Iury Gregory Melo Ferreira a266ab91ed Change swift authtoken
Update authtoken class with parameters from
documentation [1]

We cant use the resource because swift does not
use keystone_authtoken section.

- admin_password, use password instead.
- admin_user, use username instead.
- admin_tenant_name, use project_name instead.
- identity_uri, use auth_url instead.
- admin_token, no usage.

- Old parameters (already deprecated)


Change-Id: I1eb4b0712214c059c713001ad991cbe92cd01711
2016-08-25 01:22:56 -03:00

290 lines
8.0 KiB

# Example file for building out a multi-node environment
# This example creates nodes of the following roles:
# swift_storage - nodes that host storage servers
# swift_proxy - nodes that serve as a swift proxy
# swift_ringbuilder - nodes that are responsible for
# rebalancing the rings
# This example assumes a few things:
# * the multi-node scenario requires a puppetmaster
# * it assumes that networking is correctly configured
# These nodes need to be brought up in a certain order
# 1. storage nodes
# 2. ringbuilder
# 3. run the storage nodes again (to synchronize the ring db)
# 4. run the proxy
# 5. test that everything works!!
# this site manifest serves as an example of how to
# deploy various swift environments
#$swift_admin_password = 'admin_password'
$swift_admin_password = hiera('admin_password', 'admin_password')
# swift specific configurations
#$swift_shared_secret = 'changeme'
$swift_shared_secret = hiera('swift_shared_secret', 'changeme')
#$swift_local_net_ip = $ipaddress_eth0
$swift_local_net_ip = hiera('swift_local_net_ip', $ipaddress_eth0)
# Swift storage configurations
$rings = [
$account_pipeline = [
$container_pipeline = [
$object_pipeline = [
#$swift_keystone_node = ''
$swift_keystone_node = hiera('swift_keystone_node', '')
#$swift_proxy_node = ''
$swift_proxy_node = hiera('swift_proxy_node', '')
$swift_zone = hiera('swift_zone', 1)
# configurations that need to be applied to all swift nodes
$swift_keystone_db_password = hiera('keystone_db_password', 'keystone_db_password')
$keystone_admin_token = hiera('admin_token', 'service_token')
$swift_keystone_admin_email = hiera('admin_email', 'keystone@localhost')
$swift_keystone_admin_password = hiera('admin_password', 'ChangeMe')
# This node can be used to deploy a keystone service.
# This service only contains the credentials for authenticating
# swift
node 'swift-keystone' {
# set up mysql server
class { '::mysql::server':
config_hash => {
# the priv grant fails on precise if I set a root password
# TODO I should make sure that this works
# 'root_password' => $mysql_root_password,
'bind_address' => '',
keystone_config {
'DEFAULT/log_config': ensure => absent,
# set up all openstack databases, users, grants
class { '::keystone::db::mysql':
password => $swift_keystone_db_password,
class { '::keystone':
debug => $debug,
catalog_type => 'sql',
admin_token => $admin_token,
enabled => $enabled,
sql_connection => "mysql://keystone_admin:${swift_keystone_db_password}@",
# Setup the Keystone Identity Endpoint
class { '::keystone::endpoint': }
# set up keystone admin users
class { '::keystone::roles::admin':
email => $swift_keystone_admin_email,
password => $swift_keystone_admin_password,
# configure the keystone service user and endpoint
class { '::swift::keystone::auth':
password => $swift_admin_password,
public_address => $swift_proxy_node,
# The example below is used to model swift storage nodes that
# manage 2 endpoints.
# The endpoints are actually just loopback devices. For real deployments
# they would need to be replaced with something that create and mounts xfs
# partitions
node /swift-storage/ {
class { '::swift':
# not sure how I want to deal with this shared secret
swift_hash_path_suffix => $swift_shared_secret,
package_ensure => latest,
# create xfs partitions on a loopback device and mount them
swift::storage::loopback { ['1', '2']:
base_dir => '/srv/loopback-device',
mnt_base_dir => '/srv/node',
require => Class['swift'],
# configure account/container/object server middlewares
swift::storage::filter::recon { $rings: }
swift::storage::filter::healthcheck { $rings: }
# install all swift storage servers together
class { '::swift::storage::all':
storage_local_net_ip => $swift_local_net_ip,
object_pipeline => $object_pipeline,
container_pipeline => $container_pipeline,
account_pipeline => $account_pipeline,
# specify endpoints per device to be added to the ring specification
@@ring_object_device { "${swift_local_net_ip}:6000/1":
zone => $swift_zone,
weight => 1,
@@ring_object_device { "${swift_local_net_ip}:6000/2":
zone => $swift_zone,
weight => 1,
@@ring_container_device { "${swift_local_net_ip}:6001/1":
zone => $swift_zone,
weight => 1,
@@ring_container_device { "${swift_local_net_ip}:6001/2":
zone => $swift_zone,
weight => 1,
# TODO should device be changed to volume
@@ring_account_device { "${swift_local_net_ip}:6002/1":
zone => $swift_zone,
weight => 1,
@@ring_account_device { "${swift_local_net_ip}:6002/2":
zone => $swift_zone,
weight => 1,
# collect resources for synchronizing the ring databases
node /swift-proxy/ {
class { '::swift':
# not sure how I want to deal with this shared secret
swift_hash_path_suffix => $swift_shared_secret,
package_ensure => latest,
# curl is only required so that I can run tests
package { 'curl': ensure => present }
class { '::memcached':
listen_ip => '',
# specify swift proxy and all of its middlewares
class { '::swift::proxy':
proxy_local_net_ip => $swift_local_net_ip,
pipeline => [
account_autocreate => true,
# TODO where is the ringbuilder class?
require => Class['swift::ringbuilder'],
# configure all of the middlewares
class { [
]: }
class { '::swift::proxy::bulk':
max_containers_per_extraction => 10000,
max_failed_extractions => 1000,
max_deletes_per_request => 10000,
yield_frequency => 60,
class { '::swift::proxy::ratelimit':
clock_accuracy => 1000,
max_sleep_time_seconds => 60,
log_sleep_time_seconds => 0,
rate_buffer_seconds => 5,
account_ratelimit => 0,
class { '::swift::proxy::s3token':
# assume that the controller host is the swift api server
auth_host => $swift_keystone_node,
auth_port => '35357',
class { '::swift::proxy::keystone':
operator_roles => ['admin', 'SwiftOperator'],
class { '::swift::proxy::authtoken':
password => $swift_admin_password,
# assume that the controller host is the swift api server
auth_host => $swift_keystone_node,
# collect all of the resources that are needed
# to balance the ring
Ring_object_device <<| |>>
Ring_container_device <<| |>>
Ring_account_device <<| |>>
# create the ring
class { '::swift::ringbuilder':
# the part power should be determined by assuming 100 partitions per drive
part_power => '18',
replicas => '3',
min_part_hours => 1,
require => Class['swift'],
# sets up an rsync db that can be used to sync the ring DB
class { '::swift::ringserver':
local_net_ip => $swift_local_net_ip,
# exports rsync gets that can be used to sync the ring files
@@swift::ringsync { ['account', 'object', 'container']:
ring_server => $swift_local_net_ip,
# deploy a script that can be used for testing
class { '::swift::test_file':
auth_server => $swift_keystone_node,
password => $swift_keystone_admin_password,