890 lines
36 KiB
YAML
890 lines
36 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack Glance service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
DeployIdentifier:
|
|
default: ''
|
|
type: string
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
GlanceDebug:
|
|
default: false
|
|
description: Set to True to enable debugging Glance service.
|
|
type: boolean
|
|
EnableSQLAlchemyCollectd:
|
|
type: boolean
|
|
description: >
|
|
Set to true to enable the SQLAlchemy-collectd server plugin
|
|
default: false
|
|
GlancePassword:
|
|
description: The password for the glance service and db account, used by the glance services.
|
|
type: string
|
|
hidden: true
|
|
GlanceWorkers:
|
|
default: ''
|
|
description: |
|
|
Number of API worker processes for Glance. If left unset (empty string), the
|
|
default value will result in the configuration being left unset and a
|
|
system-dependent default value will be chosen (e.g.: number of
|
|
processors). Please note that this will create a large number of
|
|
processes on systems with a large number of CPUs resulting in excess
|
|
memory consumption. It is recommended that a suitable non-default value
|
|
be selected on such systems.
|
|
type: string
|
|
MonitoringSubscriptionGlanceApi:
|
|
default: 'overcloud-glance-api'
|
|
type: string
|
|
GlanceApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.glance.api
|
|
file: /var/log/containers/glance/api.log
|
|
GlanceImageMemberQuota:
|
|
default: 128
|
|
description: |
|
|
Maximum number of image members per image.
|
|
Negative values evaluate to unlimited.
|
|
type: number
|
|
GlanceNfsEnabled:
|
|
default: false
|
|
description: >
|
|
When using GlanceBackend 'file', mount NFS share for image storage.
|
|
type: boolean
|
|
GlanceCacheEnabled:
|
|
description: Enable Glance Image Cache
|
|
type: boolean
|
|
default: False
|
|
GlanceImageCacheDir:
|
|
description: Base directory that the Image Cache uses
|
|
type: string
|
|
default: '/var/lib/glance/image-cache'
|
|
GlanceImageCacheMaxSize:
|
|
description: >
|
|
The upper limit on cache size, in bytes, after which the cache-pruner
|
|
cleans up the image cache.
|
|
type: number
|
|
default: 10737418240
|
|
GlanceImageCacheStallTime:
|
|
description: >
|
|
The amount of time, in seconds, to let an image remain in the cache
|
|
without being accessed.
|
|
type: number
|
|
default: 86400
|
|
GlanceImagePrefetcherInterval:
|
|
description: >
|
|
The interval in seconds to run periodic job cache_images.
|
|
type: number
|
|
default: 300
|
|
GlanceNfsShare:
|
|
default: ''
|
|
description: >
|
|
NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
|
type: string
|
|
GlanceNetappNfsEnabled:
|
|
default: false
|
|
description: >
|
|
When using GlanceBackend 'file', Netapp mount NFS share for image storage.
|
|
type: boolean
|
|
NetappShareLocation:
|
|
default: ''
|
|
description: >
|
|
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
|
type: string
|
|
GlanceNfsOptions:
|
|
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
|
|
description: >
|
|
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
|
type: string
|
|
GlanceRbdPoolName:
|
|
default: images
|
|
type: string
|
|
NovaEnableRbdBackend:
|
|
default: false
|
|
description: Whether to enable the Rbd backend for Nova ephemeral storage.
|
|
type: boolean
|
|
tags:
|
|
- role_specific
|
|
GlanceShowMultipleLocations:
|
|
default: false
|
|
description: |
|
|
Whether to show multiple image locations e.g for copy-on-write support on
|
|
RBD or Netapp backends. Potential security risk, see glance.conf for more information.
|
|
type: boolean
|
|
# We default import plugins list to 'no_op' (instead of empty list) to discern from the scenario
|
|
# in which the user purposely disabled all plugins setting it to an empty list. This is useful
|
|
# to automatically enable image_conversion plugin only when value is left to the default.
|
|
GlanceImageImportPlugins:
|
|
default: ['no_op']
|
|
description: >
|
|
List of enabled Image Import Plugins. Valid values in the list are
|
|
'image_conversion', 'inject_metadata', 'no_op'.
|
|
type: comma_delimited_list
|
|
GlanceDiskFormats:
|
|
default: ''
|
|
description: >
|
|
List of allowed disk formats in Glance; all formats are allowed when
|
|
left unset.
|
|
type: comma_delimited_list
|
|
GlanceImageConversionOutputFormat:
|
|
default: 'raw'
|
|
description: Desired output format for image conversion plugin.
|
|
type: string
|
|
GlanceInjectMetadataProperties:
|
|
default: ''
|
|
description: Metadata properties to be injected in image.
|
|
type: comma_delimited_list
|
|
GlanceIgnoreUserRoles:
|
|
default: 'admin'
|
|
description: List of user roles to be ignored for injecting image metadata properties.
|
|
type: comma_delimited_list
|
|
GlanceEnabledImportMethods:
|
|
default: 'web-download'
|
|
description: >
|
|
List of enabled Image Import Methods. Valid values in the list are
|
|
'glance-direct', 'web-download', or 'copy-image'
|
|
type: comma_delimited_list
|
|
GlanceStagingNfsShare:
|
|
default: ''
|
|
description: >
|
|
NFS share to mount for image import staging
|
|
type: string
|
|
GlanceNodeStagingUri:
|
|
default: 'file:///var/lib/glance/staging'
|
|
description: >
|
|
URI that specifies the staging location to use when importing images
|
|
type: string
|
|
GlanceStagingNfsOptions:
|
|
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
|
|
description: >
|
|
NFS mount options for NFS image import staging
|
|
type: string
|
|
GlanceSparseUploadEnabled:
|
|
default: false
|
|
description: >
|
|
When using GlanceBackend 'file' and 'rbd' to enable or not sparse upload.
|
|
type: boolean
|
|
EnforceSecureRbac:
|
|
type: boolean
|
|
default: false
|
|
description: >-
|
|
Setting this option to True will configure each OpenStack service to
|
|
enforce Secure RBAC by setting `[oslo_policy] enforce_new_defaults` and
|
|
`[oslo_policy] enforce_scope` to True. This introduces a consistent set
|
|
of RBAC personas across OpenStack services that include support for
|
|
system and project scope, as well as keystone's default roles, admin,
|
|
member, and reader. Do not enable this functionality until all services in
|
|
your deployment actually support secure RBAC.
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
GlanceApiPolicies:
|
|
description: |
|
|
A hash of policies to configure for Glance API.
|
|
e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
|
|
default: {}
|
|
type: json
|
|
NotificationDriver:
|
|
type: comma_delimited_list
|
|
default: 'noop'
|
|
description: Driver or drivers to handle sending notifications.
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
GlanceNotifierStrategy:
|
|
description: Strategy to use for Glance notification queue
|
|
type: string
|
|
default: noop
|
|
GlanceLogFile:
|
|
description: The filepath of the file to use for logging messages from Glance.
|
|
type: string
|
|
default: ''
|
|
GlanceBackend:
|
|
default: swift
|
|
description: The short name of the Glance backend to use. Should be one
|
|
of swift, rbd, cinder, or file
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
|
|
GlanceBackendID:
|
|
type: string
|
|
default: 'default_backend'
|
|
description: The default backend's identifier.
|
|
constraints:
|
|
- allowed_pattern: "[a-zA-Z0-9_-]+"
|
|
GlanceStoreDescription:
|
|
type: string
|
|
default: 'Default glance store backend.'
|
|
description: User facing description for the Glance backend.
|
|
GlanceMultistoreConfig:
|
|
type: json
|
|
default: {}
|
|
description: |
|
|
Dictionary of settings when configuring additional glance backends. The
|
|
hash key is the backend ID, and the value is a dictionary of parameter
|
|
values unique to that backend. Multiple rbd and cinder backends are allowed, but
|
|
file and swift backends are limited to one each. Example:
|
|
# Default glance store is rbd.
|
|
GlanceBackend: rbd
|
|
GlanceStoreDescription: 'Default rbd store'
|
|
# GlanceMultistoreConfig specifies a second rbd backend, plus a cinder
|
|
# backend.
|
|
GlanceMultistoreConfig:
|
|
rbd2_store:
|
|
GlanceBackend: rbd
|
|
GlanceStoreDescription: 'Second rbd store'
|
|
CephClusterName: ceph2
|
|
# Override CephClientUserName if this cluster uses a different
|
|
# client name.
|
|
CephClientUserName: client2
|
|
cinder1_store:
|
|
GlanceBackend: cinder
|
|
GlanceCinderVolumeType: 'volume-type-1'
|
|
GlanceStoreDescription: 'First cinder store'
|
|
cinder2_store:
|
|
GlanceBackend: cinder
|
|
GlanceCinderVolumeType: 'volume-type-2'
|
|
GlanceStoreDescription: 'Seconde cinder store'
|
|
GlanceCinderMountPointBase:
|
|
default: '/var/lib/glance/mnt'
|
|
type: string
|
|
description: |
|
|
The mount point base when glance is using cinder as store and cinder backend
|
|
is NFS. This mount point is where the NFS volume is mounted on the glance node.
|
|
GlanceCinderVolumeType:
|
|
default: ''
|
|
type: string
|
|
description: |
|
|
A unique volume type required for each cinder store while configuring multiple cinder
|
|
stores as glance backends. The same volume types must be configured in Cinder as well.
|
|
The volume type must exist in cinder prior to any attempt to add an image in the associated
|
|
cinder store. If no volume type is specified then cinder's default volume type will be used.
|
|
CephClientUserName:
|
|
default: openstack
|
|
type: string
|
|
CephClusterName:
|
|
type: string
|
|
default: ceph
|
|
description: The Ceph cluster name.
|
|
constraints:
|
|
- allowed_pattern: "[a-zA-Z0-9]+"
|
|
description: >
|
|
The Ceph cluster name must be at least 1 character and contain only
|
|
letters and numbers.
|
|
CephConfigPath:
|
|
type: string
|
|
default: "/var/lib/tripleo-config/ceph"
|
|
description: |
|
|
The path where the Ceph Cluster config files are stored on the host.
|
|
MultipathdEnable:
|
|
default: false
|
|
description: Whether to enable the multipath daemon
|
|
type: boolean
|
|
GlanceApiOptVolumes:
|
|
default: []
|
|
description: list of optional volumes to be mounted
|
|
type: comma_delimited_list
|
|
ContainerGlanceApiImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerGlanceApiConfigImage:
|
|
description: The container image to use for the glance_api config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
GlanceCronDbPurgeMinute:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Minute
|
|
default: '1'
|
|
GlanceCronDbPurgeHour:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Hour
|
|
default: '0'
|
|
GlanceCronDbPurgeMonthday:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Month Day
|
|
default: '*'
|
|
GlanceCronDbPurgeMonth:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Month
|
|
default: '*'
|
|
GlanceCronDbPurgeWeekday:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Week Day
|
|
default: '*'
|
|
GlanceCronDbPurgeUser:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - User
|
|
default: 'glance'
|
|
GlanceCronDbPurgeAge:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Age
|
|
default: '30'
|
|
GlanceCronDbPurgeMaxRows:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Max Rows
|
|
default: '100'
|
|
GlanceCronDbPurgeDestination:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Log destination
|
|
default: '/var/log/glance/glance-rowsflush.log'
|
|
GlanceCronDbPurgeMaxDelay:
|
|
type: string
|
|
description: >
|
|
Cron to purge db entries marked as deleted and older than $age - Max Delay
|
|
default: '3600'
|
|
MemcacheUseAdvancedPool:
|
|
type: boolean
|
|
description: |
|
|
Use the advanced (eventlet safe) memcached client pool.
|
|
default: true
|
|
|
|
conditions:
|
|
cinder_backend_enabled:
|
|
or:
|
|
- equals:
|
|
- get_param: GlanceBackend
|
|
- cinder
|
|
- yaql:
|
|
expression: $.data.values().any($.get("GlanceBackend", "") = "cinder")
|
|
data: {get_param: GlanceMultistoreConfig}
|
|
cinder_multipathd_enabled:
|
|
and:
|
|
- cinder_backend_enabled
|
|
- get_param: MultipathdEnable
|
|
rbd_backend_enabled:
|
|
or:
|
|
- equals:
|
|
- get_param: GlanceBackend
|
|
- rbd
|
|
- yaql:
|
|
expression: $.data.values().any($.get("GlanceBackend", "") = "rbd")
|
|
data: {get_param: GlanceMultistoreConfig}
|
|
force_image_conversion_plugin:
|
|
or:
|
|
- and:
|
|
- rbd_backend_enabled
|
|
- equals: [{get_param: GlanceImageImportPlugins}, ['no_op']]
|
|
- {get_param: NovaEnableRbdBackend}
|
|
- {get_param: GlanceSparseUploadEnabled}
|
|
glance_workers_set:
|
|
not: {equals : [{get_param: GlanceWorkers}, '']}
|
|
glance_multiple_locations:
|
|
or:
|
|
- {get_param: GlanceShowMultipleLocations}
|
|
- {get_param: GlanceNetappNfsEnabled}
|
|
- and:
|
|
# Keep this for compat, but ignore NovaEnableRbdBackend if it's a role param
|
|
- rbd_backend_enabled
|
|
- get_param: NovaEnableRbdBackend
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
GlanceLogging:
|
|
type: OS::TripleO::Services::Logging::GlanceApi
|
|
|
|
TLSProxyBase:
|
|
type: OS::TripleO::Services::TLSProxyBase
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerGlanceApiImage: ContainerGlanceApiImage
|
|
ContainerGlanceApiConfigImage: ContainerGlanceApiConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerGlanceApiImage: {get_param: ContainerGlanceApiImage}
|
|
ContainerGlanceApiConfigImage: {get_param: ContainerGlanceApiConfigImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Glance API role.
|
|
value:
|
|
service_name: glance_api
|
|
firewall_rules:
|
|
'112 glance_api':
|
|
dport:
|
|
- 9292
|
|
firewall_frontend_rules:
|
|
'100 glance_api_haproxy_frontend':
|
|
dport:
|
|
- 9292
|
|
firewall_ssl_frontend_rules:
|
|
'100 glance_api_haproxy_frontend_ssl':
|
|
dport:
|
|
- 13292
|
|
keystone_resources:
|
|
glance:
|
|
endpoints:
|
|
public: {get_param: [EndpointMap, GlancePublic, uri]}
|
|
internal: {get_param: [EndpointMap, GlanceInternal, uri]}
|
|
admin: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
|
users:
|
|
glance:
|
|
password: {get_param: GlancePassword}
|
|
roles:
|
|
- admin
|
|
- service
|
|
region: {get_param: KeystoneRegion}
|
|
service: 'image'
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [TLSProxyBase, role_data, config_settings]
|
|
# Set this for glance as it does not have a default
|
|
- glance::config::api_config:
|
|
paste_deploy/config_file:
|
|
value: '/etc/glance/glance-api-paste.ini'
|
|
glance::api::db::database_connection:
|
|
make_url:
|
|
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
username: glance
|
|
password: {get_param: GlancePassword}
|
|
host: {get_param: [EndpointMap, MysqlInternal, host]}
|
|
path: /glance
|
|
query:
|
|
if:
|
|
- {get_param: EnableSQLAlchemyCollectd}
|
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
plugin: collectd
|
|
collectd_program_name: glance
|
|
collectd_host: localhost
|
|
- read_default_file: /etc/my.cnf.d/tripleo.cnf
|
|
read_default_group: tripleo
|
|
|
|
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
|
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
|
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
glance::api::enable_v1_api: false
|
|
glance::api::enable_v2_api: true
|
|
glance::api::authtoken::password: {get_param: GlancePassword}
|
|
glance::api::enable_proxy_headers_parsing: true
|
|
glance::api::logging::debug:
|
|
if:
|
|
- {get_param: GlanceDebug}
|
|
- true
|
|
- {get_param: Debug}
|
|
glance::policy::policies: {get_param: GlanceApiPolicies}
|
|
glance::api::authtoken::project_name: 'service'
|
|
glance::api::authtoken::region_name: {get_param: KeystoneRegion}
|
|
glance::api::authtoken::user_domain_name: 'Default'
|
|
glance::api::authtoken::project_domain_name: 'Default'
|
|
glance::api::authtoken::interface: 'internal'
|
|
glance::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
|
glance::api::pipeline:
|
|
if:
|
|
- {get_param: GlanceCacheEnabled}
|
|
- 'keystone+cachemanagement'
|
|
- 'keystone'
|
|
glance::api::show_image_direct_url: true
|
|
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
|
|
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
|
|
glance::api::enabled_import_methods: {get_param: GlanceEnabledImportMethods}
|
|
glance::api::node_staging_uri: {get_param: GlanceNodeStagingUri}
|
|
glance::api::image_import_plugins:
|
|
if:
|
|
- force_image_conversion_plugin
|
|
- list_concat_unique:
|
|
- {get_param: GlanceImageImportPlugins}
|
|
- ['image_conversion']
|
|
- {get_param: GlanceImageImportPlugins}
|
|
glance::api::image_conversion_output_format: {get_param: GlanceImageConversionOutputFormat}
|
|
glance::api::inject_metadata_properties: {get_param: GlanceInjectMetadataProperties}
|
|
glance::api::ignore_user_roles: {get_param: GlanceIgnoreUserRoles}
|
|
glance::api::sync_db: false
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
|
tripleo::profile::base::glance::api::tls_proxy_fqdn:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
|
tripleo::profile::base::glance::api::tls_proxy_port:
|
|
get_param: [EndpointMap, GlanceInternal, port]
|
|
# Bind to localhost if internal TLS is enabled, since we put a TLs
|
|
# proxy in front.
|
|
glance::api::bind_host:
|
|
if:
|
|
- {get_param: EnableInternalTLS}
|
|
- "%{lookup('localhost_address')}"
|
|
- str_replace:
|
|
template:
|
|
"%{lookup('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
|
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
|
|
glance_log_file: {get_param: GlanceLogFile}
|
|
glance::backend::rbd::rbd_thin_provisioning: {get_param: GlanceSparseUploadEnabled}
|
|
glance::backend::file::filesystem_thin_provisioning: {get_param: GlanceSparseUploadEnabled}
|
|
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
|
|
glance::backend::swift::swift_store_user: service:glance
|
|
glance::backend::swift::swift_store_key: {get_param: GlancePassword}
|
|
glance::backend::swift::swift_store_create_container_on_put: true
|
|
glance::backend::swift::swift_store_auth_version: 3
|
|
glance::backend::rbd::rbd_store_ceph_conf:
|
|
list_join:
|
|
- ''
|
|
- - '/etc/ceph/'
|
|
- {get_param: CephClusterName}
|
|
- '.conf'
|
|
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
|
|
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
|
|
glance_backend: {get_param: GlanceBackend}
|
|
tripleo::profile::base::glance::api::glance_backend_id: {get_param: GlanceBackendID}
|
|
tripleo::profile::base::glance::api::glance_store_description: {get_param: GlanceStoreDescription}
|
|
tripleo::profile::base::glance::api::multistore_config: {get_param: GlanceMultistoreConfig}
|
|
tripleo::profile::base::glance::backend::rbd::glance_rbd_ceph_conf_path: {get_param: CephConfigPath}
|
|
glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver}
|
|
glance::cron::db_purge::minute: {get_param: GlanceCronDbPurgeMinute}
|
|
glance::cron::db_purge::hour: {get_param: GlanceCronDbPurgeHour}
|
|
glance::cron::db_purge::monthday: {get_param: GlanceCronDbPurgeMonthday}
|
|
glance::cron::db_purge::month: {get_param: GlanceCronDbPurgeMonth}
|
|
glance::cron::db_purge::weekday: {get_param: GlanceCronDbPurgeWeekday}
|
|
glance::cron::db_purge::user: {get_param: GlanceCronDbPurgeUser}
|
|
glance::cron::db_purge::age: {get_param: GlanceCronDbPurgeAge}
|
|
glance::cron::db_purge::max_rows: {get_param: GlanceCronDbPurgeMaxRows}
|
|
glance::cron::db_purge::destination: {get_param: GlanceCronDbPurgeDestination}
|
|
glance::cron::db_purge::maxdelay: {get_param: GlanceCronDbPurgeMaxDelay}
|
|
- if:
|
|
- glance_workers_set
|
|
- glance::api::workers: {get_param: GlanceWorkers}
|
|
- if:
|
|
- {get_param: EnforceSecureRbac}
|
|
- glance::api::enforce_secure_rbac: true
|
|
glance::policy::enforce_new_defaults: true
|
|
- if:
|
|
- cinder_backend_enabled
|
|
- glance::backend::cinder::cinder_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
|
glance::backend::cinder::cinder_store_project_name: 'service'
|
|
glance::backend::cinder::cinder_store_user_name: 'glance'
|
|
glance::backend::cinder::cinder_store_password: {get_param: GlancePassword}
|
|
glance::backend::cinder::cinder_os_region_name: {get_param: KeystoneRegion}
|
|
tripleo::profile::base::glance::backend::cinder::cinder_mount_point_base: {get_param: GlanceCinderMountPointBase}
|
|
tripleo::profile::base::glance::backend::cinder::cinder_volume_type: {get_param: GlanceCinderVolumeType}
|
|
-
|
|
if:
|
|
- cinder_multipathd_enabled
|
|
- glance::backend::cinder::cinder_use_multipath: true
|
|
- if:
|
|
- {get_param: GlanceCacheEnabled}
|
|
- tripleo::profile::base::glance::api::glance_enable_cache: true
|
|
glance::api::image_cache_dir: {get_param: GlanceImageCacheDir}
|
|
glance::api::image_cache_max_size: {get_param: GlanceImageCacheMaxSize}
|
|
glance::api::image_cache_stall_time: {get_param: GlanceImageCacheStallTime}
|
|
glance::api::cache_prefetcher_interval: {get_param: GlanceImagePrefetcherInterval}
|
|
- if:
|
|
- {get_param: GlanceNetappNfsEnabled}
|
|
- tripleo::profile::base::glance::netapp::netapp_share: {get_param: NetappShareLocation}
|
|
glance::api::filesystem_store_metadata_file: '/etc/glance/glance-metadata-file.json'
|
|
glance::api::filesystem_store_file_perm: '0644'
|
|
- if:
|
|
- contains: ['glance-direct', {get_param: GlanceEnabledImportMethods}]
|
|
- glance::api::worker_self_reference_url: {get_param: [EndpointMap, GlanceInternal, uri_no_suffix]}
|
|
- if:
|
|
- not: {equals: [{get_param: GlanceDiskFormats}, []]}
|
|
- glance::api::disk_formats: {get_param: GlanceDiskFormats}
|
|
service_config_settings:
|
|
mysql:
|
|
glance::db::mysql::password: {get_param: GlancePassword}
|
|
glance::db::mysql::user: glance
|
|
glance::db::mysql::host: '%'
|
|
glance::db::mysql::dbname: glance
|
|
rsyslog:
|
|
tripleo_logging_sources_glance_api:
|
|
- {get_param: GlanceApiLoggingSource}
|
|
horizon:
|
|
horizon::policy::glance_policies: {get_param: GlanceApiPolicies}
|
|
# BEGIN DOCKER SETTINGS #
|
|
puppet_config:
|
|
config_volume: glance_api
|
|
puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config,glance_image_import_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include tripleo::profile::base::glance::api
|
|
- if:
|
|
- {get_param: GlanceNetappNfsEnabled}
|
|
- include tripleo::profile::base::glance::netapp
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerGlanceApiConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/glance_api.json:
|
|
command: /usr/bin/glance-api --config-file /etc/glance/glance-api.conf --config-file /etc/glance/glance-image-import.conf
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-ceph/"
|
|
dest: "/etc/ceph/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src-iscsid/*"
|
|
dest: "/etc/iscsi/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
list_concat:
|
|
- - path: /var/lib/glance
|
|
owner: glance:glance
|
|
recurse: true
|
|
- path:
|
|
str_replace:
|
|
template: /etc/ceph/CLUSTER.client.USER.keyring
|
|
params:
|
|
CLUSTER: {get_param: CephClusterName}
|
|
USER: {get_param: CephClientUserName}
|
|
owner: glance:glance
|
|
perm: '0600'
|
|
- repeat:
|
|
template:
|
|
path: /etc/ceph/<%keyring%>
|
|
owner: glance:glance
|
|
perm: '0600'
|
|
for_each:
|
|
<%keyring%>:
|
|
yaql:
|
|
expression: let(u => $.data.user) -> $.data.multistore.values().where($.get("CephClusterName")).select("{0}.client.{1}.keyring".format($.CephClusterName, $.get("CephClientUserName", $u)))
|
|
data:
|
|
user: {get_param: CephClientUserName}
|
|
multistore: {get_param: GlanceMultistoreConfig}
|
|
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
|
|
command: /usr/sbin/httpd -DFOREGROUND
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
|
dest: "/etc/httpd/conf.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.modules.d"
|
|
dest: "/etc/httpd/conf.modules.d"
|
|
merge: false
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
/var/lib/kolla/config_files/glance_api_cron.json:
|
|
command: /usr/sbin/crond -n
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/glance
|
|
owner: glance:glance
|
|
recurse: true
|
|
docker_config:
|
|
step_2:
|
|
get_attr: [GlanceLogging, docker_config, step_2]
|
|
step_3:
|
|
glance_api_db_sync:
|
|
image: &glance_api_image {get_attr: [RoleParametersValue, value, ContainerGlanceApiImage]}
|
|
net: host
|
|
privileged: false
|
|
detach: false
|
|
user: root
|
|
volumes: &glance_volumes
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [GlanceLogging, volumes]}
|
|
- {get_param: GlanceApiOptVolumes}
|
|
- - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
|
|
- /var/lib/config-data/puppet-generated/glance_api:/var/lib/kolla/config_files/src:ro
|
|
- list_join:
|
|
- ':'
|
|
- - {get_param: CephConfigPath}
|
|
- - '/var/lib/kolla/config_files/src-ceph'
|
|
- - 'ro'
|
|
- /var/lib/config-data/puppet-generated/iscsid/etc/iscsi:/var/lib/kolla/config_files/src-iscsid:ro
|
|
- /var/lib/glance:/var/lib/glance:slave
|
|
- if:
|
|
- cinder_backend_enabled
|
|
- - /dev:/dev
|
|
- /var/lib/iscsi:/var/lib/iscsi:z
|
|
- if:
|
|
- cinder_multipathd_enabled
|
|
- - /etc/multipath:/etc/multipath:z
|
|
- /etc/multipath.conf:/etc/multipath.conf:ro
|
|
environment:
|
|
KOLLA_BOOTSTRAP: true
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
|
command: "/usr/bin/bootstrap_host_exec glance_api su glance -s /bin/bash -c '/usr/local/bin/kolla_start'"
|
|
step_4:
|
|
glance_api:
|
|
start_order: 2
|
|
image: *glance_api_image
|
|
net: host
|
|
privileged: {if: [cinder_backend_enabled, true, false]}
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes: *glance_volumes
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
glance_api_tls_proxy:
|
|
if:
|
|
- {get_param: EnableInternalTLS}
|
|
- start_order: 3
|
|
image: *glance_api_image
|
|
net: host
|
|
user: root
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [GlanceLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/glance_api:/var/lib/kolla/config_files/src:ro
|
|
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
|
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
glance_api_cron:
|
|
start_order: 2
|
|
image: *glance_api_image
|
|
net: host
|
|
user: root
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: '/usr/share/openstack-tripleo-common/healthcheck/cron glance'
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [GlanceLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/glance_api_cron.json:/var/lib/kolla/config_files/config.json
|
|
- /var/lib/config-data/puppet-generated/glance_api:/var/lib/kolla/config_files/src:ro
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- {get_attr: [GlanceLogging, host_prep_tasks]}
|
|
- - name: Mount NFS on host
|
|
vars:
|
|
nfs_backend_enabled: {get_param: GlanceNfsEnabled}
|
|
glance_netapp_nfs_enabled: {get_param: GlanceNetappNfsEnabled}
|
|
glance_nfs_share: {get_param: GlanceNfsShare}
|
|
netapp_share_location: {get_param: NetappShareLocation}
|
|
nfs_share: "{{ glance_nfs_share if (glance_nfs_share) else netapp_share_location }}"
|
|
nfs_options: {get_param: GlanceNfsOptions}
|
|
mount:
|
|
name: /var/lib/glance/images
|
|
state: mounted
|
|
fstype: nfs
|
|
src: "{{nfs_share}}"
|
|
opts: "{{nfs_options}}"
|
|
when: nfs_backend_enabled or glance_netapp_nfs_enabled
|
|
- name: Mount Node Staging Location
|
|
vars:
|
|
glance_node_staging_uri: {get_param: GlanceNodeStagingUri}
|
|
glance_staging_nfs_share: {get_param: GlanceStagingNfsShare}
|
|
glance_nfs_options: {get_param: GlanceStagingNfsOptions}
|
|
# Gleaning mount point by stripping "file://" prefix from staging uri
|
|
mount:
|
|
name: "{{glance_node_staging_uri[7:]}}"
|
|
state: mounted
|
|
fstype: nfs
|
|
src: "{{glance_staging_nfs_share}}"
|
|
opts: "{{glance_nfs_options}}"
|
|
when: glance_staging_nfs_share != ''
|
|
- name: ensure ceph configurations exist
|
|
file:
|
|
path: {get_param: CephConfigPath}
|
|
state: directory
|
|
- name: ensure /var/lib/glance exists
|
|
file:
|
|
path: /var/lib/glance
|
|
state: directory
|
|
setype: container_file_t
|
|
metadata_settings:
|
|
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
|
external_upgrade_tasks:
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop glance api container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- glance_api
|
|
- glance_api_cron
|
|
tripleo_delegate_to: "{{ groups['glance_api'] | default([]) }}"
|