Filippo Giunchedi has submitted this change and it was merged. Change subject: swift: add container sync ......................................................................
swift: add container sync The basic concepts of container synchronization are outlined here: http://docs.openstack.org/developer/swift/overview_container_sync.html This part takes care of enabling container sync in the proxy pipeline and distribute the credentials to the proxy and container servers. A separate utility will take care of enabling synchronization on a per-container basis. Change-Id: Ie771a29aa5e99757301f5f7a6ffafda7528e8f55 --- A hieradata/common/swift_replication.yaml M manifests/role/swift.pp M manifests/site.pp A modules/swift_new/manifests/container_sync.pp M modules/swift_new/manifests/params.pp A modules/swift_new/templates/container-sync-realms.conf.erb M modules/swift_new/templates/proxy-server.conf.erb M templates/swift/proxy-server.conf.erb 8 files changed, 56 insertions(+), 6 deletions(-) Approvals: Filippo Giunchedi: Verified; Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/common/swift_replication.yaml b/hieradata/common/swift_replication.yaml new file mode 100644 index 0000000..abaa017 --- /dev/null +++ b/hieradata/common/swift_replication.yaml @@ -0,0 +1,13 @@ +# map "realm name" into "key = value" to be written verbatim to +# container-sync-realms.conf. +# See also +# http://docs.openstack.org/developer/swift/overview_container_sync.html +swift_new::params::replication_accounts: + mw_media: + cluster_codfw: 'http://ms-fe.svc.codfw.wmnet/v1/' + +# the private part looks like this: +# swift_new::params::replication_keys: +# mw_media: +# key: 'foo' +# key2: 'bar' diff --git a/manifests/role/swift.pp b/manifests/role/swift.pp index 4024770..7231e22 100644 --- a/manifests/role/swift.pp +++ b/manifests/role/swift.pp @@ -108,11 +108,15 @@ host => 'ms-fe.eqiad.wmnet', } include role::swift::icehouse + include ::swift_new::params + include ::swift_new::container_sync } class storage inherits role::swift::eqiad-prod { include ::swift::storage include ::swift::storage::monitoring include role::swift::icehouse + include ::swift_new::params + include ::swift_new::container_sync } } class esams-prod inherits role::swift::base { @@ -343,6 +347,8 @@ include ::swift_new::params include ::swift_new include ::swift_new::ring + include ::swift_new::container_sync + class { '::swift_new::proxy': statsd_metric_prefix => "swift.${::swift_new::params::swift_cluster}.${::hostname}", } @@ -374,6 +380,7 @@ include ::swift_new include ::swift_new::ring include ::swift_new::storage + include ::swift_new::container_sync include ::swift_new::storage::monitoring $all_drives = hiera('swift_storage_drives') diff --git a/manifests/site.pp b/manifests/site.pp index 8a401a7..12b175d 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1838,7 +1838,6 @@ # new server IP as a trusted proxy so X-Forwarded-For headers are trusted for # rate limiting purposes (bug 64622) node /^ms-fe100[1-4]\.eqiad\.wmnet$/ { - $cluster = 'swift' $nagios_group = 'swift' if $::hostname =~ /^ms-fe100[12]$/ { @@ -1856,7 +1855,6 @@ } node /^ms-be10[0-9][0-9]\.eqiad\.wmnet$/ { - $cluster = 'swift' $nagios_group = 'swift' $all_drives = [ diff --git a/modules/swift_new/manifests/container_sync.pp b/modules/swift_new/manifests/container_sync.pp new file mode 100644 index 0000000..4815dae --- /dev/null +++ b/modules/swift_new/manifests/container_sync.pp @@ -0,0 +1,14 @@ +class swift_new::container_sync ( + $replication_accounts = $::swift_new::params::replication_accounts, + $replication_keys = $::swift_new::params::replication_keys, +) { + $accounts = merge($replication_accounts, $replication_keys) + + file { '/etc/swift/container-sync-realms.conf': + ensure => present, + mode => 0440, + owner => 'swift', + group => 'swift', + content => template('swift_new/container-sync-realms.conf.erb'), + } +} diff --git a/modules/swift_new/manifests/params.pp b/modules/swift_new/manifests/params.pp index 2a3fefe..a946632 100644 --- a/modules/swift_new/manifests/params.pp +++ b/modules/swift_new/manifests/params.pp @@ -1,3 +1,9 @@ -class swift_new::params ( $swift_cluster = undef, $accounts = {}, $account_keys = {}) { +class swift_new::params ( + $swift_cluster = undef, + $accounts = {}, + $account_keys = {}, + $replication_accounts = {}, + $replication_keys = {}, +) { # Noop class } diff --git a/modules/swift_new/templates/container-sync-realms.conf.erb b/modules/swift_new/templates/container-sync-realms.conf.erb new file mode 100644 index 0000000..91af0f8 --- /dev/null +++ b/modules/swift_new/templates/container-sync-realms.conf.erb @@ -0,0 +1,6 @@ +<% @accounts.sort.map do |name, data| -%> +<%= "[#{name}]" %> +<% data.sort.map do |k, v| -%> +<%= "#{k} = #{v}" %> +<% end -%> +<% end -%> diff --git a/modules/swift_new/templates/proxy-server.conf.erb b/modules/swift_new/templates/proxy-server.conf.erb index aeaf959..0942e17 100644 --- a/modules/swift_new/templates/proxy-server.conf.erb +++ b/modules/swift_new/templates/proxy-server.conf.erb @@ -13,7 +13,7 @@ <% end -%> [pipeline:main] -pipeline = rewrite healthcheck cache tempurl tempauth cors proxy-logging proxy-server +pipeline = rewrite healthcheck cache container_sync tempurl tempauth cors proxy-logging proxy-server [app:proxy-server] use = egg:swift#proxy @@ -32,6 +32,9 @@ <%= "user_#{info['user'].gsub(':', '_')} = #{key} #{info['access']} #{info['auth']}/v1/#{info['account_name']}" %> <% end -%> +[filter:container_sync] +use = egg:swift#container_sync + [filter:healthcheck] use = egg:swift#healthcheck diff --git a/templates/swift/proxy-server.conf.erb b/templates/swift/proxy-server.conf.erb index cbec079..144be39 100644 --- a/templates/swift/proxy-server.conf.erb +++ b/templates/swift/proxy-server.conf.erb @@ -15,9 +15,9 @@ [pipeline:main] <% if @auth_backend == 'swauth' -%> -pipeline = rewrite healthcheck cache tempurl swauth cors proxy-logging proxy-server +pipeline = rewrite healthcheck cache container_sync tempurl swauth cors proxy-logging proxy-server <% elsif @auth_backend == 'tempauth' -%> -pipeline = rewrite healthcheck cache tempurl tempauth cors proxy-logging proxy-server +pipeline = rewrite healthcheck cache container_sync tempurl tempauth cors proxy-logging proxy-server <% end -%> [app:proxy-server] @@ -53,6 +53,9 @@ [filter:healthcheck] use = egg:swift#healthcheck +[filter:container_sync] +use = egg:swift#container_sync + [filter:cache] use = egg:swift#memcache memcache_servers = <%= @memcached_servers.join(",") %> -- To view, visit https://gerrit.wikimedia.org/r/160430 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie771a29aa5e99757301f5f7a6ffafda7528e8f55 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Filippo Giunchedi <fgiunch...@wikimedia.org> Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Mark Bergsma <m...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits