Enable glance role to copy extra configuration

Glance role copies glance-image-import.conf
when enabled to allow configuration of
glance interoperable image import. Property
protection can be enabled and file is copied.

Change-Id: I5106675da5228a5d7e630871f0882269603e6571
Closesl-Bug: #1889272
Signed-off-by: nikparasyr <nik.parasyr@protonmail.com>
This commit is contained in:
nikparasyr 2020-07-28 18:11:40 +02:00
parent 54d8c92c7b
commit 6033b71d5e
7 changed files with 85 additions and 0 deletions

View File

@ -823,6 +823,8 @@ enable_glance_image_cache: "no"
glance_backend_swift: "{{ enable_swift | bool }}" glance_backend_swift: "{{ enable_swift | bool }}"
glance_file_datadir_volume: "glance" glance_file_datadir_volume: "glance"
glance_enable_rolling_upgrade: "no" glance_enable_rolling_upgrade: "no"
glance_enable_property_protection: "no"
glance_enable_interoperable_image_import: "no"
glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}" glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
####################### #######################

View File

@ -123,6 +123,36 @@
notify: notify:
- Restart glance-api container - Restart glance-api container
- name: Copying over glance-image-import.conf
vars:
glance_api: "{{ glance_services['glance-api'] }}"
copy:
src: "{{ node_custom_config }}/glance/glance-image-import.conf"
dest: "{{ node_config_directory }}/glance-api/glance-image-import.conf"
mode: "0660"
become: true
when:
- glance_api.enabled | bool
- inventory_hostname in groups[glance_api.group]
- glance_enable_interoperable_image_import | bool
notify:
- Restart glance-api container
- name: Copying over property-protections-rules.conf
vars:
glance_api: "{{ glance_services['glance-api'] }}"
copy:
src: "{{ node_custom_config }}/glance/property-protections-rules.conf"
dest: "{{ node_config_directory }}/glance-api/property-protections-rules.conf"
mode: "0660"
become: true
when:
- glance_api.enabled | bool
- inventory_hostname in groups[glance_api.group]
- glance_enable_property_protection | bool
notify:
- Restart glance-api container
- name: Copying over existing policy file - name: Copying over existing policy file
vars: vars:
glance_api: "{{ glance_services['glance-api'] }}" glance_api: "{{ glance_services['glance-api'] }}"

View File

@ -21,6 +21,10 @@ enabled_backends = {% for key in glance_store_backends %}{{ key.name }}:{{ key.t
show_multiple_locations = True show_multiple_locations = True
{% endif %} {% endif %}
{% if glance_enable_property_protection | bool %}
property_protection_file = /etc/glance/property-protections-rules.conf
{% endif %}
cinder_catalog_info = volume:cinder:internalURL cinder_catalog_info = volume:cinder:internalURL
transport_url = {{ rpc_transport_url }} transport_url = {{ rpc_transport_url }}

View File

@ -36,6 +36,18 @@
"dest": "/etc/glance/glance-cache.conf", "dest": "/etc/glance/glance-cache.conf",
"owner": "glance", "owner": "glance",
"perm": "0600" "perm": "0600"
}{% endif %}{% if glance_enable_interoperable_image_import | bool %},
{
"source": "{{ container_config_directory }}/glance-image-import.conf",
"dest": "/etc/glance/glance.conf.d/glance-image-import.conf",
"owner": "glance",
"perm": "0600"
}{% endif %}{% if glance_enable_property_protection | bool %},
{
"source": "{{ container_config_directory }}/property-protections-rules.conf",
"dest": "/etc/glance/property-protections-rules.conf",
"owner": "glance",
"perm": "0600"
}{% endif %} }{% endif %}
], ],
"permissions": [ "permissions": [

View File

@ -146,3 +146,32 @@ Glance caches are not cleaned up automatically, the glance team recommends to
use a cron service to regularly clean cached images. In the future kolla will use a cron service to regularly clean cached images. In the future kolla will
deploy a cron container to manage such clean ups. Please refer to deploy a cron container to manage such clean ups. Please refer to
:glance-doc:`Glance image cache <admin/cache.html>`. :glance-doc:`Glance image cache <admin/cache.html>`.
Property protection
~~~~~~~~~~~~~~~~~~~
`Property protection <https://docs.openstack.org/glance/latest/admin/property-protections.html>`_
is disabled by default, it can be enabled by:
.. code-block:: yaml
glance_enable_property_protection: "yes"
and defining ``property-protections-rules.conf`` under
``{{ node_custom_config }}/glance/``. The default
``property_protection_rule_format`` is ``roles`` but it can be overwritten.
Interoperable image import
~~~~~~~~~~~~~~~~~~~~~~~~~~
The `interoperable image import <https://docs.openstack.org/glance/latest/admin/interoperable-image-import.html>`_
is disabled by default, it can be enabled by:
.. code-block:: yaml
glance_enable_interoperable_image_import: "yes"
and defining ``glance-image-import.conf`` under
``{{ node_custom_config }}/glance/``.

View File

@ -430,6 +430,8 @@
#glance_backend_swift: "no" #glance_backend_swift: "no"
#glance_backend_vmware: "no" #glance_backend_vmware: "no"
#enable_glance_image_cache: "no" #enable_glance_image_cache: "no"
#glance_enable_property_protection: "no"
#glance_enable_interoperable_image_import: "no"
# Configure glance upgrade option. # Configure glance upgrade option.
# Due to this feature being experimental in glance, # Due to this feature being experimental in glance,
# the default value is "no". # the default value is "no".

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Add functionality to the glance role to add extra config file for image
property protection and interoperable image import
`LP#1889272 <https://launchpad.net/bugs/1889272>`__