OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 1 | ===== |
| 2 | Usage |
| 3 | ===== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 4 | |
Jakub Pavlik | 9e85d17 | 2016-05-20 11:13:14 +0200 | [diff] [blame] | 5 | The Glance project provides services for discovering, registering, and |
| 6 | retrieving virtual machine images. Glance has a RESTful API that allows |
| 7 | querying of VM image metadata as well as retrieval of the actual image. |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 8 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 9 | Sample pillars |
| 10 | ============== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 11 | |
| 12 | .. code-block:: yaml |
| 13 | |
| 14 | glance: |
| 15 | server: |
| 16 | enabled: true |
| 17 | version: juno |
Alena Holanova | c1e5131 | 2016-03-22 14:08:44 +0100 | [diff] [blame] | 18 | workers: 8 |
Dmitry Stremkovskiy | e9490cf | 2017-07-11 11:37:44 +0300 | [diff] [blame] | 19 | glance_uid: 302 |
| 20 | glance_gid: 302 |
Alexey V. Abashkin | ae99c21 | 2019-08-26 13:09:36 +0300 | [diff] [blame] | 21 | container_formats: |
| 22 | ami: |
| 23 | enabled: True |
| 24 | ari: |
| 25 | enabled: False |
| 26 | docker: |
| 27 | enabled: True |
| 28 | disk_formats: |
| 29 | vhd: |
| 30 | enabled: False |
| 31 | raw: |
| 32 | enabled: True |
| 33 | qcow2: |
| 34 | enabled: True |
Ivan Berezovskiy | 4f3840e | 2019-11-18 20:30:15 +0400 | [diff] [blame] | 35 | concurrency: |
| 36 | lock_path: '/var/lib/glance/tmp' |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 37 | policy: |
| 38 | publicize_image: |
| 39 | - "role:admin" |
| 40 | - "role:image_manager" |
| 41 | database: |
| 42 | engine: mysql |
| 43 | host: 127.0.0.1 |
| 44 | port: 3306 |
| 45 | name: glance |
| 46 | user: glance |
| 47 | password: pwd |
| 48 | identity: |
| 49 | engine: keystone |
| 50 | host: 127.0.0.1 |
| 51 | port: 35357 |
| 52 | tenant: service |
| 53 | user: glance |
| 54 | password: pwd |
| 55 | message_queue: |
| 56 | engine: rabbitmq |
| 57 | host: 127.0.0.1 |
| 58 | port: 5672 |
| 59 | user: openstack |
| 60 | password: pwd |
| 61 | virtual_host: '/openstack' |
| 62 | storage: |
| 63 | engine: file |
| 64 | images: |
| 65 | - name: "CirrOS 0.3.1" |
| 66 | format: qcow2 |
| 67 | file: cirros-0.3.1-x86_64-disk.img |
| 68 | source: http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img |
| 69 | public: true |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 70 | audit: |
| 71 | enabled: false |
Simon Pasquier | 2acbef5 | 2017-02-03 15:09:39 +0100 | [diff] [blame] | 72 | api_limit_max: 100 |
| 73 | limit_param_default: 50 |
Oleg Iurchenko | 68ae355 | 2017-10-13 18:40:42 +0300 | [diff] [blame] | 74 | barbican: |
| 75 | enabled: true |
Simon Pasquier | 2acbef5 | 2017-02-03 15:09:39 +0100 | [diff] [blame] | 76 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 77 | The pagination is controlled by the ``api_limit_max`` and ``limit_param_default`` |
Simon Pasquier | 2acbef5 | 2017-02-03 15:09:39 +0100 | [diff] [blame] | 78 | parameters as shown above: |
| 79 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 80 | * ``api_limit_max`` |
| 81 | Defines the maximum number of records that the server will return. |
Simon Pasquier | 2acbef5 | 2017-02-03 15:09:39 +0100 | [diff] [blame] | 82 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 83 | * ``limit_param_default`` |
| 84 | The default ``limit`` parameter that applies if the request didn't define |
| 85 | it explicitly. |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 86 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 87 | Configuration of the ``policy.json`` file: |
Dmitry Ukov | 0a228ad | 2017-05-15 13:35:43 +0400 | [diff] [blame] | 88 | |
| 89 | .. code-block:: yaml |
| 90 | |
| 91 | glance: |
| 92 | server: |
| 93 | .... |
| 94 | policy: |
| 95 | publicize_image: "role:admin" |
| 96 | # Add key without value to remove line from policy.json |
| 97 | add_member: |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 98 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 99 | Keystone and cinder region |
| 100 | |
| 101 | .. code-block:: yaml |
| 102 | |
| 103 | glance: |
| 104 | server: |
| 105 | enabled: true |
| 106 | version: kilo |
| 107 | ... |
| 108 | identity: |
| 109 | engine: keystone |
| 110 | host: 127.0.0.1 |
| 111 | region: RegionTwo |
| 112 | ... |
| 113 | |
| 114 | Ceph integration glance |
| 115 | |
| 116 | .. code-block:: yaml |
| 117 | |
| 118 | glance: |
| 119 | server: |
| 120 | enabled: true |
| 121 | version: juno |
| 122 | storage: |
| 123 | engine: rbd,http |
| 124 | user: glance |
| 125 | pool: images |
| 126 | chunk_size: 8 |
| 127 | client_glance_key: AQDOavlU6BsSJhAAnpFR906mvdgdfRqLHwu0Uw== |
| 128 | |
Vasyl Saienko | 8357567 | 2018-07-17 18:34:43 +0300 | [diff] [blame] | 129 | VMWare integration: |
| 130 | |
| 131 | .. code-block:: yaml |
| 132 | |
| 133 | glance: |
| 134 | server |
| 135 | storage: |
| 136 | engine: vmware |
| 137 | default_store: vsphere |
| 138 | vmware: |
| 139 | enabled: true |
| 140 | server_host: 1.2.3.4 |
| 141 | server_username: vmware_username |
| 142 | server_password: vmware_password |
| 143 | datastores: |
| 144 | data1: |
| 145 | name: datastore_name1 |
| 146 | enabled: true |
| 147 | path: datacenter_name |
| 148 | weight: 10 |
| 149 | data2: |
| 150 | name: datastore_name2 |
| 151 | enabled: true |
| 152 | path: datacenter_name |
| 153 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 154 | RabbitMQ HA setup |
| 155 | |
| 156 | .. code-block:: yaml |
| 157 | |
| 158 | glance: |
| 159 | server: |
| 160 | .... |
| 161 | message_queue: |
| 162 | engine: rabbitmq |
| 163 | members: |
| 164 | - host: 10.0.16.1 |
| 165 | - host: 10.0.16.2 |
| 166 | - host: 10.0.16.3 |
| 167 | user: openstack |
| 168 | password: pwd |
| 169 | virtual_host: '/openstack' |
| 170 | .... |
| 171 | |
stelucz | df5176a | 2018-01-17 14:42:11 +0100 | [diff] [blame] | 172 | Quota Options |
| 173 | |
| 174 | .. code-block:: yaml |
| 175 | |
| 176 | glance: |
| 177 | server: |
| 178 | .... |
| 179 | quota: |
| 180 | image_member: -1 |
| 181 | image_property: 256 |
| 182 | image_tag: 256 |
| 183 | image_location: 15 |
| 184 | user_storage: 0 |
| 185 | .... |
| 186 | |
Pavlo Shchelokovskyy | bc22757 | 2020-08-06 16:30:32 +0300 | [diff] [blame] | 187 | Maximum size of image |
| 188 | |
| 189 | .. code-block:: yaml |
| 190 | |
| 191 | glance: |
| 192 | server: |
| 193 | .... |
| 194 | image_size_cap: 2199023255552 # 2TB, twice current default |
| 195 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 196 | Configuring TLS communications |
| 197 | ------------------------------ |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 198 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 199 | .. note:: By default, system wide installed CA certs are used, so |
| 200 | ``cacert_file`` param is optional, as well as ``cacert``. |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 201 | |
| 202 | - **RabbitMQ TLS** |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 203 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 204 | .. code-block:: yaml |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 205 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 206 | glance: |
| 207 | server: |
| 208 | message_queue: |
| 209 | port: 5671 |
| 210 | ssl: |
| 211 | enabled: True |
| 212 | (optional) cacert: cert body if the cacert_file does not exists |
| 213 | (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem |
| 214 | (optional) version: TLSv1_2 |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 215 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 216 | - **MySQL TLS** |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 217 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 218 | .. code-block:: yaml |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 219 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 220 | glance: |
| 221 | server: |
| 222 | database: |
| 223 | ssl: |
| 224 | enabled: True |
| 225 | (optional) cacert: cert body if the cacert_file does not exists |
| 226 | (optional) cacert_file: /etc/openstack/mysql-ca.pem |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 227 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 228 | - **Openstack HTTPS API** |
| 229 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 230 | Set the ``https`` as protocol at ``glance:server`` sections: |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 231 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 232 | .. code-block:: yaml |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 233 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 234 | glance: |
| 235 | server: |
| 236 | identity: |
| 237 | protocol: https |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 238 | (optional) cacert_file: /etc/openstack/proxy.pem |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 239 | registry: |
| 240 | protocol: https |
| 241 | (optional) cacert_file: /etc/openstack/proxy.pem |
| 242 | storage: |
| 243 | engine: cinder, swift |
| 244 | cinder: |
| 245 | protocol: https |
| 246 | (optional) cacert_file: /etc/openstack/proxy.pem |
| 247 | swift: |
| 248 | store: |
| 249 | (optional) cafile: /etc/openstack/proxy.pem |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 250 | |
mnederlof | ad6d624 | 2017-03-30 15:31:15 +0200 | [diff] [blame] | 251 | Enable Glance Image Cache: |
| 252 | |
| 253 | .. code-block:: yaml |
| 254 | |
| 255 | glance: |
| 256 | server: |
| 257 | image_cache: |
| 258 | enabled: true |
| 259 | enable_management: true |
| 260 | directory: /var/lib/glance/image-cache/ |
| 261 | max_size: 21474836480 |
| 262 | .... |
| 263 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 264 | Enable auditing filter (CADF): |
| 265 | |
| 266 | .. code-block:: yaml |
| 267 | |
| 268 | glance: |
| 269 | server: |
| 270 | audit: |
| 271 | enabled: true |
| 272 | .... |
| 273 | filter_factory: 'keystonemiddleware.audit:filter_factory' |
| 274 | map_file: '/etc/pycadf/glance_api_audit_map.conf' |
| 275 | .... |
| 276 | |
RobertJansen1 | 68e84f9 | 2017-03-30 15:45:12 +0200 | [diff] [blame] | 277 | Swift integration glance |
| 278 | |
| 279 | .. code-block:: yaml |
| 280 | |
| 281 | glance: |
| 282 | server: |
| 283 | enabled: true |
| 284 | version: mitaka |
| 285 | storage: |
| 286 | engine: swift,http |
| 287 | swift: |
| 288 | store: |
| 289 | auth: |
| 290 | address: http://keystone.example.com:5000/v2.0 |
| 291 | version: 2 |
| 292 | endpoint_type: publicURL |
| 293 | container: glance |
| 294 | create_container_on_put: true |
| 295 | retry_get_count: 5 |
| 296 | user: 2ec7966596504f59acc3a76b3b9d9291:glance-user |
| 297 | key: someRandomPassword |
| 298 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 299 | Another way, which also supports multiple swift backends, can be |
| 300 | configured like this: |
Michel Nederlof | 3a86781 | 2017-05-15 09:46:11 +0200 | [diff] [blame] | 301 | |
| 302 | .. code-block:: yaml |
| 303 | |
| 304 | glance: |
| 305 | server: |
| 306 | enabled: true |
| 307 | version: mitaka |
| 308 | storage: |
| 309 | engine: swift,http |
| 310 | swift: |
| 311 | store: |
| 312 | endpoint_type: publicURL |
| 313 | container: glance |
| 314 | create_container_on_put: true |
| 315 | retry_get_count: 5 |
| 316 | references: |
| 317 | my_objectstore_reference_1: |
| 318 | auth: |
| 319 | address: http://keystone.example.com:5000/v2.0 |
| 320 | version: 2 |
| 321 | user: 2ec7966596504f59acc3a76b3b9d9291:glance-user |
| 322 | key: someRandomPassword |
| 323 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 324 | Enable CORS parameters: |
Ondrej Smola | e695fe8 | 2017-04-28 12:22:28 +0200 | [diff] [blame] | 325 | |
| 326 | .. code-block:: yaml |
| 327 | |
| 328 | glance: |
| 329 | server: |
| 330 | cors: |
| 331 | allowed_origin: https:localhost.local,http:localhost.local |
| 332 | expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token |
| 333 | allow_methods: GET,PUT,POST,DELETE,PATCH |
| 334 | allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token |
| 335 | allow_credentials: True |
| 336 | max_age: 86400 |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 337 | |
Michel Nederlof | 3ad5aac | 2017-05-15 09:46:24 +0200 | [diff] [blame] | 338 | Enable Viewing Multiple Locations |
| 339 | --------------------------------- |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 340 | |
Michel Nederlof | 3ad5aac | 2017-05-15 09:46:24 +0200 | [diff] [blame] | 341 | If you want to expose all locations available (for example when you have |
| 342 | multiple backends configured), then you can configure this like so: |
| 343 | |
| 344 | .. code-block:: yaml |
| 345 | |
| 346 | glance: |
| 347 | server: |
| 348 | show_multiple_locations: True |
| 349 | location_strategy: store_type |
| 350 | store_type_preference: rbd,swift,file |
| 351 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 352 | .. note:: The ``show_multiple_locations`` option is deprecated since |
| 353 | Newton and is planned to be handled by policy files *only* |
| 354 | starting with the Pike release. |
Michel Nederlof | 3ad5aac | 2017-05-15 09:46:24 +0200 | [diff] [blame] | 355 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 356 | This feature is convenient in a scenario when you have swift and rbd |
| 357 | configured and want to benefit from rbd enhancements. |
Michel Nederlof | 3ad5aac | 2017-05-15 09:46:24 +0200 | [diff] [blame] | 358 | |
Oleg Iurchenko | 68ae355 | 2017-10-13 18:40:42 +0300 | [diff] [blame] | 359 | Barbican integration glance |
| 360 | --------------------------- |
| 361 | |
| 362 | .. code-block:: yaml |
| 363 | |
| 364 | glance: |
| 365 | server: |
| 366 | barbican: |
| 367 | enabled: true |
| 368 | |
sgarbuz | 2d39f41 | 2018-08-27 10:44:31 +0300 | [diff] [blame] | 369 | Adding cron-job |
| 370 | --------------- |
| 371 | |
| 372 | .. code-block:: yaml |
| 373 | |
| 374 | glance: |
| 375 | server: |
| 376 | cron: |
| 377 | cache_pruner: |
| 378 | special_period: '@daily' |
| 379 | cache_cleaner: |
| 380 | hour: '5' |
| 381 | minute: '30' |
Oleksandr Bryndzii | f87ae00 | 2019-04-24 13:20:57 +0300 | [diff] [blame] | 382 | daymonth: '\*/2' |
sgarbuz | 2d39f41 | 2018-08-27 10:44:31 +0300 | [diff] [blame] | 383 | |
| 384 | |
| 385 | Image cache settings |
| 386 | -------------------- |
| 387 | |
| 388 | .. code-block:: yaml |
| 389 | |
| 390 | glance: |
| 391 | server: |
| 392 | image_cache: |
| 393 | max_size: 10737418240 |
| 394 | stall_time: 86400 |
| 395 | directory: '/var/lib/glance/image-cache/' |
| 396 | |
Oleg Iurchenko | 68ae355 | 2017-10-13 18:40:42 +0300 | [diff] [blame] | 397 | |
Richard Felkl | 4143a0e | 2017-02-01 23:24:13 +0100 | [diff] [blame] | 398 | Client role |
| 399 | ----------- |
| 400 | |
| 401 | Glance images |
| 402 | |
| 403 | .. code-block:: yaml |
| 404 | |
| 405 | glance: |
| 406 | client: |
| 407 | enabled: true |
| 408 | server: |
| 409 | profile_admin: |
| 410 | image: |
| 411 | cirros-test: |
| 412 | visibility: public |
| 413 | protected: false |
| 414 | location: http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-i386-disk.img |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 415 | |
Dmitry Kalashnik | dd0d028 | 2017-12-06 12:45:31 +0400 | [diff] [blame] | 416 | Enhanced logging with logging.conf |
| 417 | ---------------------------------- |
| 418 | |
| 419 | By default logging.conf is disabled. |
| 420 | |
| 421 | That is possible to enable per-binary logging.conf with new variables: |
Dmitry Kalashnik | dd0d028 | 2017-12-06 12:45:31 +0400 | [diff] [blame] | 422 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 423 | * ``openstack_log_appender`` |
| 424 | Set to true to enable ``log_config_append`` for all OpenStack services |
Dmitry Kalashnik | dd0d028 | 2017-12-06 12:45:31 +0400 | [diff] [blame] | 425 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 426 | * ``openstack_fluentd_handler_enabled`` |
| 427 | Set to true to enable FluentHandler for all Openstack services |
| 428 | |
| 429 | * ``openstack_ossyslog_handler_enabled`` |
| 430 | Set to true to enable OSSysLogHandler for all Openstack services |
| 431 | |
| 432 | Only ``WatchedFileHandler``, ``OSSysLogHandler``, and ``FluentHandler`` |
| 433 | are available. |
| 434 | |
| 435 | Also, it is possible to configure this with pillar: |
Dmitry Kalashnik | dd0d028 | 2017-12-06 12:45:31 +0400 | [diff] [blame] | 436 | |
| 437 | .. code-block:: yaml |
| 438 | |
| 439 | glance: |
| 440 | server: |
| 441 | logging: |
| 442 | log_appender: true |
| 443 | log_handlers: |
| 444 | watchedfile: |
| 445 | enabled: true |
| 446 | fluentd: |
| 447 | enabled: true |
Oleksii Chupryn | 90a2e64 | 2018-02-06 19:53:06 +0200 | [diff] [blame] | 448 | ossyslog: |
| 449 | enabled: true |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 450 | |
Oleksandr Shyshko | 75e3d68 | 2018-09-07 14:07:57 +0300 | [diff] [blame] | 451 | Enable x509 and ssl communication between Glance and Galera cluster. |
| 452 | --------------------- |
| 453 | By default communication between Glance and Galera is unsecure. |
| 454 | |
| 455 | glance: |
| 456 | server: |
| 457 | database: |
| 458 | x509: |
| 459 | enabled: True |
| 460 | |
| 461 | You able to set custom certificates in pillar: |
| 462 | |
| 463 | glance: |
| 464 | server: |
| 465 | database: |
| 466 | x509: |
| 467 | cacert: (certificate content) |
| 468 | cert: (certificate content) |
| 469 | key: (certificate content) |
| 470 | |
| 471 | You can read more about it here: |
| 472 | https://docs.openstack.org/security-guide/databases/database-access-control.html |
| 473 | |
Oleksandr Bryndzii | c69e8c8 | 2018-09-28 23:27:30 +0000 | [diff] [blame] | 474 | Glance services on controller node with memcached caching and security strategy: |
| 475 | |
| 476 | .. code-block:: yaml |
| 477 | |
| 478 | glance: |
| 479 | server: |
| 480 | enabled: true |
| 481 | ... |
| 482 | cache: |
| 483 | engine: memcached |
| 484 | members: |
| 485 | - host: 127.0.0.1 |
| 486 | port: 11211 |
| 487 | - host: 127.0.0.1 |
| 488 | port: 11211 |
| 489 | security: |
| 490 | enabled: true |
| 491 | strategy: ENCRYPT |
| 492 | secret_key: secret |
| 493 | |
Oleksandr Bryndzii | dcf245d | 2018-10-24 19:10:05 +0300 | [diff] [blame] | 494 | Show all image locations when returning an image. This configuration option indicates |
| 495 | whether to show all the image locations when returning image details to the user. |
| 496 | |
| 497 | .. code-block:: yaml |
| 498 | |
| 499 | glance: |
| 500 | server: |
| 501 | enabled: true |
| 502 | ... |
| 503 | show_multiple_locations: True |
| 504 | |
Martin Polreich | 39511ef | 2019-12-17 10:49:01 +0100 | [diff] [blame] | 505 | Change default resource quotas using configmap template settings: |
| 506 | ----------------------------------------------------------------- |
Oleksandr Bryndzii | f87ae00 | 2019-04-24 13:20:57 +0300 | [diff] [blame] | 507 | |
| 508 | .. code-block:: yaml |
| 509 | |
| 510 | glance: |
| 511 | server: |
| 512 | configmap: |
| 513 | glace_api: |
| 514 | DEFAULT: |
Oleksandr Bryndzii | ea82e3d | 2019-05-15 12:18:30 +0300 | [diff] [blame] | 515 | image_member_quota: 128 |
| 516 | image_property_quota: 128 |
| 517 | image_tag_quota: 128 |
| 518 | image_location_quota: 10 |
| 519 | user_storage_quota: 0 |
Oleksandr Bryndzii | f87ae00 | 2019-04-24 13:20:57 +0300 | [diff] [blame] | 520 | glace_registry: |
| 521 | DEFAULT: |
Oleksandr Bryndzii | ea82e3d | 2019-05-15 12:18:30 +0300 | [diff] [blame] | 522 | image_member_quota: 128 |
| 523 | image_property_quota: 128 |
| 524 | image_tag_quota: 128 |
| 525 | image_location_quota: 10 |
| 526 | user_storage_quota: 0 |
Oleksandr Bryndzii | f87ae00 | 2019-04-24 13:20:57 +0300 | [diff] [blame] | 527 | |
Martin Polreich | 39511ef | 2019-12-17 10:49:01 +0100 | [diff] [blame] | 528 | Change default service policy configuration: |
| 529 | -------------------------------------------- |
| 530 | |
| 531 | .. code-block:: yaml |
| 532 | |
| 533 | glance: |
| 534 | server: |
| 535 | policy: |
| 536 | manage_image_cache: 'role:admin' |
| 537 | get_task: 'role:admin' |
| 538 | # Add key without value to remove line from policy.json |
| 539 | modify_member: |
| 540 | |
| 541 | |
Taras Khlivnyak | 43cceaf | 2021-08-19 13:51:17 +0300 | [diff] [blame^] | 542 | Change files/directories permissions for glance service: |
| 543 | ======================================= |
| 544 | In order to change file permissions the following should be set: |
| 545 | |
| 546 | 'files' - block to set permissions for files. |
| 547 | - full path to file |
| 548 | - user ( default value is 'root' ) this parameter is optional. |
| 549 | - group ( default value is 'glance' ) this parameter is optional |
| 550 | - mode ( default value is '0640' ) this parameter is optional |
| 551 | |
| 552 | 'directories' - block to set permissions for directories. |
| 553 | - full path to directory |
| 554 | - user ( default value is 'root' ) this parameter is optional |
| 555 | - group ( default value is 'glance' ) this parameter is optional |
| 556 | - mode ( default value is '0750' ) this parameter is optional |
| 557 | |
| 558 | .. code-block:: yaml |
| 559 | |
| 560 | glance: |
| 561 | files: |
| 562 | /etc/glance/glance.conf: |
| 563 | user: 'root' |
| 564 | group: 'glance' |
| 565 | mode: '0750' |
| 566 | directories: |
| 567 | /etc/glance: |
| 568 | user: 'root' |
| 569 | group: 'glance' |
| 570 | mode: '0750' |
| 571 | |
| 572 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 573 | Usage |
| 574 | ===== |
| 575 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 576 | #. Import new public image: |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 577 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 578 | .. code-block:: yaml |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 579 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 580 | glance image-create --name 'Windows 7 x86_64' --is-public true --container-format bare --disk-format qcow2 < ./win7.qcow2 |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 581 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 582 | #. Change new image's disk properties |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 583 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 584 | .. code-block:: yaml |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 585 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 586 | glance image-update "Windows 7 x86_64" --property hw_disk_bus=ide |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 587 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 588 | #. Change new image's NIC properties |
Jakub Pavlik | 80a41ea | 2016-03-06 14:33:42 +0100 | [diff] [blame] | 589 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 590 | .. code-block:: yaml |
Jakub Pavlik | 80a41ea | 2016-03-06 14:33:42 +0100 | [diff] [blame] | 591 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 592 | glance image-update "Windows 7 x86_64" --property hw_vif_model=rtl8139 |
Jakub Pavlik | 80a41ea | 2016-03-06 14:33:42 +0100 | [diff] [blame] | 593 | |
Vasyl Saienko | 2718583 | 2018-09-10 10:36:00 +0000 | [diff] [blame] | 594 | Upgrades |
| 595 | ======== |
| 596 | |
| 597 | Each openstack formula provide set of phases (logical bloks) that will help to |
| 598 | build flexible upgrade orchestration logic for particular components. The list |
| 599 | of phases and theirs descriptions are listed in table below: |
| 600 | |
| 601 | +-------------------------------+------------------------------------------------------+ |
| 602 | | State | Description | |
| 603 | +===============================+======================================================+ |
| 604 | | <app>.upgrade.service_running | Ensure that all services for particular application | |
| 605 | | | are enabled for autostart and running | |
| 606 | +-------------------------------+------------------------------------------------------+ |
| 607 | | <app>.upgrade.service_stopped | Ensure that all services for particular application | |
| 608 | | | disabled for autostart and dead | |
| 609 | +-------------------------------+------------------------------------------------------+ |
| 610 | | <app>.upgrade.pkgs_latest | Ensure that packages used by particular application | |
| 611 | | | are installed to latest available version. | |
| 612 | | | This will not upgrade data plane packages like qemu | |
| 613 | | | and openvswitch as usually minimal required version | |
| 614 | | | in openstack services is really old. The data plane | |
| 615 | | | packages should be upgraded separately by `apt-get | |
| 616 | | | upgrade` or `apt-get dist-upgrade` | |
| 617 | | | Applying this state will not autostart service. | |
| 618 | +-------------------------------+------------------------------------------------------+ |
| 619 | | <app>.upgrade.render_config | Ensure configuration is rendered actual version. + |
| 620 | +-------------------------------+------------------------------------------------------+ |
| 621 | | <app>.upgrade.pre | We assume this state is applied on all nodes in the | |
| 622 | | | cloud before running upgrade. | |
| 623 | | | Only non destructive actions will be applied during | |
| 624 | | | this phase. Perform service built in service check | |
| 625 | | | like (keystone-manage doctor and nova-status upgrade)| |
| 626 | +-------------------------------+------------------------------------------------------+ |
| 627 | | <app>.upgrade.upgrade.pre | Mostly applicable for data plane nodes. During this | |
| 628 | | | phase resources will be gracefully removed from | |
| 629 | | | current node if it is allowed. Services for upgraded | |
| 630 | | | application will be set to admin disabled state to | |
| 631 | | | make sure node will not participate in resources | |
| 632 | | | scheduling. For example on gtw nodes this will set | |
| 633 | | | all agents to admin disable state and will move all | |
| 634 | | | routers to other agents. | |
| 635 | +-------------------------------+------------------------------------------------------+ |
| 636 | | <app>.upgrade.upgrade | This state will basically upgrade application on | |
| 637 | | | particular target. Stop services, render | |
| 638 | | | configuration, install new packages, run offline | |
| 639 | | | dbsync (for ctl), start services. Data plane should | |
| 640 | | | not be affected, only OpenStack python services. | |
| 641 | +-------------------------------+------------------------------------------------------+ |
| 642 | | <app>.upgrade.upgrade.post | Add services back to scheduling. | |
| 643 | +-------------------------------+------------------------------------------------------+ |
| 644 | | <app>.upgrade.post | This phase should be launched only when upgrade of | |
| 645 | | | the cloud is completed. Cleanup temporary files, | |
| 646 | | | perform other post upgrade tasks. | |
| 647 | +-------------------------------+------------------------------------------------------+ |
| 648 | | <app>.upgrade.verify | Here we will do basic health checks (API CRUD | |
| 649 | | | operations, verify do not have dead network | |
| 650 | | | agents/compute services) | |
| 651 | +-------------------------------+------------------------------------------------------+ |
| 652 | |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 653 | |
OlgaGusarenko | 87eb284 | 2018-07-30 17:51:09 +0300 | [diff] [blame] | 654 | Read more |
| 655 | ========== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 656 | |
| 657 | * http://ceph.com/docs/master/rbd/rbd-openstack/ |