diff --git a/manifests/fs.pp b/manifests/fs.pp index d8159d4..9ee9647 100644 --- a/manifests/fs.pp +++ b/manifests/fs.pp @@ -1,56 +1,56 @@ # # Copyright 2016 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Jan Provaznik # # Manages operations on the fs in the cluster, such as creating or deleting # fs, setting PG/PGP numbers, number of replicas, ... # # == Define: ceph::fs # # The name of the fs. # # === Parameters: # # [*name*] Name of the filesystem. # Optional. Default is cephfs. # # [*metadata_pool*] Name of a pool used for storing metadata. # Mandatory. Get one with `ceph osd pool ls` # # [*data_pool*] Name of a pool used for storing data. # Mandatory. Get one with `ceph osd pool ls` # # [*exec_timeout*] The default exec resource timeout, in seconds -# Optional. Defaults to $::ceph::params::exec_timeout +# Optional. Defaults to $ceph::params::exec_timeout # define ceph::fs ( $metadata_pool, $data_pool, - $exec_timeout = $::ceph::params::exec_timeout, + $exec_timeout = $ceph::params::exec_timeout, ) { Ceph_config<||> -> Exec["create-fs-${name}"] Ceph::Pool<||> -> Exec["create-fs-${name}"] exec { "create-fs-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph fs new ${name} ${metadata_pool} ${data_pool}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph fs ls | grep 'name: ${name},'", timeout => $exec_timeout, } } diff --git a/manifests/init.pp b/manifests/init.pp index f4b8e62..fa161e0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,261 +1,261 @@ # Copyright (C) 2013, 2014 iWeb Technologies Inc. # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Moreau Simard # Author: David Gurtner # # == Class: ceph # # init takes care of installing/configuring the common dependencies across classes # it also takes care of the global configuration values # # === Parameters: # # [*fsid*] The cluster's fsid. # Mandatory. Get one with `uuidgen -r`. # # [*ensure*] Installs ( present ) or removes ( absent ) ceph. # Optional. Defaults to present. # # [*authentication_type*] Authentication type. # Optional. none or 'cephx'. Defaults to 'cephx'. # # [*keyring*] The location of the keyring retrieved by default # Optional. Defaults to /etc/ceph/keyring. # # [*osd_journal_size*] The size of the journal file/device. # Optional. Integer. Default provided by Ceph. # # [*osd_max_object_name_len*] The length of the objects name # Optional. Integer. Default to undef # # [*osd_max_object_namespace_len*] The length of the objects namespace name # Optional. Integer. Default to undef # # [*osd_pool_default_pg_num*] The default number of PGs per pool. # Optional. Integer. Default provided by Ceph. # # [*osd_pool_default_pgp_num*] The default flags for new pools. # Optional. Integer. Default provided by Ceph. # # [*osd_pool_default_size*] Number of replicas for objects in the pool # Optional. Integer. Default provided by Ceph. # # [*osd_pool_default_min_size*] The default minimum num of replicas. # Optional. Integer. Default provided by Ceph. # # [*osd_pool_default_crush_rule*] The default CRUSH ruleset to use # when creating a pool. # Optional. Integer. Default provided by Ceph. # # [*osd_crush_update_on_start*] The default OSDs behaviour on start when # it comes to registering their location in the CRUSH map. # Optional. Boolean. Defaults to undef. # # [*mon_osd_full_ratio*] Percentage of disk space used before # an OSD considered full # Optional. Integer e.g. 95, NOTE: ends in config as .95 # Default provided by Ceph. # # [*mon_osd_nearfull_ratio*] Percentage of disk space used before # an OSD considered nearfull # Optional. Float e.g. 90, NOTE: ends in config as .90 # Default provided by Ceph. # # [*mon_initial_members*] The IDs of initial MONs in the cluster during startup. # Optional. String like e.g. 'a, b, c'. # # [*mon_host*] The fqdn of MONs in the cluster. They can also be declared # individually through ceph::mon. # Optional. String like e.g. 'a, b, c'. # # [*ms_bind_ipv6*] Enables Ceph daemons to bind to IPv6 addresses. # Optional. Boolean. Default provided by Ceph. # # [*require_signatures*] If Ceph requires signatures on all # message traffic (client<->cluster and between cluster daemons). # Optional. Boolean. Default provided by Ceph. # # [*cluster_require_signatures*] If Ceph requires signatures on all # message traffic between the cluster daemons. # Optional. Boolean. Default provided by Ceph. # # [*service_require_signatures*] If Ceph requires signatures on all # message traffic between clients and the cluster. # Optional. Boolean. Default provided by Ceph. # # [*sign_messages*] If all ceph messages should be signed. # Optional. Boolean. Default provided by Ceph. # # [*cluster_network*] The address of the cluster network. # Optional. {cluster-network-ip/netmask} # # [*public_network*] The address of the public network. # Optional. {public-network-ip/netmask} # # [*public_addr*] The address of the node (on public network.) # Optional. {public-network-ip} # # [*osd_max_backfills*] The maximum number of backfills allowed to or from a single OSD. # Optional. Default provided by Ceph # # [*osd_recovery_max_active*] The number of active recovery requests per OSD at one time. # Optional. Default provided by Ceph # # [*osd_recovery_op_priority*] The priority set for recovery operations. # Optional. Default provided by Ceph # # [*osd_recovery_max_single_start*] The maximum number of recovery operations that will be # newly started per PG that the OSD is recovering. # Optional. Default provided by Ceph # # [*osd_max_scrubs*] The maximum number of simultaneous scrub operations for a Ceph OSD Daemon. # Optional. Default provided by Ceph # # [*osd_op_threads*] The number of threads to service Ceph OSD Daemon operations. # Set to 0 to disable it. # Optional. Default provided by Ceph # # [*rbd_default_features*] Set RBD features configuration. # Optional. String. Defaults to undef. # # DEPRECATED PARAMETERS # # [*set_osd_params*] disables setting osd params using this module by default as people # calling ceph_config from in-house modules will get dup-declaration errors. # Boolean. Default false. # - class ceph ( $fsid, $ensure = present, $authentication_type = 'cephx', $keyring = undef, $osd_journal_size = undef, $osd_max_object_name_len = undef, $osd_max_object_namespace_len = undef, $osd_pool_default_pg_num = undef, $osd_pool_default_pgp_num = undef, $osd_pool_default_size = undef, $osd_pool_default_min_size = undef, $osd_pool_default_crush_rule = undef, $osd_crush_update_on_start = undef, $mon_osd_full_ratio = undef, $mon_osd_nearfull_ratio = undef, $mon_initial_members = undef, $mon_host = undef, $ms_bind_ipv6 = undef, $require_signatures = undef, $cluster_require_signatures = undef, $service_require_signatures = undef, $sign_messages = undef, $cluster_network = undef, $public_network = undef, $public_addr = undef, $osd_max_backfills = undef, $osd_recovery_max_active = undef, $osd_recovery_op_priority = undef, $osd_recovery_max_single_start = undef, $osd_max_scrubs = undef, $osd_op_threads = undef, $rbd_default_features = undef, # DEPRECATED PARAMETERS $set_osd_params = false, ) { - include ::ceph::params + + include ceph::params if $set_osd_params { warning('set_osd_params is deprecated. It is here to allow a transition to using \ this module to assign values and will be removed in a future release.') } - package { $::ceph::params::packages : + package { $ceph::params::packages : ensure => $ensure, tag => 'ceph' } if $ensure !~ /(absent|purged)/ { # Make sure ceph is installed before managing the configuration Package<| tag == 'ceph' |> -> Ceph_config<| |> # [global] ceph_config { 'global/fsid': value => $fsid; 'global/keyring': value => $keyring; 'global/osd_pool_default_pg_num': value => $osd_pool_default_pg_num; 'global/osd_pool_default_pgp_num': value => $osd_pool_default_pgp_num; 'global/osd_pool_default_size': value => $osd_pool_default_size; 'global/osd_pool_default_min_size': value => $osd_pool_default_min_size; 'global/osd_pool_default_crush_rule': value => $osd_pool_default_crush_rule; 'global/osd_crush_update_on_start': value => $osd_crush_update_on_start; 'global/mon_osd_full_ratio': value => $mon_osd_full_ratio; 'global/mon_osd_nearfull_ratio': value => $mon_osd_nearfull_ratio; 'global/mon_initial_members': value => $mon_initial_members; 'global/mon_host': value => $mon_host; 'global/ms_bind_ipv6': value => $ms_bind_ipv6; 'global/require_signatures': value => $require_signatures; 'global/cluster_require_signatures': value => $cluster_require_signatures; 'global/service_require_signatures': value => $service_require_signatures; 'global/sign_messages': value => $sign_messages; 'global/cluster_network': value => $cluster_network; 'global/public_network': value => $public_network; 'global/public_addr': value => $public_addr; 'osd/osd_journal_size': value => $osd_journal_size; 'client/rbd_default_features': value => $rbd_default_features; } # NOTE(aschultz): for backwards compatibility in p-o-i & elsewhere we only # define these here if they are set. Once this patch lands, we can update # p-o-i to leverage these parameters and ditch these if clauses. if $osd_max_object_name_len { ceph_config { 'global/osd_max_object_name_len': value => $osd_max_object_name_len; } } if $osd_max_object_namespace_len { ceph_config { 'global/osd_max_object_namespace_len': value => $osd_max_object_namespace_len; } } if $authentication_type == 'cephx' { ceph_config { 'global/auth_cluster_required': value => 'cephx'; 'global/auth_service_required': value => 'cephx'; 'global/auth_client_required': value => 'cephx'; 'global/auth_supported': value => 'cephx'; } } else { ceph_config { 'global/auth_cluster_required': value => 'none'; 'global/auth_service_required': value => 'none'; 'global/auth_client_required': value => 'none'; 'global/auth_supported': value => 'none'; } } # This section will be moved up with the rest of the non-auth settings in the next release and the set_osd_params flag will be removed if $set_osd_params { ceph_config { 'osd/osd_max_backfills': value => $osd_max_backfills; 'osd/osd_recovery_max_active': value => $osd_recovery_max_active; 'osd/osd_recovery_op_priority': value => $osd_recovery_op_priority; 'osd/osd_recovery_max_single_start': value => $osd_recovery_max_single_start; 'osd/osd_max_scrubs': value => $osd_max_scrubs; 'osd/osd_op_threads': value => $osd_op_threads; } } } } diff --git a/manifests/key.pp b/manifests/key.pp index 15ab1d0..dd8be7c 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,192 +1,192 @@ # # Copyright (C) 2014 Catalyst IT Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Ricardo Rocha # # Handles ceph keys (cephx), generates keys, creates keyring files, injects # keys into or delete keys from the cluster/keyring via ceph and ceph-authtool # tools. # # == Define: ceph::key # # The full ceph ID name, e.g. 'client.admin' or 'mon.'. # # === Parameters: # # [*secret*] Key secret. # Mandatory. Can be created with ceph-authtool --gen-print-key. # # [*cluster*] The ceph cluster # Optional. Same default as ceph. # # [*keyring_path*] Path to the keyring file. # Optional. Absolute path to the keyring file, including the file name. # Defaults to /etc/ceph/ceph.${name}.keyring. # # [*cap_mon*] cephx capabilities for MON access. # Optional. e.g. 'allow *' # Defaults to 'undef'. # # [*cap_osd*] cephx capabilities for OSD access. # Optional. e.g. 'allow *' # Defaults to 'undef'. # # [*cap_mds*] cephx capabilities for MDS access. # Optional. e.g. 'allow *' # Defaults to 'undef'. # # [*cap_mgr*] cephx capabilities for MGR access. # Optional. e.g. 'allow *' # Defaults to 'undef'. # # [*user*] Owner of the *keyring_path* file. # Optional. Defaults to 'root'. # # [*group*] Group of the *keyring_path* file. # Optional. Defaults to 'root'. # # [*mode*] Mode (permissions) of the *keyring_path* file. # Optional. Defaults to 0600. # # [*inject*] True if the key should be injected into the cluster. # Optional. Boolean value (true to inject the key). # Default to false. # # [*inject_as_id*] the ceph ID used to inject the key Optional. Only # taken into account if 'inject' was set to true, in which case it # overrides the ceph default if set to a value other than # undef. Default to undef. # # [*inject_keyring*] keyring file with injection credentials # Optional. Only taken into account if 'inject' was set to true. If # set to a value other than undef, it overrides the ceph default # inferred from the client name. Default to undef. # define ceph::key ( $secret, $cluster = undef, $keyring_path = "/etc/ceph/ceph.${name}.keyring", $cap_mon = undef, $cap_osd = undef, $cap_mds = undef, $cap_mgr = undef, $user = 'root', $group = 'root', $mode = '0600', $inject = false, $inject_as_id = undef, $inject_keyring = undef, ) { if $cluster { $cluster_option = "--cluster ${cluster}" } else { $cluster_option = '' } if $cap_mon { $mon_caps = "--cap mon '${cap_mon}' " } else { $mon_caps = '' } if $cap_osd { $osd_caps = "--cap osd '${cap_osd}' " } else { $osd_caps = '' } if $cap_mds { $mds_caps = "--cap mds '${cap_mds}' " } else { $mds_caps = '' } if $cap_mgr { $mgr_caps = "--cap mgr '${cap_mgr}' " } else { $mgr_caps = '' } $caps = "${mon_caps}${osd_caps}${mds_caps}${mgr_caps}" # this allows multiple defines for the same 'keyring file', # which is supported by ceph-authtool if ! defined(File[$keyring_path]) { file { $keyring_path: ensure => file, owner => $user, group => $group, mode => $mode, selinux_ignore_defaults => true, - require => Package[$::ceph::params::packages], + require => Package[$ceph::params::packages], } } # ceph-authtool --add-key is idempotent, will just update pre-existing keys exec { "ceph-key-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph-authtool ${keyring_path} --name '${name}' --add-key '${secret}' ${caps}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -x NEW_KEYRING=\$(mktemp) ceph-authtool \$NEW_KEYRING --name '${name}' --add-key '${secret}' ${caps} diff -N \$NEW_KEYRING ${keyring_path} rv=\$? rm \$NEW_KEYRING exit \$rv", require => [ File[$keyring_path], ], logoutput => true, } if $inject { if $inject_as_id { $inject_id_option = " --name '${inject_as_id}' " } else { $inject_id_option = '' } if $inject_keyring { $inject_keyring_option = " --keyring '${inject_keyring}' " } else { $inject_keyring_option = '' } Ceph_config<||> -> Exec["ceph-injectkey-${name}"] Ceph::Mon<||> -> Exec["ceph-injectkey-${name}"] # ceph auth import is idempotent, will just update pre-existing keys exec { "ceph-injectkey-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph ${cluster_option} ${inject_id_option} ${inject_keyring_option} auth import -i ${keyring_path}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -x OLD_KEYRING=\$(mktemp) TMP_KEYRING=\$(mktemp) cat ${keyring_path} | sed -e 's/\\\\//g' > \$TMP_KEYRING ceph ${cluster_option} ${inject_id_option} ${inject_keyring_option} auth get ${name} -o \$OLD_KEYRING || true diff -N \$OLD_KEYRING \$TMP_KEYRING rv=$? rm \$OLD_KEYRING rm \$TMP_KEYRING exit \$rv", require => [ Class['ceph'], Exec["ceph-key-${name}"], ], logoutput => true, } } } diff --git a/manifests/mds.pp b/manifests/mds.pp index 254d73c..a42d9dc 100644 --- a/manifests/mds.pp +++ b/manifests/mds.pp @@ -1,119 +1,119 @@ # Copyright (C) 2013, 2014 iWeb Technologies Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Moreau Simard # # == Class: ceph::mds # # Installs and configures MDSs (ceph metadata servers) # # === Parameters: # # [*public_addr*] The bind IP address. # Optional. The IPv(4|6) address on which MDS binds itself. # # [*pkg_mds*] Package name for the MDS service. # Optional. Defaults to the value of ceph::params::pkg_mds # # [*pkg_mds_ensure*] Ensure status for the pkg_mds package resources # Optional. Defaults to present. # # [*mds_activate*] Switch to activate the '[mds]' section in the config. # Optional. Defaults to true. # # [*mds_data*] The path to the MDS data. # Optional. Same default as ceph. # # [*mds_enable*] Whether to enable ceph-mds instance on boot. # Optional. Default is true. # # [*mds_ensure*] Whether to start the MDS service. # Optional. Default is running. # # [*mds_id*] The ID of the MDS instance. # Optional. Default is $::hostname # # [*keyring*] The location of the keyring used by MDSs # Optional. Same default as ceph. # # [*cluster*] The ceph cluster # Optional. Default to 'ceph'. # class ceph::mds ( $public_addr = undef, - $pkg_mds = $::ceph::params::pkg_mds, + $pkg_mds = $ceph::params::pkg_mds, $pkg_mds_ensure = present, $mds_activate = true, $mds_data = undef, $mds_enable = true, $mds_ensure = 'running', $mds_id = $::hostname, $keyring = undef, $cluster = 'ceph', ) inherits ceph::params { if $mds_data { $mds_data_real = $mds_data } else { $mds_data_real = "/var/lib/ceph/mds/${cluster}-${mds_id}" } if $keyring { $keyring_real = $keyring } else { $keyring_real = "${mds_data_real}/keyring" } Ceph_config<||> ~> Service<| tag == 'ceph-mds' |> Package<| tag == 'ceph' |> -> File[$mds_data_real] -> Service<| tag == 'ceph-mds' |> $mds_service_name = "ceph-mds@${mds_id}" service { $mds_service_name: ensure => $mds_ensure, enable => $mds_enable, tag => ['ceph-mds'] } package { $pkg_mds: ensure => $pkg_mds_ensure, tag => 'ceph', } file { $mds_data_real: ensure => directory, owner => 'ceph', group => 'ceph', mode => '0750', selinux_ignore_defaults => true, } if $mds_activate { ceph_config { 'mds/mds_data': value => $mds_data_real; 'mds/keyring': value => $keyring_real; } if $public_addr { ceph_config { "mds.${mds_id}/public_addr": value => $public_addr; } } } else { ceph_config { 'mds/mds_data': ensure => absent; 'mds/keyring': ensure => absent; } } } diff --git a/manifests/mirror.pp b/manifests/mirror.pp index 084a367..249a040 100644 --- a/manifests/mirror.pp +++ b/manifests/mirror.pp @@ -1,72 +1,72 @@ # # Copyright (C) 2016 Keith Schincke # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Keith Schincke # # Configures a ceph rbd mirroring # # == Define: ceph::mirror # # === Parameters: # # [*pkg_mirror*] Package name for RBD mirroring # Optional. Default is 'rbd-mirror' # # [*rbd_mirror_ensure*] Ensure RBD mirror is running # Optional. Default is 'running' # # [*rbd_mirror_enable*] Enable the RBD mirror service on boot # Optional. Default is true define ceph::mirror ( $pkg_mirror = 'rbd-mirror', $rbd_mirror_ensure = 'running', $rbd_mirror_enable = true, ) { - include ::stdlib + include stdlib ensure_resource( 'package', $pkg_mirror, { ensure => present, tag => [ 'ceph' ], } ) $service_name = "ceph-rbd-mirror@${name}" #Xenial reports 'debian' as the service provider #'systemd' should cover supported RHEL type systems if( ( $::service_provider == 'systemd' ) or ( $::operatingsystemrelease == '16.04' ) ) { Service{ name => $service_name, enable => $rbd_mirror_enable, } } else { fail( 'Unsupported operating system. Ubuntu 16.04 and RedHat/CentOS 7 are supported' ) } service { $service_name: ensure => $rbd_mirror_ensure, tag => ['ceph-rbd-mirror'] } Ceph_config<||> ~> Service<| tag == 'ceph-rbd-mirror' |> Package<| tag == 'ceph'|> -> Service<| tag == 'ceph-rbd-mirror' |> } diff --git a/manifests/mon.pp b/manifests/mon.pp index 7e052e7..f8dad43 100644 --- a/manifests/mon.pp +++ b/manifests/mon.pp @@ -1,252 +1,252 @@ # # Copyright (C) 2013 Cloudwatt # Copyright (C) 2013, 2014 iWeb Technologies Inc. # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Loic Dachary # Author: David Moreau Simard # Author: David Gurtner # # == Define: ceph::mon # # Installs and configures MONs (ceph monitors) # # === Parameters: # # [*title*] The MON id. # Mandatory. An alphanumeric string uniquely identifying the MON. # # [*ensure*] Installs ( present ) or remove ( absent ) a MON # Optional. Defaults to present. # If set to absent, it will stop the MON service and remove # the associated data directory. # # [*mon_enable*] Whether to enable ceph-mon instance on boot. # Optional. Default is true. # # [*public_addr*] The bind IP address. # Optional. The IPv(4|6) address on which MON binds itself. # # [*cluster*] The ceph cluster # Optional. Same default as ceph. # # [*authentication_type*] Activate or deactivate authentication # Optional. Default to cephx. # Authentication is activated if the value is 'cephx' and deactivated # if the value is 'none'. If the value is 'cephx', at least one of # key or keyring must be provided. # # [*key*] Authentication key for [mon.] # Optional. $key and $keyring are mutually exclusive. # # [*keyring*] Path of the [mon.] keyring file # Optional. $key and $keyring are mutually exclusive. # # [*exec_timeout*] The default exec resource timeout, in seconds -# Optional. Defaults to $::ceph::params::exec_timeout +# Optional. Defaults to $ceph::params::exec_timeout # define ceph::mon ( $ensure = present, $mon_enable = true, $public_addr = undef, $cluster = undef, $authentication_type = 'cephx', $key = undef, $keyring = undef, - $exec_timeout = $::ceph::params::exec_timeout, + $exec_timeout = $ceph::params::exec_timeout, ) { - include ::stdlib + include stdlib # a puppet name translates into a ceph id, the meaning is different $id = $name if $cluster { $cluster_name = $cluster } else { $cluster_name = 'ceph' } $cluster_option = "--cluster ${cluster_name}" # NOTE(aschultz): this is the service title for the mon service. It may be # different than the actual service name. $mon_service = "ceph-mon-${id}" # For Ubuntu Trusty system if $::service_provider == 'upstart' { $init = 'upstart' Service { name => 'ceph-mon', provider => $::service_provider, start => "start ceph-mon id=${id}", stop => "stop ceph-mon id=${id}", status => "status ceph-mon id=${id}", enable => $mon_enable, } # Everything else that is supported by puppet-ceph should run systemd. } else { $init = 'systemd' Service { name => "ceph-mon@${id}", enable => $mon_enable, } } if $ensure == present { $ceph_mkfs = "ceph-mon-mkfs-${id}" if $authentication_type == 'cephx' { if ! $key and ! $keyring { fail("authentication_type ${authentication_type} requires either key or keyring to be set but both are undef") } if $key and $keyring { fail("key (set to ${key}) and keyring (set to ${keyring}) are mutually exclusive") } if $key { $keyring_path = "/tmp/ceph-mon-keyring-${id}" Ceph_config<||> -> exec { "create-keyring-${id}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex cat > ${keyring_path} << EOF [mon.] key = ${key} caps mon = \"allow *\" EOF chmod 0444 ${keyring_path} ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) || exit 1 # if ceph-mon fails then the mon is probably not configured yet test -e \$mon_data/done ", } Exec["create-keyring-${id}"] -> Exec[$ceph_mkfs] } else { $keyring_path = $keyring } } else { $keyring_path = '/dev/null' } if $public_addr { ceph_config { "mon.${id}/public_addr": value => $public_addr; } } Ceph_config<||> # prevent automatic creation of the client.admin key by ceph-create-keys -> exec { "ceph-mon-${cluster_name}.client.admin.keyring-${id}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex touch /etc/ceph/${cluster_name}.client.admin.keyring", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex test -e /etc/ceph/${cluster_name}.client.admin.keyring", } -> exec { $ceph_mkfs: command => "/bin/true # comment to satisfy puppet syntax requirements set -ex mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) if [ ! -d \$mon_data ] ; then mkdir -p \$mon_data if getent passwd ceph >/dev/null 2>&1; then chown -h ceph:ceph \$mon_data if ceph-mon ${cluster_option} \ --setuser ceph --setgroup ceph \ --mkfs \ --id ${id} \ --keyring ${keyring_path} ; then touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring chown -h ceph:ceph \$mon_data/done \$mon_data/${init} \$mon_data/keyring else rm -fr \$mon_data fi else if ceph-mon ${cluster_option} \ --mkfs \ --id ${id} \ --keyring ${keyring_path} ; then touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring else rm -fr \$mon_data fi fi fi ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) test -d \$mon_data ", logoutput => true, timeout => $exec_timeout, } -> service { $mon_service: ensure => running, } # if the service is running before we setup the configs, notify service Ceph_config<||> ~> Service[$mon_service] if $authentication_type == 'cephx' { if $key { Exec[$ceph_mkfs] -> Exec["rm-keyring-${id}"] exec { "rm-keyring-${id}": command => "/bin/rm ${keyring_path}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex test ! -e ${keyring_path} ", } } } } elsif $ensure == absent { service { $mon_service: ensure => stopped, } -> exec { "remove-mon-${id}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) rm -fr \$mon_data ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex which ceph-mon || exit 0 # if ceph-mon is not available we already uninstalled ceph and there is nothing to do mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) test ! -d \$mon_data ", logoutput => true, timeout => $exec_timeout, } -> ceph_config { "mon.${id}/public_addr": ensure => absent; } -> Package<| tag == 'ceph' |> } else { fail('Ensure on MON must be either present or absent') } } diff --git a/manifests/osd.pp b/manifests/osd.pp index 4f1c6be..ac44a2c 100644 --- a/manifests/osd.pp +++ b/manifests/osd.pp @@ -1,266 +1,266 @@ # # Copyright (C) 2014 Cloudwatt # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Loic Dachary # Author: David Gurtner # # == Define: ceph::osd # # Install and configure a ceph OSD # # === Parameters: # # [*title*] The OSD data path. # Mandatory. The path for a disk or vg/lv used for the OSD # # [*ensure*] Installs ( present ) or remove ( absent ) an OSD # Optional. Defaults to present. # If set to absent, it will stop the OSD service and remove # the associated data directory. # # [*journal*] The OSD filestore journal path. # Optional. Defaults to co-locating the journal with the data # defined by *title*. # # [*bluestore_wal*] The OSD bluestore WAL path. # Optional. Defaults to co-locating the WAL with the data # defined by *title*. # # [*bluestore_db*] The OSD bluestore WAL path. # Optional. Defaults to co-locating the DB with the data # defined by *title*. # # [*store_type*] The OSD backing store type. # Optional. Defaults undef and will follow the ceph version default. # should be either filestore or bluestore. # # [*cluster*] The ceph cluster # Optional. Same default as ceph. # # [*exec_timeout*] The default exec resource timeout, in seconds -# Optional. Defaults to $::ceph::params::exec_timeout +# Optional. Defaults to $ceph::params::exec_timeout # # [*selinux_file_context*] The SELinux file context to apply # on the directory backing the OSD service. # Optional. Defaults to 'ceph_var_lib_t' # # [*fsid*] The ceph cluster FSID -# Optional. Defaults to $::ceph::profile::params::fsid +# Optional. Defaults to $ceph::profile::params::fsid # # [*dmcrypt*] Encrypt [data-path] and/or journal devices with dm-crypt. # Optional. Defaults to false. # # [*dmcrypt_key_dir*] Directory where dm-crypt keys are stored. # Optional. Defaults to '/etc/ceph/dmcrypt-keys'. # define ceph::osd ( $ensure = present, $journal = undef, $cluster = undef, $bluestore_wal = undef, $bluestore_db = undef, $store_type = undef, - $exec_timeout = $::ceph::params::exec_timeout, + $exec_timeout = $ceph::params::exec_timeout, $selinux_file_context = 'ceph_var_lib_t', - $fsid = $::ceph::profile::params::fsid, + $fsid = $ceph::profile::params::fsid, $dmcrypt = false, $dmcrypt_key_dir = '/etc/ceph/dmcrypt-keys', ) { - include ::ceph::params + include ceph::params $data = $name if $cluster { $cluster_name = $cluster } else { $cluster_name = 'ceph' } $cluster_option = "--cluster ${cluster_name}" if $store_type { $osd_type = "--${store_type}" } else { $osd_type = '' } if ($bluestore_wal) or ($bluestore_db) { if $bluestore_wal { $wal_opts = "--block.wal ${bluestore_wal}" } if $bluestore_db { $block_opts = "--block.db ${bluestore_db}" } $journal_opts = "${wal_opts} ${block_opts}" } elsif $journal { $journal_opts = "--journal ${journal}" } else { $journal_opts = '' } if $dmcrypt { $dmcrypt_options = " --dmcrypt --dmcrypt-key-dir '${dmcrypt_key_dir}'" } else { $dmcrypt_options = '' } if $ensure == present { $ceph_prepare = "ceph-osd-prepare-${name}" $ceph_activate = "ceph-osd-activate-${name}" Ceph_config<||> -> Exec[$ceph_prepare] Ceph::Mon<||> -> Exec[$ceph_prepare] Ceph::Key<||> -> Exec[$ceph_prepare] # Ensure none is activated before prepare is finished for all Exec<| tag == 'prepare' |> -> Exec<| tag == 'activate' |> if $fsid { $fsid_option = "--cluster-fsid ${fsid}" $ceph_check_fsid_mismatch = "ceph-osd-check-fsid-mismatch-${name}" Exec[$ceph_check_fsid_mismatch] -> Exec[$ceph_prepare] # return error if $(readlink -f ${data}) has fsid differing from ${fsid}, unless there is no fsid exec { $ceph_check_fsid_mismatch: command => "/bin/true # comment to satisfy puppet syntax requirements set -ex exit 1 ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex if [ -z $(ceph-volume lvm list ${data} |grep 'cluster fsid' | awk -F'fsid' '{print \$2}'|tr -d ' ') ]; then exit 0 fi test ${fsid} = $(ceph-volume lvm list ${data} |grep 'cluster fsid' | awk -F'fsid' '{print \$2}'|tr -d ' ') ", logoutput => true, timeout => $exec_timeout, } } #name of the bootstrap osd keyring $bootstrap_osd_keyring = "/var/lib/ceph/bootstrap-osd/${cluster_name}.keyring" exec { "extract-bootstrap-osd-keyring-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements ceph auth get client.bootstrap-osd > ${bootstrap_osd_keyring} ", creates => "${bootstrap_osd_keyring}", } Exec["extract-bootstrap-osd-keyring-${name}"] -> Exec[$ceph_prepare] exec { $ceph_prepare: command => "/bin/true # comment to satisfy puppet syntax requirements set -ex if [ $(echo ${data}|cut -c 1) = '/' ]; then disk=${data} else # If data is vg/lv, block device is /dev/vg/lv disk=/dev/${data} fi if ! test -b \$disk ; then # Since nautilus, only block devices or lvm logical volumes can be used for OSDs exit 1 fi ceph-volume lvm prepare ${osd_type} ${cluster_option}${dmcrypt_options} ${fsid_option} --data ${data} ${journal_opts} ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph-volume lvm list ${data} ", logoutput => true, timeout => $exec_timeout, tag => 'prepare', } if (str2bool($::selinux) == true) { - ensure_packages($::ceph::params::pkg_policycoreutils, {'ensure' => 'present'}) + ensure_packages($ceph::params::pkg_policycoreutils, {'ensure' => 'present'}) exec { "fcontext_${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex semanage fcontext -a -t ${selinux_file_context} \"$(readlink -f ${data})(/.*)?\" restorecon -R $(readlink -f ${data}) ", - require => [Package[$::ceph::params::pkg_policycoreutils],Exec[$ceph_prepare]], + require => [Package[$ceph::params::pkg_policycoreutils],Exec[$ceph_prepare]], before => Exec[$ceph_activate], unless => "/usr/bin/test -b $(readlink -f ${data}) || (semanage fcontext -l | grep $(readlink -f ${data}))", } } Exec[$ceph_prepare] -> Exec[$ceph_activate] exec { $ceph_activate: command => "/bin/true # comment to satisfy puppet syntax requirements set -ex if [ $(echo ${data}|cut -c 1) = '/' ]; then disk=${data} else # If data is vg/lv, block device is /dev/vg/lv disk=/dev/${data} fi if ! test -b \$disk ; then # Since nautilus, only block devices or lvm logical volumes can be used for OSDs exit 1 fi id=$(ceph-volume lvm list ${data} | grep 'osd id'|awk -F 'osd id' '{print \$2}'|tr -d ' ') fsid=$(ceph-volume lvm list ${data} | grep 'osd fsid'|awk -F 'osd fsid' '{print \$2}'|tr -d ' ') ceph-volume lvm activate \$id \$fsid ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex id=$(ceph-volume lvm list ${data} | grep 'osd id'|awk -F 'osd id' '{print \$2}'|tr -d ' ') ps -fCceph-osd|grep \"\\--id \$id \" ", logoutput => true, tag => 'activate', } } elsif $ensure == absent { # ceph-disk: support osd removal http://tracker.ceph.com/issues/7454 exec { "remove-osd-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex id=$(ceph-volume lvm list ${data} | grep 'osd id'|awk -F 'osd id' '{print \$2}'|tr -d ' ') if [ \"\$id\" ] ; then ceph ${cluster_option} osd out osd.\$id stop ceph-osd cluster=${cluster_name} id=\$id || true service ceph stop osd.\$id || true systemctl stop ceph-osd@\$id || true ceph ${cluster_option} osd crush remove osd.\$id ceph ${cluster_option} auth del osd.\$id ceph ${cluster_option} osd rm \$id rm -fr /var/lib/ceph/osd/${cluster_name}-\$id/* umount /var/lib/ceph/osd/${cluster_name}-\$id || true rm -fr /var/lib/ceph/osd/${cluster_name}-\$id ceph-volume lvm zap ${data} fi ", unless => "/bin/true # comment to satisfy puppet syntax requirements set -x ceph-volume lvm list ${data} if [ \$? -eq 0 ]; then exit 1 else exit 0 fi ", logoutput => true, timeout => $exec_timeout, } -> Ceph::Mon<| ensure == absent |> } else { fail('Ensure on OSD must be either present or absent') } } diff --git a/manifests/osds.pp b/manifests/osds.pp index 0825ce9..5cad288 100644 --- a/manifests/osds.pp +++ b/manifests/osds.pp @@ -1,50 +1,50 @@ # # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Gurtner # # == Class: ceph::osds # # Class wrapper for the benefit of scenario_node_terminus # # === Parameters: # # [*args*] A Ceph osds config hash # Optional. # # [*defaults*] A config hash # Optional. Defaults to a empty hash # # [*pid_max*] Value for pid_max. Defaults to undef. Optional. # For OSD nodes it is recommended that you raise pid_max above the # default value because you may hit the system max during # recovery. The recommended value is the absolute max for pid_max: 4194303 # http://docs.ceph.com/docs/nautilus/rados/troubleshooting/troubleshooting-osd/ # class ceph::osds( $args = {}, $defaults = {}, - $pid_max = $::ceph::profile::params::pid_max, + $pid_max = $ceph::profile::params::pid_max, ) { create_resources(ceph::osd, $args, $defaults) if $pid_max { $sysctl_settings = { 'kernel.pid_max' => { value => $pid_max }, } ensure_resources(sysctl::value,$sysctl_settings) } } diff --git a/manifests/pool.pp b/manifests/pool.pp index 522a98a..7da8c93 100644 --- a/manifests/pool.pp +++ b/manifests/pool.pp @@ -1,146 +1,146 @@ # # Copyright (C) 2014 Catalyst IT Limited. # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Ricardo Rocha # Author: David Gurtner # # Manages operations on the pools in the cluster, such as creating or deleting # pools, setting PG/PGP numbers, number of replicas, ... # # == Define: ceph::pool # # The name of the pool. # # === Parameters: # # [*ensure*] Creates ( present ) or removes ( absent ) a pool. # Optional. Defaults to present. # If set to absent, it will drop the pool and all its data. # # [*pg_num*] Number of PGs for the pool. # Optional. Default is 64 ( but you probably want to pass a value here ). # Number of Placement Groups (PGs) for a pool, if the pool already # exists this may increase the number of PGs if the current value is lower. # Check http://ceph.com/docs/master/rados/operations/placement-groups/. # # [*pgp_num*] Same as for pg_num. # Optional. Default is undef. # # [*size*] Replica level for the pool. # Optional. Default is undef. # Increase or decrease the replica level of a pool. # # [*tag*] Pool tag. # Optional. Default is undef. # cephfs,rbd,rgw or freeform for custom application. # # [*exec_timeout*] The default exec resource timeout, in seconds -# Optional. Defaults to $::ceph::params::exec_timeout +# Optional. Defaults to $ceph::params::exec_timeout # define ceph::pool ( $ensure = present, $pg_num = 64, $pgp_num = undef, $size = undef, $tag = undef, - $exec_timeout = $::ceph::params::exec_timeout, + $exec_timeout = $ceph::params::exec_timeout, ) { if $ensure == present { Ceph_config<||> -> Exec["create-${name}"] Ceph::Mon<||> -> Exec["create-${name}"] Ceph::Key<||> -> Exec["create-${name}"] Ceph::Osd<||> -> Exec["create-${name}"] exec { "create-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool create ${name} ${pg_num}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool ls | grep -w '${name}'", timeout => $exec_timeout, } exec { "set-${name}-pg_num": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool set ${name} pg_num ${pg_num}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex test $(ceph osd pool get ${name} pg_num | sed 's/.*:\s*//g') -ge ${pg_num}", require => Exec["create-${name}"], timeout => $exec_timeout, } if $pgp_num { exec { "set-${name}-pgp_num": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool set ${name} pgp_num ${pgp_num}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex test $(ceph osd pool get ${name} pgp_num | sed 's/.*:\s*//g') -ge ${pgp_num}", require => [Exec["create-${name}"], Exec["set-${name}-pg_num"]], timeout => $exec_timeout, } } if $size { exec { "set-${name}-size": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool set ${name} size ${size}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex test $(ceph osd pool get ${name} size | sed 's/.*:\s*//g') -eq ${size}", require => Exec["create-${name}"], timeout => $exec_timeout, } } if $tag { exec { "set-${name}-tag": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool application enable ${name} ${tag}", unless => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool application get ${name} ${tag}", require => Exec["create-${name}"], timeout => $exec_timeout, } } } elsif $ensure == absent { exec { "delete-${name}": command => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool delete ${name} ${name} --yes-i-really-really-mean-it", onlyif => "/bin/true # comment to satisfy puppet syntax requirements set -ex ceph osd pool ls | grep -w '${name}'", timeout => $exec_timeout, } -> Ceph::Mon<| ensure == absent |> } else { fail("*ensure* must be either present or absent - was '${ensure}'") } } diff --git a/manifests/profile/base.pp b/manifests/profile/base.pp index 61c7db7..ae1e734 100644 --- a/manifests/profile/base.pp +++ b/manifests/profile/base.pp @@ -1,56 +1,56 @@ # # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Gurtner # # == Class: ceph::profile::base # # Base profile to install ceph and configure /etc/ceph/ceph.conf # class ceph::profile::base { - include ::ceph::profile::params + include ceph::profile::params if ( $ceph::profile::params::manage_repo ) { Class['ceph::repo'] -> Class['ceph'] - class { '::ceph::repo': + class { 'ceph::repo': release => $ceph::profile::params::release, } } - class { '::ceph': + class { 'ceph': fsid => $ceph::profile::params::fsid, authentication_type => $ceph::profile::params::authentication_type, osd_journal_size => $ceph::profile::params::osd_journal_size, osd_max_object_name_len => $ceph::profile::params::osd_max_object_name_len, osd_max_object_namespace_len => $ceph::profile::params::osd_max_object_namespace_len, osd_pool_default_pg_num => $ceph::profile::params::osd_pool_default_pg_num, osd_pool_default_pgp_num => $ceph::profile::params::osd_pool_default_pgp_num, osd_pool_default_size => $ceph::profile::params::osd_pool_default_size, osd_pool_default_min_size => $ceph::profile::params::osd_pool_default_min_size, mon_initial_members => $ceph::profile::params::mon_initial_members, mon_host => $ceph::profile::params::mon_host, ms_bind_ipv6 => $ceph::profile::params::ms_bind_ipv6, cluster_network => $ceph::profile::params::cluster_network, public_network => $ceph::profile::params::public_network, osd_max_backfills => $ceph::profile::params::osd_max_backfills, osd_recovery_max_active => $ceph::profile::params::osd_recovery_max_active, osd_recovery_op_priority => $ceph::profile::params::osd_recovery_op_priority, osd_recovery_max_single_start => $ceph::profile::params::osd_recovery_max_single_start, osd_max_scrubs => $ceph::profile::params::osd_max_scrubs, osd_op_threads => $ceph::profile::params::osd_op_threads, rbd_default_features => $ceph::profile::params::rbd_default_features, } } diff --git a/manifests/profile/client.pp b/manifests/profile/client.pp index fd3d722..6f74789 100644 --- a/manifests/profile/client.pp +++ b/manifests/profile/client.pp @@ -1,35 +1,35 @@ # # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Gurtner # Author: David Moreau Simard # # == Class: ceph::profile::client # # Profile for a Ceph client # class ceph::profile::client { - require ::ceph::profile::base + require ceph::profile::base # If the same server is hosting a mon, osd and client, the key resource is # ultimately handled by the mon class. if ! defined(Class['ceph::keys']) { if !empty($ceph::profile::params::client_keys) { - class { '::ceph::keys': + class { 'ceph::keys': args => $ceph::profile::params::client_keys } } } } diff --git a/manifests/profile/fs.pp b/manifests/profile/fs.pp index 08bb71f..5db8ce8 100644 --- a/manifests/profile/fs.pp +++ b/manifests/profile/fs.pp @@ -1,29 +1,29 @@ # # Copyright (C) 2016 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Jan Provaznik # # == Class: ceph::profile::fs # # Profile for a Ceph fs # class ceph::profile::fs { - require ::ceph::profile::base + require ceph::profile::base ceph::fs { $ceph::profile::params::fs_name: metadata_pool => $ceph::profile::params::fs_metadata_pool, data_pool => $ceph::profile::params::fs_data_pool, } } diff --git a/manifests/profile/mds.pp b/manifests/profile/mds.pp index c4a1845..2ee59da 100644 --- a/manifests/profile/mds.pp +++ b/manifests/profile/mds.pp @@ -1,41 +1,41 @@ # # Copyright (C) 2016 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Giulio Fidente # # == Class: ceph::profile::mds # # Profile for a Ceph mds # class ceph::profile::mds { - require ::ceph::profile::base + require ceph::profile::base - class { '::ceph::mds': + class { 'ceph::mds': public_addr => $ceph::profile::params::public_addr, } if !empty($ceph::profile::params::mds_key) { ceph::key { "mds.${::hostname}": cap_mon => 'allow profile mds', cap_osd => 'allow rwx', cap_mds => 'allow', inject => true, keyring_path => "/var/lib/ceph/mds/ceph-${::hostname}/keyring", secret => $ceph::profile::params::mds_key, user => 'ceph', group => 'ceph' } } } diff --git a/manifests/profile/mgr.pp b/manifests/profile/mgr.pp index 51b7ef2..d2437cd 100644 --- a/manifests/profile/mgr.pp +++ b/manifests/profile/mgr.pp @@ -1,30 +1,30 @@ # # Copyright (C) 2017, VEXXHOST, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Mohammed Naser # # == Class: ceph::profile::mgr # # Profile for a Ceph mgr # class ceph::profile::mgr { - require ::ceph::profile::base + require ceph::profile::base ceph::mgr { $::hostname: authentication_type => $ceph::profile::params::authentication_type, key => $ceph::profile::params::mgr_key, inject_key => true, } } diff --git a/manifests/profile/mirror.pp b/manifests/profile/mirror.pp index 13e6c08..c5afc87 100644 --- a/manifests/profile/mirror.pp +++ b/manifests/profile/mirror.pp @@ -1,30 +1,30 @@ # # Copyright (C) 2016 Keith Schincke # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Keith Schincke # # == Class: ceph::profile::mirror # # Profile for Ceph rbd mirror # class ceph::profile::mirror { - require ::ceph::profile::client - $rbd_name = $::ceph::profile::params::rbd_mirror_client_name ? { + require ceph::profile::client + $rbd_name = $ceph::profile::params::rbd_mirror_client_name ? { undef => 'openstack', - default => $::ceph::profile::params::rbd_mirror_client_name, + default => $ceph::profile::params::rbd_mirror_client_name, } ceph::mirror { $rbd_name: } } diff --git a/manifests/profile/mon.pp b/manifests/profile/mon.pp index c680bef..8567610 100644 --- a/manifests/profile/mon.pp +++ b/manifests/profile/mon.pp @@ -1,45 +1,45 @@ # # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Gurtner # Author: David Moreau Simard # # == Class: ceph::profile::mon # # Profile for a Ceph mon # class ceph::profile::mon { - require ::ceph::profile::base + require ceph::profile::base ceph::mon { $::hostname: authentication_type => $ceph::profile::params::authentication_type, key => $ceph::profile::params::mon_key, keyring => $ceph::profile::params::mon_keyring, public_addr => $ceph::profile::params::public_addr, } $defaults = { inject => true, inject_as_id => 'mon.', inject_keyring => "/var/lib/ceph/mon/ceph-${::hostname}/keyring", } if !empty($ceph::profile::params::client_keys) { - class { '::ceph::keys': + class { 'ceph::keys': args => $ceph::profile::params::client_keys, defaults => $defaults } } } diff --git a/manifests/profile/osd.pp b/manifests/profile/osd.pp index 4f57f3d..4c09ab4 100644 --- a/manifests/profile/osd.pp +++ b/manifests/profile/osd.pp @@ -1,29 +1,29 @@ # # Copyright (C) 2014 Nine Internet Solutions AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: David Gurtner # Author: David Moreau Simard # # Class: ceph::profle::osd # # Profile for a Ceph osd # class ceph::profile::osd { - require ::ceph::profile::client + require ceph::profile::client - class { '::ceph::osds': + class { 'ceph::osds': args => $ceph::profile::params::osds, } } diff --git a/manifests/profile/rgw.pp b/manifests/profile/rgw.pp index 90bdd9e..09623af 100644 --- a/manifests/profile/rgw.pp +++ b/manifests/profile/rgw.pp @@ -1,34 +1,34 @@ # # Copyright (C) 2016 Keith Schincke # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Keith Schincke # # == Class: ceph::profile::rgw # # Profile for Ceph rgw # class ceph::profile::rgw { - require ::ceph::profile::base - $rgw_name = $::ceph::profile::params::rgw_name ? { + require ceph::profile::base + $rgw_name = $ceph::profile::params::rgw_name ? { undef => 'radosgw.gateway', - default => $::ceph::profile::params::rgw_name, + default => $ceph::profile::params::rgw_name, } ceph::rgw { $rgw_name: - user => $::ceph::profile::params::rgw_user, - rgw_print_continue => $::ceph::profile::params::rgw_print_continue, - frontend_type => $::ceph::profile::params::frontend_type, - rgw_frontends => $::ceph::profile::params::rgw_frontends, + user => $ceph::profile::params::rgw_user, + rgw_print_continue => $ceph::profile::params::rgw_print_continue, + frontend_type => $ceph::profile::params::frontend_type, + rgw_frontends => $ceph::profile::params::rgw_frontends, } } diff --git a/manifests/repo.pp b/manifests/repo.pp index e7d2a3e..736f037 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,232 +1,232 @@ # Copyright (C) 2013, 2014 iWeb Technologies Inc. # Copyright (C) 2013 Cloudwatt # Copyright (C) 2014 Nine Internet Solutions AG # Copyright (C) 2014 Catalyst IT Limited # Copyright (C) 2015 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Loic Dachary # Author: Francois Charlier # Author: David Moreau Simard # Author: Andrew Woodward # Author: David Gurtner # Author: Ricardo Rocha # Author: Emilien Macchi # # == Class: ceph::repo # # Configure ceph APT repo for Ceph # # === Parameters: # # [*ensure*] The ensure state for package ressources. # Optional. Defaults to 'present'. # # [*release*] The name of the Ceph release to install # Optional. Default to 'nautilus' in ceph::params. # # [*fastcgi*] Install Ceph fastcgi apache module for Ceph # Optional. Defaults to 'false' # # [*proxy*] Proxy URL to be used for the yum repository, useful if you're behind a corporate firewall # Optional. Defaults to 'undef' # # [*proxy_username*] The username to be used for the proxy if one should be required # Optional. Defaults to 'undef' # # [*proxy_password*] The password to be used for the proxy if one should be required # Optional. Defaults to 'undef' # # [*enable_epel*] Whether or not enable EPEL repository. # Optional. Defaults to True # # [*enable_sig*] Whether or not enable SIG repository. # CentOS SIG repository contains Ceph packages built by CentOS community. # https://wiki.centos.org/SpecialInterestGroup/Storage/ # Optional. Defaults to False in ceph::params. # # [*ceph_mirror*] Ceph mirror used to download packages. # Optional. Defaults to undef. # class ceph::repo ( $ensure = present, - $release = $::ceph::params::release, + $release = $ceph::params::release, $fastcgi = false, $proxy = undef, $proxy_username = undef, $proxy_password = undef, $enable_epel = true, - $enable_sig = $::ceph::params::enable_sig, + $enable_sig = $ceph::params::enable_sig, $ceph_mirror = undef, ) inherits ceph::params { case $::osfamily { 'Debian': { - include ::apt + include apt if $ceph_mirror { $ceph_mirror_real = $ceph_mirror } else { $ceph_mirror_real = "http://download.ceph.com/debian-${release}/" apt::key { 'ceph': ensure => $ensure, id => '08B73419AC32B4E966C1A330E84AC2C0460F3994', source => 'https://download.ceph.com/keys/release.asc', before => Apt::Source['ceph'], } } apt::source { 'ceph': ensure => $ensure, location => $ceph_mirror_real, release => $::lsbdistcodename, tag => 'ceph', } if $fastcgi { apt::key { 'ceph-gitbuilder': ensure => $ensure, id => 'FCC5CB2ED8E6F6FB79D5B3316EAEAE2203C3951A', server => 'keyserver.ubuntu.com', } apt::source { 'ceph-fastcgi': ensure => $ensure, location => "http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-${::lsbdistcodename}-${::hardwaremodel}-basic/ref/master", release => $::lsbdistcodename, require => Apt::Key['ceph-gitbuilder'], } } Apt::Source<| tag == 'ceph' |> -> Package<| tag == 'ceph' |> Exec['apt_update'] -> Package<| tag == 'ceph' |> } 'RedHat': { $enabled = $ensure ? { 'present' => '1', 'absent' => '0', default => absent, } # If you want to deploy Ceph using packages provided by CentOS SIG # https://wiki.centos.org/SpecialInterestGroup/Storage/ if $enable_sig { if $::operatingsystem != 'CentOS' { warning("CentOS SIG repository is only supported on CentOS operating system, \ not on ${::operatingsystem}, which can lead to packaging issues.") } if $ceph_mirror { $ceph_mirror_real = $ceph_mirror } else { $ceph_mirror_real = "https://buildlogs.centos.org/centos/7/storage/x86_64/ceph-${release}/" } yumrepo { 'ceph-luminous-sig': ensure => 'absent', } yumrepo { 'ceph-storage-sig': enabled => '1', baseurl => $ceph_mirror_real, descr => 'Ceph Storage SIG', mirrorlist => 'absent', gpgcheck => '0', } # Make sure we install the repo before any Package resource Yumrepo['ceph-luminous-sig'] -> Yumrepo['ceph-storage-sig'] -> Package<| tag == 'ceph' |> } else { # If you want to deploy Ceph using packages provided by ceph.com repositories. if ((($::operatingsystem == 'RedHat' or $::operatingsystem == 'CentOS') and (versioncmp($::operatingsystemmajrelease, '7') < 0)) or ($::operatingsystem == 'Fedora' and (versioncmp($::operatingsystemmajrelease, '19') < 0))) { $el = '6' } else { $el = '7' } Yumrepo { proxy => $proxy, proxy_username => $proxy_username, proxy_password => $proxy_password, } if ($::operatingsystem != 'Fedora') { yumrepo { 'ext-ceph': # puppet versions prior to 3.5 do not support ensure, use enabled instead enabled => $enabled, descr => "External Ceph ${release}", name => "ext-ceph-${release}", baseurl => "http://download.ceph.com/rpm-${release}/el${el}/\$basearch", gpgcheck => '1', gpgkey => 'https://download.ceph.com/keys/release.asc', mirrorlist => absent, priority => '10', # prefer ceph repos over EPEL tag => 'ceph', } yumrepo { 'ext-ceph-noarch': # puppet versions prior to 3.5 do not support ensure, use enabled instead enabled => $enabled, descr => 'External Ceph noarch', name => "ext-ceph-${release}-noarch", baseurl => "http://download.ceph.com/rpm-${release}/el${el}/noarch", gpgcheck => '1', gpgkey => 'https://download.ceph.com/keys/release.asc', mirrorlist => absent, priority => '10', # prefer ceph repos over EPEL tag => 'ceph', } if $fastcgi { yumrepo { 'ext-ceph-fastcgi': enabled => $enabled, descr => 'FastCGI basearch packages for Ceph', name => 'ext-ceph-fastcgi', baseurl => "http://gitbuilder.ceph.com/mod_fastcgi-rpm-rhel${el}-x86_64-basic/ref/master", gpgcheck => '1', gpgkey => 'https://download.ceph.com/keys/autobuild.asc', mirrorlist => absent, priority => '20', # prefer ceph repos over EPEL tag => 'ceph', } } } # prefer ceph.com repos over EPEL package { 'yum-plugin-priorities': ensure => present, } } if $enable_epel and ($::operatingsystem != 'Fedora') { yumrepo { "ext-epel-${el}": # puppet versions prior to 3.5 do not support ensure, use enabled instead enabled => $enabled, descr => "External EPEL ${el}", name => "ext-epel-${el}", baseurl => absent, gpgcheck => '1', gpgkey => "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-${el}", mirrorlist => "http://mirrors.fedoraproject.org/metalink?repo=epel-${el}&arch=\$basearch", priority => '20', # prefer ceph repos over EPEL tag => 'ceph', exclude => 'python-ceph-compat python-rbd python-rados python-cephfs', } } Yumrepo<| tag == 'ceph' |> -> Package<| tag == 'ceph' |> } default: { fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \ module ${module_name} only supports osfamily Debian and RedHat") } } } diff --git a/manifests/rgw.pp b/manifests/rgw.pp index d8b22b1..b13cd0d 100644 --- a/manifests/rgw.pp +++ b/manifests/rgw.pp @@ -1,210 +1,209 @@ # # Copyright (C) 2014 Catalyst IT Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Ricardo Rocha # Author: Oleksiy Molchanov # # Configures a ceph radosgw. # # == Define: ceph::rgw # # The RGW id. An alphanumeric string uniquely identifying the RGW. # ( example: radosgw.gateway ) # # === Parameters: # # [*pkg_radosgw*] Package name for the ceph radosgw. # Optional. Default is osfamily dependent (check ceph::params). # # [*rgw_ensure*] Whether to start radosgw service. # Optional. Default is running. # # [*rgw_enable*] Whether to enable radosgw service on boot. # Optional. Default is true. # # [*rgw_data*] The path where the radosgw data should be stored. # Optional. Default is '/var/lib/ceph/radosgw/${cluster}-${name}. # # [*user*] User running the web frontend. # Optional. Default is 'www-data'. # # [*keyring_path*] Location of keyring. # Optional. Default is '/etc/ceph/${name}.keyring'. # # [*log_file*] Log file to write to. # Optional. Default is '/var/log/ceph/radosgw.log'. # # [*rgw_dns_name*] Hostname to use for the service. # Optional. Default is $fqdn. # # [*rgw_socket_path*] Path to socket file. # Optional. Default is '/tmp/radosgw.sock'. # # [*rgw_print_continue*] True to send 100 codes to the client. # Optional. Default is false. # # [*rgw_port*] Port the rados gateway listens. # Optional. Default is undef. # # [*frontend_type*] What type of frontend to use # Optional. Default is civetweb, Other options are apache-proxy-fcgi or apache-fastcgi. # # [*rgw_frontends*] Arguments to the rgw frontend # Optional. Default is 'civetweb port=7480'. # # [*rgw_swift_url*] The URL for the Ceph Object Gateway Swift API. # Optional. Default is http://$fqdn:7480. # # Deprecated Parameters: # # [*syslog*] Whether or not to log to syslog. # Optional. Default is true. # - define ceph::rgw ( - $pkg_radosgw = $::ceph::params::pkg_radosgw, + $pkg_radosgw = $ceph::params::pkg_radosgw, $rgw_ensure = 'running', $rgw_enable = true, $rgw_data = "/var/lib/ceph/radosgw/ceph-${name}", - $user = $::ceph::params::user_radosgw, + $user = $ceph::params::user_radosgw, $keyring_path = "/etc/ceph/ceph.client.${name}.keyring", $log_file = '/var/log/ceph/radosgw.log', $rgw_dns_name = $::fqdn, - $rgw_socket_path = $::ceph::params::rgw_socket_path, + $rgw_socket_path = $ceph::params::rgw_socket_path, $rgw_print_continue = false, $rgw_port = undef, $frontend_type = 'civetweb', $rgw_frontends = 'civetweb port=7480', $rgw_swift_url = "http://${::fqdn}:7480", $syslog = undef, ) { - include ::stdlib + include stdlib if $syslog { warning( 'The syslog parameter is unused and deprecated. It will be removed in a future release.' ) } unless $name =~ /^radosgw\..+/ { fail("Define name must be started with 'radosgw.'") } ceph_config { "client.${name}/host": value => $::hostname; "client.${name}/keyring": value => $keyring_path; "client.${name}/log_file": value => $log_file; "client.${name}/user": value => $user; "client.${name}/rgw_dns_name": value => $rgw_dns_name; "client.${name}/rgw_swift_url": value => $rgw_swift_url; } if($frontend_type == 'civetweb') { ceph::rgw::civetweb { $name: rgw_frontends => $rgw_frontends, } } elsif ( ( $frontend_type == 'apache-fastcgi' ) or ( $frontend_type == 'apache-proxy-fcgi' ) ) { ceph_config { "client.${name}/rgw_print_continue": value => $rgw_print_continue; "client.${name}/rgw_socket_path": value => $rgw_socket_path; } if $frontend_type == 'apache-fastcgi' { ceph_config { "client.${name}/rgw_port": value => $rgw_port; } } elsif $frontend_type == 'apache-proxy-fcgi' { ceph_config { "client.${name}/rgw_frontends": value => $rgw_frontends; } } } else { fail("Unsupported frontend_type: ${frontend_type}") } package { $pkg_radosgw: ensure => installed, tag => 'ceph', } # Data directory for radosgw file { '/var/lib/ceph/radosgw': # missing in redhat pkg ensure => directory, mode => '0755', selinux_ignore_defaults => true, } file { $rgw_data: ensure => directory, owner => 'root', group => 'root', mode => '0750', selinux_ignore_defaults => true, } # Log file for radosgw (ownership) file { $log_file: ensure => present, owner => $user, mode => '0640', selinux_ignore_defaults => true, } # NOTE(aschultz): this is the radowsgw service title, it may be different # than the actual service name $rgw_service = "radosgw-${name}" # service definition # if Ubuntu does not use systemd if $::service_provider == 'upstart' { if $rgw_enable { file { "${rgw_data}/done": ensure => present, before => Service[$rgw_service], } } Service { name => 'radosgw', start => "start radosgw id=${name}", stop => "stop radosgw id=${name}", status => "status radosgw id=${name}", provider => $::service_provider, } # Everything else that is supported by puppet-ceph should run systemd. } else { Service { name => "ceph-radosgw@${name}", enable => $rgw_enable, } } service { $rgw_service: ensure => $rgw_ensure, tag => ['ceph-radosgw'] } Ceph_config<||> ~> Service<| tag == 'ceph-radosgw' |> Package<| tag == 'ceph' |> -> File['/var/lib/ceph/radosgw'] Package<| tag == 'ceph' |> -> File[$log_file] File['/var/lib/ceph/radosgw'] -> File[$rgw_data] -> Service<| tag == 'ceph-radosgw' |> File[$log_file] -> Service<| tag == 'ceph-radosgw' |> Ceph::Pool<||> -> Service<| tag == 'ceph-radosgw' |> } diff --git a/manifests/rgw/apache_proxy_fcgi.pp b/manifests/rgw/apache_proxy_fcgi.pp index bd4f43d..9f7245e 100644 --- a/manifests/rgw/apache_proxy_fcgi.pp +++ b/manifests/rgw/apache_proxy_fcgi.pp @@ -1,115 +1,115 @@ # # Copyright (C) 2016 Mirantis Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Oleksiy Molchanov # # Configures a ceph radosgw apache frontend with mod_proxy. # ## == Define: ceph::rgw::apache_proxy_fcgi # # The RGW id. An alphanumeric string uniquely identifying the RGW. # ( example: radosgw.gateway ) # ### == Parameters # # [*admin_email*] Admin email for the radosgw reports. # Optional. Default is 'root@localhost'. # # [*docroot*] Location of the apache docroot. # Optional. Default is '/var/www'. # # [*rgw_port*] Port the rados gateway listens. # Optional. Default is 80. # # [*rgw_dns_name*] Hostname to use for the service. # Optional. Default is $fqdn. # # [*rewrite_rule*] RewriteRule for the apache config. # Optional. Default is '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]'. # # [*setenv*] String or aray for the apache setenv directive. # Optional. Default is 'proxy-nokeepalive 1'. # # [*proxy_pass*] Hash that contains local virtual path and remote url. # Optional. Default is {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/'}. # # [*syslog*] Whether or not to log to syslog. # Optional. Default is true. # # [*apache_mods*] Whether to configure and enable a set of default Apache modules. # Optional. Defaults to false. # # [*apache_vhost*] Configures a default virtual host. # Optional. Defaults to false. # # [*apache_purge_configs*] Removes all other Apache configs and virtual hosts. # Optional. Defaults to true. # # [*apache_purge_vhost*] Whether to remove any configurations inside vhost_dir not managed # by Puppet. # Optional. Defaults to true. # # [*custom_apache_ports*] Array of ports to listen by Apache. # Optional. Works only if custom_apache set to true. Default is undef. # define ceph::rgw::apache_proxy_fcgi ( $admin_email = 'root@localhost', $docroot = '/var/www', $rgw_dns_name = $::fqdn, $rgw_port = '80', $rewrite_rule = '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', $setenv = 'proxy-nokeepalive 1', $proxy_pass = {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/'}, $syslog = true, $apache_mods = false, $apache_vhost = false, $apache_purge_configs = true, $apache_purge_vhost = true, $custom_apache_ports = undef, ) { - class { '::apache': + class { 'apache': default_mods => $apache_mods, default_vhost => $apache_vhost, purge_configs => $apache_purge_configs, purge_vhost_dir => $apache_purge_vhost, } if $custom_apache_ports { apache::listen { $custom_apache_ports: } } if !$apache_mods { - include ::apache::mod::auth_basic - include ::apache::mod::env + include apache::mod::auth_basic + include apache::mod::env } - include ::apache::mod::alias - include ::apache::mod::mime - include ::apache::mod::rewrite - include ::apache::mod::proxy - ::apache::mod { 'proxy_fcgi': } + include apache::mod::alias + include apache::mod::mime + include apache::mod::rewrite + include apache::mod::proxy + apache::mod { 'proxy_fcgi': } apache::vhost { "${rgw_dns_name}-radosgw": servername => $rgw_dns_name, serveradmin => $admin_email, docroot => $docroot, access_log => $syslog, error_log => $syslog, port => $rgw_port, rewrite_rule => $rewrite_rule, setenv => $setenv, proxy_pass => $proxy_pass, } } diff --git a/manifests/rgw/keystone/auth.pp b/manifests/rgw/keystone/auth.pp index 09345ae..0702c7e 100644 --- a/manifests/rgw/keystone/auth.pp +++ b/manifests/rgw/keystone/auth.pp @@ -1,90 +1,89 @@ # == Class: ceph::rgw::keystone::auth # # Configures RGW user, service and endpoint in Keystone V3. # # === Parameters # # [*password*] # Password for the RGW user. # Defaults to ceph::profile::params::rgw_keystone_admin_password # # [*user*] # Username for the RGW user. Optional. # Defaults to ceph::profile::params::rgw_keystone_admin_use # # [*email*] # Email for the RGW user. Optional. # Defaults to 'rgwuser@localhost' # # [*roles*] # Accepted RGW roles. Optional. # Defaults to ['admin', 'Member'] # # [*public_url*] # The public URL. Optional. # Defaults to 'http://127.0.0.1:8080/swift/v1 # # [*admin_url*] # The admin URL. Optional. # Defaults to 'http://127.0.0.1:8080/swift/v1 # # [*internal_url*] # The internal URL. Optional. # Defaults to 'http://127.0.0.1:8080/swift/v1 # # [*region*] # Region for endpoint. Optional. # Defaults to 'RegionOne' # # [*tenant*] # Tenant for user. Optional. # Defaults to ceph::profile::params::rgw_keystone_admin_project # # [*rgw_service*] # Name of the keystone service used by RGW # Defaults to 'swift::object-store' # - class ceph::rgw::keystone::auth ( - $password = $::ceph::profile::params::rgw_keystone_admin_password, - $user = $::ceph::profile::params::rgw_keystone_admin_user, + $password = $ceph::profile::params::rgw_keystone_admin_password, + $user = $ceph::profile::params::rgw_keystone_admin_user, $email = 'rgwuser@localhost', $roles = ['admin', 'Member'], $public_url = 'http://127.0.0.1:8080/swift/v1', $admin_url = 'http://127.0.0.1:8080/swift/v1', $internal_url = 'http://127.0.0.1:8080/swift/v1', $region = 'RegionOne', - $tenant = $::ceph::profile::params::rgw_keystone_admin_project, + $tenant = $ceph::profile::params::rgw_keystone_admin_project, $rgw_service = 'swift::object-store', ) { - include ::openstacklib::openstackclient + include openstacklib::openstackclient ensure_resource('keystone_service', 'swift::object-store', { 'ensure' => 'present', 'description' => 'Ceph RGW Service', } ) ensure_resource('keystone_endpoint', "${region}/swift::object-store", { 'ensure' => 'present', 'public_url' => $public_url, 'admin_url' => $admin_url, 'internal_url' => $internal_url, } ) keystone_user { $user: ensure => present, password => $password, email => $email, } ensure_resource('keystone_role', $roles, { 'ensure' => 'present' } ) keystone_user_role { "${user}@${tenant}": ensure => present, roles => $roles, } } diff --git a/spec/defines/ceph_key_spec.rb b/spec/defines/ceph_key_spec.rb index 30acadd..9b7241a 100644 --- a/spec/defines/ceph_key_spec.rb +++ b/spec/defines/ceph_key_spec.rb @@ -1,72 +1,72 @@ # # Copyright (C) 2014 Catalyst IT Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Author: Ricardo Rocha # require 'spec_helper' describe 'ceph::key' do let (:pre_condition) do - "class { '::ceph': fsid => 'foo' }" + "class { 'ceph': fsid => 'foo' }" end shared_examples 'ceph key' do describe "with custom params" do let :title do 'client.admin' end let :params do { :secret => 'supersecret', :user => 'nobody', :group => 'nogroup', :cap_mon => 'allow *', :cap_osd => 'allow rw', :cap_mgr => 'allow *', :inject => true, } end it { should contain_exec('ceph-key-client.admin').with( 'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' --cap mgr 'allow *' " ) should contain_file('/etc/ceph/ceph.client.admin.keyring').with( 'owner' => 'nobody', 'group' => 'nogroup', 'mode' => '0600', 'selinux_ignore_defaults' => true, ) should contain_exec('ceph-injectkey-client.admin').with( 'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph auth import -i /etc/ceph/ceph.client.admin.keyring" ) } end end on_supported_os({ :supported_os => OSDefaults.get_supported_os }).each do |os,facts| context "on #{os}" do let (:facts) do facts.merge!(OSDefaults.get_facts()) end it_behaves_like 'ceph key' end end end