66534e9dc5
This patch enhances Kolla-Ansible's existing support for multiple Ceph clusters by improving the management of custom users, pools, and cluster names. It aligns the Ceph integration more closely with the official Ceph user management guidelines [1]. Keyrings now follow the format `$cluster.client.$user.keyring`, and configurations are easier to handle when multiple Ceph clusters are in use, especially in environments with multiple availability zones. Previously, workarounds were needed for keyrings and config files, which this patch eliminates, providing a cleaner and more structured configuration approach which follows the Ceph best practices. The default Kolla setup remains unaffected by these changes, ensuring backward compatibility. Updated documentation and examples are included. [1] https://docs.ceph.com/en/latest/rados/operations/user-management/#keyring-management Change-Id: I2593b6df737b384f1a5fba22f69e851c575990b4
162 lines
4.9 KiB
Django/Jinja
162 lines
4.9 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ glance_logging_debug }}
|
|
|
|
# NOTE(elemoine) log_dir alone does not work for Glance
|
|
log_file = /var/log/kolla/glance/glance-api.log
|
|
|
|
worker_self_reference_url = {{ 'https' if glance_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ glance_api_port }}
|
|
|
|
{% if glance_enable_tls_backend | bool %}
|
|
bind_host = 127.0.0.1
|
|
{% else %}
|
|
bind_host = {{ api_interface_address }}
|
|
{% endif %}
|
|
bind_port = {{ glance_api_listen_port }}
|
|
workers = {{ glance_api_workers }}
|
|
|
|
{% if glance_store_backends %}
|
|
enabled_backends = {% for key in glance_store_backends %}{{ key.name }}:{{ key.type }}{% if not loop.last %}, {% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if glance_enable_property_protection | bool %}
|
|
property_protection_file = /etc/glance/property-protections-rules.conf
|
|
{% endif %}
|
|
|
|
cinder_catalog_info = volume:cinder:internalURL
|
|
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
{% if enable_glance_image_cache | bool %}
|
|
image_cache_max_size = {{ glance_cache_max_size }}
|
|
image_cache_dir = /var/lib/glance/image-cache
|
|
{% endif %}
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }}
|
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
|
max_pool_size = {{ database_max_pool_size }}
|
|
max_retries = -1
|
|
|
|
[keystone_authtoken]
|
|
service_type = image
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ glance_keystone_user }}
|
|
password = {{ glance_keystone_password }}
|
|
cafile = {{ openstack_cacert }}
|
|
region_name = {{ openstack_region_name }}
|
|
|
|
memcache_security_strategy = {{ memcache_security_strategy }}
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
[paste_deploy]
|
|
flavor = {% if enable_glance_image_cache | bool %}keystone+cachemanagement{% else %}keystone{% endif %}
|
|
|
|
[glance_store]
|
|
default_backend = "{{ glance_default_backend }}"
|
|
|
|
{% if glance_backend_file | bool %}
|
|
[file]
|
|
filesystem_store_datadir = /var/lib/glance/images/
|
|
{% endif %}
|
|
|
|
{% if glance_backend_ceph | bool %}
|
|
{% for backend in glance_ceph_backends %}
|
|
[{{ backend.name }}]
|
|
rbd_store_user = {{ backend.user }}
|
|
rbd_store_pool = {{ backend.pool }}
|
|
rbd_store_ceph_conf = /etc/ceph/{{ backend.cluster }}.conf
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if glance_backend_swift | bool %}
|
|
[swift]
|
|
swift_store_container = glance
|
|
swift_store_multiple_containers_seed = 0
|
|
swift_store_multi_tenant = False
|
|
swift_store_create_container_on_put = True
|
|
swift_store_region = {{ openstack_region_name }}
|
|
default_swift_reference = swift
|
|
swift_store_config_file = /etc/glance/glance-swift.conf
|
|
swift_store_auth_insecure = True
|
|
{% endif %}
|
|
|
|
{% if glance_backend_s3 | bool %}
|
|
[s3]
|
|
s3_store_host = {{ glance_backend_s3_url }}
|
|
s3_store_access_key = {{ glance_backend_s3_access_key }}
|
|
s3_store_secret_key = {{ glance_backend_s3_secret_key }}
|
|
s3_store_bucket = {{ glance_backend_s3_bucket }}
|
|
{% endif %}
|
|
|
|
{% if glance_backend_vmware | bool %}
|
|
[vmware]
|
|
vmware_server_host = {{ vmware_vcenter_host_ip }}
|
|
vmware_server_username = {{ vmware_vcenter_host_username }}
|
|
vmware_server_password = {{ vmware_vcenter_host_password }}
|
|
vmware_datastores = {{ vmware_vcenter_name }}:{{ vmware_datastore_name }}
|
|
vmware_insecure = True
|
|
{% endif %}
|
|
|
|
[os_glance_tasks_store]
|
|
filesystem_store_datadir = /var/lib/glance/tasks_work_dir
|
|
|
|
[os_glance_staging_store]
|
|
filesystem_store_datadir = /var/lib/glance/staging
|
|
|
|
[oslo_middleware]
|
|
enable_proxy_headers_parsing = True
|
|
|
|
[oslo_concurrency]
|
|
lock_path = /var/lib/glance/tmp
|
|
|
|
[oslo_messaging_notifications]
|
|
transport_url = {{ notify_transport_url }}
|
|
{% if glance_enabled_notification_topics %}
|
|
driver = messagingv2
|
|
topics = {{ glance_enabled_notification_topics | map(attribute='name') | join(',') }}
|
|
{% else %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
[oslo_messaging_rabbit]
|
|
heartbeat_in_pthread = false
|
|
{% if om_enable_rabbitmq_tls | bool %}
|
|
ssl = true
|
|
ssl_ca_file = {{ om_rabbitmq_cacert }}
|
|
{% endif %}
|
|
{% if om_enable_rabbitmq_high_availability | bool %}
|
|
amqp_durable_queues = true
|
|
{% endif %}
|
|
{% if om_enable_rabbitmq_quorum_queues | bool %}
|
|
rabbit_quorum_queue = true
|
|
{% endif %}
|
|
|
|
{% if glance_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ glance_policy_file }}
|
|
{% endif %}
|
|
|
|
{% if enable_osprofiler | bool %}
|
|
[profiler]
|
|
enabled = true
|
|
trace_sqlalchemy = true
|
|
hmac_keys = {{ osprofiler_secret }}
|
|
connection_string = {{ osprofiler_backend_connection_string }}
|
|
{% endif %}
|
|
|
|
{% if enable_barbican | bool %}
|
|
[barbican]
|
|
auth_endpoint = {{ keystone_internal_url }}
|
|
barbican_endpoint_type = internal
|
|
verify_ssl_path = {{ openstack_cacert }}
|
|
{% endif %}
|
|
|
|
[cors]
|
|
allowed_origin = {{ horizon_public_endpoint }}
|