openstack/openstack-ansible
Code Issues Proposed changes
Files
0d0cd6e001f73237426f83dc603fb511c52e93d1
openstack-ansible/playbooks/roles/os_glance/defaults/main.yml
Jesse Pretorius 0d0cd6e001 Update Glance Configuration for Liberty 
This patch includes the following updates based on the updated source in
Glance's Liberty release:
 - glance-api-paste.ini
 - glance-api.conf
 - glance-registry-paste.ini
 - glance-registry.conf
 - glance-cache.conf
 - glance-manage.conf
 - glance-scrubber.conf

The following defaults have their values changed based on new defaults for the
Liberty release. Note that any user_variables.yml values that have been set to
customise these will need to be reviewed and adjusted accordingly for liberty.
 - glance_digest_algorithm

Note also that the glance_swift_store_auth_version has been set to use '3' as
the default, meaning that it will use Keystone's v3 API as the default.

New configurable options:
 - glance_swift_store_auth_version
   This is the Keystone API auth version to use. The previous default
   was 2, but this patch changes it to 3.

 - glance_swift_store_user_domain
   This is the Domain ID for the user used to authenticate to Swift.

 - glance_swift_store_project_domain
   This is the Domain ID for the project used to authenticate to Swift.

Note that the policy.json file included is not the same as the upstream
default. Changes have been included which improve the security of image
publication and image group membership.

DocImpact
UpgradeImpact
Closes-Bug: #1479131
Implements: blueprint liberty-release
Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com>
Change-Id: I2f58c0dbdb3ee55c0a4792df6e7b5b15aa8f0b01
2015-10-13 16:54:38 +00:00

185 lines
6.3 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Defines that the role will be deployed on a host machine
is_metal: true
# Enable/Disable Ceilometer
glance_ceilometer_enabled: False
## Verbosity Options
debug: False
verbose: True
glance_profiler_enabled: False
glance_fatal_deprecations: False
## System info
glance_system_user_name: glance
glance_system_group_name: glance
glance_system_shell: /bin/false
glance_system_comment: glance system user
glance_system_user_home: "/var/lib/{{ glance_system_user_name }}"
glance_registry_host: "{{ internal_lb_vip_address }}"
glance_ceilometer_notification_driver: messagingv2
glance_notification_driver: noop
glance_rpc_backend: glance.openstack.common.rpc.impl_kombu
glance_default_store: file
glance_flavor: "{% if glance_default_store == 'rbd' %}keystone{% else %}keystone+cachemanagement{% endif %}"
glance_show_image_direct_url: "{{ glance_default_store == 'rbd' }}"
## API options
glance_enable_v1_api: True
glance_enable_v1_registry: True
glance_enable_v2_api: True
glance_enable_v2_registry: True
## RabbitMQ info
glance_rabbitmq_userid: glance
glance_rabbitmq_vhost: /glance
## DB info
glance_galera_database: glance
glance_galera_user: glance
glance_role_name: admin
glance_api_bind_address: 0.0.0.0
glance_api_service_port: 9292
glance_api_program_name: glance-api
glance_registry_bind_address: 0.0.0.0
glance_registry_service_port: 9191
glance_registry_program_name: glance-registry
## Service Type and Data
glance_service_region: RegionOne
glance_service_name: glance
glance_service_port: 9292
glance_service_proto: http
glance_service_registry_proto: "{{ glance_service_proto }}"
glance_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(glance_service_proto) }}"
glance_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(glance_service_proto) }}"
glance_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(glance_service_proto) }}"
glance_service_type: image
glance_service_description: "Glance Image Service"
glance_service_user_name: glance
glance_service_project_name: service
glance_service_project_domain_id: default
glance_service_user_domain_id: default
glance_service_publicuri: "{{ glance_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ glance_service_port }}"
glance_service_publicurl: "{{ glance_service_publicuri }}"
glance_service_internaluri: "{{ glance_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
glance_service_internalurl: "{{ glance_service_internaluri }}"
glance_service_adminuri: "{{ glance_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
glance_service_adminurl: "{{ glance_service_adminuri }}"
## Swift Options
glance_swift_store_auth_address: "{{ keystone_service_internalurl_v3 }}"
glance_swift_store_auth_version: 3
glance_swift_store_user_domain: default
glance_swift_store_project_domain: default
glance_swift_store_user: "service:{{ glance_service_user_name }}"
glance_swift_store_key: "{{ glance_service_password }}"
glance_swift_store_region: "{{ glance_service_region }}"
glance_swift_store_container: glance_images
glance_swift_store_endpoint_type: internalURL
# Set the swift_store_large_objects variables in MB
glance_swift_store_large_object_size: 5120
glance_swift_store_large_object_chunk_size: 200
## Keystone authentication middleware
glance_keystone_auth_plugin: password
## Glance config
glance_image_cache_max_size: 10737418240
# If ``glance_api_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# glance_api_workers: 16
# If ``glance_registry_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# glance_registry_workers: 16
glance_task_executor: taskflow
glance_digest_algorithm: sha256
glance_http_keepalive: True
## Glance policy
glance_policy_file: policy.json
glance_policy_default_rule: default
glance_policy_dirs: policy.d
## Define nfs information for glance. When the glance_nfs_client dictionary is
## defined it will enable nfs shares as mounted directories. The
## ``glance_nfs_client`` value is a list of dictionaries that must be filled
## out completely to enable the persistent NFS mounts.
# glance_nfs_client:
# - server: "127.0.0.1" ## Hostname or IP address of NFS Server
# remote_path: "/images" ## Remote path from the NFS server's export
# local_path: "/var/lib/glance/images" ## Local path on machine
# type: "nfs" ## This can be nfs or nfs4
# options: "_netdev,auto" ## Mount options
## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
#glance_policy_overrides:
# "add_image": ""
# "delete_image": ""
## Ceph rbd Options
glance_ceph_client: glance
glance_rbd_store_pool: images
glance_rbd_store_user: '{{ glance_ceph_client }}'
glance_rbd_store_chunk_size: 8
# Common apt packages
glance_apt_packages:
- rpcbind
- rsync
- git
- nfs-common
# Common pip packages
glance_pip_packages:
- glance
- keystonemiddleware
- MySQL-python
- python-memcached
- pycrypto
- python-glanceclient
- python-swiftclient
- python-cinderclient
- python-keystoneclient
- warlock
## Service Names
glance_service_names:
- "glance-api"
- "glance-registry"
## Tunable overrides
glance_glance_api_paste_ini_overrides: {}
glance_glance_api_conf_overrides: {}
glance_glance_cache_conf_overrides: {}
glance_glance_manage_conf_overrides: {}
glance_glance_registry_paste_ini_overrides: {}
glance_glance_registry_conf_overrides: {}
glance_glance_scrubber_conf_overrides: {}
glance_glance_scheme_json_overrides: {}
glance_policy_overrides: {}
View Git Blame Copy Permalink