Commit Graph

316 Commits (a2acbc7110f01b33c6e4ae6ac690f3a39ea2be63)

Author SHA1 Message Date
Dan Prince 44bf1232a5 Switch $service_name to 'glance' for keystone
This patch switches the service name from 'Image Service' to
just 'glance' so that it matches what we do for other services.
Typically we use the project (auth) name for the service_name.

Not having a consistent catalog can cause failure to find
endpoints for some services. Mistral for example would fail
to lookup the glance endpoint due to it being set as 'Image Service'
rather than 'glance'.

Change-Id: I17116c0f995ab76ed79bd8b2df57629c1ed4e4d0
Closes-bug: #1584229
2016-06-10 19:02:21 +00:00
Jenkins 20a186b8d9 Merge "Provide consisent default name for service_identity resource" 2016-06-09 11:36:49 +00:00
Juan Antonio Osorio Robles f2855769b3 Provide consisent default name for service_identity resource
This change updates glance::keystone::auth to include the
user-provided auth_name as a parameter for the service_identity
provider. Hardcoding the namevar of that resource as was agreed. the
service_name parameter was not undef as in other resources, so the
name was left as-is. And we no longer pick a service_name out of the
service_name and auth_name; now only the service_name is taken into

Closes-Bug: #1590040
Change-Id: I757930e05b6e14cb15139840c9e4a513c9af5d17
2016-06-09 07:46:08 +03:00
Mohammed Naser 92d9ac9368 Fix Keystone integration documentation
The README file refers to an invalid *_address parameters
when *_url parameters should be used.  The example in the
manifest does not show a password listed (which is required).

Change-Id: I03eb31f0c660afca1688e6fc7a992cfb70317706
2016-06-07 18:37:20 -04:00
Benedikt Trefzer 0600f74179 fix comment of database to connect to
Change-Id: I5bf714baeb06ab8fab086e8f1d4d0fc789e1b952
2016-06-06 21:38:07 +02:00
Iury Gregory Melo Ferreira 1c1dd86ed7 Remove deprecated keystone::auth options
Change-Id: Id94793f682728b612e5324d28e01d6548fa53299
2016-06-03 04:36:22 +00:00
Alexander Arzhanov dbb86cf076 Correction configuration due with the new parameters
- vmware_api_insecure deprecated - use vmware_insecure
- vmware_datacenter_path and vmware_datastore_name
  deprecated - use vmware_datastores
- update tests

Change-Id: Ie3d544b41f0736cbaedce26e5b52558adf2f29b4
Closes-bug: #1537017
2016-05-26 15:00:37 +03:00
Iury Gregory Melo Ferreira cf604fc6a6 Deprecate verbose option in logging
Option "verbose" from group "DEFAULT" is deprecated for removal.
The parameter has no effect.
-Deprecated verbose for logging and init
-Remove verbose in README
-Remove verbose from tests.

If this option is not set explicitly, there is no such warning

Change-Id: I7e58412fe26962337845b3cb9d67679bac0709d8
2016-05-18 01:12:46 -03:00
Carlos Camacho 283e33c00b Add support for db_max_retries param
The db_max_retries parameter regulates the number of reconnection
attempts performed after an error raised rather than at startup.

Change-Id: Ic1192deded14f9640aa02fe00f5339d3a878de70
Closes-Bug: 1579718
Co-Authored-By: Giulio Fidende <>
2016-05-12 20:40:35 +00:00
iberezovskiy d70f4c5434 Remove docs duplication for notification_driver
Change-Id: Ic915a855296cca9e2d74b12382bee143d0d1141b
2016-04-20 19:41:38 +03:00
Denis Egorenko af8da24358 Totally drop Qpid support
Qpid was removed in Mitaka from Oslo Messaging, so now we can
drop it in manifests.

Change-Id: I336c99b7709f061734ca09128a366361f13a934e
2016-04-18 14:15:28 +03:00
Jenkins e648bb5830 Merge "Configure oslo related parameters using puppet-oslo module" 2016-04-15 20:46:20 +00:00
Jenkins 48c2ec493a Merge "Use oslo module for messaging (rabbit) configuration" 2016-04-14 19:44:17 +00:00
iberezovskiy 558fa4d212 Configure oslo related parameters using puppet-oslo module
Database, logging and policy parameters for api, registry
and glare services are configured from oslo defines now.

Change-Id: Iee5ee3adfaf9cef1dd3f634806d47c3c52c648fb
2016-04-14 14:20:18 +03:00
Jenkins 63cbebc02e Merge "Fix the purge_config option for api and registry" 2016-04-13 10:59:58 +00:00
iberezovskiy 51c2793738 Use oslo module for messaging (rabbit) configuration
Additonal changes:

  * switch messaging related parameters to $::os_service_default
    as they are used in oslo::messaging_rabbit define
  * update unit tests
  * update docs for notify::rabbitmq class
  * drop deprecated rabbit_durable_queues parameter
  * fix notification parameters according to mitaka config file

Change-Id: Ib20c13f136a299c958d9ac064e8ad93ceb0ebd40
2016-04-13 13:29:23 +03:00
Nathan A. Taylor aa2c4c9213 Fix the purge_config option for api and registry
It appears that the resources decleration, that made purge_config work,
was accidently removed. I am adding it back so that the option will work
again. This resources decleration was setting the purge flag with a
boolean, so that inifile would handle it.
  * Adding in spec tests

Change-Id: Ib80b89932c60aeab0d252109d2e79ac0f209596b
2016-04-12 11:33:56 -06:00
Mykyta Karpin 037545fb3e Switch glance to os_service_default facts
Change-Id: If860858e2bdfe0387b6a3260b81a97625d05b9fe
2016-04-06 18:56:34 +03:00
Jenkins 4923d0441c Merge "Implement ability to pass CA bundle certificate for vCenter server" 2016-04-04 13:18:20 +00:00
Igor Zinovik a1fbd1a42c Implement ability to pass CA bundle certificate for vCenter server
Glance with vsphere backend by default verifies vCenter server TLS/SSL
certificate using system truststore (e.g.
/etc/ssl/certs/ca-certificates.crt). Here is a problem with connection
to vCenter: if we consider case with default installation, then vCenter
starts with self-signed certificate which cannot be verified using linux
shipped CA bundle. Glance starts, but fails to do any useful work,
because it generates SSL errors due to inability to verify vCenter
TLS/SSL certificate.

User can provide its own CA bundle file for Glance to verify connection,
but currently puppet-glance does not support this. This patch aims to
fix this problem, it:
- introduces new optional parameter $vcenter_ca_file which undef by
  default, which means that value will not be written to glance-api.conf
- it switches default value of vmware_api_insecure to True
- provides rspec tests for changed behaviour

Change-Id: Icef5c35ad1128df465da548dd880a0dfeeadb5e1
Related-bug: #1559067
2016-04-04 07:34:25 +00:00
Dan Prince 006c32a38f Add options to set swift auth domains
We need options to be able to set the user and project domain
when using keystone v3 credentials for the swift backend. Without
these options keystone v3 swift will fail.

Change-Id: Id384b0eca750e0946b42cb8ccb60a7f9ed64d21a
2016-04-01 14:16:12 -04:00
Denis Egorenko ea0c4d5b51 Add posibility to configure Glance backend settings for Glare service
This patch adds posibility to configure backend settings for Glare

Since Glare service is experimental feature, it can be usually disabled
for deployment. Hence was added a optional parameter 'glare_enabled' for
each backend manifest. So, if Glare is enabled glance glare config
will (and should) have same backend options as main glance api config.

Change-Id: I112a332f490d2e57eef5fa7d41d465c0eb89da04
Related-bug: #1555697
2016-03-28 16:18:13 +03:00
Jenkins 3941da05fc Merge "Add missed glare_config options for glance::config class" 2016-03-24 21:19:20 +00:00
Denis Egorenko a2fe12405e Add missed glare_config options for glance::config class
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare, but it missed options for glance::config

Also this patch adds tests for glance::config class

Change-Id: Ie07480562b2c0761f5218eb00b3ed3f335bd7cfb
2016-03-24 13:49:06 +03:00
Denis Egorenko e0b34f450d Configure endpoint for Glance Glare
Change I3371d1d57486e79ccfae565417f2195d3ae66bc9 is introduced a new
glance service - Glare and it has own endpoint. This patch adds it.

Change-Id: Ibea50c249e6f0f33dbcfae4bf7cf3569f27c21e5
Related-bug: #1555697
2016-03-23 21:16:18 +03:00
Denis Egorenko da8a3aa022 Add Glance Glare API service
In Mitaka Glance v3 was moved to stand alone service [1] - now
it's called Glance Artifacts Repository (Glare).

This patch adds appropriate service managing, package installation,
configuration and related spec tests.

[1] I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0

Change-Id: I3371d1d57486e79ccfae565417f2195d3ae66bc9
Closes-bug: #1555697
2016-03-22 18:50:29 +03:00
Xingchao 5eacf1c039 Update stores option's example value
stores and default_store option's example value has changed.
See more info in [1].


Change-Id: I913be3415c02adbaa3b1aafe120366a097ede09d
2016-03-18 11:23:20 +08:00
Emilien Macchi 7bf43b2b13 api: allow ssl communications with registry
Add missing options to allow Glance API to connect to Glance Registry
when SSL is enabled on both services.
Also switching SSL options to os_service_default to avoid useless
conditions in manifests.

Change-Id: Ia40228fc165ef8ce1213fed7f5eec4de1c12c013
2016-03-09 13:23:07 -05:00
Jenkins bf7765f66d Merge "Remove POSIX users, groups, and file modes." 2016-03-09 00:03:32 +00:00
Drew Fisher 637f986252 Remove POSIX users, groups, and file modes.
This patch removes File resources which should be delivered by packaging
tools.  These resources (files, directories, modes, users, and group
attributes) could be in conflict with different OS packaging systems
which isn't a desired result.

Co-Authored-By: Ivan Berezovskiy <>

Closes-Bug: #1458915

Change-Id: I02fe8cc99dcd56e16ac66136a0da244a1eeb630b
2016-03-08 15:48:10 +02:00
Nate Potter 22231b2d66 Implement multiple store configuration
This patch moves the default_store config option to the glance::api
class, and makes it possible to configure more than one store while
supplying a value for the default store to be used. If only one store
is given for glance_store/stores, the default store is automatically
set to be the same value. If multiple stores are given and no default
store is explicitly set, the config will fail and ask the user to
provide a default store.

Change-Id: I28a79ae36e673a3537ea16910d338666b65c80f7
Closes-bug: #1481460
Co-Authored-By: Alex Schultz <>
2016-03-05 00:32:39 +00:00
Emilien Macchi 624f522e71 Supports IPv6 in registry_host
This patch add support for IPv6 address in registry_host.
It adds brackets if an IPv6 is detected.

Change-Id: Ic1d75984fac7bce3d0239df54a877ae2b713c442
2016-02-29 12:57:49 -05:00
Denis Egorenko b3160011aa Use http protocol by default in auth_address for Swift backend
This commit explicitly sets default protocol to http in
swift_store_auth_address variable for Swift backend, because without
any specified protocol it will use https by default. That's not
consistent with other default values for protocols in auth addresses.

Change-Id: I232536d179db92d82f1c7459a0f13e5ca5576f42
2016-02-26 16:10:45 +03:00
Matt Fischer dff967ad98 Remove unused keystone::python reference
This class doesn't do anything useful, the providers are doing the work.

Change-Id: I2ad76fd03650e064473d6c7d8f981b0f26afbba9
2016-02-22 21:08:49 -07:00
Denis Egorenko c8b7d3319b Use glance-swift conf for swift backend
For working with Swift backend, Glance needs authentication parameters,
which are supplied to Swift when making calls to its storage system.
Glance will use information from the file specified under parameter
swift_store_config_file. When this parameter is set to the same file
(glance-api.conf), we have lot of non-critical errors in glance-api
log, because of 'Invalid format of swift store config'.

The same problem, when we have RadosGW.

Change-Id: I18ee8f68f7ce793d2580685e79ed636556c57ddd
Related-bug: #1540890
2016-02-02 17:34:33 +03:00
Jenkins 1f8cacb736 Merge "Add memcached_servers parameter" 2016-01-14 19:55:04 +00:00
Xingchao Yu f444097a71 Add memcached_servers parameter
This patch is aim to add memcached_servers parameter in glance-api
and glance-registry service.

Change-Id: I4f671ebcda63007fa13f86655b9988648592b68b
2016-01-14 02:45:19 +08:00
Jenkins a3bccf6363 Merge "Create glance::cache::logging class" 2016-01-12 15:11:24 +00:00
Jenkins 429c256ebc Merge "Fix Swift store configuration" 2016-01-11 13:52:46 +00:00
Yanis Guenane 72fbeed3dc Create glance::cache::logging class
This review creates the glance::cache::logging class to be in feature
parity with glance::api and glance::registry.

Change-Id: Ia3f27e991b1e525ee3604502d6afc6dc7d45247c
2016-01-11 16:10:16 +03:00
Ben Nemec c324788ff6 Fix Swift store configuration
The swift_store_config_file option is being set in the DEFAULT
group instead of the glance_store group where it is actually
defined in Glance.  This causes configuration of the Swift store
backend to fail because the configuration is not found by the
check here:

Moving the option to glance_store makes the Swift backend work again.

Change-Id: I3af198e5015df1d626c4a5aaccb3b4e5781f56b8
Closes-Bug: 1532352
2016-01-09 00:03:19 +00:00
Xingchao Yu 81333fce40 Add rabbit_ha_queues option
There are two ways for setting up RabbitMQ HA:

 1. Configure $rabbit_hosts to multi rabbit hosts.
 2. Setting up a loadbalancer in front of RabbitMQ cluster,
    provide a unique address in $rabbit_host

In current, rabbit_ha_queues option is controled by rabbit_hosts
if conditional statement. When users try the second method:
changing rabbit_ha_queues to true. If they don't set rabbit_hosts,
then current logic will not work.

This patch is aim to add an rabbit_ha_queues option, set it to undef
by default for forward compatbility.

Change-Id: I9f61c113b41cb00f7f95e80e2cabe1641aed74e7
Close-Bug: #1485287
2016-01-07 08:57:52 +00:00
Jenkins aa3be49105 Merge "Default service_name to 'Image Service'" 2016-01-05 17:58:06 +00:00
Jenkins aea8027cbd Merge "Use identity_uri and auth_uri by default" 2016-01-05 17:51:56 +00:00
Emilien Macchi 17101434e1 Set os_region_name to $::os_service_default and drop warning
This commit [1] introduced a weird warning that send a warning by

This patch:
* sets os_region_name to the default value in OpenStack using
* drops the warning

[1] Id7a6894e5bb12fc7697dfe23e5f9d4a44a719086

Change-Id: Id4e94e18bad19c605bb82d3fb16b867493dab4c3
2016-01-03 10:47:47 -05:00
Emilien Macchi 148253cd27 Use identity_uri and auth_uri by default
Change-Id: I8ef94a18fd24f9572830994bcd005691d2314d66
Closes-Bug: #1528963
2016-01-02 08:57:56 -05:00
Emilien Macchi 80faf9a017 Default service_name to 'Image Service'
In Liberty, we sent a warning if service_name was not set (and auth_name
was configured as the service name), with the goal to define the correct
default value during Mitaka.

This patch set the service_name parameter to 'Image Service' by default
to match with Keystone's default catalog.

Note: if you already run OpenStack, when you'll run Puppet after this
change, the old service will still be present and you'll have to drop it
manually. Though the Glance endpoint will be updated with the new

Change-Id: I740a9ad32361e6a78277ea0667fba7f631eb64af
Closes-bug: #1506061
2015-12-24 16:52:10 +01:00
Emilien Macchi 5917ed6fb8 Set auth_region to $::os_service_default and drop warning
This commit [1] introduced a weird warning that send a warning by

This patch:
* sets auth_region to the default value in OpenStack using
* drops the warning

[1] Id7a6894e5bb12fc7697dfe23e5f9d4a44a719086

Change-Id: Ia5fcbb6333c3466232ac16a552f90f950313230f
2015-12-23 23:06:15 +01:00
Jenkins 8e506f0167 Merge "Add more settings to glance-api" 2015-12-23 10:10:03 +00:00
Emilien Macchi 866af363f3 Make Keystone_endpoint match service by name/type
Since a chance in puppet-keystone (1], we now match an endpoint with a
service name/type.
This patch reflects this change for 'image' service endpoint.

Closes-Bug: #1528308

Change-Id: Idff0ff4052ee9db4395a0b556f4c01c5538450dd
2015-12-22 18:06:57 +01:00