openstack/kolla-ansible
Code Issues Proposed changes
74ec1fab2a
kolla-ansible/ansible/roles/glance/defaults/main.yml
Dr. Jens Harbott 479a78706a Stop creating non-keystone admin endpoints 
The admin interface for endpoints never had any real use, the
functionality was the same as for the public or internal endpoints,
except for Keystone. Even for Keystone with API v3 it would no longer
really be needed, but it is still being required by some libraries that
cannot be changed in order to stay backwards compatible.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Icf3bf08deab2c445361f0a0124d87ad8b0e4e9d9
2021-12-21 13:09:36 +01:00

262 lines
11 KiB
YAML
Raw Blame History

---
project_name: "glance"
glance_services:
glance-api:
container_name: glance_api
group: glance-api
host_in_groups: "{{ inventory_hostname in glance_api_hosts }}"
enabled: true
image: "{{ glance_api_image_full }}"
environment: "{{ glance_api_container_proxy }}"
privileged: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}"
volumes: "{{ glance_api_default_volumes + glance_api_extra_volumes }}"
dimensions: "{{ glance_api_dimensions }}"
healthcheck: "{{ glance_api_healthcheck }}"
haproxy:
glance_api:
enabled: "{{ enable_glance | bool and not glance_enable_tls_backend | bool }}"
mode: "http"
external: false
port: "{{ glance_api_port }}"
frontend_http_extra:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
custom_member_list: "{{ haproxy_members.split(';') }}"
glance_api_external:
enabled: "{{ enable_glance | bool and not glance_enable_tls_backend | bool }}"
mode: "http"
external: true
port: "{{ glance_api_port }}"
frontend_http_extra:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
custom_member_list: "{{ haproxy_members.split(';') }}"
glance-tls-proxy:
container_name: glance_tls_proxy
group: glance-api
host_in_groups: "{{ inventory_hostname in glance_api_hosts }}"
enabled: "{{ glance_enable_tls_backend }}"
image: "{{ glance_tls_proxy_image_full }}"
volumes: "{{ glance_tls_proxy_default_volumes + glance_tls_proxy_extra_volumes }}"
dimensions: "{{ glance_tls_proxy_dimensions }}"
healthcheck: "{{ glance_tls_proxy_healthcheck }}"
haproxy:
glance_tls_proxy:
enabled: "{{ enable_glance | bool and glance_enable_tls_backend | bool }}"
mode: "http"
external: false
port: "{{ glance_api_port }}"
frontend_http_extra:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
custom_member_list: "{{ haproxy_tls_members.split(';') }}"
tls_backend: "yes"
glance_tls_proxy_external:
enabled: "{{ enable_glance | bool and glance_enable_tls_backend | bool }}"
mode: "http"
external: true
port: "{{ glance_api_port }}"
frontend_http_extra:
- "timeout client {{ haproxy_glance_api_client_timeout }}"
backend_http_extra:
- "timeout server {{ haproxy_glance_api_server_timeout }}"
custom_member_list: "{{ haproxy_tls_members.split(';') }}"
tls_backend: "yes"
####################
# HAProxy
####################
haproxy_members: "{% for host in glance_api_hosts %}server {{ hostvars[host].ansible_facts.hostname }} {{ 'api' | kolla_address(host) }}:{{ glance_api_listen_port }} check inter 2000 rise 2 fall 5;{% endfor %}"
haproxy_tls_members: "{% for host in glance_api_hosts %}server {{ hostvars[host].ansible_facts.hostname }} {{ 'api' | kolla_address(host) }}:{{ glance_api_listen_port }} check inter 2000 rise 2 fall 5 ssl verify required ca-file {{ haproxy_backend_cacert }};{% endfor %}"
####################
# Keystone
####################
glance_ks_services:
- name: "glance"
type: "image"
description: "Openstack Image"
endpoints:
- {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ glance_public_endpoint }}'}
glance_ks_users:
- project: "service"
user: "{{ glance_keystone_user }}"
password: "{{ glance_keystone_password }}"
role: "admin"
####################
# Notification
####################
glance_notification_topics:
- name: notifications
enabled: "{{ enable_ceilometer | bool }}"
glance_enabled_notification_topics: "{{ glance_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Database
####################
glance_database_name: "glance"
glance_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}glance{% endif %}"
glance_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# HAProxy
####################
haproxy_glance_api_client_timeout: "6h"
haproxy_glance_api_server_timeout: "6h"
####################
# Docker
####################
glance_install_type: "{{ kolla_install_type }}"
glance_tag: "{{ openstack_tag }}"
glance_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ glance_install_type }}-glance-api"
glance_api_tag: "{{ glance_tag }}"
glance_api_image_full: "{{ glance_api_image }}:{{ glance_api_tag }}"
glance_tls_proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ glance_install_type }}-haproxy"
glance_tls_proxy_tag: "{{ glance_tag }}"
glance_tls_proxy_image_full: "{{ glance_tls_proxy_image }}:{{ glance_tls_proxy_tag }}"
glance_api_dimensions: "{{ default_container_dimensions }}"
glance_tls_proxy_dimensions: "{{ default_container_dimensions }}"
glance_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
glance_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
glance_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
glance_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
glance_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{% if glance_enable_tls_backend | bool %}localhost{% else %}{{ api_interface_address | put_address_in_context('url') }}{% endif %}:{{ glance_api_listen_port }}"]
glance_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
glance_api_healthcheck:
interval: "{{ glance_api_healthcheck_interval }}"
retries: "{{ glance_api_healthcheck_retries }}"
start_period: "{{ glance_api_healthcheck_start_period }}"
test: "{% if glance_api_enable_healthchecks | bool %}{{ glance_api_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ glance_api_healthcheck_timeout }}"
glance_tls_proxy_enable_healthchecks: "{{ enable_container_healthchecks }}"
glance_tls_proxy_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
glance_tls_proxy_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
glance_tls_proxy_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
glance_tls_proxy_healthcheck_test: ["CMD-SHELL", "healthcheck_curl -u {{ haproxy_user }}:{{ haproxy_password }} {{ api_interface_address | put_address_in_context('url') }}:{{ glance_tls_proxy_stats_port }}"]
glance_tls_proxy_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
glance_tls_proxy_healthcheck:
interval: "{{ glance_tls_proxy_healthcheck_interval }}"
retries: "{{ glance_tls_proxy_healthcheck_retries }}"
start_period: "{{ glance_tls_proxy_healthcheck_start_period }}"
test: "{% if glance_tls_proxy_enable_healthchecks | bool %}{{ glance_tls_proxy_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ glance_tls_proxy_healthcheck_timeout }}"
glance_api_default_volumes:
- "{{ node_config_directory }}/glance-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "{{ glance_file_datadir_volume }}:/var/lib/glance/"
- "{{ kolla_dev_repos_directory ~ '/glance/glance:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/glance' if glance_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
# NOTE(yoctozepto): below to support Cinder iSCSI backends
- "{% if enable_cinder | bool and enable_cinder_backend_iscsi | bool %}iscsi_info:/etc/iscsi{% endif %}"
- "{% if enable_cinder | bool and enable_cinder_backend_iscsi | bool %}/dev:/dev{% endif %}"
glance_tls_proxy_default_volumes:
- "{{ node_config_directory }}/glance-tls-proxy/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla/"
glance_extra_volumes: "{{ default_extra_volumes }}"
glance_api_extra_volumes: "{{ glance_extra_volumes }}"
glance_tls_proxy_extra_volumes: "{{ glance_extra_volumes }}"
glance_api_container_proxy: "{{ container_proxy }}"
####################
# Glance
####################
glance_backends:
- name: file
type: file
enabled: "{{ glance_backend_file | bool }}"
- name: http
type: http
enabled: true
- name: rbd
type: rbd
enabled: "{{ glance_backend_ceph | bool }}"
- name: vmware
type: vmware
enabled: "{{ glance_backend_vmware | bool }}"
- name: cinder
type: cinder
enabled: "{{ enable_cinder | bool }}"
- name: swift
type: swift
enabled: "{{ glance_backend_swift | bool }}"
glance_store_backends: "{{ glance_backends|selectattr('enabled', 'equalto', true)|list }}"
####################
# OpenStack
####################
glance_internal_endpoint: "{{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
glance_public_endpoint: "{{ public_protocol }}://{{ glance_external_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
glance_logging_debug: "{{ openstack_logging_debug }}"
glance_keystone_user: "glance"
openstack_glance_auth: "{{ openstack_auth }}"
###################
# Kolla
###################
glance_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
glance_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
glance_dev_mode: "{{ kolla_dev_mode }}"
glance_source_version: "{{ kolla_source_version }}"
################################################
# VMware - OpenStack VMware support
################################################
vmware_vcenter_name:
vmware_datastore_name:
###################
# Glance cache
###################
# Default maximum size of 10Gb
glance_cache_max_size: "10737418240"
####################
# Backend TLS proxy
####################
syslog_server: "{{ api_interface_address }}"
syslog_glance_tls_proxy_facility: "local2"
glance_tls_proxy_max_connections: 40000
glance_tls_proxy_processes: 1
glance_tls_proxy_process_cpu_map: "no"
glance_tls_proxy_defaults_max_connections: 10000
# Glance TLS proxy timeout values
glance_tls_proxy_http_request_timeout: "10s"
glance_tls_proxy_http_keep_alive_timeout: "10s"
glance_tls_proxy_queue_timeout: "1m"
glance_tls_proxy_connect_timeout: "10s"
glance_tls_proxy_client_timeout: "{{ haproxy_glance_api_client_timeout}}"
glance_tls_proxy_server_timeout: "{{ haproxy_glance_api_server_timeout }}"
glance_tls_proxy_check_timeout: "10s"
# Check http://www.haproxy.org/download/1.5/doc/configuration.txt for available options
glance_tls_proxy_defaults_balance: "roundrobin"
View Git Blame Copy Permalink