Use glance::<service>::authtoken to configure keystone_authtoken
section in glance configs, with all parameters required
to configure keystonemiddleware.
Also changed auth_type to auth_strategy, because auth_type is
related to keystone authentication.
Change-Id: I722a1e41b2cee0b3040c37f07adfd13c33edaa5c
Closes-bug: #1604463
Glance is now using the HTTPProxyToWSGI middleware from
oslo.middlware in its default api-paste configuration [1]. This commit
gives us the ability to enable/disable that middleware.
[1] I481d88020b6e8420ce4b9072dd30ec82fe3fb4f7
Change-Id: I51fbc6050dfbdc72f7ee56a2d17dd5223a208a17
Patch Ie50ab3371386691b72e25e1088198c05edb920b6 is missed deprecation
for Glare service, so this patch fix it.
Also fix typo in release note.
Change-Id: If6292e518d1ccd7b83072c99cff1e76078753218
The auth_region options in the [DEFAULT] configuration section in
glance-api.conf are deprecated, and will be removed in the O release.
Change-Id: Ie50ab3371386691b72e25e1088198c05edb920b6
This adds defined anchor points for external modules to hook into the
software install, config and service dependency chain. This allows
external modules to manage software installation (virtualenv,
containers, etc) and service management (pacemaker) without needing rely
on resources that may change or be renamed.
Change-Id: If683fbd098e701a3c4da91941cf818b18b41b209
This patch switches the service name from 'Image Service' to
just 'glance' so that it matches what we do for other services.
Typically we use the project (auth) name for the service_name.
Not having a consistent catalog can cause failure to find
endpoints for some services. Mistral for example would fail
to lookup the glance endpoint due to it being set as 'Image Service'
rather than 'glance'.
Change-Id: I17116c0f995ab76ed79bd8b2df57629c1ed4e4d0
Closes-bug: #1584229
This change updates glance::keystone::auth to include the
user-provided auth_name as a parameter for the service_identity
provider. Hardcoding the namevar of that resource as was agreed. the
service_name parameter was not undef as in other resources, so the
name was left as-is. And we no longer pick a service_name out of the
service_name and auth_name; now only the service_name is taken into
account.
Closes-Bug: #1590040
Change-Id: I757930e05b6e14cb15139840c9e4a513c9af5d17
The README file refers to an invalid *_address parameters
when *_url parameters should be used. The example in the
manifest does not show a password listed (which is required).
Change-Id: I03eb31f0c660afca1688e6fc7a992cfb70317706
Option "verbose" from group "DEFAULT" is deprecated for removal.
The parameter has no effect.
-Deprecated verbose for logging and init
-Remove verbose in README
-Remove verbose from tests.
If this option is not set explicitly, there is no such warning
Change-Id: I7e58412fe26962337845b3cb9d67679bac0709d8
The db_max_retries parameter regulates the number of reconnection
attempts performed after an error raised rather than at startup.
Change-Id: Ic1192deded14f9640aa02fe00f5339d3a878de70
Closes-Bug: 1579718
Co-Authored-By: Giulio Fidende <gfidente@redhat.com>
Database, logging and policy parameters for api, registry
and glare services are configured from oslo defines now.
Change-Id: Iee5ee3adfaf9cef1dd3f634806d47c3c52c648fb
Additonal changes:
* switch messaging related parameters to $::os_service_default
as they are used in oslo::messaging_rabbit define
* update unit tests
* update docs for notify::rabbitmq class
* drop deprecated rabbit_durable_queues parameter
* fix notification parameters according to mitaka config file
Change-Id: Ib20c13f136a299c958d9ac064e8ad93ceb0ebd40
It appears that the resources decleration, that made purge_config work,
was accidently removed. I am adding it back so that the option will work
again. This resources decleration was setting the purge flag with a
boolean, so that inifile would handle it.
* Adding in spec tests
Change-Id: Ib80b89932c60aeab0d252109d2e79ac0f209596b
Glance with vsphere backend by default verifies vCenter server TLS/SSL
certificate using system truststore (e.g.
/etc/ssl/certs/ca-certificates.crt). Here is a problem with connection
to vCenter: if we consider case with default installation, then vCenter
starts with self-signed certificate which cannot be verified using linux
shipped CA bundle. Glance starts, but fails to do any useful work,
because it generates SSL errors due to inability to verify vCenter
TLS/SSL certificate.
User can provide its own CA bundle file for Glance to verify connection,
but currently puppet-glance does not support this. This patch aims to
fix this problem, it:
- introduces new optional parameter $vcenter_ca_file which undef by
default, which means that value will not be written to glance-api.conf
- it switches default value of vmware_api_insecure to True
- provides rspec tests for changed behaviour
Change-Id: Icef5c35ad1128df465da548dd880a0dfeeadb5e1
Related-bug: #1559067
We need options to be able to set the user and project domain
when using keystone v3 credentials for the swift backend. Without
these options keystone v3 swift will fail.
Change-Id: Id384b0eca750e0946b42cb8ccb60a7f9ed64d21a
This patch adds posibility to configure backend settings for Glare
service.
Since Glare service is experimental feature, it can be usually disabled
for deployment. Hence was added a optional parameter 'glare_enabled' for
each backend manifest. So, if Glare is enabled glance glare config
will (and should) have same backend options as main glance api config.
Change-Id: I112a332f490d2e57eef5fa7d41d465c0eb89da04
Related-bug: #1555697
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare, but it missed options for glance::config
Also this patch adds tests for glance::config class
Change-Id: Ie07480562b2c0761f5218eb00b3ed3f335bd7cfb
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare and it has own endpoint. This patch adds it.
Change-Id: Ibea50c249e6f0f33dbcfae4bf7cf3569f27c21e5
Related-bug: #1555697
In Mitaka Glance v3 was moved to stand alone service [1] - now
it's called Glance Artifacts Repository (Glare).
This patch adds appropriate service managing, package installation,
configuration and related spec tests.
[1] I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0
Change-Id: I3371d1d57486e79ccfae565417f2195d3ae66bc9
Closes-bug: #1555697
Add missing options to allow Glance API to connect to Glance Registry
when SSL is enabled on both services.
Also switching SSL options to os_service_default to avoid useless
conditions in manifests.
Change-Id: Ia40228fc165ef8ce1213fed7f5eec4de1c12c013
This patch removes File resources which should be delivered by packaging
tools. These resources (files, directories, modes, users, and group
attributes) could be in conflict with different OS packaging systems
which isn't a desired result.
Co-Authored-By: Ivan Berezovskiy <iberezovskiy@mirantis.com>
Closes-Bug: #1458915
Change-Id: I02fe8cc99dcd56e16ac66136a0da244a1eeb630b
This patch moves the default_store config option to the glance::api
class, and makes it possible to configure more than one store while
supplying a value for the default store to be used. If only one store
is given for glance_store/stores, the default store is automatically
set to be the same value. If multiple stores are given and no default
store is explicitly set, the config will fail and ask the user to
provide a default store.
Change-Id: I28a79ae36e673a3537ea16910d338666b65c80f7
Closes-bug: #1481460
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
This patch add support for IPv6 address in registry_host.
It adds brackets if an IPv6 is detected.
Change-Id: Ic1d75984fac7bce3d0239df54a877ae2b713c442
This commit explicitly sets default protocol to http in
swift_store_auth_address variable for Swift backend, because without
any specified protocol it will use https by default. That's not
consistent with other default values for protocols in auth addresses.
Change-Id: I232536d179db92d82f1c7459a0f13e5ca5576f42
For working with Swift backend, Glance needs authentication parameters,
which are supplied to Swift when making calls to its storage system.
Glance will use information from the file specified under parameter
swift_store_config_file. When this parameter is set to the same file
(glance-api.conf), we have lot of non-critical errors in glance-api
log, because of 'Invalid format of swift store config'.
The same problem, when we have RadosGW.
Change-Id: I18ee8f68f7ce793d2580685e79ed636556c57ddd
Related-bug: #1540890
This review creates the glance::cache::logging class to be in feature
parity with glance::api and glance::registry.
Change-Id: Ia3f27e991b1e525ee3604502d6afc6dc7d45247c
The swift_store_config_file option is being set in the DEFAULT
group instead of the glance_store group where it is actually
defined in Glance. This causes configuration of the Swift store
backend to fail because the configuration is not found by the
check here:
https://github.com/openstack/glance_store/blob/master/glance_store/_drivers/swift/utils.py#L66
Moving the option to glance_store makes the Swift backend work again.
Change-Id: I3af198e5015df1d626c4a5aaccb3b4e5781f56b8
Closes-Bug: 1532352
There are two ways for setting up RabbitMQ HA:
1. Configure $rabbit_hosts to multi rabbit hosts.
2. Setting up a loadbalancer in front of RabbitMQ cluster,
provide a unique address in $rabbit_host
In current, rabbit_ha_queues option is controled by rabbit_hosts
if conditional statement. When users try the second method:
changing rabbit_ha_queues to true. If they don't set rabbit_hosts,
then current logic will not work.
This patch is aim to add an rabbit_ha_queues option, set it to undef
by default for forward compatbility.
Change-Id: I9f61c113b41cb00f7f95e80e2cabe1641aed74e7
Close-Bug: #1485287
Denis Egorenko