => 1, # optional, defaults to 1
+      zone   => 1,
+      weight => 1,
+    }
+
+    ring_container_device { "${api_host}:6201/1":
+      zone   => 1,
+      weight => 1,
+    }
+
+    ring_account_device { "${api_host}:6202/1":
+      zone   => 1,
+      weight => 1,
+    }
+
+    class { 'swift::ringbuilder':
+      part_power     => '10',
+      # number of replicas can not be more than the number of nodes
+      replicas       => '1',
+      min_part_hours => '1',
+      require        => Class['swift'],
+    }
+  }
+}
+
+
+class openstack::swift::runtime {
+  include ::openstack::swift
+}

puppet-manifests/src/modules/platform/manifests/haproxy.pp

@@ -153,6 +153,7 @@ class platform::haproxy::runtime {
   include ::openstack::ironic::haproxy
   include ::openstack::panko::haproxy
   include ::openstack::gnocchi::haproxy
+  include ::openstack::swift::haproxy
 
   class {'::platform::haproxy::reload':
     stage => post

sysinv/sysinv/sysinv/setup.cfg

@@ -69,7 +69,8 @@ systemconfig.puppet_plugins =
     029_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
     030_smapi = sysinv.puppet.smapi:SmPuppet
     031_fm = sysinv.puppet.fm:FmPuppet
-    032_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
+    032_swift = sysinv.puppet.swift:SwiftPuppet
+    033_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
 
 [pbr]
 autodoc_index_modules = True

sysinv/sysinv/sysinv/sysinv/api/controllers/v1/storage_ceph.py

@@ -947,7 +947,9 @@ def _update_pool_quotas(storceph):
 
 
 def _check_object_gateway_install():
+    # Ensure we have the required number of monitors
     api_helper.check_minimal_number_of_controllers(2)
+    api_helper.check_swift_enabled()
 
 
 def _patch(storceph_uuid, patch):
@@ -1114,7 +1116,6 @@ def _patch(storceph_uuid, patch):
         # attribute and DB column. This should be driven by if the service
         # is added to the services list
         if object_gateway_install:
-            # Ensure we have the required number of monitors
             _check_object_gateway_install()
 
     # Update current ceph storage object again for object_gateway delta adjustments

sysinv/sysinv/sysinv/sysinv/api/controllers/v1/utils.py

@@ -581,6 +581,21 @@ class SBApiHelper(object):
                     min_number
                 )
 
+    @staticmethod
+    def check_swift_enabled():
+        try:
+            swift_enabled = pecan.request.dbapi.service_parameter_get_one(
+                service=constants.SERVICE_TYPE_SWIFT,
+                section=constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
+                name=constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED)
+            if swift_enabled:
+                raise wsme.exc.ClientSideError(
+                    "Swift is already enabled through service parameter.")
+        except exception.SysinvException:
+            raise wsme.exc.ClientSideError(
+                "Failed to check if Swift is already enabled through service "
+                "parameter.")
+
     @staticmethod
     def getListFromServices(be_dict):
         return [] if be_dict['services'] is None else be_dict['services'].split(',')

sysinv/sysinv/sysinv/sysinv/common/constants.py

@@ -975,6 +975,11 @@ SERVICE_PARAM_SECTION_AODH_DATABASE = "database"
 SERVICE_PARAM_NAME_AODH_DATABASE_ALARM_HISTORY_TIME_TO_LIVE = "alarm_history_time_to_live"
 SERVICE_PARAM_AODH_DATABASE_ALARM_HISTORY_TIME_TO_LIVE_DEFAULT = PM_TTL_DEFAULT
 
+SERVICE_PARAM_SECTION_SWIFT_CONFIG = 'config'
+SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED = 'service_enabled'
+SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB = 'fs_size_mb'
+# default filesystem size to 25 MB
+SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT = 25
 
 # TIS part number, CPE = combined load, STD = standard load
 TIS_STD_BUILD = 'Standard'

sysinv/sysinv/sysinv/sysinv/common/service_parameter.py

@@ -21,7 +21,9 @@ import urlparse
 
 from sysinv.common import constants
 from sysinv.common import exception
+from sysinv.common.storage_backend_conf import StorageBackendConfig
 from sysinv.common import utils as cutils
+from sysinv.db import api as db_api
 from sysinv.openstack.common import log
 from sysinv.openstack.common.gettextutils import _
 
@@ -588,6 +590,18 @@ def _rpm_pkg_is_installed(pkg_name):
     return (sum > 0)
 
 
+def _validate_swift_enabled(name, value):
+    _validate_boolean(name, value)
+    if not value:
+        return
+    dbapi = db_api.get_instance()
+    ceph_backend = StorageBackendConfig.get_backend_conf(
+        dbapi, constants.CINDER_BACKEND_CEPH)
+    if ceph_backend and ceph_backend.object_gateway:
+        raise wsme.exc.ClientSideError(_(
+            "Swift API is already supported by Ceph Object Gateway."))
+
+
 # LDAP Identity Service Parameters (mandatory)
 SERVICE_PARAM_IDENTITY_LDAP_URL = 'url'
 
@@ -1368,6 +1382,29 @@ AODH_PARAMETER_RESOURCE = {
         'aodh::alarm_history_time_to_live',
 }
 
+SWIFT_CONFIG_PARAMETER_MANDATORY = [
+    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED,
+]
+
+SWIFT_CONFIG_PARAMETER_OPTIONAL = [
+    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
+]
+
+SWIFT_CONFIG_PARAMETER_VALIDATOR = {
+    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: _validate_swift_enabled,
+    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB: _validate_integer,
+}
+
+SWIFT_CONFIG_PARAMETER_RESOURCE = {
+    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED:
+        'openstack::swift::params::service_enabled',
+    constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB:
+        'openstack::swift::params::fs_size_mb',
+}
+
+SWIFT_CONFIG_PARAMETER_DATA_FORMAT = {
+    constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN,
+}
 
 # Service Parameter Schema
 SERVICE_PARAM_MANDATORY = 'mandatory'
@@ -1536,6 +1573,15 @@ SERVICE_PARAMETER_SCHEMA = {
             SERVICE_PARAM_RESOURCE: AODH_PARAMETER_RESOURCE,
         },
     },
+    constants.SERVICE_TYPE_SWIFT: {
+        constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG: {
+            SERVICE_PARAM_MANDATORY: SWIFT_CONFIG_PARAMETER_MANDATORY,
+            SERVICE_PARAM_OPTIONAL: SWIFT_CONFIG_PARAMETER_OPTIONAL,
+            SERVICE_PARAM_VALIDATOR: SWIFT_CONFIG_PARAMETER_VALIDATOR,
+            SERVICE_PARAM_RESOURCE: SWIFT_CONFIG_PARAMETER_RESOURCE,
+            SERVICE_PARAM_DATA_FORMAT: SWIFT_CONFIG_PARAMETER_DATA_FORMAT,
+        },
+    },
 }
 
 SERVICE_PARAMETER_MAX_LENGTH = 255

sysinv/sysinv/sysinv/sysinv/conductor/manager.py

@@ -497,6 +497,14 @@ class ConductorManager(service.PeriodicService):
          'section': constants.SERVICE_PARAM_SECTION_PLATFORM_SYSINV,
          'name': constants.SERVICE_PARAM_NAME_SYSINV_FIREWALL_RULES_ID,
          'value': None},
+        {'service': constants.SERVICE_TYPE_SWIFT,
+         'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
+         'name': constants.SERVICE_PARAM_NAME_SWIFT_SERVICE_ENABLED,
+         'value': False},
+        {'service': constants.SERVICE_TYPE_SWIFT,
+         'section': constants.SERVICE_PARAM_SECTION_SWIFT_CONFIG,
+         'name': constants.SERVICE_PARAM_NAME_SWIFT_FS_SIZE_MB,
+         'value': constants.SERVICE_PARAM_SWIFT_FS_SIZE_MB_DEFAULT},
     ]
 
     def _create_default_service_parameter(self):
@@ -6895,6 +6903,14 @@ class ConductorManager(service.PeriodicService):
                 }
                 self._config_apply_runtime_manifest(context, config_uuid, config_dict)
 
+            elif service == constants.SERVICE_TYPE_SWIFT:
+                personalities = [constants.CONTROLLER]
+                config_dict = {
+                    "personalities": personalities,
+                    "classes": ['openstack::swift::runtime']
+                }
+                self._config_apply_runtime_manifest(context, config_uuid, config_dict)
+
     def update_security_feature_config(self, context):
         """Update the kernel options configuration"""
         personalities = constants.PERSONALITIES

sysinv/sysinv/sysinv/sysinv/puppet/swift.py

@@ -0,0 +1,56 @@
+#
+# Copyright (c) 2018 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+
+from . import openstack
+
+
+class SwiftPuppet(openstack.OpenstackBasePuppet):
+    """Class to encapsulate puppet operations for Swift configuration"""
+
+    SERVICE_NAME = 'swift'
+    SERVICE_PORT = 8080
+    SERVICE_PATH = 'v1/AUTH_%(tenant_id)s'
+
+    def get_secure_static_config(self):
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        return {
+            'swift::keystone::auth::password': kspass,
+            'swift::proxy::authtoken::password': kspass,
+        }
+
+    def get_system_config(self):
+        ksuser = self._get_service_user_name(self.SERVICE_NAME)
+
+        config = {
+            'openstack::swift::params::api_host':
+                self._get_management_address(),
+            'swift::keystone::auth::region':
+                self._get_service_region_name(self.SERVICE_NAME),
+            'swift::keystone::auth::auth_name': ksuser,
+            'swift::keystone::auth::tenant': self._get_service_tenant_name(),
+            'swift::keystone::auth::public_url': self.get_public_url(),
+            'swift::keystone::auth::internal_url': self.get_internal_url(),
+            'swift::keystone::auth::admin_url': self.get_admin_url(),
+            'swift::proxy::authtoken::auth_uri': self._keystone_auth_uri(),
+            'swift::proxy::authtoken::auth_url': self._keystone_identity_uri(),
+            'swift::proxy::authtoken::project_name':
+                self._get_service_tenant_name(),
+            'swift::proxy::authtoken::username': ksuser,
+        }
+        return config
+
+    def get_public_url(self):
+        return self._format_public_endpoint(self.SERVICE_PORT,
+                                            path=self.SERVICE_PATH)
+
+    def get_internal_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_admin_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT)