tripleo-heat-templates/puppet/services/glance-api.yaml
Giulio Fidente 43edc49a04 Move glance::api::show_multiple_locations within GlanceApi
Previously we were setting glance::api::show_multiple_locations
from the CephBase resource but this seems unnecessary as the
GlanceApi resource can consume the parameters needed to set
the value.

Change-Id: I0a7d8cb19a86b96d6196dad453970b4e56c5fe7e
2017-06-21 11:17:40 +02:00

291 lines
12 KiB
YAML

heat_template_version: pike
description: >
OpenStack Glance API service configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
GlanceDebug:
default: ''
description: Set to True to enable debugging Glance service.
type: string
GlancePassword:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlanceWorkers:
default: ''
description: |
Number of API worker processes for Glance. If left unset (empty string), the
default value will result in the configuration being left unset and a
system-dependent default value will be chosen (e.g.: number of
processors). Please note that this will create a large number of
processes on systems with a large number of CPUs resulting in excess
memory consumption. It is recommended that a suitable non-default value
be selected on such systems.
type: string
MonitoringSubscriptionGlanceApi:
default: 'overcloud-glance-api'
type: string
GlanceApiLoggingSource:
type: json
default:
tag: openstack.glance.api
path: /var/log/glance/api.log
EnableInternalTLS:
type: boolean
default: false
CephClientUserName:
default: openstack
type: string
GlanceNotifierStrategy:
description: Strategy to use for Glance notification queue
type: string
default: noop
GlanceLogFile:
description: The filepath of the file to use for logging messages from Glance.
type: string
default: ''
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
GlanceNfsEnabled:
default: false
description: >
When using GlanceBackend 'file', mount NFS share for image storage.
type: boolean
GlanceNfsShare:
default: ''
description: >
NFS share to mount for image storage (when GlanceNfsEnabled is true)
type: string
GlanceNfsOptions:
default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
description: >
NFS mount options for image storage (when GlanceNfsEnabled is true)
type: string
GlanceRbdPoolName:
default: images
type: string
NovaEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Nova
type: boolean
RabbitPassword:
description: The password for RabbitMQ
type: string
hidden: true
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
RabbitClientUseSSL:
default: false
description: >
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
GlanceApiPolicies:
description: |
A hash of policies to configure for Glance API.
e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
glance_multiple_locations:
and:
- equals:
- get_param: GlanceBackend
- rbd
- equals:
- get_param: NovaEnableRbdBackend
- true
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Glance API role.
value:
service_name: glance_api
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
logging_source: {get_param: GlanceApiLoggingSource}
logging_groups:
- glance
config_settings:
map_merge:
- get_attr: [TLSProxyBase, role_data, config_settings]
- glance::api::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: glance
password: {get_param: GlancePassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /glance
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: GlanceDebug }
glance::policy::policies: {get_param: GlanceApiPolicies}
tripleo.glance_api.firewall_rules:
'112 glance_api':
dport:
- 9292
- 13292
glance::api::authtoken::project_name: 'service'
glance::keystone::authtoken::user_domain_name: 'Default'
glance::keystone::authtoken::project_domain_name: 'Default'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
get_param: [ServiceNetMap, GlanceApiNetwork]
tripleo::profile::base::glance::api::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
tripleo::profile::base::glance::api::tls_proxy_port:
get_param: [EndpointMap, GlanceInternal, port]
# Bind to localhost if internal TLS is enabled, since we put a TLs
# proxy in front.
glance::api::bind_host:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_param: GlancePassword}
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::swift::swift_store_auth_version: 3
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
glance_backend: {get_param: GlanceBackend}
glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
glance::notify::rabbitmq::notification_driver: messagingv2
tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
-
if:
- glance_workers_unset
- {}
- glance::api::workers: {get_param: GlanceWorkers}
service_config_settings:
keystone:
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
glance::keystone::auth::password: {get_param: GlancePassword }
glance::keystone::auth::region: {get_param: KeystoneRegion}
glance::keystone::auth::tenant: 'service'
mysql:
glance::db::mysql::password: {get_param: GlancePassword}
glance::db::mysql::user: glance
glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
glance::db::mysql::dbname: glance
glance::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
step_config: |
include ::tripleo::profile::base::glance::api
upgrade_tasks:
- name: Check if glance_api is deployed
command: systemctl is-enabled openstack-glance-api
tags: common
ignore_errors: True
register: glance_api_enabled
#(TODO) Remove all glance-registry bits in Pike.
- name: Check if glance_registry is deployed
command: systemctl is-enabled openstack-glance-registry
tags: common
ignore_errors: True
register: glance_registry_enabled
- name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
tags: step0,validation
when: glance_api_enabled.rc == 0
- name: Stop glance_api service
tags: step1
when: glance_api_enabled.rc == 0
service: name=openstack-glance-api state=stopped
- name: Stop and disable glance registry (removed for Ocata)
tags: step1
when: glance_registry_enabled.rc == 0
service: name=openstack-glance-registry state=stopped enabled=no