Allow Glance API and Registry to be split

The glance-api and glance-registry services are currently coupled in that some of the hiera settings in the API are required for the registry to run correctly (the backend settings). This patch moves some of the common settings into glance-base and then updates the glance-api and glance-registry services to supply that service. Change-Id: Ie3d7e24c7fd475e3f6ad542c1654eb7dbd9d9b35 Closes-bug: #1628582
2016-09-28 11:36:27 -04:00 · 2016-09-28 11:36:27 -04:00 · 04486223fd
commit 04486223fd
parent 0baa13790a
3 changed files with 197 additions and 140 deletions
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@ -18,32 +18,14 @@ parameters:
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
-  CephClientUserName:
-    default: openstack
-    type: string
  Debug:
    default: ''
    description: Set to True to enable debugging on all services.
    type: string
-  GlanceNotifierStrategy:
-    description: Strategy to use for Glance notification queue
-    type: string
-    default: noop
-  GlanceLogFile:
-    description: The filepath of the file to use for logging messages from Glance.
-    type: string
-    default: ''
  GlancePassword:
    description: The password for the glance service and db account, used by the glance services.
    type: string
    hidden: true
-  GlanceBackend:
-    default: swift
-    description: The short name of the Glance backend to use. Should be one
-      of swift, rbd, or file
-    type: string
-    constraints:
-    - allowed_values: ['swift', 'file', 'rbd']
  GlanceWorkers:
    default: ''
    description: |
@ -55,31 +37,6 @@ parameters:
      memory consumption. It is recommended that a suitable non-default value
      be selected on such systems.
    type: string
-  GlanceRbdPoolName:
-    default: images
-    type: string
-  RabbitPassword:
-    description: The password for RabbitMQ
-    type: string
-    hidden: true
-  RabbitUserName:
-    default: guest
-    description: The username for RabbitMQ
-    type: string
-  RabbitClientPort:
-    default: 5672
-    description: Set rabbit subscriber port, change this if using SSL
-    type: number
-  RabbitClientUseSSL:
-    default: false
-    description: >
-        Rabbit client subscriber parameter to specify
-        an SSL connection to the RabbitMQ host.
-    type: string
-  KeystoneRegion:
-    type: string
-    default: 'regionOne'
-    description: Keystone region for endpoint
  MonitoringSubscriptionGlanceApi:
    default: 'overcloud-glance-api'
    type: string
@ -89,6 +46,14 @@ parameters:
      tag: openstack.glance.api
      path: /var/log/glance/api.log

+resources:
+  GlanceBase:
+    type: ./glance-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
 outputs:
  role_data:
    description: Role data for the Glance API role.
@ -99,66 +64,46 @@ outputs:
      logging_groups:
        - glance
      config_settings:
-        glance::api::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://glance:'
-              - {get_param: GlancePassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/glance'
-        glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
-        glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
-        glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
-        glance::api::registry_host:
-          str_replace:
-            template: "'REGISTRY_HOST'"
-            params:
-              REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
-        glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
-        glance::api::authtoken::password: {get_param: GlancePassword}
-        glance::api::enable_proxy_headers_parsing: true
-        glance::api::debug: {get_param: Debug}
-        glance::api::workers: {get_param: GlanceWorkers}
-        glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
-        glance_log_file: {get_param: GlanceLogFile}
-        glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
-        glance::backend::swift::swift_store_user: service:glance
-        glance::backend::swift::swift_store_key: {get_param: GlancePassword}
-        glance::backend::swift::swift_store_create_container_on_put: true
-        glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
-        glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
-        glance_backend: {get_param: GlanceBackend}
-        glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
-        glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
-        glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
-        glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
-        glance::notify::rabbitmq::notification_driver: messagingv2
-        glance::registry::db::database_db_max_retries: -1
-        glance::registry::db::database_max_retries: -1
-        tripleo.glance_api.firewall_rules:
-          '112 glance_api':
-            dport:
-              - 9292
-              - 13292
-        glance::api::authtoken::project_name: 'service'
-        glance::api::pipeline: 'keystone'
-        glance::api::show_image_direct_url: true
-        # NOTE: bind IP is found in Heat replacing the network name with the
-        # local node IP for the given network; replacement examples
-        # (eg. for internal_api):
-        # internal_api -> IP
-        # internal_api_uri -> [IP]
-        # internal_api_subnet - > IP/CIDR
-        glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+        map_merge:
+          - get_attr: [GlanceBase, role_data, config_settings]
+          - glance::api::database_connection:
+              list_join:
+                - ''
+                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+                  - '://glance:'
+                  - {get_param: GlancePassword}
+                  - '@'
+                  - {get_param: [EndpointMap, MysqlInternal, host]}
+                  - '/glance'
+            glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
+            glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+            glance::api::registry_host:
+              str_replace:
+                template: "'REGISTRY_HOST'"
+                params:
+                  REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
+            glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] }
+            glance::api::authtoken::password: {get_param: GlancePassword}
+            glance::api::enable_proxy_headers_parsing: true
+            glance::api::debug: {get_param: Debug}
+            glance::api::workers: {get_param: GlanceWorkers}
+            tripleo.glance_api.firewall_rules:
+              '112 glance_api':
+                dport:
+                  - 9292
+                  - 13292
+            glance::api::authtoken::project_name: 'service'
+            glance::api::pipeline: 'keystone'
+            glance::api::show_image_direct_url: true
+            # NOTE: bind IP is found in Heat replacing the network name with the
+            # local node IP for the given network; replacement examples
+            # (eg. for internal_api):
+            # internal_api -> IP
+            # internal_api_uri -> [IP]
+            # internal_api_subnet - > IP/CIDR
+            glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
      step_config: |
        include ::tripleo::profile::base::glance::api
      service_config_settings:
-        keystone:
-          glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
-          glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
-          glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
-          glance::keystone::auth::password: {get_param: GlancePassword }
-          glance::keystone::auth::region: {get_param: KeystoneRegion}
-          glance::keystone::auth::tenant: 'service'
+        get_attr: [GlanceBase, role_data, service_config_settings]
--- a/puppet/services/glance-base.yaml
+++ b/puppet/services/glance-base.yaml
@ -0,0 +1,110 @@
+heat_template_version: 2016-10-14
+
+description: >
+  OpenStack Glance Common settings with Puppet
+
+parameters:
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  CephClientUserName:
+    default: openstack
+    type: string
+  Debug:
+    default: ''
+    description: Set to True to enable debugging on all services.
+    type: string
+  GlanceNotifierStrategy:
+    description: Strategy to use for Glance notification queue
+    type: string
+    default: noop
+  GlanceLogFile:
+    description: The filepath of the file to use for logging messages from Glance.
+    type: string
+    default: ''
+  GlancePassword:
+    description: The password for the glance service and db account, used by the glance services.
+    type: string
+    hidden: true
+  GlanceBackend:
+    default: swift
+    description: The short name of the Glance backend to use. Should be one
+      of swift, rbd, or file
+    type: string
+    constraints:
+    - allowed_values: ['swift', 'file', 'rbd']
+  GlanceRbdPoolName:
+    default: images
+    type: string
+  RabbitPassword:
+    description: The password for RabbitMQ
+    type: string
+    hidden: true
+  RabbitUserName:
+    default: guest
+    description: The username for RabbitMQ
+    type: string
+  RabbitClientPort:
+    default: 5672
+    description: Set rabbit subscriber port, change this if using SSL
+    type: number
+  RabbitClientUseSSL:
+    default: false
+    description: >
+        Rabbit client subscriber parameter to specify
+        an SSL connection to the RabbitMQ host.
+    type: string
+  KeystoneRegion:
+    type: string
+    default: 'regionOne'
+    description: Keystone region for endpoint
+
+outputs:
+  role_data:
+    description: Role data for the Glance common role.
+    value:
+      service_name: glance_base
+      config_settings:
+        glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+        glance_log_file: {get_param: GlanceLogFile}
+        glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+        glance::backend::swift::swift_store_user: service:glance
+        glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+        glance::backend::swift::swift_store_create_container_on_put: true
+        glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+        glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
+        glance_backend: {get_param: GlanceBackend}
+        glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+        glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+        glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+        glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+        glance::notify::rabbitmq::notification_driver: messagingv2
+        glance::registry::db::database_db_max_retries: -1
+        glance::registry::db::database_max_retries: -1
+      service_config_settings:
+        keystone:
+          glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+          glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+          glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+          glance::keystone::auth::password: {get_param: GlancePassword }
+          glance::keystone::auth::region: {get_param: KeystoneRegion}
+          glance::keystone::auth::tenant: 'service'
+        mysql:
+          glance::db::mysql::password: {get_param: GlancePassword}
+          glance::db::mysql::user: glance
+          glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+          glance::db::mysql::dbname: glance
+          glance::db::mysql::allowed_hosts:
+            - '%'
+            - "%{hiera('mysql_bind_host')}"
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@ -46,6 +46,14 @@ parameters:
      tag: openstack.glance.registry
      path: /var/log/glance/registry.log

+resources:
+  GlanceBase:
+    type: ./glance-base.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
 outputs:
  role_data:
    description: Role data for the Glance Registry role.
@ -56,43 +64,37 @@ outputs:
      logging_groups:
        - glance
      config_settings:
-        glance::registry::database_connection:
-          list_join:
-            - ''
-            - - {get_param: [EndpointMap, MysqlInternal, protocol]}
-              - '://glance:'
-              - {get_param: GlancePassword}
-              - '@'
-              - {get_param: [EndpointMap, MysqlInternal, host]}
-              - '/glance'
-        glance::registry::authtoken::password: {get_param: GlancePassword}
-        glance::registry::authtoken::project_name: 'service'
-        glance::registry::pipeline: 'keystone'
-        glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
-        glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
-        glance::registry::debug: {get_param: Debug}
-        glance::registry::workers: {get_param: GlanceWorkers}
-        glance::registry::db::database_db_max_retries: -1
-        glance::registry::db::database_max_retries: -1
-        tripleo.glance_registry.firewall_rules:
-          '112 glance_registry':
-            dport:
-              - 9191
-        # NOTE: bind IP is found in Heat replacing the network name with the
-        # local node IP for the given network; replacement examples
-        # (eg. for internal_api):
-        # internal_api -> IP
-        # internal_api_uri -> [IP]
-        # internal_api_subnet - > IP/CIDR
-        glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
+        map_merge:
+          - get_attr: [GlanceBase, role_data, config_settings]
+
+          - glance::registry::database_connection:
+              list_join:
+                - ''
+                - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+                  - '://glance:'
+                  - {get_param: GlancePassword}
+                  - '@'
+                  - {get_param: [EndpointMap, MysqlInternal, host]}
+                  - '/glance'
+            glance::registry::authtoken::password: {get_param: GlancePassword}
+            glance::registry::authtoken::project_name: 'service'
+            glance::registry::pipeline: 'keystone'
+            glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+            glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+            glance::registry::debug: {get_param: Debug}
+            glance::registry::workers: {get_param: GlanceWorkers}
+            tripleo.glance_registry.firewall_rules:
+              '112 glance_registry':
+                dport:
+                  - 9191
+            # NOTE: bind IP is found in Heat replacing the network name with the
+            # local node IP for the given network; replacement examples
+            # (eg. for internal_api):
+            # internal_api -> IP
+            # internal_api_uri -> [IP]
+            # internal_api_subnet - > IP/CIDR
+            glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
      step_config: |
        include ::tripleo::profile::base::glance::registry
      service_config_settings:
-        mysql:
-          glance::db::mysql::password: {get_param: GlancePassword}
-          glance::db::mysql::user: glance
-          glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
-          glance::db::mysql::dbname: glance
-          glance::db::mysql::allowed_hosts:
-            - '%'
-            - "%{hiera('mysql_bind_host')}"
+          get_attr: [GlanceBase, role_data, config_settings]