1 heat_template_version: ocata
4 OpenStack Glance API service configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
23 description: Set to True to enable debugging on all services.
26 description: The password for the glance service and db account, used by the glance services.
32 Number of API worker processes for Glance. If left unset (empty string), the
33 default value will result in the configuration being left unset and a
34 system-dependent default value will be chosen (e.g.: number of
35 processors). Please note that this will create a large number of
36 processes on systems with a large number of CPUs resulting in excess
37 memory consumption. It is recommended that a suitable non-default value
38 be selected on such systems.
40 MonitoringSubscriptionGlanceApi:
41 default: 'overcloud-glance-api'
43 GlanceApiLoggingSource:
46 tag: openstack.glance.api
47 path: /var/log/glance/api.log
56 description: Set to True to enable debugging on all services.
58 GlanceNotifierStrategy:
59 description: Strategy to use for Glance notification queue
63 description: The filepath of the file to use for logging messages from Glance.
68 description: The short name of the Glance backend to use. Should be one
69 of swift, rbd, or file
72 - allowed_values: ['swift', 'file', 'rbd']
76 When using GlanceBackend 'file', mount NFS share for image storage.
81 NFS share to mount for image storage (when GlanceNfsEnabled is true)
84 default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
86 NFS mount options for image storage (when GlanceNfsEnabled is true)
92 description: The password for RabbitMQ
97 description: The username for RabbitMQ
101 description: Set rabbit subscriber port, change this if using SSL
106 Rabbit client subscriber parameter to specify
107 an SSL connection to the RabbitMQ host.
112 description: Keystone region for endpoint
115 A hash of policies to configure for Glance API.
116 e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
121 use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
126 type: OS::TripleO::Services::TLSProxyBase
128 ServiceNetMap: {get_param: ServiceNetMap}
129 DefaultPasswords: {get_param: DefaultPasswords}
130 EndpointMap: {get_param: EndpointMap}
131 EnableInternalTLS: {get_param: EnableInternalTLS}
135 description: Role data for the Glance API role.
137 service_name: glance_api
138 monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
139 logging_source: {get_param: GlanceApiLoggingSource}
144 - get_attr: [TLSProxyBase, role_data, config_settings]
145 - glance::api::database_connection:
148 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
150 - {get_param: GlancePassword}
152 - {get_param: [EndpointMap, MysqlInternal, host]}
154 - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
155 glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
156 glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
157 glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
158 glance::api::enable_v1_api: false
159 glance::api::enable_v2_api: true
160 glance::api::authtoken::password: {get_param: GlancePassword}
161 glance::api::enable_proxy_headers_parsing: true
162 glance::api::debug: {get_param: Debug}
163 glance::api::workers: {get_param: GlanceWorkers}
164 glance::policy::policies: {get_param: GlanceApiPolicies}
165 tripleo.glance_api.firewall_rules:
170 glance::api::authtoken::project_name: 'service'
171 glance::api::pipeline: 'keystone'
172 glance::api::show_image_direct_url: true
173 # NOTE: bind IP is found in Heat replacing the network name with the
174 # local node IP for the given network; replacement examples
175 # (eg. for internal_api):
177 # internal_api_uri -> [IP]
178 # internal_api_subnet - > IP/CIDR
179 tripleo::profile::base::glance::api::tls_proxy_bind_ip:
180 get_param: [ServiceNetMap, GlanceApiNetwork]
181 tripleo::profile::base::glance::api::tls_proxy_fqdn:
184 "%{hiera('fqdn_$NETWORK')}"
186 $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
187 tripleo::profile::base::glance::api::tls_proxy_port:
188 get_param: [EndpointMap, GlanceInternal, port]
189 # Bind to localhost if internal TLS is enabled, since we put a TLs
191 glance::api::bind_host:
195 - {get_param: [ServiceNetMap, GlanceApiNetwork]}
196 glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
197 glance_log_file: {get_param: GlanceLogFile}
198 glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
199 glance::backend::swift::swift_store_user: service:glance
200 glance::backend::swift::swift_store_key: {get_param: GlancePassword}
201 glance::backend::swift::swift_store_create_container_on_put: true
202 glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
203 glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
204 glance_backend: {get_param: GlanceBackend}
205 glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
206 glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
207 glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
208 glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
209 glance::notify::rabbitmq::notification_driver: messagingv2
210 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
211 tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
212 tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
213 service_config_settings:
215 glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
216 glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
217 glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
218 glance::keystone::auth::password: {get_param: GlancePassword }
219 glance::keystone::auth::region: {get_param: KeystoneRegion}
220 glance::keystone::auth::tenant: 'service'
222 glance::db::mysql::password: {get_param: GlancePassword}
223 glance::db::mysql::user: glance
224 glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
225 glance::db::mysql::dbname: glance
226 glance::db::mysql::allowed_hosts:
228 - "%{hiera('mysql_bind_host')}"
230 include ::tripleo::profile::base::glance::api
232 - name: Check if glance_api is deployed
233 command: systemctl is-enabled openstack-glance-api
236 register: glance_api_enabled
237 #(TODO) Remove all glance-registry bits in Pike.
238 - name: Check if glance_registry is deployed
239 command: systemctl is-enabled openstack-glance-registry
242 register: glance_registry_enabled
243 - name: "PreUpgrade step0,validation: Check service openstack-glance-api is running"
244 shell: /usr/bin/systemctl show 'openstack-glance-api' --property ActiveState | grep '\bactive\b'
245 tags: step0,validation
246 when: glance_api_enabled.rc == 0
247 - name: Stop glance_api service
249 when: glance_api_enabled.rc == 0
250 service: name=openstack-glance-api state=stopped
251 - name: Stop and disable glance registry (removed for Ocata)
253 when: glance_registry_enabled.rc == 0
254 service: name=openstack-glance-registry state=stopped enabled=no