Switch horizon to direct upload mode to glance
This patch switches horizon to direct upload mode to glance.
It will prevent horizon from caching user image on proxy node.
Disable caching for glance site on proxy node.
Enable CORS in glance with allowed origins set to horizon URL.
Parametrize horizon proxy settins:
* horizon_public_host
* horizon_public_port
* horizon_public_protocol
Related-Prod: PROD-24536
Change-Id: Ie2ff8b58c352584d076e0c85bd033dc8fe52ee89
diff --git a/defaults/init.yml b/defaults/init.yml
index 7b47ac6..803df1f 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -30,3 +30,5 @@
# Other
salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+ # Make sure this global variable is defined everywhere, where used it is already set on cluster level
+ cluster_public_host: '127.0.0.1'
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 1c864e5..eedc587 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -18,6 +18,8 @@
# Glance
glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
glance_memcache_secret_key: ''
+ # Allow CORS from horizon, needed for direct upload
+ glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
# Heat
heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
heat_memcache_secret_key: ''
@@ -44,4 +46,8 @@
apache_mods_status_status: 'disabled'
# Horizon
# 'direct' mode will require cors on glance side to be enabled.
- horizon_images_upload_mode: 'legacy'
+ horizon_images_upload_mode: 'direct'
+ # TODO (vsaineko): switch to openstack_cluster_public_host
+ horizon_public_host: ${_param:cluster_public_host}
+ horizon_public_port: 443
+ horizon_public_protocol: https
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index 0c17ac8..8b4f40c 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -36,6 +36,8 @@
cert_file: ${_param:mysql_glance_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ cors:
+ allowed_origin: ${_param:glance_cors_allowed_origin}
registry:
host: ${_param:cluster_vip_address}
port: 9191
diff --git a/nginx/server/proxy/openstack/glance.yml b/nginx/server/proxy/openstack/glance.yml
index 9cdd702..d8ef4a5 100644
--- a/nginx/server/proxy/openstack/glance.yml
+++ b/nginx/server/proxy/openstack/glance.yml
@@ -20,6 +20,8 @@
port: 9292
protocol: ${_param:nginx_proxy_openstack_glance_protocol}
size: ${_param:nginx_proxy_openstack_glance_image_size}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9292
diff --git a/nginx/server/proxy/openstack_web.yml b/nginx/server/proxy/openstack_web.yml
index b85527f..a9a4894 100644
--- a/nginx/server/proxy/openstack_web.yml
+++ b/nginx/server/proxy/openstack_web.yml
@@ -25,9 +25,9 @@
buffer:
${_param:nginx_proxy_openstack_web_buffer_size}
host:
- name: ${_param:nginx_proxy_openstack_web_host}
- port: 443
- protocol: https
+ name: ${_param:horizon_public_host}
+ port: ${_param:horizon_public_port}
+ protocol: ${_param:horizon_public_protocol}
ssl: ${_param:nginx_proxy_ssl}
nginx_ssl_redirect_openstack_web:
enabled: true