rook: reflect changes regarding Keystone/Swift (#702)

Signed-off-by: Axel Lender <[email protected]>
osism · Nov 28, 2024 · 454dd98 · 454dd98
1 parent 16303a6
commit 454dd98
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 5 deletions.
diff --git a/docs/guides/configuration-guide/rook.md b/docs/guides/configuration-guide/rook.md
@@ -123,6 +123,28 @@ rook_cephobjectstore_erasurecoded_default_codingchunks: 1
 rook_cephobjectstore_failuredomain: host
 rook_cephobjectstore_default_port: 8081
 rook_cephobjectstore_preservepoolsondelete: true
+rook_cephobjectstore_keystone_acceptedRoles: []
+  # - admin
+  # - member
+rook_cephobjectstore_keystone_implicitTenants: ""
+rook_cephobjectstore_keystone_revocationInterval: 1200
+rook_cephobjectstore_keystone_tokenCacheSize: 1000
+rook_cephobjectstore_keystone_url: ""
+rook_cephobjectstore_swift_accountInUrl: true
+rook_cephobjectstore_swift_urlPrefix: ""
+rook_cephobjectstore_swift_versioningEnabled: true
+rook_cephobjectstore_s3_authKeystone: true
+rook_cephobjectstore_s3_enable: true
+# name of the secret that provides admin user credentials needs to be in same namespace
+rook_cephobjectstore_keystone_serviceUserSecretName: ceph-rgw-usersecret
+# the following settings belong to the usersecret
+rook_cephobjectstore_keystone_auth_type: ""
+rook_cephobjectstore_keystone_identity_api_version: 3
+rook_cephobjectstore_keystone_password: ""
+rook_cephobjectstore_keystone_project_domain_name: "Default"
+rook_cephobjectstore_keystone_project_name: ""
+rook_cephobjectstore_keystone_user_domain_name: "Default"
+rook_cephobjectstore_keystone_username: ""
 rook_cephobjectstores:
   - name: "{{ rook_cephobjectstore_default_name }}"
     spec:
@@ -150,6 +172,22 @@ rook_cephobjectstores:
         priorityClassName: system-cluster-critical
         placement: "{{ rook_placement_cephobjectstore }}"
         annotations: "{{ rook_annotations_cephobjecstore }}"
+      auth:
+        keystone:
+          acceptedRoles: "{{ rook_cephobjectstore_keystone_acceptedRoles }}"
+          implicitTenants: "{{ rook_cephobjectstore_keystone_implicitTenants }}"
+          revocationInterval: "{{ rook_cephobjectstore_keystone_revocationInterval }}"
+          serviceUserSecretName: "{{ rook_cephobjectstore_keystone_serviceUserSecretName }}"
+          tokenCacheSize: "{{ rook_cephobjectstore_keystone_tokenCacheSize }}"
+          url: "{{ rook_cephobjectstore_keystone_url }}"
+        protocols:
+          swift:
+            accountInUrl: "{{ rook_cephobjectstore_swift_accountInUrl }}"
+            urlPrefix: "{{ rook_cephobjectstore_swift_urlPrefix }}"
+            versioningEnabled: "{{ rook_cephobjectstore_swift_versioningEnabled }}"
+          s3:
+            authKeystone: "{{ rook_cephobjectstore_s3_authKeystone }}"
+            enable: "{{ rook_cephobjectstore_s3_enable }}"
     storageClass:
       enabled: false
 ```

diff --git a/docs/guides/deploy-guide/services/rook.md b/docs/guides/deploy-guide/services/rook.md
@@ -94,11 +94,32 @@ When using rook, all services are deployed via a single helm chart and at the sa
 
 Deployment of the Ceph RGW Service is enabled by default in rook. This is done by creating a default [CephObjectStore CRD](https://rook.io/docs/rook/latest-release/CRDs/Object-Storage/ceph-object-store-crd/). How the Ceph RGW service can be deployed and integrated into OpenStack is described here.
 
-:::info
-
-OpenStack integration between Keystone/Swift and Rook is currently missing upstream in Rook. Please have a look at [#1027](https://github.com/orgs/SovereignCloudStack/projects/18/views/1?layout=board&pane=issue&itemId=63889060) to get the current status of the integration in OSISM.
-
-:::
+In the `environments/rook/configuration.yml` file you have to adapt accordingly to your environment at least like shown below:
+
+```yaml title="environments/rook/configuration.yml"
+rook_cephconfig:
+  client.rgw.rgw.a:
+    rgw_keystone_verify_ssl: "false"
+    rgw_verify_ssl: "false"
+## keystone
+rook_cephobjectstore_keystone_acceptedRoles:
+  - admin
+  - member
+rook_cephobjectstore_keystone_implicitTenants: "true"
+rook_cephobjectstore_keystone_url: "https://api-int.testbed.osism.xyz:5000"
+rook_cephobjectstore_swift_urlPrefix: "swift"
+## keystone user
+rook_cephobjectstore_keystone_auth_type: "password"
+rook_cephobjectstore_keystone_project_domain_name: "Default"
+rook_cephobjectstore_keystone_project_name: "service"
+rook_cephobjectstore_keystone_user_domain_name: "Default"
+rook_cephobjectstore_keystone_username: "ceph_rgw"
+````
+As well as in the `environments/rook/secrets.yml` file:
+
+```yaml title="environments/rook/secrets.yml"
+rook_cephobjectstore_keystone_passwor: supersecretpassword
+````
 
 ## Change node labels