Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 1 | ============== |
| 2 | Glance formula |
| 3 | ============== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 4 | |
Jakub Pavlik | 9e85d17 | 2016-05-20 11:13:14 +0200 | [diff] [blame] | 5 | The Glance project provides services for discovering, registering, and |
| 6 | retrieving virtual machine images. Glance has a RESTful API that allows |
| 7 | querying of VM image metadata as well as retrieval of the actual image. |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 8 | |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 9 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 10 | Sample pillars |
| 11 | ============== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 12 | |
| 13 | .. code-block:: yaml |
| 14 | |
| 15 | glance: |
| 16 | server: |
| 17 | enabled: true |
| 18 | version: juno |
Alena Holanova | c1e5131 | 2016-03-22 14:08:44 +0100 | [diff] [blame] | 19 | workers: 8 |
Dmitry Stremkovskiy | e9490cf | 2017-07-11 11:37:44 +0300 | [diff] [blame] | 20 | glance_uid: 302 |
| 21 | glance_gid: 302 |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 22 | policy: |
| 23 | publicize_image: |
| 24 | - "role:admin" |
| 25 | - "role:image_manager" |
| 26 | database: |
| 27 | engine: mysql |
| 28 | host: 127.0.0.1 |
| 29 | port: 3306 |
| 30 | name: glance |
| 31 | user: glance |
| 32 | password: pwd |
| 33 | identity: |
| 34 | engine: keystone |
| 35 | host: 127.0.0.1 |
| 36 | port: 35357 |
| 37 | tenant: service |
| 38 | user: glance |
| 39 | password: pwd |
| 40 | message_queue: |
| 41 | engine: rabbitmq |
| 42 | host: 127.0.0.1 |
| 43 | port: 5672 |
| 44 | user: openstack |
| 45 | password: pwd |
| 46 | virtual_host: '/openstack' |
| 47 | storage: |
| 48 | engine: file |
| 49 | images: |
| 50 | - name: "CirrOS 0.3.1" |
| 51 | format: qcow2 |
| 52 | file: cirros-0.3.1-x86_64-disk.img |
| 53 | source: http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img |
| 54 | public: true |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 55 | audit: |
| 56 | enabled: false |
Simon Pasquier | 2acbef5 | 2017-02-03 15:09:39 +0100 | [diff] [blame] | 57 | api_limit_max: 100 |
| 58 | limit_param_default: 50 |
Oleg Iurchenko | 68ae355 | 2017-10-13 18:40:42 +0300 | [diff] [blame] | 59 | barbican: |
| 60 | enabled: true |
Simon Pasquier | 2acbef5 | 2017-02-03 15:09:39 +0100 | [diff] [blame] | 61 | |
| 62 | The pagination is controlled by the *api_limit_max* and *limit_param_default* |
| 63 | parameters as shown above: |
| 64 | |
| 65 | * *api_limit_max* defines the maximum number of records that the server will |
| 66 | return. |
| 67 | |
| 68 | * *limit_param_default* is the default *limit* parameter that |
| 69 | applies if the request didn't defined it explicitly. |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 70 | |
Dmitry Ukov | 0a228ad | 2017-05-15 13:35:43 +0400 | [diff] [blame] | 71 | Configuration of policy.json file |
| 72 | |
| 73 | .. code-block:: yaml |
| 74 | |
| 75 | glance: |
| 76 | server: |
| 77 | .... |
| 78 | policy: |
| 79 | publicize_image: "role:admin" |
| 80 | # Add key without value to remove line from policy.json |
| 81 | add_member: |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 82 | Keystone and cinder region |
| 83 | |
| 84 | .. code-block:: yaml |
| 85 | |
| 86 | glance: |
| 87 | server: |
| 88 | enabled: true |
| 89 | version: kilo |
| 90 | ... |
| 91 | identity: |
| 92 | engine: keystone |
| 93 | host: 127.0.0.1 |
| 94 | region: RegionTwo |
| 95 | ... |
| 96 | |
| 97 | Ceph integration glance |
| 98 | |
| 99 | .. code-block:: yaml |
| 100 | |
| 101 | glance: |
| 102 | server: |
| 103 | enabled: true |
| 104 | version: juno |
| 105 | storage: |
| 106 | engine: rbd,http |
| 107 | user: glance |
| 108 | pool: images |
| 109 | chunk_size: 8 |
| 110 | client_glance_key: AQDOavlU6BsSJhAAnpFR906mvdgdfRqLHwu0Uw== |
| 111 | |
| 112 | RabbitMQ HA setup |
| 113 | |
| 114 | .. code-block:: yaml |
| 115 | |
| 116 | glance: |
| 117 | server: |
| 118 | .... |
| 119 | message_queue: |
| 120 | engine: rabbitmq |
| 121 | members: |
| 122 | - host: 10.0.16.1 |
| 123 | - host: 10.0.16.2 |
| 124 | - host: 10.0.16.3 |
| 125 | user: openstack |
| 126 | password: pwd |
| 127 | virtual_host: '/openstack' |
| 128 | .... |
| 129 | |
stelucz | df5176a | 2018-01-17 14:42:11 +0100 | [diff] [blame] | 130 | Quota Options |
| 131 | |
| 132 | .. code-block:: yaml |
| 133 | |
| 134 | glance: |
| 135 | server: |
| 136 | .... |
| 137 | quota: |
| 138 | image_member: -1 |
| 139 | image_property: 256 |
| 140 | image_tag: 256 |
| 141 | image_location: 15 |
| 142 | user_storage: 0 |
| 143 | .... |
| 144 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 145 | Configuring TLS communications |
| 146 | ------------------------------ |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 147 | |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 148 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 149 | **Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``. |
| 150 | |
| 151 | |
| 152 | - **RabbitMQ TLS** |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 153 | |
| 154 | .. code-block:: yaml |
| 155 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 156 | glance: |
| 157 | server: |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 158 | message_queue: |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 159 | port: 5671 |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 160 | ssl: |
| 161 | enabled: True |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 162 | (optional) cacert: cert body if the cacert_file does not exists |
| 163 | (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem |
| 164 | (optional) version: TLSv1_2 |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 165 | |
| 166 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 167 | - **MySQL TLS** |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 168 | |
| 169 | .. code-block:: yaml |
| 170 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 171 | glance: |
| 172 | server: |
| 173 | database: |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 174 | ssl: |
| 175 | enabled: True |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 176 | (optional) cacert: cert body if the cacert_file does not exists |
| 177 | (optional) cacert_file: /etc/openstack/mysql-ca.pem |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 178 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 179 | - **Openstack HTTPS API** |
| 180 | |
| 181 | |
| 182 | Set the ``https`` as protocol at ``glance:server`` sections: |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 183 | |
| 184 | .. code-block:: yaml |
| 185 | |
Kirill Bespalov | b558436 | 2017-11-20 16:42:07 +0300 | [diff] [blame] | 186 | glance: |
| 187 | server: |
| 188 | identity: |
| 189 | protocol: https |
| 190 | (optional) cacert_file: /etc/openstack/proxy.pem |
| 191 | registry: |
| 192 | protocol: https |
| 193 | (optional) cacert_file: /etc/openstack/proxy.pem |
| 194 | storage: |
| 195 | engine: cinder, swift |
| 196 | cinder: |
| 197 | protocol: https |
| 198 | (optional) cacert_file: /etc/openstack/proxy.pem |
| 199 | swift: |
| 200 | store: |
| 201 | (optional) cafile: /etc/openstack/proxy.pem |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 202 | |
Kirill Bespalov | 365d243 | 2017-07-28 09:01:04 +0300 | [diff] [blame] | 203 | |
| 204 | |
mnederlof | ad6d624 | 2017-03-30 15:31:15 +0200 | [diff] [blame] | 205 | Enable Glance Image Cache: |
| 206 | |
| 207 | .. code-block:: yaml |
| 208 | |
| 209 | glance: |
| 210 | server: |
| 211 | image_cache: |
| 212 | enabled: true |
| 213 | enable_management: true |
| 214 | directory: /var/lib/glance/image-cache/ |
| 215 | max_size: 21474836480 |
| 216 | .... |
| 217 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 218 | Enable auditing filter (CADF): |
| 219 | |
| 220 | .. code-block:: yaml |
| 221 | |
| 222 | glance: |
| 223 | server: |
| 224 | audit: |
| 225 | enabled: true |
| 226 | .... |
| 227 | filter_factory: 'keystonemiddleware.audit:filter_factory' |
| 228 | map_file: '/etc/pycadf/glance_api_audit_map.conf' |
| 229 | .... |
| 230 | |
RobertJansen1 | 68e84f9 | 2017-03-30 15:45:12 +0200 | [diff] [blame] | 231 | Swift integration glance |
| 232 | |
| 233 | .. code-block:: yaml |
| 234 | |
| 235 | glance: |
| 236 | server: |
| 237 | enabled: true |
| 238 | version: mitaka |
| 239 | storage: |
| 240 | engine: swift,http |
| 241 | swift: |
| 242 | store: |
| 243 | auth: |
| 244 | address: http://keystone.example.com:5000/v2.0 |
| 245 | version: 2 |
| 246 | endpoint_type: publicURL |
| 247 | container: glance |
| 248 | create_container_on_put: true |
| 249 | retry_get_count: 5 |
| 250 | user: 2ec7966596504f59acc3a76b3b9d9291:glance-user |
| 251 | key: someRandomPassword |
| 252 | |
Michel Nederlof | 3a86781 | 2017-05-15 09:46:11 +0200 | [diff] [blame] | 253 | Another way, which also supports multiple swift backends, can be configured like this: |
| 254 | |
| 255 | .. code-block:: yaml |
| 256 | |
| 257 | glance: |
| 258 | server: |
| 259 | enabled: true |
| 260 | version: mitaka |
| 261 | storage: |
| 262 | engine: swift,http |
| 263 | swift: |
| 264 | store: |
| 265 | endpoint_type: publicURL |
| 266 | container: glance |
| 267 | create_container_on_put: true |
| 268 | retry_get_count: 5 |
| 269 | references: |
| 270 | my_objectstore_reference_1: |
| 271 | auth: |
| 272 | address: http://keystone.example.com:5000/v2.0 |
| 273 | version: 2 |
| 274 | user: 2ec7966596504f59acc3a76b3b9d9291:glance-user |
| 275 | key: someRandomPassword |
| 276 | |
Ondrej Smola | e695fe8 | 2017-04-28 12:22:28 +0200 | [diff] [blame] | 277 | Enable CORS parameters |
| 278 | |
| 279 | .. code-block:: yaml |
| 280 | |
| 281 | glance: |
| 282 | server: |
| 283 | cors: |
| 284 | allowed_origin: https:localhost.local,http:localhost.local |
| 285 | expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token |
| 286 | allow_methods: GET,PUT,POST,DELETE,PATCH |
| 287 | allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token |
| 288 | allow_credentials: True |
| 289 | max_age: 86400 |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 290 | |
Michel Nederlof | 3ad5aac | 2017-05-15 09:46:24 +0200 | [diff] [blame] | 291 | Enable Viewing Multiple Locations |
| 292 | --------------------------------- |
| 293 | If you want to expose all locations available (for example when you have |
| 294 | multiple backends configured), then you can configure this like so: |
| 295 | |
| 296 | .. code-block:: yaml |
| 297 | |
| 298 | glance: |
| 299 | server: |
| 300 | show_multiple_locations: True |
| 301 | location_strategy: store_type |
| 302 | store_type_preference: rbd,swift,file |
| 303 | |
| 304 | Please note: the show_multiple_locations option is deprecated since Newton and is planned |
| 305 | to be handled by policy files _only_ starting with the Pike release. |
| 306 | |
| 307 | This feature is convenient in a scenario when you have swift and rbd configured and want to |
| 308 | benefit from rbd enhancements. |
| 309 | |
| 310 | |
Oleg Iurchenko | 68ae355 | 2017-10-13 18:40:42 +0300 | [diff] [blame] | 311 | Barbican integration glance |
| 312 | --------------------------- |
| 313 | |
| 314 | .. code-block:: yaml |
| 315 | |
| 316 | glance: |
| 317 | server: |
| 318 | barbican: |
| 319 | enabled: true |
| 320 | |
| 321 | |
Richard Felkl | 4143a0e | 2017-02-01 23:24:13 +0100 | [diff] [blame] | 322 | Client role |
| 323 | ----------- |
| 324 | |
| 325 | Glance images |
| 326 | |
| 327 | .. code-block:: yaml |
| 328 | |
| 329 | glance: |
| 330 | client: |
| 331 | enabled: true |
| 332 | server: |
| 333 | profile_admin: |
| 334 | image: |
| 335 | cirros-test: |
| 336 | visibility: public |
| 337 | protected: false |
| 338 | location: http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-i386-disk.img |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 339 | |
Dmitry Kalashnik | dd0d028 | 2017-12-06 12:45:31 +0400 | [diff] [blame] | 340 | Enhanced logging with logging.conf |
| 341 | ---------------------------------- |
| 342 | |
| 343 | By default logging.conf is disabled. |
| 344 | |
| 345 | That is possible to enable per-binary logging.conf with new variables: |
| 346 | * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services; |
| 347 | * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services. |
| 348 | |
| 349 | Only WatchedFileHandler and FluentHandler are available. |
| 350 | |
| 351 | Also it is possible to configure this with pillar: |
| 352 | |
| 353 | .. code-block:: yaml |
| 354 | |
| 355 | glance: |
| 356 | server: |
| 357 | logging: |
| 358 | log_appender: true |
| 359 | log_handlers: |
| 360 | watchedfile: |
| 361 | enabled: true |
| 362 | fluentd: |
| 363 | enabled: true |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 364 | |
| 365 | Usage |
| 366 | ===== |
| 367 | |
| 368 | Import new public image |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 369 | |
| 370 | .. code-block:: yaml |
| 371 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 372 | glance image-create --name 'Windows 7 x86_64' --is-public true --container-format bare --disk-format qcow2 < ./win7.qcow2 |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 373 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 374 | Change new image's disk properties |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 375 | |
| 376 | .. code-block:: yaml |
| 377 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 378 | glance image-update "Windows 7 x86_64" --property hw_disk_bus=ide |
Petr Michalec | 86ec014 | 2016-11-29 16:34:15 +0100 | [diff] [blame] | 379 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 380 | Change new image's NIC properties |
Jakub Pavlik | 80a41ea | 2016-03-06 14:33:42 +0100 | [diff] [blame] | 381 | |
| 382 | .. code-block:: yaml |
| 383 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 384 | glance image-update "Windows 7 x86_64" --property hw_vif_model=rtl8139 |
Jakub Pavlik | 80a41ea | 2016-03-06 14:33:42 +0100 | [diff] [blame] | 385 | |
Jiri Konecny | 0456cfa | 2016-04-20 16:47:25 +0200 | [diff] [blame] | 386 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 387 | External links |
| 388 | ============== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 389 | |
| 390 | * http://ceph.com/docs/master/rbd/rbd-openstack/ |
| 391 | |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 392 | |
Jakub Pavlik | 9e85d17 | 2016-05-20 11:13:14 +0200 | [diff] [blame] | 393 | Documentation and Bugs |
Aleš Komárek | e5b388f | 2017-02-06 15:48:57 +0100 | [diff] [blame] | 394 | ====================== |
Filip Pytloun | d681ae2 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 395 | |
Jakub Pavlik | 9e85d17 | 2016-05-20 11:13:14 +0200 | [diff] [blame] | 396 | To learn how to deploy OpenStack Salt, consult the documentation available |
| 397 | online at: |
| 398 | |
| 399 | https://wiki.openstack.org/wiki/OpenStackSalt |
| 400 | |
| 401 | In the unfortunate event that bugs are discovered, they should be reported to |
| 402 | the appropriate bug tracker. If you obtained the software from a 3rd party |
| 403 | operating system vendor, it is often wise to use their own bug tracker for |
| 404 | reporting problems. In all other cases use the master OpenStack bug tracker, |
| 405 | available at: |
| 406 | |
| 407 | http://bugs.launchpad.net/openstack-salt |
| 408 | |
| 409 | Developers wishing to work on the OpenStack Salt project should always base |
| 410 | their work on the latest formulas code, available from the master GIT |
| 411 | repository at: |
| 412 | |
| 413 | https://git.openstack.org/cgit/openstack/salt-formula-glance |
| 414 | |
| 415 | Developers should also join the discussion on the IRC list, at: |
| 416 | |
| 417 | https://wiki.openstack.org/wiki/Meetings/openstack-salt |
Filip Pytloun | e94a0a7 | 2017-02-02 13:02:03 +0100 | [diff] [blame] | 418 | |
| 419 | Documentation and Bugs |
| 420 | ====================== |
| 421 | |
| 422 | To learn how to install and update salt-formulas, consult the documentation |
| 423 | available online at: |
| 424 | |
| 425 | http://salt-formulas.readthedocs.io/ |
| 426 | |
| 427 | In the unfortunate event that bugs are discovered, they should be reported to |
| 428 | the appropriate issue tracker. Use Github issue tracker for specific salt |
| 429 | formula: |
| 430 | |
| 431 | https://github.com/salt-formulas/salt-formula-glance/issues |
| 432 | |
| 433 | For feature requests, bug reports or blueprints affecting entire ecosystem, |
| 434 | use Launchpad salt-formulas project: |
| 435 | |
| 436 | https://launchpad.net/salt-formulas |
| 437 | |
| 438 | You can also join salt-formulas-users team and subscribe to mailing list: |
| 439 | |
| 440 | https://launchpad.net/~salt-formulas-users |
| 441 | |
| 442 | Developers wishing to work on the salt-formulas projects should always base |
| 443 | their work on master branch and submit pull request against specific formula. |
| 444 | |
| 445 | https://github.com/salt-formulas/salt-formula-glance |
| 446 | |
| 447 | Any questions or feedback is always welcome so feel free to join our IRC |
| 448 | channel: |
| 449 | |
| 450 | #salt-formulas @ irc.freenode.net |