1 heat_template_version: pike
4 OpenStack Glance API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Set to True to enable debugging on all services.
35 description: Set to True to enable debugging Glance service.
38 description: The password for the glance service and db account, used by the glance services.
44 Number of API worker processes for Glance. If left unset (empty string), the
45 default value will result in the configuration being left unset and a
46 system-dependent default value will be chosen (e.g.: number of
47 processors). Please note that this will create a large number of
48 processes on systems with a large number of CPUs resulting in excess
49 memory consumption. It is recommended that a suitable non-default value
50 be selected on such systems.
52 MonitoringSubscriptionGlanceApi:
53 default: 'overcloud-glance-api'
55 GlanceApiLoggingSource:
58 tag: openstack.glance.api
59 path: /var/log/glance/api.log
66 GlanceNotifierStrategy:
67 description: Strategy to use for Glance notification queue
71 description: The filepath of the file to use for logging messages from Glance.
76 description: The short name of the Glance backend to use. Should be one
77 of swift, rbd, or file
80 - allowed_values: ['swift', 'file', 'rbd']
84 When using GlanceBackend 'file', mount NFS share for image storage.
89 NFS share to mount for image storage (when GlanceNfsEnabled is true)
92 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
94 NFS mount options for image storage (when GlanceNfsEnabled is true)
101 description: Whether to enable or not the Rbd backend for Nova
104 description: The password for RabbitMQ
109 description: The username for RabbitMQ
113 description: Set rabbit subscriber port, change this if using SSL
118 Rabbit client subscriber parameter to specify
119 an SSL connection to the RabbitMQ host.
124 description: Keystone region for endpoint
127 A hash of policies to configure for Glance API.
128 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
133 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
134 glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
135 service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
136 glance_multiple_locations:
139 - get_param: GlanceBackend
142 - get_param: NovaEnableRbdBackend
148 type: OS::TripleO::Services::TLSProxyBase
150 ServiceNetMap: {get_param: ServiceNetMap}
151 DefaultPasswords: {get_param: DefaultPasswords}
152 EndpointMap: {get_param: EndpointMap}
153 RoleName: {get_param: RoleName}
154 RoleParameters: {get_param: RoleParameters}
155 EnableInternalTLS: {get_param: EnableInternalTLS}
159 description: Role data for the Glance API role.
161 service_name: glance_api
162 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
163 logging_source: {get_param: GlanceApiLoggingSource}
168 - get_attr: [TLSProxyBase, role_data, config_settings]
169 - glance::api::database_connection:
171 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
173 password: {get_param: GlancePassword}
174 host: {get_param: [EndpointMap, MysqlInternal, host]}
177 read_default_file: /etc/my.cnf.d/tripleo.cnf
178 read_default_group: tripleo
179 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
180 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
181 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
182 glance::api::enable_v1_api: false
183 glance::api::enable_v2_api: true
184 glance::api::authtoken::password: {get_param: GlancePassword}
185 glance::api::enable_proxy_headers_parsing: true
188 - service_debug_unset
189 - {get_param: Debug }
190 - {get_param: GlanceDebug }
191 glance::policy::policies: {get_param: GlanceApiPolicies}
192 tripleo.glance_api.firewall_rules:
197 glance::api::authtoken::project_name: 'service'
198 glance::keystone::authtoken::user_domain_name: 'Default'
199 glance::keystone::authtoken::project_domain_name: 'Default'
200 glance::api::pipeline: 'keystone'
201 glance::api::show_image_direct_url: true
202 glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
203 # NOTE: bind IP is found in Heat replacing the network name with the
204 # local node IP for the given network; replacement examples
205 # (eg. for internal_api):
207 # internal_api_uri -> [IP]
208 # internal_api_subnet - > IP/CIDR
209 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
210 get_param: [ServiceNetMap, GlanceApiNetwork]
211 tripleo::profile::base::glance::api::tls_proxy_fqdn:
214 "%{hiera('fqdn_$NETWORK')}"
216 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
217 tripleo::profile::base::glance::api::tls_proxy_port:
218 get_param: [EndpointMap, GlanceInternal, port]
219 # Bind to localhost if internal TLS is enabled, since we put a TLs
221 glance::api::bind_host:
225 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
226 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
227 glance_log_file: {get_param: GlanceLogFile}
228 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
229 glance::backend::swift::swift_store_user: service:glance
230 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
231 glance::backend::swift::swift_store_create_container_on_put: true
232 glance::backend::swift::swift_store_auth_version: 3
233 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
234 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
235 glance_backend: {get_param: GlanceBackend}
236 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
237 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
238 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
239 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
240 glance::notify::rabbitmq::notification_driver: messagingv2
241 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
242 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
243 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
246 - glance_workers_unset
248 - glance::api::workers: {get_param: GlanceWorkers}
249 service_config_settings:
251 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
252 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
253 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
254 glance::keystone::auth::password: {get_param: GlancePassword }
255 glance::keystone::auth::region: {get_param: KeystoneRegion}
256 glance::keystone::auth::tenant: 'service'
258 glance::db::mysql::password: {get_param: GlancePassword}
259 glance::db::mysql::user: glance
260 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
261 glance::db::mysql::dbname: glance
262 glance::db::mysql::allowed_hosts:
264 - "%{hiera('mysql_bind_host')}"
266 include ::tripleo::profile::base::glance::api
268 - name: Check if glance_api is deployed
269 command: systemctl is-enabled openstack-glance-api
272 register: glance_api_enabled
273 #(TODO) Remove all glance-registry bits in Pike.
274 - name: Check if glance_registry is deployed
275 command: systemctl is-enabled openstack-glance-registry
278 register: glance_registry_enabled
279 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
280 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
281 tags: step0,validation
282 when: glance_api_enabled.rc == 0
283 - name: Stop glance_api service
285 when: glance_api_enabled.rc == 0
286 service: name=openstack-glance-api state=stopped
287 - name: Stop and disable glance registry (removed for Ocata)
289 when: glance_registry_enabled.rc == 0
290 service: name=openstack-glance-registry state=stopped enabled=no