1 heat_template_version: pike
4 OpenStack Glance API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Set to True to enable debugging on all services.
35 description: Set to True to enable debugging Glance service.
38 description: The password for the glance service and db account, used by the glance services.
44 Number of API worker processes for Glance. If left unset (empty string), the
45 default value will result in the configuration being left unset and a
46 system-dependent default value will be chosen (e.g.: number of
47 processors). Please note that this will create a large number of
48 processes on systems with a large number of CPUs resulting in excess
49 memory consumption. It is recommended that a suitable non-default value
50 be selected on such systems.
52 MonitoringSubscriptionGlanceApi:
53 default: 'overcloud-glance-api'
55 GlanceApiLoggingSource:
58 tag: openstack.glance.api
59 path: /var/log/glance/api.log
66 GlanceNotifierStrategy:
67 description: Strategy to use for Glance notification queue
71 description: The filepath of the file to use for logging messages from Glance.
76 description: The short name of the Glance backend to use. Should be one
77 of swift, rbd, or file
80 - allowed_values: ['swift', 'file', 'rbd']
84 When using GlanceBackend 'file', mount NFS share for image storage.
89 NFS share to mount for image storage (when GlanceNfsEnabled is true)
92 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
94 NFS mount options for image storage (when GlanceNfsEnabled is true)
101 description: Whether to enable or not the Rbd backend for Nova
104 description: The password for RabbitMQ
109 description: The username for RabbitMQ
113 description: Set rabbit subscriber port, change this if using SSL
118 Rabbit client subscriber parameter to specify
119 an SSL connection to the RabbitMQ host.
124 description: Keystone region for endpoint
127 A hash of policies to configure for Glance API.
128 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
133 default: 'messagingv2'
134 description: Driver or drivers to handle sending notifications.
136 - allowed_values: [ 'messagingv2', 'noop' ]
139 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
140 glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
141 service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
142 glance_multiple_locations:
145 - get_param: GlanceBackend
148 - get_param: NovaEnableRbdBackend
154 type: OS::TripleO::Services::TLSProxyBase
156 ServiceNetMap: {get_param: ServiceNetMap}
157 DefaultPasswords: {get_param: DefaultPasswords}
158 EndpointMap: {get_param: EndpointMap}
159 RoleName: {get_param: RoleName}
160 RoleParameters: {get_param: RoleParameters}
161 EnableInternalTLS: {get_param: EnableInternalTLS}
165 description: Role data for the Glance API role.
167 service_name: glance_api
168 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
169 logging_source: {get_param: GlanceApiLoggingSource}
174 - get_attr: [TLSProxyBase, role_data, config_settings]
175 - glance::api::database_connection:
177 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
179 password: {get_param: GlancePassword}
180 host: {get_param: [EndpointMap, MysqlInternal, host]}
183 read_default_file: /etc/my.cnf.d/tripleo.cnf
184 read_default_group: tripleo
185 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
186 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
187 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
188 glance::api::enable_v1_api: false
189 glance::api::enable_v2_api: true
190 glance::api::authtoken::password: {get_param: GlancePassword}
191 glance::api::enable_proxy_headers_parsing: true
194 - service_debug_unset
195 - {get_param: Debug }
196 - {get_param: GlanceDebug }
197 glance::policy::policies: {get_param: GlanceApiPolicies}
198 tripleo.glance_api.firewall_rules:
203 glance::api::authtoken::project_name: 'service'
204 glance::keystone::authtoken::user_domain_name: 'Default'
205 glance::keystone::authtoken::project_domain_name: 'Default'
206 glance::api::pipeline: 'keystone'
207 glance::api::show_image_direct_url: true
208 glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
209 # NOTE: bind IP is found in Heat replacing the network name with the
210 # local node IP for the given network; replacement examples
211 # (eg. for internal_api):
213 # internal_api_uri -> [IP]
214 # internal_api_subnet - > IP/CIDR
215 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
216 get_param: [ServiceNetMap, GlanceApiNetwork]
217 tripleo::profile::base::glance::api::tls_proxy_fqdn:
220 "%{hiera('fqdn_$NETWORK')}"
222 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
223 tripleo::profile::base::glance::api::tls_proxy_port:
224 get_param: [EndpointMap, GlanceInternal, port]
225 # Bind to localhost if internal TLS is enabled, since we put a TLs
227 glance::api::bind_host:
231 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
232 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
233 glance_log_file: {get_param: GlanceLogFile}
234 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
235 glance::backend::swift::swift_store_user: service:glance
236 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
237 glance::backend::swift::swift_store_create_container_on_put: true
238 glance::backend::swift::swift_store_auth_version: 3
239 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
240 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
241 glance_backend: {get_param: GlanceBackend}
242 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
243 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
244 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
245 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
246 glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver}
247 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
248 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
249 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
252 - glance_workers_unset
254 - glance::api::workers: {get_param: GlanceWorkers}
255 service_config_settings:
257 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
258 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
259 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
260 glance::keystone::auth::password: {get_param: GlancePassword }
261 glance::keystone::auth::region: {get_param: KeystoneRegion}
262 glance::keystone::auth::tenant: 'service'
264 glance::db::mysql::password: {get_param: GlancePassword}
265 glance::db::mysql::user: glance
266 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
267 glance::db::mysql::dbname: glance
268 glance::db::mysql::allowed_hosts:
270 - "%{hiera('mysql_bind_host')}"
272 include ::tripleo::profile::base::glance::api
274 - name: Check if glance_api is deployed
275 command: systemctl is-enabled openstack-glance-api
278 register: glance_api_enabled
279 #(TODO) Remove all glance-registry bits in Pike.
280 - name: Check if glance_registry is deployed
281 command: systemctl is-enabled openstack-glance-registry
284 register: glance_registry_enabled
285 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
286 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
287 tags: step0,validation
288 when: glance_api_enabled.rc == 0
289 - name: Stop glance_api service
291 when: glance_api_enabled.rc == 0
292 service: name=openstack-glance-api state=stopped
293 - name: Stop and disable glance registry (removed for Ocata)
295 when: glance_registry_enabled.rc == 0
296 service: name=openstack-glance-registry state=stopped enabled=no