6c6c784865
glance-base is not useful anymore since we only run Glance API service and there is no plan yet to add new services for Glance. Let's cleanup this useless service and consolidate glance-api service. Change-Id: I73cd0def2ae73e0bd52104c6710998df4a0d2e58
248 lines
10 KiB
YAML
248 lines
10 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
OpenStack Glance API service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
Debug:
|
|
default: ''
|
|
description: Set to True to enable debugging on all services.
|
|
type: string
|
|
GlancePassword:
|
|
description: The password for the glance service and db account, used by the glance services.
|
|
type: string
|
|
hidden: true
|
|
GlanceWorkers:
|
|
default: ''
|
|
description: |
|
|
Number of API worker processes for Glance. If left unset (empty string), the
|
|
default value will result in the configuration being left unset and a
|
|
system-dependent default value will be chosen (e.g.: number of
|
|
processors). Please note that this will create a large number of
|
|
processes on systems with a large number of CPUs resulting in excess
|
|
memory consumption. It is recommended that a suitable non-default value
|
|
be selected on such systems.
|
|
type: string
|
|
MonitoringSubscriptionGlanceApi:
|
|
default: 'overcloud-glance-api'
|
|
type: string
|
|
GlanceApiLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.glance.api
|
|
path: /var/log/glance/api.log
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
CephClientUserName:
|
|
default: openstack
|
|
type: string
|
|
Debug:
|
|
default: ''
|
|
description: Set to True to enable debugging on all services.
|
|
type: string
|
|
GlanceNotifierStrategy:
|
|
description: Strategy to use for Glance notification queue
|
|
type: string
|
|
default: noop
|
|
GlanceLogFile:
|
|
description: The filepath of the file to use for logging messages from Glance.
|
|
type: string
|
|
default: ''
|
|
GlanceBackend:
|
|
default: swift
|
|
description: The short name of the Glance backend to use. Should be one
|
|
of swift, rbd, or file
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['swift', 'file', 'rbd']
|
|
GlanceNfsEnabled:
|
|
default: false
|
|
description: >
|
|
When using GlanceBackend 'file', mount NFS share for image storage.
|
|
type: boolean
|
|
GlanceNfsShare:
|
|
default: ''
|
|
description: >
|
|
NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
|
type: string
|
|
GlanceNfsOptions:
|
|
default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
|
|
description: >
|
|
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
|
type: string
|
|
GlanceRbdPoolName:
|
|
default: images
|
|
type: string
|
|
RabbitPassword:
|
|
description: The password for RabbitMQ
|
|
type: string
|
|
hidden: true
|
|
RabbitUserName:
|
|
default: guest
|
|
description: The username for RabbitMQ
|
|
type: string
|
|
RabbitClientPort:
|
|
default: 5672
|
|
description: Set rabbit subscriber port, change this if using SSL
|
|
type: number
|
|
RabbitClientUseSSL:
|
|
default: false
|
|
description: >
|
|
Rabbit client subscriber parameter to specify
|
|
an SSL connection to the RabbitMQ host.
|
|
type: string
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
|
|
conditions:
|
|
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
|
|
TLSProxyBase:
|
|
type: OS::TripleO::Services::TLSProxyBase
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
EnableInternalTLS: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Glance API role.
|
|
value:
|
|
service_name: glance_api
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
|
|
logging_source: {get_param: GlanceApiLoggingSource}
|
|
logging_groups:
|
|
- glance
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [TLSProxyBase, role_data, config_settings]
|
|
- glance::api::database_connection:
|
|
list_join:
|
|
- ''
|
|
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
|
|
- '://glance:'
|
|
- {get_param: GlancePassword}
|
|
- '@'
|
|
- {get_param: [EndpointMap, MysqlInternal, host]}
|
|
- '/glance'
|
|
- '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
|
|
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
|
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
|
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
|
glance::api::enable_v1_api: false
|
|
glance::api::enable_v2_api: true
|
|
glance::api::authtoken::password: {get_param: GlancePassword}
|
|
glance::api::enable_proxy_headers_parsing: true
|
|
glance::api::debug: {get_param: Debug}
|
|
glance::api::workers: {get_param: GlanceWorkers}
|
|
tripleo.glance_api.firewall_rules:
|
|
'112 glance_api':
|
|
dport:
|
|
- 9292
|
|
- 13292
|
|
glance::api::authtoken::project_name: 'service'
|
|
glance::api::pipeline: 'keystone'
|
|
glance::api::show_image_direct_url: true
|
|
# NOTE: bind IP is found in Heat replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
tripleo::profile::base::glance::api::tls_proxy_bind_ip:
|
|
get_param: [ServiceNetMap, GlanceApiNetwork]
|
|
tripleo::profile::base::glance::api::tls_proxy_fqdn:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
|
tripleo::profile::base::glance::api::tls_proxy_port:
|
|
get_param: [EndpointMap, GlanceInternal, port]
|
|
# Bind to localhost if internal TLS is enabled, since we put a TLs
|
|
# proxy in front.
|
|
glance::api::bind_host:
|
|
if:
|
|
- use_tls_proxy
|
|
- 'localhost'
|
|
- {get_param: [ServiceNetMap, GlanceApiNetwork]}
|
|
glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
|
|
glance_log_file: {get_param: GlanceLogFile}
|
|
glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
|
glance::backend::swift::swift_store_user: service:glance
|
|
glance::backend::swift::swift_store_key: {get_param: GlancePassword}
|
|
glance::backend::swift::swift_store_create_container_on_put: true
|
|
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
|
|
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
|
|
glance_backend: {get_param: GlanceBackend}
|
|
glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
|
|
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
|
|
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
|
|
glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
|
|
glance::notify::rabbitmq::notification_driver: messagingv2
|
|
tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
|
|
tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
|
|
tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
|
|
service_config_settings:
|
|
keystone:
|
|
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
|
|
glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
|
|
glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
|
|
glance::keystone::auth::password: {get_param: GlancePassword }
|
|
glance::keystone::auth::region: {get_param: KeystoneRegion}
|
|
glance::keystone::auth::tenant: 'service'
|
|
mysql:
|
|
glance::db::mysql::password: {get_param: GlancePassword}
|
|
glance::db::mysql::user: glance
|
|
glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
|
|
glance::db::mysql::dbname: glance
|
|
glance::db::mysql::allowed_hosts:
|
|
- '%'
|
|
- "%{hiera('mysql_bind_host')}"
|
|
step_config: |
|
|
include ::tripleo::profile::base::glance::api
|
|
upgrade_tasks:
|
|
- name: Check if glance_api is deployed
|
|
command: systemctl is-enabled openstack-glance-api
|
|
tags: common
|
|
ignore_errors: True
|
|
register: glance_api_enabled
|
|
#(TODO) Remove all glance-registry bits in Pike.
|
|
- name: Check if glance_registry is deployed
|
|
command: systemctl is-enabled openstack-glance-registry
|
|
tags: common
|
|
ignore_errors: True
|
|
register: glance_registry_enabled
|
|
- name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
|
|
shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
|
|
tags: step0,validation
|
|
when: glance_api_enabled.rc == 0
|
|
- name: Stop glance_api service
|
|
tags: step1
|
|
when: glance_api_enabled.rc == 0
|
|
service: name=openstack-glance-api state=stopped
|
|
- name: Stop and disable glance registry (removed for Ocata)
|
|
tags: step1
|
|
when: glance_registry_enabled.rc == 0
|
|
service: name=openstack-glance-registry state=stopped enabled=no
|