openstack/openstack-helm
Code Issues Proposed changes
openstack-helm/manila/values.yaml
Vladimir Kozhukalov 54b3ff1f49 Use loci images by default for all charts 
Loci builds Openstack images nightly and publishes
them to both Docker Hub registry and to Quay registry.

Quay registry has much more tolerant rate limits, so
for users it is more convenient to use quay.

Change-Id: Id5c8776202a8c10a7aebccdae174880743dbdd09
2025-01-16 05:43:11 -06:00

1117 lines
33 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for manila.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
labels:
api:
node_selector_key: openstack-control-plane
node_selector_value: enabled
data:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
share:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
release_group: null
# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
# Set to false to upgrade using helm2
helm3_hook: true
images:
tags:
bootstrap: quay.io/airshipit/heat:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy
manila_db_sync: quay.io/airshipit/manila:2024.1-ubuntu_jammy
db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy
ks_user: quay.io/airshipit/heat:2024.1-ubuntu_jammy
ks_service: quay.io/airshipit/heat:2024.1-ubuntu_jammy
ks_endpoints: quay.io/airshipit/heat:2024.1-ubuntu_jammy
manila_api: quay.io/airshipit/manila:2024.1-ubuntu_jammy
manila_data: quay.io/airshipit/manila:2024.1-ubuntu_jammy
manila_scheduler: quay.io/airshipit/manila:2024.1-ubuntu_jammy
manila_share: quay.io/airshipit/manila:2024.1-ubuntu_jammy
rabbit_init: docker.io/rabbitmq:3.13-management
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
pod:
security_context:
manila:
pod:
runAsUser: 42424
container:
manila_api:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
manila_data:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
manila_scheduler:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
manila_share:
readOnlyRootFilesystem: true
privileged: true
test:
pod:
runAsUser: 42424
container:
manila_test:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
use_fqdn:
# NOTE: Setting the option here to true will cause use $(hostname --fqdn)
# as the host name by default. If the short name is desired
# $(hostname --short), set the option to false. Specifying a host in the
# manila.conf via the conf section will supersede the value of this option.
share: true
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
tolerations:
manila:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
mounts:
manila_api:
init_container: null
manila_api:
volumeMounts:
volumes:
manila_scheduler:
init_container: null
manila_scheduler:
volumeMounts:
volumes:
manila_data:
init_container: null
manila_data:
volumeMounts:
volumes:
manila_share:
init_container: null
manila_share:
volumeMounts:
volumes:
manila_bootstrap:
init_container: null
manila_bootstrap:
volumeMounts:
volumes:
manila_tests:
init_container: null
manila_tests:
volumeMounts:
volumes:
manila_db_sync:
manila_db_sync:
volumeMounts:
volumes:
replicas:
api: 1
data: 1
scheduler: 1
share: 1
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
disruption_budget:
api:
min_available: 0
sheduler:
min_available: 0
share:
min_available: 0
resources:
enabled: false
api:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
data:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
scheduler:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
share:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
bootstrap:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
db_drop:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
rabbit_init:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_endpoints:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_service:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ks_user:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
tests:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
network:
api:
ingress:
public: true
classes:
namespace: "nginx"
cluster: "nginx-cluster"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
external_policy_local: false
node_port:
enabled: false
port: 30486
network_policy:
manila:
ingress:
- {}
egress:
- {}
bootstrap:
enabled: true
ks_user: admin
script: null
structured:
flavors:
manila-service-flavor:
id: 100
name: "manila-service-flavor"
ram: 512
vcpus: 1
disk: 5
ephemeral: 0
public: true
images:
manila-service-image:
id: null
name: "manila-service-image"
source_url: "https://tarballs.opendev.org/openstack/manila-image-elements/images/"
image_file: "manila-service-image-master.qcow2"
image_type: qcow2
container_format: bare
private: false
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- manila-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
api:
jobs:
- manila-db-sync
- manila-ks-user
- manila-ks-endpoints
- manila-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_messaging
data:
jobs:
- manila-db-sync
- manila-ks-user
- manila-ks-endpoints
- manila-rabbit-init
scheduler:
jobs:
- manila-db-sync
- manila-ks-user
- manila-ks-endpoints
- manila-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_messaging
share:
# pod:
# - requireSameNode: true
# labels:
# application: openvswitch
# component: server
jobs:
- manila-db-sync
- manila-ks-user
- manila-ks-endpoints
- manila-rabbit-init
services:
- endpoint: internal
service: oslo_db
- endpoint: internal
service: identity
- endpoint: internal
service: oslo_messaging
db_drop:
services:
- endpoint: internal
service: oslo_db
db_init:
services:
- endpoint: internal
service: oslo_db
db_sync:
jobs:
- manila-db-init
services:
- endpoint: internal
service: oslo_db
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
ks_endpoints:
jobs:
- manila-ks-service
services:
- endpoint: internal
service: identity
ks_service:
services:
- endpoint: internal
service: identity
ks_user:
services:
- endpoint: internal
service: identity
rabbit_init:
services:
- endpoint: internal
service: oslo_messaging
conf:
paste:
composite:osapi_share:
use: call:manila.api:root_app_factory
/: apiversions
/healthcheck: healthcheck
/v1: openstack_share_api
/v2: openstack_share_api_v2
composite:openstack_share_api:
use: call:manila.api.middleware.auth:pipeline_factory
noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api
keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
composite:openstack_share_api_v2:
use: call:manila.api.middleware.auth:pipeline_factory
noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2
noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2
keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
filter:faultwrap:
paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory
filter:noauth:
paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory
filter:noauthv2:
paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory
filter:sizelimit:
paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
filter:osprofiler:
paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
app:api:
paste.app_factory: manila.api.v1.router:APIRouter.factory
app:apiv2:
paste.app_factory: manila.api.v2.router:APIRouter.factory
pipeline:apiversions:
pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp
app:osshareversionapp:
paste.app_factory: manila.api.versions:VersionsRouter.factory
filter:keystonecontext:
paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
filter:cors:
paste.filter_factory: oslo_middleware.cors:filter_factory
oslo_config_project: manila
app:healthcheck:
paste.app_factory: oslo_middleware:Healthcheck.app_factory
backends: disable_by_file
disable_by_file_path: /etc/manila/healthcheck_disable
policy: {}
manila_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
Defaults !requiretty
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
manila ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/manila-rootwrap /etc/manila/rootwrap.conf *, /var/lib/openstack/bin/manila-rootwrap /etc/manila/rootwrap.conf *
rootwrap_filters:
share:
pods:
- share
content: |
# manila-rootwrap command filters for share nodes
# This file should be owned by (and only-writeable by) the root user
[Filters]
# manila/utils.py : 'chown', '%s', '%s'
chown: CommandFilter, chown, root
# manila/utils.py : 'cat', '%s'
cat: CommandFilter, cat, root
# manila/share/drivers/lvm.py: 'mkfs.ext4', '/dev/mapper/%s'
mkfs.ext4: CommandFilter, mkfs.ext4, root
# manila/share/drivers/lvm.py: 'mkfs.ext3', '/dev/mapper/%s'
mkfs.ext3: CommandFilter, mkfs.ext3, root
# manila/share/drivers/lvm.py: 'smbd', '-s', '%s', '-D'
smbd: CommandFilter, smbd, root
smb: CommandFilter, smb, root
# manila/share/drivers/lvm.py: 'rmdir', '%s'
rmdir: CommandFilter, rmdir, root
# manila/share/drivers/lvm.py: 'dd' 'count=0', 'if=%s' % srcstr, 'of=%s'
dd: CommandFilter, dd, root
# manila/share/drivers/lvm.py: 'fsck', '-pf', %s
fsck: CommandFilter, fsck, root
# manila/share/drivers/lvm.py: 'resize2fs', %s
resize2fs: CommandFilter, resize2fs, root
# manila/share/drivers/helpers.py: 'smbcontrol', 'all', 'close-share', '%s'
smbcontrol: CommandFilter, smbcontrol, root
# manila/share/drivers/helpers.py: 'net', 'conf', 'addshare', '%s', '%s', 'writeable=y', 'guest_ok=y
# manila/share/drivers/helpers.py: 'net', 'conf', 'delshare', '%s'
# manila/share/drivers/helpers.py: 'net', 'conf', 'setparm', '%s', '%s', '%s'
# manila/share/drivers/helpers.py: 'net', 'conf', 'getparm', '%s', 'hosts allow'
net: CommandFilter, net, root
# manila/share/drivers/helpers.py: 'cp', '%s', '%s'
cp: CommandFilter, cp, root
# manila/share/drivers/helpers.py: 'service', '%s', '%s'
service: CommandFilter, service, root
# manila/share/drivers/lvm.py: 'lvremove', '-f', "%s/%s
lvremove: CommandFilter, lvremove, root
# manila/share/drivers/lvm.py: 'lvextend', '-L', '%sG''-n', %s
lvextend: CommandFilter, lvextend, root
# manila/share/drivers/lvm.py: 'lvcreate', '-L', %s, '-n', %s
lvcreate: CommandFilter, lvcreate, root
# manila/share/drivers/lvm.py: 'vgs', '--noheadings', '-o', 'name'
# manila/share/drivers/lvm.py: 'vgs', %s, '--rows', '--units', 'g'
vgs: CommandFilter, vgs, root
# manila/share/drivers/lvm.py: 'tune2fs', '-U', 'random', '%volume-snapshot%'
tune2fs: CommandFilter, tune2fs, root
# manila/share/drivers/generic.py: 'sed', '-i', '\'/%s/d\'', '%s'
sed: CommandFilter, sed, root
# manila/share/drivers/glusterfs.py: 'mkdir', '%s'
# manila/share/drivers/ganesha/manager.py: 'mkdir', '-p', '%s'
mkdir: CommandFilter, mkdir, root
# manila/share/drivers/glusterfs.py: 'rm', '-rf', '%s'
rm: CommandFilter, rm, root
# manila/share/drivers/glusterfs.py: 'mount', '-t', 'glusterfs', '%s', '%s'
# manila/share/drivers/glusterfs/glusterfs_native.py: 'mount', '-t', 'glusterfs', '%s', '%s'
mount: CommandFilter, mount, root
# manila/share/drivers/glusterfs.py: 'gluster', '--xml', 'volume', 'info', '%s'
# manila/share/drivers/glusterfs.py: 'gluster', 'volume', 'set', '%s', 'nfs.export-dir', '%s'
gluster: CommandFilter, gluster, root
# manila/network/linux/ip_lib.py: 'ip', 'netns', 'exec', '%s', '%s'
ip: CommandFilter, ip, root
# manila/network/linux/interface.py: 'ovs-vsctl', 'add-port', '%s', '%s'
ovs-vsctl: CommandFilter, ovs-vsctl, root
# manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '!', '-path', '%s', '!', '-path', '%s', '-delete'
# manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '-delete'
find: CommandFilter, find, root
# manila/share/drivers/glusterfs/glusterfs_native.py: 'umount', '%s'
umount: CommandFilter, umount, root
# GPFS commands
# manila/share/drivers/ibm/gpfs.py: 'mmgetstate', '-Y'
mmgetstate: CommandFilter, mmgetstate, root
# manila/share/drivers/ibm/gpfs.py: 'mmlsattr', '%s'
mmlsattr: CommandFilter, mmlsattr, root
# manila/share/drivers/ibm/gpfs.py: 'mmcrfileset', '%s', '%s', '--inode-space', 'new'
mmcrfileset: CommandFilter, mmcrfileset, root
# manila/share/drivers/ibm/gpfs.py: 'mmlinkfileset', '%s', '%s', '-J', '%s'
mmlinkfileset: CommandFilter, mmlinkfileset, root
# manila/share/drivers/ibm/gpfs.py: 'mmsetquota', '-j', '%s', '-h', '%s', '%s'
mmsetquota: CommandFilter, mmsetquota, root
# manila/share/drivers/ibm/gpfs.py: 'mmunlinkfileset', '%s', '%s', '-f'
mmunlinkfileset: CommandFilter, mmunlinkfileset, root
# manila/share/drivers/ibm/gpfs.py: 'mmdelfileset', '%s', '%s', '-f'
mmdelfileset: CommandFilter, mmdelfileset, root
# manila/share/drivers/ibm/gpfs.py: 'mmcrsnapshot', '%s', '%s', '-j', '%s'
mmcrsnapshot: CommandFilter, mmcrsnapshot, root
# manila/share/drivers/ibm/gpfs.py: 'mmdelsnapshot', '%s', '%s', '-j', '%s'
mmdelsnapshot: CommandFilter, mmdelsnapshot, root
# manila/share/drivers/ibm/gpfs.py: 'rsync', '-rp', '%s', '%s'
rsync: CommandFilter, rsync, root
# manila/share/drivers/ibm/gpfs.py: 'exportfs'
exportfs: CommandFilter, exportfs, root
# manila/share/drivers/ibm/gpfs.py: 'stat', '--format=%F', '%s'
stat: CommandFilter, stat, root
# manila/share/drivers/ibm/gpfs.py: 'df', '-P', '-B', '1', '%s'
df: CommandFilter, df, root
# manila/share/drivers/ibm/gpfs.py: 'chmod', '777', '%s'
chmod: CommandFilter, chmod, root
# manila/share/drivers/ibm/gpfs.py: 'mmnfs', 'export', '%s', '%s'
mmnfs: CommandFilter, mmnfs, root
# manila/share/drivers/ibm/gpfs.py: 'mmlsfileset', '%s', '-J', '%s', '-L'
mmlsfileset: CommandFilter, mmlsfileset, root
# manila/share/drivers/ibm/gpfs.py: 'mmchfileset', '%s', '-J', '%s', '-j', '%s'
mmchfileset: CommandFilter, mmchfileset, root
# manila/share/drivers/ibm/gpfs.py: 'mmlsquota', '-j', '-J', '%s', '%s'
mmlsquota: CommandFilter, mmlsquota, root
# manila/share/drivers/ganesha/manager.py: 'mv', '%s', '%s'
mv: CommandFilter, mv, root
# manila/share/drivers/ganesha/manager.py: 'mktemp', '-p', '%s', '-t', '%s'
mktemp: CommandFilter, mktemp, root
# manila/share/drivers/ganesha/manager.py:
shcat: RegExpFilter, sh, root, sh, -c, echo '((.|\n)*)' > /.*
# manila/share/drivers/ganesha/manager.py:
dbus-addexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*, .*
# manila/share/drivers/ganesha/manager.py:
dbus-removeexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*
# manila/share/drivers/ganesha/manager.py:
dbus-updateexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.UpdateExport, .*, .*
# manila/share/drivers/ganesha/manager.py:
rmconf: RegExpFilter, sh, root, sh, -c, rm -f /.*/\*\.conf$
# ZFS commands
# manila/share/drivers/zfsonlinux/driver.py
# manila/share/drivers/zfsonlinux/utils.py
zpool: CommandFilter, zpool, root
# manila/share/drivers/zfsonlinux/driver.py
# manila/share/drivers/zfsonlinux/utils.py
zfs: CommandFilter, zfs, root
# manila/share/drivers/zfsonlinux/driver.py
kill: CommandFilter, kill, root
# manila/data/utils.py: 'ls', '-pA1', '--group-directories-first', '%s'
ls: CommandFilter, ls, root
# manila/data/utils.py: 'touch', '--reference=%s', '%s'
touch: CommandFilter, touch, root
# manila/share/drivers/container/container.py: docker <whatever>
docker: CommandFilter, docker, root
# manila/share/drivers/container/container.py: brctl <whatever>
brctl: CommandFilter, brctl, root
# manila/share/drivers/container/storage_helper.py: e2fsck <whatever>
# manila/share/drivers/generic.py: e2fsck <whatever>
# manila/share/drivers/lvm.py: e2fsck <whatever>
e2fsck: CommandFilter, e2fsck, root
# manila/share/drivers/lvm.py: lvconvert --merge %s
lvconvert: CommandFilter, lvconvert, root
# manila/data/utils.py: 'sha256sum', '%s'
sha256sum: CommandFilter, sha256sum, root
# manila/utils.py: 'tee', '%s'
tee: CommandFilter, tee, root
# manila/share/drivers/container/storage_helper.py: lvs -o lv_size --noheadings --nosuffix --units g <device>
lvs: CommandFilter, lvs, root
# manila/share/drivers/container/storage_helper.py: lvrename --autobackup n <old_name> <new_name>
lvrename: CommandFilter, lvrename, root
rootwrap: |
# Configuration for manila-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap
# List of directories to search executables in, in case filters do not
# explicitly specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, user0, user1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
manila:
DEFAULT:
default_share_type: default
default_share_group_type: default
share_name_template: share-%s
rootwrap_config: /etc/manila/rootwrap.conf
api_paste_config: /etc/manila/api-paste.ini
enabled_share_backends: generic
enabled_share_protocols: NFS
keystone_authtoken:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
service_type: sharev2
neutron:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
nova:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
cinder:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
glance:
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
endpoint_type: internalURL
database:
max_retries: -1
generic:
share_backend_name: GENERIC
share_driver: manila.share.drivers.generic.GenericShareDriver
driver_handles_share_servers: true
# manila-service-flavor
service_instance_flavor_id: 100
service_image_name: manila-service-image
service_instance_user: manila
service_instance_password: manila
# # Module path to the Virtual Interface (VIF) driver class. This option
# # is used only by drivers operating in
# # `driver_handles_share_servers=True` mode that provision OpenStack
# # compute instances as share servers. This option is only supported
# # with Neutron networking. Drivers provided in tree work with Linux
# # Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and
# # OVS (manila.network.linux.interface.OVSInterfaceDriver). If the
# # manila-share service is running on a host that is connected to the
# # administrator network, a no-op driver
# # (manila.network.linux.interface.NoopInterfaceDriver) may be used.
# # (string value)
# interface_driver: manila.network.linux.interface.OVSInterfaceDriver
oslo_policy:
policy_file: /etc/manila/policy.yaml
oslo_concurrency:
lock_path: /var/lib/manila/tmp
oslo_messaging_notifications:
driver: messagingv2
oslo_middleware:
enable_proxy_headers_parsing: true
oslo_messaging_rabbit:
rabbit_ha_queues: true
logging:
loggers:
keys:
- root
- manila
handlers:
keys:
- stdout
- stderr
- "null"
formatters:
keys:
- context
- default
logger_root:
level: WARNING
handlers: 'null'
logger_manila:
level: INFO
handlers:
- stdout
qualname: manila
logger_amqp:
level: WARNING
handlers: stderr
qualname: amqp
logger_amqplib:
level: WARNING
handlers: stderr
qualname: amqplib
logger_eventletwsgi:
level: WARNING
handlers: stderr
qualname: eventlet.wsgi.server
logger_sqlalchemy:
level: WARNING
handlers: stderr
qualname: sqlalchemy
logger_boto:
level: WARNING
handlers: stderr
qualname: boto
handler_null:
class: logging.NullHandler
formatter: default
args: ()
handler_stdout:
class: StreamHandler
args: (sys.stdout,)
formatter: context
handler_stderr:
class: StreamHandler
args: (sys.stderr,)
formatter: context
formatter_context:
class: oslo_log.formatters.ContextFormatter
datefmt: "%Y-%m-%d %H:%M:%S"
formatter_default:
format: "%(message)s"
datefmt: "%Y-%m-%d %H:%M:%S"
rally_tests:
tests:
ManilaShares.create_and_delete_share:
- args:
share_proto: "nfs"
size: 1
share_type: "dhss_false"
min_sleep: 1
max_sleep: 2
context:
quotas:
manila:
shares: 0
gigabytes: 0
share_networks: 0
users:
tenants: 2
users_per_tenant: 1
user_choice_method: "round_robin"
manila_share_networks:
use_share_networks: true
runner:
concurrency: 4
times: 4
type: constant
sla:
failure_rate:
max: 0
manila_api_uwsgi:
uwsgi:
add-header: "Connection: close"
buffer-size: 65535
die-on-term: true
enable-threads: true
exit-on-reload: false
hook-master-start: unix_signal:15 gracefully_kill_them_all
lazy-apps: true
log-x-forwarded-for: true
master: true
procname-prefix-spaced: "manila-api:"
route-user-agent: '^kube-probe.* donotlog:'
thunder-lock: true
worker-reload-mercy: 80
wsgi-file: /var/lib/openstack/bin/manila-wsgi
# Names of secrets used by bootstrap and environmental checks
secrets:
identity:
admin: manila-keystone-admin
manila: manila-keystone-user
oslo_db:
admin: manila-db-admin
manila: manila-db-user
oslo_messaging:
admin: manila-rabbitmq-admin
manila: manila-rabbitmq-user
tls:
share:
api:
public: manila-tls-public
internal: manila-tls-internal
oci_image_registry:
manila: manila-oci-image-registry
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
manila:
username: manila
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
identity:
name: keystone
auth:
admin:
region_name: RegionOne
username: admin
password: password
project_name: admin
user_domain_name: default
project_domain_name: default
manila:
role: admin
region_name: RegionOne
username: manila
password: password
project_name: service
user_domain_name: service
project_domain_name: service
hosts:
default: keystone
internal: keystone-api
host_fqdn_override:
default: null
path:
default: /v3
scheme:
default: http
port:
api:
default: 80
internal: 5000
share:
name: manila
hosts:
default: manila-api
public: manila
host_fqdn_override:
default: null
path:
default: '/v1'
scheme:
default: http
service: http
port:
api:
default: 8786
public: 80
service: 8786
sharev2:
name: manilav2
hosts:
default: manila-api
public: manila
host_fqdn_override:
default: null
path:
default: '/v2'
scheme:
default: http
service: http
port:
api:
default: 8786
public: 80
service: 8786
oslo_db:
auth:
admin:
username: root
password: password
secret:
tls:
internal: mariadb-tls-direct
manila:
username: manila
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /manila
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_messaging:
auth:
admin:
username: rabbitmq
password: password
secret:
tls:
internal: rabbitmq-tls-direct
manila:
username: manila
password: password
statefulset:
replicas: 2
name: rabbitmq-rabbitmq
hosts:
default: rabbitmq
host_fqdn_override:
default: null
path: /manila
scheme: rabbit
port:
amqp:
default: 5672
http:
default: 15672
oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts:
default: memcached
host_fqdn_override:
default: null
port:
memcache:
default: 11211
fluentd:
namespace: null
name: fluentd
hosts:
default: fluentd-logging
host_fqdn_override:
default: null
path:
default: null
scheme: 'http'
port:
service:
default: 24224
metrics:
default: 24220
# NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
# They are using to enable the Egress K8s network policy.
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns:
default: 53
protocol: UDP
ingress:
namespace: null
name: ingress
hosts:
default: ingress
port:
ingress:
default: 80
tls:
identity: false
oslo_messaging: false
oslo_db: false
manifests:
certificates: false
configmap_bin: true
configmap_etc: true
deployment_api: true
deployment_scheduler: true
deployment_data: true
deployment_share: true
ingress_api: true
job_bootstrap: true
job_db_init: true
job_db_sync: true
job_db_drop: false
job_image_repo_sync: true
job_rabbit_init: true
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
pdb_api: true
pod_test: true
secret_db: true
network_policy: false
secret_ingress_tls: true
secret_keystone: true
secret_rabbitmq: true
secret_registry: true
service_ingress_api: true
service_api: true
...
View Git Blame Copy Permalink