├── .gitignore ├── .gitreview ├── CONTRIBUTING.rst ├── LICENSE ├── README.rst ├── Vagrantfile ├── bindep.txt ├── defaults └── main.yml ├── doc ├── Makefile ├── requirements.txt └── source │ ├── _static │ └── .gitkeep │ ├── conf.py │ ├── configure-swift-add.rst │ ├── configure-swift-config.rst │ ├── configure-swift-devices.rst │ ├── configure-swift-glance.rst │ ├── configure-swift-policies.rst │ ├── configure-swift.rst │ └── index.rst ├── examples └── playbook.yml ├── handlers └── main.yml ├── manual-test.rc ├── meta ├── main.yml └── openstack-ansible.yml ├── releasenotes ├── notes │ ├── .placeholder │ ├── add-swift3-support-a3f1a5d866fd8883.yaml │ ├── add-xenial-support-e285a643a39f0438.yaml │ ├── capping_swift_services_workers-5ac9ecb28f56469f.yaml │ ├── deprecate_auth_plugin-397a32171826ef78.yaml │ ├── openstack-distribution-packages-b1c9e1f488e53872.yaml │ ├── os_swift-centos7-support-23846d7eafbfa957.yaml │ ├── os_swift-only-install-venv-fdd5d41759433cf8.yaml │ ├── oslo-messaging-separate-backends-e82ea3162d2d383f.yaml │ ├── package-list-name-changes-e6f88d12f3bd9fa0.yaml │ ├── package-state-f2309b07440d0ae8.yaml │ ├── remove-requirements-git-0c8e83081b435229.yaml │ ├── rsync_reverse_lookup-609fb68be712a5e4.yaml │ ├── swift-conf-b8dd5e1199f8e4a8.yaml │ ├── swift-fallocate-reserve-ff513025da68bfed.yaml │ ├── swift-force-hash-change-45b09eeb8b0368a6.yaml │ ├── swift-fs-file-limits-a57ab8b4c3c944e4.yaml │ ├── swift-init-config-overrides-822ec734e02a0dd1.yaml │ ├── swift-pretend-mph-passed-7e5c15eeb35861c3.yaml │ ├── swift-pypy-gc-options-663fecdf1e013a23.yaml │ ├── swift-pypy-support-9706519c4b88a571.yaml │ ├── swift-reconfigure-xfs-from-mlocate-e4844e6c0469afd6.yaml │ ├── swift-rings-port-change-4a95bbd9b63fb201.yaml │ ├── swift-rsync-module-per-drive-79b05af8276e7d6e.yaml │ ├── swift-service-setup-host-b3d0aca53522a887.yaml │ ├── swift-staticweb-support-b280fbebf271820b.yaml │ ├── swift-syslog-log-perms-5a116171a1adeae3.yaml │ ├── swift-tempauth-configuration-7f710a5e2a1af67f.yaml │ ├── swift-versioned-writes-middleware-0b529e3cf2fb493d.yaml │ ├── swift_gnocchi-29eed9b49794f980.yaml │ ├── swift_init_time_settings-20ea7817cbd2dca9.yaml │ └── swift_internal_client-7c497400d7a8b4a2.yaml └── source │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ ├── mitaka.rst │ ├── newton.rst │ ├── ocata.rst │ ├── pike.rst │ ├── queens.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── unreleased.rst │ ├── ussuri.rst │ └── zed.rst ├── run_tests.sh ├── tasks ├── main.yml ├── swift_calculate_addresses.yml ├── swift_check_hashes.yml ├── swift_install.yml ├── swift_key_setup.yml ├── swift_post_install.yml ├── swift_pre_install.yml ├── swift_proxy_hosts.yml ├── swift_pypy_setup.yml ├── swift_rings.yml ├── swift_rings_build.yml ├── swift_rings_distribute.yml ├── swift_rings_post_distribution_check.yml ├── swift_storage_hosts.yml ├── swift_storage_hosts_account.yml ├── swift_storage_hosts_container.yml ├── swift_storage_hosts_object.yml └── swift_storage_hosts_setup.yml ├── templates ├── account-server-replicator.conf.j2 ├── account-server.conf.j2 ├── container-reconciler.conf.j2 ├── container-server-replicator.conf.j2 ├── container-server.conf.j2 ├── container-sync-realms.conf.j2 ├── drive-audit.conf.j2 ├── internal-client.conf.j2 ├── object-expirer.conf.j2 ├── object-server-replicator.conf.j2 ├── object-server.conf.j2 ├── proxy-server.conf.j2 ├── ring.contents.j2 ├── rsyncd.conf.j2 ├── swift-dispersion.conf.j2 ├── swift-memcache.conf.j2 ├── swift.conf.j2 ├── swift_rings.py.j2 └── swift_rings_check.py.j2 ├── tests ├── ansible-role-requirements.yml ├── group_vars │ └── all_containers.yml ├── host_vars │ ├── infra1.yml │ ├── localhost.yml │ ├── swift-proxy.yml │ ├── swift-storage1.yml │ ├── swift-storage2.yml │ └── swift-storage3.yml ├── inventory ├── os_swift-overrides.yml ├── s3cfg.j2 ├── swift_test.conf.j2 ├── test-swift-functional.yml └── test.yml ├── tox.ini ├── vars ├── debian.yml ├── distro_install.yml ├── main.yml ├── redhat.yml └── source_install.yml └── zuul.d └── project.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Add patterns in here to exclude files created by tools integrated with this 2 | # repository, such as test frameworks from the project's recommended workflow, 3 | # rendered documentation and package builds. 4 | # 5 | # Don't add patterns to exclude files created by preferred personal tools 6 | # (editors, IDEs, your operating system itself even). These should instead be 7 | # maintained outside the repository, for example in a ~/.gitignore file added 8 | # with: 9 | # 10 | # git config --global core.excludesfile '~/.gitignore' 11 | 12 | # Compiled source # 13 | ################### 14 | *.com 15 | *.class 16 | *.dll 17 | *.exe 18 | *.o 19 | *.so 20 | *.pyc 21 | build/ 22 | dist/ 23 | doc/build/ 24 | 25 | # Packages # 26 | ############ 27 | # it's better to unpack these files and commit the raw source 28 | # git has its own built in compression methods 29 | *.7z 30 | *.dmg 31 | *.gz 32 | *.iso 33 | *.jar 34 | *.rar 35 | *.tar 36 | *.zip 37 | 38 | # Logs and databases # 39 | ###################### 40 | *.log 41 | *.sql 42 | *.sqlite 43 | logs/* 44 | 45 | # OS generated files # 46 | ###################### 47 | ._* 48 | .ansible 49 | .tox 50 | *.egg-info 51 | .eggs 52 | 53 | # Generated by pbr while building docs 54 | ###################################### 55 | AUTHORS 56 | ChangeLog 57 | 58 | # Files created by releasenotes build 59 | releasenotes/build 60 | 61 | # Test temp files 62 | tests/common 63 | tests/*.retry 64 | 65 | # Vagrant artifacts 66 | .vagrant 67 | 68 | # Git clones 69 | openstack-ansible-ops 70 | previous 71 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/openstack-ansible-os_swift.git 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.rst: -------------------------------------------------------------------------------- 1 | The source repository for this project can be found at: 2 | 3 | https://opendev.org/openstack/openstack-ansible-os_swift 4 | 5 | Pull requests submitted through GitHub are not monitored. 6 | 7 | To start contributing to OpenStack, follow the steps in the contribution guide 8 | to set up and use Gerrit: 9 | 10 | https://docs.openstack.org/contributors/code-and-documentation/quick-start.html 11 | 12 | Bugs should be filed on Launchpad: 13 | 14 | https://bugs.launchpad.net/openstack-ansible 15 | 16 | For more specific information about contributing to this repository, see the 17 | openstack-ansible contributor guide: 18 | 19 | https://docs.openstack.org/openstack-ansible/latest/contributor/contributing.html 20 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | Swift role for OpenStack-Ansible 3 | ================================ 4 | 5 | Ansible role to install OpenStack swift and swift registry. 6 | 7 | Documentation for the project can be found at: 8 | https://docs.openstack.org/openstack-ansible-os_swift/latest 9 | 10 | Release notes for the project can be found at: 11 | https://docs.openstack.org/releasenotes/openstack-ansible-os_swift/ 12 | 13 | The project source code repository is located at: 14 | https://opendev.org/openstack/openstack-ansible-os_swift/ 15 | 16 | The project home is at: 17 | https://launchpad.net/openstack-ansible 18 | 19 | The project bug tracker is located at: 20 | https://bugs.launchpad.net/openstack-ansible 21 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # Note: 2 | # This file is maintained in the openstack-ansible-tests repository. 3 | # https://opendev.org/openstack/openstack-ansible-tests/src/Vagrantfile 4 | # 5 | # If you need to perform any change on it, you should modify the central file, 6 | # then, an OpenStack CI job will propagate your changes to every OSA repository 7 | # since every repo uses the same Vagrantfile 8 | 9 | # Verify whether required plugins are installed. 10 | required_plugins = [ "vagrant-disksize" ] 11 | required_plugins.each do |plugin| 12 | if not Vagrant.has_plugin?(plugin) 13 | raise "The vagrant plugin #{plugin} is required. Please run `vagrant plugin install #{plugin}`" 14 | end 15 | end 16 | 17 | Vagrant.configure(2) do |config| 18 | config.vm.provider "virtualbox" do |v| 19 | v.memory = 6144 20 | v.cpus = 2 21 | # https://github.com/hashicorp/vagrant/issues/9524 22 | v.customize ["modifyvm", :id, "--audio", "none"] 23 | end 24 | 25 | config.vm.synced_folder ".", "/vagrant", type: "rsync" 26 | 27 | config.vm.provision "shell", 28 | privileged: false, 29 | inline: <<-SHELL 30 | cd /vagrant 31 | ./run_tests.sh 32 | SHELL 33 | 34 | config.vm.define "centos8" do |centos8| 35 | centos8.vm.box = "centos/8" 36 | end 37 | 38 | config.vm.define "debian10" do |debian10| 39 | debian10.vm.box = "debian/buster64" 40 | end 41 | 42 | config.vm.define "ubuntu2004" do |focal| 43 | focal.disksize.size = "40GB" 44 | focal.vm.box = "ubuntu/focal64" 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # This file facilitates OpenStack-CI package installation 2 | # before the execution of any tests. 3 | # 4 | # See the following for details: 5 | # - https://docs.openstack.org/infra/bindep/ 6 | # - https://opendev.org/openstack-infra/bindep 7 | # 8 | # Even if the role does not make use of this facility, it 9 | # is better to have this file empty, otherwise OpenStack-CI 10 | # will fall back to installing its default packages which 11 | # will potentially be detrimental to the tests executed. 12 | # 13 | # Note: 14 | # This file is maintained in the openstack-ansible-tests repository. 15 | # https://opendev.org/openstack/openstack-ansible-tests/src/bindep.txt 16 | # If you need to remove or add extra dependencies, you should modify 17 | # the central file instead and once your change is accepted then update 18 | # this file as well. The purpose of this file is to ensure that Python and 19 | # Ansible have all their necessary binary requirements on the test host before 20 | # tox executes. Any binary requirements needed by services/roles should be 21 | # installed by those roles in their applicable package install tasks, not through 22 | # using this file. 23 | # 24 | 25 | # The gcc compiler 26 | gcc 27 | 28 | # Base requirements for Ubuntu 29 | git-core [platform:dpkg] 30 | libssl-dev [platform:dpkg] 31 | libffi-dev [platform:dpkg] 32 | python3 [platform:dpkg] 33 | python3-apt [platform:dpkg] 34 | python3-dev [platform:dpkg] 35 | 36 | # Base requirements for RPM distros 37 | gcc-c++ [platform:rpm] 38 | git [platform:rpm] 39 | libffi-devel [platform:rpm] 40 | openssl-devel [platform:rpm] 41 | python3-dnf [platform:fedora] 42 | python3-devel [platform:rpm] 43 | 44 | # For SELinux 45 | libselinux-python3 [platform:redhat] 46 | libsemanage-python3 [platform:redhat] 47 | iptables [platform:redhat] 48 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " applehelp to make an Apple Help Book" 34 | @echo " devhelp to make HTML files and a Devhelp project" 35 | @echo " epub to make an epub" 36 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 37 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 38 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 39 | @echo " text to make text files" 40 | @echo " man to make manual pages" 41 | @echo " texinfo to make Texinfo files" 42 | @echo " info to make Texinfo files and run them through makeinfo" 43 | @echo " gettext to make PO message catalogs" 44 | @echo " changes to make an overview of all changed/added/deprecated items" 45 | @echo " xml to make Docutils-native XML files" 46 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 47 | @echo " linkcheck to check all external links for integrity" 48 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 49 | @echo " coverage to run coverage check of the documentation (if enabled)" 50 | 51 | clean: 52 | rm -rf $(BUILDDIR)/* 53 | 54 | html: 55 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 56 | @echo 57 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 58 | 59 | dirhtml: 60 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 61 | @echo 62 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 63 | 64 | singlehtml: 65 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 66 | @echo 67 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 68 | 69 | pickle: 70 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 71 | @echo 72 | @echo "Build finished; now you can process the pickle files." 73 | 74 | json: 75 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 76 | @echo 77 | @echo "Build finished; now you can process the JSON files." 78 | 79 | htmlhelp: 80 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 81 | @echo 82 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 83 | ".hhp project file in $(BUILDDIR)/htmlhelp." 84 | 85 | qthelp: 86 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 87 | @echo 88 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 89 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 90 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/openstack-ansible-os_swift.qhcp" 91 | @echo "To view the help file:" 92 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/openstack-ansible-os_swift.qhc" 93 | 94 | applehelp: 95 | $(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp 96 | @echo 97 | @echo "Build finished. The help book is in $(BUILDDIR)/applehelp." 98 | @echo "N.B. You won't be able to view it unless you put it in" \ 99 | "~/Library/Documentation/Help or install it in your application" \ 100 | "bundle." 101 | 102 | devhelp: 103 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 104 | @echo 105 | @echo "Build finished." 106 | @echo "To view the help file:" 107 | @echo "# mkdir -p $$HOME/.local/share/devhelp/openstack-ansible-os_swift" 108 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/openstack-ansible-os_swift" 109 | @echo "# devhelp" 110 | 111 | epub: 112 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 113 | @echo 114 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 115 | 116 | latex: 117 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 118 | @echo 119 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 120 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 121 | "(use \`make latexpdf' here to do that automatically)." 122 | 123 | latexpdf: 124 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 125 | @echo "Running LaTeX files through pdflatex..." 126 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 127 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 128 | 129 | latexpdfja: 130 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 131 | @echo "Running LaTeX files through platex and dvipdfmx..." 132 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 133 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 134 | 135 | text: 136 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 137 | @echo 138 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 139 | 140 | man: 141 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 142 | @echo 143 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 144 | 145 | texinfo: 146 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 147 | @echo 148 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 149 | @echo "Run \`make' in that directory to run these through makeinfo" \ 150 | "(use \`make info' here to do that automatically)." 151 | 152 | info: 153 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 154 | @echo "Running Texinfo files through makeinfo..." 155 | make -C $(BUILDDIR)/texinfo info 156 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 157 | 158 | gettext: 159 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 160 | @echo 161 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 162 | 163 | changes: 164 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 165 | @echo 166 | @echo "The overview file is in $(BUILDDIR)/changes." 167 | 168 | linkcheck: 169 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 170 | @echo 171 | @echo "Link check complete; look for any errors in the above output " \ 172 | "or in $(BUILDDIR)/linkcheck/output.txt." 173 | 174 | doctest: 175 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 176 | @echo "Testing of doctests in the sources finished, look at the " \ 177 | "results in $(BUILDDIR)/doctest/output.txt." 178 | 179 | coverage: 180 | $(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage 181 | @echo "Testing of coverage in the sources finished, look at the " \ 182 | "results in $(BUILDDIR)/coverage/python.txt." 183 | 184 | xml: 185 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 186 | @echo 187 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 188 | 189 | pseudoxml: 190 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 191 | @echo 192 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 193 | 194 | livehtml: html 195 | sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 196 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | # The order of packages is significant, because pip processes them in the order 2 | # of appearance. Changing the order has an impact on the overall integration 3 | # process, which may cause wedges in the gate later. 4 | 5 | # WARNING: 6 | # This file is maintained in the openstack-ansible-tests repository. 7 | # https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/sync/doc/requirements.txt 8 | # If you need to modify this file, update the one in the 9 | # openstack-ansible-tests repository. Once it merges there, the changes will 10 | # automatically be proposed to all the repositories which use it. 11 | 12 | sphinx>=2.0.0,!=2.1.0 # BSD 13 | sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD 14 | openstackdocstheme>=2.2.1 # Apache-2.0 15 | reno>=3.1.0 # Apache-2.0 16 | doc8>=0.6.0 # Apache-2.0 17 | -------------------------------------------------------------------------------- /doc/source/_static/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_swift/a4d130c081c4d48307be9e625dd38b8caedc33fa/doc/source/_static/.gitkeep -------------------------------------------------------------------------------- /doc/source/configure-swift-add.rst: -------------------------------------------------------------------------------- 1 | `Home `_ OpenStack-Ansible Swift 2 | 3 | Add to existing deployment 4 | ========================== 5 | 6 | Complete the following procedure to deploy swift on an 7 | existing deployment. 8 | 9 | #. `The section called "Configure and mount storage 10 | devices" `_ 11 | 12 | #. `The section called "Configure an Object Storage 13 | deployment" `_ 14 | 15 | #. Optionally, allow all keystone users to use swift by setting 16 | ``swift_allow_all_users`` in the ``user_variables.yml`` file to 17 | ``True``. Any users with the ``member`` role (all authorized 18 | keystone users) can create containers and upload objects 19 | to swift. 20 | 21 | If this value is ``False``, by default only users with the 22 | ``admin`` role or role set in ``swift_operator_role`` can create 23 | containers or manage tenants. 24 | 25 | When the backend type for the glance is set to 26 | ``swift``, glance can access the swift cluster 27 | regardless of whether this value is ``True`` or ``False``. 28 | 29 | #. Run the swift play: 30 | 31 | .. code-block:: shell-session 32 | 33 | # cd /opt/openstack-ansible/playbooks 34 | # openstack-ansible os-swift-install.yml 35 | 36 | -------------------------------------------------------------------------------- /doc/source/configure-swift-devices.rst: -------------------------------------------------------------------------------- 1 | `Home `_ OpenStack-Ansible Swift 2 | 3 | Storage devices 4 | =============== 5 | 6 | This section offers a set of prerequisite instructions for setting up 7 | Object Storage (swift) storage devices. The storage devices must be set up 8 | before installing swift. 9 | 10 | **Procedure 5.1. Configuring and mounting storage devices** 11 | 12 | Object Storage recommends a minimum of three swift hosts 13 | with five storage disks. The example commands in this procedure 14 | use the storage devices ``sdc`` through to ``sdg``. 15 | 16 | #. Determine the storage devices on the node to be used for swift. 17 | 18 | #. Format each device on the node used for storage with XFS. While 19 | formatting the devices, add a unique label for each device. 20 | 21 | Without labels, a failed drive causes mount points to shift and 22 | data to become inaccessible. 23 | 24 | For example, create the file systems on the devices using the 25 | ``mkfs`` command: 26 | 27 | .. code-block:: shell-session 28 | 29 | # apt-get install xfsprogs 30 | # mkfs.xfs -f -i size=1024 -L sdc /dev/sdc 31 | # mkfs.xfs -f -i size=1024 -L sdd /dev/sdd 32 | # mkfs.xfs -f -i size=1024 -L sde /dev/sde 33 | # mkfs.xfs -f -i size=1024 -L sdf /dev/sdf 34 | # mkfs.xfs -f -i size=1024 -L sdg /dev/sdg 35 | 36 | #. Add the mount locations to the ``fstab`` file so that the storage 37 | devices are remounted on boot. The following example mount options 38 | are recommended when using XFS: 39 | 40 | .. code-block:: shell-session 41 | 42 | LABEL=sdc /srv/node/sdc xfs noatime,nodiratime,logbufs=8,auto 0 0 43 | LABEL=sdd /srv/node/sdd xfs noatime,nodiratime,logbufs=8,auto 0 0 44 | LABEL=sde /srv/node/sde xfs noatime,nodiratime,logbufs=8,auto 0 0 45 | LABEL=sdf /srv/node/sdf xfs noatime,nodiratime,logbufs=8,auto 0 0 46 | LABEL=sdg /srv/node/sdg xfs noatime,nodiratime,logbufs=8,auto 0 0 47 | 48 | #. Create the mount points for the devices using the ``mkdir`` command: 49 | 50 | .. code-block:: shell-session 51 | 52 | # mkdir -p /srv/node/sdc 53 | # mkdir -p /srv/node/sdd 54 | # mkdir -p /srv/node/sde 55 | # mkdir -p /srv/node/sdf 56 | # mkdir -p /srv/node/sdg 57 | 58 | The mount point is referenced as the ``mount_point`` parameter in 59 | the ``swift.yml`` file (``/etc/rpc_deploy/conf.d/swift.yml``): 60 | 61 | .. code-block:: shell-session 62 | 63 | # mount /srv/node/sdc 64 | # mount /srv/node/sdd 65 | # mount /srv/node/sde 66 | # mount /srv/node/sdf 67 | # mount /srv/node/sdg 68 | 69 | To view an annotated example of the ``swift.yml`` file, see 70 | `this link `_. 71 | 72 | For the following mounted devices: 73 | 74 | +--------------------------------------+--------------------------------------+ 75 | | Device | Mount location | 76 | +======================================+======================================+ 77 | | /dev/sdc | /srv/node/sdc | 78 | +--------------------------------------+--------------------------------------+ 79 | | /dev/sdd | /srv/node/sdd | 80 | +--------------------------------------+--------------------------------------+ 81 | | /dev/sde | /srv/node/sde | 82 | +--------------------------------------+--------------------------------------+ 83 | | /dev/sdf | /srv/node/sdf | 84 | +--------------------------------------+--------------------------------------+ 85 | | /dev/sdg | /srv/node/sdg | 86 | +--------------------------------------+--------------------------------------+ 87 | 88 | Table: Table 5.1. Mounted devices 89 | 90 | The entry in the ``swift.yml``: 91 | 92 | .. code-block:: yaml 93 | 94 | # drives: 95 | # - name: sdc 96 | # - name: sdd 97 | # - name: sde 98 | # - name: sdf 99 | # - name: sdg 100 | # mount_point: /srv/node 101 | 102 | -------------------------------------------------------------------------------- /doc/source/configure-swift-glance.rst: -------------------------------------------------------------------------------- 1 | `Home `_ OpenStack-Ansible Swift 2 | 3 | Integrate with the Image Service (glance) 4 | ========================================= 5 | 6 | As an option, you can create images in Image Service (glance) and 7 | store them using Object Storage (swift). 8 | 9 | If there is an existing glance backend (for example, 10 | cloud files) but you want to add swift to use as the glance backend, 11 | you can re-add any images from glance after moving 12 | to swift. Images are no longer available if there is a change in the 13 | glance variables when you begin using swift. 14 | 15 | **Procedure 5.3. Integrating Object Storage with Image Service** 16 | 17 | This procedure requires the following: 18 | 19 | - Object Storage v2.2.0 20 | 21 | #. Update the glance options in the 22 | ``/etc/openstack_deploy/user_variables.yml`` file: 23 | 24 | .. code-block:: yaml 25 | 26 | # Glance Options 27 | glance_default_store: swift 28 | glance_swift_store_auth_address: '{{ keystone_service_internalurl }}' 29 | glance_swift_store_container: glance_images 30 | glance_swift_store_endpoint_type: internalURL 31 | glance_swift_store_key: '{{ glance_service_password }}' 32 | glance_swift_store_region: RegionOne 33 | glance_swift_store_user: 'service:glance' 34 | 35 | 36 | - ``glance_default_store``: Set the default store to ``swift``. 37 | 38 | - ``glance_swift_store_auth_address``: Set to the local 39 | authentication address using the 40 | ``'{{ keystone_service_internalurl }}'`` variable. 41 | 42 | - ``glance_swift_store_container``: Set the container name. 43 | 44 | - ``glance_swift_store_endpoint_type``: Set the endpoint type to 45 | ``internalURL``. 46 | 47 | - ``glance_swift_store_key``: Set the glance password using 48 | the ``{{ glance_service_password }}`` variable. 49 | 50 | - ``glance_swift_store_region``: Set the region. The default value 51 | is ``RegionOne``. 52 | 53 | - ``glance_swift_store_user``: Set the tenant and user name to 54 | ``'service:glance'``. 55 | 56 | #. Rerun the glance configuration plays. 57 | 58 | #. Run the glance playbook: 59 | 60 | .. code-block:: shell-session 61 | 62 | # cd /opt/openstack-ansible/playbooks 63 | # openstack-ansible os-glance-install.yml --tags "glance-config" 64 | -------------------------------------------------------------------------------- /doc/source/configure-swift-policies.rst: -------------------------------------------------------------------------------- 1 | `Home `_ OpenStack-Ansible Swift 2 | 3 | Storage policies 4 | ================ 5 | 6 | Storage policies allow segmenting the cluster for various purposes 7 | through the creation of multiple object rings. Using policies, different 8 | devices can belong to different rings with varying levels of 9 | replication. By supporting multiple object rings, swift can 10 | segregate the objects within a single cluster. 11 | 12 | Use storage policies for the following situations: 13 | 14 | - Differing levels of replication: A provider may want to offer 2x 15 | replication and 3x replication, but does not want to maintain two 16 | separate clusters. They can set up a 2x policy and a 3x policy and 17 | assign the nodes to their respective rings. 18 | 19 | - Improving performance: Just as solid state drives (SSD) can be used 20 | as the exclusive members of an account or database ring, an SSD-only 21 | object ring can be created to implement a low-latency or high 22 | performance policy. 23 | 24 | - Collecting nodes into groups: Different object rings can have 25 | different physical servers so that objects in specific storage 26 | policies are always placed in a specific data center or geography. 27 | 28 | - Differing storage implementations: A policy can be used to direct 29 | traffic to collected nodes that use a different disk file (for 30 | example: Kinetic, GlusterFS). 31 | 32 | Most storage clusters do not require more than one storage policy. The 33 | following problems can occur if using multiple storage policies per 34 | cluster: 35 | 36 | - Creating a second storage policy without any specified drives (all 37 | drives are part of only the account, container, and default storage 38 | policy groups) creates an empty ring for that storage policy. 39 | 40 | - Only use a non-default storage policy if specified when creating 41 | a container, using the ``X-Storage-Policy: `` header. 42 | After creating the container, it uses the storage policy. 43 | Other containers continue using the default or another specified 44 | storage policy. 45 | 46 | For more information about storage policies, see: `Storage 47 | Policies `_ 48 | 49 | -------------------------------------------------------------------------------- /doc/source/configure-swift.rst: -------------------------------------------------------------------------------- 1 | `Home `_ OpenStack-Ansible Swift 2 | 3 | .. _configure-swift: 4 | 5 | Configuring swift 6 | ================= 7 | 8 | .. toctree:: 9 | 10 | configure-swift-devices.rst 11 | configure-swift-config.rst 12 | configure-swift-glance.rst 13 | configure-swift-add.rst 14 | configure-swift-policies.rst 15 | 16 | Object Storage (swift) is a multi-tenant Object Storage system. It is 17 | highly scalable, can manage large amounts of unstructured data, and 18 | provides a RESTful HTTP API. 19 | 20 | The following procedure describes how to set up storage devices and 21 | modify the Object Storage configuration files to enable swift 22 | usage. 23 | 24 | #. `The section called "Configure and mount storage 25 | devices" `_ 26 | 27 | #. `The section called "Configure an Object Storage 28 | deployment" `_ 29 | 30 | #. Optionally, allow all Identity (keystone) users to use swift by setting 31 | ``swift_allow_all_users`` in the ``user_variables.yml`` file to 32 | ``True``. Any users with the ``member`` role (all authorized 33 | keystone users) can create containers and upload objects 34 | to Object Storage. 35 | 36 | If this value is ``False``, then by default, only users with the 37 | admin role or role set in ``swift_operator_role`` are allowed to 38 | create containers or manage tenants. 39 | 40 | When the backend type for the Image Service (glance) is set to 41 | ``swift``, glance can access the swift cluster 42 | regardless of whether this value is ``True`` or ``False``. 43 | 44 | 45 | Overview 46 | ~~~~~~~~ 47 | 48 | Object Storage (swift) is configured using the 49 | ``/etc/openstack_deploy/conf.d/swift.yml`` file and the 50 | ``/etc/openstack_deploy/user_variables.yml`` file. 51 | 52 | When installing swift, use the group variables in the 53 | ``/etc/openstack_deploy/conf.d/swift.yml`` file for the Ansible 54 | playbooks. Some variables cannot 55 | be changed after they are set, while some changes require re-running the 56 | playbooks. The values in the ``swift_hosts`` section supersede values in 57 | the ``swift`` section. 58 | 59 | To view the configuration files, including information about which 60 | variables are required and which are optional, see `Appendix A, *OSA 61 | Example test environment configuration* `_. 62 | 63 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | Swift role for OpenStack-Ansible 3 | ================================ 4 | 5 | .. toctree:: 6 | :maxdepth: 2 7 | 8 | configure-swift.rst 9 | 10 | Default Variables 11 | ~~~~~~~~~~~~~~~~~ 12 | 13 | .. literalinclude:: ../../defaults/main.yml 14 | :language: yaml 15 | :start-after: under the License. 16 | 17 | Example Playbook 18 | ~~~~~~~~~~~~~~~~ 19 | 20 | .. literalinclude:: ../../examples/playbook.yml 21 | :language: yaml 22 | 23 | Dependencies 24 | ~~~~~~~~~~~~ 25 | 26 | This role needs pip >= 7.1 installed on the target host. 27 | 28 | Tags 29 | ~~~~ 30 | 31 | This role supports two tags: ``swift-install`` and ``swift-config``. 32 | 33 | The ``swift-install`` tag can be used to install the software. 34 | 35 | The ``swift-config`` tag can be used to maintain configuration of the 36 | service, and do runtime operations. 37 | -------------------------------------------------------------------------------- /examples/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install swift server 3 | hosts: swift_all 4 | user: root 5 | roles: 6 | - role: "os_swift" 7 | tags: 8 | - "os-swift" 9 | vars: 10 | external_lb_vip_address: 172.16.24.1 11 | internal_lb_vip_address: 192.168.0.1 12 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Restart swift services 17 | ansible.builtin.service: 18 | name: "{{ item.service_name }}" 19 | enabled: true 20 | state: "restarted" 21 | daemon_reload: true 22 | with_items: "{{ filtered_swift_services }}" 23 | listen: 24 | - "venv changed" 25 | - "systemd service changed" 26 | - "cert installed" 27 | 28 | - name: Restart rsync service 29 | ansible.builtin.service: 30 | name: "{{ swift_rsync_service_name }}" 31 | state: "restarted" 32 | enabled: "yes" 33 | -------------------------------------------------------------------------------- /manual-test.rc: -------------------------------------------------------------------------------- 1 | export VIRTUAL_ENV=$(pwd) 2 | export ANSIBLE_HOST_KEY_CHECKING=False 3 | export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r 4 | 5 | # TODO (odyssey4me) These are only here as they are non-standard folder 6 | # names for Ansible 1.9.x. We are using the standard folder names for 7 | # Ansible v2.x. We can remove this when we move to Ansible 2.x. 8 | export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action 9 | export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback 10 | export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter 11 | export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup 12 | 13 | # This is required as the default is the current path or a path specified 14 | # in ansible.cfg 15 | export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library 16 | 17 | # This is required as the default is '/etc/ansible/roles' or a path 18 | # specified in ansible.cfg 19 | export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/.. 20 | 21 | export ANSIBLE_SSH_ARGS="-o ControlMaster=no \ 22 | -o UserKnownHostsFile=/dev/null \ 23 | -o StrictHostKeyChecking=no \ 24 | -o ServerAliveInterval=64 \ 25 | -o ServerAliveCountMax=1024 \ 26 | -o Compression=no \ 27 | -o TCPKeepAlive=yes \ 28 | -o VerifyHostKeyDNS=no \ 29 | -o ForwardX11=no \ 30 | -o ForwardAgent=yes" 31 | 32 | echo "Run manual functional tests by executing the following:" 33 | echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml" 34 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | galaxy_info: 17 | author: rcbops 18 | description: Installation and setup of swift 19 | company: Rackspace 20 | license: Apache2 21 | role_name: os_swift 22 | namespace: openstack 23 | min_ansible_version: "2.10" 24 | platforms: 25 | - name: Debian 26 | versions: 27 | - bullseye 28 | - name: Ubuntu 29 | versions: 30 | - focal 31 | - jammy 32 | - name: EL 33 | versions: 34 | - "9" 35 | galaxy_tags: 36 | - cloud 37 | - python 38 | - swift 39 | - development 40 | - openstack 41 | dependencies: 42 | - role: apt_package_pinning 43 | when: 44 | - ansible_facts['pkg_mgr'] == 'apt' 45 | -------------------------------------------------------------------------------- /meta/openstack-ansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # (c) 2017, Jean-Philippe Evrard 17 | 18 | maturity_info: 19 | status: complete 20 | created_during: mitaka 21 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_swift/a4d130c081c4d48307be9e625dd38b8caedc33fa/releasenotes/notes/.placeholder -------------------------------------------------------------------------------- /releasenotes/notes/add-swift3-support-a3f1a5d866fd8883.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The os_swift role now supports the swift3 middleware, allowing access to 4 | swift via the Amazon S3 API. This feature can enabled by setting 5 | ``swift_swift3_enabled`` to ``true``. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/add-xenial-support-e285a643a39f0438.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | feature: 3 | - Support has been added to deploy the swift services on Ubuntu 16.04 4 | LTS. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/capping_swift_services_workers-5ac9ecb28f56469f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Capping the default value for the variable ``swift_proxy_server_workers`` 4 | to 16 when the user doesn't configure this variable and if the swift proxy 5 | is in a container. Default value is half the number of vCPUs available on 6 | the machine if the swift proxy is not in a container. Default value is half 7 | the number of vCPUs available on the machine with a capping value of 16 8 | if the proxy is in a container. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate_auth_plugin-397a32171826ef78.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - The ``swift_keystone_auth_plugin`` variable has been deprecated. 4 | ``swift_keystone_auth_type`` should be used instead to configure 5 | authentication type. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/openstack-distribution-packages-b1c9e1f488e53872.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The role now supports using the distribution packages for the OpenStack 5 | services instead of the pip ones. This feature is disabled by default 6 | and can be enabled by simply setting the ``swift_install_method`` 7 | variable to ``distro``. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/os_swift-centos7-support-23846d7eafbfa957.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - CentOS7/RHEL support has been added to the os_swift role. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/os_swift-only-install-venv-fdd5d41759433cf8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Installation of swift and its dependent pip packages will now only 4 | occur within a Python virtual environment. The ``swift_venv_enabled``, 5 | ``swift_venv_bin`` variables have been removed. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/oslo-messaging-separate-backends-e82ea3162d2d383f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Support separate oslo.messaging services for RPC and Notifications 4 | to enable operation of separate and different messaging backend 5 | servers in swift. 6 | deprecations: 7 | - | 8 | The rabbitmq server parameters have been replaced by corresponding 9 | oslo.messaging Notify parameters in order to abstract the 10 | messaging service from the actual backend server deployment. 11 | - swift_oslomsg_notify_servers replaces swift_rabbitmq_telemetry_servers 12 | - swift_oslomsg_notify_port replaces swift_rabbitmq_telemetry_port 13 | - swift_oslomsg_notify_use_ssl replaces swift_rabbitmq_telemetry_use_ssl 14 | - swift_oslomsg_notify_userid replaces swift_rabbitmq_telemetry_userid 15 | - swift_oslomsg_notify_vhost replaces swift_rabbitmq_telemetry_vhost 16 | - swift_oslomsg_notify_password replaces swift_rabbitmq_telemetry_password 17 | -------------------------------------------------------------------------------- /releasenotes/notes/package-list-name-changes-e6f88d12f3bd9fa0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The variable ``swift_apt_packages`` has been renamed to 4 | ``swift_distro_packages``. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/package-state-f2309b07440d0ae8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The os_swift role now supports the ability to configure whether 4 | apt/yum tasks install the latest available package, or just ensure 5 | that the package is present. The default action is to ensure that 6 | the latest package is present. The action taken may be changed to 7 | only ensure that the package is present by setting 8 | ``swift_package_state`` to ``present``. 9 | upgrade: 10 | - The os_swift role always checks whether the latest package is 11 | installed when executed. If a deployer wishes to change the check to 12 | only validate the presence of the package, the option 13 | ``swift_package_state`` should be set to ``present``. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-requirements-git-0c8e83081b435229.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - The variables ``swift_requirements_git_repo`` and 4 | ``swift_requirements_git_install_branch`` have been 5 | removed in favour of using the URL/path to the 6 | upper-constraints file using the 7 | variable ``pip_install_upper_constraints`` instead. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/rsync_reverse_lookup-609fb68be712a5e4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``swift_rsync_reverse_lookup`` option has been added. This setting 4 | will handle whether rsync performs reverse lookups on client IP 5 | addresses, and will default to ``False``. We recommend leaving this 6 | option at ``False``, unless DNS or host entries exist for each swift 7 | host's replication address. 8 | upgrade: 9 | - The default behaviour of rsync, to perform reverse lookups, has 10 | been changed to ``False``. This can be set to ``True`` by 11 | setting the ``swift_rsync_reverse_lookup`` variable to ``True``. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-conf-b8dd5e1199f8e4a8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Previously, the ``ansible_managed`` var was being 4 | used to insert a header into the ``swift.conf`` that 5 | contained date/time information. This meant that 6 | swift.conf across different nodes did not have the 7 | same MD5SUM, causing ``swift-recon --md5`` to break. 8 | We now insert a piece of static text instead to 9 | resolve this issue. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-fallocate-reserve-ff513025da68bfed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``fallocate_reserve` option can now be set (in bytes or as a percentage) for swift 4 | by using the ``swift_fallocate_reserve`` variable in 5 | ``/etc/openstack_deploy/user_variables.yml``. This value is the amount of space to 6 | reserve on a disk to prevent a situation where swift is unable to remove objects due 7 | to a lack of available disk space to work with. The default value is 1% of the total 8 | disk size. 9 | upgrade: 10 | - The ``swift_fallocate_reserve`` default value has changed from 10737418240 11 | (10GB) to 1% in order to match the OpenStack swift default setting. -------------------------------------------------------------------------------- /releasenotes/notes/swift-force-hash-change-45b09eeb8b0368a6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``openstack-ansible-os_swift`` role will now prevent 4 | deployers from changing the ``swift_hash_path_prefix`` and 5 | ``swift_hash_path_suffix`` variables on clusters that already 6 | have a value set in ``/etc/swift/swift.conf``. 7 | You can set the new ``swift_force_change_hashes`` variable to 8 | ``True`` to force the ``swift_hash_path_`` variables to be 9 | changed. 10 | We recommend setting this by running the os-swift.yml playbook 11 | with ``-e swift_force_change_hashes=True``, to avoid changing 12 | the ``swift_hash_path_`` variables unintentionally. 13 | Use with caution, changing the ``swift_hash_path_`` values 14 | causes end-user impact. 15 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-fs-file-limits-a57ab8b4c3c944e4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``os_swift`` role has 3 new variables that will allow a 4 | deployer to change the hard, soft and fs.file-max limits. the 5 | hard and soft limits are being added to the limits.conf file for 6 | the swift system user. The fs.file-max settings are added to 7 | storage hosts via kernel tuning. The new options are 8 | ``swift_hard_open_file_limits`` with a default of 10240 9 | ``swift_soft_open_file_limits`` with a default of 4096 10 | ``swift_max_file_limits`` with a default of 24 times the value 11 | of ``swift_hard_open_file_limits``. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-init-config-overrides-822ec734e02a0dd1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - New variables have been added to allow a deployer to customize 4 | a swift systemd unit file to their liking. 5 | - The task dropping the swift systemd unit files now uses the 6 | ``config_template`` action plugin allowing deployers access to 7 | customize the unit files as they see fit without having to 8 | load extra options into the defaults and pollute the generic 9 | systemd unit file with jinja2 variables and conditionals. 10 | 11 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-pretend-mph-passed-7e5c15eeb35861c3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``pretend_min_part_hours_passed`` option can now be 4 | passed to swift-ring-builder prior to performing a 5 | rebalance. This is set by the 6 | ``swift_pretend_min_part_hours_passed`` boolean variable. 7 | The default for this variable is False. We recommend setting 8 | this by running the os-swift.yml playbook with 9 | ``-e swift_pretend_min_part_hours_passed=True``, to avoid 10 | resetting ``min_part_hours`` unintentionally on every run. 11 | Setting ``swift_pretend_min_part_hours_passed`` to True will 12 | reset the clock on the last time a rebalance happened, thus 13 | circumventing the min_part_hours check. This should only be 14 | used with extreme caution. If you run this command and deploy 15 | rebalanced rings before a replication pass completes, you may 16 | introduce unavailability in your cluster. This has an end-user 17 | imapct. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-pypy-gc-options-663fecdf1e013a23.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - When using the pypy python interpreter you can configure the garbage 4 | collection (gc) settings for pypy. Set the minimum GC value using the 5 | ``swift_pypy_gc_min`` variable. GC will only happen when the memory 6 | size is above this value. Set the maximum GC value using the 7 | ``swift_pypy_gc_max`` variable. This is the maximum memory heap size 8 | for pypy. 9 | Both variables are not defined by default, and will only be used if 10 | the values are defined and ``swift_pypy_enabled`` is set to ``True``. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-pypy-support-9706519c4b88a571.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - While default python interpreter for swift is cpython, pypy is 4 | now an option. This change adds the ability to greatly improve swift 5 | performance without the core code modifications. These changes have 6 | been implemented using the documentation provided by Intel and 7 | Swiftstack. `Notes about the performance increase can be seen 8 | here `_. 9 | upgrade: 10 | - A new option `swift_pypy_enabled` has been added to enable or 11 | disable the pypy interpreter for swift. The default is "false". 12 | - A new option `swift_pypy_archive` has been added to allow a pre-built 13 | pypy archive to be downloaded and moved into place to support swift 14 | running under pypy. This option is a dictionary and contains the URL 15 | and SHA256 as keys. 16 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-reconfigure-xfs-from-mlocate-e4844e6c0469afd6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - The XFS filesystem is excluded from the daily mlocate crond job 4 | in order to conserve disk IO for large IOPS bursts due to 5 | updatedb/mlocate file indexing. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-rings-port-change-4a95bbd9b63fb201.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Change the port for devices in the ring by adjusting 4 | the port value for services, hosts, or devices. This 5 | will not involve a rebalance of the ring. 6 | - Changing the port for a device, or group of devices, 7 | carries a brief period of downtime to the swift 8 | storage services for those devices. The devices will 9 | be unavailable during period between when the 10 | storage service restarts after the port update, and 11 | the ring updates to match the new port. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-rsync-module-per-drive-79b05af8276e7d6e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Enable rsync module per object server drive by setting 4 | the ``swift_rsync_module_per_drive`` setting to ``True``. 5 | Set this to configure rsync and swift to utilise individual 6 | configuration per drive. This is required when disabling 7 | rsyncs to individual disks. For example, in a disk full 8 | scenario. 9 | upgrade: 10 | - The ``swift_max_rsync_connections`` default value has 11 | changed from 2 to 4 in order to match the OpenStack swift 12 | documented value. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-service-setup-host-b3d0aca53522a887.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The service setup in keystone for swift will now be executed 5 | through delegation to the ``swift_service_setup_host`` which, 6 | by default, is ``localhost`` (the deploy host). Deployers can 7 | opt to rather change this to the utility container by implementing 8 | the following override in ``user_variables.yml``. 9 | 10 | .. code-block:: yaml 11 | 12 | swift_service_setup_host: "{{ groups['utility_all'][0] }}" 13 | 14 | deprecations: 15 | - | 16 | The variable ``swift_requires_pip_packages`` is no longer required 17 | and has therefore been removed. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-staticweb-support-b280fbebf271820b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The ``os_swift`` role will now include the swift "staticweb" middleware 4 | by default. 5 | upgrade: 6 | - When upgrading a Swift deployment from Mitaka to Newton it should be noted 7 | that the enabled middleware list has changed. In Newton the "staticweb" 8 | middleware will be loaded by default. While the change adds a feature it is 9 | non-disruptive in upgrades. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-syslog-log-perms-5a116171a1adeae3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - The os_swift role now allows the permissions for the log files created 4 | by the swift account, container and object servers to be set. The 5 | variable is ``swift_syslog_log_perms`` and is set to ``0644`` by 6 | default. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-tempauth-configuration-7f710a5e2a1af67f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Swift tempauth users now be specified. The 4 | ``swift_tempauth_users`` variable can be defined as a list 5 | of tempauth users, and their permissions. You will still 6 | need to specify the appropriate Swift middleware using the 7 | ``swift_middleware_list`` variable, in order to utilise 8 | tempauth. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-versioned-writes-middleware-0b529e3cf2fb493d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Swift ``versioned_writes`` middleware is added to the 4 | pipeline by default. Additionally the 5 | ``allow_versioned_writes`` settings in the middleware 6 | configuration is set to ``True``. This follows the 7 | Swift defaults, and enables the use of the 8 | ``X-History-Location`` metadata Header. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/swift_gnocchi-29eed9b49794f980.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | deprecations: 4 | - | 5 | Variable `swift_gnocchi_enabled` has been removed and won't have any 6 | effect 7 | -------------------------------------------------------------------------------- /releasenotes/notes/swift_init_time_settings-20ea7817cbd2dca9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - For the ``os_swift`` role, the systemd unit ``TimeoutSec`` value which 4 | controls the time between sending a SIGTERM signal and a SIGKILL signal 5 | when stopping or restarting the service has been reduced from 300 seconds 6 | to 120 seconds. This provides 2 minutes for long-lived sessions to drain 7 | while preventing new ones from starting before a restart or a stop. The 8 | ``RestartSec`` value which controls the time between the service stop and 9 | start when restarting has been reduced from 150 seconds to 2 seconds to 10 | make the restart happen faster. These values can be adjusted by using the 11 | ``swift_*_init_config_overrides`` variables which use the 12 | ``config_template`` task to change template defaults. 13 | upgrade: 14 | - For the ``os_swift`` role, the systemd unit ``TimeoutSec`` value which 15 | controls the time between sending a SIGTERM signal and a SIGKILL signal 16 | when stopping or restarting the service has been reduced from 300 seconds 17 | to 120 seconds. This provides 2 minutes for long-lived sessions to drain 18 | while preventing new ones from starting before a restart or a stop. The 19 | ``RestartSec`` value which controls the time between the service stop and 20 | start when restarting has been reduced from 150 seconds to 2 seconds to 21 | make the restart happen faster. These values can be adjusted by using the 22 | ``swift_*_init_config_overrides`` variables which use the 23 | ``config_template`` task to change template defaults. 24 | -------------------------------------------------------------------------------- /releasenotes/notes/swift_internal_client-7c497400d7a8b4a2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Swift container-sync has been updated to use 4 | ``internal-client``. This means a new configuration 5 | file ``internal-client.conf`` has been added. 6 | Configuration can be overridden using the variable 7 | ``swift_internal_client_conf_overrides``. 8 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_swift/a4d130c081c4d48307be9e625dd38b8caedc33fa/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/openstack-ansible-os_swift/a4d130c081c4d48307be9e625dd38b8caedc33fa/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This file is execfile()d with the current directory set to its 17 | # containing dir. 18 | # 19 | # Note that not all possible configuration values are present in this 20 | # autogenerated file. 21 | # 22 | # All configuration values have a default; values that are commented out 23 | # serve to show the default. 24 | 25 | # If extensions (or modules to document with autodoc) are in another directory, 26 | # add these directories to sys.path here. If the directory is relative to the 27 | # documentation root, use os.path.abspath to make it absolute, like shown here. 28 | # sys.path.insert(0, os.path.abspath('.')) 29 | 30 | # -- General configuration ------------------------------------------------ 31 | 32 | # If your documentation needs a minimal Sphinx version, state it here. 33 | # needs_sphinx = '1.0' 34 | 35 | # Add any Sphinx extension module names here, as strings. They can be 36 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 37 | # ones. 38 | extensions = [ 39 | 'openstackdocstheme', 40 | 'reno.sphinxext', 41 | ] 42 | 43 | # Add any paths that contain templates here, relative to this directory. 44 | templates_path = ['_templates'] 45 | 46 | # The suffix of source filenames. 47 | source_suffix = '.rst' 48 | 49 | # The encoding of source files. 50 | # source_encoding = 'utf-8-sig' 51 | 52 | # The master toctree document. 53 | master_doc = 'index' 54 | 55 | # General information about the project. 56 | author = 'OpenStack-Ansible Contributors' 57 | category = 'Miscellaneous' 58 | copyright = '2014-2016, OpenStack-Ansible Contributors' 59 | description = 'OpenStack-Ansible deploys OpenStack environments using Ansible.' 60 | project = 'OpenStack-Ansible' 61 | role_name = 'os_swift' 62 | target_name = 'openstack-ansible-' + role_name 63 | title = 'OpenStack-Ansible Release Notes: ' + role_name + 'role' 64 | 65 | # Release notes do not need a version number in the title, they 66 | # cover multiple releases. 67 | # The full version, including alpha/beta/rc tags. 68 | release = '' 69 | # The short X.Y version. 70 | version = '' 71 | 72 | # openstackdocstheme options 73 | openstackdocs_repo_name = 'openstack/' + target_name 74 | openstackdocs_bug_project = project.lower() 75 | openstackdocs_bug_tag = '' 76 | 77 | # The language for content autogenerated by Sphinx. Refer to documentation 78 | # for a list of supported languages. 79 | # language = None 80 | 81 | # There are two options for replacing |today|: either, you set today to some 82 | # non-false value, then it is used: 83 | # today = '' 84 | # Else, today_fmt is used as the format for a strftime call. 85 | # today_fmt = '%B %d, %Y' 86 | 87 | # List of patterns, relative to source directory, that match files and 88 | # directories to ignore when looking for source files. 89 | exclude_patterns = [] 90 | 91 | # The reST default role (used for this markup: `text`) to use for all 92 | # documents. 93 | # default_role = None 94 | 95 | # If true, '()' will be appended to :func: etc. cross-reference text. 96 | # add_function_parentheses = True 97 | 98 | # If true, the current module name will be prepended to all description 99 | # unit titles (such as .. function::). 100 | # add_module_names = True 101 | 102 | # If true, sectionauthor and moduleauthor directives will be shown in the 103 | # output. They are ignored by default. 104 | # show_authors = False 105 | 106 | # The name of the Pygments (syntax highlighting) style to use. 107 | pygments_style = 'native' 108 | 109 | # A list of ignored prefixes for module index sorting. 110 | # modindex_common_prefix = [] 111 | 112 | # If true, keep warnings as "system message" paragraphs in the built documents. 113 | # keep_warnings = False 114 | 115 | 116 | # -- Options for HTML output ---------------------------------------------- 117 | 118 | # The theme to use for HTML and HTML Help pages. See the documentation for 119 | # a list of builtin themes. 120 | html_theme = 'openstackdocs' 121 | 122 | # Theme options are theme-specific and customize the look and feel of a theme 123 | # further. For a list of options available for each theme, see the 124 | # documentation. 125 | # html_theme_options = {} 126 | 127 | # Add any paths that contain custom themes here, relative to this directory. 128 | # html_theme_path = [] 129 | 130 | # The name for this set of Sphinx documents. If None, it defaults to 131 | # " v documentation". 132 | # html_title = None 133 | 134 | # A shorter title for the navigation bar. Default is the same as html_title. 135 | # html_short_title = None 136 | 137 | # The name of an image file (relative to this directory) to place at the top 138 | # of the sidebar. 139 | # html_logo = None 140 | 141 | # The name of an image file (within the static path) to use as favicon of the 142 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 143 | # pixels large. 144 | # html_favicon = None 145 | 146 | # Add any paths that contain custom static files (such as style sheets) here, 147 | # relative to this directory. They are copied after the builtin static files, 148 | # so a file named "default.css" will overwrite the builtin "default.css". 149 | html_static_path = ['_static'] 150 | 151 | # Add any extra paths that contain custom files (such as robots.txt or 152 | # .htaccess) here, relative to this directory. These files are copied 153 | # directly to the root of the documentation. 154 | # html_extra_path = [] 155 | 156 | # If true, SmartyPants will be used to convert quotes and dashes to 157 | # typographically correct entities. 158 | # html_use_smartypants = True 159 | 160 | # Custom sidebar templates, maps document names to template names. 161 | # html_sidebars = {} 162 | 163 | # Additional templates that should be rendered to pages, maps page names to 164 | # template names. 165 | # html_additional_pages = {} 166 | 167 | # If false, no module index is generated. 168 | # html_domain_indices = True 169 | 170 | # If false, no index is generated. 171 | # html_use_index = True 172 | 173 | # If true, the index is split into individual pages for each letter. 174 | # html_split_index = False 175 | 176 | # If true, links to the reST sources are added to the pages. 177 | # html_show_sourcelink = True 178 | 179 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 180 | # html_show_sphinx = True 181 | 182 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 183 | # html_show_copyright = True 184 | 185 | # If true, an OpenSearch description file will be output, and all pages will 186 | # contain a tag referring to it. The value of this option must be the 187 | # base URL from which the finished HTML is served. 188 | # html_use_opensearch = '' 189 | 190 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 191 | # html_file_suffix = None 192 | 193 | # Output file base name for HTML help builder. 194 | htmlhelp_basename = target_name + '-docs' 195 | 196 | 197 | # -- Options for LaTeX output --------------------------------------------- 198 | 199 | latex_elements = { 200 | # The paper size ('letterpaper' or 'a4paper'). 201 | # 'papersize': 'letterpaper', 202 | 203 | # The font size ('10pt', '11pt' or '12pt'). 204 | # 'pointsize': '10pt', 205 | 206 | # Additional stuff for the LaTeX preamble. 207 | # 'preamble': '', 208 | } 209 | 210 | # Grouping the document tree into LaTeX files. List of tuples 211 | # (source start file, target name, title, 212 | # author, documentclass [howto, manual, or own class]). 213 | latex_documents = [ 214 | (master_doc, target_name + '.tex', 215 | title, author, 'manual'), 216 | ] 217 | 218 | # The name of an image file (relative to this directory) to place at the top of 219 | # the title page. 220 | # latex_logo = None 221 | 222 | # For "manual" documents, if this is true, then toplevel headings are parts, 223 | # not chapters. 224 | # latex_use_parts = False 225 | 226 | # If true, show page references after internal links. 227 | # latex_show_pagerefs = False 228 | 229 | # If true, show URL addresses after external links. 230 | # latex_show_urls = False 231 | 232 | # Documents to append as an appendix to all manuals. 233 | # latex_appendices = [] 234 | 235 | # If false, no module index is generated. 236 | # latex_domain_indices = True 237 | 238 | 239 | # -- Options for manual page output --------------------------------------- 240 | 241 | # One entry per manual page. List of tuples 242 | # (source start file, name, description, authors, manual section). 243 | man_pages = [ 244 | (master_doc, target_name, 245 | title, [author], 1) 246 | ] 247 | 248 | # If true, show URL addresses after external links. 249 | # man_show_urls = False 250 | 251 | 252 | # -- Options for Texinfo output ------------------------------------------- 253 | 254 | # Grouping the document tree into Texinfo files. List of tuples 255 | # (source start file, target name, title, author, 256 | # dir menu entry, description, category) 257 | texinfo_documents = [ 258 | (master_doc, target_name, 259 | title, author, project, 260 | description, category), 261 | ] 262 | 263 | # Documents to append as an appendix to all manuals. 264 | # texinfo_appendices = [] 265 | 266 | # If false, no module index is generated. 267 | # texinfo_domain_indices = True 268 | 269 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 270 | # texinfo_show_urls = 'footnote' 271 | 272 | # If true, do not generate a @detailmenu in the "Top" node's menu. 273 | # texinfo_no_detailmenu = False 274 | 275 | # -- Options for Internationalization output ------------------------------ 276 | locale_dirs = ['locale/'] 277 | -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | OpenStack-Ansible Release Notes 3 | ================================ 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | zed 10 | ussuri 11 | train 12 | stein 13 | rocky 14 | queens 15 | pike 16 | ocata 17 | newton 18 | mitaka 19 | -------------------------------------------------------------------------------- /releasenotes/source/mitaka.rst: -------------------------------------------------------------------------------- 1 | ============================= 2 | Mitaka Series Release Notes 3 | ============================= 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/mitaka 7 | -------------------------------------------------------------------------------- /releasenotes/source/newton.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Newton Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/newton 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Ocata Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Pike Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Queens Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Rocky Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | =================================== 2 | Stein Series Release Notes 3 | =================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Train Series Release Notes 3 | ========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Current Series Release Notes 3 | ============================== 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | Ussuri Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | ======================== 2 | Zed Series Release Notes 3 | ======================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # PURPOSE: 17 | # This script clones the openstack-ansible-tests repository to the 18 | # tests/common folder in order to be able to re-use test components 19 | # for role testing. This is intended to be the thinnest possible 20 | # shim for test execution outside of OpenStack CI. 21 | 22 | # WARNING: 23 | # This file is maintained in the openstack-ansible-tests repository. 24 | # https://opendev.org/openstack/openstack-ansible-tests/src/run_tests.sh 25 | # If you need to modify this file, update the one in the openstack-ansible-tests 26 | # repository and then update this file as well. The purpose of this file is to 27 | # prepare the host and then execute all the tox tests. 28 | # 29 | 30 | ## Shell Opts ---------------------------------------------------------------- 31 | set -xeu 32 | 33 | ## Vars ---------------------------------------------------------------------- 34 | 35 | WORKING_DIR="$(readlink -f $(dirname $0))" 36 | OSA_PROJECT_NAME="$(sed -n 's|^project=openstack/\(.*\).git$|\1|p' $(pwd)/.gitreview)" 37 | 38 | COMMON_TESTS_PATH="${WORKING_DIR}/tests/common" 39 | TESTING_HOME=${TESTING_HOME:-$HOME} 40 | ZUUL_TESTS_CLONE_LOCATION="/home/zuul/src/opendev.org/openstack/openstack-ansible-tests" 41 | 42 | # Use .gitreview as the key to determine the appropriate 43 | # branch to clone for tests. 44 | TESTING_BRANCH=$(awk -F'=' '/defaultbranch/ {print $2}' "${WORKING_DIR}/.gitreview") 45 | if [[ "${TESTING_BRANCH}" == "" ]]; then 46 | TESTING_BRANCH="master" 47 | fi 48 | 49 | ## Main ---------------------------------------------------------------------- 50 | 51 | # Source distribution information 52 | source /etc/os-release || source /usr/lib/os-release 53 | 54 | # Figure out the appropriate package install command 55 | case ${ID,,} in 56 | centos|rhel|fedora|rocky) pkg_mgr_cmd="dnf install -y" ;; 57 | ubuntu|debian) pkg_mgr_cmd="apt-get install -y" ;; 58 | *) echo "unsupported distribution: ${ID,,}"; exit 1 ;; 59 | esac 60 | 61 | # Install git so that we can clone the tests repo if git is not available 62 | which git &>/dev/null || eval sudo "${pkg_mgr_cmd}" git 63 | 64 | # Clone the tests repo for access to the common test script 65 | if [[ ! -d "${COMMON_TESTS_PATH}" ]]; then 66 | # The tests repo doesn't need a clone, we can just 67 | # symlink it. 68 | if [[ "${OSA_PROJECT_NAME}" == "openstack-ansible-tests" ]]; then 69 | ln -s "${WORKING_DIR}" "${COMMON_TESTS_PATH}" 70 | 71 | # In zuul v3 any dependent repository is placed into 72 | # /home/zuul/src/opendev.org, so we check to see 73 | # if there is a tests checkout there already. If so, we 74 | # symlink that and use it. 75 | elif [[ -d "${ZUUL_TESTS_CLONE_LOCATION}" ]]; then 76 | ln -s "${ZUUL_TESTS_CLONE_LOCATION}" "${COMMON_TESTS_PATH}" 77 | 78 | # Otherwise we're clearly not in zuul or using a previously setup 79 | # repo in some way, so just clone it from upstream. 80 | else 81 | git clone -b "${TESTING_BRANCH}" \ 82 | https://opendev.org/openstack/openstack-ansible-tests \ 83 | "${COMMON_TESTS_PATH}" 84 | fi 85 | fi 86 | 87 | # Execute the common test script 88 | source tests/common/run_tests_common.sh 89 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Gather variables for each operating system 17 | ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" 18 | vars: 19 | params: 20 | files: 21 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" 22 | - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 23 | - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" 24 | - "{{ ansible_facts['distribution'] | lower }}.yml" 25 | - "{{ ansible_facts['os_family'] | lower }}.yml" 26 | paths: 27 | - "{{ role_path }}/vars" 28 | tags: 29 | - always 30 | 31 | - name: Fail if service was deployed using a different installation method 32 | ansible.builtin.fail: 33 | msg: "Switching installation methods for OpenStack services is not supported" 34 | when: 35 | - ansible_local is defined 36 | - ansible_local.openstack_ansible is defined 37 | - ansible_local.openstack_ansible.swift is defined 38 | - ansible_local.openstack_ansible.swift.install_method is defined 39 | - ansible_local.openstack_ansible.swift.install_method != swift_install_method 40 | 41 | - name: Gather variables for installation method 42 | ansible.builtin.include_vars: "{{ swift_install_method }}_install.yml" 43 | tags: 44 | - always 45 | 46 | # Check the swift_hash_path_* variables haven't changed 47 | - name: Importing swift_check_hashes tasks 48 | ansible.builtin.import_tasks: swift_check_hashes.yml 49 | when: 50 | - "not swift_force_change_hashes | bool" 51 | tags: 52 | - swift-config 53 | 54 | - name: Importing swift_pre_install tasks 55 | ansible.builtin.import_tasks: swift_pre_install.yml 56 | when: 57 | - "swift_do_setup | bool" 58 | - "'swift_all' in group_names" 59 | tags: 60 | - swift-install 61 | 62 | - name: Importing swift_key_setup tasks 63 | ansible.builtin.import_tasks: swift_key_setup.yml 64 | when: 65 | - "swift_do_sync | bool" 66 | tags: 67 | - swift-config 68 | 69 | - name: Importing swift_install tasks 70 | ansible.builtin.import_tasks: swift_install.yml 71 | when: 72 | - "swift_do_setup | bool" 73 | - "'swift_all' in group_names" 74 | tags: 75 | - swift-install 76 | 77 | - name: Importing swift_post_install tasks 78 | ansible.builtin.import_tasks: swift_post_install.yml 79 | when: 80 | - "swift_do_setup | bool" 81 | - "'swift_all' in group_names" 82 | tags: 83 | - swift-config 84 | - post-install 85 | 86 | - name: Importing swift_calculate_addresses tasks 87 | ansible.builtin.import_tasks: swift_calculate_addresses.yml 88 | when: 89 | - "'swift_hosts' in group_names" 90 | tags: 91 | - always 92 | 93 | - name: Importing swift_storage_hosts tasks 94 | ansible.builtin.import_tasks: swift_storage_hosts.yml 95 | when: 96 | - "swift_do_setup | bool" 97 | - "'swift_hosts' in group_names" 98 | tags: 99 | - swift-config 100 | 101 | - name: Importing swift_proxy_hosts tasks 102 | ansible.builtin.import_tasks: swift_proxy_hosts.yml 103 | when: 104 | - "swift_do_setup | bool" 105 | - "'swift_proxy' in group_names" 106 | tags: 107 | - swift-config 108 | 109 | - name: Importing swift_rings tasks 110 | ansible.builtin.import_tasks: swift_rings.yml 111 | when: 112 | - "swift_do_sync | bool" 113 | tags: 114 | - swift-config 115 | - swift-rings 116 | 117 | - name: Run the systemd service role 118 | ansible.builtin.import_role: 119 | name: systemd_service 120 | vars: 121 | systemd_user_name: "{{ swift_system_user_name }}" 122 | systemd_group_name: "{{ swift_system_group_name }}" 123 | systemd_tempd_prefix: openstack 124 | systemd_slice_name: "{{ swift_system_slice_name }}" 125 | systemd_lock_dir: "{{ swift_lock_dir }}" 126 | systemd_service_cpu_accounting: true 127 | systemd_service_block_io_accounting: true 128 | systemd_service_memory_accounting: true 129 | systemd_service_tasks_accounting: true 130 | systemd_services: |- 131 | {% set services = [] %} 132 | {% for service in filtered_swift_services %} 133 | {% 134 | set _ = service.update( 135 | { 136 | 'enabled': 'yes', 137 | 'state': 'started', 138 | 'config_overrides': swift_service_defaults | combine(service.init_config_overrides, recursive=True) 139 | } 140 | ) 141 | %} 142 | {% set _ = service.pop('init_config_overrides') -%} 143 | {% set _ = services.append(service) -%} 144 | {% endfor %} 145 | {{ services }} 146 | tags: 147 | - swift-config 148 | - systemd-service 149 | 150 | - name: Including osa.mq_setup role 151 | ansible.builtin.include_role: 152 | name: openstack.osa.mq_setup 153 | apply: 154 | tags: 155 | - common-mq 156 | - swift-config 157 | when: 158 | - _swift_proxy_is_first_play_host 159 | vars: 160 | _oslomsg_configure_notify: "{{ swift_ceilometer_enabled | bool }}" 161 | _oslomsg_notify_setup_host: "{{ swift_oslomsg_notify_setup_host }}" 162 | _oslomsg_notify_userid: "{{ swift_oslomsg_notify_userid }}" 163 | _oslomsg_notify_password: "{{ swift_oslomsg_notify_password }}" 164 | _oslomsg_notify_vhost: "{{ swift_oslomsg_notify_vhost }}" 165 | _oslomsg_notify_transport: "{{ swift_oslomsg_notify_transport }}" 166 | _oslomsg_notify_policies: "{{ swift_oslomsg_notify_policies }}" 167 | tags: 168 | - always 169 | 170 | - name: Including osa.service_setup roled 171 | ansible.builtin.include_role: 172 | name: openstack.osa.service_setup 173 | apply: 174 | tags: 175 | - common-service 176 | - swift-config 177 | vars: 178 | _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" 179 | _service_in_ldap: "{{ swift_service_in_ldap }}" 180 | _service_setup_host: "{{ swift_service_setup_host }}" 181 | _service_setup_host_python_interpreter: "{{ swift_service_setup_host_python_interpreter }}" 182 | _service_project_name: "{{ swift_service_project_name }}" 183 | _service_region: "{{ swift_service_region }}" 184 | _service_users: 185 | - name: "{{ swift_service_user_name }}" 186 | password: "{{ swift_service_password }}" 187 | role: "{{ swift_service_role_names }}" 188 | - name: "{{ swift_dispersion_user }}" 189 | password: "{{ swift_dispersion_password }}" 190 | role: "{{ swift_operator_role }}" 191 | - name: "{{ ceilometer_service_user_name | default('ceilometer') }}" 192 | role: "{{ swift_reselleradmin_role }}" 193 | project: "{{ ceilometer_service_project_name | default('service') }}" 194 | condition: "{{ swift_ceilometer_enabled | bool }}" 195 | _service_endpoints: 196 | - service: "{{ swift_service_name }}" 197 | interface: "public" 198 | url: "{{ swift_service_publicurl }}" 199 | - service: "{{ swift_service_name }}" 200 | interface: "internal" 201 | url: "{{ swift_service_internalurl }}" 202 | - service: "{{ swift_service_name }}" 203 | interface: "admin" 204 | url: "{{ swift_service_adminurl }}" 205 | _service_catalog: 206 | - name: "{{ swift_service_name }}" 207 | type: "{{ swift_service_type }}" 208 | description: "{{ swift_service_description }}" 209 | when: 210 | - "swift_do_setup | bool" 211 | - '"keystoneauth" in swift_middleware_list' 212 | - _swift_proxy_is_first_play_host 213 | tags: 214 | - always 215 | 216 | - name: Flush handlers 217 | ansible.builtin.meta: flush_handlers 218 | -------------------------------------------------------------------------------- /tasks/swift_calculate_addresses.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Set swift_storage_address fact so it is consumable in hostvars (for ring.contents template) 17 | - name: Set swift_storage_address fact if defined 18 | ansible.builtin.set_fact: 19 | swift_storage_address: "{{ swift_storage_address }}" 20 | when: 21 | - swift_storage_address is defined 22 | tags: 23 | - always 24 | 25 | # swift_vars.storage_ip always takes precedence 26 | - name: Get swift_vars.storage_ip if defined 27 | ansible.builtin.set_fact: 28 | swift_storage_address: "{{ swift_vars.storage_ip }}" 29 | when: 30 | - swift_vars.storage_ip is defined 31 | tags: 32 | - always 33 | 34 | # Get the swift storage bridge 35 | - name: Get swift storage bridge 36 | ansible.builtin.set_fact: 37 | swift_storage_bridge: "{{ swift.storage_network | replace('-', '_') }}" 38 | when: 39 | - swift.storage_network is defined 40 | - swift_storage_address is not defined 41 | tags: 42 | - always 43 | 44 | - name: Gather facts for storage_bridge 45 | ansible.builtin.setup: 46 | filter: "{{ swift_storage_bridge }}" 47 | when: 48 | - swift_storage_bridge is defined 49 | - ansible_facts[swift_storage_bridge] is defined 50 | - swift_storage_address is not defined 51 | 52 | - name: Swift storage address not found 53 | ansible.builtin.fail: 54 | msg: "{{ swift.storage_network }} not found on host, can't find storage address." 55 | when: 56 | - swift.storage_network is defined 57 | - swift_storage_bridge is defined 58 | - ansible_facts[swift_storage_bridge] is not defined 59 | - swift_storage_address is not defined 60 | 61 | - name: Get swift storage address (with storage_network) 62 | ansible.builtin.set_fact: 63 | swift_storage_address: "{{ ansible_facts[swift_storage_bridge]['ipv4']['address'] }}" 64 | when: 65 | - swift_storage_bridge is defined 66 | - ansible_facts[swift_storage_bridge] is defined 67 | - swift_storage_address is not defined 68 | tags: 69 | - always 70 | 71 | - name: Get swift storage address (no storage_network) 72 | ansible.builtin.set_fact: 73 | swift_storage_address: "{{ ansible_host }}" 74 | when: 75 | - swift.storage_network is not defined 76 | - swift_storage_address is not defined 77 | tags: 78 | - always 79 | 80 | # Set swift_replication_address fact so it is consumable in hostvars (for ring.contents template) 81 | - name: Set swift_replication_address fact if defined 82 | ansible.builtin.set_fact: 83 | swift_replication_address: "{{ swift_replication_address }}" 84 | when: 85 | - swift_replication_address is defined 86 | tags: 87 | - always 88 | 89 | # swift_vars.repl_ip always takes precedence 90 | - name: Get swift_vars.repl_ip if defined 91 | ansible.builtin.set_fact: 92 | swift_replication_address: "{{ swift_vars.repl_ip }}" 93 | when: 94 | - swift_vars.repl_ip is defined 95 | tags: 96 | - always 97 | 98 | - name: Get swift replication bridge 99 | ansible.builtin.set_fact: 100 | swift_replication_bridge: "{{ swift.replication_network | replace('-', '_') }}" 101 | when: 102 | - swift.replication_network is defined 103 | - swift_replication_address is not defined 104 | tags: 105 | - always 106 | 107 | - name: Gather facts for storage_bridge 108 | ansible.builtin.setup: 109 | filter: "{{ swift_replication_bridge }}" 110 | when: 111 | - swift_replication_bridge is defined 112 | - ansible_facts[swift_replication_bridge] is defined 113 | - swift_replication_address is not defined 114 | 115 | - name: Swift replication address not found 116 | ansible.builtin.fail: 117 | msg: "{{ swift.replication_network }} not found on host, can't find swift_replication_address" 118 | when: 119 | - swift.replication_network is defined 120 | - swift_replication_bridge is defined 121 | - ansible_facts[swift_replication_bridge] is not defined 122 | - swift_replication_address is not defined 123 | 124 | - name: Get swift replication address (with replication_network) 125 | ansible.builtin.set_fact: 126 | swift_replication_address: "{{ ansible_facts[swift_replication_bridge]['ipv4']['address'] }}" 127 | when: 128 | - swift_replication_bridge is defined 129 | - ansible_facts[swift_replication_bridge] is defined 130 | - swift_replication_address is not defined 131 | tags: 132 | - always 133 | 134 | - name: Get swift replication address (no replication_network) 135 | ansible.builtin.set_fact: 136 | swift_replication_address: "{{ swift_storage_address }}" 137 | when: 138 | - swift.replication_network is not defined 139 | - swift_replication_address is not defined 140 | tags: 141 | - always 142 | 143 | - name: Set swift_dedicated_replication network if storage and replication addresses differ 144 | ansible.builtin.set_fact: 145 | swift_dedicated_replication: "{{ swift_storage_address != swift_replication_address }}" 146 | tags: 147 | - always 148 | -------------------------------------------------------------------------------- /tasks/swift_check_hashes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Test if swift.conf exists 17 | ansible.builtin.stat: 18 | path: "/etc/swift/swift.conf" 19 | register: swift_conf 20 | 21 | - name: Get value of swift_hash_path_suffix from file 22 | ansible.builtin.command: "awk '/swift_hash_path_suffix/{ print $3 }' /etc/swift/swift.conf" 23 | changed_when: false 24 | register: swift_conf_hash_path_suffix 25 | when: 26 | - swift_conf.stat.exists | bool 27 | 28 | - name: Fail if swift_hash_path_suffix doesnt match file value 29 | ansible.builtin.fail: 30 | msg: > 31 | "The swift_hash_path_suffix variable does not match what is in the file. 32 | Check your swift_hash_path_suffix setting in your user_*.yml files in /etc/openstack_deploy 33 | and compare to the current value in /etc/swift/swift.conf on the host. 34 | If you are sure you want to change this variable you can force change your 35 | swift_hash_path_* variables by setting 'swift_force_change_hashes: True'" 36 | when: 37 | - swift_conf.stat.exists | bool 38 | - swift_hash_path_suffix != swift_conf_hash_path_suffix.stdout 39 | 40 | - name: Get value of swift_hash_path_prefix from file 41 | ansible.builtin.command: "awk '/swift_hash_path_prefix/{ print $3 }' /etc/swift/swift.conf" 42 | changed_when: false 43 | register: swift_conf_hash_path_prefix 44 | when: 45 | - swift_conf.stat.exists | bool 46 | 47 | - name: Fail if swift_hash_path_prefix doesnt match file value 48 | ansible.builtin.fail: 49 | msg: > 50 | "The swift_hash_path_prefix variable does not match what is in the file. 51 | Check your swift_hash_path_prefix setting in your user_*.yml files in /etc/openstack_deploy 52 | and compare to the current value in /etc/swift/swift.conf on the host. 53 | If you are sure you want to change this variable you can force change your 54 | swift_hash_path_* variables by setting 'swift_force_change_hashes: True'" 55 | when: 56 | - swift_conf.stat.exists | bool 57 | - swift_hash_path_prefix != swift_conf_hash_path_prefix.stdout 58 | -------------------------------------------------------------------------------- /tasks/swift_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Record the installation method 17 | community.general.ini_file: 18 | dest: "/etc/ansible/facts.d/openstack_ansible.fact" 19 | section: "swift" 20 | option: "install_method" 21 | value: "{{ swift_install_method }}" 22 | mode: "0644" 23 | 24 | - name: Refresh local facts to ensure the swift section is present 25 | ansible.builtin.setup: 26 | filter: ansible_local 27 | gather_subset: "!all" 28 | 29 | - name: Install distro packages 30 | ansible.builtin.package: 31 | name: "{{ swift_package_list }}" 32 | state: "{{ swift_package_state }}" 33 | update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}" 34 | cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}" 35 | register: install_packages 36 | until: install_packages is success 37 | retries: 5 38 | delay: 2 39 | 40 | - name: Install the python venv 41 | ansible.builtin.import_role: 42 | name: "python_venv_build" 43 | vars: 44 | venv_python_executable: "{{ swift_venv_python_executable }}" 45 | venv_build_constraints: "{{ swift_git_constraints }}" 46 | venv_build_distro_package_list: "{{ swift_devel_distro_packages }}" 47 | venv_install_destination_path: "{{ swift_bin | dirname }}" 48 | venv_pip_install_args: "{{ swift_pip_install_args }}" 49 | venv_pip_packages: "{{ swift_pip_packages }}" 50 | venv_facts_when_changed: 51 | - section: "swift" 52 | option: "venv_tag" 53 | value: "{{ swift_venv_tag }}" 54 | when: swift_install_method == 'source' 55 | 56 | - name: Including swift_pypy_setup tasks 57 | ansible.builtin.include_tasks: swift_pypy_setup.yml 58 | when: swift_pypy_enabled | bool 59 | -------------------------------------------------------------------------------- /tasks/swift_key_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Ensure .ssh directory is present 17 | ansible.builtin.file: 18 | state: directory 19 | path: "{{ swift_system_home_folder }}/.ssh" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: '0755' 23 | 24 | - name: Create ssh keys for synchronising rings 25 | ansible.builtin.include_role: 26 | name: openstack.osa.ssh_keypairs 27 | args: 28 | apply: 29 | tags: 30 | - swift-key 31 | vars: 32 | ssh_keypairs_setup_host: "{{ swift_ssh_keypairs_setup_host }}" 33 | ssh_keypairs_dir: "{{ swift_ssh_keypairs_dir }}" 34 | ssh_keypairs: "{{ swift_ssh_keypairs }}" 35 | ssh_keypairs_install_keys: "{{ swift_ssh_keypairs_install_keys }}" 36 | ssh_keypairs_install_ca: "{{ swift_ssh_keypairs_install_ca }}" 37 | ssh_keypairs_principals: "{{ swift_ssh_keypairs_principals }}" 38 | tags: 39 | - always 40 | 41 | - name: Ensure SSH is restarted 42 | ansible.builtin.meta: flush_handlers 43 | -------------------------------------------------------------------------------- /tasks/swift_post_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Copy swift config 17 | openstack.config_template.config_template: 18 | src: "{{ item.src }}" 19 | dest: "{{ item.dest }}" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: "0644" 23 | config_overrides: "{{ item.config_overrides }}" 24 | config_type: "{{ item.config_type }}" 25 | with_items: 26 | - src: "swift.conf.j2" 27 | dest: "/etc/swift/swift.conf" 28 | config_overrides: "{{ swift_swift_conf_overrides }}" 29 | config_type: "ini" 30 | - src: "swift-dispersion.conf.j2" 31 | dest: "/etc/swift/dispersion.conf" 32 | config_overrides: "{{ swift_swift_dispersion_conf_overrides }}" 33 | config_type: "ini" 34 | - src: "swift-memcache.conf.j2" 35 | dest: "/etc/swift/memcache.conf" 36 | config_overrides: "{{ swift_memcache_conf_overrides }}" 37 | config_type: "ini" 38 | notify: 39 | - Restart swift services 40 | 41 | - name: Enable SSHD 42 | ansible.builtin.systemd: 43 | name: "{{ swift_sshd }}" 44 | state: started 45 | enabled: true 46 | masked: false 47 | daemon_reload: true 48 | delegate_to: "{{ item }}" 49 | with_items: "{{ groups['swift_proxy'] }}" 50 | when: 51 | - _swift_proxy_is_first_play_host 52 | -------------------------------------------------------------------------------- /tasks/swift_pre_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create the system group 17 | ansible.builtin.group: 18 | name: "{{ swift_system_group_name }}" 19 | state: "present" 20 | system: "yes" 21 | 22 | - name: Remove old key file(s) if found 23 | ansible.builtin.file: 24 | path: "{{ item }}" 25 | state: "absent" 26 | with_items: 27 | - "{{ swift_system_home_folder }}/.ssh/authorized_keys" 28 | - "{{ swift_system_home_folder }}/.ssh/id_rsa" 29 | - "{{ swift_system_home_folder }}/.ssh/id_rsa.pub" 30 | when: swift_recreate_keys | bool 31 | 32 | - name: Create the swift system user 33 | ansible.builtin.user: 34 | name: "{{ swift_system_user_name }}" 35 | group: "{{ swift_system_group_name }}" 36 | comment: "{{ swift_system_comment }}" 37 | shell: "{{ swift_system_shell }}" 38 | system: "yes" 39 | createhome: "yes" 40 | home: "{{ swift_system_home_folder }}" 41 | 42 | - name: Create swift dir 43 | ansible.builtin.file: 44 | path: "{{ item.path }}" 45 | state: directory 46 | owner: "{{ item.owner | default(swift_system_user_name) }}" 47 | group: "{{ item.group | default(swift_system_group_name) }}" 48 | mode: "{{ item.mode | default('0755') }}" 49 | with_items: 50 | - { path: "/openstack/venvs", owner: "root", group: "root" } 51 | - { path: "/etc/swift" } 52 | - { path: "/etc/swift/account-server" } 53 | - { path: "/etc/swift/backups" } 54 | - { path: "/etc/swift/container-server" } 55 | - { path: "/etc/swift/object-server" } 56 | - { path: "/etc/swift/proxy-server" } 57 | - { path: "/etc/swift/scripts" } 58 | - { path: "/etc/swift/ring_build_files" } 59 | - { path: "{{ swift_cache_path }}" } 60 | - { path: "{{ swift_system_home_folder }}" } 61 | - { path: "/etc/rsync.d", owner: "root", group: "root" } 62 | 63 | - name: Configure mlocate for cron.daily 64 | ansible.builtin.file: 65 | path: "/etc/cron.daily/mlocate" 66 | state: absent 67 | -------------------------------------------------------------------------------- /tasks/swift_proxy_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Create and install SSL certificates 17 | ansible.builtin.include_role: 18 | name: pki 19 | tasks_from: main_certs.yml 20 | apply: 21 | tags: 22 | - swift-config 23 | - pki 24 | vars: 25 | pki_setup_host: "{{ swift_pki_setup_host }}" 26 | pki_dir: "{{ swift_pki_dir }}" 27 | pki_create_certificates: "{{ swift_user_ssl_cert is not defined and placement_user_ssl_key is not defined }}" 28 | pki_regen_cert: "{{ swift_pki_regen_cert }}" 29 | pki_certificates: "{{ swift_pki_certificates }}" 30 | pki_install_certificates: "{{ swift_pki_install_certificates }}" 31 | when: 32 | - swift_backend_ssl 33 | tags: 34 | - always 35 | 36 | - name: Swift proxy server configuration 37 | openstack.config_template.config_template: 38 | src: "proxy-server.conf.j2" 39 | dest: "/etc/swift/proxy-server/proxy-server.conf" 40 | owner: "{{ swift_system_user_name }}" 41 | group: "{{ swift_system_group_name }}" 42 | mode: "0644" 43 | config_overrides: "{{ swift_proxy_server_conf_overrides }}" 44 | config_type: "ini" 45 | notify: Restart swift services 46 | 47 | # If we've specified a container-sync realm use container-sync-realms.conf 48 | - name: "Swift container-sync configuration" 49 | openstack.config_template.config_template: 50 | src: "container-sync-realms.conf.j2" 51 | dest: "/etc/swift/container-sync-realms.conf" 52 | owner: "{{ swift_system_user_name }}" 53 | group: "{{ swift_system_group_name }}" 54 | mode: "0644" 55 | config_overrides: "{{ swift_container_sync_realms_conf_overrides }}" 56 | config_type: "ini" 57 | when: > 58 | swift_container_sync_realms is defined 59 | notify: Restart swift services 60 | -------------------------------------------------------------------------------- /tasks/swift_pypy_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Download pre-built pypy 17 | ansible.builtin.get_url: 18 | url: "{{ swift_pypy_archive['url'] }}" 19 | checksum: "{{ swift_pypy_archive['checksum'] }}" 20 | dest: "/var/cache/{{ swift_pypy_archive['url'] | basename }}" 21 | force: true 22 | mode: "0644" 23 | 24 | - name: Create pypy dir 25 | ansible.builtin.file: 26 | path: "/opt/pypy-runtime" 27 | state: directory 28 | mode: "0755" 29 | 30 | - name: Unarchive pre-built pypy 31 | ansible.builtin.unarchive: 32 | src: "/var/cache/{{ swift_pypy_archive['url'] | basename }}" 33 | dest: "/opt/pypy-runtime" 34 | copy: "no" 35 | creates: "/opt/pypy-runtime/{{ swift_pypy_version }}/bin/pypy" 36 | register: local_pypy 37 | 38 | - name: Setup local pypy 39 | ansible.builtin.command: "{{ item }}" 40 | changed_when: false 41 | with_items: 42 | - "{{ swift_pypy_env }} /opt/get-pip.py" 43 | - "{{ swift_pypy_env | dirname }}/pip install --upgrade virtualenv" 44 | when: 45 | - local_pypy is changed 46 | 47 | - name: Check for pypy venv 48 | ansible.builtin.stat: 49 | path: "{{ swift_bin | dirname }}/{{ swift_pypy_version }}-inuse" 50 | get_checksum: false 51 | register: local_pypy_venv_stat 52 | 53 | - name: Remove existing venv if not pypy setup 54 | ansible.builtin.file: 55 | path: "{{ swift_bin | dirname }}" 56 | state: absent 57 | when: not local_pypy_venv_stat.stat.exists | bool 58 | 59 | - name: Install pip packages into pypy venv 60 | ansible.builtin.pip: 61 | name: "{{ swift_pip_packages }}" 62 | state: "{{ swift_pip_package_state }}" 63 | virtualenv: "{{ swift_bin | dirname }}" 64 | virtualenv_site_packages: "no" 65 | virtualenv_command: "{{ swift_pypy_env | dirname }}/virtualenv" 66 | extra_args: >- 67 | {{ swift_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} 68 | {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }} 69 | {{ pip_install_options | default('') }} 70 | register: install_packages 71 | until: install_packages is success 72 | retries: 5 73 | delay: 2 74 | notify: 75 | - Restart swift services 76 | 77 | - name: Mark swift venv for use with pypy 78 | ansible.builtin.file: 79 | path: "{{ swift_bin | dirname }}/{{ swift_pypy_version }}-inuse" 80 | state: "touch" 81 | mode: "0644" 82 | -------------------------------------------------------------------------------- /tasks/swift_rings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Including swift_rings_build tasks 17 | ansible.builtin.include_tasks: swift_rings_build.yml 18 | when: _swift_is_first_play_host 19 | 20 | - name: Including swift_rings_distribute tasks 21 | ansible.builtin.include_tasks: swift_rings_distribute.yml 22 | 23 | - name: Including swift_rings_post_distribution_check tasks 24 | ansible.builtin.include_tasks: swift_rings_post_distribution_check.yml 25 | when: _swift_is_first_play_host 26 | -------------------------------------------------------------------------------- /tasks/swift_rings_build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: "Copy the swift_rings.py file" 17 | ansible.builtin.template: 18 | src: swift_rings.py.j2 19 | dest: "/etc/swift/scripts/swift_rings.py" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: "0700" 23 | tags: 24 | - swift-install 25 | 26 | - name: "Build ring-contents files" 27 | ansible.builtin.template: 28 | src: ring.contents.j2 29 | dest: "/etc/swift/scripts/{{ item.type }}.contents" 30 | owner: "{{ swift_system_user_name }}" 31 | group: "{{ swift_system_group_name }}" 32 | mode: "0640" 33 | with_items: 34 | - { item: "{{ swift.account | default({}) }}", port: "{{ swift_account_port }}", type: "account" } 35 | - { item: "{{ swift.container | default({}) }}", port: "{{ swift_container_port }}", type: "container" } 36 | 37 | - name: "Build ring-contents files for storage policies" 38 | ansible.builtin.template: 39 | src: ring.contents.j2 40 | dest: "/etc/swift/scripts/object-{{ item[0].policy.index }}.contents" 41 | owner: "{{ swift_system_user_name }}" 42 | group: "{{ swift_system_group_name }}" 43 | mode: "0640" 44 | with_nested: 45 | - "{{ swift.storage_policies }}" 46 | - [{ type: "object", port: "{{ swift_object_port }}" }] 47 | 48 | - name: Ensure swift config directory permissions 49 | ansible.builtin.file: 50 | path: /etc/swift/ 51 | state: directory 52 | owner: "{{ swift_system_user_name }}" 53 | group: "{{ swift_system_group_name }}" 54 | recurse: true 55 | when: swift_install_method == 'distro' 56 | 57 | - name: "Build rings for account/container from contents files" 58 | ansible.builtin.command: >- 59 | /etc/swift/scripts/swift_rings.py -f /etc/swift/scripts/{{ item[0] }}.contents{% if item[1] %} -r {{ item[1] }}{% endif %}{{ 60 | (swift_pretend_min_part_hours_passed | bool) | ternary(' -p', '') }} 61 | with_nested: 62 | - ["account", "container"] 63 | - "{{ swift_managed_regions | default([None]) }}" 64 | register: swift_rings_create 65 | become: true 66 | become_user: "{{ swift_system_user_name }}" 67 | changed_when: "swift_rings_create.rc not in [1, 2, 3]" 68 | failed_when: "swift_rings_create.rc in [1, 2]" 69 | args: 70 | chdir: /etc/swift/ring_build_files/ 71 | 72 | - name: "Build rings for storage policies from contents files" 73 | ansible.builtin.command: >- 74 | /etc/swift/scripts/swift_rings.py -f /etc/swift/scripts/object-{{ item[0].policy.index }}.contents{% 75 | if item[1] %} -r {{ item[1] }}{% endif %}{{ (swift_pretend_min_part_hours_passed | bool) | ternary(' -p', '') }} 76 | with_nested: 77 | - "{{ swift.storage_policies }}" 78 | - "{{ swift_managed_regions | default([None]) }}" 79 | register: swift_object_rings_create 80 | become: true 81 | become_user: "{{ swift_system_user_name }}" 82 | changed_when: "swift_object_rings_create.rc not in [1, 2, 3]" 83 | failed_when: "swift_object_rings_create.rc in [1, 2]" 84 | args: 85 | chdir: /etc/swift/ring_build_files/ 86 | -------------------------------------------------------------------------------- /tasks/swift_rings_distribute.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Distribute rings 17 | command: > 18 | rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 19 | -avz 20 | /etc/swift/ring_build_files/ 21 | {{ swift_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:/etc/swift/ 22 | become: true 23 | become_user: "{{ swift_system_user_name }}" 24 | changed_when: false 25 | with_items: "{{ groups['swift_all'] }}" 26 | when: _swift_is_first_play_host 27 | tags: 28 | - skip_ansible_lint 29 | -------------------------------------------------------------------------------- /tasks/swift_rings_post_distribution_check.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: "Copy the swift_rings_check.py file" 17 | ansible.builtin.template: 18 | src: swift_rings_check.py.j2 19 | dest: "/etc/swift/scripts/swift_rings_check.py" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: "0700" 23 | tags: 24 | - swift-install 25 | 26 | - name: "Ensure contents file matches ring after ring sync for account/container" 27 | ansible.builtin.command: "/etc/swift/scripts/swift_rings_check.py -f /etc/swift/scripts/{{ item[0] }}.contents{% if item[1] %} -r {{ item[1] }} {% endif %}" 28 | changed_when: false 29 | with_nested: 30 | - ["account", "container"] 31 | - "{{ swift_managed_regions | default([None]) }}" 32 | become: true 33 | become_user: "{{ swift_system_user_name }}" 34 | args: 35 | chdir: /etc/swift/ 36 | 37 | - name: "Ensure contents file matches ring after ring sync for storage policies" 38 | ansible.builtin.command: >- 39 | /etc/swift/scripts/swift_rings_check.py -f /etc/swift/scripts/object-{{ item[0].policy.index }}.contents{% if item[1] %} -r {{ item[1] }} {% endif %} 40 | changed_when: false 41 | with_nested: 42 | - "{{ swift.storage_policies }}" 43 | - "{{ swift_managed_regions | default([None]) }}" 44 | become: true 45 | become_user: "{{ swift_system_user_name }}" 46 | args: 47 | chdir: /etc/swift/ 48 | -------------------------------------------------------------------------------- /tasks/swift_storage_hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Including swift_storage_hosts_setup tasks 17 | ansible.builtin.include_tasks: swift_storage_hosts_setup.yml 18 | - name: Including swift_storage_hosts_object tasks 19 | ansible.builtin.include_tasks: swift_storage_hosts_object.yml 20 | - name: Including swift_storage_hosts_account tasks 21 | ansible.builtin.include_tasks: swift_storage_hosts_account.yml 22 | - name: Including swift_storage_hosts_container tasks 23 | ansible.builtin.include_tasks: swift_storage_hosts_container.yml 24 | -------------------------------------------------------------------------------- /tasks/swift_storage_hosts_account.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: "Swift account server configuration" 17 | openstack.config_template.config_template: 18 | src: "account-server.conf.j2" 19 | dest: "/etc/swift/account-server/account-server.conf" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: "0644" 23 | config_overrides: "{{ swift_account_server_conf_overrides }}" 24 | config_type: "ini" 25 | notify: Restart swift services 26 | 27 | # We only create the dedicated replicator configuration when using a dedicated replication_network 28 | - name: "Swift account server replicator configuration" 29 | openstack.config_template.config_template: 30 | src: "account-server-replicator.conf.j2" 31 | dest: "/etc/swift/account-server/account-server-replicator.conf" 32 | owner: "{{ swift_system_user_name }}" 33 | group: "{{ swift_system_group_name }}" 34 | mode: "0644" 35 | config_overrides: "{{ swift_account_server_replicator_conf_overrides }}" 36 | config_type: "ini" 37 | when: swift_dedicated_replication 38 | notify: Restart swift services 39 | 40 | # Remove the dedicated replicator configuration when no dedicated replication network in use 41 | - name: "Remove dedicated replicator configuration" 42 | ansible.builtin.file: 43 | state: absent 44 | path: "/etc/swift/account-server/account-server-replicator.conf" 45 | when: not swift_dedicated_replication | bool 46 | -------------------------------------------------------------------------------- /tasks/swift_storage_hosts_container.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: "Swift container server configuration" 17 | openstack.config_template.config_template: 18 | src: "{{ item.src }}" 19 | dest: "{{ item.dest }}" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: "0644" 23 | config_overrides: "{{ item.config_overrides }}" 24 | config_type: "{{ item.config_type }}" 25 | with_items: 26 | - src: "container-server.conf.j2" 27 | dest: "/etc/swift/container-server/container-server.conf" 28 | config_overrides: "{{ swift_container_server_conf_overrides }}" 29 | config_type: "ini" 30 | - src: "container-reconciler.conf.j2" 31 | dest: "/etc/swift/container-server/container-reconciler.conf" 32 | config_overrides: "{{ swift_container_reconciler_conf_overrides }}" 33 | config_type: "ini" 34 | - src: "internal-client.conf.j2" 35 | dest: "/etc/swift/container-server/internal-client.conf" 36 | config_overrides: "{{ swift_internal_client_conf_overrides }}" 37 | config_type: "ini" 38 | notify: Restart swift services 39 | 40 | # If we've specified a container-sync realm use container-sync-realms.conf 41 | - name: "Swift container-sync configuration" 42 | openstack.config_template.config_template: 43 | src: "container-sync-realms.conf.j2" 44 | dest: "/etc/swift/container-sync-realms.conf" 45 | owner: "{{ swift_system_user_name }}" 46 | group: "{{ swift_system_group_name }}" 47 | mode: "0644" 48 | config_overrides: "{{ swift_container_sync_realms_conf_overrides }}" 49 | config_type: "ini" 50 | when: 51 | - swift_container_sync_realms is defined 52 | notify: Restart swift services 53 | 54 | # We only create the dedicated replicator configuration when using a dedicated replication_network 55 | - name: "Swift container server replicator configuration" 56 | openstack.config_template.config_template: 57 | src: "container-server-replicator.conf.j2" 58 | dest: "/etc/swift/container-server/container-server-replicator.conf" 59 | owner: "{{ swift_system_user_name }}" 60 | group: "{{ swift_system_group_name }}" 61 | mode: "0644" 62 | config_overrides: "{{ swift_container_server_replicator_conf_overrides }}" 63 | config_type: "ini" 64 | when: swift_dedicated_replication 65 | notify: Restart swift services 66 | 67 | # Remove the dedicated replicator configuration when no dedicated replication network in use 68 | - name: "Remove dedicated replicator configuration" 69 | ansible.builtin.file: 70 | state: absent 71 | path: "/etc/swift/container-server/container-server-replicator.conf" 72 | when: not swift_dedicated_replication | bool 73 | -------------------------------------------------------------------------------- /tasks/swift_storage_hosts_object.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: "Swift object server configuration" 17 | openstack.config_template.config_template: 18 | src: "{{ item.src }}" 19 | dest: "{{ item.dest }}" 20 | owner: "{{ swift_system_user_name }}" 21 | group: "{{ swift_system_group_name }}" 22 | mode: "0644" 23 | config_overrides: "{{ item.config_overrides }}" 24 | config_type: "{{ item.config_type }}" 25 | with_items: 26 | - src: "object-server.conf.j2" 27 | dest: "/etc/swift/object-server/object-server.conf" 28 | config_overrides: "{{ swift_object_server_conf_overrides }}" 29 | config_type: "ini" 30 | - src: "object-expirer.conf.j2" 31 | dest: "/etc/swift/object-server/object-expirer.conf" 32 | config_overrides: "{{ swift_object_expirer_conf_overrides }}" 33 | config_type: "ini" 34 | notify: Restart swift services 35 | 36 | # We only create the dedicated replicator configuration when using a dedicated replication_network 37 | - name: "Swift object server replicator configuration" 38 | openstack.config_template.config_template: 39 | src: "object-server-replicator.conf.j2" 40 | dest: "/etc/swift/object-server/object-server-replicator.conf" 41 | owner: "{{ swift_system_user_name }}" 42 | group: "{{ swift_system_group_name }}" 43 | mode: "0644" 44 | config_overrides: "{{ swift_object_server_replicator_conf_overrides }}" 45 | config_type: "ini" 46 | when: swift_dedicated_replication 47 | notify: Restart swift services 48 | 49 | # Remove the dedicated replicator configuration when no dedicated replication network in use 50 | - name: "Remove dedicated replicator configuration" 51 | ansible.builtin.file: 52 | state: absent 53 | path: "/etc/swift/object-server/object-server-replicator.conf" 54 | when: not swift_dedicated_replication | bool 55 | 56 | - name: Deploy drive-audit configuration file 57 | openstack.config_template.config_template: 58 | src: drive-audit.conf.j2 59 | dest: /etc/swift/drive-audit.conf 60 | owner: "{{ swift_system_user_name }}" 61 | group: "{{ swift_system_group_name }}" 62 | mode: "0644" 63 | config_overrides: "{{ swift_drive_audit_conf_overrides }}" 64 | config_type: "ini" 65 | 66 | # TODO: This can be safely removed in 2025.2 cycle 67 | - name: Create drive-audit cron job 68 | ansible.builtin.cron: 69 | name: "Run drive-audit script" 70 | state: absent 71 | 72 | - name: Create drive-audit systemd timer 73 | ansible.builtin.include_role: 74 | name: systemd_service 75 | vars: 76 | systemd_service_restart_changed: false 77 | systemd_user_name: "root" 78 | systemd_group_name: "root" 79 | systemd_tempd_prefix: openstack 80 | systemd_slice_name: "{{ swift_system_slice_name }}" 81 | systemd_lock_dir: "{{ swift_lock_dir }}" 82 | systemd_service_restart: on-abnormal 83 | systemd_services: 84 | - service_name: "swift-drive-audit" 85 | execstarts: 86 | - "{{ swift_bin }}/swift-drive-audit /etc/swift/drive-audit.conf" 87 | environment: 88 | UMASK: "0640" 89 | UMASK_DIR: "0750" 90 | program_sandboxing: 91 | RuntimeDirectory: "swift-drive-audit" 92 | enabled: true 93 | timer: 94 | state: 'started' 95 | enabled: true 96 | options: 97 | OnCalendar: "*:0/15" 98 | Persistent: true 99 | Unit: "swift-drive-audit.service" 100 | -------------------------------------------------------------------------------- /tasks/swift_storage_hosts_setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: "Enable nf_conntrack" 17 | community.general.modprobe: 18 | name: "nf_conntrack" 19 | state: present 20 | 21 | - name: "Set sysctl tcp_tw_reuse" 22 | ansible.posix.sysctl: 23 | name: "net.ipv4.tcp_tw_reuse" 24 | state: present 25 | value: "1" 26 | sysctl_set: true 27 | sysctl_file: "{{ swift_sysctl_file }}" 28 | delegate_to: "{{ physical_host }}" 29 | 30 | - name: "Set sysctl file-max" 31 | ansible.posix.sysctl: 32 | name: "fs.file-max" 33 | state: present 34 | value: "{{ swift_max_file_limits }}" 35 | sysctl_set: true 36 | sysctl_file: "{{ swift_sysctl_file }}" 37 | delegate_to: "{{ physical_host }}" 38 | 39 | - name: "Put /etc/rsyncd.conf in place" 40 | ansible.builtin.template: 41 | src: "rsyncd.conf.j2" 42 | dest: "/etc/rsyncd.conf" 43 | owner: "root" 44 | group: "root" 45 | mode: "0644" 46 | notify: "Restart rsync service" 47 | 48 | # Red Hat/CentOS are enabled as part of the handler 49 | - name: "Enable rsync service in defaults (Debian)" 50 | ansible.builtin.lineinfile: 51 | dest: "/etc/default/rsync" 52 | line: "RSYNC_ENABLE=true" 53 | regexp: "^RSYNC_ENABLE*" 54 | when: ansible_facts['pkg_mgr'] =="apt" 55 | notify: "Restart rsync service" 56 | 57 | # TODO: This can be safely removed in 2025.2 cycle 58 | - name: "Setup swift-recon-cron cron job" 59 | ansible.builtin.cron: 60 | name: "swift-recon-cron run" 61 | state: absent 62 | 63 | - name: Setup swift-recon-cron systemd timer 64 | ansible.builtin.include_role: 65 | name: systemd_service 66 | vars: 67 | systemd_service_restart_changed: false 68 | systemd_user_name: "{{ swift_system_user_name }}" 69 | systemd_group_name: "{{ swift_system_group_name }}" 70 | systemd_tempd_prefix: openstack 71 | systemd_slice_name: "{{ swift_system_slice_name }}" 72 | systemd_lock_dir: "{{ swift_lock_dir }}" 73 | systemd_service_restart: on-abnormal 74 | systemd_services: 75 | - service_name: "swift-recon-cron" 76 | execstarts: 77 | - "{{ recon_cron_path }} /etc/swift/object-server/object-server.conf" 78 | environment: 79 | UMASK: "0640" 80 | UMASK_DIR: "0750" 81 | program_sandboxing: 82 | RuntimeDirectory: "swift-recon-cron" 83 | enabled: true 84 | timer: 85 | state: 'started' 86 | enabled: true 87 | options: 88 | OnCalendar: "*:0/5" 89 | Persistent: true 90 | Unit: "swift-recon-cron.service" 91 | 92 | - name: "Set ownership on mounted drives" 93 | ansible.builtin.file: 94 | dest: "{{ swift_vars.mount_point | default(swift.mount_point) }}/{{ item.name }}" 95 | owner: "{{ swift_system_user_name }}" 96 | group: "{{ swift_system_group_name }}" 97 | state: "directory" 98 | mode: "0755" 99 | with_items: "{{ swift_vars.drives | default(swift.drives) | default([]) }}" 100 | -------------------------------------------------------------------------------- /templates/account-server-replicator.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% set _api_threads = ansible_facts['processor_vcpus']|default(2) // 2 %} 4 | {% set api_threads = _api_threads if _api_threads > 0 else 1 %} 5 | 6 | [DEFAULT] 7 | # Disable stderr logging 8 | use_stderr = False 9 | bind_ip = {{ swift_replication_address }} 10 | bind_port = {{ swift_account_port }} 11 | devices = {{ swift_vars.mount_point | default(swift.mount_point) }} 12 | workers = {{ swift_account_server_replicator_workers | default(api_threads) }} 13 | 14 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 15 | {% if _statsd_host | bool %} 16 | log_statsd_host = {{ _statsd_host }} 17 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 18 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 19 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 20 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 21 | {% endif %} 22 | 23 | [pipeline:main] 24 | pipeline = account-server 25 | 26 | [app:account-server] 27 | use = egg:swift#account 28 | replication_server = True 29 | 30 | [account-replicator] 31 | per_diff = 10000 32 | reclaim_age = {{ reclaim_age | default(604800) }} 33 | 34 | #TODO(jamesdenton): Remove config section when no longer required for service to start 35 | [account-auditor] 36 | -------------------------------------------------------------------------------- /templates/account-server.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% set _api_threads = ansible_facts['processor_vcpus']|default(2) // 2 %} 4 | {% set api_threads = _api_threads if _api_threads > 0 else 1 %} 5 | 6 | [DEFAULT] 7 | # Disable stderr logging 8 | use_stderr = False 9 | bind_ip = {{ swift_storage_address }} 10 | bind_port = {{ swift_account_port }} 11 | workers = {{ swift_account_server_workers | default(api_threads) }} 12 | 13 | user = {{ swift_system_user_name }} 14 | devices = {{ swift_vars.mount_point | default(swift.mount_point) }} 15 | 16 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 17 | {% if _statsd_host | bool %} 18 | log_statsd_host = {{ _statsd_host }} 19 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 20 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 21 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 22 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 23 | {% endif %} 24 | 25 | disable_fallocate = {{ swift_account_disable_fallocate }} 26 | fallocate_reserve = {{ swift_account_fallocate_reserve }} 27 | 28 | [pipeline:main] 29 | pipeline = healthcheck recon account-server 30 | 31 | [app:account-server] 32 | use = egg:swift#account 33 | 34 | [filter:healthcheck] 35 | use = egg:swift#healthcheck 36 | 37 | [filter:recon] 38 | use = egg:swift#recon 39 | recon_cache_path = {{ swift_cache_path }} 40 | recon_lock_path = {{ swift_lock_dir }} 41 | 42 | {% if not swift_dedicated_replication %} 43 | [account-replicator] 44 | per_diff = 10000 45 | reclaim_age = {{ reclaim_age | default(604800) }} 46 | {% endif %} 47 | 48 | #TODO(jamesdenton): Remove config section when no longer required for service to start 49 | [account-auditor] 50 | 51 | [account-reaper] 52 | delay_reaping = 604800 53 | 54 | [filter:xprofile] 55 | use = egg:swift#xprofile 56 | -------------------------------------------------------------------------------- /templates/container-reconciler.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [DEFAULT] 4 | # Disable stderr logging 5 | use_stderr = False 6 | swift_dir = /etc/swift 7 | user = {{ swift_system_user_name }} 8 | 9 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 10 | {% if _statsd_host | bool %} 11 | log_statsd_host = {{ _statsd_host }} 12 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 13 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 14 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 15 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 16 | {% endif %} 17 | 18 | [container-reconciler] 19 | # The reconciler will re-attempt reconciliation if the source object is not 20 | # available up to reclaim_age seconds before it gives up and deletes the entry 21 | # in the queue. 22 | reclaim_age = {{ reclaim_age | default(604800) }} 23 | # The cycle time of the daemon 24 | interval = 30 25 | # Server errors from requests will be retried by default 26 | request_tries = 3 27 | 28 | [pipeline:main] 29 | pipeline = catch_errors proxy-logging cache proxy-server 30 | 31 | [app:proxy-server] 32 | use = egg:swift#proxy 33 | 34 | [filter:cache] 35 | use = egg:swift#memcache 36 | 37 | [filter:proxy-logging] 38 | use = egg:swift#proxy_logging 39 | 40 | [filter:catch_errors] 41 | use = egg:swift#catch_errors 42 | -------------------------------------------------------------------------------- /templates/container-server-replicator.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% set _api_threads = ansible_facts['processor_vcpus']|default(2) // 2 %} 4 | {% set api_threads = _api_threads if _api_threads > 0 else 1 %} 5 | 6 | [DEFAULT] 7 | # Disable stderr logging 8 | use_stderr = False 9 | bind_ip = {{ swift_replication_address }} 10 | bind_port = {{ swift_container_port }} 11 | devices = {{ swift_vars.mount_point | default(swift.mount_point) }} 12 | workers = {{ swift_server_replicator_workers | default(api_threads) }} 13 | 14 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 15 | {% if _statsd_host | bool %} 16 | log_statsd_host = {{ _statsd_host }} 17 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 18 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 19 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 20 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 21 | {% endif %} 22 | 23 | [pipeline:main] 24 | pipeline = container-server 25 | 26 | [app:container-server] 27 | use = egg:swift#container 28 | replication_server = True 29 | 30 | [container-replicator] 31 | reclaim_age = {{ reclaim_age | default(604800) }} 32 | 33 | #TODO(jamesdenton): Remove config section when no longer required for service to start 34 | [container-auditor] 35 | -------------------------------------------------------------------------------- /templates/container-server.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% set _api_threads = ansible_facts['processor_vcpus']|default(2) // 2 %} 4 | {% set api_threads = _api_threads if _api_threads > 0 else 1 %} 5 | 6 | [DEFAULT] 7 | # Disable stderr logging 8 | use_stderr = False 9 | bind_ip = {{ swift_storage_address }} 10 | bind_port = {{ swift_container_port }} 11 | workers = {{ swift_container_server_workers | default(api_threads) }} 12 | 13 | user = {{ swift_system_user_name }} 14 | devices = {{ swift_vars.mount_point | default(swift.mount_point) }} 15 | 16 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 17 | {% if _statsd_host | bool %} 18 | log_statsd_host = {{ _statsd_host }} 19 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 20 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 21 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 22 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 23 | {% endif %} 24 | 25 | disable_fallocate = {{ swift_container_disable_fallocate }} 26 | fallocate_reserve = {{ swift_container_fallocate_reserve }} 27 | 28 | [pipeline:main] 29 | pipeline = healthcheck recon container-server 30 | 31 | [app:container-server] 32 | use = egg:swift#container 33 | allow_versions = {{ swift_allow_versions }} 34 | 35 | [filter:healthcheck] 36 | use = egg:swift#healthcheck 37 | 38 | [filter:recon] 39 | use = egg:swift#recon 40 | recon_cache_path = {{ swift_cache_path }} 41 | recon_lock_path = {{ swift_lock_dir }} 42 | 43 | {% if not swift_dedicated_replication %} 44 | [container-replicator] 45 | reclaim_age = {{ reclaim_age | default(604800) }} 46 | {% endif %} 47 | 48 | #TODO(jamesdenton): Remove config section when no longer required for service to start 49 | [container-auditor] 50 | 51 | [container-updater] 52 | node_timeout = 15 53 | conn_timeout = 5 54 | 55 | [container-sync] 56 | internal_client_conf_path = /etc/swift/container-server/internal-client.conf 57 | 58 | [filter:xprofile] 59 | use = egg:swift#xprofile 60 | -------------------------------------------------------------------------------- /templates/container-sync-realms.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% for realm in swift_container_sync_realms %} 4 | [{{ realm.name }}] 5 | key = {{ realm.key1 }} 6 | {% if realm.key2 is defined %} 7 | key2 = {{ realm.key2 }} 8 | {% endif %} 9 | cluster_clustername1 = {{ realm.clustername1 }} 10 | cluster_clustername2 = {{ realm.clustername2 }} 11 | 12 | {% endfor %} 13 | -------------------------------------------------------------------------------- /templates/drive-audit.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [drive-audit] 4 | device_dir = {{ swift_vars.mount_point | default(swift.mount_point) }} 5 | minutes = 60 6 | error_limit = 2 7 | regex_pattern_1 = \berror\b.*\b(sd[a-z]+([0-9]+)?)\b 8 | regex_pattern_2 = \b(sd[a-z]+([0-9]+)?)\b.*\berror\b 9 | -------------------------------------------------------------------------------- /templates/internal-client.conf.j2: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 3 | {% if _statsd_host | bool %} 4 | log_statsd_host = {{ _statsd_host }} 5 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 6 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 7 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 8 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 9 | {% endif %} 10 | 11 | [pipeline:main] 12 | pipeline = catch_errors proxy-logging cache proxy-server 13 | 14 | [app:proxy-server] 15 | use = egg:swift#proxy 16 | 17 | [filter:cache] 18 | use = egg:swift#memcache 19 | 20 | [filter:proxy-logging] 21 | use = egg:swift#proxy_logging 22 | 23 | [filter:catch_errors] 24 | use = egg:swift#catch_errors 25 | -------------------------------------------------------------------------------- /templates/object-expirer.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [DEFAULT] 4 | # Disable stderr logging 5 | use_stderr = False 6 | swift_dir = /etc/swift 7 | user = {{ swift_system_user_name }} 8 | 9 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 10 | {% if _statsd_host | bool %} 11 | log_statsd_host = {{ _statsd_host }} 12 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 13 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 14 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 15 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 16 | {% endif %} 17 | 18 | [object-expirer] 19 | interval = 300 20 | auto_create_account_prefix = . 21 | expiring_objects_account_name = expiring_objects 22 | report_interval = 300 23 | # concurrency is the level of concurrency to use to do the work, this value 24 | # must be set to at least 1 25 | concurrency = 3 26 | # processes is how many parts to divide the work into, one part per process 27 | # that will be doing the work 28 | # processes set 0 means that a single process will be doing all the work 29 | # processes can also be specified on the command line and will override the 30 | # config value 31 | processes = {{ groups['swift_hosts'] | length }} 32 | # process is which of the parts a particular process will work on 33 | # process can also be specified on the command line and will override the config 34 | # value 35 | # process is "zero based", if you want to use 3 processes, you should run 36 | # processes with process set to 0, 1, and 2 37 | process = {{ groups['swift_hosts'].index(inventory_hostname) }} 38 | # The expirer will re-attempt expiring if the source object is not available 39 | # up to reclaim_age seconds before it gives up and deletes the entry in the 40 | # queue. 41 | reclaim_age = {{ reclaim_age | default(604800) }} 42 | recon_cache_path = /var/cache/swift 43 | 44 | [pipeline:main] 45 | pipeline = catch_errors proxy-logging cache proxy-server 46 | 47 | [app:proxy-server] 48 | use = egg:swift#proxy 49 | # See proxy-server.conf-sample for options 50 | 51 | [filter:cache] 52 | use = egg:swift#memcache 53 | # See proxy-server.conf-sample for options 54 | 55 | [filter:catch_errors] 56 | use = egg:swift#catch_errors 57 | # See proxy-server.conf-sample for options 58 | 59 | [filter:proxy-logging] 60 | use = egg:swift#proxy_logging 61 | -------------------------------------------------------------------------------- /templates/object-server-replicator.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% set _api_threads = ansible_facts['processor_vcpus']|default(2) // 2 %} 4 | {% set api_threads = _api_threads if _api_threads > 0 else 1 %} 5 | 6 | [DEFAULT] 7 | # Disable stderr logging 8 | use_stderr = False 9 | bind_ip = {{ swift_replication_address }} 10 | bind_port = {{ swift_object_port }} 11 | devices = {{ swift_vars.mount_point | default(swift.mount_point) }} 12 | workers = {{ swift_object_replicator_workers | default(api_threads) }} 13 | 14 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 15 | {% if _statsd_host | bool %} 16 | log_statsd_host = {{ _statsd_host }} 17 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 18 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 19 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 20 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 21 | {% endif %} 22 | 23 | [pipeline:main] 24 | pipeline = object-server 25 | 26 | [app:object-server] 27 | use = egg:swift#object 28 | replication_server = True 29 | 30 | [object-replicator] 31 | concurrency = 6 32 | reclaim_age = {{ reclaim_age | default(604800) }} 33 | {% if swift_rsync_module_per_drive %} 34 | rsync_module = {replication_ip}::object_{device} 35 | {% endif %} 36 | 37 | #TODO(jamesdenton): Remove config section when no longer required for service to start 38 | [object-auditor] 39 | 40 | [object-reconstructor] 41 | concurrency = 6 42 | reclaim_age = {{ reclaim_age | default(604800) }} 43 | -------------------------------------------------------------------------------- /templates/object-server.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% set _api_threads = ansible_facts['processor_vcpus']|default(2) // 2 %} 4 | {% set api_threads = _api_threads if _api_threads > 0 else 1 %} 5 | 6 | [DEFAULT] 7 | # Disable stderr logging 8 | use_stderr = False 9 | bind_ip = {{ swift_storage_address }} 10 | bind_port = {{ swift_object_port }} 11 | workers = {{ swift_object_server_workers | default(api_threads) }} 12 | 13 | user = {{ swift_system_user_name }} 14 | swift_dir = /etc/swift 15 | devices = {{ swift_vars.mount_point | default(swift.mount_point) }} 16 | 17 | {% set _statsd_host = swift_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 18 | {% if _statsd_host | bool %} 19 | log_statsd_host = {{ _statsd_host }} 20 | log_statsd_port = {{ swift_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 21 | log_statsd_default_sample_rate = {{ swift_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 22 | log_statsd_sample_rate_factor = {{ swift_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 23 | log_statsd_metric_prefix = {{ swift_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 24 | {% endif %} 25 | 26 | disable_fallocate = {{ swift_object_disable_fallocate }} 27 | fallocate_reserve = {{ swift_object_fallocate_reserve }} 28 | 29 | [pipeline:main] 30 | pipeline = healthcheck recon object-server 31 | 32 | [app:object-server] 33 | use = egg:swift#object 34 | mb_per_sync = 64 35 | 36 | [filter:healthcheck] 37 | use = egg:swift#healthcheck 38 | 39 | [filter:recon] 40 | use = egg:swift#recon 41 | recon_cache_path = {{ swift_cache_path }} 42 | recon_lock_path = {{ swift_lock_dir }} 43 | 44 | {% if not swift_dedicated_replication %} 45 | [object-replicator] 46 | concurrency = 6 47 | reclaim_age = {{ reclaim_age | default(604800) }} 48 | {% if swift_rsync_module_per_drive %} 49 | rsync_module = {replication_ip}::object_{device} 50 | {% endif %} 51 | 52 | #TODO(jamesdenton): Remove config section when no longer required for service to start 53 | [object-auditor] 54 | 55 | [object-reconstructor] 56 | concurrency = 6 57 | reclaim_age = {{ reclaim_age | default(604800) }} 58 | {% endif %} 59 | 60 | [object-updater] 61 | concurrency = 3 62 | concurrency = 3 63 | node_timeout = 60 64 | conn_timeout = 5 65 | 66 | [filter:xprofile] 67 | use = egg:swift#xprofile 68 | -------------------------------------------------------------------------------- /templates/proxy-server.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [DEFAULT] 4 | # Disable stderr logging 5 | use_stderr = False 6 | bind_ip = {{ swift_proxy_bind_address }} 7 | bind_port = {{ swift_proxy_port }} 8 | workers = {{ swift_proxy_server_workers }} 9 | {% if swift_backend_ssl | bool %} 10 | cert_file = {{ swift_ssl_cert }} 11 | key_file = {{ swift_ssl_key }} 12 | {% endif %} 13 | 14 | user = {{ swift_system_user_name }} 15 | 16 | {% set _statsd_host = swift_proxy_vars.statsd_host | default(swift.statsd_host | default(statsd_host | default(False))) %} 17 | {% if _statsd_host | bool %} 18 | log_statsd_host = {{ _statsd_host }} 19 | log_statsd_port = {{ swift_proxy_vars.statsd_port | default(swift.statsd_port | default(statsd_port)) }} 20 | log_statsd_default_sample_rate = {{ swift_proxy_vars.statsd_default_sample_rate | default(swift.statsd_default_sample_rate | default(statsd_default_sample_rate)) }} 21 | log_statsd_sample_rate_factor = {{ swift_proxy_vars.statsd_sample_rate_factor | default(swift.statsd_sample_rate_factor | default(statsd_sample_rate_factor))}} 22 | log_statsd_metric_prefix = {{ swift_proxy_vars.statsd_metric_prefix | default(swift.statsd_metric_prefix | default(inventory_hostname)) }} 23 | {% endif %} 24 | 25 | [pipeline:main] 26 | pipeline = {{ swift_middleware_list | join(' ') }} 27 | 28 | [filter:copy] 29 | use = egg:swift#copy 30 | 31 | [app:proxy-server] 32 | use = egg:swift#proxy 33 | node_timeout = 60 34 | conn_timeout = 3.5 35 | account_autocreate = true 36 | {% if swift_proxy_vars is defined %} 37 | {% if swift_proxy_vars.read_affinity is defined %} 38 | read_affinity = {{ swift_proxy_vars.read_affinity }} 39 | {% set swift_sorting_method = 'affinity' %} 40 | {% endif %} 41 | {% if swift_proxy_vars.write_affinity is defined %} 42 | write_affinity = {{ swift_proxy_vars.write_affinity }} 43 | {% if swift_proxy_vars.write_affinity_node_count is defined %} 44 | write_affinity_node_count = {{ swift_proxy_vars.write_affinity_node_count }} 45 | {% endif %} 46 | {% endif %} 47 | {% endif %} 48 | sorting_method = {{ swift_sorting_method }} 49 | 50 | {% if 'tempauth' in swift_middleware_list %} 51 | [filter:tempauth] 52 | use = egg:swift#tempauth 53 | {% for user in swift_tempauth_users %} 54 | {{ user }} 55 | {% endfor %} 56 | {% endif %} 57 | 58 | {% if 'authtoken' in swift_middleware_list %} 59 | [filter:authtoken] 60 | paste.filter_factory = keystonemiddleware.auth_token:filter_factory 61 | auth_type = {{ swift_keystone_auth_plugin }} 62 | auth_url = {{ keystone_service_adminuri }} 63 | www_authenticate_uri = {{ keystone_service_internaluri }} 64 | insecure = {{ keystone_service_adminuri_insecure | bool }} 65 | region_name = {{ keystone_service_region }} 66 | project_domain_id = {{ swift_service_project_domain_id }} 67 | user_domain_id = {{ swift_service_user_domain_id }} 68 | project_name = {{ swift_service_project_name }} 69 | username = {{ swift_service_user_name }} 70 | password = {{ swift_service_password }} 71 | delay_auth_decision = {{ swift_delay_auth_decision }} 72 | include_service_catalog = False 73 | 74 | service_token_roles_required = {{ swift_service_token_roles_required | bool }} 75 | service_token_roles = {{ swift_service_token_roles | join(',') }} 76 | service_type = {{ swift_service_type }} 77 | 78 | {% if memcached_servers is defined %} 79 | memcached_servers = {{ swift_memcached_servers }} 80 | cache = swift.cache 81 | 82 | token_cache_time = 300 83 | revocation_cache_time = 60 84 | 85 | memcache_security_strategy = ENCRYPT 86 | memcache_secret_key = {{ memcached_encryption_key }} 87 | {% endif %} 88 | {% endif %} 89 | 90 | {% if 'keystoneauth' in swift_middleware_list %} 91 | [filter:keystoneauth] 92 | use = egg:swift#keystoneauth 93 | {% if swift_allow_all_users is defined and swift_allow_all_users == True %} 94 | {% if 'ceilometer' in swift_middleware_list %} 95 | operator_roles = admin, {{ swift_operator_role }}, member, {{ swift_reselleradmin_role }} 96 | {% else %} 97 | operator_roles = admin, {{ swift_operator_role }}, member 98 | {% endif %} 99 | {% else %} 100 | {% if 'ceilometer' in swift_middleware_list %} 101 | operator_roles = admin, {{ swift_operator_role }}, {{ swift_reselleradmin_role }} 102 | {% else %} 103 | operator_roles = admin, {{ swift_operator_role }} 104 | {% endif %} 105 | {% endif %} 106 | # The reseller admin role has the ability to create and delete accounts 107 | reseller_admin_role = {{ swift_reselleradmin_role }} 108 | {% endif %} 109 | 110 | [filter:healthcheck] 111 | use = egg:swift#healthcheck 112 | 113 | [filter:cache] 114 | use = egg:swift#memcache 115 | 116 | [filter:ratelimit] 117 | use = egg:swift#ratelimit 118 | 119 | [filter:domain_remap] 120 | use = egg:swift#domain_remap 121 | 122 | [filter:catch_errors] 123 | use = egg:swift#catch_errors 124 | 125 | [filter:cname_lookup] 126 | use = egg:swift#cname_lookup 127 | 128 | [filter:staticweb] 129 | use = egg:swift#staticweb 130 | 131 | [filter:tempurl] 132 | use = egg:swift#tempurl 133 | 134 | [filter:formpost] 135 | use = egg:swift#formpost 136 | 137 | [filter:name_check] 138 | use = egg:swift#name_check 139 | 140 | [filter:list-endpoints] 141 | use = egg:swift#list_endpoints 142 | 143 | [filter:proxy-logging] 144 | use = egg:swift#proxy_logging 145 | 146 | [filter:bulk] 147 | use = egg:swift#bulk 148 | 149 | [filter:container-quotas] 150 | use = egg:swift#container_quotas 151 | 152 | [filter:slo] 153 | use = egg:swift#slo 154 | 155 | [filter:dlo] 156 | use = egg:swift#dlo 157 | 158 | [filter:versioned_writes] 159 | use = egg:swift#versioned_writes 160 | allow_versioned_writes = True 161 | 162 | [filter:account-quotas] 163 | use = egg:swift#account_quotas 164 | 165 | [filter:gatekeeper] 166 | use = egg:swift#gatekeeper 167 | 168 | [filter:container_sync] 169 | use = egg:swift#container_sync 170 | 171 | [filter:xprofile] 172 | use = egg:swift#xprofile 173 | 174 | {% if 'ceilometer' in swift_middleware_list %} 175 | [filter:ceilometer] 176 | paste.filter_factory = ceilometermiddleware.swift:filter_factory 177 | control_exchange = swift 178 | driver = messagingv2 179 | url = {{ swift_oslomsg_notify_transport }}://{% for host in swift_oslomsg_notify_servers.split(',') %}{{ swift_oslomsg_notify_userid }}:{{ swift_oslomsg_notify_password }}@{{ host }}:{{ swift_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _swift_oslomsg_notify_vhost_conf }}{% if swift_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ swift_oslomsg_notify_ssl_version }}&ssl_ca_file={{ swift_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} 180 | 181 | topic = notifications 182 | {% if gnocchi_service_project_name is defined %} 183 | ignore_projects = {{ gnocchi_service_project_name }} 184 | auth_type = {{ swift_keystone_auth_plugin }} 185 | auth_url = {{ keystone_service_adminuri }} 186 | insecure = {{ keystone_service_adminuri_insecure | bool }} 187 | region_name = {{ keystone_service_region }} 188 | project_domain_id = {{ swift_service_project_domain_id }} 189 | user_domain_id = {{ swift_service_user_domain_id }} 190 | project_name = {{ swift_service_project_name }} 191 | username = {{ swift_service_user_name }} 192 | password = {{ swift_service_password }} 193 | {% endif %} 194 | log_level = WARN 195 | {% endif %} 196 | -------------------------------------------------------------------------------- /templates/ring.contents.j2: -------------------------------------------------------------------------------- 1 | {### Check if this is an object storage policy #} 2 | {% if item[1] is defined %} 3 | {% set port = item[1]['port'] %} 4 | {% set type = item[1]['type'] %} 5 | {% set item = item[0]['policy'] %} 6 | {### If the index is 0 then it needs to be object without index #} 7 | {% if item.index == 0 %} 8 | {% set builder_file = type %} 9 | {% else %} 10 | {% set builder_file = type + '-' + item.index|string %} 11 | {% endif %} 12 | {% set name = item.name %} 13 | {### Otherwise this should be account or container rings #} 14 | {### Make the port/type/item/builder_file/name vals uniform across rings #} 15 | {% elif item.port is defined %} 16 | {% set port = item.port %} 17 | {% set type = item.type %} 18 | {% set item = item.item %} 19 | {% set builder_file = type %} 20 | {% set name = type %} 21 | {% endif %} 22 | {### Lets get the min_part_hours, part_power and repl_number vals #} 23 | {% set min_part_hours = item.min_part_hours | default(swift.min_part_hours | default(swift_default_min_part_hours)) %} 24 | {% set part_power = item.part_power | default(swift.part_power) %} 25 | {% if (item.policy_type is defined) and (item.policy_type == "erasure_coding") %} 26 | {% set repl_number = item.ec_num_data_fragments + item.ec_num_parity_fragments %} 27 | {% else %} 28 | {% set repl_number = item.repl_number | default(swift.repl_number | default(swift_default_replication_number)) %} 29 | {% endif %} 30 | {### Create the builder dict #} 31 | {% set builder = {} %} 32 | {### This is a hacky way of updating the builder dict #} 33 | {% set _update = builder.update({'min_part_hours':min_part_hours|int}) %} 34 | {% set _update = builder.update({'repl_number':repl_number|int}) %} 35 | {% set _update = builder.update({'part_power':part_power|int}) %} 36 | {% set _update = builder.update({'builder_file':builder_file}) %} 37 | {### Now we need to add the drives #} 38 | {### Create an update the builder dict to have drives as an empty list #} 39 | {% set _update = builder.update({'drives':[]}) %} 40 | {### Lets get the default groups for drives and find the default storage_policy #} 41 | {% set def_groups = [ 'account', 'container' ] %} 42 | {% for policy in swift.storage_policies %} 43 | {% if policy.policy.default is defined and policy.policy.default == True %} 44 | {% set _update = def_groups.append(policy.policy.name) %} 45 | {% endif %} 46 | {% endfor %} 47 | {### Loop through the swift_hosts #} 48 | {% for host in groups['swift_hosts'] %} 49 | {### Default swift_vars to an empty dict if not defined #} 50 | {### swift_vars needs to exist for swift_vars[setting] checks to work #} 51 | {% if hostvars[host]['swift_vars'] is defined %} 52 | {% set swift_vars = hostvars[host]['swift_vars'] %} 53 | {% else %} 54 | {% set swift_vars = {} %} 55 | {% endif %} 56 | {### Set the storage and repl ip #} 57 | {% set storage_ip = hostvars[host]['swift_storage_address'] %} 58 | {% set repl_ip = hostvars[host]['swift_replication_address'] %} 59 | {### Get the drives use swift global as default #} 60 | {% set drives = swift_vars.drives | default(swift.drives | default([])) %} 61 | {### Loop through the drives #} 62 | {% for drive in drives %} 63 | {### Check if groups is defined per host or drive #} 64 | {% set groups = drive.groups | default(swift_vars.groups | default(swift.groups | default(def_groups))) %} 65 | {### Only build the device if it is part of the group we're building the ring for #} 66 | {% if name in groups %} 67 | {### Build an empty device which we'll update with the appropriate details #} 68 | {% set device = {} %} 69 | {% set weight = drive.weight | default(swift_vars.weight | default(swift.weight | default(swift_default_drive_weight))) %} 70 | {% set region = drive.region | default(swift_vars.region | default(swift.region | default(swift_default_host_region))) %} 71 | {% set zone = drive.zone | default(swift_vars.zone | default(swift.zone | default(swift_default_host_zone))) %} 72 | {% set stor_port = drive.storage_port | default(port) %} 73 | {% set repl_port = drive.repl_port | default(port) %} 74 | {### Update the device with the appropriate values #} 75 | {% set _update = device.update({'device':drive.name}) %} 76 | {% set _update = device.update({'weight': weight|int}) %} 77 | {% set _update = device.update({'region': region|int}) %} 78 | {% set _update = device.update({'zone': zone|int}) %} 79 | {% set _update = device.update({'replication_ip': repl_ip}) %} 80 | {% set _update = device.update({'replication_port': repl_port|int}) %} 81 | {% set _update = device.update({'ip': storage_ip}) %} 82 | {% set _update = device.update({'port': stor_port|int}) %} 83 | {### Append the device to the drives list of the builder dict #} 84 | {% set _update = builder.drives.append(device) %} 85 | {% endif %} 86 | {% endfor %} 87 | {% endfor %} 88 | {### Output the builder file #} 89 | {{ builder | to_nice_json }} 90 | -------------------------------------------------------------------------------- /templates/rsyncd.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | uid = {{ swift_system_user_name }} 4 | gid = {{ swift_system_group_name }} 5 | pid file = /var/run/rsyncd.pid 6 | reverse lookup = {{ swift_rsync_reverse_lookup | bool }} 7 | address = {{ swift_replication_address }} 8 | 9 | [account] 10 | max connections = {{ swift_account_max_rsync_connections }} 11 | path = {{ swift_vars.mount_point | default(swift.mount_point) }} 12 | read only = false 13 | lock file = {{ swift_lock_dir }}/account.lock 14 | 15 | [container] 16 | max connections = {{ swift_container_max_rsync_connections }} 17 | path = {{ swift_vars.mount_point | default(swift.mount_point) }} 18 | read only = false 19 | lock file = {{ swift_lock_dir }}/container.lock 20 | 21 | {% if swift_rsync_module_per_drive %} 22 | {### Set up per drive rsync modules #} 23 | {### Lets get the default groups for drives and find the default storage_policy #} 24 | {% set def_groups = [ 'account', 'container' ] %} 25 | {% for policy in swift.storage_policies %} 26 | {% if policy.policy.default is defined and policy.policy.default == True %} 27 | {% set _update = def_groups.append(policy.policy.name) %} 28 | {% endif %} 29 | {% endfor %} 30 | {### swift_vars needs to exist for swift_vars[setting] checks to work #} 31 | {% if swift_vars is not defined %} 32 | {% set swift_vars = {} %} 33 | {% endif %} 34 | {% set drives = swift_vars.drives | default(swift.drives | default([])) %} 35 | {### Loop through the drives to determine if they are in the object group #} 36 | {% for drive in drives %} 37 | {% set devAdded = False %} 38 | {### Check if groups is defined per host or drive #} 39 | {% set groups = drives.groups | default(swift_vars.groups | default(swift.groups | default(def_groups))) %} 40 | {% for group in groups %} 41 | {% if group not in ['account', 'container'] %} 42 | {### We only want to add a device once so check if it was added already #} 43 | {% if not devAdded | bool %} 44 | [object_{{ drive.name }}] 45 | max connections = {{ swift_object_max_rsync_connections }} 46 | path = {{ swift_vars.mount_point | default(swift.mount_point) }} 47 | read only = false 48 | lock file = {{ swift_lock_dir }}/object_{{ drive.name }}.lock 49 | 50 | {% endif %} 51 | {% set devAdded = True %} 52 | {% endif %} 53 | {% endfor %} 54 | {% endfor %} 55 | {% else %} 56 | [object] 57 | max connections = {{ swift_object_max_rsync_connections }} 58 | path = {{ swift_vars.mount_point | default(swift.mount_point) }} 59 | read only = false 60 | lock file = {{ swift_lock_dir }}/object.lock 61 | 62 | {% endif %} 63 | &include /etc/rsync.d 64 | -------------------------------------------------------------------------------- /templates/swift-dispersion.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | [dispersion] 4 | auth_url = {{ keystone_service_internalurl }} 5 | auth_user = {{ swift_dispersion_user }} 6 | auth_key = {{ swift_dispersion_password }} 7 | auth_version = 3.0 8 | user_domain_name = {{ swift_dispersion_user_domain_name }} 9 | project_domain_name = {{ swift_service_project_domain_name }} 10 | project_name = {{ swift_service_project_name }} 11 | endpoint_type = internalURL 12 | region_name = {{ swift_service_region }} 13 | -------------------------------------------------------------------------------- /templates/swift-memcache.conf.j2: -------------------------------------------------------------------------------- 1 | [memcache] 2 | # You can use this single conf file instead of having memcache_servers set in 3 | # several other conf files under [filter:cache] for example. You can specify 4 | # multiple servers separated with commas, as in: 10.1.2.3:11211,10.1.2.4:11211 5 | # (IPv6 addresses must follow rfc3986 section-3.2.2, i.e. [::1]:11211) 6 | # memcache_servers = 127.0.0.1:11211 7 | memcache_servers = {{ memcached_servers }} 8 | # 9 | # Sets how memcache values are serialized and deserialized: 10 | # 0 = older, insecure pickle serialization 11 | # 1 = json serialization but pickles can still be read (still insecure) 12 | # 2 = json serialization only (secure and the default) 13 | # To avoid an instant full cache flush, existing installations should 14 | # upgrade with 0, then set to 1 and reload, then after some time (24 hours) 15 | # set to 2 and reload. 16 | # In the future, the ability to use pickle serialization will be removed. 17 | # memcache_serialization_support = 2 18 | memcache_serialization_support = 2 19 | # 20 | # Sets the maximum number of connections to each memcached server per worker 21 | # memcache_max_connections = 2 22 | # 23 | # Timeout for connection 24 | # connect_timeout = 0.3 25 | # Timeout for pooled connection 26 | # pool_timeout = 1.0 27 | # number of servers to retry on failures getting a pooled connection 28 | # tries = 3 29 | # Timeout for read and writes 30 | # io_timeout = 2.0 31 | -------------------------------------------------------------------------------- /templates/swift.conf.j2: -------------------------------------------------------------------------------- 1 | # Ansible managed - please don't edit this file manually 2 | 3 | [swift-hash] 4 | swift_hash_path_suffix = {{ swift_hash_path_suffix }} 5 | swift_hash_path_prefix = {{ swift_hash_path_prefix }} 6 | 7 | 8 | # Storage Policies 9 | {% for policy in swift.storage_policies %} 10 | {% set swift_policy_type = policy.policy.policy_type|default('replication') %} 11 | 12 | [storage-policy:{{ policy.policy.index }}] 13 | name = {{ policy.policy.name }} 14 | policy_type = {{ swift_policy_type }} 15 | 16 | {% if swift_policy_type == 'erasure_coding' %} 17 | ec_type = {{ policy.policy.ec_type }} 18 | ec_num_data_fragments = {{ policy.policy.ec_num_data_fragments }} 19 | ec_num_parity_fragments = {{ policy.policy.ec_num_parity_fragments }} 20 | ec_object_segment_size = {{ policy.policy.ec_object_segment_size }} 21 | {% endif %} 22 | 23 | {% if policy.policy.deprecated is defined %} 24 | deprecated = {{ policy.policy.deprecated }} 25 | {% endif %} 26 | 27 | {% if policy.policy.default is defined %} 28 | default = {{ policy.policy.default }} 29 | {% endif %} 30 | 31 | {% endfor %} 32 | 33 | 34 | [swift-constraints] 35 | -------------------------------------------------------------------------------- /templates/swift_rings.py.j2: -------------------------------------------------------------------------------- 1 | #!{{ swift_bin }}/{{ swift_venv_python_executable }} 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | from optparse import OptionParser 16 | from os.path import exists, dirname, join, basename 17 | 18 | from swift.common.ring import RingBuilder 19 | from swift.common.ring.utils import parse_builder_ring_filename_args 20 | 21 | import json 22 | import sys 23 | import os 24 | import time 25 | from datetime import timedelta 26 | 27 | 28 | USAGE = "usage: %prog -f -r " 29 | 30 | DEVICE_KEY = "%(ip)s/%(device)s" 31 | FULL_HOST_KEY = "%(ip)s:%(port)dR%(replication_ip)s:" \ 32 | "%(replication_port)d/%(device)s" 33 | 34 | 35 | class RingValidationError(Exception): 36 | pass 37 | 38 | 39 | def update_host_in_ring(ringbuilder, new_host, old_host, old_host_idx, 40 | validate=False): 41 | if new_host.get('zone', 0) != old_host['zone']: 42 | devstr = DEVICE_KEY % new_host 43 | raise RingValidationError('Cannot update zone on %s, this can only be ' 44 | 'done when the drive is added' % devstr) 45 | if new_host.get('region', 1) != old_host['region']: 46 | devstr = DEVICE_KEY % new_host 47 | raise RingValidationError('Cannot update region on %s, this can only ' 48 | 'be done when the drive is added' % devstr) 49 | 50 | try: 51 | old_host_str = FULL_HOST_KEY % old_host 52 | new_host_str = FULL_HOST_KEY % new_host 53 | 54 | new_weight = new_host.get('weight') 55 | old_weight = old_host.get('weight') 56 | 57 | if new_host_str != old_host_str: 58 | if not validate: 59 | ringbuilder.devs[old_host_idx].update(new_host) 60 | ringbuilder.devs_changed = True 61 | ringbuilder.version += 1 62 | except Exception as ex: 63 | raise RingValidationError(ex) 64 | 65 | if new_weight != old_weight and not validate: 66 | ringbuilder.set_dev_weight(ringbuilder.devs[old_host_idx]['id'], 67 | new_weight) 68 | 69 | 70 | def add_host_to_ring(ringbuilder, host, validate=False): 71 | new_host = {'region': 1, 'zone': 0, 'meta': ''} 72 | new_host.update(host) 73 | try: 74 | if validate: 75 | ringbuilder.add_dev(new_host) 76 | except Exception as ex: 77 | raise RingValidationError(ex) 78 | 79 | 80 | def build_ring(build_name, repl, min_part_hours, part_power, hosts, 81 | region=None, validate=False, reset_mph_clock=False): 82 | # Create the build file 83 | build_file = "%s.builder" % build_name 84 | if exists(build_file): 85 | ringbuilder = RingBuilder.load(build_file) 86 | else: 87 | ringbuilder = RingBuilder(part_power, repl, min_part_hours) 88 | 89 | # run some checks 90 | if repl != ringbuilder.replicas and not validate: 91 | ringbuilder.set_replicas(repl) 92 | 93 | if min_part_hours != ringbuilder.min_part_hours and not validate: 94 | ringbuilder.change_min_part_hours(min_part_hours) 95 | 96 | if part_power != ringbuilder.part_power: 97 | raise RingValidationError( 98 | 'Part power cannot be changed! you must rebuild the ring if you ' 99 | 'need to change it.\nRing part power: %s Inventory part power: %s' 100 | % (ringbuilder.part_power, part_power)) 101 | 102 | old_hosts = {} 103 | for i, dev in enumerate(ringbuilder.devs): 104 | if dev is not None: 105 | if region is None or int(region) == int(dev['region']): 106 | old_hosts[DEVICE_KEY % dev] = i 107 | for host in hosts: 108 | host_key = DEVICE_KEY % host 109 | if region is None or int(region) == int(host['region']): 110 | if host_key in old_hosts: 111 | old_host = ringbuilder.devs[old_hosts[host_key]] 112 | update_host_in_ring(ringbuilder, host, old_host, 113 | old_hosts[host_key], validate=validate) 114 | old_hosts.pop(host_key) 115 | else: 116 | add_host_to_ring(ringbuilder, host, validate=validate) 117 | 118 | if old_hosts and not validate: 119 | # There are still old hosts, these hosts must've been removed 120 | try: 121 | for host, idx in old_hosts.items(): 122 | ringbuilder.remove_dev(ringbuilder.devs[idx]['id']) 123 | except Exception as ex: 124 | raise RingValidationError(ex) 125 | 126 | build_file, ring_file = parse_builder_ring_filename_args(('', build_file)) 127 | # serialise to disk before we think about writing the ring 128 | backup_folder = join(dirname(build_file), 'backups') 129 | try: 130 | os.mkdir(backup_folder) 131 | except OSError: 132 | if not os.path.isdir(backup_folder): 133 | raise 134 | ts = time.time() 135 | 136 | ringbuilder.save(build_file) 137 | ringbuilder.save(join(backup_folder, '%d.' % ts + basename(build_file))) 138 | 139 | # Rebalance ring 140 | if not validate: 141 | if not hosts or not ringbuilder.devs_changed: 142 | ringdata = ringbuilder.get_ring() 143 | ringdata.save(join(backup_folder, '%d.' % ts + 144 | basename(ring_file))) 145 | ringdata.save(ring_file) 146 | exit(3) 147 | else: 148 | if reset_mph_clock: 149 | ringbuilder.pretend_min_part_hours_passed() 150 | if ringbuilder.min_part_seconds_left > 0: 151 | raise RingValidationError( 152 | 'The time between rebalances must be at least ' 153 | 'min_part_hours: %s hours (%s remaining)' % 154 | (ringbuilder.min_part_hours, 155 | timedelta(seconds=ringbuilder.min_part_seconds_left))) 156 | exit(2) 157 | parts, balance, removed_devs = ringbuilder.rebalance() 158 | try: 159 | ringbuilder.validate() 160 | except Exception as ex: 161 | raise RingValidationError(ex) 162 | ringbuilder.save(join(backup_folder, '%d.' % ts + 163 | basename(build_file))) 164 | ringbuilder.save(build_file) 165 | ringdata = ringbuilder.get_ring() 166 | ringdata.save(join(backup_folder, '%d.' % ts + 167 | basename(ring_file))) 168 | ringdata.save(ring_file) 169 | 170 | 171 | def main(setup, region, reset_mph_clock): 172 | # load the json file 173 | try: 174 | with open(setup) as json_stream: 175 | _contents_file = json.load(json_stream) 176 | except Exception as ex: 177 | print("Failed to load json string %s" % ex) 178 | return 1 179 | 180 | hosts = _contents_file['drives'] 181 | kargs = {'validate': True, 'hosts': hosts, 'region': region, 182 | 'reset_mph_clock': reset_mph_clock} 183 | ring_call = [ 184 | _contents_file['builder_file'], 185 | _contents_file['repl_number'], 186 | _contents_file['min_part_hours'], 187 | _contents_file['part_power'] 188 | ] 189 | 190 | try: 191 | build_ring(*ring_call, **kargs) 192 | except RingValidationError as ex: 193 | print(ex) 194 | return 2 195 | 196 | # If the validation passes lets go ahead and build the rings. 197 | kargs.pop('validate') 198 | build_ring(*ring_call, **kargs) 199 | 200 | 201 | if __name__ == "__main__": 202 | parser = OptionParser(USAGE) 203 | parser.add_option( 204 | "-f", 205 | "--file", 206 | dest="setup", 207 | help="Specify the swift ring contents file.", 208 | metavar="FILE" 209 | ) 210 | parser.add_option( 211 | "-r", 212 | "--region", 213 | help="Specify the region to manage for the ring file.", 214 | dest="region", 215 | type='int', 216 | metavar="REGION" 217 | ) 218 | parser.add_option( 219 | "-p", 220 | "--pretend_min_part_hours_passed", 221 | help="Reset the clock on the last time a rebalance happened.", 222 | dest="reset_mph_clock", 223 | action="store_true", 224 | default=False 225 | ) 226 | 227 | options, _args = parser.parse_args(sys.argv[1:]) 228 | if options.setup and not exists(options.setup): 229 | print("Swift ring contents file not found or doesn't exist") 230 | parser.print_help() 231 | sys.exit(1) 232 | 233 | sys.exit(main(options.setup, options.region, options.reset_mph_clock)) 234 | -------------------------------------------------------------------------------- /templates/swift_rings_check.py.j2: -------------------------------------------------------------------------------- 1 | #!{{ swift_bin }}/{{ swift_venv_python_executable }} 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | from optparse import OptionParser 16 | from os.path import exists 17 | 18 | import json 19 | import pickle 20 | import sys 21 | 22 | USAGE = "usage: %prog -f -r " 23 | 24 | DEVICE_KEY = "%(ip)s:%(port)d/%(device)s" 25 | FULL_HOST_KEY = "%(ip)s:%(port)dR%(replication_ip)s:" \ 26 | "%(replication_port)d/%(device)s_w%(weight)d" 27 | 28 | 29 | class RingComparisonError(Exception): 30 | pass 31 | 32 | 33 | def get_build_file_data(build_file): 34 | build_file_data = None 35 | if exists(build_file): 36 | try: 37 | with open(build_file, 'rb') as bf_stream: 38 | build_file_data = pickle.load(bf_stream) 39 | except Exception as ex: 40 | print("Error: failed to load build file '%s': %s" % (build_file, 41 | ex)) 42 | build_file_data = None 43 | return build_file_data 44 | 45 | 46 | def check_ring_settings(build_file, part_power, repl, min_part_hours, 47 | data=None): 48 | # Check if the build file is emptuy 49 | if data is None: 50 | raise RingComparisonError('Build file %s is empty or does ' 51 | 'not exist.' % build_file) 52 | # Check if replica count matches for contents and ring file 53 | if repl != data.get('replicas'): 54 | raise RingComparisonError('Replica count does not match') 55 | # Check min_part_hours matches for contents and ring file 56 | if min_part_hours != data.get('min_part_hours'): 57 | raise RingComparisonError('min_part_hours does not match') 58 | # Check part_power matches for contents and ring file 59 | if part_power != data.get('part_power'): 60 | raise RingComparisonError('part_power does not match') 61 | 62 | 63 | def check_host_settings(content_host, ring_host): 64 | devstr = DEVICE_KEY % content_host 65 | if content_host.get('zone', 0) != ring_host['zone']: 66 | raise RingComparisonError('Zone on device %s differs to the ring.' 67 | % devstr) 68 | if content_host.get('region', 1) != ring_host['region']: 69 | raise RingComparisonError('Region on device %s differs to the ring.' 70 | % devstr) 71 | 72 | content_host_str = FULL_HOST_KEY % content_host 73 | ring_host_str = FULL_HOST_KEY % ring_host 74 | 75 | if content_host_str != ring_host_str: 76 | raise RingComparisonError('Content device %(content_host_str)s differs' 77 | ' to the ring device %(ring_host_str)s.') 78 | 79 | 80 | def check_ring(build_name, repl, min_part_hours, part_power, content_hosts, 81 | region=None): 82 | build_file = "%s.builder" % build_name 83 | build_file_data = get_build_file_data(build_file) 84 | check_ring_settings( 85 | build_file, 86 | part_power, 87 | repl, 88 | min_part_hours, 89 | data=build_file_data 90 | ) 91 | 92 | ring_hosts = {} 93 | for i, dev in enumerate(build_file_data['devs']): 94 | if dev is not None: 95 | if region is None or int(region) == int(dev['region']): 96 | ring_hosts[DEVICE_KEY % dev] = i 97 | for content_host in content_hosts: 98 | host_key = DEVICE_KEY % content_host 99 | if region is None or int(region) == int(content_host['region']): 100 | if host_key in ring_hosts: 101 | ring_host = build_file_data['devs'][ring_hosts[host_key]] 102 | check_host_settings(content_host, ring_host) 103 | ring_hosts.pop(host_key) 104 | else: 105 | raise RingComparisonError('Device %s is not in the ring.' 106 | % host_key) 107 | 108 | if ring_hosts: 109 | for ring_host in ring_hosts: 110 | if build_file_data['devs'][ring_hosts[ring_host]]['weight'] != 0: 111 | raise RingComparisonError('There are devices in the ring that' 112 | ' are not in the inventory/contents' 113 | ' file.') 114 | 115 | 116 | def main(setup, region): 117 | # load the json file 118 | try: 119 | with open(setup) as json_stream: 120 | _contents_file = json.load(json_stream) 121 | except Exception as ex: 122 | print("Failed to load json string %s" % ex) 123 | return 1 124 | 125 | content_hosts = _contents_file['drives'] 126 | kargs = {'content_hosts': content_hosts, 'region': region} 127 | ring_call = [ 128 | _contents_file['builder_file'], 129 | _contents_file['repl_number'], 130 | _contents_file['min_part_hours'], 131 | _contents_file['part_power'] 132 | ] 133 | 134 | try: 135 | check_ring(*ring_call, **kargs) 136 | print('SUCCESS: Ring is consistent with contents file') 137 | except RingComparisonError as ex: 138 | print(ex) 139 | return 2 140 | 141 | if __name__ == "__main__": 142 | parser = OptionParser(USAGE) 143 | parser.add_option( 144 | "-f", 145 | "--file", 146 | dest="setup", 147 | help="Specify the swift ring contents file.", 148 | metavar="FILE" 149 | ) 150 | parser.add_option( 151 | "-r", 152 | "--region", 153 | help="Specify the region to manage for the ring file.", 154 | dest="region", 155 | type='int', 156 | metavar="REGION" 157 | ) 158 | 159 | options, _args = parser.parse_args(sys.argv[1:]) 160 | if options.setup and not exists(options.setup): 161 | print("Swift ring contents file not found or doesn't exist") 162 | parser.print_help() 163 | sys.exit(1) 164 | 165 | sys.exit(main(options.setup, options.region)) 166 | -------------------------------------------------------------------------------- /tests/ansible-role-requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: apt_package_pinning 3 | src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning 4 | scm: git 5 | version: master 6 | - name: openstack_openrc 7 | src: https://opendev.org/openstack/openstack-ansible-openstack_openrc 8 | scm: git 9 | version: master 10 | - name: memcached_server 11 | src: https://opendev.org/openstack/openstack-ansible-memcached_server 12 | scm: git 13 | version: master 14 | - name: lxc_hosts 15 | src: https://opendev.org/openstack/openstack-ansible-lxc_hosts 16 | scm: git 17 | version: master 18 | - name: lxc_container_create 19 | src: https://opendev.org/openstack/openstack-ansible-lxc_container_create 20 | scm: git 21 | version: master 22 | - name: galera_client 23 | src: https://opendev.org/openstack/openstack-ansible-galera_client 24 | scm: git 25 | version: master 26 | - name: galera_server 27 | src: https://opendev.org/openstack/openstack-ansible-galera_server 28 | scm: git 29 | version: master 30 | - name: rabbitmq_server 31 | src: https://opendev.org/openstack/openstack-ansible-rabbitmq_server 32 | scm: git 33 | version: master 34 | - name: openstack_hosts 35 | src: https://opendev.org/openstack/openstack-ansible-openstack_hosts 36 | scm: git 37 | version: master 38 | - name: os_keystone 39 | src: https://opendev.org/openstack/openstack-ansible-os_keystone 40 | scm: git 41 | version: master 42 | - name: systemd_service 43 | src: https://opendev.org/openstack/ansible-role-systemd_service 44 | scm: git 45 | version: master 46 | - name: python_venv_build 47 | src: https://opendev.org/openstack/ansible-role-python_venv_build 48 | scm: git 49 | version: master 50 | -------------------------------------------------------------------------------- /tests/group_vars/all_containers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | physical_host: localhost 17 | properties: 18 | service_name: "{{ inventory_hostname }}" 19 | ansible_become: True 20 | ansible_user: root 21 | -------------------------------------------------------------------------------- /tests/host_vars/infra1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.101 17 | container_name: infra1 18 | container_networks: 19 | management_address: 20 | address: "{{ ansible_host }}" 21 | bridge: "br-mgmt" 22 | interface: "eth1" 23 | netmask: "255.255.255.0" 24 | type: "veth" 25 | -------------------------------------------------------------------------------- /tests/host_vars/localhost.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | -------------------------------------------------------------------------------- /tests/host_vars/swift-proxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.102 17 | storage_address: 10.1.2.102 18 | container_name: swift-proxy 19 | container_networks: 20 | management_address: 21 | address: "{{ ansible_host }}" 22 | bridge: "br-mgmt" 23 | interface: "eth1" 24 | netmask: "255.255.255.0" 25 | type: "veth" 26 | storage_address: 27 | address: "{{ storage_address }}" 28 | bridge: "br-storage" 29 | interface: "eth2" 30 | netmask: "255.255.255.0" 31 | type: "veth" 32 | -------------------------------------------------------------------------------- /tests/host_vars/swift-storage1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This host is testing the path where "swift_storage_address" and "swift_replication_address" are set 17 | 18 | ansible_host: 10.1.1.103 19 | swift_storage_address: 10.1.2.103 20 | swift_replication_address: 10.1.3.103 21 | container_name: swift-storage1 22 | container_networks: 23 | management_address: 24 | address: "{{ ansible_host }}" 25 | bridge: "br-mgmt" 26 | interface: "eth1" 27 | netmask: "255.255.255.0" 28 | type: "veth" 29 | storage_address: 30 | address: "{{ swift_storage_address }}" 31 | bridge: "br-storage" 32 | interface: "eth2" 33 | netmask: "255.255.255.0" 34 | type: "veth" 35 | replication_address: 36 | address: "{{ swift_replication_address }}" 37 | bridge: "br-repl" 38 | interface: "eth3" 39 | netmask: "255.255.255.0" 40 | type: "veth" 41 | -------------------------------------------------------------------------------- /tests/host_vars/swift-storage2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | ansible_host: 10.1.1.104 17 | storage_address: 10.1.2.104 18 | replication_address: 10.1.3.104 19 | container_name: swift-storage2 20 | container_networks: 21 | management_address: 22 | address: "{{ ansible_host }}" 23 | bridge: "br-mgmt" 24 | interface: "eth1" 25 | netmask: "255.255.255.0" 26 | type: "veth" 27 | storage_address: 28 | address: "{{ storage_address }}" 29 | bridge: "br-storage" 30 | interface: "eth2" 31 | netmask: "255.255.255.0" 32 | type: "veth" 33 | replication_address: 34 | address: "{{ replication_address }}" 35 | bridge: "br-repl" 36 | interface: "eth3" 37 | netmask: "255.255.255.0" 38 | type: "veth" 39 | -------------------------------------------------------------------------------- /tests/host_vars/swift-storage3.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # This host is testing the code path where the swift_vars repl_ip and storage_ip are set 17 | 18 | swift_vars: 19 | repl_ip: 10.1.3.105 20 | storage_ip: 10.1.2.105 21 | 22 | ansible_host: 10.1.1.105 23 | container_name: swift-storage3 24 | container_networks: 25 | management_address: 26 | address: "{{ ansible_host }}" 27 | bridge: "br-mgmt" 28 | interface: "eth1" 29 | netmask: "255.255.255.0" 30 | type: "veth" 31 | storage_address: 32 | address: "{{ swift_vars.storage_ip }}" 33 | bridge: "br-storage" 34 | interface: "eth2" 35 | netmask: "255.255.255.0" 36 | type: "veth" 37 | replication_address: 38 | address: "{{ swift_vars.repl_ip }}" 39 | bridge: "br-repl" 40 | interface: "eth3" 41 | netmask: "255.255.255.0" 42 | type: "veth" 43 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | localhost 3 | infra1 4 | swift-proxy 5 | swift-storage1 6 | swift-storage2 7 | swift-storage3 8 | 9 | [all_containers] 10 | infra1 11 | swift-proxy 12 | swift-storage1 13 | swift-storage2 14 | swift-storage3 15 | 16 | [galera_all] 17 | infra1 18 | 19 | [memcached_all] 20 | infra1 21 | 22 | [oslomsg_rpc_all] 23 | infra1 24 | 25 | [oslomsg_notify_all] 26 | infra1 27 | 28 | [rabbitmq_all] 29 | infra1 30 | 31 | [service_all:children] 32 | galera_all 33 | memcached_all 34 | 35 | [keystone_all] 36 | infra1 37 | 38 | [swift_hosts] 39 | swift-storage1 40 | swift-storage2 41 | swift-storage3 42 | 43 | [swift_proxy] 44 | swift-proxy 45 | 46 | [swift_acc] 47 | swift-storage1 48 | swift-storage2 49 | swift-storage3 50 | 51 | [swift_cont] 52 | swift-storage1 53 | swift-storage2 54 | swift-storage3 55 | 56 | [swift_obj] 57 | swift-storage1 58 | swift-storage2 59 | swift-storage3 60 | 61 | [swift_all:children] 62 | swift_acc 63 | swift_proxy 64 | swift_cont 65 | swift_obj 66 | 67 | [swift_remote_all] 68 | -------------------------------------------------------------------------------- /tests/os_swift-overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | bridges: 17 | - name: "br-mgmt" 18 | ip_addr: "10.1.1.1" 19 | - name: "br-storage" 20 | ip_addr: "10.1.2.1" 21 | - name: "br-repl" 22 | ip_addr: "10.1.3.1" 23 | 24 | swift_pretend_min_part_hours_passed: False 25 | 26 | swift: 27 | storage_network: "{{ test_swift_storage_network | default('eth2') }}" 28 | replication_network: "{{ test_swift_repl_network | default('eth3') }}" 29 | part_power: 8 30 | repl_number: "{{ test_swift_repl_number | default(3) }}" 31 | region: "{{ test_swift_region | default(1) }}" 32 | groups: 33 | - account 34 | - container 35 | - gold 36 | - ec-tests 37 | drives: 38 | - name: swift1 39 | - name: swift2 40 | mount_point: /openstack 41 | storage_policies: 42 | - policy: 43 | name: gold 44 | index: 0 45 | default: True 46 | - policy: 47 | name: ec-tests 48 | index: 1 49 | policy_type: erasure_coding 50 | ec_type: liberasurecode_rs_vand 51 | ec_num_data_fragments: 3 52 | ec_num_parity_fragments: 2 53 | ec_object_segment_size: 1048576 54 | 55 | swift_package_state: present 56 | -------------------------------------------------------------------------------- /tests/s3cfg.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | access_key = "{{ ec2_access_key }}" 3 | host_base = "{{ ansible_host }}:8080" 4 | host_bucket = "{{ ansible_host }}:8080" 5 | secret_key = "{{ ec2_secret_key }}" 6 | signature_v2 = True 7 | use_https = False 8 | -------------------------------------------------------------------------------- /tests/swift_test.conf.j2: -------------------------------------------------------------------------------- 1 | [func_test] 2 | {% if groups['keystone_all'] is not defined %} 3 | # sample config for Swift with tempauth 4 | auth_host = {{ test_swift_proxy_host }} 5 | auth_port = 8080 6 | auth_ssl = no 7 | auth_prefix = /auth/ 8 | {% else %} 9 | ## sample config for Swift with Keystone v2 API 10 | # For keystone v2 change auth_version to 2 and auth_prefix to /v2.0/ 11 | # And "allow_account_management" should not be set "true" 12 | auth_version = 3 13 | auth_host = {{ test_keystone_host }} 14 | auth_port = 5000 15 | auth_ssl = no 16 | auth_prefix = /v3/ 17 | {% endif %} 18 | 19 | # Primary functional test account (needs admin access to the account) 20 | account = test1 21 | username = test1 22 | password = test1 23 | 24 | # User on a second account (needs admin access to the account) 25 | account2 = test2 26 | username2 = test2 27 | password2 = test2 28 | 29 | # User on same account as first, but without admin access 30 | username3 = test3 31 | password3 = test3 32 | 33 | # Fourth user is required for keystone v3 specific tests. 34 | # Account must be in a non-default domain. 35 | #account4 = test4 36 | #username4 = test4 37 | #password4 = test4 38 | #domain4 = test-domain 39 | 40 | # Fifth user is required for service token-specific tests. 41 | # The account must be different than the primary test account 42 | # The user must not have a group (tempauth) or role (keystoneauth) on 43 | # the primary test account. The user must have a group/role that is unique 44 | # and not given to the primary tester and is specified in the options 45 | # _require_group (tempauth) or _service_roles (keystoneauth). 46 | account5 = test5 47 | username5 = test5 48 | password5 = test5 49 | 50 | # The service_prefix option is used for service token-specific tests. 51 | # If service_prefix or username5 above is not supplied, the tests are skipped. 52 | # To set the value and enable the service token tests, look at the 53 | # reseller_prefix option in /etc/swift/proxy-server.conf. There must be at 54 | # least two prefixes. If not, add a prefix as follows (where we add SERVICE): 55 | # reseller_prefix = AUTH, SERVICE 56 | # The service_prefix must match the used in _require_group 57 | # (tempauth) or _service_roles (keystoneauth); for example: 58 | # SERVICE_require_group = service 59 | # SERVICE_service_roles = service 60 | # Note: Do not enable service token tests if the first prefix in 61 | # reseller_prefix is the empty prefix AND the primary functional test 62 | # account contains an underscore. 63 | service_prefix = SERVICE 64 | 65 | # Sixth user is required for access control tests. 66 | # Account must have a role for reseller_admin_role(keystoneauth). 67 | account6 = test6 68 | username6 = test6 69 | password6 = test6 70 | 71 | collate = C 72 | 73 | # Only necessary if a pre-existing server uses self-signed certificate 74 | insecure = no 75 | 76 | [unit_test] 77 | fake_syslog = False 78 | 79 | [probe_test] 80 | # check_server_timeout = 30 81 | # validate_rsync = false 82 | 83 | [swift-constraints] 84 | # The functional test runner will try to use the constraint values provided in 85 | # the swift-constraints section of test.conf. 86 | # 87 | # If a constraint value does not exist in that section, or because the 88 | # swift-constraints section does not exist, the constraints values found in 89 | # the /info API call (if successful) will be used. 90 | # 91 | # If a constraint value cannot be found in the /info results, either because 92 | # the /info API call failed, or a value is not present, the constraint value 93 | # used will fall back to those loaded by the constraints module at time of 94 | # import (which will attempt to load /etc/swift/swift.conf, see the 95 | # swift.common.constraints module for more information). 96 | # 97 | # Note that the cluster must have "sane" values for the test suite to pass 98 | # (for some definition of sane). 99 | # 100 | #max_file_size = 5368709122 101 | #max_meta_name_length = 128 102 | #max_meta_value_length = 256 103 | #max_meta_count = 90 104 | #max_meta_overall_size = 4096 105 | #max_header_size = 8192 106 | #extra_header_count = 0 107 | #max_object_name_length = 1024 108 | #container_listing_limit = 10000 109 | #account_listing_limit = 10000 110 | #max_account_name_length = 256 111 | #max_container_name_length = 256 112 | 113 | # Newer swift versions default to strict cors mode, but older ones were the 114 | # opposite. 115 | #strict_cors_mode = true 116 | -------------------------------------------------------------------------------- /tests/test-swift-functional.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - name: Setup for swift functional tests 17 | hosts: localhost 18 | connection: local 19 | gather_facts: no 20 | vars_files: 21 | - common/test-vars.yml 22 | tasks: 23 | - name: Add test projects 24 | os_project: 25 | cloud: default 26 | state: present 27 | name: "{{ item }}" 28 | domain_id: "default" 29 | endpoint_type: admin 30 | verify: "{{ not keystone_service_adminuri_insecure }}" 31 | register: _add_test_projects 32 | until: _add_test_projects is success 33 | retries: 5 34 | delay: 10 35 | with_items: 36 | - "test1" 37 | - "test2" 38 | - "test5" 39 | - "test6" 40 | when: groups['keystone_all'] is defined 41 | 42 | - name: Add test roles 43 | os_keystone_role: 44 | cloud: default 45 | state: present 46 | name: "{{ item }}" 47 | endpoint_type: admin 48 | verify: "{{ not keystone_service_adminuri_insecure }}" 49 | register: add_test_roles 50 | until: add_test_roles is success 51 | retries: 5 52 | delay: 10 53 | with_items: 54 | - "test-role" 55 | - "test5" 56 | when: groups['keystone_all'] is defined 57 | 58 | - name: Add test users 59 | os_user: 60 | cloud: default 61 | state: present 62 | name: "{{ item.user_name }}" 63 | password: "{{ item.password }}" 64 | domain: default 65 | default_project: "{{ item.project_name }}" 66 | endpoint_type: admin 67 | verify: "{{ not keystone_service_adminuri_insecure }}" 68 | register: add_test_users 69 | until: add_test_users is success 70 | retries: 5 71 | delay: 10 72 | no_log: True 73 | with_items: 74 | - { user_name: "test1", project_name: "test1", password: "test1" } 75 | - { user_name: "test2", project_name: "test2", password: "test2" } 76 | - { user_name: "test3", project_name: "test1", password: "test3" } 77 | - { user_name: "test5", project_name: "test5", password: "test5" } 78 | - { user_name: "test6", project_name: "test6", password: "test6" } 79 | when: groups['keystone_all'] is defined 80 | 81 | - name: Add service user to admin role 82 | os_user_role: 83 | cloud: default 84 | state: present 85 | user: "{{ item.user_name }}" 86 | role: "{{ item.role_name }}" 87 | project: "{{ item.project_name }}" 88 | endpoint_type: admin 89 | verify: "{{ not keystone_service_adminuri_insecure }}" 90 | register: add_test_user_roles 91 | until: add_test_user_roles is success 92 | retries: 5 93 | delay: 10 94 | with_items: 95 | - { user_name: "test1", project_name: "test1", role_name: "admin" } 96 | - { user_name: "test2", project_name: "test2", role_name: "admin" } 97 | - { user_name: "test3", project_name: "test1", role_name: "test-role" } 98 | - { user_name: "test5", project_name: "test5", role_name: "test5" } 99 | - { user_name: "test6", project_name: "test6", role_name: "ResellerAdmin" } 100 | when: groups['keystone_all'] is defined 101 | 102 | - name: Run Swift functional tests 103 | hosts: swift_proxy[0] 104 | user: root 105 | gather_facts: true 106 | vars_files: 107 | - common/test-vars.yml 108 | tasks: 109 | - name: Clone swift repository on proxy-host 110 | git: 111 | repo: "https://opendev.org/openstack/swift" 112 | dest: "/opt/swift" 113 | update: yes 114 | clone: yes 115 | version: "{{ swift_git_install_branch }}" 116 | 117 | - name: Install requirements for swift 118 | pip: 119 | requirements: "{{ item }}" 120 | virtualenv: "{{ swift_venv_bin | dirname }}" 121 | extra_args: >- 122 | {{ swift_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} 123 | {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} 124 | {{ pip_install_options | default('') }} 125 | with_items: 126 | - "/opt/swift/test-requirements.txt" 127 | 128 | - name: Setup test.conf for testing 129 | template: 130 | src: "swift_test.conf.j2" 131 | dest: "/etc/swift/test.conf" 132 | owner: "swift" 133 | group: "swift" 134 | - name: Create swap file for swift-storage hosts 135 | command: dd if=/dev/zero of=/swift_swap bs=1M count=1024 136 | when: 137 | - inventory_hostname in groups['swift_hosts'] 138 | 139 | - name: Make swap for swift-storage hosts 140 | command: mkswap /swift_swap 141 | when: 142 | - inventory_hostname in groups['swift_hosts'] 143 | 144 | - name: Add swap to fstab for swift-storage hosts 145 | lineinfile: 146 | dest: /etc/fstab 147 | regexp: "swift_swap" 148 | line: "/swift_swap none swap sw 0 0" 149 | state: present 150 | when: 151 | - inventory_hostname in groups['swift_hosts'] 152 | 153 | - name: Turn swap on for swift-storage hosts 154 | command: swapon -a 155 | when: 156 | - inventory_hostname in groups['swift_hosts'] 157 | 158 | - name: Run functional tests for swift 159 | shell: "source /openstack/venvs/swift-untagged/bin/activate && ./.functests" 160 | args: 161 | chdir: "/opt/swift/" 162 | executable: "/bin/bash" 163 | tags: 164 | - skip_ansible_lint 165 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2015, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Setup the keys, host and containers 17 | - import_playbook: common/test-setup-host.yml 18 | 19 | # Install Infrastructure 20 | - import_playbook: common/test-install-infra.yml 21 | 22 | # Install Keystone 23 | - import_playbook: common/test-install-keystone.yml 24 | 25 | # Install Swift 26 | - import_playbook: common/test-install-swift.yml 27 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | minversion = 3.1 3 | skipsdist = True 4 | envlist = docs,linters,functional 5 | ignore_basepython_conflict = True 6 | 7 | [testenv] 8 | basepython = python3 9 | usedevelop = False 10 | install_command = 11 | pip install -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} {opts} {packages} 12 | commands = 13 | /usr/bin/find . -type f -name "*.pyc" -delete 14 | passenv = 15 | COMMON_TESTS_PATH 16 | HOME 17 | http_proxy 18 | HTTP_PROXY 19 | https_proxy 20 | HTTPS_PROXY 21 | no_proxy 22 | NO_PROXY 23 | TESTING_BRANCH 24 | TESTING_HOME 25 | USER 26 | allowlist_externals = 27 | bash 28 | setenv = 29 | PYTHONUNBUFFERED=1 30 | ROLE_NAME=os_swift 31 | TEST_IDEMPOTENCE=false 32 | TEST_PLAYBOOK={toxinidir}/tests/test.yml {toxinidir}/tests/test-swift-functional.yml 33 | VIRTUAL_ENV={envdir} 34 | WORKING_DIR={toxinidir} 35 | 36 | [testenv:docs] 37 | deps = -r{toxinidir}/doc/requirements.txt 38 | commands = 39 | bash -c "rm -rf doc/build" 40 | doc8 doc 41 | sphinx-build -W --keep-going -b html doc/source doc/build/html 42 | 43 | [testenv:pdf-docs] 44 | deps = {[testenv:docs]deps} 45 | allowlist_externals = 46 | make 47 | commands = 48 | sphinx-build -W --keep-going -b latex doc/source doc/build/pdf 49 | make -C doc/build/pdf 50 | 51 | [doc8] 52 | # Settings for doc8: 53 | extensions = .rst 54 | 55 | [testenv:releasenotes] 56 | deps = -r{toxinidir}/doc/requirements.txt 57 | commands = 58 | sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html 59 | 60 | # environment used by the -infra templated docs job 61 | [testenv:venv] 62 | commands = 63 | {posargs} 64 | 65 | [testenv:pep8] 66 | commands = 67 | bash -c "{toxinidir}/tests/common/test-pep8.sh" 68 | 69 | [flake8] 70 | # Ignores the following rules due to how ansible modules work in general 71 | # F403 'from ansible.module_utils.basic import *' used; 72 | # unable to detect undefined names 73 | ignore=F403 74 | 75 | [testenv:bashate] 76 | commands = 77 | bash -c "{toxinidir}/tests/common/test-bashate.sh" 78 | 79 | [testenv:ansible-syntax] 80 | commands = 81 | bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" 82 | 83 | [testenv:ansible-lint] 84 | commands = 85 | bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" 86 | 87 | [testenv:functional] 88 | commands = 89 | bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" 90 | 91 | [testenv:distro_install] 92 | setenv = 93 | {[testenv]setenv} 94 | # The test-swift-functional.yml requires tempest on the swift venv and 95 | # the distro scenario is not ready for that yet. 96 | TEST_PLAYBOOK={toxinidir}/tests/test.yml 97 | ANSIBLE_PARAMETERS=-e @{toxinidir}/tests/common/test-distro_install-vars.yml 98 | commands = 99 | bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" 100 | 101 | [testenv:linters] 102 | commands = 103 | bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" 104 | {[testenv:pep8]commands} 105 | {[testenv:bashate]commands} 106 | {[testenv:ansible-lint]commands} 107 | {[testenv:ansible-syntax]commands} 108 | -------------------------------------------------------------------------------- /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2014, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | cache_timeout: 600 17 | 18 | swift_distro_packages: 19 | - liberasurecode1 20 | - openssh-server 21 | - openssh-client 22 | - rsync 23 | 24 | swift_devel_distro_packages: 25 | - git 26 | - liberasurecode-dev 27 | - libffi-dev 28 | - libssl-dev 29 | - libsystemd-dev 30 | 31 | swift_service_distro_packages: 32 | - python3-keystonemiddleware 33 | - python3-ceilometermiddleware 34 | - python3-memcache 35 | - python3-swift 36 | - swift 37 | 38 | swift_account_distro_packages: 39 | - swift-account 40 | 41 | swift_container_distro_packages: 42 | - swift-container 43 | 44 | swift_object_distro_packages: 45 | - swift-object 46 | - swift-object-expirer 47 | 48 | swift_proxy_distro_packages: 49 | - swift-proxy 50 | 51 | swift_rsync_service_name: rsync 52 | 53 | swift_sshd: ssh 54 | -------------------------------------------------------------------------------- /vars/distro_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2018, SUSE Linux GmbH. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | swift_package_list: |- 17 | {% set packages = swift_distro_packages %} 18 | {% if swift_services['swift-account-server']['group'] in group_names %} 19 | {% set _ = packages.extend(swift_account_distro_packages) %} 20 | {% endif %} 21 | {% if swift_services['swift-container-server']['group'] in group_names %} 22 | {% set _ = packages.extend(swift_container_distro_packages) %} 23 | {% endif %} 24 | {% if swift_services['swift-object-server']['group'] in group_names %} 25 | {% set _ = packages.extend(swift_object_distro_packages) %} 26 | {% endif %} 27 | {% if swift_services['swift-proxy-server']['group'] in group_names %} 28 | {% set _ = packages.extend(swift_proxy_distro_packages) %} 29 | {% endif %} 30 | {% set _ = packages.extend(swift_service_distro_packages) %} 31 | {{ packages }} 32 | 33 | _swift_bin: "/usr/bin" 34 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | _swift_proxy_is_first_play_host: >- 17 | {{ 18 | (swift_services['swift-proxy-server']['group'] in group_names and 19 | inventory_hostname == (groups[swift_services['swift-proxy-server']['group']] | select('in', ansible_play_hosts)) | first) | bool 20 | }} 21 | _swift_is_first_play_host: >- 22 | {{ ('swift_hosts' in group_names and inventory_hostname == (groups['swift_hosts'] | select('in', ansible_play_hosts)) | first) | bool }} 23 | 24 | _swift_oslomsg_notify_vhost_conf: >- 25 | {{ 26 | (swift_oslomsg_notify_vhost is string) | ternary( 27 | swift_oslomsg_notify_vhost, swift_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first) 28 | }} 29 | 30 | filtered_swift_services: |- 31 | {% set services = [] %} 32 | {% for key,value in swift_services.items() %} 33 | {% if (value['group'] in group_names) and 34 | (('service_en' not in value) or 35 | ('service_en' in value and value['service_en'])) %} 36 | {% set _ = value.update( 37 | { 38 | 'service_key': key, 39 | 'enabled': value['enabled'] | default(True), 40 | 'state': value['state'] | default('started') 41 | } 42 | ) 43 | %} 44 | {% set _ = services.append(value) %} 45 | {% endif %} 46 | {% endfor %} 47 | {{ services | sort(attribute='start_order') }} 48 | -------------------------------------------------------------------------------- /vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2016, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | swift_distro_packages: 17 | - cronie 18 | - cronie-anacron 19 | - liberasurecode 20 | - openssh-server 21 | - openssh-clients 22 | - rsync-daemon 23 | 24 | swift_devel_distro_packages: 25 | - git 26 | - liberasurecode-devel 27 | - libffi-devel 28 | - openssl-devel 29 | - systemd-devel 30 | 31 | swift_service_distro_packages: 32 | - openstack-swift 33 | - python3-keystonemiddleware 34 | - python3-ceilometermiddleware 35 | - python3-memcached 36 | - python3-swift 37 | 38 | swift_account_distro_packages: 39 | - openstack-swift-account 40 | 41 | swift_container_distro_packages: 42 | - openstack-swift-container 43 | 44 | swift_object_distro_packages: 45 | - openstack-swift-object 46 | 47 | swift_proxy_distro_packages: 48 | - openstack-swift-proxy 49 | 50 | swift_rsync_service_name: rsyncd 51 | 52 | swift_sshd: sshd 53 | -------------------------------------------------------------------------------- /vars/source_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2018, SUSE Linux GmbH. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | swift_package_list: "{{ swift_distro_packages }}" 17 | _swift_bin: "/openstack/venvs/swift-{{ swift_venv_tag }}/bin" 18 | -------------------------------------------------------------------------------- /zuul.d/project.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Copyright 2017, Rackspace US, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | - project: 17 | templates: 18 | - check-requirements 19 | - openstack-ansible-linters-jobs 20 | - openstack-ansible-deploy-aio_metal-jobs 21 | - openstack-ansible-deploy-aio_distro_metal-jobs 22 | - publish-openstack-docs-pti 23 | - build-release-notes-jobs-python3 24 | --------------------------------------------------------------------------------