Swift role for OpenStack-Ansible

Swift role for OpenStack-Ansible

Default Variables

# Enable/Disable Telemetry projects
swift_ceilometer_enabled: False
swift_gnocchi_enabled: False

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
swift_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
swift_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((swift_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
swift_package_state: "latest"
swift_pip_package_state: "latest"

# Set installation method.
swift_install_method: "source"

# Git repo details for swift
swift_git_repo: https://git.openstack.org/openstack/swift
swift_git_install_branch: master

swift_upper_constraints_url: "{{ requirements_git_url | default('https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=' ~ requirements_git_install_branch | default('master')) }}"
swift_git_constraints:
  - "git+{{ swift_git_repo }}@{{ swift_git_install_branch }}#egg=swift"
  - "--constraint {{ swift_upper_constraints_url }}"

swift_pip_install_args: "{{ pip_install_options | default('') }}"

# Name of the virtual env to deploy into
swift_venv_tag: "{{ venv_tag | default('untagged') }}"
swift_bin: "{{ _swift_bin }}"

# Set the full path to the swift recon cron
recon_cron_path: "{{ swift_bin }}/swift-recon-cron"


## Swift User / Group
swift_system_user_name: swift
swift_system_group_name: swift
swift_system_shell: /bin/bash
swift_system_comment: swift system user
swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"

## Swift Syslog User / Group
swift_syslog_user_name: syslog
# NOTE(hwoarang) The syslog user on openSUSE belongs to the 'users'
# group. There is no dedicated syslog group.
swift_syslog_group_name: "{{ (ansible_pkg_mgr == 'zypper') | ternary ('users', 'syslog') }}"
swift_syslog_log_perms: "0644"

## Auth token
swift_delay_auth_decision: true

## Swift middleware
# NB: The order is important!
swift_middleware_list:
  - catch_errors
  - gatekeeper
  - healthcheck
  - proxy-logging
  - "{% if swift_ceilometer_enabled | bool %}ceilometer{% endif %}"
  - cache
  - container_sync
  - bulk
  - tempurl
  - ratelimit
  - authtoken
  - keystoneauth
  - staticweb
  - copy
  - container-quotas
  - account-quotas
  - slo
  - dlo
  - versioned_writes
  - proxy-logging
  - proxy-server

# Setup tempauth users list (user_<account>_<username> = <password> <roles>)
swift_tempauth_users:
  - "user_admin_admin = admin .admin .reseller_admin"

## Swift default ports
swift_proxy_port: "8080"
# You can change the object, container, account ports.
# This will update the ring, on the next playbook run,
# without requiring a rebalance.
# NB: There is service downtime, during the run, between
# the service restart and the ring updating.
swift_object_port: "6000"
swift_container_port: "6001"
swift_account_port: "6002"

# Default swift ring settings:
swift_default_replication_number: 3
swift_default_min_part_hours: 1
swift_default_host_zone: 0
swift_default_host_region: 1
swift_default_drive_weight: 100

## Swift service defaults
swift_service_name: swift
swift_service_user_name: swift
swift_service_project_name: service
swift_service_project_domain_id: "default"
swift_service_project_domain_name: "Default"
swift_service_user_domain_id: "default"
swift_service_role_name: "admin"
swift_service_type: object-store
swift_service_proto: http
swift_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(swift_service_proto) }}"
swift_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(swift_service_proto) }}"
swift_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(swift_service_proto) }}"
swift_service_description: "Object Storage Service"
swift_service_publicuri: "{{ swift_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}"
swift_service_publicurl: "{{ swift_service_publicuri }}/v1/AUTH_%(tenant_id)s"
swift_service_adminuri: "{{ swift_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}"
swift_service_adminurl: "{{ swift_service_adminuri }}/v1/AUTH_%(tenant_id)s"
swift_service_internaluri: "{{ swift_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}"
swift_service_internalurl: "{{ swift_service_internaluri }}/v1/AUTH_%(tenant_id)s"
swift_service_region: RegionOne
statsd_host:
statsd_port: 8125
statsd_default_sample_rate: 1.0
statsd_sample_rate_factor: 1.0
statsd_metric_prefix:

# Set the file limits
swift_hard_open_file_limits: 10240
swift_soft_open_file_limits: 4096
swift_max_file_limits: "{{ swift_hard_open_file_limits * 24 }}"

## Keystone authentication middleware
swift_keystone_auth_plugin: "{{ swift_keystone_auth_type }}"
swift_keystone_auth_type: "password"

swift_dispersion_user: dispersion
swift_dispersion_user_domain_name: "Default"

swift_operator_role: swiftoperator
swift_allow_versions: True
# This will allow all users to create containers and upload to swift if set to True
swift_allow_all_users: False
# If you want to regenerate the swift keys, on a run, for rsync purposes set this var to True otherwise keys will be generated on the first run and not regenerated each run.
swift_recreate_keys: False
swift_sorting_method: shuffle
# Set the fallocate_reserve value which will reserve space and fail on PUTs above this value in bytes (Default 10GB)
swift_fallocate_reserve: "1%"
swift_account_fallocate_reserve: "{{ swift_fallocate_reserve }}"
swift_container_fallocate_reserve: "{{ swift_fallocate_reserve }}"
swift_object_fallocate_reserve: "{{ swift_fallocate_reserve }}"
# Set this to true to disable fallocate
swift_disable_fallocate: false
swift_account_disable_fallocate: "{{ swift_disable_fallocate }}"
swift_container_disable_fallocate: "{{ swift_disable_fallocate }}"
swift_object_disable_fallocate: "{{ swift_disable_fallocate }}"

# This variable will protect against changing swift_hash_path_* variables unintentionally.
# If you wish to change them intentionally set the swift_force_change_hashes variable to True.
swift_force_change_hashes: False

## Swift ceilometer variables
swift_reselleradmin_role: ResellerAdmin

## Oslo Messaging

# Notify
swift_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
swift_oslomsg_notify_setup_host: "{{ (swift_oslomsg_notify_host_group in groups) | ternary(groups[swift_oslomsg_notify_host_group][0], 'localhost') }}"
swift_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
swift_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
swift_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
swift_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
swift_oslomsg_notify_userid: swift
swift_oslomsg_notify_vhost: /swift

## General Swift configuration
# We are not capping the default value for these swift variables which define
# the number of worker threads for each of the swift services (except the swift
# proxy workers when proxy is in a container) because of the performace impact
# that may be seen due to capping worker threads for swift services.
# We would like to calculate the default value using vCPUs for good performance
# of swift services.

# If ``swift_account_server_replicator_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_account_server_replicator_workers: 16

# If ``swift_server_replicator_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_server_replicator_workers: 16

# If ``swift_object_replicator_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_object_replicator_workers: 16

# If ``swift_account_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_account_server_workers: 16

# If ``swift_container_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_container_server_workers: 16

# If ``swift_object_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_object_server_workers: 16

# If ``swift_proxy_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use. Capping this
# value at 16 if the swift proxy is in a container and user did not define
# this variable.
swift_proxy_server_workers_max: 16
swift_proxy_server_workers_not_capped: "{{ [ansible_processor_vcpus|default(2) // 2, 1] | max }}"
swift_proxy_server_workers_capped: "{{ [swift_proxy_server_workers_max, swift_proxy_server_workers_not_capped|int] | min }}"
swift_proxy_server_workers: "{{ (inventory_hostname == physical_host) | ternary(swift_proxy_server_workers_not_capped, swift_proxy_server_workers_capped) }}"

# These are the storage addresses used to define the networks for swift storage and replication
# These are calculated by the tasks based on the "storage_network" and "replication_network" values
# set in the swift variables, if you set these per host the value won't be calculated.
# Setting swift_vars.storage_ip or swift_vars.repl_ip will take precedence.
# If none are set it will default to the "ansible_host" value.
# swift_storage_address: 127.0.0.1
# swift_replication_address: 127.0.0.1

# This var is calculated by the play itself, and should not need to be set
# It is defaulted for the benefit of the swift_proxy host which needs it
# for the swift-init-systemd.j2 template file.
swift_dedicated_replication: False

swift_service_in_ldap: false

# Basic swift configuration for the cluster
swift: {}
swift_vars: {}
swift_proxy_vars: {}

# Example basic swift configuration for the cluster
# swift:
#   part_power: 8
#   storage_network: 'br-storage'
#   replication_network: 'br-storage'
#   drives:
#     - name: swift1.img
#     - name: swift2.img
#     - name: swift3.img
#   mount_point: /srv
#   storage_policies:
#     - policy:
#         name: default
#         index: 0
#         default: True

# Set rsync max_connections vars
swift_max_rsync_connections: 4
swift_account_max_rsync_connections: "{{ swift_max_rsync_connections }}"
swift_container_max_rsync_connections: "{{ swift_max_rsync_connections }}"
swift_object_max_rsync_connections: "{{ swift_max_rsync_connections }}"

# Set Swift to use rsync module per object server drive
swift_rsync_module_per_drive: False

# Set Swift to use reverse lookup - requires name resolution or hosts entries
swift_rsync_reverse_lookup: False

# Set the managed regions as a list of swift regions to manage
# Use for global clusters, default when not set is all regions.
# swift_managed_regions:
#  - 1
#  - 2

# swift_do_setup and swift_do_sync control which parts of the swift
# role get run. You should never need to adjust these, they are set
# within the swift-setup and swift-sync roles to ensure only the
# appropriate tasks within the os-swift role are run.
swift_do_setup: True
swift_do_sync: True

# Example swift_container_sync_realms to specify container_sync realms
# This can exist for multiple realms (in a list)
# swift_container_sync_realms:
#   - name: realm1
#     # You may want to put swift_realm_keyx in user_secrets.yml or ansible-vault
#     # Otherwise specify it manually below.
#     key1: {{ swift_realm_key1 }}
#     # key2 is optional and used for rotating/deprecated keys
#     key2: {{ swift_realm_key2 }}
#     clustername1: https://<cluster1-ip>/v1
#     clustername2: https://<cluster2-ip>/v1

swift_pip_packages:
  - ceilometermiddleware
  - cryptography
  - dnspython
  - ecdsa
  - keystonemiddleware
  - osprofiler
  - pyeclib
  - python-keystoneclient
  - python-memcached
  - python-swiftclient
  - swift

swift_account_replicator_init_overrides: {}
swift_account_replicator_server_init_overrides: {}
swift_account_server_init_overrides: {}
swift_account_auditor_init_overrides: {}
swift_account_reaper_init_overrides: {}
swift_container_replicator_init_overrides: {}
swift_container_replicator_server_init_overrides: {}
swift_container_server_init_overrides: {}
swift_container_auditor_init_overrides: {}
swift_container_sync_init_overrides: {}
swift_container_updater_init_overrides: {}
swift_container_reconciler_init_overrides: {}
swift_object_replicator_init_overrides: {}
swift_object_replicator_server_init_overrides: {}
swift_object_server_init_overrides: {}
swift_object_auditor_init_overrides: {}
swift_object_updater_init_overrides: {}
swift_object_expirer_init_overrides: {}
swift_object_reconstructor_init_overrides: {}
swift_proxy_server_init_overrides: {}

# Default options applied to all swift service units
swift_service_defaults:
  Service:
    LimitNOFILE: "{{ swift_soft_open_file_limits }}:{{ swift_hard_open_file_limits }}"
    Environment:
      ? "PYPY_GC_MIN={{ swift_pypy_gc_min }}"
      ? "PYPY_GC_MAX={{ swift_pypy_gc_max }}"

swift_services:
  swift-proxy-server:
    group: swift_proxy
    service_name: "swift-proxy-server"
    execstarts: "{{ swift_bin }}/swift-proxy-server /etc/swift/proxy-server/proxy-server.conf"
    init_config_overrides: "{{ swift_proxy_server_init_overrides }}"
    start_order: 1
  swift-account-server:
    group: swift_acc
    service_name: "swift-account-server"
    execstarts: "{{ swift_bin }}/swift-account-server /etc/swift/account-server/account-server.conf"
    init_config_overrides: "{{ swift_account_server_init_overrides }}"
    start_order: 2
  swift-account-replicator-server:
    group: swift_acc
    service_name: "swift-account-replicator-server"
    execstarts: "{{ swift_bin }}/swift-account-replicator /etc/swift/account-server/account-server-replicator.conf"
    service_en: "{{ swift_dedicated_replication | bool }}"
    init_config_overrides: "{{ swift_account_replicator_server_init_overrides }}"
    start_order: 3
  swift-container-server:
    group: swift_cont
    service_name: swift-container-server
    execstarts: "{{ swift_bin }}/swift-container-server /etc/swift/container-server/container-server.conf"
    init_config_overrides: "{{ swift_container_server_init_overrides }}"
    start_order: 4
  swift-container-replicator-server:
    group: swift_cont
    service_name: "swift-container-replicator-server"
    execstarts: "{{ swift_bin }}/swift-container-replicator /etc/swift/container-server/container-server-replicator.conf"
    service_en: "{{ swift_dedicated_replication | bool }}"
    init_config_overrides: "{{ swift_container_replicator_server_init_overrides }}"
    start_order: 5
  swift-object-server:
    group: swift_obj
    service_name: swift-object-server
    execstarts: "{{ swift_bin }}/swift-object-server /etc/swift/object-server/object-server.conf"
    init_config_overrides: "{{ swift_object_server_init_overrides }}"
    start_order: 6
  swift-object-replicator-server:
    group: swift_obj
    service_name: "swift-object-replicator-server"
    execstarts: "{{ swift_bin }}/swift-object-replicator /etc/swift/object-server/object-server-replicator.conf"
    service_en: "{{ swift_dedicated_replication | bool }}"
    init_config_overrides: "{{ swift_object_replicator_server_init_overrides }}"
    start_order: 7

  swift-account-auditor:
    group: swift_acc
    service_name: swift-account-auditor
    execstarts: "{{ swift_bin }}/swift-account-auditor {{ swift_dedicated_replication | ternary('/etc/swift/account-server/account-server-replicator.conf', '/etc/swift/account-server/account-server.conf') }}"
    init_config_overrides: "{{ swift_account_auditor_init_overrides }}"
    start_order: 8
  swift-account-reaper:
    group: swift_acc
    service_name: swift-account-reaper
    execstarts: "{{ swift_bin }}/swift-account-reaper /etc/swift/account-server/account-server.conf"
    init_config_overrides: "{{ swift_account_reaper_init_overrides }}"
    start_order: 9
  swift-account-replicator:
    group: swift_acc
    service_name: swift-account-replicator
    execstarts: "{{ swift_bin }}/swift-account-replicator {{ swift_dedicated_replication | ternary('/etc/swift/account-server/account-server-replicator.conf', '/etc/swift/account-server/account-server.conf') }}"
    init_config_overrides: "{{ swift_account_replicator_init_overrides }}"
    start_order: 10

  swift-container-auditor:
    group: swift_cont
    service_name: "swift-container-auditor"
    execstarts: "{{ swift_bin }}/swift-container-auditor {{ swift_dedicated_replication | ternary('/etc/swift/container-server/container-server-replicator.conf', '/etc/swift/container-server/container-server.conf') }}"
    init_config_overrides: "{{ swift_container_auditor_init_overrides }}"
    start_order: 11
  swift-container-reconciler:
    group: swift_cont
    service_name: "swift-container-reconciler"
    execstarts: "{{ swift_bin }}/swift-container-reconciler /etc/swift/container-server/container-reconciler.conf"
    init_config_overrides: "{{ swift_container_reconciler_init_overrides }}"
    start_order: 12
  swift-container-replicator:
    group: swift_cont
    service_name: "swift-container-replicator"
    execstarts: "{{ swift_bin }}/swift-container-replicator {{ swift_dedicated_replication | ternary('/etc/swift/container-server/container-server-replicator.conf', '/etc/swift/container-server/container-server.conf') }}"
    init_config_overrides: "{{ swift_container_replicator_init_overrides }}"
    start_order: 13
  swift-container-sync:
    group: swift_cont
    service_name: "swift-container-sync"
    execstarts: "{{ swift_bin }}/swift-container-sync /etc/swift/container-server/container-server.conf"
    init_config_overrides: "{{ swift_container_sync_init_overrides }}"
    start_order: 14
  swift-container-updater:
    group: swift_cont
    service_name: "swift-container-updater"
    execstarts: "{{ swift_bin }}/swift-container-updater /etc/swift/container-server/container-server.conf"
    init_config_overrides: "{{ swift_container_updater_init_overrides }}"
    start_order: 15

  swift-object-auditor:
    group: swift_obj
    service_name: "swift-object-auditor"
    execstarts: "{{ swift_bin }}/swift-object-auditor {{ swift_dedicated_replication | ternary('/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf') }}"
    init_config_overrides: "{{ swift_object_auditor_init_overrides }}"
    start_order: 16
  swift-object-expirer:
    group: swift_obj
    service_name: "swift-object-expirer"
    execstarts: "{{ swift_bin }}/swift-object-expirer /etc/swift/object-server/object-expirer.conf"
    init_config_overrides: "{{ swift_object_expirer_init_overrides }}"
    start_order: 17
  swift-object-reconstructor:
    group: swift_obj
    service_name: "swift-object-reconstructor"
    execstarts: "{{ swift_bin }}/swift-object-reconstructor {{ swift_dedicated_replication | ternary('/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf') }}"
    init_config_overrides: "{{ swift_object_reconstructor_init_overrides }}"
    start_order: 18
  swift-object-replicator:
    group: swift_obj
    service_name: "swift-object-replicator"
    execstarts: "{{ swift_bin }}/swift-object-replicator {{ swift_dedicated_replication | ternary('/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf') }}"
    init_config_overrides: "{{ swift_object_replicator_init_overrides }}"
    start_order: 19
  swift-object-updater:
    group: swift_obj
    service_name: "swift-object-updater"
    execstarts: "{{ swift_bin }}/swift-object-updater /etc/swift/object-server/object-server.conf"
    init_config_overrides: "{{ swift_object_updater_init_overrides }}"
    start_order: 20

# Set to True to reset the clock on the last time a rebalance happened,
# circumventing the min_part_hours check.
# USE WITH EXTREME CAUTION
# If you run the swift playbook with this option enabled, before a swift
# replication pass completes, you may introduce unavailability in your
# cluster. This has an end-user impact.
swift_pretend_min_part_hours_passed: False

# Set this option to enable or disable the pypy interpreter for swift
swift_pypy_enabled: false
swift_pypy_archive:
  url: "https://bitbucket.org/pypy/pypy/downloads/pypy2-v5.9.0-linux64.tar.bz2"
  sha256: "790febd4f09e22d6e2f81154efc7dc4b2feec72712aaf4f82aa91b550abb4b48"
swift_pypy_version: "{{ swift_pypy_archive['url'] | basename | replace('.tar.bz2', '') }}"
swift_pypy_env: "/opt/pypy-runtime/{{ swift_pypy_version }}/bin/pypy"
# Set the Garbage Collection (GC) options for pypy if you would like to tune these
# More info on pypy garbage collection can be found here:
# http://doc.pypy.org/en/latest/gc_info.html
swift_pypy_gc_min: "15M"
swift_pypy_gc_max: "1GB"

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
swift_role_project_group: swift_all

## Tunable overrides
swift_swift_conf_overrides: {}
swift_swift_dispersion_conf_overrides: {}
swift_proxy_server_conf_overrides: {}
swift_account_server_conf_overrides: {}
swift_account_server_replicator_conf_overrides: {}
swift_container_server_conf_overrides: {}
swift_container_reconciler_conf_overrides: {}
swift_container_server_replicator_conf_overrides: {}
swift_container_sync_realms_conf_overrides: {}
swift_drive_audit_conf_overrides: {}
swift_internal_client_conf_overrides: {}
swift_object_server_conf_overrides: {}
swift_object_expirer_conf_overrides: {}
swift_object_server_replicator_conf_overrides: {}
swift_memcache_conf_overrides: {}

Example Playbook

---
- name: Install swift server
  hosts: swift_all
  user: root
  roles:
    - { role: "os_swift", tags: [ "os-swift" ] }
  vars:
    external_lb_vip_address: 172.16.24.1
    internal_lb_vip_address: 192.168.0.1

Dependencies

This role needs pip >= 7.1 installed on the target host.

Tags

This role supports two tags: swift-install and swift-config.

The swift-install tag can be used to install the software.

The swift-config tag can be used to maintain configuration of the service, and do runtime operations.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.