1 heat_template_version: pike
4 OpenStack Glance API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Set to True to enable debugging on all services.
34 description: The password for the glance service and db account, used by the glance services.
40 Number of API worker processes for Glance. If left unset (empty string), the
41 default value will result in the configuration being left unset and a
42 system-dependent default value will be chosen (e.g.: number of
43 processors). Please note that this will create a large number of
44 processes on systems with a large number of CPUs resulting in excess
45 memory consumption. It is recommended that a suitable non-default value
46 be selected on such systems.
48 MonitoringSubscriptionGlanceApi:
49 default: 'overcloud-glance-api'
51 GlanceApiLoggingSource:
54 tag: openstack.glance.api
55 path: /var/log/glance/api.log
64 description: Set to True to enable debugging on all services.
66 GlanceNotifierStrategy:
67 description: Strategy to use for Glance notification queue
71 description: The filepath of the file to use for logging messages from Glance.
76 description: The short name of the Glance backend to use. Should be one
77 of swift, rbd, or file
80 - allowed_values: ['swift', 'file', 'rbd']
84 When using GlanceBackend 'file', mount NFS share for image storage.
89 NFS share to mount for image storage (when GlanceNfsEnabled is true)
92 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
94 NFS mount options for image storage (when GlanceNfsEnabled is true)
100 description: The password for RabbitMQ
105 description: The username for RabbitMQ
109 description: Set rabbit subscriber port, change this if using SSL
114 Rabbit client subscriber parameter to specify
115 an SSL connection to the RabbitMQ host.
120 description: Keystone region for endpoint
123 A hash of policies to configure for Glance API.
124 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
129 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
130 glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
135 type: OS::TripleO::Services::TLSProxyBase
137 ServiceNetMap: {get_param: ServiceNetMap}
138 DefaultPasswords: {get_param: DefaultPasswords}
139 EndpointMap: {get_param: EndpointMap}
140 RoleName: {get_param: RoleName}
141 RoleParameters: {get_param: RoleParameters}
142 EnableInternalTLS: {get_param: EnableInternalTLS}
146 description: Role data for the Glance API role.
148 service_name: glance_api
149 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
150 logging_source: {get_param: GlanceApiLoggingSource}
155 - get_attr: [TLSProxyBase, role_data, config_settings]
156 - glance::api::database_connection:
158 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
160 password: {get_param: GlancePassword}
161 host: {get_param: [EndpointMap, MysqlInternal, host]}
164 read_default_file: /etc/my.cnf.d/tripleo.cnf
165 read_default_group: tripleo
166 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
167 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
168 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
169 glance::api::enable_v1_api: false
170 glance::api::enable_v2_api: true
171 glance::api::authtoken::password: {get_param: GlancePassword}
172 glance::api::enable_proxy_headers_parsing: true
173 glance::api::debug: {get_param: Debug}
174 glance::policy::policies: {get_param: GlanceApiPolicies}
175 tripleo.glance_api.firewall_rules:
180 glance::api::authtoken::project_name: 'service'
181 glance::keystone::authtoken::user_domain_name: 'Default'
182 glance::keystone::authtoken::project_domain_name: 'Default'
183 glance::api::pipeline: 'keystone'
184 glance::api::show_image_direct_url: true
185 # NOTE: bind IP is found in Heat replacing the network name with the
186 # local node IP for the given network; replacement examples
187 # (eg. for internal_api):
189 # internal_api_uri -> [IP]
190 # internal_api_subnet - > IP/CIDR
191 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
192 get_param: [ServiceNetMap, GlanceApiNetwork]
193 tripleo::profile::base::glance::api::tls_proxy_fqdn:
196 "%{hiera('fqdn_$NETWORK')}"
198 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
199 tripleo::profile::base::glance::api::tls_proxy_port:
200 get_param: [EndpointMap, GlanceInternal, port]
201 # Bind to localhost if internal TLS is enabled, since we put a TLs
203 glance::api::bind_host:
207 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
208 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
209 glance_log_file: {get_param: GlanceLogFile}
210 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
211 glance::backend::swift::swift_store_user: service:glance
212 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
213 glance::backend::swift::swift_store_create_container_on_put: true
214 glance::backend::swift::swift_store_auth_version: 3
215 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
216 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
217 glance_backend: {get_param: GlanceBackend}
218 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
219 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
220 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
221 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
222 glance::notify::rabbitmq::notification_driver: messagingv2
223 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
224 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
225 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
228 - glance_workers_unset
230 - glance::api::workers: {get_param: GlanceWorkers}
231 service_config_settings:
233 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
234 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
235 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
236 glance::keystone::auth::password: {get_param: GlancePassword }
237 glance::keystone::auth::region: {get_param: KeystoneRegion}
238 glance::keystone::auth::tenant: 'service'
240 glance::db::mysql::password: {get_param: GlancePassword}
241 glance::db::mysql::user: glance
242 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
243 glance::db::mysql::dbname: glance
244 glance::db::mysql::allowed_hosts:
246 - "%{hiera('mysql_bind_host')}"
248 include ::tripleo::profile::base::glance::api
250 - name: Check if glance_api is deployed
251 command: systemctl is-enabled openstack-glance-api
254 register: glance_api_enabled
255 #(TODO) Remove all glance-registry bits in Pike.
256 - name: Check if glance_registry is deployed
257 command: systemctl is-enabled openstack-glance-registry
260 register: glance_registry_enabled
261 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
262 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
263 tags: step0,validation
264 when: glance_api_enabled.rc == 0
265 - name: Stop glance_api service
267 when: glance_api_enabled.rc == 0
268 service: name=openstack-glance-api state=stopped
269 - name: Stop and disable glance registry (removed for Ocata)
271 when: glance_registry_enabled.rc == 0
272 service: name=openstack-glance-registry state=stopped enabled=no