openstack/openstack-helm
Code Issues Proposed changes
openstack-helm/glance/values.yaml
Pete Birley 50dc6b1118 Glance: move to use swift backend by default 
This PS moves to use the swift backend for glance by default, which
in the case of OSH is currently served by keystone auth'd radosgw.

This change moves the chart to be inline with the current gates, and
deployments - which have been using swift by default for some time.

Change-Id: Ia9c954ae2bd833e7f449bfdf7c51f8df5c78ba57
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-26 15:55:31 +00:00

865 lines
22 KiB
YAML
Raw Blame History

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for glance.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
# radosgw, rbd, swift or pvc
storage: swift
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
registry:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
release_group: null
images:
tags:
test: docker.io/kolla/ubuntu-source-rally:4.0.0
glance_storage_init: docker.io/port/ceph-config-helper:v1.10.3
db_init: docker.io/openstackhelm/heat:newton
glance_db_sync: docker.io/openstackhelm/glance:newton
db_drop: docker.io/openstackhelm/heat:newton
ks_user: docker.io/openstackhelm/heat:newton
ks_service: docker.io/openstackhelm/heat:newton
ks_endpoints: docker.io/openstackhelm/heat:newton
rabbit_init: docker.io/rabbitmq:3.7-management
glance_api: docker.io/openstackhelm/glance:newton
glance_registry: docker.io/openstackhelm/glance:newton
# Bootstrap image requires curl
bootstrap: docker.io/openstackhelm/heat:newton
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
bootstrap:
enabled: true
ks_user: admin
script: null
structured:
images:
cirros:
id: null
name: "Cirros 0.3.5 64-bit"
source_url: "http://download.cirros-cloud.net/0.3.5/"
image_file: "cirros-0.3.5-x86_64-disk.img"
min_disk: 1
image_type: qcow2
container_format: bare
private: true
properties:
hypervisor_type: "qemu"
os_distro: "cirros"
conf:
rally_tests:
run_tempest: false
tests:
GlanceImages.create_and_delete_image:
- args:
container_format: bare
disk_format: qcow2
image_location: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
GlanceImages.create_and_list_image:
- args:
container_format: bare
disk_format: qcow2
image_location: http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
runner:
concurrency: 1
times: 1
type: constant
sla:
failure_rate:
max: 0
ceph:
monitors: []
admin_keyring: null
override:
append:
ceph_client:
override:
append:
paste:
pipeline:glance-api:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
pipeline:glance-api-caching:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
pipeline:glance-api-cachemanagement:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
pipeline:glance-api-keystone:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
pipeline:glance-api-keystone+caching:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
pipeline:glance-api-keystone+cachemanagement:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
pipeline:glance-api-trusted-auth:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
pipeline:glance-api-trusted-auth+cachemanagement:
pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
composite:rootapp:
paste.composite_factory: glance.api:root_app_factory
/: apiversions
/v1: apiv1app
/v2: apiv2app
app:apiversions:
paste.app_factory: glance.api.versions:create_resource
app:apiv1app:
paste.app_factory: glance.api.v1.router:API.factory
app:apiv2app:
paste.app_factory: glance.api.v2.router:API.factory
filter:healthcheck:
paste.filter_factory: oslo_middleware:Healthcheck.factory
backends: disable_by_file
disable_by_file_path: /etc/glance/healthcheck_disable
filter:versionnegotiation:
paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
filter:cache:
paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
filter:cachemanage:
paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
filter:context:
paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
filter:unauthenticated-context:
paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
delay_auth_decision: true
filter:gzip:
paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
filter:osprofiler:
paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
hmac_keys: SECRET_KEY # DEPRECATED
enabled: yes # DEPRECATED
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: glance
oslo_config_program: glance-api
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
policy:
context_is_admin: role:admin
default: role:admin
add_image: ''
delete_image: ''
get_image: ''
get_images: ''
modify_image: ''
publicize_image: role:admin
copy_from: ''
download_image: ''
upload_image: ''
delete_image_location: ''
get_image_location: ''
set_image_location: ''
add_member: ''
delete_member: ''
get_member: ''
get_members: ''
modify_member: ''
manage_image_cache: role:admin
get_task: role:admin
get_tasks: role:admin
add_task: role:admin
modify_task: role:admin
deactivate: ''
reactivate: ''
get_metadef_namespace: ''
get_metadef_namespaces: ''
modify_metadef_namespace: ''
add_metadef_namespace: ''
get_metadef_object: ''
get_metadef_objects: ''
modify_metadef_object: ''
add_metadef_object: ''
list_metadef_resource_types: ''
get_metadef_resource_type: ''
add_metadef_resource_type_association: ''
get_metadef_property: ''
get_metadef_properties: ''
modify_metadef_property: ''
add_metadef_property: ''
get_metadef_tag: ''
get_metadef_tags: ''
modify_metadef_tag: ''
add_metadef_tag: ''
add_metadef_tags: ''
glance:
DEFAULT:
log_config_append: /etc/glance/logging.conf
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.
bind_port: null
workers: 1
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
glance_store:
rbd_store_chunk_size: 8
rbd_store_pool: glance.images
rbd_store_user: glance
rbd_store_ceph_conf: /etc/ceph/ceph.conf
filesystem_store_datadir: /var/lib/glance/images
default_swift_reference: ref1
swift_store_container: glance
swift_store_create_container_on_put: true
swift_store_config_file: /etc/glance/swift-store.conf
swift_store_endpoint_type: internalURL
paste_deploy:
flavor: keystone
database:
max_retries: -1
oslo_messaging_notifications:
driver: messagingv2
logging:
loggers:
keys:
- root
- glance
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: null
logger_glance:
level: INFO
handlers:
- stdout
- stderr
qualname: glance
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
formatter_default:
format: "%(message)s"
paste_registry:
pipeline:glance-registry:
pipeline: healthcheck osprofiler unauthenticated-context registryapp
pipeline:glance-registry-keystone:
pipeline: healthcheck osprofiler authtoken context registryapp
pipeline:glance-registry-trusted-auth:
pipeline: healthcheck osprofiler context registryapp
app:registryapp:
paste.app_factory: glance.registry.api:API.factory
filter:healthcheck:
paste.filter_factory: oslo_middleware:Healthcheck.factory
backends: disable_by_file
disable_by_file_path: /etc/glance/healthcheck_disable
filter:context:
paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
filter:unauthenticated-context:
paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:osprofiler:
paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
hmac_keys: SECRET_KEY # DEPRECATED
enabled: yes # DEPRECATED
glance_registry:
DEFAULT:
# NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section.
bind_port: null
workers: 1
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
paste_deploy:
flavor: keystone
database:
max_retries: -1
oslo_messaging_notifications:
driver: messagingv2
swift_store: |
[{{ .Values.conf.glance.glance_store.default_swift_reference }}]
{{- if eq .Values.storage "radosgw" }}
auth_version = 1
auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
{{- else }}
user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
key = {{ .Values.endpoints.identity.auth.glance.password }}
auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
auth_version = 3
{{- end -}}
network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "0"
external_policy_local: false
node_port:
enabled: false
port: 30092
registry:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30091
volume:
class_name: general
size: 2Gi
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- glance-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
api:
jobs:
- glance-storage-init
- glance-db-sync
- glance-rabbit-init
- glance-ks-user
- glance-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_messaging
bootstrap:
jobs: null
services:
- endpoint: internal
service: identity
- endpoint: internal
service: image
clean:
jobs: null
db_drop:
services:
- endpoint: internal
service: oslo_db
db_init:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- glance-db-init
services:
- endpoint: internal
service: oslo_db
ks_endpoints:
jobs:
- glance-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
rabbit_init:
services:
- endpoint: internal
service: oslo_messaging
registry:
jobs:
- glance-storage-init
- glance-db-sync
- glance-rabbit-init
- glance-ks-user
- glance-ks-endpoints
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: image
storage_init:
jobs:
- glance-ks-user
services: null
tests:
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: image
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: glance-keystone-admin
glance: glance-keystone-user
test: glance-keystone-test
oslo_db:
admin: glance-db-admin
glance: glance-db-user
rbd: images-rbd-keyring
oslo_messaging:
admin: glance-rabbitmq-admin
glance: glance-rabbitmq-user
# typically overridden by environmental
# values, but should include all endpoints
# required by this chart
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
glance:
role: admin
region_name: RegionOne
username: glance
password: password
project_name: service
user_domain_name: default
project_domain_name: default
test:
role: admin
region_name: RegionOne
username: test
password: password
project_name: test
user_domain_name: default
project_domain_name: default
hosts:
default: keystone-api
public: keystone
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
admin:
default: 35357
api:
default: 80
image:
name: glance
hosts:
default: glance-api
public: glance
host_fqdn_override:
default: null
path:
default: null
scheme:
default: http
port:
api:
default: 9292
public: 80
image_registry:
name: glance-registry
hosts:
default: glance-registry
public: glance-reg
host_fqdn_override:
default: null
path:
default: null
scheme:
default: 'http'
port:
api:
default: 9191
public: 80
oslo_db:
auth:
admin:
username: root
password: password
glance:
username: glance
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /glance
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
oslo_messaging:
auth:
admin:
username: rabbitmq
password: password
glance:
username: glance
password: password
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /glance
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
object_store:
name: swift
namespace: ceph
auth:
glance:
tmpurlkey: supersecret
hosts:
default: ceph-rgw
public: radosgw
host_fqdn_override:
default: null
path:
default: /swift/v1/KEY_$(tenant_id)s
scheme:
default: http
port:
api:
default: 8088
public: 80
ceph_object_store:
name: radosgw
namespace: ceph
auth:
glance:
username: glance
password: password
tmpurlkey: supersecret
hosts:
default: ceph-rgw
public: radosgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
public: 80
fluentd:
namespace: null
name: fluentd
hosts:
default: fluentd-logging
host_fqdn_override:
default: null
path:
default: null
scheme: 'http'
port:
service:
default: 24224
metrics:
default: 24220
pod:
user:
glance:
uid: 42424
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
glance_api:
init_container: null
glance_api:
glance_registry:
init_container: null
glance_registry:
glance_tests:
init_container: null
glance_tests:
replicas:
api: 1
registry: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
registry:
min_available: 0
termination_grace_period:
api:
timeout: 600
registry:
timeout: 600
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
registry:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
storage_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
manifests:
configmap_bin: true
configmap_etc: true
deployment_api: true
deployment_registry: true
ingress_api: true
ingress_registry: true
job_bootstrap: true
job_clean: true
job_db_init: true
job_db_sync: true
job_db_drop: false
job_image_repo_sync: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
job_storage_init: true
job_rabbit_init: true
pdb_api: true
pdb_registry: true
pod_rally_test: true
pvc_images: true
secret_db: true
secret_keystone: true
secret_rabbitmq: true
service_ingress_api: true
service_ingress_registry: true
service_api: true
service_registry: true
View Git Blame Copy Permalink