Support for external swift proxy

Users may have an external swift proxy already available (i.e. radosgw
from already existing ceph, or hardware appliance implementing swift
proxy). With this change user may specify an environment file that
registers the specified urls as endpoint for the object-store service.
The internal swift proxy is left as unconfigured.

Change-Id: I5e6f0a50f26d4296565f0433f720bfb40c5d2109
Depends-On: Ia568c3a5723d8bd8c2c37dbba094fc8a83b9d67e

diff --git a/environments/swift-external.yaml b/environments/swift-external.yaml
new file mode 100644 (file)
index 0000000..0bf0d39
--- /dev/null
+++ b/environments/swift-external.yaml
@@ -0,0 +1,12 @@
+resource_registry:
+  OS::TripleO::Services::ExternalSwiftProxy: ../puppet/services/external-swift-proxy.yaml
+  OS::TripleO::Services::SwiftProxy: OS::Heat::None
+  OS::TripleO::Services::SwiftStorage: OS::Heat::None
+  OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
+
+parameter_defaults:
+  ExternalPublicUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
+  ExternalInternalUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
+  ExternalAdminUrl: 'http://swiftproxy:9024/v1/%(tenant_id)s'
+  ExternalSwiftUserTenant: 'service'
+

diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index b178068..c4d4fde 100644 (file)
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -189,6 +189,7 @@ resource_registry:
   OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml
   OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
   OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
+  OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
   OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml
   OS::TripleO::Services::SwiftRingBuilder: puppet/services/swift-ringbuilder.yaml
   OS::TripleO::Services::Snmp: puppet/services/snmp.yaml

diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml
new file mode 100644 (file)
index 0000000..75f5b6a
--- /dev/null
+++ b/puppet/services/external-swift-proxy.yaml
@@ -0,0 +1,70 @@
+heat_template_version: ocata
+
+description: >
+  External Swift Proxy endpoint configured with Puppet
+
+parameters:
+  ExternalPublicUrl:
+    description: Public endpoint url for the external swift proxy
+    type: string
+  ExternalInternalUrl:
+    description: Internal endpoint url for the external swift proxy
+    type: string
+  ExternalAdminUrl:
+    description: External endpoint url for the external swift proxy
+    type: string
+  ExternalSwiftUserTenant:
+    description: Tenant where swift user will be set as admin
+    type: string
+    default: 'service'
+  SwiftPassword:
+    description: The password for the swift service account, used by the swift proxy services.
+    type: string
+    hidden: true
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+resources:
+
+outputs:
+  role_data:
+    description: Role data for External Swift proxy.
+    value:
+      service_name: external_swift_proxy
+      config_settings:
+
+      step_config:
+
+      service_config_settings:
+        keystone:
+          swift::keystone::auth::public_url: {get_param: ExternalPublicUrl}
+          swift::keystone::auth::internal_url: {get_param: ExternalInternalUrl}
+          swift::keystone::auth::admin_url: {get_param: ExternalAdminUrl}
+          swift::keystone::auth::public_url_s3: ''
+          swift::keystone::auth::internal_url_s3: ''
+          swift::keystone::auth::admin_url_s3: ''
+          swift::keystone::auth::password: {get_param: SwiftPassword}
+          swift::keystone::auth::region: {get_param: KeystoneRegion}
+          swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant}
+          swift::keystone::auth::configure_s3_endpoint: false
+          swift::keystone::auth::operator_roles:
+            - admin
+            - swiftoperator
+            - ResellerAdmin
+

diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml
new file mode 100644 (file)
index 0000000..83b05bb
--- /dev/null
+++ b/releasenotes/notes/enable-support-for-external-swift-proxy-941917f8bcc63a5d.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Added support for external swift proxy. Users may need to
+    configure endpoints pointing to swift proxy service
+    already available.

diff --git a/roles_data.yaml b/roles_data.yaml
index 98061c0..8d3b507 100644 (file)
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -91,6 +91,7 @@
     - OS::TripleO::Services::Ec2Api
     - OS::TripleO::Services::Ntp
     - OS::TripleO::Services::SwiftProxy
+    - OS::TripleO::Services::ExternalSwiftProxy
     - OS::TripleO::Services::SwiftStorage
     - OS::TripleO::Services::SwiftRingBuilder
     - OS::TripleO::Services::Snmp