COMPUTED VALUES: bootstrap: enabled: false ks_user: admin script: null structured: images: cirros: container_format: bare id: null image_file: cirros-0.6.2-x86_64-disk.img image_type: qcow2 min_disk: 1 name: Cirros 0.6.2 64-bit private: true properties: os_distro: cirros source_url: http://download.cirros-cloud.net/0.6.2/ ceph_client: configmap: ceph-etc user_secret_name: pvc-ceph-client-key conf: api_audit_map: DEFAULT: target_endpoint_type: None path_keywords: detail: None file: None images: image members: member tags: tag service_endpoints: image: service/storage/image ceph: admin_keyring: null append: null monitors: [] override: null ceph_client: append: null override: null glance: DEFAULT: bind_port: null enable_import_methods: '[]' enable_v1_api: false show_image_direct_url: true show_multiple_locations: true workers: 2 cors: allowed_origins: '*' database: connection_recycle_time: 600 max_overflow: 50 max_pool_size: 5 max_retries: -1 pool_timeout: 30 glance_store: cinder_catalog_info: volumev3::internalURL default_swift_reference: ref1 filesystem_store_datadir: /var/lib/glance/images rbd_store_ceph_conf: /etc/ceph/ceph.conf rbd_store_chunk_size: 8 rbd_store_crush_rule: replicated_rule rbd_store_pool: glance.images rbd_store_replication: 1 rbd_store_user: glance swift_store_config_file: /etc/glance/swift-store.conf swift_store_container: glance swift_store_create_container_on_put: true swift_store_endpoint_type: internalURL image_format: disk_formats: aki,ari,qcow2,raw keystone_authtoken: auth_type: password auth_uri: http://keystone-api.openstack.svc.cluster.local:5000/ auth_url: http://keystone-api.openstack.svc.cluster.local:5000/ auth_version: v3 memcache_secret_key: 9NBH4SKkRUN3qSszrJrzWhWbHLybVTrm memcache_security_strategy: ENCRYPT memcached_servers: memcached.openstack.svc.cluster.local:11211 password: woh76DK8d3BTrZqJQvSQ2dvnu7ZPzV7k project_domain_name: service project_name: service region_name: RegionOne service_token_roles: service service_token_roles_required: true service_type: image user_domain_name: service username: glance-RegionOne oslo_concurrency: lock_path: /var/lib/glance/tmp oslo_messaging_notifications: driver: noop oslo_messaging_rabbit: rabbit_ha_queues: true oslo_middleware: enable_proxy_headers_parsing: true oslo_policy: policy_file: /etc/glance/policy.yaml paste_deploy: flavor: keystone glance_api_uwsgi: uwsgi: add-header: 'Connection: close' buffer-size: 65535 chunked-input-limit: "4096000" die-on-term: true enable-threads: true exit-on-reload: false hook-master-start: unix_signal:15 gracefully_kill_them_all http-auto-chunked: true http-raw-body: true http-socket: 0.0.0.0:9292 lazy-apps: true log-x-forwarded-for: true master: true need-app: true processes: 2 procname-prefix-spaced: 'glance-api:' route-user-agent: '^kube-probe.* donotlog:' socket-timeout: 10 thunder-lock: true worker-reload-mercy: 80 wsgi-file: /var/lib/openstack/bin/glance-wsgi-api glance_sudoers: | # This sudoers file supports rootwrap for both Kolla and LOCI Images. Defaults !requiretty Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin" glance ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/glance-rootwrap /etc/glance/rootwrap.conf *, /var/lib/openstack/bin/glance-rootwrap /etc/glance/rootwrap.conf * logging: formatter_context: class: oslo_log.formatters.ContextFormatter datefmt: '%Y-%m-%d %H:%M:%S' formatter_default: datefmt: '%Y-%m-%d %H:%M:%S' format: '%(message)s' formatters: keys: - context - default handler_null: args: () class: logging.NullHandler formatter: default handler_stderr: args: (sys.stderr,) class: StreamHandler formatter: context handler_stdout: args: (sys.stdout,) class: StreamHandler formatter: context handlers: keys: - stdout - stderr - "null" logger_amqp: handlers: stderr level: WARNING qualname: amqp logger_amqplib: handlers: stderr level: WARNING qualname: amqplib logger_boto: handlers: stderr level: WARNING qualname: boto logger_eventletwsgi: handlers: stderr level: WARNING qualname: eventlet.wsgi.server logger_glance: handlers: - stdout level: INFO qualname: glance logger_root: handlers: "null" level: WARNING logger_sqlalchemy: handlers: stderr level: WARNING qualname: sqlalchemy loggers: keys: - root - glance paste: app:apiv1app: paste.app_factory: glance.api.v1.router:API.factory app:apiv2app: paste.app_factory: glance.api.v2.router:API.factory app:apiversions: paste.app_factory: glance.api.versions:create_resource composite:rootapp: /: apiversions /v1: apiv1app /v2: apiv2app paste.composite_factory: glance.api:root_app_factory filter:audit: audit_map_file: /etc/glance/api_audit_map.conf paste.filter_factory: keystonemiddleware.audit:filter_factory filter:authtoken: delay_auth_decision: true paste.filter_factory: keystonemiddleware.auth_token:filter_factory filter:cache: paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory filter:cachemanage: paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory filter:context: paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory filter:cors: oslo_config_program: glance-api oslo_config_project: glance paste.filter_factory: oslo_middleware.cors:filter_factory filter:gzip: paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory filter:healthcheck: backends: disable_by_file disable_by_file_path: /etc/glance/healthcheck_disable paste.filter_factory: oslo_middleware:Healthcheck.factory filter:http_proxy_to_wsgi: paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory filter:osprofiler: enabled: true hmac_keys: SECRET_KEY paste.filter_factory: osprofiler.web:WsgiMiddleware.factory filter:unauthenticated-context: paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory filter:versionnegotiation: paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory pipeline:glance-api: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp pipeline:glance-api-cachemanagement: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp pipeline:glance-api-caching: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp pipeline:glance-api-keystone: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context rootapp pipeline:glance-api-keystone+cachemanagement: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp pipeline:glance-api-keystone+caching: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp pipeline:glance-api-trusted-auth: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp pipeline:glance-api-trusted-auth+cachemanagement: pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp policy: {} rabbitmq: policies: - apply-to: all definition: ha-mode: all ha-sync-mode: automatic message-ttl: 70000 name: ha_ttl_glance pattern: ^(?!(amq\.|reply_)).* priority: 0 vhost: glance rally_tests: run_tempest: false tests: GlanceImages.create_and_delete_image: - args: container_format: bare disk_format: qcow2 image_location: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 GlanceImages.create_and_list_image: - args: container_format: bare disk_format: qcow2 image_location: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img runner: concurrency: 1 times: 1 type: constant sla: failure_rate: max: 0 rootwrap: | # Configuration for glance-rootwrap # This file should be owned by (and only-writable by) the root user [DEFAULT] # List of directories to load filter definitions from (separated by ','). # These directories MUST all be only writeable by root ! filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap # List of directories to search executables in, in case filters do not # explicitely specify a full path (separated by ',') # If not specified, defaults to system PATH environment variable. # These directories MUST all be only writeable by root ! exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin # Enable logging to syslog # Default value is False use_syslog=False # Which syslog facility to use. # Valid values include auth, authpriv, syslog, local0, local1... # Default value is 'syslog' syslog_log_facility=syslog # Which messages to log. # INFO means log all usage # ERROR means only log unsuccessful attempts syslog_log_level=ERROR rootwrap_filters: glance_cinder_store: content: | # glance-rootwrap command filters for glance cinder store # This file should be owned by (and only-writable by) the root user [Filters] # cinder store driver disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).* # os-brick library commands # os_brick.privileged.run_as_root oslo.privsep context # This line ties the superuser privs with the config files, context name, # and (implicitly) the actual python code invoked. privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.* chown: CommandFilter, chown, root mount: CommandFilter, mount, root umount: CommandFilter, umount, root pods: - api software: rbd: rbd_store_pool_app_name: glance-image swift_store: | [{{ .Values.conf.glance.glance_store.default_swift_reference }}] {{- if eq .Values.storage "radosgw" }} auth_version = 1 auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }} {{- else }} user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }} key = {{ .Values.endpoints.identity.auth.glance.password }} auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }} project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }} auth_version = 3 # NOTE(portdirect): https://bugs.launchpad.net/glance-store/+bug/1620999 project_domain_id = user_domain_id = {{- end -}} dependencies: dynamic: common: local_image_registry: jobs: - glance-image-repo-sync services: - endpoint: node service: local_image_registry static: api: jobs: - glance-storage-init - glance-db-sync - glance-rabbit-init - glance-ks-user - glance-ks-endpoints services: - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: oslo_messaging bootstrap: jobs: null services: - endpoint: internal service: identity - endpoint: internal service: image clean: jobs: null db_drop: services: - endpoint: internal service: oslo_db db_init: services: - endpoint: internal service: oslo_db db_sync: jobs: - glance-db-init services: - endpoint: internal service: oslo_db image_repo_sync: services: - endpoint: internal service: local_image_registry ks_endpoints: jobs: - glance-ks-service services: - endpoint: internal service: identity ks_service: services: - endpoint: internal service: identity ks_user: services: - endpoint: internal service: identity metadefs_load: jobs: - glance-db-sync services: null rabbit_init: services: - endpoint: internal service: oslo_messaging storage_init: jobs: - glance-ks-user services: null tests: services: - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: image endpoints: ceph_object_store: auth: glance: password: password tmpurlkey: supersecret username: glance host_fqdn_override: default: null hosts: default: ceph-rgw public: radosgw name: radosgw namespace: ceph path: default: /auth/v1.0 port: api: default: 8088 public: 80 scheme: default: http cluster_domain_suffix: cluster.local dashboard: host_fqdn_override: default: null public: host: dashboard.199-19-213-230.nip.io hosts: default: horizon-int public: horizon name: horizon path: default: null port: api: public: 443 web: default: 80 public: 443 scheme: default: http public: https fluentd: host_fqdn_override: default: null hosts: default: fluentd-logging name: fluentd namespace: null path: default: null port: metrics: default: 24220 service: default: 24224 scheme: http identity: auth: admin: password: tsdS9wlr9L91EoN2JyzIpGwEkMc7S2AL project_domain_name: default project_name: admin region_name: RegionOne user_domain_name: default username: admin-RegionOne glance: password: woh76DK8d3BTrZqJQvSQ2dvnu7ZPzV7k project_domain_name: service project_name: service region_name: RegionOne role: admin user_domain_name: service username: glance-RegionOne test: password: password project_domain_name: service project_name: test region_name: RegionOne role: admin user_domain_name: service username: glance-test host_fqdn_override: default: null public: host: identity.199-19-213-230.nip.io hosts: default: keystone-api internal: keystone-api name: keystone path: default: / port: api: default: 5000 internal: 5000 public: 443 scheme: default: http public: https image: host_fqdn_override: default: null public: host: image.199-19-213-230.nip.io hosts: default: glance-api public: glance name: glance path: default: null port: api: default: 9292 public: 443 scheme: default: http public: https service: http ingress: hosts: default: ingress name: ingress namespace: null port: ingress: default: 80 kube_dns: host_fqdn_override: default: null hosts: default: kube-dns name: kubernetes-dns namespace: kube-system path: default: null port: dns: default: 53 protocol: UDP scheme: http local_image_registry: host_fqdn_override: default: null hosts: default: localhost internal: docker-registry node: localhost name: docker-registry namespace: docker-registry port: registry: node: 5000 object_store: auth: glance: tmpurlkey: supersecret host_fqdn_override: default: null hosts: default: ceph-rgw public: radosgw name: swift namespace: ceph path: default: /swift/v1/KEY_$(tenant_id)s port: api: default: 8088 public: 80 scheme: default: http oci_image_registry: auth: enabled: false glance: password: password username: glance host_fqdn_override: default: null hosts: default: localhost name: oci-image-registry namespace: oci-image-registry port: registry: default: null oslo_cache: auth: memcache_secret_key: 9NBH4SKkRUN3qSszrJrzWhWbHLybVTrm host_fqdn_override: default: null hosts: default: memcached port: memcache: default: 11211 oslo_db: auth: admin: password: 0f4B5pDtxsi8t1BaUgyy44r8hTuuIntb secret: tls: internal: mariadb-tls-direct username: root glance: password: IhUuCEEYKlP1YvHImfCqTZhZtUu6F2RG username: glance horizon: password: 7chb5TIlNV0JFu0aN52v6WJuArRkRHse keystone: password: rnmxnkkufnKPA3nKQ3TkycUYIvY1uyDA host_fqdn_override: default: null hosts: default: percona-xtradb-haproxy path: /glance port: mysql: default: 3306 scheme: mysql+pymysql oslo_messaging: auth: admin: password: NiK4Pg60YK2JerHWl3YKGtart3zv3QBO secret: tls: internal: rabbitmq-tls-direct username: default_user_zXjsaTNp9HxCZfF0P_0 glance: password: Y8bC2aHQwPXaO1JA8p2HWPBao4aMC7pu username: glance keystone: password: DTl0yNDraHiNIZi75lBfKTPDclVsYJY0 user: password: NiK4Pg60YK2JerHWl3YKGtart3zv3QBO username: default_user_zXjsaTNp9HxCZfF0P_0 host_fqdn_override: default: null hosts: default: rabbitmq-glance path: /glance port: amqp: default: 5672 http: default: 15672 scheme: rabbit helm-toolkit: global: {} helm3_hook: true images: local_registry: active: false exclude: - dep_check - image_repo_sync pull_policy: IfNotPresent tags: bootstrap: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:zed@sha256:dfef19701194b6e83952cfded644fdcaaa5a3137c156671d534c80e1ef9123b8 db_drop: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:zed@sha256:dfef19701194b6e83952cfded644fdcaaa5a3137c156671d534c80e1ef9123b8 db_init: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:zed@sha256:dfef19701194b6e83952cfded644fdcaaa5a3137c156671d534c80e1ef9123b8 dep_check: harbor.atmosphere.dev/ghcr.io/vexxhost/kubernetes-entrypoint:edge@sha256:8921b64b87af184a1421dd856b2703bcf3cff9f50863cd0d18371cf964a87bd3 glance_api: harbor.atmosphere.dev/ghcr.io/vexxhost/glance:zed@sha256:488df4341cd4e731e20ccf79b64fa7eee6af547b412b4986b9b066a325dabe70 glance_db_sync: harbor.atmosphere.dev/ghcr.io/vexxhost/glance:zed@sha256:488df4341cd4e731e20ccf79b64fa7eee6af547b412b4986b9b066a325dabe70 glance_metadefs_load: harbor.atmosphere.dev/ghcr.io/vexxhost/glance:zed@sha256:488df4341cd4e731e20ccf79b64fa7eee6af547b412b4986b9b066a325dabe70 glance_storage_init: harbor.atmosphere.dev/ghcr.io/vexxhost/glance:zed@sha256:488df4341cd4e731e20ccf79b64fa7eee6af547b412b4986b9b066a325dabe70 image_repo_sync: docker.io/docker:17.07.0 ks_endpoints: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:zed@sha256:dfef19701194b6e83952cfded644fdcaaa5a3137c156671d534c80e1ef9123b8 ks_service: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:zed@sha256:dfef19701194b6e83952cfded644fdcaaa5a3137c156671d534c80e1ef9123b8 ks_user: harbor.atmosphere.dev/ghcr.io/vexxhost/heat:zed@sha256:dfef19701194b6e83952cfded644fdcaaa5a3137c156671d534c80e1ef9123b8 rabbit_init: harbor.atmosphere.dev/docker.io/library/rabbitmq:3.10.2-management test: docker.io/xrally/xrally-openstack:2.0.0 keep_pvc: true labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled test: node_selector_key: openstack-control-plane node_selector_value: enabled manifests: certificates: false configmap_bin: true configmap_etc: true deployment_api: true ingress_api: false job_bootstrap: true job_clean: true job_db_drop: false job_db_init: true job_db_sync: true job_image_repo_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true job_metadefs_load: true job_rabbit_init: true job_storage_init: true network_policy: false pdb_api: true pod_rally_test: true pvc_images: true secret_db: true secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true secret_registry: true service_api: true service_ingress_api: false network: api: external_policy_local: false ingress: annotations: nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/rewrite-target: / classes: cluster: nginx-cluster namespace: nginx public: true node_port: enabled: false port: 30092 network_policy: glance: egress: - {} ingress: - {} pod: affinity: anti: topologyKey: default: kubernetes.io/hostname type: default: preferredDuringSchedulingIgnoredDuringExecution weight: default: 10 labels: include_app_kubernetes_io: false lifecycle: disruption_budget: api: min_available: 0 termination_grace_period: api: timeout: 30 upgrades: deployments: pod_replacement_strategy: RollingUpdate revision_history: 3 rolling_update: max_surge: 3 max_unavailable: 1 mounts: glance_api: glance_api: volumeMounts: null volumes: null init_container: null glance_db_sync: glance_db_sync: volumeMounts: null volumes: null glance_tests: glance_tests: volumeMounts: null volumes: null init_container: null probes: api: glance-api: liveness: enabled: true params: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 readiness: enabled: true params: periodSeconds: 10 timeoutSeconds: 5 replicas: api: 1 resources: api: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi enabled: false jobs: bootstrap: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi db_drop: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi db_init: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi db_sync: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi image_repo_sync: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi ks_endpoints: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi ks_service: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi ks_user: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi metadefs_load: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi rabbit_init: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi storage_init: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi tests: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi security_context: clean: container: glance_secret_clean: allowPrivilegeEscalation: false readOnlyRootFilesystem: true pod: runAsUser: 42424 glance: container: ceph_keyring_placement: readOnlyRootFilesystem: true runAsUser: 0 glance_api: allowPrivilegeEscalation: false capabilities: add: [] privileged: false readOnlyRootFilesystem: true glance_perms: readOnlyRootFilesystem: true runAsUser: 0 nginx: readOnlyRootFilesystem: false runAsUser: 0 pod: runAsUser: 42424 metadefs_load: container: glance_metadefs_load: allowPrivilegeEscalation: false readOnlyRootFilesystem: true pod: runAsUser: 42424 storage_init: container: ceph_keyring_placement: allowPrivilegeEscalation: false readOnlyRootFilesystem: true glance_storage_init: allowPrivilegeEscalation: false readOnlyRootFilesystem: true pod: runAsUser: 42424 test: container: glance_test: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 65500 glance_test_ks_user: allowPrivilegeEscalation: false readOnlyRootFilesystem: true pod: runAsUser: 42424 tolerations: glance: enabled: false tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists useHostNetwork: api: false release_group: null secrets: identity: admin: glance-keystone-admin glance: glance-keystone-user test: glance-keystone-test oci_image_registry: glance: glance-oci-image-registry oslo_db: admin: glance-db-admin glance: glance-db-user oslo_messaging: admin: glance-rabbitmq-admin glance: glance-rabbitmq-user rbd: images-rbd-keyring tls: image: api: internal: glance-tls-api public: glance-tls-public storage: rbd tls: identity: false oslo_db: false oslo_messaging: false volume: class_name: general size: 2Gi