Enable glance role to copy extra configuration
Glance role copies glance-image-import.conf when enabled to allow configuration of glance interoperable image import. Property protection can be enabled and file is copied. Change-Id: I5106675da5228a5d7e630871f0882269603e6571 Closesl-Bug: #1889272 Signed-off-by: nikparasyr <nik.parasyr@protonmail.com>
This commit is contained in:
parent
54d8c92c7b
commit
6033b71d5e
@ -823,6 +823,8 @@ enable_glance_image_cache: "no"
|
|||||||
glance_backend_swift: "{{ enable_swift | bool }}"
|
glance_backend_swift: "{{ enable_swift | bool }}"
|
||||||
glance_file_datadir_volume: "glance"
|
glance_file_datadir_volume: "glance"
|
||||||
glance_enable_rolling_upgrade: "no"
|
glance_enable_rolling_upgrade: "no"
|
||||||
|
glance_enable_property_protection: "no"
|
||||||
|
glance_enable_interoperable_image_import: "no"
|
||||||
glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
|
glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
|
||||||
|
|
||||||
#######################
|
#######################
|
||||||
|
@ -123,6 +123,36 @@
|
|||||||
notify:
|
notify:
|
||||||
- Restart glance-api container
|
- Restart glance-api container
|
||||||
|
|
||||||
|
- name: Copying over glance-image-import.conf
|
||||||
|
vars:
|
||||||
|
glance_api: "{{ glance_services['glance-api'] }}"
|
||||||
|
copy:
|
||||||
|
src: "{{ node_custom_config }}/glance/glance-image-import.conf"
|
||||||
|
dest: "{{ node_config_directory }}/glance-api/glance-image-import.conf"
|
||||||
|
mode: "0660"
|
||||||
|
become: true
|
||||||
|
when:
|
||||||
|
- glance_api.enabled | bool
|
||||||
|
- inventory_hostname in groups[glance_api.group]
|
||||||
|
- glance_enable_interoperable_image_import | bool
|
||||||
|
notify:
|
||||||
|
- Restart glance-api container
|
||||||
|
|
||||||
|
- name: Copying over property-protections-rules.conf
|
||||||
|
vars:
|
||||||
|
glance_api: "{{ glance_services['glance-api'] }}"
|
||||||
|
copy:
|
||||||
|
src: "{{ node_custom_config }}/glance/property-protections-rules.conf"
|
||||||
|
dest: "{{ node_config_directory }}/glance-api/property-protections-rules.conf"
|
||||||
|
mode: "0660"
|
||||||
|
become: true
|
||||||
|
when:
|
||||||
|
- glance_api.enabled | bool
|
||||||
|
- inventory_hostname in groups[glance_api.group]
|
||||||
|
- glance_enable_property_protection | bool
|
||||||
|
notify:
|
||||||
|
- Restart glance-api container
|
||||||
|
|
||||||
- name: Copying over existing policy file
|
- name: Copying over existing policy file
|
||||||
vars:
|
vars:
|
||||||
glance_api: "{{ glance_services['glance-api'] }}"
|
glance_api: "{{ glance_services['glance-api'] }}"
|
||||||
|
@ -21,6 +21,10 @@ enabled_backends = {% for key in glance_store_backends %}{{ key.name }}:{{ key.t
|
|||||||
show_multiple_locations = True
|
show_multiple_locations = True
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if glance_enable_property_protection | bool %}
|
||||||
|
property_protection_file = /etc/glance/property-protections-rules.conf
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
cinder_catalog_info = volume:cinder:internalURL
|
cinder_catalog_info = volume:cinder:internalURL
|
||||||
|
|
||||||
transport_url = {{ rpc_transport_url }}
|
transport_url = {{ rpc_transport_url }}
|
||||||
|
@ -36,6 +36,18 @@
|
|||||||
"dest": "/etc/glance/glance-cache.conf",
|
"dest": "/etc/glance/glance-cache.conf",
|
||||||
"owner": "glance",
|
"owner": "glance",
|
||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
|
}{% endif %}{% if glance_enable_interoperable_image_import | bool %},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/glance-image-import.conf",
|
||||||
|
"dest": "/etc/glance/glance.conf.d/glance-image-import.conf",
|
||||||
|
"owner": "glance",
|
||||||
|
"perm": "0600"
|
||||||
|
}{% endif %}{% if glance_enable_property_protection | bool %},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/property-protections-rules.conf",
|
||||||
|
"dest": "/etc/glance/property-protections-rules.conf",
|
||||||
|
"owner": "glance",
|
||||||
|
"perm": "0600"
|
||||||
}{% endif %}
|
}{% endif %}
|
||||||
],
|
],
|
||||||
"permissions": [
|
"permissions": [
|
||||||
|
@ -146,3 +146,32 @@ Glance caches are not cleaned up automatically, the glance team recommends to
|
|||||||
use a cron service to regularly clean cached images. In the future kolla will
|
use a cron service to regularly clean cached images. In the future kolla will
|
||||||
deploy a cron container to manage such clean ups. Please refer to
|
deploy a cron container to manage such clean ups. Please refer to
|
||||||
:glance-doc:`Glance image cache <admin/cache.html>`.
|
:glance-doc:`Glance image cache <admin/cache.html>`.
|
||||||
|
|
||||||
|
Property protection
|
||||||
|
~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
`Property protection <https://docs.openstack.org/glance/latest/admin/property-protections.html>`_
|
||||||
|
is disabled by default, it can be enabled by:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
glance_enable_property_protection: "yes"
|
||||||
|
|
||||||
|
|
||||||
|
and defining ``property-protections-rules.conf`` under
|
||||||
|
``{{ node_custom_config }}/glance/``. The default
|
||||||
|
``property_protection_rule_format`` is ``roles`` but it can be overwritten.
|
||||||
|
|
||||||
|
|
||||||
|
Interoperable image import
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
The `interoperable image import <https://docs.openstack.org/glance/latest/admin/interoperable-image-import.html>`_
|
||||||
|
is disabled by default, it can be enabled by:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
glance_enable_interoperable_image_import: "yes"
|
||||||
|
|
||||||
|
and defining ``glance-image-import.conf`` under
|
||||||
|
``{{ node_custom_config }}/glance/``.
|
||||||
|
@ -430,6 +430,8 @@
|
|||||||
#glance_backend_swift: "no"
|
#glance_backend_swift: "no"
|
||||||
#glance_backend_vmware: "no"
|
#glance_backend_vmware: "no"
|
||||||
#enable_glance_image_cache: "no"
|
#enable_glance_image_cache: "no"
|
||||||
|
#glance_enable_property_protection: "no"
|
||||||
|
#glance_enable_interoperable_image_import: "no"
|
||||||
# Configure glance upgrade option.
|
# Configure glance upgrade option.
|
||||||
# Due to this feature being experimental in glance,
|
# Due to this feature being experimental in glance,
|
||||||
# the default value is "no".
|
# the default value is "no".
|
||||||
|
6
releasenotes/notes/bug-1889272-c929d21a94d657fa.yaml
Normal file
6
releasenotes/notes/bug-1889272-c929d21a94d657fa.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Add functionality to the glance role to add extra config file for image
|
||||||
|
property protection and interoperable image import
|
||||||
|
`LP#1889272 <https://launchpad.net/bugs/1889272>`__
|
Loading…
Reference in New Issue
Block a user