From 3e38563cec54164125da3634bc5d2876b1c008fd Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Mon, 13 Apr 2015 18:06:31 +0000 Subject: Openstack: Make Glance configurable Change-Id: I137bd286b2f8ad6eeb37d34803f9ae41a735e7ec Signed-off-by: Pedro Alvarez Signed-off-by: Francisco Redondo Marchena --- openstack-glance.configure | 85 ++++++++++++++++++++ openstack/manifest | 14 ++++ .../systemd/system/openstack-glance-api.service | 13 +++ .../system/openstack-glance-registry.service | 13 +++ .../systemd/system/openstack-glance-setup.service | 9 +++ openstack/usr/share/openstack/glance.yml | 93 ++++++++++++++++++++++ .../usr/share/openstack/glance/glance-api.conf | 64 +++++++-------- .../usr/share/openstack/glance/glance-cache.conf | 6 +- .../share/openstack/glance/glance-registry.conf | 18 +++-- .../share/openstack/glance/glance-scrubber.conf | 6 +- systems/openstack-server.morph | 1 + 11 files changed, 277 insertions(+), 45 deletions(-) create mode 100644 openstack-glance.configure create mode 100644 openstack/usr/lib/systemd/system/openstack-glance-api.service create mode 100644 openstack/usr/lib/systemd/system/openstack-glance-registry.service create mode 100644 openstack/usr/lib/systemd/system/openstack-glance-setup.service create mode 100644 openstack/usr/share/openstack/glance.yml diff --git a/openstack-glance.configure b/openstack-glance.configure new file mode 100644 index 00000000..44b4d6aa --- /dev/null +++ b/openstack-glance.configure @@ -0,0 +1,85 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . + +set -e + +ROOT="$1" + +########################################################################## + +ln -s "/usr/lib/systemd/system/openstack-glance-setup.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-glance-setup.service" + +########################################################################## +# Check variables +########################################################################## + +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -a \ + -z "$GLANCE_SERVICE_USER" -a \ + -z "$GLANCE_SERVICE_PASSWORD" -a \ + -z "$GLANCE_DB_USER" -a \ + -z "$GLANCE_DB_PASSWORD" -a \ + -z "$RABBITMQ_HOST" -a \ + -z "$RABBITMQ_PORT" -a \ + -z "$RABBITMQ_USER" -a \ + -z "$RABBITMQ_PASSWORD" -a \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + # No Glance options defined, do nothing. + exit 0 +fi + +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ + -z "$GLANCE_SERVICE_USER" -o \ + -z "$GLANCE_SERVICE_PASSWORD" -o \ + -z "$GLANCE_DB_USER" -o \ + -z "$GLANCE_DB_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + echo Some options required for Glance were defined, but not all. + exit 1 +fi + +########################################################################## +# Generate configuration file +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/glance.conf" +import os, sys, yaml + +glance_configuration={ + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + 'GLANCE_SERVICE_PASSWORD': os.environ['GLANCE_SERVICE_PASSWORD'], + 'GLANCE_SERVICE_USER': os.environ['GLANCE_SERVICE_USER'], + 'GLANCE_DB_USER': os.environ['GLANCE_DB_USER'], + 'GLANCE_DB_PASSWORD': os.environ['GLANCE_DB_PASSWORD'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], +} + +yaml.dump(glance_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack/manifest b/openstack/manifest index d48d5f9d..85b9cc7a 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -1,5 +1,16 @@ 0040755 0 0 /usr/share/openstack 0100644 0 0 /usr/share/openstack/hosts +0100644 0 0 /usr/share/openstack/glance.yml +0040755 0 0 /usr/share/openstack/glance +0100644 0 0 /usr/share/openstack/glance/logging.conf +0100644 0 0 /usr/share/openstack/glance/glance-api.conf +0100644 0 0 /usr/share/openstack/glance/glance-registry.conf +0100644 0 0 /usr/share/openstack/glance/glance-scrubber.conf +0100644 0 0 /usr/share/openstack/glance/glance-cache.conf +0100644 0 0 /usr/share/openstack/glance/schema-image.json +0100644 0 0 /usr/share/openstack/glance/policy.json +0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini +0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini 0100644 0 0 /usr/share/openstack/keystone.yml 0040755 0 0 /usr/share/openstack/keystone 0100644 0 0 /usr/share/openstack/keystone/logging.conf @@ -14,5 +25,8 @@ 0100644 0 0 /usr/share/openstack/rabbitmq/rabbitmq.config 0100644 0 0 /usr/lib/systemd/system/openstack-keystone.service 0100644 0 0 /usr/lib/systemd/system/openstack-keystone-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-glance-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-glance-api.service +0100644 0 0 /usr/lib/systemd/system/openstack-glance-registry.service 0100644 0 0 /usr/lib/systemd/system/rabbitmq-server.service 0100644 0 0 /usr/lib/systemd/system/postgres-server.service diff --git a/openstack/usr/lib/systemd/system/openstack-glance-api.service b/openstack/usr/lib/systemd/system/openstack-glance-api.service new file mode 100644 index 00000000..e1387118 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-glance-api.service @@ -0,0 +1,13 @@ +[Unit] +Description=OpenStack Image Service (code-named Glance) API server +After=syslog.target network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=glance +ExecStart=/usr/bin/glance-api --config-file /etc/glance/glance-api.conf + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-glance-registry.service b/openstack/usr/lib/systemd/system/openstack-glance-registry.service new file mode 100644 index 00000000..f3134352 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-glance-registry.service @@ -0,0 +1,13 @@ +[Unit] +Description=OpenStack Image Service (code-named Glance) Registry server +After=syslog.target network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=glance +ExecStart=/usr/bin/glance-registry --config-file /etc/glance/glance-registry.conf + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-glance-setup.service b/openstack/usr/lib/systemd/system/openstack-glance-setup.service new file mode 100644 index 00000000..c00c520c --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-glance-setup.service @@ -0,0 +1,9 @@ +[Unit] +Description=Run glance-setup Ansible scripts +After=local-fs.target openstack-keystone-setup.service postgres-server.service + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/glance.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/glance.yml b/openstack/usr/share/openstack/glance.yml new file mode 100644 index 00000000..aa7e4c78 --- /dev/null +++ b/openstack/usr/share/openstack/glance.yml @@ -0,0 +1,93 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/glance.conf" + tasks: + - name: Create the glance user. + user: + name: glance + comment: Openstack Glance Daemons + shell: /sbin/nologin + home: /var/lib/glance + + - name: Create the /var folders for glance + file: + path: "{{ item }}" + state: directory + owner: glance + group: glance + with_items: + - /var/run/glance + - /var/lock/glance + - /var/log/glance + - /var/lib/glance + - /var/lib/glance/images + - /var/lib/glance/image-cache + + - name: Create /etc/glance directory + file: + path: /etc/glance + state: directory + + - name: Add the configuration needed for glance in /etc/glance using templates + template: + src: /usr/share/openstack/glance/{{ item }} + dest: /etc/glance/{{ item }} + with_lines: + - cd /usr/share/openstack/glance && find -type f + + - name: Create glance service user in service tenant + keystone_user: + user: "{{ GLANCE_SERVICE_USER }}" + password: "{{ GLANCE_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to glances service user in the service tenant + keystone_user: + role: admin + user: "{{ GLANCE_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add glance endpoint + keystone_service: + name: glance + type: image + description: Openstack Image Service + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for glance + postgresql_user: + name: "{{ GLANCE_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + password: "{{ GLANCE_DB_PASSWORD }}" + sudo: yes + sudo_user: glance + + - name: Create database for glance services + postgresql_db: + name: glance + owner: "{{ GLANCE_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + sudo: yes + sudo_user: glance + + - name: Initiate glance database + glance_manage: + action: dbsync + sudo: yes + sudo_user: glance + + - name: Enable and start openstack-glance services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - openstack-glance-api.service + - openstack-glance-registry.service diff --git a/openstack/usr/share/openstack/glance/glance-api.conf b/openstack/usr/share/openstack/glance/glance-api.conf index cfc214e9..8018489a 100644 --- a/openstack/usr/share/openstack/glance/glance-api.conf +++ b/openstack/usr/share/openstack/glance/glance-api.conf @@ -18,7 +18,7 @@ default_store = file #image_size_cap = 1099511627776 # Address to bind the API server -bind_host = 0.0.0.0 +bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the bind the API server to bind_port = 9292 @@ -28,7 +28,7 @@ bind_port = 9292 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -log_file = /var/log/glance/api.log +# log_file = /var/log/glance/api.log # Backlog requests when creating socket backlog = 4096 @@ -113,7 +113,7 @@ backlog = 4096 # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -#use_syslog = False +use_syslog = True # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 @@ -139,7 +139,7 @@ backlog = 4096 # ============ Registry Options =============================== # Address to find the registry server -registry_host = 0.0.0.0 +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the registry server is listening on registry_port = 9191 @@ -213,15 +213,14 @@ registry_client_protocol = http # default_publisher_id = image.localhost # Messaging driver used for 'messaging' notifications driver -# rpc_backend = 'rabbit' +rpc_backend=rabbit -# Configuration options if sending notifications via rabbitmq (these are -# the defaults) -rabbit_host = localhost -rabbit_port = 5672 +# Configuration options if sending notifications via rabbitmq +rabbit_host = {{ RABBITMQ_HOST }} +rabbit_port = {{ RABBITMQ_PORT }} rabbit_use_ssl = false -rabbit_userid = guest -rabbit_password = guest +rabbit_userid = {{ RABBITMQ_USER }} +rabbit_password = {{ RABBITMQ_PASSWORD }} rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -229,22 +228,22 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -qpid_notification_exchange = glance -qpid_notification_topic = notifications -qpid_hostname = localhost -qpid_port = 5672 -qpid_username = -qpid_password = -qpid_sasl_mechanisms = -qpid_reconnect_timeout = 0 -qpid_reconnect_limit = 0 -qpid_reconnect_interval_min = 0 -qpid_reconnect_interval_max = 0 -qpid_reconnect_interval = 0 -qpid_heartbeat = 5 +#qpid_notification_exchange = glance +#qpid_notification_topic = notifications +#qpid_hostname = localhost +#qpid_port = 5672 +#qpid_username = +#qpid_password = +#qpid_sasl_mechanisms = +#qpid_reconnect_timeout = 0 +#qpid_reconnect_limit = 0 +#qpid_reconnect_interval_min = 0 +#qpid_reconnect_interval_max = 0 +#qpid_reconnect_interval = 0 +#qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -qpid_protocol = tcp -qpid_tcp_nodelay = True +#qpid_protocol = tcp +#qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= @@ -301,6 +300,8 @@ image_cache_dir = /var/lib/glance/image-cache/ # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = +connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance + # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -381,10 +382,11 @@ image_cache_dir = /var/lib/glance/image-cache/ #db_max_retries = 20 [keystone_authtoken] -identity_uri = http://127.0.0.1:35357 -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ GLANCE_SERVICE_USER }} +admin_password = {{ GLANCE_SERVICE_PASSWORD }} revocation_cache_time = 10 [paste_deploy] @@ -395,7 +397,7 @@ revocation_cache_time = 10 # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone], you would configure the flavor below # as 'keystone'. -#flavor= +#flavor=keystone [store_type_location_strategy] # The scheme list to use to get store preference order. The scheme must be diff --git a/openstack/usr/share/openstack/glance/glance-cache.conf b/openstack/usr/share/openstack/glance/glance-cache.conf index 0246b672..3f2d4603 100644 --- a/openstack/usr/share/openstack/glance/glance-cache.conf +++ b/openstack/usr/share/openstack/glance/glance-cache.conf @@ -10,10 +10,10 @@ # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -log_file = /var/log/glance/image-cache.log +# log_file = /var/log/glance/image-cache.log # Send logs to syslog (/dev/log) instead of to file specified by `log_file` -#use_syslog = False +use_syslog = True # Directory that the Image Cache writes data to image_cache_dir = /var/lib/glance/image-cache/ @@ -26,7 +26,7 @@ image_cache_stall_time = 86400 image_cache_max_size = 10737418240 # Address to find the registry server -registry_host = 0.0.0.0 +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the registry server is listening on registry_port = 9191 diff --git a/openstack/usr/share/openstack/glance/glance-registry.conf b/openstack/usr/share/openstack/glance/glance-registry.conf index a72abf8c..e663148d 100644 --- a/openstack/usr/share/openstack/glance/glance-registry.conf +++ b/openstack/usr/share/openstack/glance/glance-registry.conf @@ -6,7 +6,7 @@ #debug = False # Address to bind the registry server -bind_host = 0.0.0.0 +bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the bind the registry server to bind_port = 9191 @@ -16,7 +16,7 @@ bind_port = 9191 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -log_file = /var/log/glance/registry.log +# log_file = /var/log/glance/registry.log # Backlog requests when creating socket backlog = 4096 @@ -62,7 +62,7 @@ limit_param_default = 25 # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -#use_syslog = False +use_syslog = True # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL1 @@ -141,6 +141,7 @@ qpid_tcp_nodelay = True # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = +connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -221,10 +222,11 @@ qpid_tcp_nodelay = True #db_max_retries = 20 [keystone_authtoken] -identity_uri = http://127.0.0.1:35357 -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ GLANCE_SERVICE_USER }} +admin_password = {{ GLANCE_SERVICE_PASSWORD }} [paste_deploy] # Name of the paste configuration file that defines the available pipelines @@ -234,7 +236,7 @@ admin_password = %SERVICE_PASSWORD% # service name removed. For example, if your paste section name is # [pipeline:glance-registry-keystone], you would configure the flavor below # as 'keystone'. -#flavor= +flavor=keystone [profiler] # If False fully disable profiling feature. diff --git a/openstack/usr/share/openstack/glance/glance-scrubber.conf b/openstack/usr/share/openstack/glance/glance-scrubber.conf index ecfc7bff..cdbfda71 100644 --- a/openstack/usr/share/openstack/glance/glance-scrubber.conf +++ b/openstack/usr/share/openstack/glance/glance-scrubber.conf @@ -10,10 +10,10 @@ # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -log_file = /var/log/glance/scrubber.log +# log_file = /var/log/glance/scrubber.log # Send logs to syslog (/dev/log) instead of to file specified by `log_file` -#use_syslog = False +use_syslog = True # Should we run our own loop or rely on cron/scheduler to run us daemon = False @@ -32,7 +32,7 @@ cleanup_scrubber = False cleanup_scrubber_time = 86400 # Address to find the registry server for cleanups -registry_host = 0.0.0.0 +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the registry server is listening on registry_port = 9191 diff --git a/systems/openstack-server.morph b/systems/openstack-server.morph index 64125a73..cec51aa3 100644 --- a/systems/openstack-server.morph +++ b/systems/openstack-server.morph @@ -64,3 +64,4 @@ configuration-extensions: - cloud-init - hosts - openstack-keystone +- openstack-glance -- cgit v1.2.1