openstack/openstack-helm
Code Issues Proposed changes

Culmination of glance changes

Browse Source 
Due to some messy rebases and a botched git history, implemented
all changes into one PR
This commit is contained in:
Steve Wilkerson 2017-01-13 15:40:38 -06:00
parent 49133ce86b
commit 393ed4cf47
24 changed files with 373 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
glance/templates/bin/_init.sh.tpl Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
set -ex
export HOME=/tmp
ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.glance_database_name }}'"
ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' \
login_port='{{ .Values.database.port }}' \
login_user='{{ .Values.database.root_user }}' \
login_password='{{ .Values.database.root_password }}' \
name='{{ .Values.database.glance_user }}' \
password='{{ .Values.database.glance_password }}' \
host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"

42
glance/templates/bin/_post.sh.tpl Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
set -ex
export HOME=/tmp
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
service_type=image \
description='Openstack Image' \
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
url='{{ include "endpoint_glance_api_internal" . }}' \
interface=admin \
region_name='{{ .Values.keystone.admin_region_name }}' \
auth='{{ include "keystone_auth" . }}'" \
-e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}"
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
service_type=image \
description='Openstack Image' \
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
url='{{ include "endpoint_glance_api_internal" . }}' \
interface=internal \
region_name='{{ .Values.keystone.admin_region_name }}' \
auth='{{ include "keystone_auth" . }}'" \
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
service_type=image \
description='Openstack Image' \
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
url='{{ include "endpoint_glance_api_internal" . }}' \
interface=public \
region_name='{{ .Values.keystone.admin_region_name }}' \
auth='{{ include "keystone_auth" . }}'" \
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
ansible localhost -vvv -m kolla_keystone_user -a "project=service \
user={{ .Values.keystone.glance_user }} \
password={{ .Values.keystone.glance_password }} \
role=admin \
region_name={{ .Values.keystone.admin_region_name }} \
auth='{{ include "keystone_auth" . }}'" \
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"

13
glance/templates/ceph.client.glance.keyring.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-cephclientglancekeyring
data:
ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
[client.{{ .Values.ceph.glance_user }}]
{{- if .Values.ceph.glance_keyring }}
key = {{ .Values.ceph.glance_keyring }}
{{- else }}
key = {{- include "secrets/ceph-client-key" . -}}
{{- end }}

23
glance/templates/ceph.conf.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-cephconf
data:
ceph.conf: |+
[global]
rgw_thread_pool_size = 1024
rgw_num_rados_handles = 100
{{- if .Values.ceph.monitors }}
[mon]
{{ range .Values.ceph.monitors }}
[mon.{{ . }}]
host = {{ . }}
mon_addr = {{ . }}
{{ end }}
{{- else }}
mon_host = ceph-mon.ceph
{{- end }}
[client]
rbd_cache_enabled = true
rbd_cache_writethrough_until_flush = true

9
glance/templates/configmap-bin.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-bin
data:
init.sh: |+
{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }}
post.sh: |+
{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }}

17
glance/templates/configmap-etc.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-etc
data:
ceph.conf: |+
{{ tuple "etc/_ceph.conf.tpl" . | include "template" | indent 4 }}
ceph.client.glance.keyring: |+
{{ tuple "etc/_ceph.client.glance.keyring.yaml.tpl" . | include "template" | indent 4 }}
glance-api.conf: |+
{{ tuple "etc/_glance-api.conf.tpl" . | include "template" | indent 4 }}
glance-api-paste.ini: |+
{{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }}
glance-registry.conf: |+
{{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }}
policy.json: |+
{{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}

10
glance/templates/db-sync.sh.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-dbsyncsh
data:
db-sync.sh: |+
#!/bin/bash
set -ex
glance-manage db_sync

42
glance/templates/api.yaml → glance/templates/deployment-api.yaml
View File

@ -3,7 +3,11 @@ kind: Deployment
metadata:
name: glance-api
spec:
replicas: {{ .Values.replicas }}
{{- if .Values.development.enabled }}
replicas: 1
{{- else }}
replicas: {{ .Values.replicas.api }}
{{- end }}
revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
strategy:
type: {{ .Values.upgrades.pod_replacement_strategy }}
@ -51,8 +55,7 @@ spec:
image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- bash
- /tmp/start.sh
- glance-api
ports:
- containerPort: {{ .Values.network.port.api }}
readinessProbe:
@ -62,29 +65,46 @@ spec:
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
- name: startsh
mountPath: /tmp/start.sh
subPath: start.sh
- name: glanceapipaste
mountPath: /etc/glance/glance-api-paste.ini
subPath: glance-api-paste.ini
- name: etcglance
mountPath: /etc/glance
- name: glancepolicy
mountPath: /etc/glance/policy.json
subPath: policy.json
{{- if .Values.development.enabled }}
- name: glance-data
mountPath: /var/lib/glance/images
{{- else }}
- name: cephconf
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
- name: cephclientglancekeyring
mountPath: /etc/ceph/ceph.client.{{ .Values.ceph.glance_user }}.keyring
subPath: ceph.client.{{ .Values.ceph.glance_user }}.keyring
{{- end }}
volumes:
- name: glanceapiconf
configMap:
name: glance-glanceapiconf
- name: startsh
name: glance-etc
- name: glanceapipaste
configMap:
name: glance-startsh
name: glance-etc
{{- if .Values.development.enabled }}
- name: glance-data
hostPath:
path: {{ .Values.development.storage_path }}
{{- else }}
- name: cephconf
configMap:
name: glance-cephconf
name: glance-etc
- name: cephclientglancekeyring
configMap:
name: glance-cephclientglancekeyring
name: glance-etc
{{- end }}
- name: etcglance
emptyDir: {}
- name: glancepolicy
configMap:
name: glance-etc

8
glance/templates/registry.yaml → glance/templates/deployment-registry.yaml
View File

@ -3,7 +3,11 @@ kind: Deployment
metadata:
name: glance-registry
spec:
replicas: {{ .Values.replicas }}
{{- if .Values.development.enabled }}
replicas: 1
{{- else }}
replicas: {{ .Values.replicas.registry }}
{{- end }}
template:
metadata:
labels:
@ -55,4 +59,4 @@ spec:
volumes:
- name: glanceregistryconf
configMap:
name: glance-glanceregistryconf
name: glance-etc

2
glance/templates/etc/_ceph.client.glance.keyring.yaml.tpl Normal file
View File

@ -0,0 +1,2 @@
[client.{{ .Values.ceph.glance_user }}]
key = {{ .Values.ceph.glance_keyring }}

16
glance/templates/etc/_ceph.conf.tpl Normal file
View File

@ -0,0 +1,16 @@
[global]
rgw_thread_pool_size = 1024
rgw_num_rados_handles = 100
{{- if .Values.ceph.monitors }}
[mon]
{{ range .Values.ceph.monitors }}
[mon.{{ . }}]
host = {{ . }}
mon_addr = {{ . }}
{{ end }}
{{- else }}
mon_host = ceph-mon.ceph
{{- end }}
[client]
rbd_cache_enabled = true
rbd_cache_writethrough_until_flush = true

90
glance/templates/etc/_glance-api-paste.ini.tpl Normal file
View File

@ -0,0 +1,90 @@
# Use this pipeline for no auth or image caching - DEFAULT
[pipeline:glance-api]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
# Use this pipeline for image caching and no auth
[pipeline:glance-api-caching]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
# Use this pipeline for caching w/ management interface but no auth
[pipeline:glance-api-cachemanagement]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
# Use this pipeline for keystone auth
[pipeline:glance-api-keystone]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
# Use this pipeline for keystone auth with image caching
[pipeline:glance-api-keystone+caching]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
# Use this pipeline for keystone auth with caching and cache management
[pipeline:glance-api-keystone+cachemanagement]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-api-trusted-auth]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user and uses cache management
[pipeline:glance-api-trusted-auth+cachemanagement]
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
[composite:rootapp]
paste.composite_factory = glance.api:root_app_factory
/: apiversions
/v1: apiv1app
/v2: apiv2app
[app:apiversions]
paste.app_factory = glance.api.versions:create_resource
[app:apiv1app]
paste.app_factory = glance.api.v1.router:API.factory
[app:apiv2app]
paste.app_factory = glance.api.v2.router:API.factory
[filter:healthcheck]
paste.filter_factory = oslo_middleware:Healthcheck.factory
backends = disable_by_file
disable_by_file_path = /etc/glance/healthcheck_disable
[filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
[filter:cache]
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
[filter:cachemanage]
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
[filter:context]
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
[filter:unauthenticated-context]
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
delay_auth_decision = true
[filter:gzip]
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY #DEPRECATED
enabled = yes #DEPRECATED
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = glance
oslo_config_program = glance-api
[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory

44
glance/templates/etc/_glance-api.conf.tpl Normal file
View File

@ -0,0 +1,44 @@
[DEFAULT]
debug = {{ .Values.misc.debug }}
use_syslog = False
use_stderr = True
bind_port = {{ .Values.network.port.api }}
workers = {{ .Values.misc.workers }}
registry_host = glance-registry
# Enable Copy-on-Write
show_image_direct_url = True
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
max_retries = -1
[keystone_authtoken]
auth_uri = {{ .Values.keystone.auth_uri }}
auth_url = {{ .Values.keystone.auth_url }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ .Values.keystone.glance_user }}
password = {{ .Values.keystone.glance_password }}
[paste_deploy]
flavor = keystone
[oslo_messaging_notifications]
driver = noop
[glance_store]
filesystem_store_datadir = /var/lib/glance/images/
{{- if .Values.development.enabled }}
stores = file, http
default_store = file
{{- else }}
stores = file, http, rbd
default_store = rbd
rbd_store_pool = {{ .Values.ceph.glance_pool }}
rbd_store_user = {{ .Values.ceph.glance_user }}
rbd_store_ceph_conf = /etc/ceph/ceph.conf
rbd_store_chunk_size = 8
{{- end }}

26
glance/templates/etc/_glance-registry.conf.tpl Normal file
View File

@ -0,0 +1,26 @@
[DEFAULT]
debug = {{ .Values.misc.debug }}
use_syslog = False
use_stderr = True
bind_port = {{ .Values.network.port.registry }}
workers = {{ .Values.misc.workers }}
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
max_retries = -1
[keystone_authtoken]
auth_uri = {{ .Values.keystone.auth_uri }}
auth_url = {{ .Values.keystone.auth_url }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ .Values.keystone.glance_user }}
password = {{ .Values.keystone.glance_password }}
[paste_deploy]
flavor = keystone
[oslo_messaging_notifications]
driver = noop

61
glance/templates/etc/_policy.json.tpl Normal file
View File

@ -0,0 +1,61 @@
{
"context_is_admin": "role:admin",
"default": "role:admin",
"add_image": "",
"delete_image": "",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"copy_from": "",
"download_image": "",
"upload_image": "",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "role:admin",
"get_tasks": "role:admin",
"add_task": "role:admin",
"modify_task": "role:admin",
"deactivate": "",
"reactivate": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":"",
"get_metadef_tag":"",
"get_metadef_tags":"",
"modify_metadef_tag":"",
"add_metadef_tag":"",
"add_metadef_tags":""
}

48
glance/templates/glance-api.conf.yaml
View File

@ -1,48 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-glanceapiconf
data:
glance-api.conf: |+
[DEFAULT]
debug = {{ .Values.misc.debug }}
use_syslog = False
use_stderr = True
bind_port = {{ .Values.network.port.api }}
workers = {{ .Values.misc.workers }}
registry_host = {{ include "glance_registry_host" . }}
# Enable Copy-on-Write
show_image_direct_url = True
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
max_retries = -1
[keystone_authtoken]
auth_uri = {{ .Values.keystone.auth_uri }}
auth_url = {{ .Values.keystone.auth_url }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ .Values.keystone.glance_user }}
password = {{ .Values.keystone.glance_password }}
[paste_deploy]
flavor = keystone
[oslo_messaging_notifications]
driver = noop
[glance_store]
filesystem_store_datadir = /var/lib/glance/images/
stores = file, http, rbd
default_store = rbd
rbd_store_pool = {{ .Values.ceph.glance_pool }}
rbd_store_user = {{ .Values.ceph.glance_user }}
rbd_store_ceph_conf = /etc/ceph/ceph.conf
rbd_store_chunk_size = 8

34
glance/templates/glance-registry.conf.yaml
View File

@ -1,34 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-glanceregistryconf
data:
glance-registry.conf: |+
[DEFAULT]
debug = {{ .Values.misc.debug }}
use_syslog = False
use_stderr = True
bind_port = {{ .Values.network.port.registry }}
workers = {{ .Values.misc.workers }}
[database]
connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
max_retries = -1
[keystone_authtoken]
auth_uri = {{ .Values.keystone.auth_uri }}
auth_url = {{ .Values.keystone.auth_url }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ .Values.keystone.glance_user }}
password = {{ .Values.keystone.glance_password }}
[paste_deploy]
flavor = keystone
[oslo_messaging_notifications]
driver = noop

12
glance/templates/init.sh.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-initsh
data:
init.sh: |+
#!/bin/bash
set -ex
export HOME=/tmp
ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_database_name }}'"
ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.database.address }}' login_port='{{ .Values.database.port }}' login_user='{{ .Values.database.root_user }}' login_password='{{ .Values.database.root_password }}' name='{{ .Values.database.glance_user }}' password='{{ .Values.database.glance_password }}' host='%' priv='{{ .Values.database.glance_database_name }}.*:ALL' append_privs='yes'"

12
glance/templates/db-sync.yaml → glance/templates/job-db-sync.yaml
View File

@ -40,19 +40,13 @@ spec:
image: {{ .Values.images.db_sync }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- bash
- /tmp/db-sync.sh
- glance-manage
- db_sync
volumeMounts:
- name: glanceapiconf
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
- name: dbsyncsh
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
volumes:
- name: glanceapiconf
configMap:
name: glance-glanceapiconf
- name: dbsyncsh
configMap:
name: glance-dbsyncsh
name: glance-etc

2
glance/templates/init.yaml → glance/templates/job-init.yaml
View File

@ -52,4 +52,4 @@ spec:
volumes:
- name: initsh
configMap:
name: glance-initsh
name: glance-bin

3
glance/templates/post.yaml → glance/templates/job-post.yaml
View File

@ -52,5 +52,4 @@ spec:
volumes:
- name: postsh
configMap:
name: glance-postsh
name: glance-bin

48
glance/templates/post.sh.yaml
View File

@ -1,48 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-postsh
data:
post.sh: |+
#!/bin/bash
set -ex
export HOME=/tmp
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
service_type=image \
description='Openstack Image' \
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
url='{{ include "endpoint_glance_api_internal" . }}' \
interface=admin \
region_name='{{ .Values.keystone.admin_region_name }}' \
auth='{{ include "keystone_auth" . }}'" \
-e "{'openstack_glance_auth': {{ include "keystone_auth" . }}}"
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
service_type=image \
description='Openstack Image' \
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
url='{{ include "endpoint_glance_api_internal" . }}' \
interface=internal \
region_name='{{ .Values.keystone.admin_region_name }}' \
auth='{{ include "keystone_auth" . }}'" \
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
service_type=image \
description='Openstack Image' \
endpoint_region='{{ .Values.keystone.glance_region_name }}' \
url='{{ include "endpoint_glance_api_internal" . }}' \
interface=public \
region_name='{{ .Values.keystone.admin_region_name }}' \
auth='{{ include "keystone_auth" . }}'" \
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
ansible localhost -vvv -m kolla_keystone_user -a "project=service \
user={{ .Values.keystone.glance_user }} \
password={{ .Values.keystone.glance_password }} \
role=admin \
region_name={{ .Values.keystone.admin_region_name }} \
auth='{{ include "keystone_auth" . }}'" \
-e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"

12
glance/templates/start.sh.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: glance-startsh
data:
start.sh: |+
#!/bin/bash
set -ex
cp `find / -not -path "/etc/*" -name glance-api-paste.ini` /etc/glance/
glance-api

8
glance/values.yaml
View File

@ -3,7 +3,13 @@
# Declare name/value pairs to be passed into your templates.
# name: value
replicas: 1
replicas:
api: 1
registry: 1
development:
enabled: false
storage_path: /data/openstack-helm/glance/images
labels:
node_selector_key: openstack-control-plane