Use glance::<service>::authtoken to configure keystone_authtoken
section in glance configs, with all parameters required
to configure keystonemiddleware.
Also changed auth_type to auth_strategy, because auth_type is
related to keystone authentication.
Glance is now using the HTTPProxyToWSGI middleware from
oslo.middlware in its default api-paste configuration . This commit
gives us the ability to enable/disable that middleware.
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
This patch switches the service name from 'Image Service' to
just 'glance' so that it matches what we do for other services.
Typically we use the project (auth) name for the service_name.
Not having a consistent catalog can cause failure to find
endpoints for some services. Mistral for example would fail
to lookup the glance endpoint due to it being set as 'Image Service'
rather than 'glance'.
This change updates glance::keystone::auth to include the
user-provided auth_name as a parameter for the service_identity
provider. Hardcoding the namevar of that resource as was agreed. the
service_name parameter was not undef as in other resources, so the
name was left as-is. And we no longer pick a service_name out of the
service_name and auth_name; now only the service_name is taken into
The README file refers to an invalid *_address parameters
when *_url parameters should be used. The example in the
manifest does not show a password listed (which is required).
Option "verbose" from group "DEFAULT" is deprecated for removal.
The parameter has no effect.
-Deprecated verbose for logging and init
-Remove verbose in README
-Remove verbose from tests.
If this option is not set explicitly, there is no such warning
The db_max_retries parameter regulates the number of reconnection
attempts performed after an error raised rather than at startup.
Co-Authored-By: Giulio Fidende <email@example.com>
* switch messaging related parameters to $::os_service_default
as they are used in oslo::messaging_rabbit define
* update unit tests
* update docs for notify::rabbitmq class
* drop deprecated rabbit_durable_queues parameter
* fix notification parameters according to mitaka config file
It appears that the resources decleration, that made purge_config work,
was accidently removed. I am adding it back so that the option will work
again. This resources decleration was setting the purge flag with a
boolean, so that inifile would handle it.
* Adding in spec tests
Glance with vsphere backend by default verifies vCenter server TLS/SSL
certificate using system truststore (e.g.
/etc/ssl/certs/ca-certificates.crt). Here is a problem with connection
to vCenter: if we consider case with default installation, then vCenter
starts with self-signed certificate which cannot be verified using linux
shipped CA bundle. Glance starts, but fails to do any useful work,
because it generates SSL errors due to inability to verify vCenter
User can provide its own CA bundle file for Glance to verify connection,
but currently puppet-glance does not support this. This patch aims to
fix this problem, it:
- introduces new optional parameter $vcenter_ca_file which undef by
default, which means that value will not be written to glance-api.conf
- it switches default value of vmware_api_insecure to True
- provides rspec tests for changed behaviour
We need options to be able to set the user and project domain
when using keystone v3 credentials for the swift backend. Without
these options keystone v3 swift will fail.
This patch adds posibility to configure backend settings for Glare
Since Glare service is experimental feature, it can be usually disabled
for deployment. Hence was added a optional parameter 'glare_enabled' for
each backend manifest. So, if Glare is enabled glance glare config
will (and should) have same backend options as main glance api config.
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare, but it missed options for glance::config
Also this patch adds tests for glance::config class
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare and it has own endpoint. This patch adds it.
In Mitaka Glance v3 was moved to stand alone service  - now
it's called Glance Artifacts Repository (Glare).
This patch adds appropriate service managing, package installation,
configuration and related spec tests.
Add missing options to allow Glance API to connect to Glance Registry
when SSL is enabled on both services.
Also switching SSL options to os_service_default to avoid useless
conditions in manifests.
This patch removes File resources which should be delivered by packaging
tools. These resources (files, directories, modes, users, and group
attributes) could be in conflict with different OS packaging systems
which isn't a desired result.
Co-Authored-By: Ivan Berezovskiy <firstname.lastname@example.org>
This patch moves the default_store config option to the glance::api
class, and makes it possible to configure more than one store while
supplying a value for the default store to be used. If only one store
is given for glance_store/stores, the default store is automatically
set to be the same value. If multiple stores are given and no default
store is explicitly set, the config will fail and ask the user to
provide a default store.
Co-Authored-By: Alex Schultz <email@example.com>
This commit explicitly sets default protocol to http in
swift_store_auth_address variable for Swift backend, because without
any specified protocol it will use https by default. That's not
consistent with other default values for protocols in auth addresses.
For working with Swift backend, Glance needs authentication parameters,
which are supplied to Swift when making calls to its storage system.
Glance will use information from the file specified under parameter
swift_store_config_file. When this parameter is set to the same file
(glance-api.conf), we have lot of non-critical errors in glance-api
log, because of 'Invalid format of swift store config'.
The same problem, when we have RadosGW.
The swift_store_config_file option is being set in the DEFAULT
group instead of the glance_store group where it is actually
defined in Glance. This causes configuration of the Swift store
backend to fail because the configuration is not found by the
Moving the option to glance_store makes the Swift backend work again.
There are two ways for setting up RabbitMQ HA:
1. Configure $rabbit_hosts to multi rabbit hosts.
2. Setting up a loadbalancer in front of RabbitMQ cluster,
provide a unique address in $rabbit_host
In current, rabbit_ha_queues option is controled by rabbit_hosts
if conditional statement. When users try the second method:
changing rabbit_ha_queues to true. If they don't set rabbit_hosts,
then current logic will not work.
This patch is aim to add an rabbit_ha_queues option, set it to undef
by default for forward compatbility.