kolla-ansible/ansible/roles/glance/templates/glance-api.conf.j2
Michal Arbet 66534e9dc5 Enhance Ceph Integration for Multiple Clusters
This patch enhances Kolla-Ansible's existing support for
multiple Ceph clusters by improving the management of
custom users, pools, and cluster names. It aligns
the Ceph integration more closely with the official Ceph
user management guidelines [1].

Keyrings now follow the format `$cluster.client.$user.keyring`,
and configurations are easier to handle when multiple Ceph
clusters are in use, especially in environments with multiple
availability zones.

Previously, workarounds were needed for keyrings and config
files, which this patch eliminates, providing a cleaner and
more structured configuration approach which follows the
Ceph best practices.

The default Kolla setup remains unaffected by these changes,
ensuring backward compatibility.
Updated documentation and examples are included.

[1] https://docs.ceph.com/en/latest/rados/operations/user-management/#keyring-management

Change-Id: I2593b6df737b384f1a5fba22f69e851c575990b4
2024-11-25 11:52:57 +01:00

162 lines
4.9 KiB
Django/Jinja

[DEFAULT]
debug = {{ glance_logging_debug }}
# NOTE(elemoine) log_dir alone does not work for Glance
log_file = /var/log/kolla/glance/glance-api.log
worker_self_reference_url = {{ 'https' if glance_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ glance_api_port }}
{% if glance_enable_tls_backend | bool %}
bind_host = 127.0.0.1
{% else %}
bind_host = {{ api_interface_address }}
{% endif %}
bind_port = {{ glance_api_listen_port }}
workers = {{ glance_api_workers }}
{% if glance_store_backends %}
enabled_backends = {% for key in glance_store_backends %}{{ key.name }}:{{ key.type }}{% if not loop.last %}, {% endif %}{% endfor %}
{% endif %}
{% if glance_enable_property_protection | bool %}
property_protection_file = /etc/glance/property-protections-rules.conf
{% endif %}
cinder_catalog_info = volume:cinder:internalURL
transport_url = {{ rpc_transport_url }}
{% if enable_glance_image_cache | bool %}
image_cache_max_size = {{ glance_cache_max_size }}
image_cache_dir = /var/lib/glance/image-cache
{% endif %}
[database]
connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }}
connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
max_retries = -1
[keystone_authtoken]
service_type = image
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ glance_keystone_user }}
password = {{ glance_keystone_password }}
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
memcache_security_strategy = {{ memcache_security_strategy }}
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[paste_deploy]
flavor = {% if enable_glance_image_cache | bool %}keystone+cachemanagement{% else %}keystone{% endif %}
[glance_store]
default_backend = "{{ glance_default_backend }}"
{% if glance_backend_file | bool %}
[file]
filesystem_store_datadir = /var/lib/glance/images/
{% endif %}
{% if glance_backend_ceph | bool %}
{% for backend in glance_ceph_backends %}
[{{ backend.name }}]
rbd_store_user = {{ backend.user }}
rbd_store_pool = {{ backend.pool }}
rbd_store_ceph_conf = /etc/ceph/{{ backend.cluster }}.conf
{% endfor %}
{% endif %}
{% if glance_backend_swift | bool %}
[swift]
swift_store_container = glance
swift_store_multiple_containers_seed = 0
swift_store_multi_tenant = False
swift_store_create_container_on_put = True
swift_store_region = {{ openstack_region_name }}
default_swift_reference = swift
swift_store_config_file = /etc/glance/glance-swift.conf
swift_store_auth_insecure = True
{% endif %}
{% if glance_backend_s3 | bool %}
[s3]
s3_store_host = {{ glance_backend_s3_url }}
s3_store_access_key = {{ glance_backend_s3_access_key }}
s3_store_secret_key = {{ glance_backend_s3_secret_key }}
s3_store_bucket = {{ glance_backend_s3_bucket }}
{% endif %}
{% if glance_backend_vmware | bool %}
[vmware]
vmware_server_host = {{ vmware_vcenter_host_ip }}
vmware_server_username = {{ vmware_vcenter_host_username }}
vmware_server_password = {{ vmware_vcenter_host_password }}
vmware_datastores = {{ vmware_vcenter_name }}:{{ vmware_datastore_name }}
vmware_insecure = True
{% endif %}
[os_glance_tasks_store]
filesystem_store_datadir = /var/lib/glance/tasks_work_dir
[os_glance_staging_store]
filesystem_store_datadir = /var/lib/glance/staging
[oslo_middleware]
enable_proxy_headers_parsing = True
[oslo_concurrency]
lock_path = /var/lib/glance/tmp
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if glance_enabled_notification_topics %}
driver = messagingv2
topics = {{ glance_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}
[oslo_messaging_rabbit]
heartbeat_in_pthread = false
{% if om_enable_rabbitmq_tls | bool %}
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
{% if om_enable_rabbitmq_high_availability | bool %}
amqp_durable_queues = true
{% endif %}
{% if om_enable_rabbitmq_quorum_queues | bool %}
rabbit_quorum_queue = true
{% endif %}
{% if glance_policy_file is defined %}
[oslo_policy]
policy_file = {{ glance_policy_file }}
{% endif %}
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}
{% if enable_barbican | bool %}
[barbican]
auth_endpoint = {{ keystone_internal_url }}
barbican_endpoint_type = internal
verify_ssl_path = {{ openstack_cacert }}
{% endif %}
[cors]
allowed_origin = {{ horizon_public_endpoint }}