diff --git a/ci/custom_ci_roles_data.yaml b/ci/custom_ci_roles_data.yaml index 8deb8fe6cd..9081aa627d 100644 --- a/ci/custom_ci_roles_data.yaml +++ b/ci/custom_ci_roles_data.yaml @@ -93,6 +93,7 @@ - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 158e7bb193..5ce898501f 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -9,6 +9,7 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronApi diff --git a/ci/environments/scenario000-standalone.yaml b/ci/environments/scenario000-standalone.yaml index 3a09b337c9..14c3c263f6 100644 --- a/ci/environments/scenario000-standalone.yaml +++ b/ci/environments/scenario000-standalone.yaml @@ -50,6 +50,7 @@ resource_registry: OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::GlanceApi: OS::Heat::None + OS::TripleO::Services::GlanceApiInternal: OS::Heat::None OS::TripleO::Services::GnocchiApi: OS::Heat::None OS::TripleO::Services::GnocchiMetricd: OS::Heat::None OS::TripleO::Services::GnocchiStatsd: OS::Heat::None diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 30d1288206..fb7578e47f 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -36,6 +36,7 @@ parameter_defaults: - OS::TripleO::Services::Keystone - OS::TripleO::Services::LoginDefs - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index b688156726..b65f5f7e49 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -33,6 +33,7 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine diff --git a/ci/environments/scenario010-multinode-containers.yaml b/ci/environments/scenario010-multinode-containers.yaml index fd364c7da9..016877c08e 100644 --- a/ci/environments/scenario010-multinode-containers.yaml +++ b/ci/environments/scenario010-multinode-containers.yaml @@ -34,6 +34,7 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronApi diff --git a/deployment/glance/glance-api-container-puppet.yaml b/deployment/glance/glance-api-container-puppet.yaml index abbbf3e155..b1a05eb9a2 100644 --- a/deployment/glance/glance-api-container-puppet.yaml +++ b/deployment/glance/glance-api-container-puppet.yaml @@ -130,12 +130,6 @@ parameters: type: boolean tags: - role_specific - GlanceShowMultipleLocations: - default: false - description: | - Whether to show multiple image locations e.g for copy-on-write support on - RBD or Netapp backends. Potential security risk, see glance.conf for more information. - type: boolean # We default import plugins list to 'no_op' (instead of empty list) to discern from the scenario # in which the user purposely disabled all plugins setting it to an empty list. This is useful # to automatically enable image_conversion plugin only when value is left to the default. @@ -368,6 +362,23 @@ parameters: Use the advanced (eventlet safe) memcached client pool. default: true + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in future release. + GlanceShowMultipleLocations: + default: false + description: | + Whether to show multiple image locations e.g for copy-on-write support on + RBD or Netapp backends. Potential security risk, see glance.conf for more information. + type: boolean + +parameter_groups: +- label: deprecated + description: | + The following parameters are deprecated and will be removed. They should not + be relied on for new deployments. + parameters: + - GlanceShowMultipleLocations + conditions: cinder_backend_enabled: or: @@ -494,7 +505,6 @@ outputs: - read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } glance::api::enable_v1_api: false @@ -518,8 +528,6 @@ outputs: - {get_param: GlanceCacheEnabled} - 'keystone+cachemanagement' - 'keystone' - glance::api::show_image_direct_url: true - glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} glance::api::image_member_quota: {get_param: GlanceImageMemberQuota} glance::api::enabled_import_methods: {get_param: GlanceEnabledImportMethods} glance::api::node_staging_uri: {get_param: GlanceNodeStagingUri} @@ -552,8 +560,11 @@ outputs: "%{lookup('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]} - tripleo::profile::base::glance::api::tls_proxy_port: - get_param: [EndpointMap, GlanceInternal, port] + # Use glance's native port (9292) for tls proxying. The value is + # hardcoded because the ports in the endpoint map are different (the + # public endpoint uses port 13292, and the internal and admin endpoints + # use port 9293). + tripleo::profile::base::glance::api::tls_proxy_port: 9292 # Bind to localhost if internal TLS is enabled, since we put a TLs # proxy in front. glance::api::bind_host: diff --git a/deployment/glance/glance-api-edge-container-puppet.yaml b/deployment/glance/glance-api-edge-container-puppet.yaml index eeaa34022b..0c2ad3dbb3 100644 --- a/deployment/glance/glance-api-edge-container-puppet.yaml +++ b/deployment/glance/glance-api-edge-container-puppet.yaml @@ -36,21 +36,17 @@ parameters: List of enabled Image Import Methods. Valid values in the list are 'glance-direct', 'web-download', or 'copy-image' type: comma_delimited_list - EnableGlanceApiProxy: - default: true - description: Configure haproxy to forward glance-api requests to glance-api - services running at the edge site. - type: boolean resources: - GlanceApiBase: - type: ./glance-api-container-puppet.yaml + GlanceApiInternal: + type: ./glance-api-internal-container-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: glance_api_edge_uri: @@ -60,39 +56,33 @@ outputs: - {get_param: EnableInternalTLS} - str_replace: template: - "https://%{lookup('fqdn_NETWORK')}:9292" + "https://%{lookup('fqdn_NETWORK')}:PORT" params: NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]} + PORT: {get_param: [EndpointMap, GlanceInternal, port]} - str_replace: template: - "http://%{lookup('NETWORK_uri')}:9292" + "http://%{lookup('NETWORK_uri')}:PORT" params: NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]} + PORT: {get_param: [EndpointMap, GlanceInternal, port]} role_data: description: Role data for the Glance API role for DCN/Edge. value: map_merge: - - get_attr: [GlanceApiBase, role_data] + - get_attr: [GlanceApiInternal, role_data] - service_name: glance_api_edge - firewall_edge_frontend_rules: - if: - - {get_param: EnableGlanceApiProxy} - - {get_attr: [GlanceApiBase, role_data, firewall_frontend_rules]} - firewall_edge_ssl_frontend_rules: - if: - - {get_param: EnableGlanceApiProxy} - - {get_attr: [GlanceApiBase, role_data, firewall_ssl_frontend_rules]} service_config_settings: map_merge: - - get_attr: [GlanceApiBase, role_data, service_config_settings] + - get_attr: [GlanceApiInternal, role_data, service_config_settings] - cinder_volume: cinder::glance::glance_api_servers: *glance_api_edge_uri nova_compute: nova::glance::endpoint_override: *glance_api_edge_uri config_settings: map_merge: - - get_attr: [GlanceApiBase, role_data, config_settings] + - get_attr: [GlanceApiInternal, role_data, config_settings] - if: - contains: ['glance-direct', {get_param: GlanceEnabledImportMethods}] - glance::api::worker_self_reference_url: *glance_api_edge_uri diff --git a/deployment/glance/glance-api-internal-container-puppet.yaml b/deployment/glance/glance-api-internal-container-puppet.yaml new file mode 100644 index 0000000000..15fab9d145 --- /dev/null +++ b/deployment/glance/glance-api-internal-container-puppet.yaml @@ -0,0 +1,183 @@ +heat_template_version: wallaby + +description: > + OpenStack Glance internal service configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. Use + parameter_merge_strategies to merge it with the defaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + GlanceApiInternalLoggingSource: + type: json + default: + tag: openstack.glance.api + file: /var/log/containers/glance/api_internal.log + EnableInternalTLS: + type: boolean + default: false + GlanceNetappNfsEnabled: + default: false + description: > + When using GlanceBackend 'file', Netapp mount NFS share for image storage. + type: boolean + ContainerGlanceApiImage: + description: image + type: string + tags: + - role_specific + ContainerGlanceApiInternalConfigImage: + description: The container image to use for the glance_api_internal config_volume + type: string + tags: + - role_specific +resources: + GlanceApi: + type: ./glance-api-container-puppet.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} + + MySQLClient: + type: ../database/mysql-client.yaml + + GlanceLogging: + type: OS::TripleO::Services::Logging::GlanceApi + + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - ContainerGlanceApiImage: ContainerGlanceApiImage + ContainerGlanceApiInternalConfigImage: ContainerGlanceApiInternalConfigImage + - values: {get_param: [RoleParameters]} + - values: + ContainerGlanceApiImage: {get_param: ContainerGlanceApiImage} + ContainerGlanceApiInternalConfigImage: {get_param: ContainerGlanceApiInternalConfigImage} + +outputs: + role_data: + description: Role data for the internal Glance API. + value: + map_merge: + - get_attr: [GlanceApi, role_data] + - service_name: glance_api_internal + firewall_rules: + '112 glance_api_internal': + dport: + - {get_param: [EndpointMap, GlanceInternal, port]} + firewall_frontend_rules: + '100 glance_api_internal_haproxy_frontend': + dport: + - {get_param: [EndpointMap, GlanceInternal, port]} + + # GlanceApi creates the keystone resources + keystone_resources: {} + + config_settings: {get_attr: [GlanceApi, role_data, config_settings]} + + service_config_settings: + map_merge: + - get_attr: [GlanceApi, role_data, service_config_settings] + - rsyslog: + tripleo_logging_sources_glance_api_internal: + - {get_param: GlanceApiInternalLoggingSource} + + puppet_config: + config_volume: glance_api_internal + puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config,glance_image_import_config + step_config: + list_join: + - "\n" + - - + str_replace: + template: | + class { 'tripleo::profile::base::glance::api': + bind_port => PORT, + tls_proxy_port => PORT, + log_file => '/var/log/glance/api_internal.log', + show_image_direct_url => true, + show_multiple_locations => true, + } + params: + PORT: {get_param: [EndpointMap, GlanceInternal, port]} + - if: + - {get_param: GlanceNetappNfsEnabled} + - include tripleo::profile::base::glance::netapp + - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_attr: [RoleParametersValue, value, ContainerGlanceApiInternalConfigImage]} + + kolla_config: + # The kolla_config are essentially the same as the GlanceApi service. + # The only difference is the json file names. + /var/lib/kolla/config_files/glance_api_internal.json: + {get_attr: [GlanceApi, role_data, kolla_config, /var/lib/kolla/config_files/glance_api.json]} + /var/lib/kolla/config_files/glance_api_internal_tls_proxy.json: + {get_attr: [GlanceApi, role_data, kolla_config, /var/lib/kolla/config_files/glance_api_tls_proxy.json]} + + docker_config: + step_2: + get_attr: [GlanceLogging, docker_config, step_2] + step_4: + # The internal services share the same GlanceApi docker configs, + # except we swap in the internal service's config_volume. + glance_api_internal: + map_merge: + - get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api] + - volumes: + yaql: + expression: $.data.vols.select($.replace('puppet-generated/glance_api', 'puppet-generated/glance_api_internal')) + data: + vols: {get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api, volumes]} + glance_api_internal_tls_proxy: + if: + - {get_param: EnableInternalTLS} + - map_merge: + - get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api_tls_proxy] + - volumes: + yaql: + expression: $.data.vols.select($.replace('puppet-generated/glance_api', 'puppet-generated/glance_api_internal')) + data: + vols: {get_attr: [GlanceApi, role_data, docker_config, step_4, glance_api_tls_proxy, volumes]} + + external_upgrade_tasks: + - when: + - step|int == 1 + tags: + - never + - system_upgrade_transfer_data + - system_upgrade_stop_services + block: + - name: Stop glance api internal container + import_role: + name: tripleo_container_stop + vars: + tripleo_containers_to_stop: + - glance_api_internal + tripleo_delegate_to: "{{ groups['glance_api_internal'] | default([]) }}" diff --git a/deployment/haproxy/haproxy-edge-container-puppet.yaml b/deployment/haproxy/haproxy-edge-container-puppet.yaml index 1ef21705e8..061c3bef97 100644 --- a/deployment/haproxy/haproxy-edge-container-puppet.yaml +++ b/deployment/haproxy/haproxy-edge-container-puppet.yaml @@ -45,6 +45,7 @@ resources: EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} outputs: glance_api_edge_uri: @@ -54,14 +55,16 @@ outputs: - {get_param: EnableInternalTLS} - str_replace: template: - "https://%{lookup('fqdn_NETWORK')}:9292" + "https://%{lookup('fqdn_NETWORK')}:PORT" params: NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]} + PORT: {get_param: [EndpointMap, GlanceInternal, port]} - str_replace: template: - "http://%{lookup('NETWORK_uri')}:9292" + "http://%{lookup('NETWORK_uri')}:PORT" params: NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]} + PORT: {get_param: [EndpointMap, GlanceInternal, port]} role_data: description: Role data for the HAproxy role for DCN/Edge. @@ -85,18 +88,19 @@ outputs: tripleo::haproxy::designate: false tripleo::haproxy::docker_registry: false tripleo::haproxy::etcd: false + tripleo::haproxy::glance_api: false - if: - {get_param: EnableGlanceApiProxy} - - tripleo::haproxy::glance_api: true + - tripleo::haproxy::glance_api_internal: true glance_api_vip: str_replace: template: "%{lookup('NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]} - glance_api_node_ips: "%{alias('glance_api_edge_node_ips')}" - glance_api_node_names: "%{alias('glance_api_edge_node_names')}" - - tripleo::haproxy::glance_api: false + glance_api_internal_node_ips: "%{alias('glance_api_edge_node_ips')}" + glance_api_internal_node_names: "%{alias('glance_api_edge_node_names')}" + - tripleo::haproxy::glance_api_internal: false - tripleo::haproxy::gnocchi: false tripleo::haproxy::heat_api: false tripleo::haproxy::heat_cfn: false diff --git a/deployment/nova/nova-base-puppet.yaml b/deployment/nova/nova-base-puppet.yaml index 0eb41e048d..dbdc4947cb 100644 --- a/deployment/nova/nova-base-puppet.yaml +++ b/deployment/nova/nova-base-puppet.yaml @@ -234,6 +234,7 @@ outputs: nova::network::neutron::password: {get_param: NeutronPassword} nova::network::neutron::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]} nova::network::neutron::valid_interfaces: 'internal' + nova::glance::valid_interfaces: 'internal' nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder::catalog_info: 'volumev3:cinderv3:internalURL' nova::cinder::os_region_name: {get_param: KeystoneRegion} diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml index 42e67d7d11..9ae1baa81d 100644 --- a/environments/ssl/tls-everywhere-endpoints-dns.yaml +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -31,8 +31,8 @@ parameter_defaults: DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} - GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} - GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9293', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9293', host: 'CLOUDNAME'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index e3e9ca1459..8b262238c9 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -115,6 +115,7 @@ resource_registry: OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml + OS::TripleO::Services::GlanceApiInternal: deployment/glance/glance-api-internal-container-puppet.yaml OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml @@ -354,6 +355,7 @@ parameter_defaults: CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }} GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} + GlanceApiEdgeInternalNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} IronicApiNetwork: ctlplane IronicNetwork: ctlplane IronicInspectorNetwork: ctlplane @@ -445,8 +447,8 @@ parameter_defaults: DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS} DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} - GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} - GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} + GlanceAdmin: {protocol: http, port: '9293', host: IP_ADDRESS} + GlanceInternal: {protocol: http, port: '9293', host: IP_ADDRESS} GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} diff --git a/releasenotes/notes/glance-internal-service-86274f56712ffaac.yaml b/releasenotes/notes/glance-internal-service-86274f56712ffaac.yaml new file mode 100644 index 0000000000..d01f8d0abf --- /dev/null +++ b/releasenotes/notes/glance-internal-service-86274f56712ffaac.yaml @@ -0,0 +1,26 @@ +--- +features: + - | + Two instances of the glance-api service are now deployed per the + recommendations outlined in `OSSN-0090 `_. + The user facing service does not provide access to image location data, + whereas a new internal glance-api service provides location data to + administrators and services that need it (e.g. cinder and nova), and is + accessible via the admin and internal keystone endpoints. +upgrade: + - | + A new OS::TripleO::Services::GlanceApiInternal service is introduced to + handle deploying the internal instance of the glance-api service. When + upgrading an overcloud deployed with a custom roles file, the new + GlanceApiInternal service must be added to every role that includes the + GlanceApi service. Roles that include the GlanceApiEdge service should not + include the new GlanceApiInternal service. + + Deployment of the new internal glance-api service is generally transparent, + and includes updating glance's endpoints in the keystone catalog. + In a Distributed Compute Node (DCN) deployment, the control plane and + all DCN sites need to be updated in order to fully deploy the new internal + glance-api service. +deprecations: + - | + The GlanceShowMultipleLocations parameter is deprecated. diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 2ad838591d..1963185457 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -92,6 +92,7 @@ - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerAllNovaStandalone.yaml b/roles/ControllerAllNovaStandalone.yaml index 797a42d967..34e86e7bed 100644 --- a/roles/ControllerAllNovaStandalone.yaml +++ b/roles/ControllerAllNovaStandalone.yaml @@ -63,6 +63,7 @@ - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerNoCeph.yaml b/roles/ControllerNoCeph.yaml index db0f7d71c7..b016356646 100644 --- a/roles/ControllerNoCeph.yaml +++ b/roles/ControllerNoCeph.yaml @@ -80,6 +80,7 @@ - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerNovaStandalone.yaml b/roles/ControllerNovaStandalone.yaml index fc8c4d0f63..33b862d7e0 100644 --- a/roles/ControllerNovaStandalone.yaml +++ b/roles/ControllerNovaStandalone.yaml @@ -82,6 +82,7 @@ - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index b4d37ecd9b..28faf91bd8 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -69,6 +69,7 @@ - OS::TripleO::Services::IpaClient - OS::TripleO::Services::Ipsec - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerSriov.yaml b/roles/ControllerSriov.yaml index 2387a3a202..6419a2ad76 100644 --- a/roles/ControllerSriov.yaml +++ b/roles/ControllerSriov.yaml @@ -89,6 +89,7 @@ - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerStorageDashboard.yaml b/roles/ControllerStorageDashboard.yaml index 40ff7c97a8..968c70dbe3 100644 --- a/roles/ControllerStorageDashboard.yaml +++ b/roles/ControllerStorageDashboard.yaml @@ -91,6 +91,7 @@ - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/ControllerStorageNfs.yaml b/roles/ControllerStorageNfs.yaml index 575b355571..aacb17d7dc 100644 --- a/roles/ControllerStorageNfs.yaml +++ b/roles/ControllerStorageNfs.yaml @@ -91,6 +91,7 @@ - OS::TripleO::Services::Frr - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles/Standalone.yaml b/roles/Standalone.yaml index 6aa7281f89..34cb1eafb7 100644 --- a/roles/Standalone.yaml +++ b/roles/Standalone.yaml @@ -90,6 +90,7 @@ - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles_data.yaml b/roles_data.yaml index 3dc504466e..81ed10b55d 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -95,6 +95,7 @@ - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/roles_data_standalone.yaml b/roles_data_standalone.yaml index 3758f77c05..8feef8d344 100644 --- a/roles_data_standalone.yaml +++ b/roles_data_standalone.yaml @@ -93,6 +93,7 @@ - OS::TripleO::Services::ExternalSwiftProxy - OS::TripleO::Services::Frr - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 578ebecd66..c07ba1c693 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -232,8 +232,8 @@ environments: DesignatePublic: {protocol: 'https', port: '13001', host: 'CLOUDNAME'} DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} GaneshaInternal: {protocol: 'nfs', port: '2049', host: 'IP_ADDRESS'} - GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} - GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9293', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9293', host: 'CLOUDNAME'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}