openstack/charm-glance-simplestreams-sync
Code Issues Proposed changes
fd3d2b7610
charm-glance-simplestreams-.../README.md
Alex Kavanagh ac1d2b5dda Add ssl_ca option to enable to gss 
This patch enables SSL to be used with glance-simplestreams-sync.
The ssl_ca option allows a base64 encoded PEM CA certificate to be
used with g-s-s such that the keystone and glance HTTPS sessions are
verified using that certificate.

A new basic_deployment_ssl.py is introduced that just verifies that the
gss charm can get gss to perform a sync; this verifies that gss can
communicate with https versions of keystone and glance.

Note that the simplestreams package also requires a change for SSL to
function properly.  As simplestreams doesn't seem to use PyPi, the
version from the git master will need to be used.

Change-Id: Idcdcb2c933a92a558e729aeb718b58d4077621a7
Closes-Bug: #1802407
2019-01-11 09:37:56 +00:00

2.9 KiB
Raw Blame History

Known Issues

https://bugs.launchpad.net/charm-glance-simplestreams-sync

Overview

This charm provides a service that syncs your OpenStack cloud's available OS images in OpenStack Glance with the available images from a set of simplestreams mirrors, by default using cloud-images.ubuntu.com.

It will create a user named 'image-stream' in the 'services' tenant. If swift is enabled, glance will store its images in swift using the image-stream username.

It can optionally also store simplestreams metadata into Swift for future use by juju. If enabled, it publishes the URL for that metadata as the endpoints of a new OpenStack service called 'product-streams'. If using Swift is not enabled, the product-streams service will still exist, but nothing will respond to requests to its endpoints.

The charm installs a cron job that repeatedly checks the status of related services and begins syncing image data from your configured mirrors as soon as all services are in place.

It can be deployed at any time, and upon deploy (or changing the 'run' config setting), it will attempt to contact keystone and glance and start a sync every minute until a successful sync occurs.

Requirements

This charm requires a relation to keystone. It also requires a running glance instance, but not a direct relation to glance. It connects to glance via its endpoint as published in keystone.

Usage

juju deploy glance-simplestreams-sync [--config optional-config.yaml]
juju add-relation keystone glance-simplestreams-sync

Configuration

The charm has the following configuration variables:

run

run is a boolean that enables or disables the sync cron script. It is True by default, and changing it from False to True will schedule an immediate attempt to sync images.

use_swift

use_swift is a boolean that determines whether or not to store data in swift and publish the path to product metadata via the 'product-streams' endpoint.

NOTE Changing the value will only affect the next sync, and does not currently remove an existing product-streams service or delete potentially stale product data.

frequency

frequency is a string, and must be one of 'hourly', 'daily', 'weekly'. It controls how often the sync cron job is run - it is used to link the script into /etc/cron.$frequency.

region

region is the OpenStack region in which the product-streams endpoint will be created.

mirror_list

mirror_list is a yaml-formatted list of options to be passed to Simplestreams. It defaults to settings for downloading images from cloud-images.ubuntu.com, and is not yet tested with other mirror locations. If you have set up your own Simplestreams mirror, you should be able to set the necessary configuration values.

ssl_ca

This is used, optionally, to verify the certificates when in ssl mode for keystone and glance. This should be provided as a base64 encoded PEM certificate.