summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-04-13 18:06:31 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-04-16 12:13:45 +0000
commit76bc5fabd58eca8a2859d9f3474276c613aeaaff (patch)
tree1ec6199865fa8e97ca3836cea3a9b1e95e05e549
parent1a09fe5755f0f7f69ecbf44615fdd01f6a01c7be (diff)
downloaddefinitions-76bc5fabd58eca8a2859d9f3474276c613aeaaff.tar.gz
Openstack: Make Glance configurable
Change-Id: I137bd286b2f8ad6eeb37d34803f9ae41a735e7ec Signed-off-by: Pedro Alvarez <pedro.alvarez@codethink.co.uk> Signed-off-by: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>
-rw-r--r--openstack-glance.configure85
-rw-r--r--openstack/manifest14
-rw-r--r--openstack/usr/lib/systemd/system/openstack-glance-api.service13
-rw-r--r--openstack/usr/lib/systemd/system/openstack-glance-registry.service13
-rw-r--r--openstack/usr/lib/systemd/system/openstack-glance-setup.service9
-rw-r--r--openstack/usr/share/openstack/glance.yml93
-rw-r--r--openstack/usr/share/openstack/glance/glance-api.conf64
-rw-r--r--openstack/usr/share/openstack/glance/glance-cache.conf6
-rw-r--r--openstack/usr/share/openstack/glance/glance-registry.conf18
-rw-r--r--openstack/usr/share/openstack/glance/glance-scrubber.conf6
-rw-r--r--systems/openstack-system-x86_64.morph1
11 files changed, 277 insertions, 45 deletions
diff --git a/openstack-glance.configure b/openstack-glance.configure
new file mode 100644
index 00000000..44b4d6aa
--- /dev/null
+++ b/openstack-glance.configure
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+ln -s "/usr/lib/systemd/system/openstack-glance-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-glance-setup.service"
+
+##########################################################################
+# Check variables
+##########################################################################
+
+if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -a \
+ -z "$GLANCE_SERVICE_USER" -a \
+ -z "$GLANCE_SERVICE_PASSWORD" -a \
+ -z "$GLANCE_DB_USER" -a \
+ -z "$GLANCE_DB_PASSWORD" -a \
+ -z "$RABBITMQ_HOST" -a \
+ -z "$RABBITMQ_PORT" -a \
+ -z "$RABBITMQ_USER" -a \
+ -z "$RABBITMQ_PASSWORD" -a \
+ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \
+ -z "$CONTROLLER_HOST_ADDRESS" ]; then
+ # No Glance options defined, do nothing.
+ exit 0
+fi
+
+if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \
+ -z "$GLANCE_SERVICE_USER" -o \
+ -z "$GLANCE_SERVICE_PASSWORD" -o \
+ -z "$GLANCE_DB_USER" -o \
+ -z "$GLANCE_DB_PASSWORD" -o \
+ -z "$RABBITMQ_HOST" -o \
+ -z "$RABBITMQ_PORT" -o \
+ -z "$RABBITMQ_USER" -o \
+ -z "$RABBITMQ_PASSWORD" -o \
+ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \
+ -z "$CONTROLLER_HOST_ADDRESS" ]; then
+ echo Some options required for Glance were defined, but not all.
+ exit 1
+fi
+
+##########################################################################
+# Generate configuration file
+##########################################################################
+
+OPENSTACK_DATA="$ROOT/etc/openstack"
+mkdir -p "$OPENSTACK_DATA"
+
+python <<'EOF' >"$OPENSTACK_DATA/glance.conf"
+import os, sys, yaml
+
+glance_configuration={
+ 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'],
+ 'GLANCE_SERVICE_PASSWORD': os.environ['GLANCE_SERVICE_PASSWORD'],
+ 'GLANCE_SERVICE_USER': os.environ['GLANCE_SERVICE_USER'],
+ 'GLANCE_DB_USER': os.environ['GLANCE_DB_USER'],
+ 'GLANCE_DB_PASSWORD': os.environ['GLANCE_DB_PASSWORD'],
+ 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'],
+ 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'],
+ 'RABBITMQ_USER': os.environ['RABBITMQ_USER'],
+ 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'],
+ 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'],
+ 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'],
+}
+
+yaml.dump(glance_configuration, sys.stdout, default_flow_style=False)
+EOF
diff --git a/openstack/manifest b/openstack/manifest
index d48d5f9d..85b9cc7a 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -1,5 +1,16 @@
0040755 0 0 /usr/share/openstack
0100644 0 0 /usr/share/openstack/hosts
+0100644 0 0 /usr/share/openstack/glance.yml
+0040755 0 0 /usr/share/openstack/glance
+0100644 0 0 /usr/share/openstack/glance/logging.conf
+0100644 0 0 /usr/share/openstack/glance/glance-api.conf
+0100644 0 0 /usr/share/openstack/glance/glance-registry.conf
+0100644 0 0 /usr/share/openstack/glance/glance-scrubber.conf
+0100644 0 0 /usr/share/openstack/glance/glance-cache.conf
+0100644 0 0 /usr/share/openstack/glance/schema-image.json
+0100644 0 0 /usr/share/openstack/glance/policy.json
+0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini
+0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini
0100644 0 0 /usr/share/openstack/keystone.yml
0040755 0 0 /usr/share/openstack/keystone
0100644 0 0 /usr/share/openstack/keystone/logging.conf
@@ -14,5 +25,8 @@
0100644 0 0 /usr/share/openstack/rabbitmq/rabbitmq.config
0100644 0 0 /usr/lib/systemd/system/openstack-keystone.service
0100644 0 0 /usr/lib/systemd/system/openstack-keystone-setup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-glance-setup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-glance-api.service
+0100644 0 0 /usr/lib/systemd/system/openstack-glance-registry.service
0100644 0 0 /usr/lib/systemd/system/rabbitmq-server.service
0100644 0 0 /usr/lib/systemd/system/postgres-server.service
diff --git a/openstack/usr/lib/systemd/system/openstack-glance-api.service b/openstack/usr/lib/systemd/system/openstack-glance-api.service
new file mode 100644
index 00000000..e1387118
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-glance-api.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenStack Image Service (code-named Glance) API server
+After=syslog.target network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=glance
+ExecStart=/usr/bin/glance-api --config-file /etc/glance/glance-api.conf
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/openstack/usr/lib/systemd/system/openstack-glance-registry.service b/openstack/usr/lib/systemd/system/openstack-glance-registry.service
new file mode 100644
index 00000000..f3134352
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-glance-registry.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenStack Image Service (code-named Glance) Registry server
+After=syslog.target network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=glance
+ExecStart=/usr/bin/glance-registry --config-file /etc/glance/glance-registry.conf
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/openstack/usr/lib/systemd/system/openstack-glance-setup.service b/openstack/usr/lib/systemd/system/openstack-glance-setup.service
new file mode 100644
index 00000000..c00c520c
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-glance-setup.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Run glance-setup Ansible scripts
+After=local-fs.target openstack-keystone-setup.service postgres-server.service
+
+[Service]
+ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/glance.yml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openstack/usr/share/openstack/glance.yml b/openstack/usr/share/openstack/glance.yml
new file mode 100644
index 00000000..aa7e4c78
--- /dev/null
+++ b/openstack/usr/share/openstack/glance.yml
@@ -0,0 +1,93 @@
+---
+- hosts: localhost
+ vars_files:
+ - "/etc/openstack/glance.conf"
+ tasks:
+ - name: Create the glance user.
+ user:
+ name: glance
+ comment: Openstack Glance Daemons
+ shell: /sbin/nologin
+ home: /var/lib/glance
+
+ - name: Create the /var folders for glance
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: glance
+ group: glance
+ with_items:
+ - /var/run/glance
+ - /var/lock/glance
+ - /var/log/glance
+ - /var/lib/glance
+ - /var/lib/glance/images
+ - /var/lib/glance/image-cache
+
+ - name: Create /etc/glance directory
+ file:
+ path: /etc/glance
+ state: directory
+
+ - name: Add the configuration needed for glance in /etc/glance using templates
+ template:
+ src: /usr/share/openstack/glance/{{ item }}
+ dest: /etc/glance/{{ item }}
+ with_lines:
+ - cd /usr/share/openstack/glance && find -type f
+
+ - name: Create glance service user in service tenant
+ keystone_user:
+ user: "{{ GLANCE_SERVICE_USER }}"
+ password: "{{ GLANCE_SERVICE_PASSWORD }}"
+ tenant: service
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Assign admin role to glances service user in the service tenant
+ keystone_user:
+ role: admin
+ user: "{{ GLANCE_SERVICE_USER }}"
+ tenant: service
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Add glance endpoint
+ keystone_service:
+ name: glance
+ type: image
+ description: Openstack Image Service
+ publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292
+ internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292
+ adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292
+ region: regionOne
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Create postgresql user for glance
+ postgresql_user:
+ name: "{{ GLANCE_DB_USER }}"
+ login_host: "{{ CONTROLLER_HOST_ADDRESS }}"
+ password: "{{ GLANCE_DB_PASSWORD }}"
+ sudo: yes
+ sudo_user: glance
+
+ - name: Create database for glance services
+ postgresql_db:
+ name: glance
+ owner: "{{ GLANCE_DB_USER }}"
+ login_host: "{{ CONTROLLER_HOST_ADDRESS }}"
+ sudo: yes
+ sudo_user: glance
+
+ - name: Initiate glance database
+ glance_manage:
+ action: dbsync
+ sudo: yes
+ sudo_user: glance
+
+ - name: Enable and start openstack-glance services
+ service:
+ name: "{{ item }}"
+ enabled: yes
+ state: started
+ with_items:
+ - openstack-glance-api.service
+ - openstack-glance-registry.service
diff --git a/openstack/usr/share/openstack/glance/glance-api.conf b/openstack/usr/share/openstack/glance/glance-api.conf
index cfc214e9..675062a6 100644
--- a/openstack/usr/share/openstack/glance/glance-api.conf
+++ b/openstack/usr/share/openstack/glance/glance-api.conf
@@ -18,7 +18,7 @@ default_store = file
#image_size_cap = 1099511627776
# Address to bind the API server
-bind_host = 0.0.0.0
+bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the bind the API server to
bind_port = 9292
@@ -28,7 +28,7 @@ bind_port = 9292
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
-log_file = /var/log/glance/api.log
+# log_file = /var/log/glance/api.log
# Backlog requests when creating socket
backlog = 4096
@@ -113,7 +113,7 @@ backlog = 4096
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
-#use_syslog = False
+use_syslog = True
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility = LOG_LOCAL0
@@ -139,7 +139,7 @@ backlog = 4096
# ============ Registry Options ===============================
# Address to find the registry server
-registry_host = 0.0.0.0
+registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the registry server is listening on
registry_port = 9191
@@ -213,15 +213,14 @@ registry_client_protocol = http
# default_publisher_id = image.localhost
# Messaging driver used for 'messaging' notifications driver
-# rpc_backend = 'rabbit'
+rpc_backend=rabbit
-# Configuration options if sending notifications via rabbitmq (these are
-# the defaults)
-rabbit_host = localhost
-rabbit_port = 5672
+# Configuration options if sending notifications via rabbitmq
+rabbit_host = {{ RABBITMQ_HOST }}
+rabbit_port = {{ RABBITMQ_PORT }}
rabbit_use_ssl = false
-rabbit_userid = guest
-rabbit_password = guest
+rabbit_userid = {{ RABBITMQ_USER }}
+rabbit_password = {{ RABBITMQ_PASSWORD }}
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
@@ -229,22 +228,22 @@ rabbit_durable_queues = False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
-qpid_notification_exchange = glance
-qpid_notification_topic = notifications
-qpid_hostname = localhost
-qpid_port = 5672
-qpid_username =
-qpid_password =
-qpid_sasl_mechanisms =
-qpid_reconnect_timeout = 0
-qpid_reconnect_limit = 0
-qpid_reconnect_interval_min = 0
-qpid_reconnect_interval_max = 0
-qpid_reconnect_interval = 0
-qpid_heartbeat = 5
+#qpid_notification_exchange = glance
+#qpid_notification_topic = notifications
+#qpid_hostname = localhost
+#qpid_port = 5672
+#qpid_username =
+#qpid_password =
+#qpid_sasl_mechanisms =
+#qpid_reconnect_timeout = 0
+#qpid_reconnect_limit = 0
+#qpid_reconnect_interval_min = 0
+#qpid_reconnect_interval_max = 0
+#qpid_reconnect_interval = 0
+#qpid_heartbeat = 5
# Set to 'ssl' to enable SSL
-qpid_protocol = tcp
-qpid_tcp_nodelay = True
+#qpid_protocol = tcp
+#qpid_tcp_nodelay = True
# ============ Delayed Delete Options =============================
@@ -301,6 +300,8 @@ image_cache_dir = /var/lib/glance/image-cache/
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
+connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance
+
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
@@ -381,10 +382,11 @@ image_cache_dir = /var/lib/glance/image-cache/
#db_max_retries = 20
[keystone_authtoken]
-identity_uri = http://127.0.0.1:35357
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ GLANCE_SERVICE_USER }}
+admin_password = {{ GLANCE_SERVICE_PASSWORD }}
revocation_cache_time = 10
[paste_deploy]
@@ -395,7 +397,7 @@ revocation_cache_time = 10
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
-#flavor=
+flavor=keystone
[store_type_location_strategy]
# The scheme list to use to get store preference order. The scheme must be
diff --git a/openstack/usr/share/openstack/glance/glance-cache.conf b/openstack/usr/share/openstack/glance/glance-cache.conf
index 0246b672..3f2d4603 100644
--- a/openstack/usr/share/openstack/glance/glance-cache.conf
+++ b/openstack/usr/share/openstack/glance/glance-cache.conf
@@ -10,10 +10,10 @@
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
-log_file = /var/log/glance/image-cache.log
+# log_file = /var/log/glance/image-cache.log
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
-#use_syslog = False
+use_syslog = True
# Directory that the Image Cache writes data to
image_cache_dir = /var/lib/glance/image-cache/
@@ -26,7 +26,7 @@ image_cache_stall_time = 86400
image_cache_max_size = 10737418240
# Address to find the registry server
-registry_host = 0.0.0.0
+registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the registry server is listening on
registry_port = 9191
diff --git a/openstack/usr/share/openstack/glance/glance-registry.conf b/openstack/usr/share/openstack/glance/glance-registry.conf
index a72abf8c..e663148d 100644
--- a/openstack/usr/share/openstack/glance/glance-registry.conf
+++ b/openstack/usr/share/openstack/glance/glance-registry.conf
@@ -6,7 +6,7 @@
#debug = False
# Address to bind the registry server
-bind_host = 0.0.0.0
+bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the bind the registry server to
bind_port = 9191
@@ -16,7 +16,7 @@ bind_port = 9191
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
-log_file = /var/log/glance/registry.log
+# log_file = /var/log/glance/registry.log
# Backlog requests when creating socket
backlog = 4096
@@ -62,7 +62,7 @@ limit_param_default = 25
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
-#use_syslog = False
+use_syslog = True
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility = LOG_LOCAL1
@@ -141,6 +141,7 @@ qpid_tcp_nodelay = True
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
+connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
@@ -221,10 +222,11 @@ qpid_tcp_nodelay = True
#db_max_retries = 20
[keystone_authtoken]
-identity_uri = http://127.0.0.1:35357
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+admin_tenant_name = service
+admin_user = {{ GLANCE_SERVICE_USER }}
+admin_password = {{ GLANCE_SERVICE_PASSWORD }}
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
@@ -234,7 +236,7 @@ admin_password = %SERVICE_PASSWORD%
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor below
# as 'keystone'.
-#flavor=
+flavor=keystone
[profiler]
# If False fully disable profiling feature.
diff --git a/openstack/usr/share/openstack/glance/glance-scrubber.conf b/openstack/usr/share/openstack/glance/glance-scrubber.conf
index ecfc7bff..cdbfda71 100644
--- a/openstack/usr/share/openstack/glance/glance-scrubber.conf
+++ b/openstack/usr/share/openstack/glance/glance-scrubber.conf
@@ -10,10 +10,10 @@
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
-log_file = /var/log/glance/scrubber.log
+# log_file = /var/log/glance/scrubber.log
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
-#use_syslog = False
+use_syslog = True
# Should we run our own loop or rely on cron/scheduler to run us
daemon = False
@@ -32,7 +32,7 @@ cleanup_scrubber = False
cleanup_scrubber_time = 86400
# Address to find the registry server for cleanups
-registry_host = 0.0.0.0
+registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Port the registry server is listening on
registry_port = 9191
diff --git a/systems/openstack-system-x86_64.morph b/systems/openstack-system-x86_64.morph
index 64125a73..cec51aa3 100644
--- a/systems/openstack-system-x86_64.morph
+++ b/systems/openstack-system-x86_64.morph
@@ -64,3 +64,4 @@ configuration-extensions:
- cloud-init
- hosts
- openstack-keystone
+- openstack-glance