openstack-ansible-os_glance/templates/glance-api.conf.j2
Dmitriy Rabotyagov 6baa7827ce Define unique hostname for QManager
Due to the shortcoming of QManager implementation [1], in case of uWSGI
usage on metal hosts, the flow ends up with having the same
hostname/processname set, making services to fight over same file
under SHM.

In order to avoid this, we prepend the hostname with a service_name.
We can not change processname instead, since it will lead to the fight
between different processes of the same service.

[1] https://bugs.launchpad.net/oslo.messaging/+bug/2065922

Change-Id: Idfe3a93727c3ba7f05589d4113233e999c99d398
2024-05-25 13:28:30 +02:00

165 lines
7.6 KiB
Django/Jinja

# {{ ansible_managed }}
[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
use_journal = True
fatal_deprecations = {{ glance_fatal_deprecations }}
bind_host = {{ glance_api_bind_address }}
bind_port = {{ glance_api_service_port }}
http_keepalive = {{ glance_http_keepalive }}
digest_algorithm = {{ glance_digest_algorithm }}
backlog = 4096
workers = {{ glance_api_workers | default(glance_api_threads) }}
worker_self_reference_url = {{ (glance_backend_ssl | ternary('https', 'http')) ~ '://' ~ glance_api_bind_address ~ ':' ~ glance_api_service_port }}
enable_v2_api = {{ glance_enable_v2_api | bool }}
{% if glance_oslomsg_rpc_configure %}
transport_url = {{ glance_oslomsg_rpc_transport }}://{% for host in glance_oslomsg_rpc_servers.split(',') %}{{ glance_oslomsg_rpc_userid }}:{{ glance_oslomsg_rpc_password }}@{{ host }}:{{ glance_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _glance_oslomsg_rpc_vhost_conf }}{% if glance_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ glance_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ glance_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
{% endif %}
scrub_time = 43200
image_cache_dir = {{ glance_system_user_home }}/cache/
image_cache_stall_time = {{ glance_image_cache_stall_time }}
image_cache_max_size = {{ glance_image_cache_max_size }}
# defaults to true if RBD is used as default store
show_image_direct_url = {{ glance_show_image_direct_url }}
show_multiple_locations = {{ glance_show_multiple_locations }}
enabled_backends = {% for backend in glance_available_stores %}{{ backend['name'] }}:{{ backend['type'] }}{% if not loop.last %},{% endif %}{% endfor %}
{% if glance_property_protection_file_overrides | length > 0 %}
property_protection_file = {{ glance_property_protection_file }}
property_protection_rule_format = {{ glance_property_protection_rule_format }}
{% endif %}
[task]
task_executor = {{ glance_task_executor }}
[database]
connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}:{{ glance_galera_port }}/{{ glance_galera_database }}?charset=utf8{% if glance_galera_use_ssl | bool %}&ssl_verify_cert=true{% if glance_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ glance_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ glance_db_max_overflow }}
max_pool_size = {{ glance_db_max_pool_size }}
pool_timeout = {{ glance_db_pool_timeout }}
connection_recycle_time = {{ glance_db_connection_recycle_time }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ glance_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ glance_service_project_domain_id }}
user_domain_id = {{ glance_service_user_domain_id }}
project_name = {{ glance_service_project_name }}
username = {{ glance_service_user_name }}
password = {{ glance_service_password }}
region_name = {{ keystone_service_region }}
service_token_roles_required = {{ glance_service_token_roles_required | bool }}
service_token_roles = {{ glance_service_token_roles | join(',') }}
service_type = {{ glance_service_type }}
memcached_servers = {{ glance_memcached_servers }}
token_cache_time = 300
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}
{% if glance_oslomsg_rpc_transport == 'rabbit' %}
[oslo_messaging_rabbit]
rabbit_quorum_queue = {{ glance_oslomsg_rabbit_quorum_queues }}
rabbit_transient_quorum_queue = {{ glance_oslomsg_rabbit_transient_quorum_queues }}
rabbit_qos_prefetch_count = {{ glance_oslomsg_rabbit_qos_prefetch_count }}
use_queue_manager = {{ glance_oslomsg_rabbit_queue_manager }}
{% if glance_oslomsg_rabbit_queue_manager %}
hostname = {{ [ansible_facts['hostname'], glance_service_name] | join('-') }}
{% endif %}
rabbit_stream_fanout = {{ glance_oslomsg_rabbit_stream_fanout }}
rabbit_quorum_delivery_limit = {{ glance_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ glance_oslomsg_rabbit_quorum_max_memory_bytes }}
{% endif %}
[oslo_messaging_notifications]
topics = notifications
driver = {{ (glance_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ glance_oslomsg_notify_transport }}://{% for host in glance_oslomsg_notify_servers.split(',') %}{{ glance_oslomsg_notify_userid }}:{{ glance_oslomsg_notify_password }}@{{ host }}:{{ glance_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _glance_oslomsg_notify_vhost_conf }}{% if glance_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ glance_oslomsg_notify_ssl_version }}&ssl_ca_file={{ glance_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[paste_deploy]
flavor = {{ glance_flavor }}
[glance_store]
default_backend = {{ (glance_default_store is string) | ternary(glance_default_store, glance_default_store['name']) }}
{% for backend in glance_available_stores %}
{% if backend['name'] == 'file' and backend['type'] == 'file' and 'config' not in backend %}
[file]
filesystem_store_datadir = {{ glance_system_user_home }}/{{ glance_images_local_directory }}/
{% elif backend['name'] == 'swift' and backend['type'] == 'swift' and 'config' not in backend %}
[swift]
swift_store_config_file = {{ glance_etc_dir }}/glance-swift-store.conf
default_swift_reference = swift1
swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
swift_store_region = {{ glance_swift_store_region }}
swift_store_container = {{ glance_swift_store_container }}
swift_store_create_container_on_put = True
swift_store_large_object_size = {{ glance_swift_store_large_object_size }}
swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_size }}
swift_store_retry_get_count = 5
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
{% elif backend['name'] == 'rbd' and backend['type'] == 'rbd' and 'config' not in backend %}
[rbd]
rbd_store_pool = {{ glance_rbd_store_pool }}
rbd_store_user = {{ glance_rbd_store_user }}
rbd_store_ceph_conf = /etc/ceph/ceph.conf
rbd_store_chunk_size = {{ glance_rbd_store_chunk_size }}
{% elif backend['name'] == 'cinder' and backend['type'] == 'cinder' and 'config' not in backend %}
[cinder]
cinder_catalog_info = volumev3:cinderv3:internalURL
cinder_store_auth_address = {{ keystone_service_adminurl }}
cinder_store_user_name = {{ glance_service_user_name }}
cinder_store_password = {{ glance_service_password }}
cinder_store_project_name = {{ glance_service_project_name }}
cinder_store_user_domain_name = {{ glance_service_user_domain_id }}
cinder_store_project_domain_name = {{ glance_service_project_domain_id }}
{% else %}
[{{ backend['name'] }}]
{% for key, value in backend.get('config', {}).items() %}
{{ key }} = {{ value }}
{% endfor %}
{% endif %}
{% endfor %}
[profiler]
enabled = {{ glance_profiler_enabled }}
{% if glance_proxy_headers_parsing | bool %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% endif %}
[oslo_concurrency]
lock_path = {{ glance_use_uwsgi | ternary('/run/lock/' ~ glance_services['glance-api']['service_name'] ~ '/uwsgi', '/run/lock/glance') }}
{% if glance_cors_allowed_origin is not none %}
[cors]
allow_headers = origin,content-md5,x-image-meta-checksum,x-storage-token,accept-encoding,x-auth-token,x-identity-status,x-roles,x-service-catalog,x-user-id,x-tenant-id,x-openstack-request-id
allow_methods = GET,POST,PUT,PATCH,DELETE
allowed_origin = {{ glance_cors_allowed_origin }}
{% endif %}