414df67f86
Glance NFS mounts are owned by `root` and are not writable by `glance` user. Proposed change sets the `glance_nfs_client.local_path` directory ownership to `glance_system_user_name:glance_system_group_name` so that Glance can write to that. Change-Id: I226827d4f44da098961b16fd4450104d7a367205 Closes-Bug: 1813300 Related-Bug: 1759552
153 lines
4.7 KiB
YAML
153 lines
4.7 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Record the installation method
|
|
ini_file:
|
|
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
|
|
section: "glance"
|
|
option: "install_method"
|
|
value: "{{ glance_install_method }}"
|
|
|
|
- name: Refresh local facts to ensure the glance section is present
|
|
setup:
|
|
filter: ansible_local
|
|
gather_subset: "!all"
|
|
|
|
- name: create the system group
|
|
group:
|
|
name: "{{ glance_system_group_name }}"
|
|
gid: "{{ glance_system_group_gid | default(omit) }}"
|
|
state: "present"
|
|
system: "yes"
|
|
|
|
- name: Create the glance system user
|
|
user:
|
|
name: "{{ glance_system_user_name }}"
|
|
uid: "{{ glance_system_user_uid | default(omit) }}"
|
|
group: "{{ glance_system_group_name }}"
|
|
comment: "{{ glance_system_comment }}"
|
|
shell: "{{ glance_system_shell }}"
|
|
system: "yes"
|
|
createhome: "yes"
|
|
home: "{{ glance_system_user_home }}"
|
|
|
|
- name: Create glance NFS mount point(s)
|
|
file:
|
|
path: "{{ item.local_path }}"
|
|
state: directory
|
|
owner: "{{ glance_system_user_name }}"
|
|
group: "{{ glance_system_group_name }}"
|
|
mode: "0755"
|
|
with_items: "{{ glance_nfs_client }}"
|
|
|
|
- name: Create glance directories
|
|
file:
|
|
path: "{{ item.path | realpath }}"
|
|
state: directory
|
|
owner: "{{ item.owner | default(glance_system_user_name) }}"
|
|
group: "{{ item.group | default(glance_system_group_name) }}"
|
|
mode: "{{ item.mode | default(omit) }}"
|
|
when:
|
|
- "item.path not in glance_mount_points"
|
|
with_items:
|
|
- path: "/openstack"
|
|
mode: "0755"
|
|
owner: "root"
|
|
group: "root"
|
|
- path: "/etc/glance"
|
|
mode: "0750"
|
|
- path: "/var/cache/glance"
|
|
- path: "{{ glance_system_user_home }}"
|
|
- path: "{{ glance_system_user_home }}/cache"
|
|
- path: "{{ glance_system_user_home }}/cache/api"
|
|
mode: "0700"
|
|
- path: "{{ glance_system_user_home }}/cache/registry"
|
|
- path: "{{ glance_system_user_home }}/scrubber"
|
|
- path: "{{ glance_system_user_home }}/images"
|
|
mode: "0755"
|
|
- path: "/var/log/glance"
|
|
mode: "0755"
|
|
|
|
- name: Install distro packages
|
|
package:
|
|
name: "{{ glance_package_list }}"
|
|
state: "{{ glance_package_state }}"
|
|
update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
|
|
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Install glance packages from PIP
|
|
include_tasks: glance_install_source.yml
|
|
when: glance_install_method == 'source'
|
|
|
|
- name: Record the need for a service restart
|
|
ini_file:
|
|
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
|
|
section: "glance"
|
|
option: "need_service_restart"
|
|
value: true
|
|
when: (install_packages is changed) or
|
|
('need_service_restart' not in ansible_local['openstack_ansible']['glance'])
|
|
|
|
- name: Run the systemd service role
|
|
include_role:
|
|
name: systemd_service
|
|
private: true
|
|
vars:
|
|
systemd_user_name: "{{ glance_system_user_name }}"
|
|
systemd_group_name: "{{ glance_system_group_name }}"
|
|
systemd_tempd_prefix: openstack
|
|
systemd_slice_name: glance
|
|
systemd_lock_path: /var/lock/glance
|
|
systemd_CPUAccounting: true
|
|
systemd_BlockIOAccounting: true
|
|
systemd_MemoryAccounting: true
|
|
systemd_TasksAccounting: true
|
|
systemd_services:
|
|
- service_name: "{{ service_var.service_name }}"
|
|
enabled: yes
|
|
state: started
|
|
execstarts: "{{ service_var.execstarts }}"
|
|
execreloads: "{{ service_var.execreloads | default([]) }}"
|
|
config_overrides: "{{ service_var.init_config_overrides }}"
|
|
with_items: "{{ filtered_glance_services }}"
|
|
loop_control:
|
|
loop_var: service_var
|
|
tags:
|
|
- glance-config
|
|
- systemd-service
|
|
|
|
- name: Ensure uWSGI directory exists
|
|
file:
|
|
path: "/etc/uwsgi/"
|
|
state: directory
|
|
mode: "0711"
|
|
|
|
- name: Apply uWSGI configuration
|
|
config_template:
|
|
src: "glance-uwsgi.ini.j2"
|
|
dest: "/etc/uwsgi/{{ item.service_name }}.ini"
|
|
mode: "0744"
|
|
config_overrides: "{{ item.wsgi_overrides }}"
|
|
config_type: ini
|
|
with_items: "{{ filtered_glance_services }}"
|
|
when: item.wsgi_app | default(False)
|
|
notify:
|
|
- Manage LB
|
|
- Restart glance services
|