openstack/puppet-openstack-integration
Code Issues Proposed changes

Use httpd+mod_wsgi to run glance-api

Browse Source 
This makes glance-api run by httpd+mod_wsgi instead of standalone
eventlet service. This allows us to enable ssl for glance endpoints.

Note that this change switches glance backend in scenario 004 from rgw
to file, because usage of rgw causes circular dependencies. Swift API
is already tested by tempest, and we assume that usage of swift store
driver to integrate glance and ceph is not as much popular as one of
rbd store driver.

Change-Id: I888f288bde30c5eeb2d33facd1e55aaddd670450
This commit is contained in:
Takashi Kajinami 2021-11-24 02:27:05 +09:00 committed by Takashi Kajinami
parent dd0b489134
commit 47e4835878
4 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -48,7 +48,7 @@ scenario](#all-in-one).
| ssl | yes | yes | yes | yes | yes | no | | ssl | yes | yes | yes | yes | yes | no |
| ipv6 | centos9 | centos9 | centos9 | centos9 | centos9 | no | | ipv6 | centos9 | centos9 | centos9 | centos9 | centos9 | no |
| keystone | X | X | X | X | X | X | | keystone | X | X | X | X | X | X |
| glance | rbd | swift | file | swift+rgw | cinder | file | | glance | rbd | swift | file | rbd | cinder | file |
| nova | rbd | X | X | rbd | X | X | | nova | rbd | X | X | rbd | X | X |
| placement | X | X | X | X | X | X | | placement | X | X | X | X | X | X |
| neutron | ovs | ovs | ovn | ovs | ovn | ovs | | neutron | ovs | ovs | ovn | ovs | ovn | ovs |

10
fixtures/scenario004.pp
View File

@ -56,8 +56,9 @@ include openstack_integration::mysql
include openstack_integration::redis include openstack_integration::redis
include openstack_integration::keystone include openstack_integration::keystone
class { 'openstack_integration::glance': class { 'openstack_integration::glance':
backend => 'swift', backend => 'rbd',
} }
class { 'openstack_integration::neutron': class { 'openstack_integration::neutron':
vpnaas_enabled => $vpnaas_enabled, vpnaas_enabled => $vpnaas_enabled,
taas_enabled => $taas_enabled, taas_enabled => $taas_enabled,
@ -84,7 +85,11 @@ class { 'openstack_integration::manila':
} }
include openstack_integration::octavia include openstack_integration::octavia
include openstack_integration::provision class { 'openstack_integration::provision':
# NOTE(tkajinam): Use raw format to use rbd image cloning when creating
# a volume from an image.
image_format => 'raw',
}
# Glance, nova, neutron are true by default. # Glance, nova, neutron are true by default.
class { 'openstack_integration::tempest': class { 'openstack_integration::tempest':
@ -102,4 +107,5 @@ class { 'openstack_integration::tempest':
# RADOS Gateway does not support ResellerAdmin role by default # RADOS Gateway does not support ResellerAdmin role by default
reseller_admin_role => 'admin', reseller_admin_role => 'admin',
swift => true, swift => true,
image_format => 'raw',
} }

1
manifests/ceph.pp
View File

@ -185,6 +185,5 @@ test -b /dev/ceph_vg/lv_data
} }
class { 'ceph::profile::rgw': } class { 'ceph::profile::rgw': }
Service<| tag == 'ceph-radosgw' |> -> Service <| tag == 'glance-service' |>
} }
} }

25
manifests/glance.pp
View File

@ -17,16 +17,12 @@ class openstack_integration::glance (
include openstack_integration::config include openstack_integration::config
include openstack_integration::params include openstack_integration::params
# TODO(tkajinam): Glance no longer supports native ssl since Ussuri release,
# so these parameters are unused now.
if $::openstack_integration::config::ssl { if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'glance': openstack_integration::ssl_key { 'glance':
notify => Service['httpd'],
require => Anchor['glance::install::end'],
} }
$key_file = undef Exec['update-ca-certificates'] ~> Service['httpd']
$crt_file = undef
} else {
$key_file = undef
$crt_file = undef
} }
openstack_integration::mq_user { 'glance': openstack_integration::mq_user { 'glance':
@ -43,9 +39,9 @@ class openstack_integration::glance (
include glance include glance
include glance::client include glance::client
class { 'glance::keystone::auth': class { 'glance::keystone::auth':
public_url => "http://${::openstack_integration::config::ip_for_url}:9292", public_url => "${::openstack_integration::config::base_url}:9292",
internal_url => "http://${::openstack_integration::config::ip_for_url}:9292", internal_url => "${::openstack_integration::config::base_url}:9292",
admin_url => "http://${::openstack_integration::config::ip_for_url}:9292", admin_url => "${::openstack_integration::config::base_url}:9292",
roles => ['admin', 'service'], roles => ['admin', 'service'],
password => 'a_big_secret', password => 'a_big_secret',
} }
@ -113,10 +109,17 @@ class openstack_integration::glance (
}), }),
} }
class { 'glance::api': class { 'glance::api':
workers => 2,
enabled_backends => $enabled_backends, enabled_backends => $enabled_backends,
default_backend => $default_backend, default_backend => $default_backend,
bind_host => $::openstack_integration::config::host, bind_host => $::openstack_integration::config::host,
service_name => 'httpd',
}
class { 'glance::wsgi::apache':
bind_host => $::openstack_integration::config::host,
ssl => $::openstack_integration::config::ssl,
ssl_key => "/etc/glance/ssl/private/${facts['networking']['fqdn']}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
workers => 2,
} }
class { 'glance::cron::db_purge': } class { 'glance::cron::db_purge': }
class { 'glance::notify::rabbitmq': class { 'glance::notify::rabbitmq':