Support deploying additional internal glance-api service

OSSN-0090 [1] recommends deploying two instances of the glance-api service: a "user facing" service, plus an "internal" service that is accessible via keystone's internal endpoint. To support this, the tripleo::profile::base::glance::api class is enhanced to allow overriding certain associated glance::api parameters. This makes it possible to override parameters when including the glance::api class in order to facilitate configuring two different instances of the glance-api service, each with their own configuration. The tripleo::haproxy class is enhanced to provide HA support for running the internal glance-api service on its own TCP port (defaults to 9293). [1] https://wiki.openstack.org/wiki/OSSN/OSSN-0090 stable/wallaby: Minor conflicts were resolved, most of which were due to using the hiera() versus lookup() functions. Change-Id: Ideb5a951d538d9e2c7cca11dfe0e8b99520de959 (cherry picked from commit b3be1dc18c) (cherry picked from commit d5a1c0d4d8)
2022-10-31 07:08:19 -07:00 · 2022-10-31 07:08:19 -07:00 · 08e4898053
parent 4fbfb41695
commit 08e4898053
2 changed files with 71 additions and 4 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -209,6 +209,10 @@
 #  (optional) Enable or not Glance API binding
 #  Defaults to hiera('glance_api_enabled', false)
 #
+# [*glance_api_internal*]
+#  (optional) Enable or not Glance API (internal) binding
+#  Defaults to hiera('glance_api_internal_enabled', false)
+#
 # [*nova_osapi*]
 #  (optional) Enable or not Nova API binding
 #  Defaults to hiera('nova_api_enabled', false)
@ -485,6 +489,7 @@
 #    'docker_registry_port' (Defaults to 8787)
 #    'docker_registry_ssl_port' (Defaults to 13787)
 #    'glance_api_port' (Defaults to 9292)
+#    'glance_api_internal_port' (Defaults to 9293)
 #    'glance_api_ssl_port' (Defaults to 13292)
 #    'gnocchi_api_port' (Defaults to 8041)
 #    'gnocchi_api_ssl_port' (Defaults to 13041)
@ -567,6 +572,7 @@ class tripleo::haproxy (
  $cinder                        = hiera('cinder_api_enabled', false),
  $manila                        = hiera('manila_api_enabled', false),
  $glance_api                    = hiera('glance_api_enabled', false),
+  $glance_api_internal           = hiera('glance_api_internal_enabled', false),
  $nova_osapi                    = hiera('nova_api_enabled', false),
  $placement                     = hiera('placement_enabled', false),
  $nova_metadata                 = hiera('nova_metadata_enabled', false),
@ -646,6 +652,7 @@ class tripleo::haproxy (
    docker_registry_ssl_port => 13787,
    etcd_port => 2379,
    glance_api_port => 9292,
+    glance_api_internal_port => 9293,
    glance_api_ssl_port => 13292,
    gnocchi_api_port => 8041,
    gnocchi_api_ssl_port => 13041,
@ -968,6 +975,32 @@ class tripleo::haproxy (
    }
  }

+  if $glance_api_internal {
+    $glance_internal_frontend_opts = {
+      'option' => [ 'httplog', 'forwardfor' ],
+    }
+    $glance_internal_backend_opts = {
+      'option' => [ 'httpchk GET /healthcheck' ],
+    }
+    $glance_internal_listen_opts = merge_hash_values($glance_internal_frontend_opts,
+                                                      $glance_internal_backend_opts)
+
+    # The glance_api_internal service uses the same network and internal VIP as the
+    # glance_api service. There is no public VIP (that's handled by the glance_api service).
+    ::tripleo::haproxy::endpoint { 'glance_api_internal':
+      internal_ip      => lookup('glance_api_vip', undef, undef, $controller_virtual_ip),
+      service_port     => $ports[glance_api_internal_port],
+      ip_addresses     => lookup('glance_api_internal_node_ips', undef, undef, $controller_hosts_real),
+      server_names     => lookup('glance_api_internal_node_names', undef, undef, $controller_hosts_names_real),
+      mode             => 'http',
+      listen_options   => merge($default_listen_options, $glance_internal_listen_opts),
+      frontend_options => merge($default_frontend_options, $glance_internal_frontend_opts),
+      backend_options  => merge($default_backend_options, $glance_internal_backend_opts),
+      service_network  => $glance_api_network,
+      member_options   => union($haproxy_member_options, $internal_tls_member_options),
+    }
+  }
+
  if $ceph_grafana {
    if $enable_internal_tls {
      $ceph_grafana_tls_member_options = ['ssl check verify none']
--- a/manifests/profile/base/glance/api.pp
+++ b/manifests/profile/base/glance/api.pp
@ -51,6 +51,29 @@
 #   This is set by t-h-t.
 #   Defaults to hiera('glance_api_network', undef)
 #
+# [*bind_port*]
+#   (optional) The port the server should bind to.
+#   Default: 9292
+#
+# [*log_dir*]
+#   (Optional) Directory where logs should be stored.
+#   If set to $::os_service_default, it will not log to any directory.
+#   Defaults to '/var/log/glance'.
+#
+# [*log_file*]
+#   (Optional) File where logs should be stored.
+#   If set to $::os_service_default, it will not log to any file.
+#   Defaults to '/var/log/glance/api.log'.
+#
+# [*show_image_direct_url*]
+#   (optional) Expose image location to trusted clients.
+#   Defaults to false
+#
+# [*show_multiple_locations*]
+#   (optional) Whether to include the backend image locations in image
+#    properties.
+#   Defaults to false
+#
 # [*multistore_config*]
 #   (Optional) Hash of settings for configuring additional glance-api backends.
 #   Defaults to {}
@ -144,6 +167,11 @@ class tripleo::profile::base::glance::api (
  $glance_backend          = downcase(hiera('glance_backend', 'swift')),
  $glance_backend_id       = 'default_backend',
  $glance_network          = hiera('glance_api_network', undef),
+  $bind_port               = 9292,
+  $log_dir                 = '/var/log/glance',
+  $log_file                = '/var/log/glance/api.log',
+  $show_image_direct_url   = false,
+  $show_multiple_locations = false,
  $multistore_config       = {},
  $step                    = Integer(hiera('step')),
  $oslomsg_rpc_proto       = hiera('oslo_messaging_rpc_scheme', 'rabbit'),
@ -211,11 +239,17 @@ class tripleo::profile::base::glance::api (
    include glance
    include glance::config
    include glance::healthcheck
-    include glance::api::logging
+    class { 'glance::api::logging':
+      log_dir  => $log_dir,
+      log_file => $log_file,
+    }
    class { 'glance::api':
-      enabled_backends => $enabled_backends,
-      default_backend  => $glance_backend_id,
-      sync_db          => $sync_db,
+      bind_port               => $bind_port,
+      enabled_backends        => $enabled_backends,
+      default_backend         => $glance_backend_id,
+      show_image_direct_url   => $show_image_direct_url,
+      show_multiple_locations => $show_multiple_locations,
+      sync_db                 => $sync_db,
    }

    ['cinder', 'file', 'rbd', 'swift'].each |String $backend_type| {