Implement Ansible role for Swift

This currently deploys the core services for a working Swift which are
account/container/object/proxy.

I've included some basic docs in docs/swift-related.rst, which gives
usage instructions and more context on this patch. These are really to
give an overview of the state of Swift in Kolla as of now, so unless
there's some major inaccuracy there please don't nitpick it.

Change-Id: Id0c54be3e24c46459c40b16b7020f05bddbe1b19
Implements: blueprint ansible-swift

ansible/group_vars/all.yml

@@ -91,6 +91,10 @@ cinder_api_port: "8776"
 
 memcached_port: "11211"
 
+swift_proxy_server_port: "8080"
+swift_object_server_port: "6000"
+swift_account_server_port: "6001"
+swift_container_server_port: "6002"
 
 ####################
 # Openstack options
@@ -130,6 +134,7 @@ enable_rabbitmq: "yes"
 # Additional optional OpenStack services are specified here
 enable_cinder: "no"
 enable_horizon: "yes"
+enable_swift: "no"
 
 ####################
 # RabbitMQ options

ansible/inventory/all-in-one

@@ -45,6 +45,9 @@ control
 [horizon:children]
 control
 
+[swift:children]
+control
+
 
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@@ -83,7 +86,7 @@ neutron
 [neutron-agents:children]
 neutron
 
-#Cinder
+# Cinder
 [cinder-api:children]
 cinder
 
@@ -95,3 +98,16 @@ cinder
 
 [cinder-volume:children]
 storage
+
+# Swift
+[swift-proxy-server:children]
+swift
+
+[swift-account-server:children]
+storage
+
+[swift-container-server:children]
+storage
+
+[swift-object-server:children]
+storage

ansible/inventory/multinode

@@ -51,6 +51,9 @@ control
 [horizon:children]
 control
 
+[swift:children]
+control
+
 
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@@ -89,7 +92,7 @@ neutron
 [neutron-agents:children]
 neutron
 
-#Cinder
+# Cinder
 [cinder-api:children]
 cinder
 
@@ -101,3 +104,16 @@ cinder
 
 [cinder-volume:children]
 storage
+
+# Swift
+[swift-proxy-server:children]
+storage
+
+[swift-account-server:children]
+storage
+
+[swift-container-server:children]
+storage
+
+[swift-object-server:children]
+storage

ansible/roles/swift/defaults/main.yml

@@ -0,0 +1,58 @@
+---
+project_name: "swift"
+
+####################
+# Docker
+####################
+swift_proxy_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-proxy-server"
+swift_proxy_server_tag: "{{ openstack_release }}"
+swift_proxy_server_image_full: "{{ swift_proxy_server_image }}:{{ swift_proxy_server_tag }}"
+
+swift_data_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-data"
+swift_data_tag: "{{ openstack_release }}"
+swift_data_image_full: "{{ swift_data_image }}:{{ swift_data_tag }}"
+
+swift_account_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-account-server"
+swift_account_server_tag: "{{ openstack_release }}"
+swift_account_server_image_full: "{{ swift_account_server_image }}:{{ swift_account_server_tag }}"
+
+swift_container_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-container-server"
+swift_container_server_tag: "{{ openstack_release }}"
+swift_container_server_image_full: "{{ swift_container_server_image }}:{{ swift_container_server_tag }}"
+
+swift_object_auditor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-auditor"
+swift_object_auditor_tag: "{{ openstack_release }}"
+swift_object_auditor_image_full: "{{ swift_object_auditor_image }}:{{ swift_object_auditor_tag }}"
+
+swift_object_expirer_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-expirer"
+swift_object_expirer_tag: "{{ openstack_release }}"
+swift_object_expirer_image_full: "{{ swift_object_expirer_image }}:{{ swift_object_expirer_tag }}"
+
+swift_object_replicator_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-replicator"
+swift_object_replicator_tag: "{{ openstack_release }}"
+swift_object_replicator_image_full: "{{ swift_object_replicator_image }}:{{ swift_object_replicator_tag }}"
+
+swift_object_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-server"
+swift_object_server_tag: "{{ openstack_release }}"
+swift_object_server_image_full: "{{ swift_object_server_image }}:{{ swift_object_server_tag }}"
+
+swift_object_updater_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-swift-object-updater"
+swift_object_updater_tag: "{{ openstack_release }}"
+swift_object_updater_image_full: "{{ swift_object_updater_image }}:{{ swift_object_updater_tag }}"
+
+####################
+# Openstack
+####################
+swift_public_address: "{{ kolla_external_address }}"
+swift_admin_address: "{{ kolla_internal_address }}"
+swift_internal_address: "{{ kolla_internal_address }}"
+
+swift_logging_verbose: "{{ openstack_logging_verbose }}"
+swift_logging_debug: "{{ openstack_logging_debug }}"
+
+swift_keystone_user: "swift"
+swift_admin_tenant_name: "admin"
+
+swift_devices_mount_point: "/srv/node"
+
+openstack_swift_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"

ansible/roles/swift/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - { role: common }
+  - { role: memcached }

ansible/roles/swift/tasks/bootstrap.yml

@@ -0,0 +1,19 @@
+---
+- name: Starting Swift data container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: swift_data
+    image: "{{ swift_data_image_full }}"
+    volumes:
+      - "/srv/node/sdb1"
+      - "/srv/node/sdb2"
+      - "/srv/node/sdb3"

ansible/roles/swift/tasks/config.yml

@@ -0,0 +1,84 @@
+---
+# TODO(pbourke): There needs to be one swift.conf generated per service for updates to work
+# correctly. Figure out a way (with_items seems to not be allowed when using include)
+- include: ../../config.yml
+  vars:
+    service_name: "swift"
+    config_source:
+      - "roles/swift/templates/swift.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/swift/swift.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/swift.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/swift.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/swift.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/swift.conf"
+
+- include: ../../config.yml
+  vars:
+    service_name: "swift-proxy-server"
+    config_source:
+      - "roles/swift/templates/proxy-server.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/swift/proxy-server.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/proxy-server.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/proxy-server.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/proxy-server.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/proxy-server.conf"
+  when: inventory_hostname in groups['swift-proxy-server']
+
+- include: ../../config.yml
+  vars:
+    service_name: "swift-account-server"
+    config_source:
+      - "roles/swift/templates/account-server.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/swift/account-server.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/account-server.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/account-server.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/account-server.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/account-server.conf"
+  when: inventory_hostname in groups['swift-account-server']
+
+- include: ../../config.yml
+  vars:
+    service_name: "swift-container-server"
+    config_source:
+      - "roles/swift/templates/container-server.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/swift/container-server.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/container-server.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/container-server.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/container-server.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/container-server.conf"
+  when: inventory_hostname in groups['swift-container-server']
+
+- include: ../../config.yml
+  vars:
+    service_name: "swift-object-server"
+    config_source:
+      - "roles/swift/templates/object-server.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/swift/object-server.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/{{ service_name }}/object-server.conf_minimal"
+      - "{{ node_templates_directory }}/{{ service_name }}/object-server.conf_global"
+      - "{{ node_templates_directory }}/{{ service_name }}/object-server.conf_augment"
+    config_dest: "{{ node_config_directory }}/{{ service_name }}/object-server.conf"
+  when: inventory_hostname in groups['swift-object-server']
+
+- name: Copying over Swift ring files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    backup: yes
+  with_items:
+    - { src: "/etc/kolla/config/swift/object.ring.gz",
+        dest: "{{ node_config_directory }}/swift/object.ring.gz" }
+    - { src: "/etc/kolla/config/swift/container.ring.gz",
+        dest: "{{ node_config_directory }}/swift/container.ring.gz" }
+    - { src: "/etc/kolla/config/swift/account.ring.gz",
+        dest: "{{ node_config_directory }}/swift/account.ring.gz" }

ansible/roles/swift/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- include: register.yml
+
+- include: config.yml
+
+- include: bootstrap.yml
+
+- include: start.yml

ansible/roles/swift/tasks/register.yml

@@ -0,0 +1,37 @@
+---
+- name: Creating the Swift service and endpoint
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=swift
+        service_type=object-store
+        description='Openstack Object Storage'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}'
+        internal_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+        public_url='http://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_swift_auth }}' }}"
+    -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
+  register: swift_endpoint
+  changed_when: "{{ swift_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (swift_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: swift_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Swift project, user, and role
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user={{ swift_keystone_user }}
+        password={{ swift_keystone_password }}
+        role={{ swift_admin_tenant_name }}
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_swift_auth }}' }}"
+    -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
+  register: swift_user
+  changed_when: "{{ swift_user.stdout.find('localhost | SUCCESS => ') != -1 and (swift_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: swift_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True

ansible/roles/swift/tasks/start.yml

@@ -0,0 +1,92 @@
+---
+- name: Starting Swift Proxy Server container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: swift_proxy_server
+    image: "{{ swift_proxy_server_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro"
+      - "{{ node_config_directory }}/swift-proxy-server/:/opt/kolla/swift-proxy-server/:ro"
+    volumes_from:
+      - swift_data
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['swift-proxy-server']
+
+- name: Starting Swift Account Server container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: swift_account_server
+    image: "{{ swift_account_server_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro"
+      - "{{ node_config_directory }}/swift-account-server/:/opt/kolla/swift-account-server/:ro"
+    volumes_from:
+      - swift_data
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['swift-account-server']
+
+- name: Starting Swift Container Server container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: swift_container_server
+    image: "{{ swift_container_server_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro"
+      - "{{ node_config_directory }}/swift-container-server/:/opt/kolla/swift-container-server/:ro"
+    volumes_from:
+      - swift_data
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['swift-container-server']
+
+- name: Starting Swift Object Server container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: swift_object_server
+    image: "{{ swift_object_server_image_full }}"
+    volumes:
+      - "{{ node_config_directory }}/swift/:/opt/kolla/swift/:ro"
+      - "{{ node_config_directory }}/swift-object-server/:/opt/kolla/swift-object-server/:ro"
+    volumes_from:
+      - swift_data
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['swift-object-server']

ansible/roles/swift/templates/account-server.conf.j2

@@ -0,0 +1,11 @@
+[DEFAULT]
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind_port = {{ swift_account_server_port }}
+devices = {{ swift_devices_mount_point }}
+mount_check = false
+
+[pipeline:main]
+pipeline = account-server
+
+[app:account-server]
+use = egg:swift#account

ansible/roles/swift/templates/container-server.conf.j2

@@ -0,0 +1,11 @@
+[DEFAULT]
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind_port = {{ swift_container_server_port }}
+devices = {{ swift_devices_mount_point }}
+mount_check = false
+
+[pipeline:main]
+pipeline = container-server
+
+[app:container-server]
+use = egg:swift#container

ansible/roles/swift/templates/object-server.conf.j2

@@ -0,0 +1,11 @@
+[DEFAULT]
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind_port = {{ swift_object_server_port }}
+devices = {{ swift_devices_mount_point }}
+mount_check = false
+
+[pipeline:main]
+pipeline = object-server
+
+[app:object-server]
+use = egg:swift#object

ansible/roles/swift/templates/proxy-server.conf.j2

@@ -0,0 +1,57 @@
+[DEFAULT]
+bind_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind_port = {{ swift_proxy_server_port }}
+
+[pipeline:main]
+pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk ratelimit authtoken keystoneauth slo dlo proxy-server
+
+[app:proxy-server]
+use = egg:swift#proxy
+allow_account_management = true
+account_autocreate = true
+
+[filter:cache]
+use = egg:swift#memcache
+memcache_servers = {% for host in groups['swift-proxy-server'] %}{{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+
+[filter:proxy-logging]
+use = egg:swift#proxy_logging
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ swift_keystone_user }}
+password = {{ swift_keystone_password }}
+
+[filter:keystoneauth]
+use = egg:swift#keystoneauth
+operator_roles = admin,user
+
+[filter:container_sync]
+use = egg:swift#container_sync
+
+[filter:bulk]
+use = egg:swift#bulk
+
+[filter:ratelimit]
+use = egg:swift#ratelimit
+
+[filter:gatekeeper]
+use = egg:swift#gatekeeper
+
+[filter:slo]
+use = egg:swift#slo
+
+[filter:dlo]
+use = egg:swift#dlo

ansible/roles/swift/templates/swift.conf.j2

@@ -0,0 +1,3 @@
+[swift-hash]
+swift_hash_path_suffix = {{ swift_hash_path_suffix }}
+swift_hash_path_prefix = {{ swift_hash_path_prefix }}

ansible/site.yml

@@ -15,6 +15,10 @@
   roles:
     - { role: keystone, tags: keystone, when: enable_keystone | bool }
 
+- hosts: [swift-proxy-server, swift-account-server, swift-object-server, swift-container-server ]
+  roles:
+    - { role: swift, tags: swift, when: enable_swift | bool }
+
 - hosts: [glance-api, glance-registry]
   roles:
     - { role: glance, tags: glance, when: enable_glance | bool }

docker/common/swift/swift-account-server/config-external.sh

@@ -1,18 +1,19 @@
 #!/bin/bash
-SOURCE="/opt/kolla/swift/swift.conf"
-TARGET="/etc/swift/swift.conf"
-SOURCE_ACCOUNT_SERVER="/opt/kolla/swift/account-server.conf"
-TARGET_ACCOUNT_SERVER="/etc/swift/account-server.conf"
-OWNER="swift"
 
-if [[ -f "$SOURCE" ]]; then
-    cp $SOURCE $TARGET
-    chown ${OWNER}: $TARGET
-    chmod 0640 $TARGET
+if [[ -f /opt/kolla/swift/swift.conf ]]; then
+    cp /opt/kolla/swift/swift.conf /etc/swift/
+    chown swift: /etc/swift/swift.conf
+    chmod 0640 /etc/swift/swift.conf
 fi
 
-if [[ -f "$SOURCE_ACCOUNT_SERVER" ]]; then
-    cp $SOURCE_ACCOUNT_SERVER $TARGET_ACCOUNT_SERVER
-    chown ${OWNER}: $TARGET_ACCOUNT_SERVER
-    chmod 0640 $TARGET_ACCOUNT_SERVER
+if [[ -f "/opt/kolla/swift/account.ring.gz" ]]; then
+    cp /opt/kolla/swift/account.ring.gz /etc/swift/account.ring.gz
+    chown swift: /etc/swift/account.ring.gz
+    chmod 0640 /etc/swift/account.ring.gz
+fi
+
+if [[ -f /opt/kolla/swift-account-server/account-server.conf ]]; then
+    cp /opt/kolla/swift-account-server/account-server.conf /etc/swift/
+    chown swift: /etc/swift/account-server.conf
+    chmod 0640 /etc/swift/account-server.conf
 fi

docker/common/swift/swift-account-server/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/account-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-base/config-swift.sh

@@ -1,9 +1,3 @@
 #!/bin/bash
 
-. /opt/kolla/kolla-common.sh
-
-check_required_vars SWIFT_HASH_PATH_SUFFIX
-
-cfg=/etc/swift/swift.conf
-
-crudini --set $cfg swift-hash swift_hash_path_suffix "${SWIFT_HASH_PATH_SUFFIX}"
+chown -R swift: /srv/node

docker/common/swift/swift-container-server/config-external.sh

@@ -1,18 +1,21 @@
 #!/bin/bash
-SOURCE="/opt/kolla/swift/swift.conf"
-TARGET="/etc/swift/swift.conf"
-SOURCE_CONTAINER_SERVER="/opt/kolla/swift/container-server.conf"
-TARGET_CONTAINER_SERVER="/etc/swift/container-server.conf"
+
 OWNER="swift"
 
-if [[ -f "$SOURCE" ]]; then
-    cp $SOURCE $TARGET
-    chown ${OWNER}: $TARGET
-    chmod 0640 $TARGET
+if [[ -f "/opt/kolla/swift/swift.conf" ]]; then
+    cp /opt/kolla/swift/swift.conf /etc/swift/swift.conf
+    chown ${OWNER}: /etc/swift/swift.conf
+    chmod 0640 /etc/swift/swift.conf
 fi
 
-if [[ -f "$SOURCE_CONTAINER_SERVER" ]]; then
-    cp $SOURCE_CONTAINER_SERVER $TARGET_CONTAINER_SERVER
-    chown ${OWNER}: $TARGET_CONTAINER_SERVER
-    chmod 0640 $TARGET_CONTAINER_SERVER
+if [[ -f "/opt/kolla/swift/container.ring.gz" ]]; then
+    cp /opt/kolla/swift/container.ring.gz /etc/swift/container.ring.gz
+    chown ${OWNER}: /etc/swift/container.ring.gz
+    chmod 0640 /etc/swift/container.ring.gz
+fi
+
+if [[ -f "/opt/kolla/swift-container-server/container-server.conf" ]]; then
+    cp /opt/kolla/swift-container-server/container-server.conf /etc/swift/container-server.conf
+    chown ${OWNER}: /etc/swift/container-server.conf
+    chmod 0640 /etc/swift/container-server.conf
 fi

docker/common/swift/swift-container-server/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/container-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-object-auditor/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-object-expirer/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-object-replicator/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-object-server/config-external.sh

@@ -1,18 +1,27 @@
 #!/bin/bash
-SOURCE="/opt/kolla/swift/swift.conf"
-TARGET="/etc/swift/swift.conf"
-SOURCE_OBJECT_SERVER="/opt/kolla/swift/object-server.conf"
-TARGET_OBJECT_SERVER="/etc/swift/object-server.conf"
+
 OWNER="swift"
 
-if [[ -f "$SOURCE" ]]; then
-    cp $SOURCE $TARGET
-    chown ${OWNER}: $TARGET
-    chmod 0640 $TARGET
+if [[ -f "/opt/kolla/swift/swift.conf" ]]; then
+    cp /opt/kolla/swift/swift.conf /etc/swift/swift.conf
+    chown ${OWNER}: /etc/swift/swift.conf
+    chmod 0640 /etc/swift/swift.conf
 fi
 
-if [[ -f "$SOURCE_OBJECT_SERVER" ]]; then
-    cp $SOURCE_OBJECT_SERVER $TARGET_OBJECT_SERVER
-    chown ${OWNER}: $TARGET_OBJECT_SERVER
-    chmod 0640 $TARGET_OBJECT_SERVER
+if [[ -f "/opt/kolla/swift/object.ring.gz" ]]; then
+    cp /opt/kolla/swift/object.ring.gz /etc/swift/object.ring.gz
+    chown ${OWNER}: /etc/swift/object.ring.gz
+    chmod 0640 /etc/swift/object.ring.gz
+fi
+
+if [[ -f "/opt/kolla/swift/container.ring.gz" ]]; then
+    cp /opt/kolla/swift/container.ring.gz /etc/swift/container.ring.gz
+    chown ${OWNER}: /etc/swift/container.ring.gz
+    chmod 0640 /etc/swift/container.ring.gz
+fi
+
+if [[ -f "/opt/kolla/swift-object-server/object-server.conf" ]]; then
+    cp /opt/kolla/swift-object-server/object-server.conf /etc/swift/object-server.conf
+    chown ${OWNER}: /etc/swift/object-server.conf
+    chmod 0640 /etc/swift/object-server.conf
 fi

docker/common/swift/swift-object-server/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-object-updater/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/object-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docker/common/swift/swift-proxy-server/config-external.sh

@@ -1,10 +1,33 @@
 #!/bin/bash
-SOURCE="/opt/kolla/swift-proxy-server/swift.conf"
-TARGET="/etc/swift/swift.conf"
+
 OWNER="swift"
 
-if [[ -f "$SOURCE" ]]; then
-    cp $SOURCE $TARGET
-    chown ${OWNER}: $TARGET
-    chmod 0640 $TARGET
+if [[ -f "/opt/kolla/swift/swift.conf" ]]; then
+    cp /opt/kolla/swift/swift.conf /etc/swift/swift.conf
+    chown ${OWNER}: /etc/swift/swift.conf
+    chmod 0640 /etc/swift/swift.conf
+fi
+
+if [[ -f "/opt/kolla/swift/object.ring.gz" ]]; then
+    cp /opt/kolla/swift/object.ring.gz /etc/swift/object.ring.gz
+    chown ${OWNER}: /etc/swift/object.ring.gz
+    chmod 0640 /etc/swift/object.ring.gz
+fi
+
+if [[ -f "/opt/kolla/swift/container.ring.gz" ]]; then
+    cp /opt/kolla/swift/container.ring.gz /etc/swift/container.ring.gz
+    chown ${OWNER}: /etc/swift/container.ring.gz
+    chmod 0640 /etc/swift/container.ring.gz
+fi
+
+if [[ -f "/opt/kolla/swift/account.ring.gz" ]]; then
+    cp /opt/kolla/swift/account.ring.gz /etc/swift/account.ring.gz
+    chown ${OWNER}: /etc/swift/account.ring.gz
+    chmod 0640 /etc/swift/account.ring.gz
+fi
+
+if [[ -f "/opt/kolla/swift-proxy-server/proxy-server.conf" ]]; then
+    cp /opt/kolla/swift-proxy-server/proxy-server.conf /etc/swift/proxy-server.conf
+    chown ${OWNER}: /etc/swift/proxy-server.conf
+    chmod 0640 /etc/swift/proxy-server.conf
 fi

docker/common/swift/swift-proxy-server/start.sh

@@ -8,6 +8,8 @@ ARGS="/etc/swift/proxy-server.conf --verbose"
 # Loading common functions.
 source /opt/kolla/kolla-common.sh
 
+source /opt/kolla/config-swift.sh
+
 # Execute config strategy
 set_configs
 

docs/swift-readme.rst

@@ -0,0 +1,130 @@
+Swift in Kolla
+==============
+
+Overview
+--------
+Currently Kolla can deploy the "core" services required for a working Swift, in either an AIO or
+multi node setup:
+
+- swift-proxy
+- swift-account
+- swift-container
+- swift-object
+
+There are a variety of other services such the replicator, expirer, rsyncd, etc. which actually make
+Swift useful, which are in progress and hope to be finished in liberty-rc1.
+
+Prerequisites
+-------------
+Before running Swift we need to generate "rings", which are binary compressed files that at a high
+level let the various Swift services know where data is in the cluster. Again, we hope to be able to
+generate these automatically for liberty-rc1.
+
+Swift also expects block devices to be available and partitioned on the host, which Swift uses in
+combination with the rings to store data. Swift demos commonly just use directories created under
+/srv/node to simulate these devices. In order to ease "out of the box" testing of Kolla, we offer a
+similar setup with a data container. *Note*, data containers are very inefficient for this purpose.
+In production setups operators will want to provision disks according to the Swift operator guide,
+which can then be added the rings and used in Kolla.
+
+For an AIO setup, the following commands can be used, locally, to generate rings containing the data
+container directories:
+
+::
+
+  export KOLLA_INTERNAL_ADDRESS=1.2.3.4
+
+  # Object ring
+  docker run \
+    -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+    kollaglue/centos-binary-swift-base \
+    swift-ring-builder /etc/kolla/config/swift/object.builder create 10 3 1
+
+  for partition in sdb1 sdb2 sdb3; do
+    docker run \
+      -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+      kollaglue/centos-binary-swift-base swift-ring-builder \
+      /etc/kolla/config/swift/object.builder add z1-${KOLLA_INTERNAL_ADDRESS}:6000/${partition} 1
+  done
+
+  # Account ring
+  docker run \
+    -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+    kollaglue/centos-binary-swift-base \
+    swift-ring-builder /etc/kolla/config/swift/account.builder create 10 3 1
+
+  for partition in sdb1 sdb2 sdb3; do
+    docker run \
+      -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+      kollaglue/centos-binary-swift-base swift-ring-builder \
+      /etc/kolla/config/swift/account.builder add z1-${KOLLA_INTERNAL_ADDRESS}:6001/${partition} 1
+  done
+
+  # Container ring
+  docker run \
+    -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+    kollaglue/centos-binary-swift-base \
+    swift-ring-builder /etc/kolla/config/swift/container.builder create 10 3 1
+
+  for partition in sdb1 sdb2 sdb3; do
+    docker run \
+      -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+      kollaglue/centos-binary-swift-base swift-ring-builder \
+      /etc/kolla/config/swift/container.builder add z1-${KOLLA_INTERNAL_ADDRESS}:6002/${partition} 1
+  done
+
+  for ring in object account container; do
+    docker run \
+      -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ \
+      kollaglue/centos-binary-swift-base swift-ring-builder \
+      /etc/kolla/config/swift/${ring}.builder rebalance
+  done
+
+Similar commands can be used for multinode, you will just need to run the the 'add' step for each IP
+in the cluster.
+
+For more info, see
+http://docs.openstack.org/kilo/install-guide/install/apt/content/swift-initial-rings.html
+
+Deploying
+---------
+Once the rings are in place, deploying Swift is the same as any other Kolla Ansible service. Below
+is the minimal command to bring up Swift AIO, and it's dependencies:
+
+::
+
+  ansible-playbook \
+    -i ansible/inventory/all-in-one \
+    -e @/etc/kolla/globals.yml \
+    -e @etc/kolla/passwords.yml \
+    ansible/site.yml \
+    --tags=rabbitmq,mariadb,keystone,swift
+
+Validation
+----------
+A very basic smoke test:
+
+::
+
+  $ swift stat
+                            Account: AUTH_4c19d363b9cf432a80e34f06b1fa5749
+                       Containers: 1
+                          Objects: 0
+                            Bytes: 0
+  Containers in policy "policy-0": 1
+     Objects in policy "policy-0": 0
+       Bytes in policy "policy-0": 0
+      X-Account-Project-Domain-Id: default
+                      X-Timestamp: 1440168098.28319
+                       X-Trans-Id: txf5a62b7d7fc541f087703-0055d73be7
+                     Content-Type: text/plain; charset=utf-8
+                    Accept-Ranges: bytes
+
+  $ swift upload mycontainer README.rst
+  README.md
+
+  $ swift list
+  mycontainer
+
+  $ swift download mycontainer README.md
+  README.md [auth 0.248s, headers 0.939s, total 0.939s, 0.006 MB/s]

etc/kolla/passwords.yml

@@ -36,6 +36,10 @@ metadata_secret: "password"
 cinder_database_password: "password"
 cinder_keystone_password: "password"
 
+swift_keystone_password: "password"
+swift_hash_path_suffix: "kolla"
+swift_hash_path_prefix: "kolla"
+
 ####################
 # RabbitMQ options
 ####################