Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-6675

Modify VA1 so RGW is accessible via a separate network

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None

      Today VA1 deploys the Public RGW endpoint on the storage network. This allowed us to get some testing done but ultimately this endpoint should be reachable from the external network for cloud users (who shouldn't have direct access to the storage network).

      Per this task we will update VA1 [0] to:

      • configure the external network [1] on EDPM nodes
      • update the call to ci-framework to use a VIP [2] from the external network
      • continue to serve the RGW from the storage network (two VIPs [3])

      The second bullet is for customers using RGW like an s3
      The third bullet is for customers using RGW as a Glance backend who don't want that traffic to be public

      Director already configures both an internal and external VIP for RGW so even if the customer is not using both of the above VIPs they will have them both configured [4]

      parameter_defaults:
         ExternalSwiftPublicUrl: 'http://<Public RGW endpoint or loadbalancer>:8080/swift/v1/AUTH_%(project_id)s'
         ExternalSwiftInternalUrl: 'http://<Internal RGW endpoint>:8080/swift/v1/AUTH_%(project_id)s'
         ExternalSwiftAdminUrl: 'http://<Admin RGW endpoint>:8080/swift/v1/AUTH_%(project_id)s'
      

      [0] https://github.com/openstack-k8s-operators/architecture/tree/main/examples/va/hci

      [1] https://github.com/openstack-k8s-operators/architecture/blob/ad99343dc104ca19381a9b0ad29b86b6ce61face/examples/va/hci/control-plane/nncp/values.yaml#L165

      [2] https://github.com/openstack-k8s-operators/ci-framework/blob/bb93d3dc0a19054e23f03af7fa6a10ec47e450c3/roles/cifmw_cephadm/templates/ceph_rgw.yml.j2#L32

      [3] https://docs.ceph.com/en/latest/cephadm/services/rgw/#selecting-ethernet-interfaces-for-the-virtual-ip

      [4] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html-single/integrating_the_overcloud_with_an_existing_red_hat_ceph_storage_cluster/index#proc-adding-an-additional-environment-file-for-external-ceph-object-gateway-rgw-for-object-storage_integrate-with-existing-cs-cluster

            rhn-support-johfulto John Fulton
            rhn-support-johfulto John Fulton
            rhos-dfg-storage-squad-ceph
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: