From 454dd98b9d7b4220da7ac1cb78ad42ce37609e92 Mon Sep 17 00:00:00 2001 From: b1-lender Date: Thu, 28 Nov 2024 19:47:25 +0100 Subject: [PATCH] rook: reflect changes regarding Keystone/Swift (#702) Signed-off-by: Axel Lender --- docs/guides/configuration-guide/rook.md | 38 +++++++++++++++++++++++ docs/guides/deploy-guide/services/rook.md | 31 +++++++++++++++--- 2 files changed, 64 insertions(+), 5 deletions(-) diff --git a/docs/guides/configuration-guide/rook.md b/docs/guides/configuration-guide/rook.md index 545d415781..d8faca5b39 100644 --- a/docs/guides/configuration-guide/rook.md +++ b/docs/guides/configuration-guide/rook.md @@ -123,6 +123,28 @@ rook_cephobjectstore_erasurecoded_default_codingchunks: 1 rook_cephobjectstore_failuredomain: host rook_cephobjectstore_default_port: 8081 rook_cephobjectstore_preservepoolsondelete: true +rook_cephobjectstore_keystone_acceptedRoles: [] + # - admin + # - member +rook_cephobjectstore_keystone_implicitTenants: "" +rook_cephobjectstore_keystone_revocationInterval: 1200 +rook_cephobjectstore_keystone_tokenCacheSize: 1000 +rook_cephobjectstore_keystone_url: "" +rook_cephobjectstore_swift_accountInUrl: true +rook_cephobjectstore_swift_urlPrefix: "" +rook_cephobjectstore_swift_versioningEnabled: true +rook_cephobjectstore_s3_authKeystone: true +rook_cephobjectstore_s3_enable: true +# name of the secret that provides admin user credentials needs to be in same namespace +rook_cephobjectstore_keystone_serviceUserSecretName: ceph-rgw-usersecret +# the following settings belong to the usersecret +rook_cephobjectstore_keystone_auth_type: "" +rook_cephobjectstore_keystone_identity_api_version: 3 +rook_cephobjectstore_keystone_password: "" +rook_cephobjectstore_keystone_project_domain_name: "Default" +rook_cephobjectstore_keystone_project_name: "" +rook_cephobjectstore_keystone_user_domain_name: "Default" +rook_cephobjectstore_keystone_username: "" rook_cephobjectstores: - name: "{{ rook_cephobjectstore_default_name }}" spec: @@ -150,6 +172,22 @@ rook_cephobjectstores: priorityClassName: system-cluster-critical placement: "{{ rook_placement_cephobjectstore }}" annotations: "{{ rook_annotations_cephobjecstore }}" + auth: + keystone: + acceptedRoles: "{{ rook_cephobjectstore_keystone_acceptedRoles }}" + implicitTenants: "{{ rook_cephobjectstore_keystone_implicitTenants }}" + revocationInterval: "{{ rook_cephobjectstore_keystone_revocationInterval }}" + serviceUserSecretName: "{{ rook_cephobjectstore_keystone_serviceUserSecretName }}" + tokenCacheSize: "{{ rook_cephobjectstore_keystone_tokenCacheSize }}" + url: "{{ rook_cephobjectstore_keystone_url }}" + protocols: + swift: + accountInUrl: "{{ rook_cephobjectstore_swift_accountInUrl }}" + urlPrefix: "{{ rook_cephobjectstore_swift_urlPrefix }}" + versioningEnabled: "{{ rook_cephobjectstore_swift_versioningEnabled }}" + s3: + authKeystone: "{{ rook_cephobjectstore_s3_authKeystone }}" + enable: "{{ rook_cephobjectstore_s3_enable }}" storageClass: enabled: false ``` diff --git a/docs/guides/deploy-guide/services/rook.md b/docs/guides/deploy-guide/services/rook.md index 86d35b46a8..1f1dabd0bc 100644 --- a/docs/guides/deploy-guide/services/rook.md +++ b/docs/guides/deploy-guide/services/rook.md @@ -94,11 +94,32 @@ When using rook, all services are deployed via a single helm chart and at the sa Deployment of the Ceph RGW Service is enabled by default in rook. This is done by creating a default [CephObjectStore CRD](https://rook.io/docs/rook/latest-release/CRDs/Object-Storage/ceph-object-store-crd/). How the Ceph RGW service can be deployed and integrated into OpenStack is described here. -:::info - -OpenStack integration between Keystone/Swift and Rook is currently missing upstream in Rook. Please have a look at [#1027](https://github.com/orgs/SovereignCloudStack/projects/18/views/1?layout=board&pane=issue&itemId=63889060) to get the current status of the integration in OSISM. - -::: +In the `environments/rook/configuration.yml` file you have to adapt accordingly to your environment at least like shown below: + +```yaml title="environments/rook/configuration.yml" +rook_cephconfig: + client.rgw.rgw.a: + rgw_keystone_verify_ssl: "false" + rgw_verify_ssl: "false" +## keystone +rook_cephobjectstore_keystone_acceptedRoles: + - admin + - member +rook_cephobjectstore_keystone_implicitTenants: "true" +rook_cephobjectstore_keystone_url: "https://api-int.testbed.osism.xyz:5000" +rook_cephobjectstore_swift_urlPrefix: "swift" +## keystone user +rook_cephobjectstore_keystone_auth_type: "password" +rook_cephobjectstore_keystone_project_domain_name: "Default" +rook_cephobjectstore_keystone_project_name: "service" +rook_cephobjectstore_keystone_user_domain_name: "Default" +rook_cephobjectstore_keystone_username: "ceph_rgw" +```` +As well as in the `environments/rook/secrets.yml` file: + +```yaml title="environments/rook/secrets.yml" +rook_cephobjectstore_keystone_passwor: supersecretpassword +```` ## Change node labels