From d4f4134e35a241d88888f4e9052347ce6803e4e8 Mon Sep 17 00:00:00 2001
From: junbo <jiang.junbo@99cloud.net>
Date: Mon, 5 Dec 2016 21:50:33 +0800
Subject: [PATCH] Integrate ceph-rgw with keystone

this patch change ceph-rgw configuration and add object-store endpoint.

Co-Authored-By: zhubingbing <zhubingbing10@gmail.com>

Change-Id: I3ae4171c69bec52846c92a5e5618c12cf36d4409
Implements: blueprint radosgw-keystone-integration
---
 ansible/group_vars/all.yml                    |  3 +++
 ansible/roles/ceph/defaults/main.yml          |  9 +++++++
 ansible/roles/ceph/tasks/deploy.yml           |  5 ++++
 .../roles/ceph/tasks/start_rgw_keystone.yml   | 27 +++++++++++++++++++
 ansible/roles/ceph/templates/ceph.conf.j2     |  9 +++++++
 ansible/site.yml                              | 22 +++++++--------
 etc/kolla/globals.yml                         |  3 +++
 7 files changed, 67 insertions(+), 11 deletions(-)
 create mode 100644 ansible/roles/ceph/tasks/start_rgw_keystone.yml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index b49b776da3..4b1106ecc5 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -440,6 +440,9 @@ ceph_osd_mount_options: "defaults,noatime"
 # Valid options are [ erasure, replicated ]
 ceph_pool_type: "replicated"
 
+# Integrate ceph rados object gateway with openstack keystone
+enable_ceph_rgw_keystone: "no"
+
 ceph_cinder_pool_name: "volumes"
 ceph_cinder_backup_pool_name: "backups"
 ceph_glance_pool_name: "images"
diff --git a/ansible/roles/ceph/defaults/main.yml b/ansible/roles/ceph/defaults/main.yml
index bed9624561..af39ac0a31 100644
--- a/ansible/roles/ceph/defaults/main.yml
+++ b/ansible/roles/ceph/defaults/main.yml
@@ -21,3 +21,12 @@ ceph_rgw_image_full: "{{ ceph_rgw_image }}:{{ ceph_rgw_tag }}"
 # Ceph
 ####################
 osd_initial_weight: "1"
+
+####################
+## Ceph_rgw_keystone
+####################
+swift_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1"
+swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ rgw_port }}/swift/v1"
+swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ rgw_port }}/swift/v1"
+
+openstack_swift_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}','domain_name':'default'}"
diff --git a/ansible/roles/ceph/tasks/deploy.yml b/ansible/roles/ceph/tasks/deploy.yml
index d3a8cb6bca..2a5b2e4ed4 100644
--- a/ansible/roles/ceph/tasks/deploy.yml
+++ b/ansible/roles/ceph/tasks/deploy.yml
@@ -19,3 +19,8 @@
   when:
     - enable_ceph_rgw | bool
     - inventory_hostname in groups['ceph-rgw']
+
+- include: start_rgw_keystone.yml
+  when:
+    - enable_ceph_rgw_keystone | bool
+    - inventory_hostname in groups['ceph-rgw']
diff --git a/ansible/roles/ceph/tasks/start_rgw_keystone.yml b/ansible/roles/ceph/tasks/start_rgw_keystone.yml
new file mode 100644
index 0000000000..3df489c8b3
--- /dev/null
+++ b/ansible/roles/ceph/tasks/start_rgw_keystone.yml
@@ -0,0 +1,27 @@
+---
+- name: Check whether the swift service is enabled
+  local_action: fail msg='Ceph-rgw-keystone is conflicted with swift, you should only enable one of them'
+  when: enable_swift | bool
+
+- name: Creating the Swift service and endpoint
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=swift
+        service_type=object-store
+        description='Openstack Object Storage'
+        endpoint_region={{ openstack_region_name }}
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_swift_auth }}' }}"
+    -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
+  register: swift_endpoint
+  changed_when: "{{ swift_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (swift_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: swift_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
diff --git a/ansible/roles/ceph/templates/ceph.conf.j2 b/ansible/roles/ceph/templates/ceph.conf.j2
index 2d69c8d6de..a6e15c63ec 100644
--- a/ansible/roles/ceph/templates/ceph.conf.j2
+++ b/ansible/roles/ceph/templates/ceph.conf.j2
@@ -33,6 +33,15 @@ mon compact on start = true
 host = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }}
 rgw frontends = civetweb port={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ rgw_port }}
 {% endif %}
+{% if enable_ceph_rgw_keystone | bool %}
+rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+rgw_keystone_admin_user = {{ openstack_auth.username }}
+rgw_keystone_admin_password = {{ openstack_auth.password }}
+rgw_keystone_admin_project = {{ openstack_auth.project_name }}
+rgw_keystone_admin_domain = default
+rgw_keystone_api_version = 3
+rgw_keystone_accepted_roles = admin, _member_
+{% endif %}
 keyring = /etc/ceph/ceph.client.radosgw.keyring
 log file = /var/log/kolla/ceph/client.radosgw.gateway.log
 {% endif %}
diff --git a/ansible/site.yml b/ansible/site.yml
index 91b9ab44b7..14e8a28e25 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -38,17 +38,6 @@
     - role: prechecks
       when: action == "precheck"
 
-- name: Apply role ceph
-  hosts:
-    - ceph-mon
-    - ceph-osd
-    - ceph-rgw
-  serial: '{{ serial|default("0") }}'
-  roles:
-    - { role: ceph,
-        tags: ceph,
-        when: enable_ceph | bool }
-
 - name: Apply role collectd
   hosts: collectd
   serial: '{{ serial|default("0") }}'
@@ -157,6 +146,17 @@
         tags: keystone,
         when: enable_keystone | bool }
 
+- name: Apply role ceph
+  hosts:
+    - ceph-mon
+    - ceph-osd
+    - ceph-rgw
+  serial: '{{ serial|default("0") }}'
+  roles:
+    - { role: ceph,
+        tags: ceph,
+        when: enable_ceph | bool }
+
 - name: Apply role swift
   hosts:
     - swift-account-server
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 51397d6bad..3bcb9224d8 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -174,6 +174,9 @@ kolla_internal_vip_address: "10.10.10.254"
 # Valid options are [ erasure, replicated ]
 #ceph_pool_type: "replicated"
 
+# Integrate ceph rados object gateway with openstack keystone
+#enable_ceph_rgw_keystone: "no"
+
 
 ##############################
 # Keystone - Identity Options