puppet-prod/hieradata/roles/infra/ceph/rgw.yaml

---
hiera_include:
  - profiles::ceph::rgw
  - profiles::nginx::simpleproxy

profiles::ceph::rgw::enable: true

# FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package
python::manage_dev_package: false

# additional altnames
profiles::pki::vault::alt_names:
  - radosgw.main.unkin.net
  - radosgw.service.consul
  - radosgw.query.consul
  - "radosgw.service.%{facts.country}-%{facts.region}.consul"

# additional repos
profiles::yum::global::repos:
  ceph:
    name: ceph
    descr: ceph repository
    target: /etc/yum.repos.d/ceph.repo
    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
    gpgkey: https://download.ceph.com/keys/release.asc
    mirrorlist: absent
  ceph-noarch:
    name: ceph-noarch
    descr: ceph-noarch repository
    target: /etc/yum.repos.d/ceph-noarch.repo
    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/noarch
    gpgkey: https://download.ceph.com/keys/release.asc
    mirrorlist: absent

# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'radosgw.service.consul'
profiles::nginx::simpleproxy::nginx_aliases:
  - radosgw.service.au-syd1.consul
profiles::nginx::simpleproxy::proxy_port: 7480
profiles::nginx::simpleproxy::proxy_path: '/'

# manage consul service
consul::services:
  radosgw:
    service_name: 'radosgw'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'radosgw_https_check'
        name: 'RADOSGW HTTPS Check'
        http: "https://%{facts.networking.fqdn}:443"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: radosgw
    disposition: write