1 heat_template_version: pike
4 OpenStack Glance API service configured with Puppet
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
35 description: Set to True to enable debugging on all services.
39 description: Set to True to enable debugging Glance service.
42 description: The password for the glance service and db account, used by the glance services.
48 Number of API worker processes for Glance. If left unset (empty string), the
49 default value will result in the configuration being left unset and a
50 system-dependent default value will be chosen (e.g.: number of
51 processors). Please note that this will create a large number of
52 processes on systems with a large number of CPUs resulting in excess
53 memory consumption. It is recommended that a suitable non-default value
54 be selected on such systems.
56 MonitoringSubscriptionGlanceApi:
57 default: 'overcloud-glance-api'
59 GlanceApiLoggingSource:
62 tag: openstack.glance.api
63 path: /var/log/glance/api.log
70 GlanceNotifierStrategy:
71 description: Strategy to use for Glance notification queue
75 description: The filepath of the file to use for logging messages from Glance.
80 description: The short name of the Glance backend to use. Should be one
81 of swift, rbd, or file
84 - allowed_values: ['swift', 'file', 'rbd']
88 When using GlanceBackend 'file', mount NFS share for image storage.
93 NFS share to mount for image storage (when GlanceNfsEnabled is true)
96 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
98 NFS mount options for image storage (when GlanceNfsEnabled is true)
103 NovaEnableRbdBackend:
105 description: Whether to enable or not the Rbd backend for Nova
108 description: The password for RabbitMQ
113 description: The username for RabbitMQ
117 description: Set rabbit subscriber port, change this if using SSL
122 Rabbit client subscriber parameter to specify
123 an SSL connection to the RabbitMQ host.
128 description: Keystone region for endpoint
131 A hash of policies to configure for Glance API.
132 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
137 default: 'messagingv2'
138 description: Driver or drivers to handle sending notifications.
140 - allowed_values: [ 'messagingv2', 'noop' ]
143 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
144 glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
145 service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
146 glance_multiple_locations:
149 - get_param: GlanceBackend
152 - get_param: NovaEnableRbdBackend
158 type: OS::TripleO::Services::TLSProxyBase
160 ServiceData: {get_param: ServiceData}
161 ServiceNetMap: {get_param: ServiceNetMap}
162 DefaultPasswords: {get_param: DefaultPasswords}
163 EndpointMap: {get_param: EndpointMap}
164 RoleName: {get_param: RoleName}
165 RoleParameters: {get_param: RoleParameters}
166 EnableInternalTLS: {get_param: EnableInternalTLS}
170 description: Role data for the Glance API role.
172 service_name: glance_api
173 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
174 logging_source: {get_param: GlanceApiLoggingSource}
179 - get_attr: [TLSProxyBase, role_data, config_settings]
180 - glance::api::database_connection:
182 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
184 password: {get_param: GlancePassword}
185 host: {get_param: [EndpointMap, MysqlInternal, host]}
188 read_default_file: /etc/my.cnf.d/tripleo.cnf
189 read_default_group: tripleo
190 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
191 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
192 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
193 glance::api::enable_v1_api: false
194 glance::api::enable_v2_api: true
195 glance::api::authtoken::password: {get_param: GlancePassword}
196 glance::api::enable_proxy_headers_parsing: true
199 - service_debug_unset
200 - {get_param: Debug }
201 - {get_param: GlanceDebug }
202 glance::policy::policies: {get_param: GlanceApiPolicies}
203 tripleo.glance_api.firewall_rules:
208 glance::api::authtoken::project_name: 'service'
209 glance::keystone::authtoken::user_domain_name: 'Default'
210 glance::keystone::authtoken::project_domain_name: 'Default'
211 glance::api::pipeline: 'keystone'
212 glance::api::show_image_direct_url: true
213 glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
214 glance::api::os_region_name: {get_param: KeystoneRegion}
215 # NOTE: bind IP is found in Heat replacing the network name with the
216 # local node IP for the given network; replacement examples
217 # (eg. for internal_api):
219 # internal_api_uri -> [IP]
220 # internal_api_subnet - > IP/CIDR
221 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
222 get_param: [ServiceNetMap, GlanceApiNetwork]
223 tripleo::profile::base::glance::api::tls_proxy_fqdn:
226 "%{hiera('fqdn_$NETWORK')}"
228 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
229 tripleo::profile::base::glance::api::tls_proxy_port:
230 get_param: [EndpointMap, GlanceInternal, port]
231 # Bind to localhost if internal TLS is enabled, since we put a TLs
233 glance::api::bind_host:
237 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
238 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
239 glance_log_file: {get_param: GlanceLogFile}
240 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
241 glance::backend::swift::swift_store_user: service:glance
242 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
243 glance::backend::swift::swift_store_create_container_on_put: true
244 glance::backend::swift::swift_store_auth_version: 3
245 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
246 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
247 glance_backend: {get_param: GlanceBackend}
248 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
249 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
250 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
251 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
252 glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver}
253 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
254 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
255 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
258 - glance_workers_unset
260 - glance::api::workers: {get_param: GlanceWorkers}
261 service_config_settings:
263 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
264 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
265 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
266 glance::keystone::auth::password: {get_param: GlancePassword }
267 glance::keystone::auth::region: {get_param: KeystoneRegion}
268 glance::keystone::auth::tenant: 'service'
270 glance::db::mysql::password: {get_param: GlancePassword}
271 glance::db::mysql::user: glance
272 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
273 glance::db::mysql::dbname: glance
274 glance::db::mysql::allowed_hosts:
276 - "%{hiera('mysql_bind_host')}"
278 include ::tripleo::profile::base::glance::api
280 - name: Check if glance_api is deployed
281 command: systemctl is-enabled openstack-glance-api
284 register: glance_api_enabled
285 #(TODO) Remove all glance-registry bits in Pike.
286 - name: Check if glance_registry is deployed
287 command: systemctl is-enabled openstack-glance-registry
290 register: glance_registry_enabled
291 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
292 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
293 tags: step0,validation
294 when: glance_api_enabled.rc == 0
295 - name: Stop glance_api service
297 when: glance_api_enabled.rc == 0
298 service: name=openstack-glance-api state=stopped
299 - name: Stop and disable glance registry (removed for Ocata)
301 when: glance_registry_enabled.rc == 0
302 service: name=openstack-glance-registry state=stopped enabled=no