Remove glance-registry in OpenStack Stein deployments

This patch removes glance-registry service when upgrading to
OpenStack Stein and later releases.

Second part of:
Change-Id: Ie6d618582cd5063738a965d36e7d766633e1a607

Change-Id: I5e644ed8dba809fd1ad5d628f32ea64d31799e52
Signed-off-by: Stamatis Katsaounis <skatsaounis@admin.grnet.gr>

actions/security_checklist.py

@@ -25,6 +25,9 @@ import charmhelpers.contrib.openstack.audits as audits
 from charmhelpers.contrib.openstack.audits import (
     openstack_security_guide,
 )
+from charmhelpers.contrib.openstack.utils import (
+    CompareOpenStackReleases,
+    os_release)
 
 
 # Via the openstack_security_guide above, we are running the following
@@ -70,12 +73,14 @@ def validate_glance_uses_keystone(audit_options):
     glance_api = dict(conf)
     assert glance_api.get('DEFAULT', {}).get('auth_strategy') == "keystone", \
         "Keystone should be used for auth in glance-api.conf"
-    conf = configparser.ConfigParser()
+    cmp_release = CompareOpenStackReleases(os_release('glance-common'))
-    conf.read(os.path.join('/etc/glance/glance-registry.conf'))
+    if cmp_release <= 'stein':
-    glance_registry = dict(conf)
+        conf = configparser.ConfigParser()
-    assert glance_registry.get('DEFAULT', {}) \
+        conf.read(os.path.join('/etc/glance/glance-registry.conf'))
-                          .get('auth_strategy') == "keystone", \
+        glance_registry = dict(conf)
-        "Keystone should be used for auth in glance-api.conf"
+        assert glance_registry.get('DEFAULT', {}) \
+                              .get('auth_strategy') == "keystone", \
+            "Keystone should be used for auth in glance-registry.conf"
 
 
 @audits.audit(audits.is_audit_type(audits.AuditType.OpenStackSecurityGuide))
@@ -96,14 +101,17 @@ def validate_glance_uses_tls_for_keystone(audit_options):
     assert glance_api.get('keystone_authtoken', {}).get('auth_uri'). \
         startswith("https://"), \
         "TLS should be used to authenticate with Keystone"
-    conf = configparser.ConfigParser()
+    cmp_release = CompareOpenStackReleases(os_release('glance-common'))
-    conf.read(os.path.join('/etc/glance/glance-registry.conf'))
+    if cmp_release <= 'stein':
-    glance_registry = dict(conf)
+        conf = configparser.ConfigParser()
-    assert not glance_registry.get('keystone_authtoken', {}).get('insecure'), \
+        conf.read(os.path.join('/etc/glance/glance-registry.conf'))
-        "Insecure mode should not be used with TLS"
+        glance_registry = dict(conf)
-    assert glance_registry.get('keystone_authtoken', {}).get('auth_uri'). \
+        assert not glance_registry.get(
-        startswith("https://"), \
+            'keystone_authtoken', {}).get('insecure'), \
-        "TLS should be used to authenticate with Keystone"
+            "Insecure mode should not be used with TLS"
+        assert glance_registry.get('keystone_authtoken', {}).get('auth_uri'). \
+            startswith("https://"), \
+            "TLS should be used to authenticate with Keystone"
 
 
 def main():

hooks/glance_relations.py

@@ -190,15 +190,22 @@ def db_joined():
 @hooks.hook('shared-db-relation-changed')
 @restart_on_change(restart_map())
 def db_changed():
-    rel = os_release('glance-common')
+    release = os_release('glance-common')
+    cmp_release = CompareOpenStackReleases(release)
 
     if 'shared-db' not in CONFIGS.complete_contexts():
         juju_log('shared-db relation incomplete. Peer not ready?')
         return
 
-    CONFIGS.write(GLANCE_REGISTRY_CONF)
+    # https://blueprints.launchpad.net/glance/+spec/deprecate-registry
+    # Based on Glance registry deprecation and removal on Stein release,
+    # its configuration is written only if OpenStack version is previous
+    # than Stein.
+    if cmp_release < 'stein':
+        CONFIGS.write(GLANCE_REGISTRY_CONF)
+
     # since folsom, a db connection setting in glance-api.conf is required.
-    if rel != "essex":
+    if cmp_release != "essex":
         CONFIGS.write(GLANCE_API_CONF)
 
     if is_elected_leader(CLUSTER_RES):
@@ -207,7 +214,7 @@ def db_changed():
         # permitted units then check if we're in the list.
         allowed_units = relation_get('allowed_units')
         if allowed_units and local_unit() in allowed_units.split():
-            if rel == "essex":
+            if cmp_release == "essex":
                 status = call(['glance-manage', 'db_version'])
                 if status != 0:
                     juju_log('Setting version_control to 0')

hooks/glance_utils.py

@@ -240,6 +240,8 @@ def register_configs():
         confs.append(ceph_config_file())
 
     for conf in confs:
+        if cmp_release >= 'stein' and conf == GLANCE_REGISTRY_CONF:
+            continue
         configs.register(conf, CONFIG_FILES[conf]['hook_contexts'])
 
     if os.path.exists('/etc/apache2/conf-available'):
@@ -281,6 +283,8 @@ def determine_purge_packages():
         pkgs.extend(["python-cinderclient",
                      "python-os-brick",
                      "python-oslo.rootwrap"])
+        if CompareOpenStackReleases(os_release('glance')) >= 'stein':
+            pkgs.append('glance-registry')
         return pkgs
     return []
 

templates/stein/glance-api.conf

@@ -0,0 +1,99 @@
+[DEFAULT]
+verbose = {{ verbose }}
+use_syslog = {{ use_syslog }}
+debug = {{ debug }}
+workers = {{ workers }}
+bind_host = {{ bind_host }}
+
+{% if ext -%}
+bind_port = {{ ext }}
+{% elif bind_port -%}
+bind_port = {{ bind_port }}
+{% else -%}
+bind_port = 9292
+{% endif -%}
+
+{% if transport_url %}
+transport_url = {{ transport_url }}
+{% endif %}
+
+log_file = /var/log/glance/api.log
+backlog = 4096
+
+{% if expose_image_locations -%}
+show_multiple_locations = {{ expose_image_locations }}
+show_image_direct_url = {{ expose_image_locations }}
+{% endif -%}
+
+{% if api_config_flags -%}
+{% for key, value in api_config_flags.items() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+image_cache_dir = /var/lib/glance/image-cache/
+db_enforce_mysql_charset = False
+
+{% if image_size_cap -%}
+image_size_cap = {{ image_size_cap }}
+{% endif -%}
+
+[glance_store]
+{%- if use_internal_endpoints %}
+catalog_info = {{ volume_catalog_info }}
+{%- endif %}
+
+filesystem_store_datadir = {{ filesystem_store_datadir }}
+
+stores = {{ known_stores }}
+{% if rbd_pool -%}
+default_store = rbd
+{% elif swift_store -%}
+default_store = swift
+{% elif cinder_store -%}
+default_store = cinder
+{% else -%}
+default_store = file
+{% endif -%}
+
+{% if swift_store -%}
+default_swift_reference = swift
+swift_store_config_file = /etc/glance/glance-swift.conf
+swift_store_create_container_on_put = true
+{% endif -%}
+
+{% if rbd_pool -%}
+rbd_store_ceph_conf = /etc/ceph/ceph.conf
+rbd_store_user = {{ rbd_user }}
+rbd_store_pool = {{ rbd_pool }}
+rbd_store_chunk_size = 8
+{% endif -%}
+
+[image_format]
+disk_formats = {{ disk_formats }}
+{% if container_formats -%}
+container_formats = {{ container_formats }}
+{% endif -%}
+
+{% include "section-keystone-authtoken-v3only" %}
+
+{% if auth_host -%}
+[paste_deploy]
+flavor = keystone
+{% endif %}
+
+[barbican]
+auth_endpoint = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v3
+
+{% include "parts/section-database" %}
+
+{% include "section-oslo-messaging-rabbit" %}
+
+{% include "section-oslo-notifications" %}
+
+{% include "section-oslo-middleware" %}
+
+{% include "parts/section-storage" %}