a1fbd1a42c
Glance with vsphere backend by default verifies vCenter server TLS/SSL certificate using system truststore (e.g. /etc/ssl/certs/ca-certificates.crt). Here is a problem with connection to vCenter: if we consider case with default installation, then vCenter starts with self-signed certificate which cannot be verified using linux shipped CA bundle. Glance starts, but fails to do any useful work, because it generates SSL errors due to inability to verify vCenter TLS/SSL certificate. User can provide its own CA bundle file for Glance to verify connection, but currently puppet-glance does not support this. This patch aims to fix this problem, it: - introduces new optional parameter $vcenter_ca_file which undef by default, which means that value will not be written to glance-api.conf - it switches default value of vmware_api_insecure to True - provides rspec tests for changed behaviour Change-Id: Icef5c35ad1128df465da548dd880a0dfeeadb5e1 Related-bug: #1559067
glance
7.0.0 - 2015.2 - Liberty
Table of Contents
- Overview - What is the glance module?
- Module Description - What does the module do?
- Setup - The basics of getting started with glance
- Implementation - An under-the-hood peek at what the module is doing
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Contributors - Those with commits
Overview
The glance module is a part of OpenStack, an effort by the OpenStack infrastructure team to provide continuous integration testing and code review for OpenStack and OpenStack community projects as part of the core software. The module its self is used to flexibly configure and manage the image service for OpenStack.
Module Description
The glance module is a thorough attempt to make Puppet capable of managing the entirety of glance. This includes manifests to provision such things as keystone endpoints, RPC configurations specific to glance, and database connections. Types are shipped as part of the glance module to assist in manipulation of configuration files.
This module is tested in combination with other modules needed to build and leverage an entire OpenStack software stack.
Setup
What the glance module affects
- Glance, the image service for OpenStack.
Installing glance
puppet module install openstack/glance
Beginning with glance
To utilize the glance module's functionality you will need to declare multiple resources. This is not an exhaustive list of all the components needed, we recommend you consult and understand the core openstack documentation.
Define a glance node
class { 'glance::api':
verbose => true,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => '12345',
database_connection => 'mysql://glance:12345@127.0.0.1/glance',
}
class { 'glance::registry':
verbose => true,
keystone_tenant => 'services',
keystone_user => 'glance',
keystone_password => '12345',
database_connection => 'mysql://glance:12345@127.0.0.1/glance',
}
class { 'glance::backend::file': }
Setup postgres node glance
class { 'glance::db::postgresql':
password => '12345',
}
Setup mysql node for glance
class { 'glance::db::mysql':
password => '12345',
allowed_hosts => '%',
}
Setup up keystone endpoints for glance on keystone node
class { 'glance::keystone::auth':
password => '12345'
email => 'glance@example.com',
public_address => '172.17.0.3',
admin_address => '172.17.0.3',
internal_address => '172.17.1.3',
region => 'example-west-1',
}
Setup up notifications for multiple RabbitMQ nodes
class { 'glance::notify::rabbitmq':
rabbit_password => 'pass',
rabbit_userid => 'guest',
rabbit_hosts => [
'localhost:5672', 'remotehost:5672'
],
rabbit_use_ssl => false,
}
Types
glance_api_config
The glance_api_config provider is a children of the ini_setting provider. It allows one to write an entry in the /etc/glance/glance-api.conf file.
glance_api_config { 'DEFAULT/verbose' :
value => true,
}
This will write verbose=true in the [DEFAULT] section.
name
Section/setting name to manage from glance-api.conf
value
The value of the setting to be defined.
secret
Whether to hide the value from Puppet logs. Defaults to false.
ensure_absent_val
If value is equal to ensure_absent_val then the resource will behave as if ensure => absent was specified. Defaults to <SERVICE DEFAULT>
glance_registry_config
The glance_registry_config provider is a children of the ini_setting provider. It allows one to write an entry in the /etc/glance/glance-registry.conf file.
glance_registry_config { 'DEFAULT/verbose' :
value => true,
}
This will write verbose=true in the [DEFAULT] section.
name
Section/setting name to manage from glance-registry.conf
value
The value of the setting to be defined.
secret
Whether to hide the value from Puppet logs. Defaults to false.
ensure_absent_val
If value is equal to ensure_absent_val then the resource will behave as if ensure => absent was specified. Defaults to <SERVICE DEFAULT>
glance_cache_config
The glance_cache_config provider is a children of the ini_setting provider. It allows one to write an entry in the /etc/glance/glance-cache.conf file.
glance_cache_config { 'DEFAULT/verbose' :
value => true,
}
This will write verbose=true in the [DEFAULT] section.
name
Section/setting name to manage from glance-cache.conf
value
The value of the setting to be defined.
secret
Whether to hide the value from Puppet logs. Defaults to false.
ensure_absent_val
If value is equal to ensure_absent_val then the resource will behave as if ensure => absent was specified. Defaults to <SERVICE DEFAULT>
Implementation
glance
glance is a combination of Puppet manifest and ruby code to deliver configuration and extra functionality through types and providers.
Limitations
- Only supports configuring the file, swift and rbd storage backends.
Beaker-Rspec
This module has beaker-rspec tests
To run the tests on the default vagrant node:
To run:
bundle install
bundle exec rspec spec/acceptance
For more information on writing and running beaker-rspec tests visit the documentation:
Development
Developer documentation for the entire puppet-openstack project.