openstack/tripleo-heat-templates
Code Issues Proposed changes
fa83eb1b86
tripleo-heat-templates/puppet/services/glance-api.yaml
Giulio Fidente 0b1afb48e5 Allows for configuration of the Ceph cluster name 
To be able to support multiple Ceph cluster, an initial step is
to allow for configuration of each cluster name.

Depends-On: I8d5293eaaf104b6374dfa13992a67ddc37397f10
Implements: blueprint custom-ceph-cluster-name
Change-Id: I1b4d51ca6a2d08fa7a68eea680eb104eff732057
2018-02-20 11:35:01 +01:00

333 lines
13 KiB
YAML
Raw Blame History

heat_template_version: queens
description: >
OpenStack Glance API service configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
Debug:
default: false
description: Set to True to enable debugging on all services.
type: boolean
GlanceDebug:
default: ''
description: Set to True to enable debugging Glance service.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
GlancePassword:
description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlanceWorkers:
default: ''
description: |
Number of API worker processes for Glance. If left unset (empty string), the
default value will result in the configuration being left unset and a
system-dependent default value will be chosen (e.g.: number of
processors). Please note that this will create a large number of
processes on systems with a large number of CPUs resulting in excess
memory consumption. It is recommended that a suitable non-default value
be selected on such systems.
type: string
MonitoringSubscriptionGlanceApi:
default: 'overcloud-glance-api'
type: string
GlanceApiLoggingSource:
type: json
default:
tag: openstack.glance.api
path: /var/log/glance/api.log
GlanceImageMemberQuota:
default: 128
description: |
Maximum number of image members per image.
Negative values evaluate to unlimited.
type: number
EnableInternalTLS:
type: boolean
default: false
CephClientUserName:
default: openstack
type: string
CephClusterName:
type: string
default: ceph
description: The Ceph cluster name.
constraints:
- allowed_pattern: "[a-zA-Z0-9]+"
description: >
The Ceph cluster name must be at least 1 character and contain only
letters and numbers.
GlanceNotifierStrategy:
description: Strategy to use for Glance notification queue
type: string
default: noop
GlanceLogFile:
description: The filepath of the file to use for logging messages from Glance.
type: string
default: ''
GlanceBackend:
default: swift
description: The short name of the Glance backend to use. Should be one
of swift, rbd, cinder, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd', 'cinder']
GlanceNfsEnabled:
default: false
description: >
When using GlanceBackend 'file', mount NFS share for image storage.
type: boolean
GlanceNfsShare:
default: ''
description: >
NFS share to mount for image storage (when GlanceNfsEnabled is true)
type: string
GlanceNfsOptions:
default: '_netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0'
description: >
NFS mount options for image storage (when GlanceNfsEnabled is true)
type: string
GlanceRbdPoolName:
default: images
type: string
NovaEnableRbdBackend:
default: false
description: Whether to enable or not the Rbd backend for Nova
type: boolean
RabbitPassword:
description: The password for RabbitMQ
type: string
hidden: true
RabbitUserName:
default: guest
description: The username for RabbitMQ
type: string
RabbitClientPort:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
RabbitClientUseSSL:
default: false
description: >
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
GlanceApiPolicies:
description: |
A hash of policies to configure for Glance API.
e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
NotificationDriver:
type: string
default: 'messagingv2'
description: Driver or drivers to handle sending notifications.
constraints:
- allowed_values: [ 'messagingv2', 'noop' ]
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
glance_multiple_locations:
and:
- equals:
- get_param: GlanceBackend
- rbd
- equals:
- get_param: NovaEnableRbdBackend
- true
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
description: Role data for the Glance API role.
value:
service_name: glance_api
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
config_settings:
map_merge:
- get_attr: [TLSProxyBase, role_data, config_settings]
- glance::api::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: glance
password: {get_param: GlancePassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /glance
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: GlanceDebug }
glance::policy::policies: {get_param: GlanceApiPolicies}
tripleo.glance_api.firewall_rules:
'112 glance_api':
dport:
- 9292
- 13292
glance::api::authtoken::project_name: 'service'
glance::keystone::authtoken::user_domain_name: 'Default'
glance::keystone::authtoken::project_domain_name: 'Default'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
glance::api::os_region_name: {get_param: KeystoneRegion}
glance::api::image_member_quota: {get_param: GlanceImageMemberQuota}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
get_param: [ServiceNetMap, GlanceApiNetwork]
tripleo::profile::base::glance::api::tls_proxy_fqdn:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
tripleo::profile::base::glance::api::tls_proxy_port:
get_param: [EndpointMap, GlanceInternal, port]
# Bind to localhost if internal TLS is enabled, since we put a TLs
# proxy in front.
glance::api::bind_host:
if:
- use_tls_proxy
- 'localhost'
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
glance_log_file: {get_param: GlanceLogFile}
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {get_param: GlancePassword}
glance::backend::swift::swift_store_create_container_on_put: true
glance::backend::swift::swift_store_auth_version: 3
glance::backend::rbd::rbd_store_ceph_conf:
list_join:
- ''
- - '/etc/ceph/'
- {get_param: CephClusterName}
- '.conf'
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
glance_backend: {get_param: GlanceBackend}
glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver}
tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
-
if:
- glance_workers_unset
- {}
- glance::api::workers: {get_param: GlanceWorkers}
service_config_settings:
fluentd:
tripleo_fluentd_groups_glance_api:
- glance
tripleo_fluentd_sources_glance_api:
- {get_param: GlanceApiLoggingSource}
keystone:
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
glance::keystone::auth::password: {get_param: GlancePassword }
glance::keystone::auth::region: {get_param: KeystoneRegion}
glance::keystone::auth::tenant: 'service'
mysql:
glance::db::mysql::password: {get_param: GlancePassword}
glance::db::mysql::user: glance
glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
glance::db::mysql::dbname: glance
glance::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
step_config: |
include ::tripleo::profile::base::glance::api
upgrade_tasks:
- name: Check if glance_api is deployed
command: systemctl is-enabled openstack-glance-api
tags: common
ignore_errors: True
register: glance_api_enabled
#(TODO) Remove all glance-registry bits in Pike.
- name: Check if glance_registry is deployed
command: systemctl is-enabled openstack-glance-registry
tags: common
ignore_errors: True
register: glance_registry_enabled
- name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
tags: validation
when:
- step|int == 0
- glance_api_enabled.rc == 0
- name: Stop glance_api service
when:
- step|int == 1
- glance_api_enabled.rc == 0
service: name=openstack-glance-api state=stopped
- name: Stop and disable glance registry (removed for Ocata)
when:
- step|int == 1
- glance_registry_enabled.rc == 0
service: name=openstack-glance-registry state=stopped enabled=no
View Git Blame Copy Permalink