d60969cb55
This patch adopts the recommendation outlined in OSSN-0090 [1], in which two instances of the glance-api service are deployed: - A "user facing" glance-api service, accessible via the Public keystone endpoint. - An "internal facing only" service, accessible via the Admin and Internal keystone endpoints. The user facing instance is configured so it does not report any image location information. This is achieved by configuring glance-api.conf with the show_image_direct_url and show_multiple_locations set to False. The internal service operates on a separate TCP port (defaults to 9293) with its own glance-api.conf that configures show_image_direct_url and show_multiple_locations set to True. In order for cinder and nova to have access to the image location data, both services are configured to access glance via the internal service. [1] https://wiki.openstack.org/wiki/OSSN/OSSN-0090 Closes-Bug: #1822540 Depends-On: Ideb5a951d538d9e2c7cca11dfe0e8b99520de959 Depends-On: Ib6188505197d0a267dbd8c4d96f12f31f7b5c9f0 Change-Id: Id093613f9d410eb3fe5564a724c0f75275eeb4e8 |
||
|---|---|---|
| .. | ||
| enable-internal-tls.j2.yaml | ||
| enable-memcached-tls.yaml | ||
| enable-tls.yaml | ||
| inject-trust-anchor-hiera.yaml | ||
| inject-trust-anchor.yaml | ||
| no-tls-endpoints-public-ip.yaml | ||
| tls-endpoints-public-dns.yaml | ||
| tls-endpoints-public-ip.yaml | ||
| tls-everywhere-endpoints-dns.yaml | ||