Merge "replace validate_legacy"
This commit is contained in:
Zuul
Gerrit Code Review
commit
cf2494555e
44
lib/puppet/functions/validate_tempauth_account.rb
Normal file
44
lib/puppet/functions/validate_tempauth_account.rb
Normal file
@ -0,0 +1,44 @@
|
||||
Puppet::Functions.create_function(:validate_tempauth_account) do
|
||||
def validate_tempauth_account(*args)
|
||||
if args.size > 1
|
||||
raise Puppet::Error, "validate_tempauth_account takes only a single argument, #{args.size} provided"
|
||||
end
|
||||
arg = args[0]
|
||||
|
||||
if not arg.kind_of?(Hash)
|
||||
raise Puppet::Error, "non-hash argument provided to validate_tempauth_account"
|
||||
end
|
||||
|
||||
['user', 'account', 'key'].each do |key|
|
||||
if arg.has_key?(key)
|
||||
key_real = key
|
||||
elsif arg.has_key?(key.to_sym)
|
||||
key_real = key.to_sym
|
||||
else
|
||||
raise Puppet::Error, "The required key #{key} is missing"
|
||||
end
|
||||
|
||||
if not arg[key_real].kind_of?(String)
|
||||
raise Puppet::Error, "The key #{key} is not a string value"
|
||||
end
|
||||
|
||||
if arg[key_real].length == 0
|
||||
raise Puppet::Error, "The key #{key} is empty"
|
||||
end
|
||||
end
|
||||
|
||||
['groups'].each do |key|
|
||||
if arg.has_key?(key)
|
||||
key_real = key
|
||||
elsif arg.has_key?(key.to_sym)
|
||||
key_real = key.to_sym
|
||||
else
|
||||
raise Puppet::Error, "The required key #{key} is missing"
|
||||
end
|
||||
|
||||
if not arg[key_real].kind_of?(Array)
|
||||
raise Puppet::Error, "The key #{key} is not an array value"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@ -46,25 +46,17 @@
|
||||
# The value is an hash of swift_internal_client_config resources.
|
||||
#
|
||||
class swift::config (
|
||||
$swift_config = {},
|
||||
$swift_container_sync_realms_config = {},
|
||||
$swift_proxy_config = {},
|
||||
$swift_account_config = {},
|
||||
$swift_container_config = {},
|
||||
$swift_object_config = {},
|
||||
$swift_internal_client_config = {},
|
||||
Hash $swift_config = {},
|
||||
Hash $swift_container_sync_realms_config = {},
|
||||
Hash $swift_proxy_config = {},
|
||||
Hash $swift_account_config = {},
|
||||
Hash $swift_container_config = {},
|
||||
Hash $swift_object_config = {},
|
||||
Hash $swift_internal_client_config = {},
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $swift_config)
|
||||
validate_legacy(Hash, 'validate_hash', $swift_container_sync_realms_config)
|
||||
validate_legacy(Hash, 'validate_hash', $swift_proxy_config)
|
||||
validate_legacy(Hash, 'validate_hash', $swift_account_config)
|
||||
validate_legacy(Hash, 'validate_hash', $swift_container_config)
|
||||
validate_legacy(Hash, 'validate_hash', $swift_object_config)
|
||||
validate_legacy(Hash, 'validate_hash', $swift_internal_client_config)
|
||||
|
||||
create_resources('swift_config', $swift_config)
|
||||
create_resources('swift_container_sync_realms_config', $swift_container_sync_realms_config)
|
||||
create_resources('swift_proxy_config', $swift_proxy_config)
|
||||
|
||||
@ -75,19 +75,19 @@
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
class swift::containerreconciler(
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$package_ensure = 'present',
|
||||
$pipeline = ['catch_errors', 'proxy-logging', 'proxy-server'],
|
||||
$interval = $facts['os_service_default'],
|
||||
$reclaim_age = $facts['os_service_default'],
|
||||
$request_tries = $facts['os_service_default'],
|
||||
$service_provider = $::swift::params::service_provider,
|
||||
$memcache_servers = ['127.0.0.1:11211'],
|
||||
$cache_tls_enabled = false,
|
||||
$cache_tls_cafile = $facts['os_service_default'],
|
||||
$cache_tls_certfile = $facts['os_service_default'],
|
||||
$cache_tls_keyfile = $facts['os_service_default'],
|
||||
Boolean $manage_service = true,
|
||||
Boolean $enabled = true,
|
||||
$package_ensure = 'present',
|
||||
Swift::Pipeline $pipeline = ['catch_errors', 'proxy-logging', 'proxy-server'],
|
||||
$interval = $facts['os_service_default'],
|
||||
$reclaim_age = $facts['os_service_default'],
|
||||
$request_tries = $facts['os_service_default'],
|
||||
$service_provider = $::swift::params::service_provider,
|
||||
$memcache_servers = ['127.0.0.1:11211'],
|
||||
$cache_tls_enabled = false,
|
||||
$cache_tls_cafile = $facts['os_service_default'],
|
||||
$cache_tls_certfile = $facts['os_service_default'],
|
||||
$cache_tls_keyfile = $facts['os_service_default'],
|
||||
) inherits swift::params {
|
||||
|
||||
include swift::deps
|
||||
|
||||
@ -47,7 +47,7 @@
|
||||
#
|
||||
class swift::internal_client (
|
||||
$user = $::swift::params::user,
|
||||
$pipeline = ['catch_errors', 'proxy-logging', 'cache', 'proxy-server'],
|
||||
Swift::Pipeline $pipeline = ['catch_errors', 'proxy-logging', 'cache', 'proxy-server'],
|
||||
$object_chunk_size = $facts['os_service_default'],
|
||||
$client_chunk_size = $facts['os_service_default'],
|
||||
$read_affinity = undef,
|
||||
@ -60,9 +60,7 @@ class swift::internal_client (
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(Array, 'validate_array', $pipeline)
|
||||
|
||||
if empty($pipeline) or $pipeline[-1] != 'proxy-server' {
|
||||
if $pipeline[-1] != 'proxy-server' {
|
||||
fail('proxy-server must be the last element in pipeline')
|
||||
}
|
||||
|
||||
|
||||
@ -152,46 +152,42 @@
|
||||
#
|
||||
class swift::proxy(
|
||||
$proxy_local_net_ip,
|
||||
$port = '8080',
|
||||
$pipeline = [
|
||||
$port = '8080',
|
||||
Swift::Pipeline $pipeline = [
|
||||
'catch_errors', 'gatekeeper', 'healthcheck', 'proxy-logging', 'cache',
|
||||
'listing_formats', 'tempauth', 'copy', 'proxy-logging', 'proxy-server'],
|
||||
$workers = $facts['os_workers'],
|
||||
$allow_account_management = true,
|
||||
$account_autocreate = true,
|
||||
$log_headers = 'False',
|
||||
$log_udp_host = undef,
|
||||
$log_udp_port = undef,
|
||||
$log_address = '/dev/log',
|
||||
$log_level = 'INFO',
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
$log_handoffs = $facts['os_service_default'],
|
||||
$log_name = 'proxy-server',
|
||||
$cors_allow_origin = undef,
|
||||
$strict_cors_mode = true,
|
||||
$object_chunk_size = $facts['os_service_default'],
|
||||
$client_chunk_size = $facts['os_service_default'],
|
||||
$max_containers_per_account = $facts['os_service_default'],
|
||||
$max_containers_whitelist = $facts['os_service_default'],
|
||||
$read_affinity = undef,
|
||||
$write_affinity = undef,
|
||||
$write_affinity_node_count = $facts['os_service_default'],
|
||||
$client_timeout = $facts['os_service_default'],
|
||||
$node_timeout = $facts['os_service_default'],
|
||||
$recoverable_node_timeout = $facts['os_service_default'],
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$package_ensure = 'present',
|
||||
$service_provider = $::swift::params::service_provider,
|
||||
$purge_config = false,
|
||||
$workers = $facts['os_workers'],
|
||||
Boolean $allow_account_management = true,
|
||||
Boolean $account_autocreate = true,
|
||||
$log_headers = 'False',
|
||||
$log_udp_host = undef,
|
||||
$log_udp_port = undef,
|
||||
$log_address = '/dev/log',
|
||||
$log_level = 'INFO',
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
$log_handoffs = $facts['os_service_default'],
|
||||
$log_name = 'proxy-server',
|
||||
$cors_allow_origin = undef,
|
||||
$strict_cors_mode = true,
|
||||
$object_chunk_size = $facts['os_service_default'],
|
||||
$client_chunk_size = $facts['os_service_default'],
|
||||
$max_containers_per_account = $facts['os_service_default'],
|
||||
$max_containers_whitelist = $facts['os_service_default'],
|
||||
$read_affinity = undef,
|
||||
$write_affinity = undef,
|
||||
$write_affinity_node_count = $facts['os_service_default'],
|
||||
$client_timeout = $facts['os_service_default'],
|
||||
$node_timeout = $facts['os_service_default'],
|
||||
$recoverable_node_timeout = $facts['os_service_default'],
|
||||
Boolean $manage_service = true,
|
||||
Boolean $enabled = true,
|
||||
$package_ensure = 'present',
|
||||
$service_provider = $::swift::params::service_provider,
|
||||
$purge_config = false,
|
||||
) inherits swift::params {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(Boolean, 'validate_bool', $account_autocreate)
|
||||
validate_legacy(Boolean, 'validate_bool', $allow_account_management)
|
||||
validate_legacy(Array, 'validate_array', $pipeline)
|
||||
|
||||
if (!is_service_default($write_affinity_node_count) and !$write_affinity) {
|
||||
fail('Usage of write_affinity_node_count requires write_affinity to be set')
|
||||
}
|
||||
@ -206,7 +202,7 @@ class swift::proxy(
|
||||
warning('no auth type provided in the pipeline')
|
||||
}
|
||||
|
||||
if empty($pipeline) or $pipeline[-1] != 'proxy-server' {
|
||||
if $pipeline[-1] != 'proxy-server' {
|
||||
fail('proxy-server must be the last element in pipeline')
|
||||
}
|
||||
|
||||
|
||||
@ -48,20 +48,17 @@
|
||||
# Copyright 2012 eNovance licensing@enovance.com
|
||||
#
|
||||
class swift::proxy::ratelimit(
|
||||
$clock_accuracy = $facts['os_service_default'],
|
||||
$max_sleep_time_seconds = $facts['os_service_default'],
|
||||
$log_sleep_time_seconds = $facts['os_service_default'],
|
||||
$rate_buffer_seconds = $facts['os_service_default'],
|
||||
$account_ratelimit = $facts['os_service_default'],
|
||||
$container_ratelimit = {},
|
||||
$container_listing_ratelimit = {},
|
||||
$clock_accuracy = $facts['os_service_default'],
|
||||
$max_sleep_time_seconds = $facts['os_service_default'],
|
||||
$log_sleep_time_seconds = $facts['os_service_default'],
|
||||
$rate_buffer_seconds = $facts['os_service_default'],
|
||||
$account_ratelimit = $facts['os_service_default'],
|
||||
Hash $container_ratelimit = {},
|
||||
Hash $container_listing_ratelimit = {},
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $container_ratelimit)
|
||||
validate_legacy(Hash, 'validate_hash', $container_listing_ratelimit)
|
||||
|
||||
swift_proxy_config {
|
||||
'filter:ratelimit/use': value => 'egg:swift#ratelimit';
|
||||
'filter:ratelimit/clock_accuracy': value => $clock_accuracy;
|
||||
|
||||
@ -66,7 +66,7 @@
|
||||
# Guilherme Maluf Balzana <guimalufb@gmail.com>
|
||||
#
|
||||
class swift::proxy::tempauth (
|
||||
$account_user_list = [
|
||||
Array[Hash] $account_user_list = [
|
||||
{
|
||||
'user' => 'admin',
|
||||
'account' => 'admin',
|
||||
@ -74,41 +74,21 @@ class swift::proxy::tempauth (
|
||||
'groups' => [ 'admin', 'reseller_admin' ],
|
||||
},
|
||||
],
|
||||
$reseller_prefix = undef,
|
||||
$auth_prefix = undef,
|
||||
$token_life = undef,
|
||||
$allow_overrides = undef,
|
||||
$storage_url_scheme = undef,
|
||||
Optional[String[1]] $reseller_prefix = undef,
|
||||
Optional[Pattern[/\/(.*)+\//]] $auth_prefix = undef,
|
||||
Optional[Integer[0]] $token_life = undef,
|
||||
Optional[Boolean] $allow_overrides = undef,
|
||||
Optional[Enum['http', 'https', 'default']] $storage_url_scheme = undef,
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(Array, 'validate_array', $account_user_list)
|
||||
|
||||
if ($reseller_prefix) {
|
||||
validate_legacy(String, 'validate_string', $reseller_prefix)
|
||||
$reseller_prefix_upcase = upcase($reseller_prefix)
|
||||
} else {
|
||||
$reseller_prefix_upcase = $reseller_prefix
|
||||
}
|
||||
|
||||
if ($token_life) {
|
||||
validate_legacy(Integer, 'validate_integer', $token_life)
|
||||
}
|
||||
|
||||
if ($auth_prefix) {
|
||||
validate_legacy(Pattern[/\/(.*)+\//], 'validate_re', $auth_prefix, ['\/(.*)+\/'])
|
||||
}
|
||||
|
||||
if ($allow_overrides) {
|
||||
validate_legacy(Boolean, 'validate_bool', $allow_overrides)
|
||||
}
|
||||
|
||||
if ($storage_url_scheme) {
|
||||
validate_legacy(Enum['http', 'https', 'default'], 'validate_re',
|
||||
$storage_url_scheme, [['http', 'https', 'default']])
|
||||
}
|
||||
|
||||
swift_proxy_config {
|
||||
'filter:tempauth/use': value => 'egg:swift#tempauth';
|
||||
'filter:tempauth/reseller_prefix': value => $reseller_prefix_upcase;
|
||||
@ -123,7 +103,7 @@ class swift::proxy::tempauth (
|
||||
# account_data is an array with each element containing a single account string:
|
||||
# ex [user_<account>_<user>, <key> .<group1> .<groupx>]
|
||||
$account_user_list.each |$account_user| {
|
||||
validate_legacy(Array, 'validate_array', $account_user['groups'])
|
||||
validate_tempauth_account($account_user)
|
||||
|
||||
$account_base = "user_${account_user['account']}_${account_user['user']}, ${account_user['key']}"
|
||||
$groups = empty($account_user) ? {
|
||||
|
||||
@ -1,10 +1,13 @@
|
||||
# == Class: swift::ringbuilder::create
|
||||
#
|
||||
# Creates a swift ring using ringbuilder.
|
||||
# It creates the associated ring file as /etc/swift/${name}.builder
|
||||
# It will not create a ring if the file already exists.
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [*name*] The type of ring to create. Accepts object|container|account
|
||||
# [*ring_type*]
|
||||
# Optional. The type of ring to create. Accepts object|container|account
|
||||
# [*part_power*] Number of partitions in the ring. (specified as the power of 2)
|
||||
# Optional. Defaults to 18 (2^18)
|
||||
# [*replicas*] Number of replicas to store.
|
||||
@ -33,24 +36,20 @@
|
||||
# Copyright 2011 Puppetlabs Inc, unless otherwise noted.
|
||||
#
|
||||
define swift::ringbuilder::create(
|
||||
$part_power = 18,
|
||||
$replicas = 3,
|
||||
$min_part_hours = 24,
|
||||
$user = 'root'
|
||||
Swift::RingType $ring_type = $name,
|
||||
$part_power = 18,
|
||||
$replicas = 3,
|
||||
$min_part_hours = 24,
|
||||
$user = 'root'
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(
|
||||
Pattern[/^(object(-(\d)+)?|container|account)$/], 'validate_re', $name,
|
||||
['^(object(-(\d)+)?|container|account)$']
|
||||
)
|
||||
|
||||
exec { "create_${name}":
|
||||
command => "swift-ring-builder /etc/swift/${name}.builder create ${part_power} ${replicas} ${min_part_hours}",
|
||||
exec { "create_${ring_type}":
|
||||
command => "swift-ring-builder /etc/swift/${ring_type}.builder create ${part_power} ${replicas} ${min_part_hours}",
|
||||
path => ['/usr/bin'],
|
||||
user => $user,
|
||||
creates => "/etc/swift/${name}.builder",
|
||||
creates => "/etc/swift/${ring_type}.builder",
|
||||
before => Anchor['swift::config::end'],
|
||||
}
|
||||
|
||||
|
||||
@ -1,18 +1,26 @@
|
||||
# Used to build an additional object ring for a storage policy.
|
||||
# The namevar/name of this class must be an integer.
|
||||
#
|
||||
#
|
||||
# Specifies the following relationship:
|
||||
# Rings should be created before any devices are added to them
|
||||
# Rings should be rebalanced if anything changes
|
||||
# == Parameters
|
||||
# [*title*] required. Title must be a positive integer. Title of this class
|
||||
# is used to denote the storage policy ID for the object ring.
|
||||
#
|
||||
# [*part_power*] The total number of partitions that should exist in the ring.
|
||||
# == Parameters
|
||||
# [*policy_id*]
|
||||
# (required) The id must be a positive integer. This is used to denote
|
||||
# the storage policy ID for the object ring.
|
||||
# Defaults to $name
|
||||
#
|
||||
# [*part_power*]
|
||||
# (optional) The total number of partitions that should exist in the ring.
|
||||
# This is expressed as a power of 2.
|
||||
# [*replicas*] Number of replicas that should be maintained of each stored object.
|
||||
# [*min_part_hours*] Minimum amount of time before partitions can be moved.
|
||||
#
|
||||
# [*replicas*]
|
||||
# (optional) Number of replicas that should be maintained of each stored
|
||||
# object.
|
||||
#
|
||||
# [*min_part_hours*]
|
||||
# (optional) Minimum amount of time before partitions can be moved.
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
@ -30,20 +38,19 @@
|
||||
# Copyright 2011 Puppetlabs Inc, unless otherwise noted.
|
||||
#
|
||||
define swift::ringbuilder::policy_ring(
|
||||
$part_power = undef,
|
||||
$replicas = undef,
|
||||
$min_part_hours = undef,
|
||||
Pattern[/^\d+$/] $policy_id = $name,
|
||||
$part_power = undef,
|
||||
$replicas = undef,
|
||||
$min_part_hours = undef,
|
||||
) {
|
||||
|
||||
validate_legacy(Pattern[/^\d+$/], 'validate_re', $title, ['^\d+$'])
|
||||
|
||||
include swift::deps
|
||||
Class['swift'] -> Swift::Ringbuilder::Policy_ring[$title]
|
||||
Class['swift'] -> Swift::Ringbuilder::Policy_ring[$policy_id]
|
||||
|
||||
if $title == '0' {
|
||||
if $policy_id == '0' {
|
||||
$ring_builder = 'object'
|
||||
} else {
|
||||
$ring_builder = "object-${title}"
|
||||
$ring_builder = "object-${policy_id}"
|
||||
}
|
||||
|
||||
swift::ringbuilder::create{ $ring_builder :
|
||||
|
||||
@ -1,30 +1,26 @@
|
||||
# Swift::Ring::Rebalance
|
||||
# == Class: swift::ringbuilder::rebalance
|
||||
#
|
||||
# Reblances the specified ring. Assumes that the ring already exists
|
||||
# and is stored at /etc/swift/${name}.builder
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [*name*] Type of ring to rebalance. The ring file is assumed to be at the path
|
||||
# /etc/swift/${name}.builder
|
||||
# [*ring_type*]
|
||||
# Optional. Type of ring to rebalance. The ring file is assumed to be at
|
||||
# the path /etc/swift/${ring_type}.builder
|
||||
#
|
||||
# [*seed*]
|
||||
# Optional. Seed value used to seed pythons pseudo-random for ringbuilding.
|
||||
#
|
||||
# [*seed*] Optional. Seed value used to seed pythons pseudo-random for ringbuilding.
|
||||
define swift::ringbuilder::rebalance(
|
||||
$seed = undef
|
||||
Swift::RingType $ring_type = $name,
|
||||
Optional[Variant[Integer[0], Pattern[/^\d+$/]]] $seed = undef
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(
|
||||
Pattern[/^(object(-(\d)+)?|container|account)$/], 'validate_re', $name,
|
||||
['^(object(-(\d)+)?|container|account)$']
|
||||
)
|
||||
|
||||
if $seed and !($seed =~ Integer) {
|
||||
validate_legacy(Pattern[/^\d+$/], 'validate_re', $seed, ['^\d+$'])
|
||||
}
|
||||
|
||||
exec { "rebalance_${name}":
|
||||
command => strip("swift-ring-builder /etc/swift/${name}.builder rebalance ${seed}"),
|
||||
exec { "rebalance_${ring_type}":
|
||||
command => strip("swift-ring-builder /etc/swift/${ring_type}.builder rebalance ${seed}"),
|
||||
path => ['/usr/bin'],
|
||||
refreshonly => true,
|
||||
before => Anchor['swift::config::end'],
|
||||
|
||||
@ -2,16 +2,19 @@
|
||||
#
|
||||
# [*ring_server*]
|
||||
# (required) IP or hostname of ring servers
|
||||
# [*ring_type*]
|
||||
# (optional) The type of ring to create. Accepts object|container|account
|
||||
#
|
||||
define swift::ringsync(
|
||||
$ring_server
|
||||
String[1] $ring_server,
|
||||
Swift::RingType $ring_type = $name,
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
Exec { path => '/usr/bin' }
|
||||
|
||||
rsync::get { "/etc/swift/${name}.ring.gz":
|
||||
source => "rsync://${ring_server}/swift_server/${name}.ring.gz",
|
||||
rsync::get { "/etc/swift/${ring_type}.ring.gz":
|
||||
source => "rsync://${ring_server}/swift_server/${ring_type}.ring.gz",
|
||||
}
|
||||
}
|
||||
|
||||
@ -89,7 +89,7 @@
|
||||
# [*regex_pattern*]
|
||||
# (Optional) Regular expression patterns to be used to locate device blocks
|
||||
# with errors in the log file.
|
||||
# Defaults to $facts['os_service_default'].
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*purge_config*]
|
||||
# (Optional) Whether to set only the specified config options in the drive
|
||||
@ -98,36 +98,34 @@
|
||||
#
|
||||
class swift::storage::drive_audit(
|
||||
# cron options
|
||||
$user = $::swift::params::user,
|
||||
$minute = 1,
|
||||
$hour = 0,
|
||||
$monthday = '*',
|
||||
$month = '*',
|
||||
$weekday = '*',
|
||||
$maxdelay = 0,
|
||||
$user = $::swift::params::user,
|
||||
$minute = 1,
|
||||
$hour = 0,
|
||||
$monthday = '*',
|
||||
$month = '*',
|
||||
$weekday = '*',
|
||||
$maxdelay = 0,
|
||||
# drive-audit.conf options
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
$log_level = 'INFO',
|
||||
$log_address = '/dev/log',
|
||||
$log_name = 'drive-audit',
|
||||
$log_udp_host = undef,
|
||||
$log_udp_port = undef,
|
||||
$device_dir = '/srv/node',
|
||||
$minutes = $facts['os_service_default'],
|
||||
$error_limit = $facts['os_service_default'],
|
||||
$recon_cache_path = $facts['os_service_default'],
|
||||
$log_file_pattern = $facts['os_service_default'],
|
||||
$log_file_encoding = $facts['os_service_default'],
|
||||
$log_to_console = $facts['os_service_default'],
|
||||
$unmount_failed_device = $facts['os_service_default'],
|
||||
$regex_pattern = {},
|
||||
$purge_config = false,
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
$log_level = 'INFO',
|
||||
$log_address = '/dev/log',
|
||||
$log_name = 'drive-audit',
|
||||
$log_udp_host = undef,
|
||||
$log_udp_port = undef,
|
||||
$device_dir = '/srv/node',
|
||||
$minutes = $facts['os_service_default'],
|
||||
$error_limit = $facts['os_service_default'],
|
||||
$recon_cache_path = $facts['os_service_default'],
|
||||
$log_file_pattern = $facts['os_service_default'],
|
||||
$log_file_encoding = $facts['os_service_default'],
|
||||
$log_to_console = $facts['os_service_default'],
|
||||
$unmount_failed_device = $facts['os_service_default'],
|
||||
Hash[String[1], String[1]] $regex_pattern = {},
|
||||
$purge_config = false,
|
||||
) inherits swift::params {
|
||||
|
||||
include swift::deps
|
||||
|
||||
validate_legacy(Hash, 'validate_hash', $regex_pattern)
|
||||
|
||||
resources { 'swift_drive_audit_config':
|
||||
purge => $purge_config,
|
||||
}
|
||||
|
||||
@ -2,6 +2,9 @@
|
||||
# needed to deploy each type of storage server.
|
||||
#
|
||||
# == Parameters
|
||||
# [*type*]
|
||||
# (optional) The type of device, e.g. account, object, or container.
|
||||
#
|
||||
# [*enabled*]
|
||||
# (optional) Should the service be enabled to start
|
||||
# at boot. Defaults to true
|
||||
@ -31,28 +34,26 @@
|
||||
# Requires Class[swift::storage]
|
||||
#
|
||||
define swift::storage::generic(
|
||||
$manage_service = true,
|
||||
$enabled = true,
|
||||
$package_ensure = 'present',
|
||||
$config_file_name = "${name}-server.conf",
|
||||
$service_provider = $::swift::params::service_provider
|
||||
Swift::StorageServerType $type = $name,
|
||||
Boolean $manage_service = true,
|
||||
Boolean $enabled = true,
|
||||
$package_ensure = 'present',
|
||||
$config_file_name = "${name}-server.conf",
|
||||
$service_provider = $::swift::params::service_provider
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
include swift::params
|
||||
|
||||
Class['swift::storage'] -> Swift::Storage::Generic[$name]
|
||||
Class['swift::storage'] -> Swift::Storage::Generic[$type]
|
||||
|
||||
validate_legacy(Enum['object', 'container', 'account'], 'validate_re',
|
||||
$name, ['^object|container|account$'])
|
||||
|
||||
package { "swift-${name}":
|
||||
package { "swift-${type}":
|
||||
ensure => $package_ensure,
|
||||
name => getvar("::swift::params::${name}_package_name"),
|
||||
name => getvar("::swift::params::${type}_package_name"),
|
||||
tag => ['openstack', 'swift-package'],
|
||||
}
|
||||
|
||||
file { "/etc/swift/${name}-server/":
|
||||
file { "/etc/swift/${type}-server/":
|
||||
ensure => directory,
|
||||
owner => $::swift::params::user,
|
||||
group => $::swift::params::group,
|
||||
@ -67,8 +68,8 @@ define swift::storage::generic(
|
||||
$service_ensure = 'stopped'
|
||||
}
|
||||
|
||||
swift::service { "swift-${name}-server":
|
||||
os_family_service_name => getvar("::swift::params::${name}_server_service_name"),
|
||||
swift::service { "swift-${type}-server":
|
||||
os_family_service_name => getvar("::swift::params::${type}_server_service_name"),
|
||||
service_ensure => $service_ensure,
|
||||
enabled => $enabled,
|
||||
config_file_name => $config_file_name,
|
||||
@ -76,8 +77,8 @@ define swift::storage::generic(
|
||||
service_tag => "swift-${name}-service",
|
||||
}
|
||||
|
||||
swift::service { "swift-${name}-replicator":
|
||||
os_family_service_name => getvar("::swift::params::${name}_replicator_service_name"),
|
||||
swift::service { "swift-${type}-replicator":
|
||||
os_family_service_name => getvar("::swift::params::${type}_replicator_service_name"),
|
||||
service_ensure => $service_ensure,
|
||||
enabled => $enabled,
|
||||
config_file_name => $config_file_name,
|
||||
@ -85,8 +86,8 @@ define swift::storage::generic(
|
||||
service_tag => "swift-${name}-service",
|
||||
}
|
||||
|
||||
swift::service { "swift-${name}-auditor":
|
||||
os_family_service_name => getvar("::swift::params::${name}_auditor_service_name"),
|
||||
swift::service { "swift-${type}-auditor":
|
||||
os_family_service_name => getvar("::swift::params::${type}_auditor_service_name"),
|
||||
service_ensure => $service_ensure,
|
||||
enabled => $enabled,
|
||||
config_file_name => $config_file_name,
|
||||
|
||||
@ -23,9 +23,9 @@
|
||||
#
|
||||
define swift::storage::mount(
|
||||
$device,
|
||||
$mnt_base_dir = '/srv/node',
|
||||
$loopback = false,
|
||||
$fstype = 'xfs'
|
||||
Stdlib::Absolutepath $mnt_base_dir = '/srv/node',
|
||||
Boolean $loopback = false,
|
||||
String[1] $fstype = 'xfs'
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
# Defaults to undef
|
||||
define swift::storage::node(
|
||||
$mnt_base_dir,
|
||||
$zone,
|
||||
Variant[Integer, Pattern[/^\d+$/]] $zone,
|
||||
$weight = 1,
|
||||
$owner = undef,
|
||||
$group = undef,
|
||||
@ -54,11 +54,6 @@ define swift::storage::node(
|
||||
|
||||
include swift::deps
|
||||
|
||||
if ! $zone =~ Integer {
|
||||
validate_legacy(Pattern[/^\d+$/], 'validate_re', $zone,
|
||||
['^\d+$', 'The zone parameter must be an integer'])
|
||||
}
|
||||
|
||||
Swift::Storage::Server {
|
||||
storage_local_net_ip => $storage_local_net_ip,
|
||||
devices => $mnt_base_dir,
|
||||
|
||||
@ -4,16 +4,17 @@
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*title*] The port the server will be exposed to
|
||||
# Mandatory. Usually 6000, 6001 and 6002 for respectively
|
||||
# object, container and account.
|
||||
#
|
||||
# [*type*]
|
||||
# (required) The type of device, e.g. account, object, or container.
|
||||
#
|
||||
# [*storage_local_net_ip*]
|
||||
# (required) This is the ip that the storage service will bind to when it starts.
|
||||
#
|
||||
# [*bind_port*]
|
||||
# (optional) The port the server will be exposed to Usually 6000, 6001 and
|
||||
# 6002 for respectively object, container and account.
|
||||
# Defaults to $name
|
||||
#
|
||||
# [*devices*]
|
||||
# (optional) The directory where the physical storage device will be mounted.
|
||||
# Defaults to '/srv/node'.
|
||||
@ -224,58 +225,59 @@
|
||||
# Default to $facts['os_service_default'].
|
||||
#
|
||||
define swift::storage::server(
|
||||
$type,
|
||||
Swift::StorageServerType $type,
|
||||
$storage_local_net_ip,
|
||||
$devices = '/srv/node',
|
||||
$rsync_module_per_device = false,
|
||||
$device_names = [],
|
||||
$owner = undef,
|
||||
$group = undef,
|
||||
$max_connections = 25,
|
||||
$hosts_allow = undef,
|
||||
$hosts_deny = undef,
|
||||
$incoming_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
$outgoing_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
$pipeline = ["${type}-server"],
|
||||
$mount_check = true,
|
||||
$disable_fallocate = $facts['os_service_default'],
|
||||
$fallocate_reserve = $facts['os_service_default'],
|
||||
$server_fallocate_reserve = $facts['os_service_default'],
|
||||
$servers_per_port = $facts['os_service_default'],
|
||||
$user = undef,
|
||||
$workers = $facts['os_workers'],
|
||||
$replicator_concurrency = 1,
|
||||
$replicator_interval = $facts['os_service_default'],
|
||||
$updater_concurrency = 1,
|
||||
$reaper_concurrency = 1,
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
$log_level = 'INFO',
|
||||
$log_address = '/dev/log',
|
||||
$log_name = "${type}-server",
|
||||
$log_udp_host = undef,
|
||||
$log_udp_port = undef,
|
||||
$log_requests = true,
|
||||
Pattern[/^\d+$/] $bind_port = $name,
|
||||
$devices = '/srv/node',
|
||||
Boolean $rsync_module_per_device = false,
|
||||
Array[String[1]] $device_names = [],
|
||||
$owner = undef,
|
||||
$group = undef,
|
||||
$max_connections = 25,
|
||||
$hosts_allow = undef,
|
||||
$hosts_deny = undef,
|
||||
$incoming_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
$outgoing_chmod = 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r',
|
||||
Swift::Pipeline $pipeline = ["${type}-server"],
|
||||
$mount_check = true,
|
||||
$disable_fallocate = $facts['os_service_default'],
|
||||
$fallocate_reserve = $facts['os_service_default'],
|
||||
$server_fallocate_reserve = $facts['os_service_default'],
|
||||
$servers_per_port = $facts['os_service_default'],
|
||||
$user = undef,
|
||||
$workers = $facts['os_workers'],
|
||||
$replicator_concurrency = 1,
|
||||
$replicator_interval = $facts['os_service_default'],
|
||||
$updater_concurrency = 1,
|
||||
$reaper_concurrency = 1,
|
||||
$log_facility = 'LOG_LOCAL2',
|
||||
$log_level = 'INFO',
|
||||
$log_address = '/dev/log',
|
||||
$log_name = "${type}-server",
|
||||
$log_udp_host = undef,
|
||||
$log_udp_port = undef,
|
||||
$log_requests = true,
|
||||
# this parameters needs to be specified after type and name
|
||||
$config_file_path = "${type}-server.conf",
|
||||
$statsd_enabled = false,
|
||||
$log_statsd_host = 'localhost',
|
||||
$log_statsd_port = $facts['os_service_default'],
|
||||
$log_statsd_default_sample_rate = $facts['os_service_default'],
|
||||
$log_statsd_sample_rate_factor = $facts['os_service_default'],
|
||||
$log_statsd_metric_prefix = $facts['os_service_default'],
|
||||
$network_chunk_size = $facts['os_service_default'],
|
||||
$disk_chunk_size = $facts['os_service_default'],
|
||||
$client_timeout = $facts['os_service_default'],
|
||||
$auditor_disk_chunk_size = $facts['os_service_default'],
|
||||
$rsync_timeout = $facts['os_service_default'],
|
||||
$rsync_bwlimit = $facts['os_service_default'],
|
||||
$splice = $facts['os_service_default'],
|
||||
$object_server_mb_per_sync = $facts['os_service_default'],
|
||||
$config_file_path = "${type}-server.conf",
|
||||
Boolean $statsd_enabled = false,
|
||||
$log_statsd_host = 'localhost',
|
||||
$log_statsd_port = $facts['os_service_default'],
|
||||
$log_statsd_default_sample_rate = $facts['os_service_default'],
|
||||
$log_statsd_sample_rate_factor = $facts['os_service_default'],
|
||||
$log_statsd_metric_prefix = $facts['os_service_default'],
|
||||
$network_chunk_size = $facts['os_service_default'],
|
||||
$disk_chunk_size = $facts['os_service_default'],
|
||||
$client_timeout = $facts['os_service_default'],
|
||||
$auditor_disk_chunk_size = $facts['os_service_default'],
|
||||
$rsync_timeout = $facts['os_service_default'],
|
||||
$rsync_bwlimit = $facts['os_service_default'],
|
||||
Variant[Openstacklib::ServiceDefault, Boolean] $splice = $facts['os_service_default'],
|
||||
$object_server_mb_per_sync = $facts['os_service_default'],
|
||||
# These parameters only apply to container-server.conf,
|
||||
# and define options for the container-sharder service.
|
||||
$container_sharder_auto_shard = $facts['os_service_default'],
|
||||
$container_sharder_concurrency = $facts['os_service_default'],
|
||||
$container_sharder_interval = $facts['os_service_default'],
|
||||
$container_sharder_auto_shard = $facts['os_service_default'],
|
||||
$container_sharder_concurrency = $facts['os_service_default'],
|
||||
$container_sharder_interval = $facts['os_service_default'],
|
||||
){
|
||||
|
||||
include swift::deps
|
||||
@ -283,31 +285,17 @@ define swift::storage::server(
|
||||
|
||||
$user_real = pick($user, $::swift::params::user)
|
||||
|
||||
# Warn if ${type-server} isn't included in the pipeline
|
||||
$pipeline_array = any2array($pipeline)
|
||||
if empty($pipeline_array) or $pipeline_array[-1] != "${type}-server" {
|
||||
# Fail if ${type-server} isn't included in the pipeline
|
||||
if $pipeline[-1] != "${type}-server" {
|
||||
fail("${type}-server must be the last element in pipeline")
|
||||
}
|
||||
|
||||
|
||||
if ($log_udp_port and !$log_udp_host) {
|
||||
fail ('log_udp_port requires log_udp_host to be set')
|
||||
}
|
||||
|
||||
include "::swift::storage::${type}"
|
||||
|
||||
validate_legacy(Pattern[/^\d+$/], 'validate_re', $name, ['^\d+$'])
|
||||
validate_legacy(Enum['object', 'container', 'account'], 'validate_re',
|
||||
$type, ['^object|container|account$'])
|
||||
validate_legacy(Array, 'validate_array', $pipeline)
|
||||
validate_legacy(Array, 'validate_array', $device_names)
|
||||
|
||||
if ! is_service_default($splice) {
|
||||
validate_legacy(Boolean, 'validate_bool', $splice)
|
||||
}
|
||||
|
||||
$bind_port = $name
|
||||
|
||||
# rsync::server should be included before rsync::server::module
|
||||
include swift::storage
|
||||
if $rsync_module_per_device {
|
||||
@ -348,7 +336,6 @@ define swift::storage::server(
|
||||
|
||||
$config_file_full_path = "/etc/swift/${config_file_path}"
|
||||
|
||||
|
||||
$required_middlewares = split(
|
||||
inline_template(
|
||||
"<%=
|
||||
|
||||
@ -42,12 +42,12 @@
|
||||
# it already has an XFS FS, and mounts de FS in /srv/node/sdX
|
||||
#
|
||||
define swift::storage::xfs(
|
||||
$device = '',
|
||||
$byte_size = '1024',
|
||||
$mnt_base_dir = '/srv/node',
|
||||
$loopback = false,
|
||||
$mount_type = 'path',
|
||||
$manage_filesystem = true,
|
||||
$device = '',
|
||||
$byte_size = '1024',
|
||||
Stdlib::Absolutepath $mnt_base_dir = '/srv/node',
|
||||
Boolean $loopback = false,
|
||||
$mount_type = 'path',
|
||||
Boolean $manage_filesystem = true,
|
||||
) {
|
||||
|
||||
include swift::deps
|
||||
@ -107,6 +107,4 @@ define swift::storage::xfs(
|
||||
mnt_base_dir => $mnt_base_dir,
|
||||
loopback => $loopback,
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
133
spec/functions/validate_tempauth_account_spec.rb
Normal file
133
spec/functions/validate_tempauth_account_spec.rb
Normal file
@ -0,0 +1,133 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'validate_tempauth_account' do
|
||||
it 'exists' do
|
||||
is_expected.not_to eq(nil)
|
||||
end
|
||||
|
||||
it 'works with valid entries (string keys)' do
|
||||
is_expected.to run.with_params({
|
||||
'user' => 'swiftuser',
|
||||
'account' => 'swiftaccount',
|
||||
'key' => 'secret',
|
||||
'groups' => ['swiftgroup'],
|
||||
})
|
||||
end
|
||||
|
||||
it 'works with valid entries (sym keys)' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
})
|
||||
end
|
||||
|
||||
it 'throws error with more than one argument' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}, {
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
|
||||
it 'fails with no arguments' do
|
||||
is_expected.to run.with_params.and_raise_error(Puppet::Error)
|
||||
end
|
||||
|
||||
# missing keys
|
||||
it 'fails when user is missing' do
|
||||
is_expected.to run.with_params({
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when account is missing' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when key is missing' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when groups is missing' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
|
||||
# wrong type
|
||||
it 'fails when user is not a string' do
|
||||
is_expected.to run.with_params({
|
||||
:user => ['swiftuser'],
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when account is not a string' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => ['swiftaccount'],
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when key is not a string' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => ['secret'],
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when group is not an array' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => 'swiftgroup',
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
|
||||
# empty
|
||||
it 'fails when user is empty' do
|
||||
is_expected.to run.with_params({
|
||||
:user => '',
|
||||
:account => 'swiftaccount',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when account is empty' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => '',
|
||||
:key => 'secret',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
it 'fails when key is empty' do
|
||||
is_expected.to run.with_params({
|
||||
:user => 'swiftuser',
|
||||
:account => 'swiftaccount',
|
||||
:key => '',
|
||||
:groups => ['swiftgroup'],
|
||||
}).and_raise_error(Puppet::Error)
|
||||
end
|
||||
end
|
||||
29
spec/type_aliases/ringtype_spec.rb
Normal file
29
spec/type_aliases/ringtype_spec.rb
Normal file
@ -0,0 +1,29 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'Swift::RingType' do
|
||||
describe 'valid types' do
|
||||
context 'with valid types' do
|
||||
[
|
||||
'account',
|
||||
'container',
|
||||
'object',
|
||||
'object-0',
|
||||
'object-10'
|
||||
].each do |value|
|
||||
it { is_expected.to allow_value(value) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'invalid types' do
|
||||
context 'with invalid types' do
|
||||
[
|
||||
'foo',
|
||||
'object-',
|
||||
'object-a'
|
||||
].each do |value|
|
||||
it { is_expected.not_to allow_value(value) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
27
spec/type_aliases/storageservertype_spec.rb
Normal file
27
spec/type_aliases/storageservertype_spec.rb
Normal file
@ -0,0 +1,27 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'Swift::StorageServerType' do
|
||||
describe 'valid types' do
|
||||
context 'with valid types' do
|
||||
[
|
||||
'account',
|
||||
'container',
|
||||
'object',
|
||||
].each do |value|
|
||||
it { is_expected.to allow_value(value) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'invalid types' do
|
||||
context 'with invalid types' do
|
||||
[
|
||||
'foo',
|
||||
'object-',
|
||||
'object-0'
|
||||
].each do |value|
|
||||
it { is_expected.not_to allow_value(value) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
1
types/pipeline.pp
Normal file
1
types/pipeline.pp
Normal file
@ -0,0 +1 @@
|
||||
type Swift::Pipeline = Array[String[1], 1]
|
||||
8
types/ringtype.pp
Normal file
8
types/ringtype.pp
Normal file
@ -0,0 +1,8 @@
|
||||
type Swift::RingType = Variant[
|
||||
Enum[
|
||||
'account',
|
||||
'container',
|
||||
'object'
|
||||
],
|
||||
Pattern[/^object-\d+$/]
|
||||
]
|
||||
5
types/storageservertype.pp
Normal file
5
types/storageservertype.pp
Normal file
@ -0,0 +1,5 @@
|
||||
type Swift::StorageServerType = Enum[
|
||||
'account',
|
||||
'container',
|
||||
'object'
|
||||
]
|
||||
Loading…
Reference in New Issue
Block a user