1 heat_template_version: pike
4 OpenStack Glance API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
23 description: Set to True to enable debugging on all services.
26 description: The password for the glance service and db account, used by the glance services.
32 Number of API worker processes for Glance. If left unset (empty string), the
33 default value will result in the configuration being left unset and a
34 system-dependent default value will be chosen (e.g.: number of
35 processors). Please note that this will create a large number of
36 processes on systems with a large number of CPUs resulting in excess
37 memory consumption. It is recommended that a suitable non-default value
38 be selected on such systems.
40 MonitoringSubscriptionGlanceApi:
41 default: 'overcloud-glance-api'
43 GlanceApiLoggingSource:
46 tag: openstack.glance.api
47 path: /var/log/glance/api.log
56 description: Set to True to enable debugging on all services.
58 GlanceNotifierStrategy:
59 description: Strategy to use for Glance notification queue
63 description: The filepath of the file to use for logging messages from Glance.
68 description: The short name of the Glance backend to use. Should be one
69 of swift, rbd, or file
72 - allowed_values: ['swift', 'file', 'rbd']
76 When using GlanceBackend 'file', mount NFS share for image storage.
81 NFS share to mount for image storage (when GlanceNfsEnabled is true)
84 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
86 NFS mount options for image storage (when GlanceNfsEnabled is true)
92 description: The password for RabbitMQ
97 description: The username for RabbitMQ
101 description: Set rabbit subscriber port, change this if using SSL
106 Rabbit client subscriber parameter to specify
107 an SSL connection to the RabbitMQ host.
112 description: Keystone region for endpoint
115 A hash of policies to configure for Glance API.
116 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
121 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
122 glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
127 type: OS::TripleO::Services::TLSProxyBase
129 ServiceNetMap: {get_param: ServiceNetMap}
130 DefaultPasswords: {get_param: DefaultPasswords}
131 EndpointMap: {get_param: EndpointMap}
132 EnableInternalTLS: {get_param: EnableInternalTLS}
136 description: Role data for the Glance API role.
138 service_name: glance_api
139 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
140 logging_source: {get_param: GlanceApiLoggingSource}
145 - get_attr: [TLSProxyBase, role_data, config_settings]
146 - glance::api::database_connection:
148 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
150 password: {get_param: GlancePassword}
151 host: {get_param: [EndpointMap, MysqlInternal, host]}
154 read_default_file: /etc/my.cnf.d/tripleo.cnf
155 read_default_group: tripleo
156 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
157 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
158 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
159 glance::api::enable_v1_api: false
160 glance::api::enable_v2_api: true
161 glance::api::authtoken::password: {get_param: GlancePassword}
162 glance::api::enable_proxy_headers_parsing: true
163 glance::api::debug: {get_param: Debug}
164 glance::policy::policies: {get_param: GlanceApiPolicies}
165 tripleo.glance_api.firewall_rules:
170 glance::api::authtoken::project_name: 'service'
171 glance::keystone::authtoken::user_domain_name: 'Default'
172 glance::keystone::authtoken::project_domain_name: 'Default'
173 glance::api::pipeline: 'keystone'
174 glance::api::show_image_direct_url: true
175 # NOTE: bind IP is found in Heat replacing the network name with the
176 # local node IP for the given network; replacement examples
177 # (eg. for internal_api):
179 # internal_api_uri -> [IP]
180 # internal_api_subnet - > IP/CIDR
181 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
182 get_param: [ServiceNetMap, GlanceApiNetwork]
183 tripleo::profile::base::glance::api::tls_proxy_fqdn:
186 "%{hiera('fqdn_$NETWORK')}"
188 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
189 tripleo::profile::base::glance::api::tls_proxy_port:
190 get_param: [EndpointMap, GlanceInternal, port]
191 # Bind to localhost if internal TLS is enabled, since we put a TLs
193 glance::api::bind_host:
197 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
198 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
199 glance_log_file: {get_param: GlanceLogFile}
200 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
201 glance::backend::swift::swift_store_user: service:glance
202 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
203 glance::backend::swift::swift_store_create_container_on_put: true
204 glance::backend::swift::swift_store_auth_version: 3
205 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
206 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
207 glance_backend: {get_param: GlanceBackend}
208 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
209 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
210 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
211 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
212 glance::notify::rabbitmq::notification_driver: messagingv2
213 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
214 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
215 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
218 - glance_workers_unset
220 - glance::api::workers: {get_param: GlanceWorkers}
221 service_config_settings:
223 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
224 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
225 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
226 glance::keystone::auth::password: {get_param: GlancePassword }
227 glance::keystone::auth::region: {get_param: KeystoneRegion}
228 glance::keystone::auth::tenant: 'service'
230 glance::db::mysql::password: {get_param: GlancePassword}
231 glance::db::mysql::user: glance
232 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
233 glance::db::mysql::dbname: glance
234 glance::db::mysql::allowed_hosts:
236 - "%{hiera('mysql_bind_host')}"
238 include ::tripleo::profile::base::glance::api
240 - name: Check if glance_api is deployed
241 command: systemctl is-enabled openstack-glance-api
244 register: glance_api_enabled
245 #(TODO) Remove all glance-registry bits in Pike.
246 - name: Check if glance_registry is deployed
247 command: systemctl is-enabled openstack-glance-registry
250 register: glance_registry_enabled
251 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
252 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
253 tags: step0,validation
254 when: glance_api_enabled.rc == 0
255 - name: Stop glance_api service
257 when: glance_api_enabled.rc == 0
258 service: name=openstack-glance-api state=stopped
259 - name: Stop and disable glance registry (removed for Ocata)
261 when: glance_registry_enabled.rc == 0
262 service: name=openstack-glance-registry state=stopped enabled=no