summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Ipsum <richard.ipsum@codethink.co.uk>2015-04-01 14:39:24 +0000
committerRichard Ipsum <richard.ipsum@codethink.co.uk>2015-04-10 18:32:09 +0000
commit370313b7e624f8126ddbe071e49496b8b8455fa8 (patch)
treea8305c59fc1aeaef15f540d04d53c968d1214a69
parent259184abd8315109a71541ea64f613a83ac5ede4 (diff)
downloaddefinitions-baserock/richardipsum/swift-storage-nodes-v2.tar.gz
Add configuration for swift storage nodesbaserock/richardipsum/swift-storage-nodes-v2
Change-Id: Iad40b665edff7a3605b6600dafbcf67831e4290a
-rw-r--r--clusters/example-swift-storage-cluster.morph60
-rw-r--r--hosts1
-rw-r--r--swift-build-rings.yml34
-rwxr-xr-xswift-storage-devices-validate.py60
-rw-r--r--swift-storage.configure105
-rw-r--r--swift/manifest13
-rw-r--r--swift/usr/lib/systemd/system/swift-storage-setup.service11
-rw-r--r--swift/usr/lib/systemd/system/swift-storage.service12
-rw-r--r--swift/usr/share/swift/etc/rsyncd.j223
-rw-r--r--swift/usr/share/swift/etc/swift/account-server.j2192
-rw-r--r--swift/usr/share/swift/etc/swift/container-server.j2203
-rw-r--r--swift/usr/share/swift/etc/swift/object-server.j2283
-rw-r--r--swift/usr/share/swift/etc/swift/swift.j2118
-rw-r--r--swift/usr/share/swift/hosts1
-rw-r--r--swift/usr/share/swift/swift-storage.yml24
15 files changed, 1140 insertions, 0 deletions
diff --git a/clusters/example-swift-storage-cluster.morph b/clusters/example-swift-storage-cluster.morph
new file mode 100644
index 00000000..2f8dcaeb
--- /dev/null
+++ b/clusters/example-swift-storage-cluster.morph
@@ -0,0 +1,60 @@
+name: example-swift-storage-cluster
+kind: cluster
+systems:
+- morph: systems/devel-system-x86_64-generic.morph
+ deploy-defaults:
+ INSTALL_FILES: swift/manifest
+
+ SWIFT_PART_POWER: 10
+ SWIFT_REPLICAS: 3
+ SWIFT_MIN_PART_HOURS: 1
+
+ SWIFT_STORAGE_DEVICES: [{ ip: <node0 management ip>, device: sdb, weight: 100 },
+ { ip: <node0 management ip>, device: sdc, weight: 100 },
+ { ip: <node0 management ip>, device: sdd, weight: 100 },
+
+ { ip: <node1 management ip>, device: sdb, weight: 100 },
+ { ip: <node1 management ip>, device: sdc, weight: 100 },
+ { ip: <node1 management ip>, device: sdd, weight: 100 }]
+
+ # This value can be any random string or number
+ # but each node in your swift cluster must have the same value
+ SWIFT_REBALANCE_SEED: 3828
+
+ # NOTE: Replace SWIFT_HASH_PATH_PREFIX and SWIFT_HASH_PATH_SUFFIX
+ # with your own unique values,
+ #
+ # `openssl rand -hex 10' can be used to generate unique values
+ #
+ # These values should be kept secret, do not lose them.
+ #
+ SWIFT_HASH_PATH_PREFIX: 041fc210e4e1d333ce1d
+ SWIFT_HASH_PATH_SUFFIX: 4d6f5362a356dda7fb7d
+
+ FSTAB_SDB: /dev/sdb /srv/node/sdb xfs defaults,user,rw 0 0
+ FSTAB_SDC: /dev/sdc /srv/node/sdc xfs defaults,user,rw 0 0
+ FSTAB_SDD: /dev/sdd /srv/node/sdd xfs defaults,user,rw 0 0
+
+ deploy:
+ node0:
+ type: kvm
+ location: kvm+ssh://user@host/swift-storage-0/home/user/swift-storage-0.img
+ DISK_SIZE: 10G
+ RAM_SIZE: 1G
+ VCPUS: 1
+ HOSTNAME: swift-storage-0
+ NIC_CONFIG: network=default
+ NETWORK_CONFIG: ens3:static,address=<node0 management ip>,netmask=255.255.255.0
+ MANAGEMENT_INTERFACE_IP_ADDRESS: <node0 management ip>
+ ATTACH_DISKS: /dev/node0_sdb:/dev/node0_sdc:/dev/node0_sdd
+ node1:
+ type: kvm
+ location: kvm+ssh://user@host/swift-storage-1/home/user/swift-storage-1.img
+ DISK_SIZE: 10G
+ RAM_SIZE: 1G
+ VCPUS: 1
+ HOSTNAME: swift-storage-1
+ NIC_CONFIG: network=default
+ NETWORK_CONFIG: ens3:static,address=<node1 management ip>,netmask=255.255.255.0
+ MANAGEMENT_INTERFACE_IP_ADDRESS: <node1 management ip>
+ ATTACH_DISKS: /dev/node1_sdb:/dev/node1_sdc:/dev/node1_sdd
diff --git a/hosts b/hosts
new file mode 100644
index 00000000..5b97818d
--- /dev/null
+++ b/hosts
@@ -0,0 +1 @@
+localhost ansible_connection=local
diff --git a/swift-build-rings.yml b/swift-build-rings.yml
new file mode 100644
index 00000000..1ffe9c37
--- /dev/null
+++ b/swift-build-rings.yml
@@ -0,0 +1,34 @@
+---
+- hosts: localhost
+ vars:
+ - rings:
+ - { name: account, port: 6002 }
+ - { name: container, port: 6001 }
+ - { name: object, port: 6000 }
+ remote_user: root
+ tasks:
+ - file: path={{ ansible_env.ROOT }}/etc/swift owner=root group=root state=directory
+
+ - name: Create ring
+ shell: swift-ring-builder {{ item.name }}.builder create {{ ansible_env.SWIFT_PART_POWER }}
+ {{ ansible_env.SWIFT_REPLICAS }} {{ ansible_env.SWIFT_MIN_PART_HOURS }}
+ with_items: rings
+
+ - name: Add each storage node to the ring
+ shell: swift-ring-builder {{ item[0].name }}.builder
+ add r1z1-{{ item[1].ip }}:{{ item[0].port }}/{{ item[1].device }} {{ item[1].weight }}
+ with_nested:
+ - rings
+ - ansible_env.SWIFT_STORAGE_DEVICES
+
+ - name: Rebalance the ring
+ shell: swift-ring-builder {{ item.name }}.builder rebalance {{ ansible_env.SWIFT_REBALANCE_SEED }}
+ with_items: rings
+
+ - name: Copy ring configuration files into place
+ copy: src={{ item.name }}.ring.gz dest={{ ansible_env.ROOT }}/etc/swift
+ with_items: rings
+
+ - name: Copy ring builder files into place
+ copy: src={{ item.name }}.builder dest={{ ansible_env.ROOT }}/etc/swift
+ with_items: rings
diff --git a/swift-storage-devices-validate.py b/swift-storage-devices-validate.py
new file mode 100755
index 00000000..57ab23d0
--- /dev/null
+++ b/swift-storage-devices-validate.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Copyright © 2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# This is used by the openstack-swift.configure extension
+# to validate any provided storage device specifiers
+# under SWIFT_STORAGE_DEVICES
+#
+
+
+'''
+ This is used by the swift-storage.configure extension
+ to validate any storage device specifiers specified
+ in the SWIFT_STORAGE_DEVICES environment variable
+'''
+
+from __future__ import print_function
+
+import yaml
+import sys
+
+EXAMPLE_DEVSPEC = '{device: sdb1, ip: 127.0.0.1, weight: 100}'
+REQUIRED_KEYS = ['ip', 'device', 'weight']
+
+def err(msg):
+ print(msg, file=sys.stderr)
+ sys.exit(1)
+
+if len(sys.argv) != 2:
+ err('usage: %s STRING_TO_BE_VALIDATED' % sys.argv[0])
+
+swift_storage_devices = yaml.load(sys.argv[1])
+
+if not isinstance(swift_storage_devices, list):
+ err('Expected list of device specifiers\n'
+ 'Example: [%s]' % EXAMPLE_DEVSPEC)
+
+for d in swift_storage_devices:
+ if not isinstance(d, dict):
+ err("Invalid device specifier: `%s'\n"
+ 'Device specifier must be a dictionary\n'
+ 'Example: %s' % (d, EXAMPLE_DEVSPEC))
+
+ if set(d.keys()) != set(REQUIRED_KEYS):
+ err("Invalid device specifier: `%s'\n"
+ 'Specifier should contain: %s\n'
+ 'Example: %s' % (d, str(REQUIRED_KEYS)[1:-1], EXAMPLE_DEVSPEC))
diff --git a/swift-storage.configure b/swift-storage.configure
new file mode 100644
index 00000000..182e0329
--- /dev/null
+++ b/swift-storage.configure
@@ -0,0 +1,105 @@
+#!/bin/bash
+#
+# Copyright © 2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+# The ansible script needs to know where the rootfs is, so we export it here
+export ROOT="$1"
+
+validate_number() {
+ local name="$1"
+ local value="$2"
+
+ local pattern='^[0-9]+$'
+ if ! [[ $value =~ $pattern ]]
+ then
+ echo "'$name' must be a number" >&2
+ exit 1
+ fi
+}
+
+validate_non_empty() {
+ local name="$1"
+ local value="$2"
+
+ if [[ $value = None ]]
+ then
+ echo "'$name' cannot be empty" >&2
+ exit 1
+ fi
+}
+
+MANDATORY_OPTIONS="SWIFT_HASH_PATH_PREFIX \
+ SWIFT_HASH_PATH_SUFFIX \
+ SWIFT_REBALANCE_SEED \
+ SWIFT_PART_POWER \
+ SWIFT_REPLICAS \
+ SWIFT_MIN_PART_HOURS \
+ SWIFT_STORAGE_DEVICES \
+ MANAGEMENT_INTERFACE_IP_ADDRESS"
+
+for option in $MANDATORY_OPTIONS
+do
+ if ! [[ -v $option ]]
+ then
+ missing_option=True
+ echo "Required option $option isn't set!" >&2
+ fi
+done
+
+if [[ $missing_option = True ]]; then exit 1; fi
+
+./swift-storage-devices-validate.py "$SWIFT_STORAGE_DEVICES"
+
+# Validate SWIFT_PART_POWER, SWIFT_REPLICAS, SWIFT_MIN_PART_HOURS
+# just make sure they're numbers
+
+validate_number "SWIFT_PART_POWER" "$SWIFT_PART_POWER"
+validate_number "SWIFT_REPLICAS" "$SWIFT_REPLICAS"
+validate_number "SWIFT_MIN_PART_HOURS" "$SWIFT_MIN_PART_HOURS"
+
+# Make sure these aren't empty
+validate_non_empty "SWIFT_HASH_PATH_PREFIX" "$SWIFT_HASH_PATH_PREFIX"
+validate_non_empty "SWIFT_HASH_PATH_SUFFIX" "$SWIFT_HASH_PATH_SUFFIX"
+validate_non_empty "SWIFT_REBALANCE_SEED" "$SWIFT_REBALANCE_SEED"
+validate_non_empty "MANAGEMENT_INTERFACE_IP_ADDRESS" "$MANAGEMENT_INTERFACE_IP_ADDRESS"
+
+mkdir -p "$ROOT/usr/lib/systemd/system/multi-user.target.wants" # ensure this exists before we make symlinks
+
+# A swift controller needs the storage setup service
+# but does not want any of the other storage services enabled
+ln -s "/usr/lib/systemd/system/swift-storage-setup.service" \
+ "$ROOT/usr/lib/systemd/system/multi-user.target.wants/swift-storage-setup.service"
+
+SWIFT_CONTROLLER=${SWIFT_CONTROLLER:-False}
+
+if [[ $SWIFT_CONTROLLER = False ]]
+then
+ ln -s "/usr/lib/systemd/system/rsync.service" \
+ "$ROOT/usr/lib/systemd/system/multi-user.target.wants/rsync.service"
+ ln -s "/usr/lib/systemd/system/swift-storage.service" \
+ "$ROOT/usr/lib/systemd/system/multi-user.target.wants/swift-storage.service"
+fi
+
+# Build swift data structures (the rings)
+/usr/bin/ansible-playbook -i hosts swift-build-rings.yml
+
+cat << EOF > "$ROOT"/usr/share/swift/swift-storage-vars.yml
+---
+MANAGEMENT_INTERFACE_IP_ADDRESS: $MANAGEMENT_INTERFACE_IP_ADDRESS
+SWIFT_HASH_PATH_PREFIX: $SWIFT_HASH_PATH_PREFIX
+SWIFT_HASH_PATH_SUFFIX: $SWIFT_HASH_PATH_SUFFIX
+EOF
diff --git a/swift/manifest b/swift/manifest
new file mode 100644
index 00000000..6c1e2383
--- /dev/null
+++ b/swift/manifest
@@ -0,0 +1,13 @@
+0040755 0 0 /usr/share
+0040755 0 0 /usr/share/swift
+0100644 0 0 /usr/share/swift/hosts
+0100644 0 0 /usr/share/swift/swift-storage.yml
+0040755 0 0 /usr/share/swift/etc
+0040755 0 0 /usr/share/swift/etc/swift
+0100644 0 0 /usr/share/swift/etc/swift/account-server.j2
+0100644 0 0 /usr/share/swift/etc/swift/swift.j2
+0100644 0 0 /usr/share/swift/etc/swift/object-server.j2
+0100644 0 0 /usr/share/swift/etc/swift/container-server.j2
+0100644 0 0 /usr/share/swift/etc/rsyncd.j2
+0100644 0 0 /usr/lib/systemd/system/swift-storage-setup.service
+0100644 0 0 /usr/lib/systemd/system/swift-storage.service
diff --git a/swift/usr/lib/systemd/system/swift-storage-setup.service b/swift/usr/lib/systemd/system/swift-storage-setup.service
new file mode 100644
index 00000000..e284fbed
--- /dev/null
+++ b/swift/usr/lib/systemd/system/swift-storage-setup.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Run openstack-swift-storage-setup (once)
+After=local-fs.target postgres-server.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/ansible-playbook -v -i /usr/share/swift/hosts /usr/share/swift/swift-storage.yml
+Restart=no
+
+[Install]
+WantedBy=multi-user.target
diff --git a/swift/usr/lib/systemd/system/swift-storage.service b/swift/usr/lib/systemd/system/swift-storage.service
new file mode 100644
index 00000000..dc41d3bc
--- /dev/null
+++ b/swift/usr/lib/systemd/system/swift-storage.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenStack Swift Storage
+After=syslog.target network.target swift-storage-setup.service
+
+[Service]
+Type=forking
+Restart=on-failure
+ExecStart=/usr/bin/swift-init all start
+ExecStop=/usr/bin/swift-init all stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/swift/usr/share/swift/etc/rsyncd.j2 b/swift/usr/share/swift/etc/rsyncd.j2
new file mode 100644
index 00000000..c0657665
--- /dev/null
+++ b/swift/usr/share/swift/etc/rsyncd.j2
@@ -0,0 +1,23 @@
+uid = swift
+gid = swift
+log file = /var/log/rsyncd.log
+pid file = /var/run/rsyncd.pid
+address = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+
+[account]
+max connections = 2
+path = /srv/node/
+read only = false
+lock file = /var/lock/account.lock
+
+[container]
+max connections = 2
+path = /srv/node/
+read only = false
+lock file = /var/lock/container.lock
+
+[object]
+max connections = 2
+path = /srv/node/
+read only = false
+lock file = /var/lock/object.lock
diff --git a/swift/usr/share/swift/etc/swift/account-server.j2 b/swift/usr/share/swift/etc/swift/account-server.j2
new file mode 100644
index 00000000..d977e295
--- /dev/null
+++ b/swift/usr/share/swift/etc/swift/account-server.j2
@@ -0,0 +1,192 @@
+[DEFAULT]
+# bind_ip = 0.0.0.0
+bind_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+bind_port = 6002
+# bind_timeout = 30
+# backlog = 4096
+user = swift
+swift_dir = /etc/swift
+devices = /srv/node
+# mount_check = true
+# disable_fallocate = false
+#
+# Use an integer to override the number of pre-forked processes that will
+# accept connections.
+# workers = auto
+#
+# Maximum concurrent requests per worker
+# max_clients = 1024
+#
+# You can specify default log routing here if you want:
+# log_name = swift
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+# The following caps the length of log lines to the value given; no limit if
+# set to 0, the default.
+# log_max_line_length = 0
+#
+# comma separated list of functions to call to setup custom log handlers.
+# functions get passed: conf, name, log_to_console, log_route, fmt, logger,
+# adapted_logger
+# log_custom_handlers =
+#
+# If set, log_udp_host will override log_address
+# log_udp_host =
+# log_udp_port = 514
+#
+# You can enable StatsD logging here:
+# log_statsd_host = localhost
+# log_statsd_port = 8125
+# log_statsd_default_sample_rate = 1.0
+# log_statsd_sample_rate_factor = 1.0
+# log_statsd_metric_prefix =
+#
+# If you don't mind the extra disk space usage in overhead, you can turn this
+# on to preallocate disk space with SQLite databases to decrease fragmentation.
+# db_preallocation = off
+#
+# eventlet_debug = false
+#
+# You can set fallocate_reserve to the number of bytes you'd like fallocate to
+# reserve, whether there is space for the given file size or not.
+# fallocate_reserve = 0
+
+[pipeline:main]
+pipeline = healthcheck recon account-server
+
+[app:account-server]
+use = egg:swift#account
+# You can override the default log routing for this app here:
+# set log_name = account-server
+# set log_facility = LOG_LOCAL0
+# set log_level = INFO
+# set log_requests = true
+# set log_address = /dev/log
+#
+# auto_create_account_prefix = .
+#
+# Configure parameter for creating specific server
+# To handle all verbs, including replication verbs, do not specify
+# "replication_server" (this is the default). To only handle replication,
+# set to a True value (e.g. "True" or "1"). To handle only non-replication
+# verbs, set to "False". Unless you have a separate replication network, you
+# should not specify any value for "replication_server".
+# replication_server = false
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+# An optional filesystem path, which if present, will cause the healthcheck
+# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
+# disable_path =
+
+[filter:recon]
+use = egg:swift#recon
+recon_cache_path = /var/cache/swift
+
+[account-replicator]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = account-replicator
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# vm_test_mode = no
+# per_diff = 1000
+# max_diffs = 100
+# concurrency = 8
+# interval = 30
+#
+# How long without an error before a node's error count is reset. This will
+# also be how long before a node is reenabled after suppression is triggered.
+# error_suppression_interval = 60
+#
+# How many errors can accumulate before a node is temporarily ignored.
+# error_suppression_limit = 10
+#
+# node_timeout = 10
+# conn_timeout = 0.5
+#
+# The replicator also performs reclamation
+# reclaim_age = 604800
+#
+# Time in seconds to wait between replication passes
+# Note: if the parameter 'interval' is defined then it will be used in place
+# of run_pause.
+# run_pause = 30
+#
+# recon_cache_path = /var/cache/swift
+
+[account-auditor]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = account-auditor
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# Will audit each account at most once per interval
+# interval = 1800
+#
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# accounts_per_second = 200
+# recon_cache_path = /var/cache/swift
+
+[account-reaper]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = account-reaper
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# concurrency = 25
+# interval = 3600
+# node_timeout = 10
+# conn_timeout = 0.5
+#
+# Normally, the reaper begins deleting account information for deleted accounts
+# immediately; you can set this to delay its work however. The value is in
+# seconds; 2592000 = 30 days for example.
+# delay_reaping = 0
+#
+# If the account fails to be be reaped due to a persistent error, the
+# account reaper will log a message such as:
+# Account <name> has not been reaped since <date>
+# You can search logs for this message if space is not being reclaimed
+# after you delete account(s).
+# Default is 2592000 seconds (30 days). This is in addition to any time
+# requested by delay_reaping.
+# reap_warn_after = 2592000
+
+# Note: Put it at the beginning of the pipeline to profile all middleware. But
+# it is safer to put this after healthcheck.
+[filter:xprofile]
+use = egg:swift#xprofile
+# This option enable you to switch profilers which should inherit from python
+# standard profiler. Currently the supported value can be 'cProfile',
+# 'eventlet.green.profile' etc.
+# profile_module = eventlet.green.profile
+#
+# This prefix will be used to combine process ID and timestamp to name the
+# profile data file. Make sure the executing user has permission to write
+# into this path (missing path segments will be created, if necessary).
+# If you enable profiling in more than one type of daemon, you must override
+# it with an unique value like: /var/log/swift/profile/account.profile
+# log_filename_prefix = /tmp/log/swift/profile/default.profile
+#
+# the profile data will be dumped to local disk based on above naming rule
+# in this interval.
+# dump_interval = 5.0
+#
+# Be careful, this option will enable profiler to dump data into the file with
+# time stamp which means there will be lots of files piled up in the directory.
+# dump_timestamp = false
+#
+# This is the path of the URL to access the mini web UI.
+# path = /__profile__
+#
+# Clear the data when the wsgi server shutdown.
+# flush_at_shutdown = false
+#
+# unwind the iterator of applications
+# unwind = false
diff --git a/swift/usr/share/swift/etc/swift/container-server.j2 b/swift/usr/share/swift/etc/swift/container-server.j2
new file mode 100644
index 00000000..d226d016
--- /dev/null
+++ b/swift/usr/share/swift/etc/swift/container-server.j2
@@ -0,0 +1,203 @@
+[DEFAULT]
+# bind_ip = 0.0.0.0
+bind_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+bind_port = 6001
+# bind_timeout = 30
+# backlog = 4096
+user = swift
+swift_dir = /etc/swift
+devices = /srv/node
+# mount_check = true
+# disable_fallocate = false
+#
+# Use an integer to override the number of pre-forked processes that will
+# accept connections.
+# workers = auto
+#
+# Maximum concurrent requests per worker
+# max_clients = 1024
+#
+# This is a comma separated list of hosts allowed in the X-Container-Sync-To
+# field for containers. This is the old-style of using container sync. It is
+# strongly recommended to use the new style of a separate
+# container-sync-realms.conf -- see container-sync-realms.conf-sample
+# allowed_sync_hosts = 127.0.0.1
+#
+# You can specify default log routing here if you want:
+# log_name = swift
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+# The following caps the length of log lines to the value given; no limit if
+# set to 0, the default.
+# log_max_line_length = 0
+#
+# comma separated list of functions to call to setup custom log handlers.
+# functions get passed: conf, name, log_to_console, log_route, fmt, logger,
+# adapted_logger
+# log_custom_handlers =
+#
+# If set, log_udp_host will override log_address
+# log_udp_host =
+# log_udp_port = 514
+#
+# You can enable StatsD logging here:
+# log_statsd_host = localhost
+# log_statsd_port = 8125
+# log_statsd_default_sample_rate = 1.0
+# log_statsd_sample_rate_factor = 1.0
+# log_statsd_metric_prefix =
+#
+# If you don't mind the extra disk space usage in overhead, you can turn this
+# on to preallocate disk space with SQLite databases to decrease fragmentation.
+# db_preallocation = off
+#
+# eventlet_debug = false
+#
+# You can set fallocate_reserve to the number of bytes you'd like fallocate to
+# reserve, whether there is space for the given file size or not.
+# fallocate_reserve = 0
+
+[pipeline:main]
+pipeline = healthcheck recon container-server
+
+[app:container-server]
+use = egg:swift#container
+# You can override the default log routing for this app here:
+# set log_name = container-server
+# set log_facility = LOG_LOCAL0
+# set log_level = INFO
+# set log_requests = true
+# set log_address = /dev/log
+#
+# node_timeout = 3
+# conn_timeout = 0.5
+# allow_versions = false
+# auto_create_account_prefix = .
+#
+# Configure parameter for creating specific server
+# To handle all verbs, including replication verbs, do not specify
+# "replication_server" (this is the default). To only handle replication,
+# set to a True value (e.g. "True" or "1"). To handle only non-replication
+# verbs, set to "False". Unless you have a separate replication network, you
+# should not specify any value for "replication_server".
+# replication_server = false
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+# An optional filesystem path, which if present, will cause the healthcheck
+# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
+# disable_path =
+
+[filter:recon]
+use = egg:swift#recon
+recon_cache_path = /var/cache/swift
+
+[container-replicator]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = container-replicator
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# vm_test_mode = no
+# per_diff = 1000
+# max_diffs = 100
+# concurrency = 8
+# interval = 30
+# node_timeout = 10
+# conn_timeout = 0.5
+#
+# The replicator also performs reclamation
+# reclaim_age = 604800
+#
+# Time in seconds to wait between replication passes
+# Note: if the parameter 'interval' is defined then it will be used in place
+# of run_pause.
+# run_pause = 30
+#
+# recon_cache_path = /var/cache/swift
+
+[container-updater]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = container-updater
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# interval = 300
+# concurrency = 4
+# node_timeout = 3
+# conn_timeout = 0.5
+#
+# slowdown will sleep that amount between containers
+# slowdown = 0.01
+#
+# Seconds to suppress updating an account that has generated an error
+# account_suppression_time = 60
+#
+# recon_cache_path = /var/cache/swift
+
+[container-auditor]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = container-auditor
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# Will audit each container at most once per interval
+# interval = 1800
+#
+# containers_per_second = 200
+# recon_cache_path = /var/cache/swift
+
+[container-sync]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = container-sync
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# If you need to use an HTTP Proxy, set it here; defaults to no proxy.
+# You can also set this to a comma separated list of HTTP Proxies and they will
+# be randomly used (simple load balancing).
+# sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888
+#
+# Will sync each container at most once per interval
+# interval = 300
+#
+# Maximum amount of time to spend syncing each container per pass
+# container_time = 60
+
+# Note: Put it at the beginning of the pipeline to profile all middleware. But
+# it is safer to put this after healthcheck.
+[filter:xprofile]
+use = egg:swift#xprofile
+# This option enable you to switch profilers which should inherit from python
+# standard profiler. Currently the supported value can be 'cProfile',
+# 'eventlet.green.profile' etc.
+# profile_module = eventlet.green.profile
+#
+# This prefix will be used to combine process ID and timestamp to name the
+# profile data file. Make sure the executing user has permission to write
+# into this path (missing path segments will be created, if necessary).
+# If you enable profiling in more than one type of daemon, you must override
+# it with an unique value like: /var/log/swift/profile/container.profile
+# log_filename_prefix = /tmp/log/swift/profile/default.profile
+#
+# the profile data will be dumped to local disk based on above naming rule
+# in this interval.
+# dump_interval = 5.0
+#
+# Be careful, this option will enable profiler to dump data into the file with
+# time stamp which means there will be lots of files piled up in the directory.
+# dump_timestamp = false
+#
+# This is the path of the URL to access the mini web UI.
+# path = /__profile__
+#
+# Clear the data when the wsgi server shutdown.
+# flush_at_shutdown = false
+#
+# unwind the iterator of applications
+# unwind = false
diff --git a/swift/usr/share/swift/etc/swift/object-server.j2 b/swift/usr/share/swift/etc/swift/object-server.j2
new file mode 100644
index 00000000..66990be9
--- /dev/null
+++ b/swift/usr/share/swift/etc/swift/object-server.j2
@@ -0,0 +1,283 @@
+[DEFAULT]
+# bind_ip = 0.0.0.0
+bind_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+bind_port = 6000
+# bind_timeout = 30
+# backlog = 4096
+user = swift
+swift_dir = /etc/swift
+devices = /srv/node
+# mount_check = true
+# disable_fallocate = false
+# expiring_objects_container_divisor = 86400
+# expiring_objects_account_name = expiring_objects
+#
+# Use an integer to override the number of pre-forked processes that will
+# accept connections.
+# workers = auto
+#
+# Maximum concurrent requests per worker
+# max_clients = 1024
+#
+# You can specify default log routing here if you want:
+# log_name = swift
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+# The following caps the length of log lines to the value given; no limit if
+# set to 0, the default.
+# log_max_line_length = 0
+#
+# comma separated list of functions to call to setup custom log handlers.
+# functions get passed: conf, name, log_to_console, log_route, fmt, logger,
+# adapted_logger
+# log_custom_handlers =
+#
+# If set, log_udp_host will override log_address
+# log_udp_host =
+# log_udp_port = 514
+#
+# You can enable StatsD logging here:
+# log_statsd_host = localhost
+# log_statsd_port = 8125
+# log_statsd_default_sample_rate = 1.0
+# log_statsd_sample_rate_factor = 1.0
+# log_statsd_metric_prefix =
+#
+# eventlet_debug = false
+#
+# You can set fallocate_reserve to the number of bytes you'd like fallocate to
+# reserve, whether there is space for the given file size or not.
+# fallocate_reserve = 0
+#
+# Time to wait while attempting to connect to another backend node.
+# conn_timeout = 0.5
+# Time to wait while sending each chunk of data to another backend node.
+# node_timeout = 3
+# Time to wait while receiving each chunk of data from a client or another
+# backend node.
+# client_timeout = 60
+#
+# network_chunk_size = 65536
+# disk_chunk_size = 65536
+
+[pipeline:main]
+pipeline = healthcheck recon object-server
+
+[app:object-server]
+use = egg:swift#object
+# You can override the default log routing for this app here:
+# set log_name = object-server
+# set log_facility = LOG_LOCAL0
+# set log_level = INFO
+# set log_requests = true
+# set log_address = /dev/log
+#
+# max_upload_time = 86400
+# slow = 0
+#
+# Objects smaller than this are not evicted from the buffercache once read
+# keep_cache_size = 5424880
+#
+# If true, objects for authenticated GET requests may be kept in buffer cache
+# if small enough
+# keep_cache_private = false
+#
+# on PUTs, sync data every n MB
+# mb_per_sync = 512
+#
+# Comma separated list of headers that can be set in metadata on an object.
+# This list is in addition to X-Object-Meta-* headers and cannot include
+# Content-Type, etag, Content-Length, or deleted
+# allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest, X-Static-Large-Object
+#
+# auto_create_account_prefix = .
+#
+# A value of 0 means "don't use thread pools". A reasonable starting point is
+# 4.
+# threads_per_disk = 0
+#
+# Configure parameter for creating specific server
+# To handle all verbs, including replication verbs, do not specify
+# "replication_server" (this is the default). To only handle replication,
+# set to a True value (e.g. "True" or "1"). To handle only non-replication
+# verbs, set to "False". Unless you have a separate replication network, you
+# should not specify any value for "replication_server".
+# replication_server = false
+#
+# Set to restrict the number of concurrent incoming REPLICATION requests
+# Set to 0 for unlimited
+# Note that REPLICATION is currently an ssync only item
+# replication_concurrency = 4
+#
+# Restricts incoming REPLICATION requests to one per device,
+# replication_currency above allowing. This can help control I/O to each
+# device, but you may wish to set this to False to allow multiple REPLICATION
+# requests (up to the above replication_concurrency setting) per device.
+# replication_one_per_device = True
+#
+# Number of seconds to wait for an existing replication device lock before
+# giving up.
+# replication_lock_timeout = 15
+#
+# These next two settings control when the REPLICATION subrequest handler will
+# abort an incoming REPLICATION attempt. An abort will occur if there are at
+# least threshold number of failures and the value of failures / successes
+# exceeds the ratio. The defaults of 100 and 1.0 means that at least 100
+# failures have to occur and there have to be more failures than successes for
+# an abort to occur.
+# replication_failure_threshold = 100
+# replication_failure_ratio = 1.0
+#
+# Use splice() for zero-copy object GETs. This requires Linux kernel
+# version 3.0 or greater. If you set "splice = yes" but the kernel
+# does not support it, error messages will appear in the object server
+# logs at startup, but your object servers should continue to function.
+#
+# splice = no
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+# An optional filesystem path, which if present, will cause the healthcheck
+# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE"
+# disable_path =
+
+[filter:recon]
+use = egg:swift#recon
+recon_cache_path = /var/cache/swift
+#recon_lock_path = /var/lock
+
+[object-replicator]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = object-replicator
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# vm_test_mode = no
+# daemonize = on
+# run_pause = 30
+# concurrency = 1
+# stats_interval = 300
+#
+# The sync method to use; default is rsync but you can use ssync to try the
+# EXPERIMENTAL all-swift-code-no-rsync-callouts method. Once ssync is verified
+# as having performance comparable to, or better than, rsync, we plan to
+# deprecate rsync so we can move on with more features for replication.
+# sync_method = rsync
+#
+# max duration of a partition rsync
+# rsync_timeout = 900
+#
+# bandwidth limit for rsync in kB/s. 0 means unlimited
+# rsync_bwlimit = 0
+#
+# passed to rsync for io op timeout
+# rsync_io_timeout = 30
+#
+# node_timeout = <whatever's in the DEFAULT section or 10>
+# max duration of an http request; this is for REPLICATE finalization calls and
+# so should be longer than node_timeout
+# http_timeout = 60
+#
+# attempts to kill all workers if nothing replicates for lockup_timeout seconds
+# lockup_timeout = 1800
+#
+# The replicator also performs reclamation
+# reclaim_age = 604800
+#
+# ring_check_interval = 15
+# recon_cache_path = /var/cache/swift
+#
+# limits how long rsync error log lines are
+# 0 means to log the entire line
+# rsync_error_log_line_length = 0
+#
+# handoffs_first and handoff_delete are options for a special case
+# such as disk full in the cluster. These two options SHOULD NOT BE
+# CHANGED, except for such an extreme situations. (e.g. disks filled up
+# or are about to fill up. Anyway, DO NOT let your drives fill up)
+# handoffs_first is the flag to replicate handoffs prior to canonical
+# partitions. It allows to force syncing and deleting handoffs quickly.
+# If set to a True value(e.g. "True" or "1"), partitions
+# that are not supposed to be on the node will be replicated first.
+# handoffs_first = False
+#
+# handoff_delete is the number of replicas which are ensured in swift.
+# If the number less than the number of replicas is set, object-replicator
+# could delete local handoffs even if all replicas are not ensured in the
+# cluster. Object-replicator would remove local handoff partition directories
+# after syncing partition when the number of successful responses is greater
+# than or equal to this number. By default(auto), handoff partitions will be
+# removed when it has successfully replicated to all the canonical nodes.
+# handoff_delete = auto
+
+[object-updater]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = object-updater
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# interval = 300
+# concurrency = 1
+# node_timeout = <whatever's in the DEFAULT section or 10>
+# slowdown will sleep that amount between objects
+# slowdown = 0.01
+#
+# recon_cache_path = /var/cache/swift
+
+[object-auditor]
+# You can override the default log routing for this app here (don't use set!):
+# log_name = object-auditor
+# log_facility = LOG_LOCAL0
+# log_level = INFO
+# log_address = /dev/log
+#
+# You can set the disk chunk size that the auditor uses making it larger if
+# you like for more efficient local auditing of larger objects
+# disk_chunk_size = 65536
+# files_per_second = 20
+# concurrency = 1
+# bytes_per_second = 10000000
+# log_time = 3600
+# zero_byte_files_per_second = 50
+# recon_cache_path = /var/cache/swift
+
+# Takes a comma separated list of ints. If set, the object auditor will
+# increment a counter for every object whose size is <= to the given break
+# points and report the result after a full scan.
+# object_size_stats =
+
+# Note: Put it at the beginning of the pipleline to profile all middleware. But
+# it is safer to put this after healthcheck.
+[filter:xprofile]
+use = egg:swift#xprofile
+# This option enable you to switch profilers which should inherit from python
+# standard profiler. Currently the supported value can be 'cProfile',
+# 'eventlet.green.profile' etc.
+# profile_module = eventlet.green.profile
+#
+# This prefix will be used to combine process ID and timestamp to name the
+# profile data file. Make sure the executing user has permission to write
+# into this path (missing path segments will be created, if necessary).
+# If you enable profiling in more than one type of daemon, you must override
+# it with an unique value like: /var/log/swift/profile/object.profile
+# log_filename_prefix = /tmp/log/swift/profile/default.profile
+#
+# the profile data will be dumped to local disk based on above naming rule
+# in this interval.
+# dump_interval = 5.0
+#
+# Be careful, this option will enable profiler to dump data into the file with
+# time stamp which means there will be lots of files piled up in the directory.
+# dump_timestamp = false
+#
+# This is the path of the URL to access the mini web UI.
+# path = /__profile__
+#
+# Clear the data when the wsgi server shutdown.
+# flush_at_shutdown = false
+#
+# unwind the iterator of applications
+# unwind = false
diff --git a/swift/usr/share/swift/etc/swift/swift.j2 b/swift/usr/share/swift/etc/swift/swift.j2
new file mode 100644
index 00000000..6d76215a
--- /dev/null
+++ b/swift/usr/share/swift/etc/swift/swift.j2
@@ -0,0 +1,118 @@
+[swift-hash]
+
+# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the
+# the hashing algorithm when determining data placement in the cluster.
+# These values should remain secret and MUST NOT change
+# once a cluster has been deployed.
+
+swift_hash_path_suffix = {{ SWIFT_HASH_PATH_SUFFIX }}
+swift_hash_path_prefix = {{ SWIFT_HASH_PATH_PREFIX }}
+
+# storage policies are defined here and determine various characteristics
+# about how objects are stored and treated. Policies are specified by name on
+# a per container basis. Names are case-insensitive. The policy index is
+# specified in the section header and is used internally. The policy with
+# index 0 is always used for legacy containers and can be given a name for use
+# in metadata however the ring file name will always be 'object.ring.gz' for
+# backwards compatibility. If no policies are defined a policy with index 0
+# will be automatically created for backwards compatibility and given the name
+# Policy-0. A default policy is used when creating new containers when no
+# policy is specified in the request. If no other policies are defined the
+# policy with index 0 will be declared the default. If multiple policies are
+# defined you must define a policy with index 0 and you must specify a
+# default. It is recommended you always define a section for
+# storage-policy:0.
+[storage-policy:0]
+name = Policy-0
+default = yes
+
+# the following section would declare a policy called 'silver', the number of
+# replicas will be determined by how the ring is built. In this example the
+# 'silver' policy could have a lower or higher # of replicas than the
+# 'Policy-0' policy above. The ring filename will be 'object-1.ring.gz'. You
+# may only specify one storage policy section as the default. If you changed
+# this section to specify 'silver' as the default, when a client created a new
+# container w/o a policy specified, it will get the 'silver' policy because
+# this config has specified it as the default. However if a legacy container
+# (one created with a pre-policy version of swift) is accessed, it is known
+# implicitly to be assigned to the policy with index 0 as opposed to the
+# current default.
+#[storage-policy:1]
+#name = silver
+
+# The swift-constraints section sets the basic constraints on data
+# saved in the swift cluster. These constraints are automatically
+# published by the proxy server in responses to /info requests.
+
+[swift-constraints]
+
+# max_file_size is the largest "normal" object that can be saved in
+# the cluster. This is also the limit on the size of each segment of
+# a "large" object when using the large object manifest support.
+# This value is set in bytes. Setting it to lower than 1MiB will cause
+# some tests to fail. It is STRONGLY recommended to leave this value at
+# the default (5 * 2**30 + 2).
+
+#max_file_size = 5368709122
+
+
+# max_meta_name_length is the max number of bytes in the utf8 encoding
+# of the name portion of a metadata header.
+
+#max_meta_name_length = 128
+
+
+# max_meta_value_length is the max number of bytes in the utf8 encoding
+# of a metadata value
+
+#max_meta_value_length = 256
+
+
+# max_meta_count is the max number of metadata keys that can be stored
+# on a single account, container, or object
+
+#max_meta_count = 90
+
+
+# max_meta_overall_size is the max number of bytes in the utf8 encoding
+# of the metadata (keys + values)
+
+#max_meta_overall_size = 4096
+
+# max_header_size is the max number of bytes in the utf8 encoding of each
+# header. Using 8192 as default because eventlet use 8192 as max size of
+# header line. This value may need to be increased when using identity
+# v3 API tokens including more than 7 catalog entries.
+# See also include_service_catalog in proxy-server.conf-sample
+# (documented in overview_auth.rst)
+
+#max_header_size = 8192
+
+
+# max_object_name_length is the max number of bytes in the utf8 encoding
+# of an object name
+
+#max_object_name_length = 1024
+
+
+# container_listing_limit is the default (and max) number of items
+# returned for a container listing request
+
+#container_listing_limit = 10000
+
+
+# account_listing_limit is the default (and max) number of items returned
+# for an account listing request
+#account_listing_limit = 10000
+
+
+# max_account_name_length is the max number of bytes in the utf8 encoding
+# of an account name
+
+#max_account_name_length = 256
+
+
+# max_container_name_length is the max number of bytes in the utf8 encoding
+# of a container name
+
+#max_container_name_length = 256
diff --git a/swift/usr/share/swift/hosts b/swift/usr/share/swift/hosts
new file mode 100644
index 00000000..5b97818d
--- /dev/null
+++ b/swift/usr/share/swift/hosts
@@ -0,0 +1 @@
+localhost ansible_connection=local
diff --git a/swift/usr/share/swift/swift-storage.yml b/swift/usr/share/swift/swift-storage.yml
new file mode 100644
index 00000000..62a335ed
--- /dev/null
+++ b/swift/usr/share/swift/swift-storage.yml
@@ -0,0 +1,24 @@
+---
+- hosts: localhost
+ vars_files:
+ - swift-storage-vars.yml
+ vars:
+ remote_user: root
+ tasks:
+ - user: name=swift comment="Swift user"
+ - file: path=/etc/swift owner=swift group=swift state=directory recurse=yes
+
+ - template: src=/usr/share/swift/etc/rsyncd.j2 dest=/etc/rsyncd.conf
+ mode=0644 owner=swift group=swift
+
+ - template: src=/usr/share/swift/etc/swift/{{ item }}.j2
+ dest=/etc/swift/{{ item }}.conf mode=0644 owner=swift group=swift
+ with_items:
+ - account-server
+ - container-server
+ - object-server
+ - swift
+
+ - file: path=/srv/node owner=swift group=swift state=directory recurse=yes
+ - file: path=/var/cache/swift owner=swift group=swift state=directory
+ recurse=yes