Swift role for OpenStack-Ansible

Default Variables

# Enable/Disable Telemetry projects
swift_ceilometer_enabled: False
swift_gnocchi_enabled: False

## Verbosity Options
debug: False

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
swift_package_state: "latest"

swift_git_repo: https://git.openstack.org/openstack/swift
swift_git_install_branch: stable/newton
swift_developer_mode: false
swift_developer_constraints:
  - "git+{{ swift_git_repo }}@{{ swift_git_install_branch }}#egg=swift"

# Name of the virtual env to deploy into
swift_venv_tag: untagged
swift_bin: "/openstack/venvs/swift-{{ swift_venv_tag }}/bin"

swift_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/swift.tgz

# Set the full path to the swift recon cron
recon_cron_path: "{{ swift_bin }}/swift-recon-cron"


## Swift User / Group
swift_system_user_name: swift
swift_system_group_name: swift
swift_system_shell: /bin/bash
swift_system_comment: swift system user
swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"

## Swift Syslog User / Group
swift_syslog_user_name: syslog
swift_syslog_group_name: syslog
swift_syslog_log_perms: "0644"

## Auth token
swift_delay_auth_decision: true

## Swift middleware
# NB: The order is important!
swift_middleware_list:
  - catch_errors
  - gatekeeper
  - healthcheck
  - proxy-logging
  - "{% if swift_ceilometer_enabled | bool %}ceilometer{% endif %}"
  - cache
  - container_sync
  - bulk
  - tempurl
  - ratelimit
  - authtoken
  - keystoneauth
  - staticweb
  - container-quotas
  - account-quotas
  - slo
  - dlo
  - proxy-logging
  - proxy-server

## Swift default ports
swift_proxy_port: "8080"
# You can change the object, container, account ports.
# This will update the ring, on the next playbook run,
# without requiring a rebalance.
# NB: There is service downtime, during the run, between
# the service restart and the ring updating.
swift_object_port: "6000"
swift_container_port: "6001"
swift_account_port: "6002"

# Default swift ring settings:
swift_default_replication_number: 3
swift_default_min_part_hours: 1
swift_default_host_zone: 0
swift_default_host_region: 1
swift_default_drive_weight: 100

## Swift service defaults
swift_service_name: swift
swift_service_user_name: swift
swift_service_project_name: service
swift_service_project_domain_id: "default"
swift_service_project_domain_name: "Default"
swift_service_user_domain_id: "default"
swift_service_role_name: "admin"
swift_service_type: object-store
swift_service_proto: http
swift_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(swift_service_proto) }}"
swift_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(swift_service_proto) }}"
swift_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(swift_service_proto) }}"
swift_service_description: "Object Storage Service"
swift_service_publicuri: "{{ swift_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}"
swift_service_publicurl: "{{ swift_service_publicuri }}/v1/AUTH_%(tenant_id)s"
swift_service_adminuri: "{{ swift_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}"
swift_service_adminurl: "{{ swift_service_adminuri }}/v1/AUTH_%(tenant_id)s"
swift_service_internaluri: "{{ swift_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}"
swift_service_internalurl: "{{ swift_service_internaluri }}/v1/AUTH_%(tenant_id)s"
swift_service_region: RegionOne
statsd_host:
statsd_port: 8125
statsd_default_sample_rate: 1.0
statsd_sample_rate_factor: 1.0
statsd_metric_prefix:

# Set the file limits
swift_hard_open_file_limits: 10240
swift_soft_open_file_limits: 4096
swift_max_file_limits: "{{ swift_hard_open_file_limits * 24 }}"

## Keystone authentication middleware
swift_keystone_auth_plugin: "password"

swift_dispersion_user: dispersion
swift_dispersion_user_domain_name: "Default"

swift_operator_role: swiftoperator
swift_allow_versions: True
# This will allow all users to create containers and upload to swift if set to True
swift_allow_all_users: False
# If you want to regenerate the swift keys, on a run, for rsync purposes set this var to True otherwise keys will be generated on the first run and not regenerated each run.
swift_recreate_keys: False
swift_sorting_method: shuffle
# Set the fallocate_reserve value which will reserve space and fail on PUTs above this value in bytes (Default 10GB)
swift_fallocate_reserve: "1%"
swift_account_fallocate_reserve: "{{ swift_fallocate_reserve }}"
swift_container_fallocate_reserve: "{{ swift_fallocate_reserve }}"
swift_object_fallocate_reserve: "{{ swift_fallocate_reserve }}"
# Set this to true to disable fallocate
swift_disable_fallocate: false
swift_account_disable_fallocate: "{{ swift_disable_fallocate }}"
swift_container_disable_fallocate: "{{ swift_disable_fallocate }}"
swift_object_disable_fallocate: "{{ swift_disable_fallocate }}"

# This variable will protect against changing swift_hash_path_* variables unintentionally.
# If you wish to change them intentionally set the swift_force_change_hashes variable to True.
swift_force_change_hashes: False

## Swift ceilometer variables
swift_reselleradmin_role: ResellerAdmin

# Swift ceilometer rabbitmq settings
swift_rabbitmq_telemetry_userid: "swift"
swift_rabbitmq_telemetry_vhost: "/swift"
swift_rabbitmq_telemetry_port: "5672"
swift_rabbitmq_telemetry_servers: "127.0.0.1"
# For now swift ceilometer does not work with SSL - this is a speculative option in the hope it gets added
swift_rabbitmq_telemetry_use_ssl: "False"

## General Swift configuration
# If ``swift_account_server_replicator_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_account_server_replicator_workers: 16

# If ``swift_server_replicator_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_server_replicator_workers: 16

# If ``swift_object_replicator_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_object_replicator_workers: 16

# If ``swift_account_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_account_server_workers: 16

# If ``swift_container_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_container_server_workers: 16

# If ``swift_object_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_object_server_workers: 16

# If ``swift_proxy_server_workers`` is unset the system will use half the number
# of available VCPUS to compute the number of api workers to use.
# swift_proxy_server_workers: 16

# These are the storage addresses used to define the networks for swift storage and replication
# These are calculated by the tasks based on the "storage_network" and "replication_network" values
# set in the swift variables, if you set these per host the value won't be calculated.
# Setting swift_vars.storage_ip or swift_vars.repl_ip will take precedence.
# If none are set it will default to the "ansible_host" value.
# swift_storage_address: 127.0.0.1
# swift_replication_address: 127.0.0.1

# This var is calculated by the play itself, and should not need to be set
# It is defaulted for the benefit of the swift_proxy host which needs it
# for the swift-init-upstart.j2 template file.
swift_dedicated_replication: False

swift_service_in_ldap: false

# Basic swift configuration for the cluster
swift: {}

# Example basic swift configuration for the cluster
# swift:
#   part_power: 8
#   storage_network: 'br-storage'
#   replication_network: 'br-storage'
#   drives:
#     - name: swift1.img
#     - name: swift2.img
#     - name: swift3.img
#   mount_point: /srv
#   storage_policies:
#     - policy:
#         name: default
#         index: 0
#         default: True

# Set rsync max_connections vars
swift_max_rsync_connections: 4
swift_account_max_rsync_connections: "{{ swift_max_rsync_connections }}"
swift_container_max_rsync_connections: "{{ swift_max_rsync_connections }}"
swift_object_max_rsync_connections: "{{ swift_max_rsync_connections }}"

# Set Swift to use rsync module per object server drive
swift_rsync_module_per_drive: False

# Set the managed regions as a list of swift regions to manage
# Use for global clusters, default when not set is all regions.
# swift_managed_regions:
#  - 1
#  - 2

# swift_do_setup and swift_do_sync control which parts of the swift
# role get run. You should never need to adjust these, they are set
# within the swift-setup and swift-sync roles to ensure only the
# appropriate tasks within the os-swift role are run.
swift_do_setup: True
swift_do_sync: True

# Example swift_container_sync_realms to specify container_sync realms
# This can exist for multiple realms (in a list)
# swift_container_sync_realms:
#   - name: realm1
#     # You may want to put swift_realm_keyx in user_secrets.yml or ansible-vault
#     # Otherwise specify it manually below.
#     key1: {{ swift_realm_key1 }}
#     # key2 is optional and used for rotating/deprecated keys
#     key2: {{ swift_realm_key2 }}
#     clustername1: https://<cluster1-ip>/v1
#     clustername2: https://<cluster2-ip>/v1

# swift packages that must be installed before anything else
swift_requires_pip_packages:
  - virtualenv
  - virtualenv-tools
  - python-keystoneclient # Keystoneclient needed to OSA keystone lib
  - httplib2

swift_pip_packages:
  - ceilometermiddleware
  - dnspython
  - ecdsa
  - keystonemiddleware
  - pyeclib
  - pycrypto
  - python-cinderclient
  - python-keystoneclient
  - python-memcached
  - python-swiftclient
  - swift

swift_services:
  swift-account-replicator:
    group: swift_acc
    program_name: "swift-account-replicator"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/account-server/account-server-replicator.conf', '/etc/swift/account-server/account-server.conf') }}"
  swift-account-replicator-server:
    group: swift_acc
    program_name: "swift-account-replicator-server"
    program_binary: "swift-account-server"
    program_config_options: "/etc/swift/account-server/account-server-replicator.conf"
    service_en: "{{ swift_dedicated_replication | bool }}"
  swift-account-server:
    group: swift_acc
    program_name: "swift-account-server"
    program_config_options: "/etc/swift/account-server/account-server.conf"
  swift-account-auditor:
    group: swift_acc
    program_name: "swift-account-auditor"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/account-server/account-server-replicator.conf', '/etc/swift/account-server/account-server.conf') }}"
  swift-account-reaper:
    group: swift_acc
    program_name: "swift-account-reaper"
    program_config_options: "/etc/swift/account-server/account-server.conf"
  swift-container-replicator:
    group: swift_cont
    program_name: "swift-container-replicator"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/container-server/container-server-replicator.conf', '/etc/swift/container-server/container-server.conf') }}"
  swift-container-replicator-server:
    group: swift_cont
    program_name: "swift-container-replicator-server"
    program_binary: "swift-container-server"
    program_config_options: "/etc/swift/container-server/container-server-replicator.conf"
    service_en: "{{ swift_dedicated_replication | bool }}"
  swift-container-server:
    group: swift_cont
    program_name: "swift-container-server"
    program_config_options: "/etc/swift/container-server/container-server.conf"
  swift-container-auditor:
    group: swift_cont
    program_name: "swift-container-auditor"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/container-server/container-server-replicator.conf', '/etc/swift/container-server/container-server.conf') }}"
  swift-container-sync:
    group: swift_cont
    program_name: "swift-container-sync"
    program_config_options: "/etc/swift/container-server/container-server.conf"
  swift-container-updater:
    group: swift_cont
    program_name: "swift-container-updater"
    program_config_options: "/etc/swift/container-server/container-server.conf"
  swift-container-reconciler:
    group: swift_cont
    program_name: "swift-container-reconciler"
    program_config_options: "/etc/swift/container-server/container-reconciler.conf"
  swift-object-replicator:
    group: swift_obj
    program_name: "swift-object-replicator"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf') }}"
  swift-object-replicator-server:
    group: swift_obj
    program_name: "swift-object-replicator-server"
    program_binary: "swift-object-server"
    program_config_options: "/etc/swift/object-server/object-server-replicator.conf"
    service_en: "{{ swift_dedicated_replication | bool }}"
  swift-object-server:
    group: swift_obj
    program_name: "swift-object-server"
    program_config_options: "/etc/swift/object-server/object-server.conf"
  swift-object-auditor:
    group: swift_obj
    program_name: "swift-object-auditor"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf') }}"
  swift-object-updater:
    group: swift_obj
    program_name: "swift-object-updater"
    program_config_options: "/etc/swift/object-server/object-server.conf"
  swift-object-expirer:
    group: swift_obj
    program_name: "swift-object-expirer"
    program_config_options: "/etc/swift/object-server/object-expirer.conf"
  swift-object-reconstructor:
    group: swift_obj
    program_name: "swift-object-reconstructor"
    program_config_options: "{{ swift_dedicated_replication | ternary('/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf') }}"
  swift-proxy-server:
    group: swift_proxy
    program_name: "swift-proxy-server"
    program_config_options: "/etc/swift/proxy-server/proxy-server.conf"

# Set to True to reset the clock on the last time a rebalance happened,
# circumventing the min_part_hours check.
# USE WITH EXTREME CAUTION
# If you run the swift playbook with this option enabled, before a swift
# replication pass completes, you may introduce unavailability in your
# cluster. This has an end-user impact.
swift_pretend_min_part_hours_passed: False

# Set this option to enable or disable the pypy interpreter for swift
swift_pypy_enabled: false
swift_pypy_archive:
  url: "https://bitbucket.org/pypy/pypy/downloads/pypy2-v5.3.1-linux64.tar.bz2"
  sha256: "6d0e8b14875b76b1e77f06a2ee3f1fb5015a645a951ba7a7586289344d4d9c22"
swift_pypy_version: "{{ swift_pypy_archive['url'] | basename | replace('.tar.bz2', '') }}"
swift_pypy_env: "/opt/pypy-runtime/{{ swift_pypy_version }}/bin/pypy"

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
swift_role_project_group: swift_all

## Tunable overrides
swift_swift_conf_overrides: {}
swift_swift_dispersion_conf_overrides: {}
swift_proxy_server_conf_overrides: {}
swift_account_server_conf_overrides: {}
swift_account_server_replicator_conf_overrides: {}
swift_container_server_conf_overrides: {}
swift_container_reconciler_conf_overrides: {}
swift_container_server_replicator_conf_overrides: {}
swift_container_sync_realms_conf_overrides: {}
swift_drive_audit_conf_overrides: {}
swift_object_server_conf_overrides: {}
swift_object_expirer_conf_overrides: {}
swift_object_server_replicator_conf_overrides: {}
swift_memcache_conf_overrides: {}

Example Playbook

- name: Install swift server
  hosts: swift_all
  user: root
  roles:
    - { role: "os_swift", tags: [ "os-swift" ] }
  vars:
    external_lb_vip_address: 172.16.24.1
    internal_lb_vip_address: 192.168.0.1

Tags

This role supports two tags: swift-install and swift-config

The swift-install tag can be used to install and upgrade.

The swift-config tag can be used to maintain configuration of the service.

Table Of Contents

Next topic

Configuring swift

Project Source

This Page