feat: add ceph rgw #380
@ -368,6 +368,28 @@ profiles::ceph::client::mons:
|
|||||||
- 10.18.15.1
|
- 10.18.15.1
|
||||||
- 10.18.15.2
|
- 10.18.15.2
|
||||||
- 10.18.15.3
|
- 10.18.15.3
|
||||||
|
|
||||||
|
profiles::ceph::conf::config:
|
||||||
|
global:
|
||||||
|
auth_client_required: 'cephx'
|
||||||
|
auth_cluster_required: 'cephx'
|
||||||
|
auth_service_required: 'cephx'
|
||||||
|
fsid: 'de96a98f-3d23-465a-a899-86d3d67edab8'
|
||||||
|
mon_allow_pool_delete: true
|
||||||
|
mon_initial_members: 'prodnxsr0009,prodnxsr0010,prodnxsr0011,prodnxsr0012,prodnxsr0013'
|
||||||
|
mon_host: '198.18.23.9,198.18.23.10,198.18.23.11,198.18.23.12,198.18.23.13'
|
||||||
|
ms_bind_ipv4: true
|
||||||
|
ms_bind_ipv6: false
|
||||||
|
osd_crush_chooseleaf_type: 1
|
||||||
|
osd_pool_default_min_size: 2
|
||||||
|
osd_pool_default_size: 3
|
||||||
|
osd_pool_default_pg_num: 128
|
||||||
|
public_network: >
|
||||||
|
198.18.23.1/32,198.18.23.2/32,198.18.23.3/32,198.18.23.4/32,
|
||||||
|
198.18.23.5/32,198.18.23.6/32,198.18.23.7/32,198.18.23.8/32,
|
||||||
|
198.18.23.9/32,198.18.23.10/32,198.18.23.11/32,198.18.23.12/32,
|
||||||
|
198.18.23.13/32
|
||||||
|
|
||||||
#profiles::base::hosts::additional_hosts:
|
#profiles::base::hosts::additional_hosts:
|
||||||
# - ip: 198.18.17.9
|
# - ip: 198.18.17.9
|
||||||
# hostname: prodinf01n09.main.unkin.net
|
# hostname: prodinf01n09.main.unkin.net
|
||||||
|
|||||||
8
hieradata/roles/infra/ceph/rgw.eyaml
Normal file
8
hieradata/roles/infra/ceph/rgw.eyaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
profiles::ceph::rgw::ceph_client_keys:
|
||||||
|
ausyd1nxvm2115: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAovOUUtTm/9nXWj6D+kVhmbZedVVkA5N80ULNYqISrv0A+KlXCx/V2sB56SpJ9eL6aPHdC+CKkrtrrdo1h2j2em7wTA5ghhbFVF0NIS7bbn0jzpl5YqbUrNxOtDSpjzX1aCGnyMvw69Lp+NcHwxIj+1XFgK6335138s9wbX3HmYF3jcsQkMqTzynELe1OQPWFXVKTjUfFFLdCQOFryp8UY8L9j/PpV6wd4w6p7R6eXhX21rjSaN4aqN1zjsnF2OVhL8Ge0QxMhePWKGOqsUfi72kh3II028DjqU0DcZQvoxnoqRPyUUjysH0nTKoLeXOGNgJdphY1dHBJ+SJnw2gqQDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB9wA3ZJjmU95W+9r8va5uagDAMAv2APfdzrPnAU7NJPL+IW08osGuQWWamqF+XGVeHRoBmoFKwZ7grYRV2e3aabyc=]
|
||||||
|
ausyd1nxvm2116: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAf5ksy/pyUZSwTh+HiKw+1Uhj16A0DVZEKAbkKUQzXVmc+QpL4Dn7YBoXlEwrY8CcsTrxTQjADvtu9FC3o34QIdh06noSgYYA+7fna2A+9+oYoNtgwC3b8LeglxO/SQ9dKoJ90jRtmlw5P/CtrxA2RelMK6FNRekp1CaWMM4q20fJGgr/E33vgx38UJyp4/q0bTu2lLehCuDUP80j3XGbSNZ2snfYdIo91Cl+nSxLSU2TdnFpWaabsH19HwDnkWGiILlLBVvvhY7copCxs5DS1ueoOTCsqnWSrTrBMJjnu7WZd/s4NLw/0q/UP5xcFA51caY3Kv+sI6bfIYkNoLazwDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDrCF16nrtukRPamx1VbGY+gDAK5dw0kV8MpATpwxTkJG6JtlFlwdpU9THs1bNwqSRD1ZhEWxQeWwsyyTtjUXi4bP8=]
|
||||||
|
ausyd1nxvm2117: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAKtvsgDk2QTmL8flBBE4nA43sRSnroq4I6T2CUAYv/lRdzCCWvE961o/51zyQEz8L5QyDo7L3gcGYIBqthYjRe9Gp5a5d4qds0qskupgQKnb0KR2RLFVUtH5vxHqyJZHjXaP+PQreyRoSIfRWXAdoZu544FeJ9DKKbmEzZaH5B2OdDMrf4Ufuud0maEAw0PJthS//ghCfGi74F1xlJnIWVvMhp66b0iMxC+ACClEHunG3oKx7M/w05HllG0wcxPTg4PFrbnFXjRuIxsykF9aVHJkRnCdgbMXRM4o6FrYyZRR74F1HKRujFCUA7kYWDKLxHxJpYCvCHp4HMhfzjs824zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBbaSig6kgVVNfmSI53sNimgDDQ5O10Dzfa7S7RdJVLLUFBaZ5TG2g3Bwmy0k3wKZvABYMuYyOxQdfk6eMsKC+sC5w=]
|
||||||
|
ausyd1nxvm2118: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAdKl0ude3ZxW0ihyA758mpQp43qZvzTI2Bp83WzCp2ifJCgAIjRWdd01P64rSHaa4lus/wqB9jxg38g6DrN4ejX56Y/CJ6GQKxz6b1BO5nDfsLx6QEzCt+cfg5d/PPoTtEpz2VSvDfxFUrHiABA6++Sqzb9Og+nQCFMYJD3NHCk67QpkjPGQ/ejZk4MNXZQVCfKOlFqay/fF0jEmQixFOlX/Fdm9UoKttbrKluUmzpaVUzfGRaTTFVgzc3x2t/z1q1k0P7ClI9Uu02kUXpFVs9LPX99Zc2GtrnP06mYqqARhWF1NMK0zlmxtKpfObahRP/HmtI3fgnQsU1Cpwah0emTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAILqpYx3FKY3xXLJRu2oDlgDCIOXeX6hxpu0qpj5c/9jMUSeV2DIydnxO+MiT3mceS50ip8B+zGQy5UedPmLt36Zs=]
|
||||||
|
ausyd1nxvm2119: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASlZglUxazp+9azfV3QkgRv+ACo+MH0RO5b18blbelgdmr38iwK7MwwEFpEfVJEyc/ph9RunWwrMmofDQHj5bBribfzZ2pH2CGiOrR0i5lZMtN0yQXPBA/+jm1Pi1AWGJLtoquuhMbibuHOTiXwBCBVrHHHaFTR5Xt34ABN/p/mCaG+N9nWux93msHCCextCalKBMmPhmI2q6HodfjanEVgYAe3/5hRPnpsi6IGSDNGygsTC3MG+hjGMpNF8izbwk9Lpzn6kY51aeNxI2ed9Jm8UZ/k+8b+o7ZQyWIBbf7DTFpEzk4G46puaDbXIorBWQ4azCjN3gt8VB91hwihtzcDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB6U+9z4cSzMTA1z9bmoX82gDBfy5zbRPK8GxImJo6evecMOTtaY2c4aEnESXtGBCS02enmxljv9dv1UYQD0/a6S3A=]
|
||||||
59
hieradata/roles/infra/ceph/rgw.yaml
Normal file
59
hieradata/roles/infra/ceph/rgw.yaml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
hiera_include:
|
||||||
|
- profiles::ceph::rgw
|
||||||
|
- profiles::nginx::simpleproxy
|
||||||
|
|
||||||
|
profiles::ceph::rgw::enable: true
|
||||||
|
|
||||||
|
# FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package
|
||||||
|
python::manage_dev_package: false
|
||||||
|
|
||||||
|
# additional altnames
|
||||||
|
profiles::pki::vault::alt_names:
|
||||||
|
- radosgw.main.unkin.net
|
||||||
|
- radosgw.service.consul
|
||||||
|
- radosgw.query.consul
|
||||||
|
- "radosgw.service.%{facts.country}-%{facts.region}.consul"
|
||||||
|
|
||||||
|
# additional repos
|
||||||
|
profiles::yum::global::repos:
|
||||||
|
ceph:
|
||||||
|
name: ceph
|
||||||
|
descr: ceph repository
|
||||||
|
target: /etc/yum.repos.d/ceph.repo
|
||||||
|
baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
|
||||||
|
gpgkey: https://download.ceph.com/keys/release.asc
|
||||||
|
mirrorlist: absent
|
||||||
|
ceph-noarch:
|
||||||
|
name: ceph-noarch
|
||||||
|
descr: ceph-noarch repository
|
||||||
|
target: /etc/yum.repos.d/ceph-noarch.repo
|
||||||
|
baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/noarch
|
||||||
|
gpgkey: https://download.ceph.com/keys/release.asc
|
||||||
|
mirrorlist: absent
|
||||||
|
|
||||||
|
# manage a simple nginx reverse proxy
|
||||||
|
profiles::nginx::simpleproxy::nginx_vhost: 'radosgw.service.consul'
|
||||||
|
profiles::nginx::simpleproxy::nginx_aliases:
|
||||||
|
- radosgw.service.au-syd1.consul
|
||||||
|
profiles::nginx::simpleproxy::proxy_port: 7480
|
||||||
|
profiles::nginx::simpleproxy::proxy_path: '/'
|
||||||
|
|
||||||
|
# manage consul service
|
||||||
|
consul::services:
|
||||||
|
radosgw:
|
||||||
|
service_name: 'radosgw'
|
||||||
|
address: "%{facts.networking.ip}"
|
||||||
|
port: 443
|
||||||
|
checks:
|
||||||
|
- id: 'radosgw_https_check'
|
||||||
|
name: 'RADOSGW HTTPS Check'
|
||||||
|
http: "https://%{facts.networking.fqdn}:443"
|
||||||
|
method: 'GET'
|
||||||
|
tls_skip_verify: true
|
||||||
|
interval: '10s'
|
||||||
|
timeout: '1s'
|
||||||
|
profiles::consul::client::node_rules:
|
||||||
|
- resource: service
|
||||||
|
segment: radosgw
|
||||||
|
disposition: write
|
||||||
36
site/profiles/manifests/ceph/conf.pp
Normal file
36
site/profiles/manifests/ceph/conf.pp
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
class profiles::ceph::conf (
|
||||||
|
Hash $config = {}
|
||||||
|
) {
|
||||||
|
|
||||||
|
package {[
|
||||||
|
'ceph',
|
||||||
|
'ceph-common'
|
||||||
|
]:
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
|
||||||
|
file {'/etc/ceph':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'ceph',
|
||||||
|
group => 'ceph',
|
||||||
|
mode => '0755',
|
||||||
|
require => Package['ceph'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file {'/var/log/ceph':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'ceph',
|
||||||
|
group => 'ceph',
|
||||||
|
mode => '0755',
|
||||||
|
require => Package['ceph'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/ceph/ceph.conf':
|
||||||
|
ensure => file,
|
||||||
|
owner => 'ceph',
|
||||||
|
group => 'ceph',
|
||||||
|
mode => '0644',
|
||||||
|
content => template('profiles/ceph/conf.erb'),
|
||||||
|
require => Package['ceph-common'],
|
||||||
|
}
|
||||||
|
}
|
||||||
41
site/profiles/manifests/ceph/rgw.pp
Normal file
41
site/profiles/manifests/ceph/rgw.pp
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
class profiles::ceph::rgw (
|
||||||
|
Boolean $enable = true,
|
||||||
|
Hash[String, String] $ceph_client_keys = {},
|
||||||
|
Stdlib::Absolutepath $base_path = '/var/lib/ceph'
|
||||||
|
){
|
||||||
|
|
||||||
|
$key = $ceph_client_keys[$facts['networking']['hostname']]
|
||||||
|
|
||||||
|
if $enable {
|
||||||
|
|
||||||
|
include profiles::ceph::conf
|
||||||
|
|
||||||
|
package {'ceph-radosgw':
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { [
|
||||||
|
"${base_path}/radosgw",
|
||||||
|
"${base_path}/radosgw/ceph-${facts['networking']['hostname']}"
|
||||||
|
]:
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'ceph',
|
||||||
|
group => 'ceph',
|
||||||
|
mode => '0750',
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "${base_path}/radosgw/ceph-${facts['networking']['hostname']}/keyring":
|
||||||
|
ensure => file,
|
||||||
|
owner => 'ceph',
|
||||||
|
group => 'ceph',
|
||||||
|
mode => '0750',
|
||||||
|
content => Sensitive("[client.${facts['networking']['hostname']}]\n key = ${key}\n")
|
||||||
|
}
|
||||||
|
|
||||||
|
service {"ceph-radosgw@${facts['networking']['hostname']}":
|
||||||
|
ensure => true,
|
||||||
|
enable => true,
|
||||||
|
subscribe => File["${base_path}/radosgw/ceph-${facts['networking']['hostname']}/keyring"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
9
site/profiles/templates/ceph/conf.erb
Normal file
9
site/profiles/templates/ceph/conf.erb
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Managed by Puppet in profiles::ceph::conf
|
||||||
|
<% @config.each do |section, settings| -%>
|
||||||
|
[<%= section %>]
|
||||||
|
<% settings.each do |key, value| -%>
|
||||||
|
<%# Convert booleans and numbers to strings, leave strings untouched %>
|
||||||
|
<%= key %> = <%= value.is_a?(TrueClass) ? 'true' : value.is_a?(FalseClass) ? 'false' : value %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
<% end -%>
|
||||||
Loading…
Reference in New Issue
Block a user