1 heat_template_version: pike
4 OpenStack Glance API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Set to True to enable debugging on all services.
35 description: Set to True to enable debugging Glance service.
38 description: The password for the glance service and db account, used by the glance services.
44 Number of API worker processes for Glance. If left unset (empty string), the
45 default value will result in the configuration being left unset and a
46 system-dependent default value will be chosen (e.g.: number of
47 processors). Please note that this will create a large number of
48 processes on systems with a large number of CPUs resulting in excess
49 memory consumption. It is recommended that a suitable non-default value
50 be selected on such systems.
52 MonitoringSubscriptionGlanceApi:
53 default: 'overcloud-glance-api'
55 GlanceApiLoggingSource:
58 tag: openstack.glance.api
59 path: /var/log/glance/api.log
66 GlanceNotifierStrategy:
67 description: Strategy to use for Glance notification queue
71 description: The filepath of the file to use for logging messages from Glance.
76 description: The short name of the Glance backend to use. Should be one
77 of swift, rbd, or file
80 - allowed_values: ['swift', 'file', 'rbd']
84 When using GlanceBackend 'file', mount NFS share for image storage.
89 NFS share to mount for image storage (when GlanceNfsEnabled is true)
92 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
94 NFS mount options for image storage (when GlanceNfsEnabled is true)
100 description: The password for RabbitMQ
105 description: The username for RabbitMQ
109 description: Set rabbit subscriber port, change this if using SSL
114 Rabbit client subscriber parameter to specify
115 an SSL connection to the RabbitMQ host.
120 description: Keystone region for endpoint
123 A hash of policies to configure for Glance API.
124 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
129 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
130 glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']}
131 service_debug_unset: {equals : [{get_param: GlanceDebug}, '']}
136 type: OS::TripleO::Services::TLSProxyBase
138 ServiceNetMap: {get_param: ServiceNetMap}
139 DefaultPasswords: {get_param: DefaultPasswords}
140 EndpointMap: {get_param: EndpointMap}
141 RoleName: {get_param: RoleName}
142 RoleParameters: {get_param: RoleParameters}
143 EnableInternalTLS: {get_param: EnableInternalTLS}
147 description: Role data for the Glance API role.
149 service_name: glance_api
150 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
151 logging_source: {get_param: GlanceApiLoggingSource}
156 - get_attr: [TLSProxyBase, role_data, config_settings]
157 - glance::api::database_connection:
159 scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
161 password: {get_param: GlancePassword}
162 host: {get_param: [EndpointMap, MysqlInternal, host]}
165 read_default_file: /etc/my.cnf.d/tripleo.cnf
166 read_default_group: tripleo
167 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
168 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
169 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
170 glance::api::enable_v1_api: false
171 glance::api::enable_v2_api: true
172 glance::api::authtoken::password: {get_param: GlancePassword}
173 glance::api::enable_proxy_headers_parsing: true
176 - service_debug_unset
177 - {get_param: Debug }
178 - {get_param: GlanceDebug }
179 glance::policy::policies: {get_param: GlanceApiPolicies}
180 tripleo.glance_api.firewall_rules:
185 glance::api::authtoken::project_name: 'service'
186 glance::keystone::authtoken::user_domain_name: 'Default'
187 glance::keystone::authtoken::project_domain_name: 'Default'
188 glance::api::pipeline: 'keystone'
189 glance::api::show_image_direct_url: true
190 # NOTE: bind IP is found in Heat replacing the network name with the
191 # local node IP for the given network; replacement examples
192 # (eg. for internal_api):
194 # internal_api_uri -> [IP]
195 # internal_api_subnet - > IP/CIDR
196 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
197 get_param: [ServiceNetMap, GlanceApiNetwork]
198 tripleo::profile::base::glance::api::tls_proxy_fqdn:
201 "%{hiera('fqdn_$NETWORK')}"
203 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
204 tripleo::profile::base::glance::api::tls_proxy_port:
205 get_param: [EndpointMap, GlanceInternal, port]
206 # Bind to localhost if internal TLS is enabled, since we put a TLs
208 glance::api::bind_host:
212 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
213 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
214 glance_log_file: {get_param: GlanceLogFile}
215 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneV3Internal, uri] }
216 glance::backend::swift::swift_store_user: service:glance
217 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
218 glance::backend::swift::swift_store_create_container_on_put: true
219 glance::backend::swift::swift_store_auth_version: 3
220 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
221 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
222 glance_backend: {get_param: GlanceBackend}
223 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
224 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
225 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
226 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
227 glance::notify::rabbitmq::notification_driver: messagingv2
228 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
229 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
230 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
233 - glance_workers_unset
235 - glance::api::workers: {get_param: GlanceWorkers}
236 service_config_settings:
238 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
239 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
240 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
241 glance::keystone::auth::password: {get_param: GlancePassword }
242 glance::keystone::auth::region: {get_param: KeystoneRegion}
243 glance::keystone::auth::tenant: 'service'
245 glance::db::mysql::password: {get_param: GlancePassword}
246 glance::db::mysql::user: glance
247 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
248 glance::db::mysql::dbname: glance
249 glance::db::mysql::allowed_hosts:
251 - "%{hiera('mysql_bind_host')}"
253 include ::tripleo::profile::base::glance::api
255 - name: Check if glance_api is deployed
256 command: systemctl is-enabled openstack-glance-api
259 register: glance_api_enabled
260 #(TODO) Remove all glance-registry bits in Pike.
261 - name: Check if glance_registry is deployed
262 command: systemctl is-enabled openstack-glance-registry
265 register: glance_registry_enabled
266 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
267 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
268 tags: step0,validation
269 when: glance_api_enabled.rc == 0
270 - name: Stop glance_api service
272 when: glance_api_enabled.rc == 0
273 service: name=openstack-glance-api state=stopped
274 - name: Stop and disable glance registry (removed for Ocata)
276 when: glance_registry_enabled.rc == 0
277 service: name=openstack-glance-registry state=stopped enabled=no