Glance Config Overrides

This commit moves Glance to use the configuration methods from Heat, Nova, Neutron and Keystone. It includes a _values-mvp.yaml that applies values suitable for using a file backend, including the auto creation of a PVC. Change-Id: I55a96982a7d0adbc118492aff4b56adf127b2cd1
2017-04-12 00:50:59 -05:00 · 2017-04-12 00:50:59 -05:00 · 489b641d33
commit 489b641d33
parent 2ecfb8f991
14 changed files with 7316 additions and 131 deletions
--- a/docs/guides-install/developer/install-minikube.md
+++ b/docs/guides-install/developer/install-minikube.md
@ -65,13 +65,13 @@ kubectl update -f https://raw.githubusercontent.com/openstack/openstack-helm/mas
 kubectl label nodes openstack-control-plane=enabled --all --namespace=openstack

 # Deploy each chart:
-helm install --name mariadb --set development.enabled=true local/mariadb --namespace=openstack
+helm install --name mariadb local/mariadb --namespace=openstack --set development.enabled=true 
 helm install --name=memcached local/memcached --namespace=openstack
 helm install --name=etcd-rabbitmq local/etcd --namespace=openstack
 helm install --name=rabbitmq local/rabbitmq --namespace=openstack
 helm install --name=keystone local/keystone --namespace=openstack
 helm install --name=cinder local/cinder --namespace=openstack
-helm install --name=glance local/glance --namespace=openstack
+helm install --name=glance local/glance --namespace=openstack --values=./glance/_values-mvp.yaml
 helm install --name=heat local/heat --namespace=openstack
 helm install --name=nova local/nova --namespace=openstack
 helm install --name=neutron local/neutron --namespace=openstack
--- a/glance/_values-mvp.yaml
+++ b/glance/_values-mvp.yaml
@ -0,0 +1,29 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# MVP values for glance.
+# This file contains overrides to launch a MVP deployment of glance for the
+# OpenStack-Helm Single node gates, and local development use. It should be
+# kept to the bare minimum required for this purpose.
+
+storage: file
+
+conf:
+  glance:
+    glance_store:
+      glance:
+        store:
+          stores: file, http
+          default_store: file
+          filesystem_store_datadir: /var/lib/glance/images
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@ -11,6 +11,56 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+{{- include "glance.conf.glance_values_skeleton" .Values.conf.glance | trunc 0 -}}
+{{- include "glance.conf.glance_registry_values_skeleton" .Values.conf.glance_registry | trunc 0 -}}
+
+{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup"| set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}}
+{{- end -}}
+
+# FIXME(alanmeadows) fix for broken keystonemiddleware oslo config gen in newton - will remove in future
+{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.auth_url -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup"| set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.auth_url -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
+{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.hostname_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
+{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.hostname_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.glance.database.oslo.db.connection -}}
+{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database.oslo.db "connection" | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.glance_registry.database.oslo.db.connection -}}
+{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database.oslo.db "connection" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.glance.default.oslo.messaging.transport_url -}}
+{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.default.oslo.messaging "transport_url" | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.glance_registry.default.oslo.messaging.transport_url -}}
+{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.default.oslo.messaging "transport_url" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.glance.default.glance.api.registry_host -}}
+{{- $imageRegistry := tuple "image_registry" "internal" "api" . | include "helm-toolkit.hostname_endpoint_uri_lookup" }}
+{{- $imageRegistryHostURI := split ":" $imageRegistry -}}
+{{- $imageRegistryHostURI._0 | set .Values.conf.glance.default.glance.api "registry_host" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.glance.default.glance.api.registry_port -}}
+{{- $imageRegistry := tuple "image_registry" "internal" "api" . | include "helm-toolkit.hostname_endpoint_uri_lookup" }}
+{{- $imageRegistryHostURI := split ":" $imageRegistry -}}
+{{- $imageRegistryHostURI._1 | set .Values.conf.glance.default.glance.api "registry_port" | quote | trunc 0 -}}
+{{- end -}}

 apiVersion: v1
 kind: ConfigMap
@ -18,16 +68,80 @@ metadata:
  name: glance-etc
 data:
  ceph.conf: |+
+{{ if .Values.conf.ceph.override -}}
+{{ .Values.conf.ceph.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.ceph.prefix -}}
+{{ .Values.conf.ceph.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_ceph.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
-  ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
+{{- end }}
+{{- if .Values.conf.ceph.append -}}
+{{ .Values.conf.ceph.append | indent 4 }}
+{{- end }}
+  ceph.client.{{ .Values.conf.glance.glance_store.glance.store.rbd_store_user }}.keyring: |+
+{{ if .Values.conf.ceph_client.override -}}
+{{ .Values.conf.ceph_client.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.ceph_client.prefix -}}
+{{ .Values.conf.ceph_client.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_ceph.client.glance.keyring.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.ceph_client.append -}}
+{{ .Values.conf.ceph_client.append | indent 4 }}
+{{- end }}
  glance-api.conf: |+
+{{ if .Values.conf.glance.override -}}
+{{ .Values.conf.glance.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.glance.prefix -}}
+{{ .Values.conf.glance.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_glance-api.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.glance.append -}}
+{{ .Values.conf.glance.append | indent 4 }}
+{{- end }}
  glance-api-paste.ini: |+
+{{ if .Values.conf.paste.override -}}
+{{ .Values.conf.paste.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.paste.prefix -}}
+{{ .Values.conf.paste.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_glance-api-paste.ini.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.paste.append -}}
+{{ .Values.conf.paste.append | indent 4 }}
+{{- end }}
  glance-registry.conf: |+
+{{ if .Values.conf.glance_registry.override -}}
+{{ .Values.conf.glance_registry.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.glance_registry.prefix -}}
+{{ .Values.conf.glance_registry.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_glance-registry.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.glance_registry.append -}}
+{{ .Values.conf.glance_registry.append | indent 4 }}
+{{- end }}
  glance-registry-paste.ini: |+
+{{ if .Values.conf.paste_registry.override -}}
+{{ .Values.conf.paste_registry.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.paste_registry.prefix -}}
+{{ .Values.conf.paste_registry.prefix | indent 4 }}
+{{- end }}
 {{ tuple "etc/_glance-registry-paste.ini.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.paste_registry.append -}}
+{{ .Values.conf.paste_registry.append | indent 4 }}
+{{- end }}
  policy.json: |+
+{{ if .Values.conf.policy.override -}}
+{{ .Values.conf.policy.override | indent 4 }}
+{{- else -}}
 {{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
+{{- end }}
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@ -19,11 +19,7 @@ kind: Deployment
 metadata:
  name: glance-api
 spec:
-{{- if .Values.development.enabled }}
-  replicas: 1
-{{- else }}
  replicas: {{ .Values.replicas.api }}
-{{- end }}
  revisionHistoryLimit: {{ .Values.upgrades.revision_history }}
  strategy:
    type: {{ .Values.upgrades.pod_replacement_strategy }}
@ -63,10 +59,10 @@ spec:
          - --config-file
          - /etc/glance/glance-api.conf
          ports:
-            - containerPort: {{ .Values.network.api.port }}
+            - containerPort: {{ .Values.conf.glance.default.glance.api.bind_port }}
          readinessProbe:
            tcpSocket:
-              port: {{ .Values.network.api.port }}
+              port: {{ .Values.conf.glance.default.glance.api.bind_port }}
          volumeMounts:
            - name: etcglance
              mountPath: /etc/glance
@ -82,9 +78,9 @@ spec:
              mountPath: /etc/glance/policy.json
              subPath: policy.json
              readOnly: true
-{{- if .Values.development.enabled }}
-            - name: glance-data
-              mountPath: /var/lib/glance/images
+{{- if eq .Values.storage "file" }}
+            - name: glance-images
+              mountPath: {{ .Values.conf.glance.glance_store.glance.store.filesystem_store_datadir }}
 {{- else }}
            - name: cephconf
              mountPath: /etc/ceph/ceph.conf
@ -102,10 +98,10 @@ spec:
        - name: glanceapipaste
          configMap:
            name: glance-etc
-{{- if .Values.development.enabled }}
-        - name: glance-data
-          hostPath:
-            path: {{ .Values.development.storage_path }}
+{{- if eq .Values.storage "file" }}
+        - name: glance-images
+          persistentVolumeClaim:
+            claimName: glance-images
 {{- else }}
        - name: cephconf
          configMap:
--- a/glance/templates/deployment-registry.yaml
+++ b/glance/templates/deployment-registry.yaml
@ -19,11 +19,7 @@ kind: Deployment
 metadata:
  name: glance-registry
 spec:
-{{- if .Values.development.enabled }}
-  replicas: 1
-{{- else }}
  replicas: {{ .Values.replicas.registry }}
-{{- end }}
  template:
    metadata:
      labels:
@ -55,10 +51,10 @@ spec:
          - --config-file
          - /etc/glance/glance-registry.conf
          ports:
-            - containerPort: {{ .Values.network.registry.port }}
+            - containerPort: {{ .Values.conf.glance_registry.default.glance.registry.bind_port }}
          readinessProbe:
            tcpSocket:
-              port: {{ .Values.network.registry.port }}
+              port: {{ .Values.conf.glance_registry.default.glance.registry.bind_port }}
          volumeMounts:
            - name: etcglance
              mountPath: /etc/glance
--- a/glance/templates/etc/_glance-api-paste.ini.tpl
+++ b/glance/templates/etc/_glance-api-paste.ini.tpl
@ -1,17 +1,3 @@
-# Copyright 2017 The Openstack-Helm Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
 pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
--- a/glance/templates/etc/_glance-api.conf.tpl
+++ b/glance/templates/etc/_glance-api.conf.tpl
--- a/glance/templates/etc/_glance-registry-paste.ini.tpl
+++ b/glance/templates/etc/_glance-registry-paste.ini.tpl
@ -1,17 +1,3 @@
-# Copyright 2017 The Openstack-Helm Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 # Use this pipeline for no auth - DEFAULT
 [pipeline:glance-registry]
 pipeline = healthcheck osprofiler unauthenticated-context registryapp
--- a/glance/templates/etc/_glance-registry.conf.tpl
+++ b/glance/templates/etc/_glance-registry.conf.tpl
--- a/glance/templates/pvc-images.yaml
+++ b/glance/templates/pvc-images.yaml
@ -0,0 +1,27 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if eq .Values.storage "file" }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: glance-images
+  annotations:
+    volume.beta.kubernetes.io/storage-class: general
+spec:
+  accessModes: [ "ReadWriteOnce" ]
+  resources:
+    requests:
+      storage: 20Gi
+{{- end }}
--- a/glance/templates/secret-keystone-user.env.yaml
+++ b/glance/templates/secret-keystone-user.env.yaml
@ -21,14 +21,14 @@ data:
  OS_AUTH_URL: |
 {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
  OS_REGION_NAME: |
-{{ .Values.keystone.glance_region_name  | b64enc | indent 4 }}
+{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
  OS_PROJECT_DOMAIN_NAME: |
-{{ .Values.keystone.glance_project_domain  | b64enc | indent 4 }}
+{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
  OS_PROJECT_NAME: |
-{{ .Values.keystone.glance_project_name  | b64enc | indent 4 }}
+{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
  OS_USER_DOMAIN_NAME: |
-{{ .Values.keystone.glance_user_domain  | b64enc | indent 4 }}
+{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
  OS_USERNAME: |
-{{ .Values.keystone.glance_user  | b64enc | indent 4 }}
+{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
  OS_PASSWORD: |
-{{ .Values.keystone.glance_password  | b64enc | indent 4 }}
+{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
--- a/glance/templates/service-api.yaml
+++ b/glance/templates/service-api.yaml
@ -18,7 +18,7 @@ metadata:
  name: glance-api
 spec:
  ports:
-    - port: {{ .Values.network.api.port }}
+    - port: {{ .Values.conf.glance.default.glance.api.bind_port }}
    {{ if .Values.network.api.node_port.enabled }}
      nodePort: .Values.network.api.node_port.port
    {{ end }}
--- a/glance/templates/service-registry.yaml
+++ b/glance/templates/service-registry.yaml
@ -18,7 +18,7 @@ metadata:
  name: glance-registry
 spec:
  ports:
-    - port: {{ .Values.network.registry.port }}
+    - port: {{ .Values.conf.glance_registry.default.glance.registry.bind_port }}
    {{ if .Values.network.registry.node_port.enabled }}
      nodePort: {{ .Values.network.register.node_port.port }}
    {{ end }}
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -21,9 +21,7 @@ replicas:
  api: 1
  registry: 1

-development:
-  enabled: false
-  storage_path: /var/lib/localkube/openstack-helm/glance/images
+storage: ceph

 labels:
  node_selector_key: openstack-control-plane
@ -69,25 +67,79 @@ keystone:
  admin_project_name: "admin"
  admin_project_domain: "default"
  admin_region_name: "RegionOne"
-
-  glance_user: "glance"
-  glance_user_domain: "default"
  glance_user_role: "admin"
-  glance_password: "password"
-  glance_project_name: "service"
-  glance_project_domain: "default"
-  glance_region_name: "RegionOne"
+
+
+conf:
+  ceph:
+    override:
+    append:
+  ceph_client:
+    override:
+    append:
+  paste:
+    override:
+    append:
+  policy:
+    override:
+    append:
+  glance:
+    override:
+    append:
+    default:
+      glance:
+        api:
+          bind_port: 9292
+    keystone_authtoken:
+      keystonemiddleware:
+        auth_token:
+          auth_type: password
+          auth_version: v3
+          region_name: RegionOne
+          project_domain_name: default
+          project_name: service
+          user_domain_name: default
+          username: glance
+          password: password
+    glance_store:
+      glance:
+        store:
+          stores: file, http, rbd
+          default_store: rbd
+          rbd_store_chunk_size: 8
+          rbd_store_pool: images
+          rbd_store_user: admin
+          rbd_store_ceph_conf: /etc/ceph/ceph.conf
+  paste_registry:
+    override:
+    append:
+  glance_registry:
+    override:
+    append:
+    default:
+      glance:
+        registry:
+          bind_port: 9191
+    keystone_authtoken:
+      keystonemiddleware:
+        auth_token:
+          auth_type: password
+          auth_version: v3
+          region_name: RegionOne
+          project_domain_name: default
+          project_name: service
+          user_domain_name: default
+          username: glance
+          password: password

 network:
  api:
    name: "glance-api"
-    port: 9292
    node_port:
      enabled: false
      port: 30092
  registry:
    name: "glance-registry"
-    port: 9191
    node_port:
      enabled: false
      port: 30091
@ -95,8 +147,6 @@ network:
 ceph:
  enabled: true
  monitors: []
-  glance_user: "admin"
-  glance_pool: "images"
  # a null value for the keyring will
  # attempt to use the key from
  # common/secrets/ceph-client-key
@ -221,7 +271,14 @@ endpoints:
    scheme: 'http'
    port:
      api: 9292
-      registry: 9191
+  image_registry:
+    name: glance-registry
+    hosts:
+      default: glance-registry
+    path: null
+    scheme: 'http'
+    port:
+      api: 9191
  oslo_db:
    auth:
      admin:
@ -236,3 +293,22 @@ endpoints:
    scheme: mysql+pymysql
    port:
      mysql: 3306
+  oslo_cache:
+    hosts:
+      default: memcache
+    port:
+      memcache: 11211
+  oslo_messaging:
+    auth:
+      admin:
+        username: admin
+        password: password
+      user:
+        username: rabbitmq
+        password: password
+    hosts:
+      default: rabbitmq
+    path: /
+    scheme: rabbit
+    port:
+      amqp: 5672