commit
58840bbb25
|
@ -105,7 +105,8 @@ Attributes
|
|||
* `glance["service_tenant_name"]` - Tenant name used by glance when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `glance["service_user"]` - User name used by glance when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `glance["service_role"]` - User role used by glance when interacting with keystone - used in the API and registry paste.ini files
|
||||
* `default["glance"]["pki"]["signing_dir"]` - Defaults to `/tmp/glance-signing-dir`. Directory where `auth_token` middleware writes certificate
|
||||
* `default["glance"]["api"]["auth"]["cache_dir"]` - Defaults to `/var/cache/glance/api`. Directory where `auth_token` middleware writes certificates for glance-api
|
||||
* `default["glance"]["registry"]["auth"]["cache_dir"]` - Defaults to `/var/cache/glance/registry`. Directory where `auth_token` middleware writes certificates for glance-registry
|
||||
* `glance["image_upload"]` - Toggles whether to automatically upload images in the `glance["images"]` array
|
||||
* `glance["images"]` - Default list of images to upload to the glance repository as part of the install
|
||||
* `glance["image]["<imagename>"]` - URL location of the `<imagename>` image. There can be multiple instances of this line to define multiple imagess (eg natty, maverick, fedora17 etc)
|
||||
|
|
|
@ -29,9 +29,6 @@ default["glance"]["debug"] = "False"
|
|||
# This is the name of the Chef role that will install the Keystone Service API
|
||||
default["glance"]["keystone_service_chef_role"] = "keystone"
|
||||
|
||||
default["glance"]["user"] = "glance"
|
||||
default["glance"]["group"] = "glance"
|
||||
|
||||
# Gets set in the Image Endpoint when registering with Keystone
|
||||
default["glance"]["region"] = "RegionOne"
|
||||
|
||||
|
@ -39,25 +36,25 @@ default["glance"]["region"] = "RegionOne"
|
|||
# that Glance uses
|
||||
default["glance"]["rabbit_server_chef_role"] = "rabbitmq-server"
|
||||
|
||||
default["glance"]["db"]["username"] = "glance" # node_attribute
|
||||
default["glance"]["db"]["username"] = "glance"
|
||||
|
||||
default["glance"]["service_tenant_name"] = "service" # node_attribute
|
||||
default["glance"]["service_user"] = "glance" # node_attribute
|
||||
default["glance"]["service_role"] = "admin" # node_attribute
|
||||
default["glance"]["service_tenant_name"] = "service"
|
||||
default["glance"]["service_user"] = "glance"
|
||||
default["glance"]["service_role"] = "admin"
|
||||
|
||||
# Keystone PKI signing directory. Only written to the filter:authtoken section
|
||||
# of the api-paste.ini when node["openstack"]["auth"]["strategy"] == "pki"
|
||||
# Keystone PKI signing directories
|
||||
# XXX keystoneclient wants these dirs to exist even if it doesn't use them
|
||||
default["glance"]["api"]["auth"]["cache_dir"] = "/var/cache/glance/api"
|
||||
default["glance"]["registry"]["auth"]["cache_dir"] = "/var/cache/glance/registry"
|
||||
|
||||
default["glance"]["api"]["default_store"] = "file" # node_attribute
|
||||
default["glance"]["api"]["default_store"] = "file"
|
||||
# If set, glance API service will bind to the address on this interface,
|
||||
# otherwise it will bind to the API endpoint's host.
|
||||
default["glance"]["api"]["bind_interface"] = nil
|
||||
default["glance"]["api"]["swift"]["container"] = "glance" # node_attribute
|
||||
default["glance"]["api"]["swift"]["large_object_size"] = "200" # node_attribute
|
||||
default["glance"]["api"]["swift"]["large_object_chunk_size"] = "200" # node_attribute
|
||||
default["glance"]["api"]["cache"]["image_cache_max_size"] = "10737418240" # node_attribute
|
||||
default["glance"]["api"]["swift"]["container"] = "glance"
|
||||
default["glance"]["api"]["swift"]["large_object_size"] = "200"
|
||||
default["glance"]["api"]["swift"]["large_object_chunk_size"] = "200"
|
||||
default["glance"]["api"]["cache"]["image_cache_max_size"] = "10737418240"
|
||||
|
||||
# Ceph Options
|
||||
default["glance"]["api"]["rbd"]["rbd_store_ceph_conf"] = "/etc/ceph/ceph.conf"
|
||||
|
@ -71,38 +68,56 @@ default["glance"]["api"]["rbd"]["rbd_store_chunk_size"] = "8"
|
|||
default["glance"]["registry"]["bind_interface"] = nil
|
||||
|
||||
# Default Image Locations
|
||||
default["glance"]["image_upload"] = false # node_attribute
|
||||
default["glance"]["images"] = [ "cirros" ] # node_attribute
|
||||
default["glance"]["image"]["precise"] = "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img" # node_attribute
|
||||
default["glance"]["image"]["oneiric"] = "http://cloud-images.ubuntu.com/oneiric/current/oneiric-server-cloudimg-amd64-disk1.img" # node_attribute
|
||||
default["glance"]["image"]["natty"] = "http://cloud-images.ubuntu.com/natty/current/natty-server-cloudimg-amd64-disk1.img" # node_attribute
|
||||
default["glance"]["image"]["cirros"] = "https://launchpadlibrarian.net/83305348/cirros-0.3.0-x86_64-disk.img" # node_attribute
|
||||
default["glance"]["image_upload"] = false
|
||||
default["glance"]["images"] = [ "cirros" ]
|
||||
default["glance"]["image"]["precise"] = "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img"
|
||||
default["glance"]["image"]["oneiric"] = "http://cloud-images.ubuntu.com/oneiric/current/oneiric-server-cloudimg-amd64-disk1.img"
|
||||
default["glance"]["image"]["natty"] = "http://cloud-images.ubuntu.com/natty/current/natty-server-cloudimg-amd64-disk1.img"
|
||||
default["glance"]["image"]["cirros"] = "https://launchpadlibrarian.net/83305348/cirros-0.3.0-x86_64-disk.img"
|
||||
# more images available at https://github.com/rackerjoe/oz-image-build
|
||||
default["glance"]["image"]["centos"] = "http://c250663.r63.cf1.rackcdn.com/centos60_x86_64.qcow2"
|
||||
|
||||
# logging attribute
|
||||
default["glance"]["syslog"]["use"] = false # node_attribute
|
||||
default["glance"]["syslog"]["facility"] = "LOG_LOCAL2" # node_attribute
|
||||
default["glance"]["syslog"]["config_facility"] = "local2" # node_attribute
|
||||
default["glance"]["syslog"]["use"] = false
|
||||
default["glance"]["syslog"]["facility"] = "LOG_LOCAL2"
|
||||
default["glance"]["syslog"]["config_facility"] = "local2"
|
||||
|
||||
# platform-specific settings
|
||||
case platform
|
||||
when "fedora", "redhat", "centos" # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
default["glance"]["user"] = "glance"
|
||||
default["glance"]["group"] = "glance"
|
||||
default["glance"]["platform"] = {
|
||||
"mysql_python_packages" => [ "MySQL-python" ], # node_attribute
|
||||
"glance_packages" => [ "openstack-glance", "openstack-swift", "cronie" ], # node_attribute
|
||||
"glance_api_service" => "openstack-glance-api", # node_attribute
|
||||
"glance_registry_service" => "openstack-glance-registry", # node_attribute
|
||||
"glance_api_process_name" => "glance-api", # node_attribute
|
||||
"package_overrides" => "" # node_attribute
|
||||
"postgresql_python_packages" => [ "python-psycopg2" ],
|
||||
"mysql_python_packages" => [ "MySQL-python" ],
|
||||
"glance_packages" => [ "openstack-glance", "openstack-swift", "cronie" ],
|
||||
"glance_api_service" => "openstack-glance-api",
|
||||
"glance_registry_service" => "openstack-glance-registry",
|
||||
"glance_api_process_name" => "glance-api",
|
||||
"package_overrides" => ""
|
||||
}
|
||||
when "suse"
|
||||
default["glance"]["user"] = "openstack-glance"
|
||||
default["glance"]["group"] = "openstack-glance"
|
||||
default["glance"]["platform"] = {
|
||||
"postgresql_python_packages" => [ "python-psycopg2" ],
|
||||
"mysql_python_packages" => [ "python-mysql" ],
|
||||
"glance_packages" => [ "openstack-glance", "openstack-swift", "python-glanceclient" ],
|
||||
"glance_api_service" => "openstack-glance-api",
|
||||
"glance_registry_service" => "openstack-glance-registry",
|
||||
"glance_api_process_name" => "glance-api",
|
||||
"package_overrides" => ""
|
||||
}
|
||||
when "ubuntu"
|
||||
default["glance"]["user"] = "glance"
|
||||
default["glance"]["group"] = "glance"
|
||||
default["glance"]["platform"] = {
|
||||
"mysql_python_packages" => [ "python-mysqldb" ], # node_attribute
|
||||
"glance_packages" => [ "glance", "python-swift" ], # node_attribute
|
||||
"glance_api_service" => "glance-api", # node_attribute
|
||||
"glance_registry_service" => "glance-registry", # node_attribute
|
||||
"glance_registry_process_name" => "glance-registry", # node_attribute
|
||||
"package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" # node_attribute
|
||||
"postgresql_python_packages" => [ "python-psycopg2" ],
|
||||
"mysql_python_packages" => [ "python-mysqldb" ],
|
||||
"glance_packages" => [ "glance", "python-swift" ],
|
||||
"glance_api_service" => "glance-api",
|
||||
"glance_registry_service" => "glance-registry",
|
||||
"glance_registry_process_name" => "glance-registry",
|
||||
"package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
|
||||
}
|
||||
end
|
||||
|
|
|
@ -9,11 +9,12 @@ recipe "glance::registry", "Installs packages required for a glance r
|
|||
recipe "glance::db", "Creates the Glance registry database"
|
||||
recipe "glance::keystone_registration", "Registers Glance endpoints and service with Keystone"
|
||||
|
||||
%w{ ubuntu fedora redhat centos }.each do |os|
|
||||
%w{ ubuntu fedora redhat centos suse }.each do |os|
|
||||
supports os
|
||||
end
|
||||
|
||||
depends "database"
|
||||
depends "keystone", ">= 2012.2.1"
|
||||
depends "mysql"
|
||||
depends "openstack-common", ">= 0.1.7"
|
||||
suggests "mysql"
|
||||
suggests "postgresql"
|
||||
|
|
|
@ -62,8 +62,6 @@ directory ::File.dirname node["glance"]["api"]["auth"]["cache_dir"] do
|
|||
owner node["glance"]["user"]
|
||||
group node["glance"]["group"]
|
||||
mode 00700
|
||||
|
||||
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
||||
end
|
||||
|
||||
template "/etc/glance/policy.json" do
|
||||
|
@ -146,6 +144,8 @@ template "/etc/glance/glance-api.conf" do
|
|||
:sql_connection => sql_connection,
|
||||
:rabbit_ipaddress => rabbit_info["host"], #FIXME!
|
||||
:glance_flavor => glance_flavor,
|
||||
"identity_endpoint" => identity_endpoint,
|
||||
"service_pass" => service_pass,
|
||||
:swift_store_key => swift_store_key,
|
||||
:swift_user_tenant => swift_user_tenant,
|
||||
:swift_store_user => swift_store_user,
|
||||
|
@ -161,10 +161,6 @@ template "/etc/glance/glance-api-paste.ini" do
|
|||
owner node["glance"]["user"]
|
||||
group node["glance"]["group"]
|
||||
mode 00644
|
||||
variables(
|
||||
"identity_endpoint" => identity_endpoint,
|
||||
"service_pass" => service_pass
|
||||
)
|
||||
|
||||
notifies :restart, "service[glance-api]", :immediately
|
||||
end
|
||||
|
|
|
@ -24,14 +24,7 @@ class ::Chef::Recipe
|
|||
include ::Openstack
|
||||
end
|
||||
|
||||
# TODO(jaypipes): This is retarded, but nothing runs without this. The
|
||||
# database cookbook should handle this crap, but it doesn't. :(
|
||||
include_recipe "mysql::client"
|
||||
include_recipe "mysql::ruby"
|
||||
|
||||
db_pass = db_password "glance"
|
||||
|
||||
db_create_with_user("image",
|
||||
node["glance"]["db"]["username"],
|
||||
db_pass
|
||||
db_password("glance")
|
||||
)
|
||||
|
|
|
@ -66,7 +66,7 @@ keystone_register "Register Service Tenant" do
|
|||
bootstrap_token bootstrap_token
|
||||
tenant_name service_tenant_name
|
||||
tenant_description "Service Tenant"
|
||||
tenant_enabled "true" # Not required as this is the default
|
||||
tenant_enabled true # Not required as this is the default
|
||||
|
||||
action :create_tenant
|
||||
end
|
||||
|
@ -78,7 +78,7 @@ keystone_register "Register #{service_user} User" do
|
|||
tenant_name service_tenant_name
|
||||
user_name service_user
|
||||
user_pass service_pass
|
||||
user_enabled "true" # Not required as this is the default
|
||||
user_enabled true # Not required as this is the default
|
||||
|
||||
action :create_user
|
||||
end
|
||||
|
|
|
@ -43,7 +43,8 @@ package "curl" do
|
|||
action :install
|
||||
end
|
||||
|
||||
platform_options["mysql_python_packages"].each do |pkg|
|
||||
db_type = node['openstack']['db']['identity']['db_type']
|
||||
platform_options["#{db_type}_python_packages"].each do |pkg|
|
||||
package pkg do
|
||||
action :install
|
||||
end
|
||||
|
@ -59,8 +60,6 @@ directory ::File.dirname(node["glance"]["registry"]["auth"]["cache_dir"]) do
|
|||
owner node["glance"]["user"]
|
||||
group node["glance"]["group"]
|
||||
mode 00700
|
||||
|
||||
only_if { node["openstack"]["auth"]["strategy"] == "pki" }
|
||||
end
|
||||
|
||||
service "glance-registry" do
|
||||
|
@ -101,7 +100,9 @@ template "/etc/glance/glance-registry.conf" do
|
|||
variables(
|
||||
:registry_bind_address => bind_address,
|
||||
:registry_port => registry_endpoint.port,
|
||||
:sql_connection => sql_connection
|
||||
:sql_connection => sql_connection,
|
||||
"identity_endpoint" => identity_endpoint,
|
||||
"service_pass" => service_pass
|
||||
)
|
||||
|
||||
notifies :restart, "service[glance-registry]", :immediately
|
||||
|
@ -115,10 +116,6 @@ template "/etc/glance/glance-registry-paste.ini" do
|
|||
owner "root"
|
||||
group "root"
|
||||
mode 00644
|
||||
variables(
|
||||
"identity_endpoint" => identity_endpoint,
|
||||
"service_pass" => service_pass
|
||||
)
|
||||
|
||||
notifies :restart, "service[glance-registry]", :immediately
|
||||
end
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<%= node["glance"]["custom_template_banner"] %>
|
||||
|
||||
# Default minimal pipeline
|
||||
# Use this pipeline for no auth or image caching - DEFAULT
|
||||
[pipeline:glance-api]
|
||||
pipeline = versionnegotiation unauthenticated-context rootapp
|
||||
|
||||
|
@ -55,14 +55,5 @@ paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||
auth_host = <%= @identity_endpoint.host %>
|
||||
auth_port = <%= @identity_endpoint.port %>
|
||||
auth_protocol = <%= @identity_endpoint.scheme %>
|
||||
admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
|
||||
admin_user = <%= node["glance"]["service_user"] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||
delay_auth_decision = true
|
||||
<% if node["openstack"]["auth"]["strategy"] == "pki" -%>
|
||||
signing_dir = <%= node["glance"]["api"]["auth"]["cache_dir"] %>
|
||||
<% end -%>
|
||||
|
|
|
@ -246,5 +246,14 @@ scrubber_datadir = /var/lib/glance/scrubber
|
|||
# Base directory that the Image Cache uses
|
||||
image_cache_dir = /var/lib/glance/image-cache/
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_host = <%= @identity_endpoint.host %>
|
||||
auth_port = <%= @identity_endpoint.port %>
|
||||
auth_protocol = <%= @identity_endpoint.scheme %>
|
||||
admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
|
||||
admin_user = <%= node["glance"]["service_user"] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
signing_dir = <%= node["glance"]["api"]["auth"]["cache_dir"] %>
|
||||
|
||||
[paste_deploy]
|
||||
flavor = <%= @glance_flavor %>
|
||||
|
|
|
@ -1,14 +1,11 @@
|
|||
<%= node["glance"]["custom_template_banner"] %>
|
||||
|
||||
# Default minimal pipeline
|
||||
# Use this pipeline for no auth - DEFAULT
|
||||
[pipeline:glance-registry]
|
||||
pipeline = context registryapp
|
||||
pipeline = unauthenticated-context registryapp
|
||||
|
||||
# Use the following pipeline for keystone auth
|
||||
# i.e. in glance-registry.conf:
|
||||
# [paste_deploy]
|
||||
# flavor = keystone
|
||||
#
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-registry-keystone]
|
||||
pipeline = authtoken context registryapp
|
||||
|
||||
|
@ -16,18 +13,11 @@ pipeline = authtoken context registryapp
|
|||
paste.app_factory = glance.registry.api.v1:API.factory
|
||||
|
||||
[filter:context]
|
||||
context_class = glance.registry.context.RequestContext
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||
auth_host = <%= @identity_endpoint.host %>
|
||||
auth_port = <%= @identity_endpoint.port %>
|
||||
auth_protocol = <%= @identity_endpoint.scheme %>
|
||||
admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
|
||||
admin_user = <%= node["glance"]["service_user"] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||
delay_auth_decision = true
|
||||
<% if node["openstack"]["auth"]["strategy"] == "pki" -%>
|
||||
signing_dir = <%= node["glance"]["registry"]["auth"]["cache_dir"] %>
|
||||
<% end -%>
|
||||
|
|
|
@ -56,5 +56,15 @@ log_file = /var/log/glance/registry.log
|
|||
# Private key file to use when starting registry server securely
|
||||
# key_file = /path/to/keyfile
|
||||
|
||||
# ================= Keystone authtoken ===============================
|
||||
[keystone_authtoken]
|
||||
auth_host = <%= @identity_endpoint.host %>
|
||||
auth_port = <%= @identity_endpoint.port %>
|
||||
auth_protocol = <%= @identity_endpoint.scheme %>
|
||||
admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
|
||||
admin_user = <%= node["glance"]["service_user"] %>
|
||||
admin_password = <%= @service_pass %>
|
||||
signing_dir = <%= node["glance"]["registry"]["auth"]["cache_dir"] %>
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
|
Loading…
Reference in New Issue