6 files changed, 135 insertions, 9 deletions

diff --git a/manifests/profile/base/ceph/rgw.pp b/manifests/profile/base/ceph/rgw.pp
index 2ecca52..8443de0 100644
--- a/manifests/profile/base/ceph/rgw.pp
+++ b/manifests/profile/base/ceph/rgw.pp
@@ -29,6 +29,10 @@
 # [*keystone_admin_token*]
 #   The keystone admin token
 #
+# [*rgw_keystone_version*] The api version for keystone.
+#   Possible values 'v2.0', 'v3'
+#   Optional. Default is 'v2.0'
+#
 # [*keystone_url*]
 #   The internal or admin url for keystone
 #
@@ -44,9 +48,10 @@ class tripleo::profile::base::ceph::rgw (
   $keystone_admin_token,
   $keystone_url,
   $rgw_key,
-  $civetweb_bind_ip   = '127.0.0.1',
-  $civetweb_bind_port = '8080',
-  $step               = hiera('step'),
+  $civetweb_bind_ip            = '127.0.0.1',
+  $civetweb_bind_port          = '8080',
+  $rgw_keystone_version        = 'v2.0',
+  $step                        = hiera('step'),
 ) {
 
   include ::tripleo::profile::base::ceph
@@ -58,7 +63,8 @@ class tripleo::profile::base::ceph::rgw (
     include ::ceph::profile::base
     ceph::rgw { $rgw_name:
       frontend_type => 'civetweb',
-      rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}"
+      rgw_frontends => "civetweb port=${civetweb_bind_ip_real}:${civetweb_bind_port}",
+      user          => 'ceph',
     }
     ceph::key { "client.${rgw_name}":
       secret  => $rgw_key,
@@ -69,11 +75,24 @@ class tripleo::profile::base::ceph::rgw (
   }
 
   if $step >= 4 {
-    ceph::rgw::keystone { $rgw_name:
-      rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
-      use_pki                     => false,
-      rgw_keystone_admin_token    => $keystone_admin_token,
-      rgw_keystone_url            => $keystone_url,
+    if $rgw_keystone_version == 'v2.0' {
+      ceph::rgw::keystone { $rgw_name:
+        rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
+        use_pki                     => false,
+        rgw_keystone_admin_token    => $keystone_admin_token,
+        rgw_keystone_url            => $keystone_url,
+        user                        => 'ceph',
+      }
+    }
+    else
+    {
+      ceph::rgw::keystone { $rgw_name:
+        rgw_keystone_accepted_roles => ['admin', '_member_', 'Member'],
+        use_pki                     => false,
+        rgw_keystone_url            => $keystone_url,
+        rgw_keystone_version        => $rgw_keystone_version,
+        user                        => 'ceph',
+      }
     }
   }
 }
diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp
new file mode 100644
index 0000000..05a516d
--- /dev/null
+++ b/manifests/profile/base/docker_registry.pp
@@ -0,0 +1,73 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::docker_registry
+#
+# Docker Registry profile for tripleo
+#
+# === Parameters:
+#
+# [*registry_host*]
+#  (String) IP address on which the Docker registry is listening on
+#  Defaults to hiera('controller_host')
+#
+# [*registry_port*]
+#  (Integer) The port on which the Docker registry is listening on
+#  Defaults to 8787
+#
+# [*controller_admin_vip*]
+#  (String) VIP of the host
+#  Defaults to hiera('controller_admin_vip')
+#
+class tripleo::profile::base::docker_registry (
+  $registry_host        = hiera('controller_host'),
+  $registry_port        = 8787,
+  $controller_admin_vip = hiera('controller_admin_vip'),
+) {
+  # We want a v2 registry
+  package{'docker-registry':
+    ensure => absent,
+  }
+  package{'docker-distribution': }
+  package{'docker': }
+  file { '/etc/docker-distribution/registry/config.yml' :
+    ensure  => file,
+    content => template('tripleo/docker_distribution/registry_config.yml.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['docker-distribution'],
+    notify  => Service['docker-distribution'],
+  }
+  file_line { 'docker insecure registry':
+    path    => '/etc/sysconfig/docker',
+    line    => join ([
+      'INSECURE_REGISTRY="',
+      '--insecure-registry ', $registry_host, ':', $registry_port, ' ',
+      '--insecure-registry ', $controller_admin_vip, ':', $registry_port, '"']),
+    match   => 'INSECURE_REGISTRY=',
+    require => Package['docker'],
+    notify  => Service['docker'],
+  }
+  service { 'docker-distribution':
+    ensure  => running,
+    enable  => true,
+    require => Package['docker-distribution'],
+  }
+  service { 'docker':
+    ensure  => running,
+    enable  => true,
+    require => Package['docker'],
+  }
+}
diff --git a/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml b/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml
new file mode 100644
index 0000000..6159415
--- /dev/null
+++ b/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Add support for configuring Ceph RGW to use
+    keystone V3 service authentication instead
+    of admin token authentication
diff --git a/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
index 88f971b..4ebf521 100644
--- a/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
+++ b/spec/classes/tripleo_profile_base_ceph_rgw_spec.rb
@@ -85,6 +85,17 @@ describe 'tripleo::profile::base::ceph::rgw' do
         )
       end
     end
+
+    context 'with step 4 and keystone v3' do
+      let(:params) { default_params.merge({ :step => 4, :rgw_keystone_version => 'v3' }) }
+      it 'should include rgw configuration' do
+        is_expected.to contain_ceph__rgw__keystone('radosgw.gateway').with(
+          :rgw_keystone_accepted_roles => ["admin", "_member_", "Member"],
+          :use_pki                     => false,
+          :rgw_keystone_url            => 'url'
+        )
+      end
+    end
   end
 
   on_supported_os.each do |os, facts|
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index c4a980f..4d5dc99 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -14,6 +14,13 @@ barbican::keystone::authtoken::password: 'password'
 ceilometer::keystone::authtoken::password: 'password'
 # ceph related items
 ceph::profile::params::mon_key: 'password'
+# NOTE(gfidente): we want to use keystone v3 API for RGW so the following are
+# needed to comply with the if condition:
+# https://github.com/openstack/puppet-ceph/blob/master/manifests/rgw/keystone.pp#L111
+ceph::profile::params::rgw_keystone_admin_domain: 'keystone_domain'
+ceph::profile::params::rgw_keystone_admin_project: 'keystone_project'
+ceph::profile::params::rgw_keystone_admin_user: 'keystone_admin_user'
+ceph::profile::params::rgw_keystone_admin_password: 'keystone_admin_password'
 # cinder related items
 cinder::rabbit_password: 'password'
 cinder::keystone::authtoken::password: 'password'
diff --git a/templates/docker_distribution/registry_config.yml.erb b/templates/docker_distribution/registry_config.yml.erb
new file mode 100644
index 0000000..d5228fb
--- /dev/null
+++ b/templates/docker_distribution/registry_config.yml.erb
@@ -0,0 +1,11 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+    cache:
+        layerinfo: inmemory
+    filesystem:
+        rootdirectory: /var/lib/registry
+http:
+    addr: <%= @registry_host %>:<%= @registry_port %>