diff --git a/doc/releasenotes/notes/removed-glance-host-port-protocol-dc6e682097ba398f.yaml b/doc/releasenotes/notes/removed-glance-host-port-protocol-dc6e682097ba398f.yaml new file mode 100644 index 0000000000..75b76fc26c --- /dev/null +++ b/doc/releasenotes/notes/removed-glance-host-port-protocol-dc6e682097ba398f.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + Deprecated options ``glance_host``, ``glance_port`` and ``glance_protocol`` + from ``[glance]`` section of ironic configuration file were removed and + will be ignored. + Please use ``[glance]/glance_api_servers`` options to provide specific + addresses for the Image service endpoint when its discovery from keystone + service catalog is not desired. diff --git a/doc/source/admin/report.txt b/doc/source/admin/report.txt index fb5aa8ad8b..9100e573b7 100644 --- a/doc/source/admin/report.txt +++ b/doc/source/admin/report.txt @@ -370,10 +370,7 @@ glance: glance_api_insecure = False glance_api_servers = None glance_cafile = None - glance_host = 10.223.197.220 glance_num_retries = 0 - glance_port = 9292 - glance_protocol = http insecure = False keyfile = None swift_account = AUTH_cb13c4492d124b01b4659a97d627955c diff --git a/doc/source/install/enabling-https.rst b/doc/source/install/enabling-https.rst index 3369e3d955..38da170a28 100644 --- a/doc/source/install/enabling-https.rst +++ b/doc/source/install/enabling-https.rst @@ -73,13 +73,20 @@ To enable secure HTTPS communication between Bare Metal service and Image servic [glance] ... glance_cafile=/path/to/certfile - glance_protocol=https - glance_api_insecure=False .. note:: 'glance_cafile' is a optional path to a CA certificate bundle to be used to validate the SSL certificate served by Image service. +#. If not using the keystone service catalog for the Image service API endpoint + discovery, also edit the ``glance_api_servers`` option to point to HTTPS URL + of image service (replace ```` with hostname[:port][path] + of the Image service endpoint):: + + [glance] + ... + glance_api_servers = https:// + #. Restart ironic-conductor service:: Fedora/RHEL7/CentOS7/SUSE: diff --git a/doc/source/install/include/configure-ironic-conductor.rst b/doc/source/install/include/configure-ironic-conductor.rst index cd7a169b27..f187157ae3 100644 --- a/doc/source/install/include/configure-ironic-conductor.rst +++ b/doc/source/install/include/configure-ironic-conductor.rst @@ -16,18 +16,6 @@ Configuring ironic-conductor service If a conductor host has multiple IPs, ``my_ip`` should be set to the IP which is on the same network as the bare metal nodes. -#. Configure the ironic-api service URL. Replace ``IRONIC_API_IP`` with IP of - ironic-api service as follows: - - .. code-block:: ini - - [conductor] - - # URL of Ironic API service. If not set ironic can get the - # current value from the keystone service catalog. (string - # value) - api_url=http://IRONIC_API_IP:6385 - #. Configure the location of the database. Ironic-conductor should use the same configuration as ironic-api. Replace ``IRONIC_DBPASSWORD`` with the password of your ``ironic`` user, and replace DB_IP with the IP address where the DB @@ -54,35 +42,6 @@ Configuring ironic-conductor service # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ -#. Configure the ironic-conductor service so that it can communicate with the - Image service. Replace ``GLANCE_IP`` with the hostname or IP address of - the Image service: - - .. code-block:: ini - - [glance] - - # Default glance hostname or IP address. (string value) - glance_host=GLANCE_IP - - .. note:: - Swift backend for the Image service must be installed and configured - for ``agent_*`` drivers. Ceph Object Gateway (RADOS Gateway) is also - supported as the Image service's backend (:ref:`radosgw support`). - -#. Set the URL (replace ``NEUTRON_IP``) for connecting to the Networking - service, to be the Networking service endpoint: - - .. code-block:: ini - - [neutron] - - # URL for connecting to neutron. (string value) - url=http://NEUTRON_IP:9696 - - To configure the network for ironic-conductor service to perform node - cleaning, see :ref:`cleaning` from the admin guide. - #. Configure credentials for accessing other OpenStack services. In order to communicate with other OpenStack services, the Bare Metal @@ -157,6 +116,58 @@ Configuring ironic-conductor service # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem +#. Notes for configuring the Image service access + + .. note:: + Swift backend for the Image service must be installed and configured + for ``agent_*`` drivers. Ceph Object Gateway (RADOS Gateway) is also + supported as the Image service's backend (:ref:`radosgw support`). + + Configure the ironic-conductor service to use specific Image service + endpoints - only if you do not want to use Image service endpoint discovery + from the keystone service catalog. + Replace ```` with the address of the image service API: + + .. code-block:: ini + + [glance] + glance_api_servers = + + +#. Notes for configuring the Network service access + + .. note:: + To configure the network for ironic-conductor service to perform node + cleaning, see :ref:`cleaning` from the admin guide. + + Set a specific URL (replace ``NETWORKING_SERVICE_ENDPOINT``) + for connecting to the Networking service, to be the Networking + service endpoint - only for the case when you do not want to use + discovery of Networking service endpoint from keystone service catalog: + + .. code-block:: ini + + [neutron] + + # URL for connecting to neutron. (string value) + url= + +#. Configure a specific ironic-api service URL - only if you do not want + to use discovery of the Baremetal service endpoint from keystone catalog + (for example when having deployed two separate pools of ironic-api services + for security reasons). + Replace ``IRONIC_API_IP`` with IP of specific ironic-api service as follows: + + .. code-block:: ini + + [conductor] + + # URL of Ironic API service. If not set ironic can get the + # current value from the keystone service catalog. (string + # value) + endpoint_override=http://IRONIC_API_IP:6385 + + #. Configure enabled drivers and hardware types as described in :doc:`/install/enabling-drivers`. diff --git a/etc/ironic/ironic.conf.sample b/etc/ironic/ironic.conf.sample index 030d1c493f..515d078d12 100644 --- a/etc/ironic/ironic.conf.sample +++ b/etc/ironic/ironic.conf.sample @@ -1541,9 +1541,9 @@ # A list of the glance api servers available to ironic. Prefix # with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. If neither this option nor glance_host -# is set, the service catalog is used. It is recommended to -# rely on the service catalog, if possible. (list value) +# [hostname|IP]:port. If this option is not set, the service +# catalog is used. It is recommended to rely on the service +# catalog, if possible. (list value) #glance_api_servers = # DEPRECATED: Glance API version (1 or 2) to use. (integer @@ -1561,33 +1561,10 @@ # when glance_api_insecure is set to False. (string value) #glance_cafile = -# DEPRECATED: Default glance hostname or IP address. The -# service catalog is used when not defined. Deprecated, use -# glance_api_servers instead. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#glance_host = - # Number of retries when downloading an image from glance. # (integer value) #glance_num_retries = 0 -# DEPRECATED: Default glance port. Deprecated, use -# glance_api_servers instead. (port value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#glance_port = 9292 - -# DEPRECATED: Default protocol to use when connecting to -# glance. Set to https for SSL. Deprecated, use -# glance_api_services instead. (string value) -# Allowed values: http, https -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#glance_protocol = http - # Verify HTTPS connections. (boolean value) #insecure = false diff --git a/ironic/common/glance_service/service_utils.py b/ironic/common/glance_service/service_utils.py index d4771064f0..b23650d7dc 100644 --- a/ironic/common/glance_service/service_utils.py +++ b/ironic/common/glance_service/service_utils.py @@ -97,9 +97,7 @@ def _get_api_server_iterator(): that will cycle through the list, looping around to the beginning if necessary. - If CONF.glance.glance_api_servers isn't set, we fall back to using this - as the server: CONF.glance.glance_host:CONF.glance.glance_port. - If CONF.glance.glance_host is also not set, fetch the endpoint from the + If CONF.glance.glance_api_servers isn't set, fetch the endpoint from the service catalog. :returns: iterator that cycles (indefinitely) over shuffled glance API @@ -107,21 +105,14 @@ def _get_api_server_iterator(): """ api_servers = [] - if not CONF.glance.glance_api_servers and not CONF.glance.glance_host: + if not CONF.glance.glance_api_servers: session = keystone.get_session('glance', auth=keystone.get_auth('glance')) api_servers = [keystone.get_service_url(session, service_type='image', endpoint_type='public')] else: - configured_servers = (CONF.glance.glance_api_servers or - ['%s:%s' % (CONF.glance.glance_host, - CONF.glance.glance_port)]) - for api_server in configured_servers: - if '//' not in api_server: - api_server = '%s://%s' % (CONF.glance.glance_protocol, - api_server) - api_servers.append(api_server) - random.shuffle(api_servers) + api_servers = random.sample(CONF.glance.glance_api_servers, + len(CONF.glance.glance_api_servers)) return itertools.cycle(api_servers) diff --git a/ironic/conf/glance.py b/ironic/conf/glance.py index 0bbbfdbacc..7d5393b659 100644 --- a/ironic/conf/glance.py +++ b/ironic/conf/glance.py @@ -103,28 +103,11 @@ opts = [ 'value between 1 and 32, a single-tenant store will use ' 'multiple containers to store images, and this value ' 'will determine how many containers are created.')), - cfg.StrOpt('glance_host', - help=_('Default glance hostname or IP address. The service ' - 'catalog is used when not defined. Deprecated, ' - 'use glance_api_servers instead.'), - deprecated_for_removal=True), - cfg.PortOpt('glance_port', - default=9292, - help=_('Default glance port. Deprecated, use ' - 'glance_api_servers instead.'), - deprecated_for_removal=True), - cfg.StrOpt('glance_protocol', - default='http', - choices=['http', 'https'], - help=_('Default protocol to use when connecting to glance. ' - 'Set to https for SSL. Deprecated, use ' - 'glance_api_services instead.'), - deprecated_for_removal=True), cfg.ListOpt('glance_api_servers', help=_('A list of the glance api servers available to ironic. ' 'Prefix with https:// for SSL-based glance API ' - 'servers. Format is [hostname|IP]:port. If neither ' - 'this option nor glance_host is set, the service ' + 'servers. Format is [hostname|IP]:port. ' + 'If this option is not set, the service ' 'catalog is used. It is recommended to rely on the ' 'service catalog, if possible.')), cfg.BoolOpt('glance_api_insecure', diff --git a/ironic/tests/unit/common/test_glance_service.py b/ironic/tests/unit/common/test_glance_service.py index 81a343cb42..f8f5e1a88c 100644 --- a/ironic/tests/unit/common/test_glance_service.py +++ b/ironic/tests/unit/common/test_glance_service.py @@ -97,7 +97,7 @@ class TestGlanceImageService(base.TestCase): self.context.project_id = 'fake' self.service = service.GlanceImageService(client, 1, self.context) - self.config(glance_host='localhost', group='glance') + self.config(glance_api_servers=['http://localhost'], group='glance') try: self.config(auth_strategy='keystone', group='glance') except Exception: @@ -876,13 +876,6 @@ class TestGlanceAPIServers(base.TestCase): service_type='image', endpoint_type='public') - def test__get_api_servers_with_host_port(self): - CONF.set_override('glance_host', 'example.com', 'glance') - CONF.set_override('glance_port', 42, 'glance') - CONF.set_override('glance_protocol', 'https', 'glance') - endpoint = service_utils._get_api_server() - self.assertEqual('https://example.com:42', endpoint) - def test__get_api_servers_one(self): CONF.set_override('glance_api_servers', ['https://10.0.0.1:9293'], 'glance') diff --git a/ironic/tests/unit/common/test_image_service.py b/ironic/tests/unit/common/test_image_service.py index da7ce1d861..6e7e522b60 100644 --- a/ironic/tests/unit/common/test_image_service.py +++ b/ironic/tests/unit/common/test_image_service.py @@ -362,7 +362,3 @@ class ServiceGetterTestCase(base.TestCase): def test_out_range_auth_strategy(self): self.assertRaises(ValueError, cfg.CONF.set_override, 'auth_strategy', 'fake', 'glance') - - def test_out_range_glance_protocol(self): - self.assertRaises(ValueError, cfg.CONF.set_override, - 'glance_protocol', 'fake', 'glance')