···
1
+
{ config, lib, pkgs, ... }:
3
+
with lib; with import ./common.nix {inherit lib;};
6
+
cfg = config.virtualisation.openstack.glance;
9
+
connection = "mysql://${cfg.database.user}:${cfg.database.password.pattern}@${cfg.database.host}/${cfg.database.name}"
10
+
notification_driver = noop
12
+
[keystone_authtoken]
13
+
auth_url = ${cfg.authUrl}
14
+
auth_plugin = password
15
+
project_name = service
16
+
project_domain_id = default
17
+
user_domain_id = default
18
+
username = ${cfg.serviceUsername}
19
+
password = ${cfg.servicePassword.pattern}
22
+
default_store = file
23
+
filesystem_store_datadir = /var/lib/glance/images/
25
+
glanceApiConfTpl = pkgs.writeText "glance-api.conf" ''
30
+
config_file = ${cfg.package}/etc/glance-api-paste.ini
32
+
glanceRegistryConfTpl = pkgs.writeText "glance-registry.conf" ''
36
+
config_file = ${cfg.package}/etc/glance-registry-paste.ini
38
+
glanceApiConf = "/var/lib/glance/glance-api.conf";
39
+
glanceRegistryConf = "/var/lib/glance/glance-registry.conf";
42
+
options.virtualisation.openstack.glance = {
43
+
package = mkOption {
44
+
type = types.package;
45
+
example = literalExample "pkgs.glance";
47
+
Glance package to use.
55
+
This option enables Glance as a single-machine
56
+
installation. That is, all of Glance's components are
57
+
enabled on this machine. This is useful for evaluating and
58
+
experimenting with Glance. Note we are currently not
59
+
providing any configurations for a multi-node setup.
63
+
authUrl = mkOption {
65
+
default = http://localhost:5000;
67
+
Complete public Identity (Keystone) API endpoint. Note this is
72
+
serviceUsername = mkOption {
76
+
The Glance service username. This user is created if bootstrap
77
+
is enable, otherwise it has to be manually created before
78
+
starting this service.
82
+
servicePassword = mkSecretOption {
83
+
name = "glanceAdminPassword";
85
+
The Glance service user's password.
89
+
database = databaseOption "glance";
96
+
Bootstrap the Glance service by creating the service tenant,
97
+
an admin account and a public endpoint. This option provides
98
+
a ready-to-use glance service. This is only done at the
99
+
first Glance execution by the systemd post start section.
100
+
The keystone admin account is used to create required
101
+
Keystone resource for the Glance service.
103
+
<note><para> This option is a helper for setting up
104
+
development or testing environments.</para></note>
108
+
endpointPublic = mkOption {
110
+
default = "http://localhost:9292";
112
+
The public image endpoint. The link <link
113
+
xlink:href="http://docs.openstack.org/liberty/install-guide-rdo/keystone-services.html">
114
+
create endpoint</link> provides more informations
119
+
keystoneAdminUsername = mkOption {
123
+
The keystone admin user name used to create the Glance account.
127
+
keystoneAdminPassword = mkSecretOption {
128
+
name = "keystoneAdminPassword";
130
+
The keystone admin user's password.
134
+
keystoneAdminTenant = mkOption {
138
+
The keystone admin tenant used to create the Glance account.
141
+
keystoneAuthUrl = mkOption {
143
+
default = "http://localhost:5000/v2.0";
145
+
The keystone auth url used to create the Glance account.
151
+
config = mkIf cfg.enable {
152
+
# Note: when changing the default, make it conditional on
153
+
# ‘system.stateVersion’ to maintain compatibility with existing
155
+
virtualisation.openstack.glance.package = mkDefault pkgs.glance;
157
+
users.extraUsers = [{
160
+
uid = config.ids.gids.glance;
163
+
users.extraGroups = [{
165
+
gid = config.ids.gids.glance;
168
+
systemd.services.glance-registry = {
169
+
description = "OpenStack Glance Registry Daemon";
170
+
after = [ "network.target"];
171
+
path = [ pkgs.curl pkgs.pythonPackages.keystoneclient pkgs.gawk ];
172
+
wantedBy = [ "multi-user.target" ];
174
+
mkdir -m 775 -p /var/lib/glance/{images,scrubber,image_cache}
175
+
chown glance:glance /var/lib/glance/{images,scrubber,image_cache}
177
+
# Secret file managment
178
+
cp ${glanceRegistryConfTpl} ${glanceRegistryConf};
179
+
chown glance:glance ${glanceRegistryConf};
180
+
chmod 640 ${glanceRegistryConf}
181
+
${replaceSecret cfg.database.password glanceRegistryConf}
182
+
${replaceSecret cfg.servicePassword glanceRegistryConf}
184
+
cp ${glanceApiConfTpl} ${glanceApiConf};
185
+
chown glance:glance ${glanceApiConf};
186
+
chmod 640 ${glanceApiConf}
187
+
${replaceSecret cfg.database.password glanceApiConf}
188
+
${replaceSecret cfg.servicePassword glanceApiConf}
190
+
# Initialise the database
191
+
${cfg.package}/bin/glance-manage --config-file=${glanceApiConf} --config-file=${glanceRegistryConf} db_sync
195
+
export OS_AUTH_URL=${cfg.bootstrap.keystoneAuthUrl}
196
+
export OS_USERNAME=${cfg.bootstrap.keystoneAdminUsername}
197
+
export OS_PASSWORD=${getSecret cfg.bootstrap.keystoneAdminPassword}
198
+
export OS_TENANT_NAME=${cfg.bootstrap.keystoneAdminTenant}
200
+
# Wait until the keystone is available for use
202
+
while ! keystone user-get ${cfg.bootstrap.keystoneAdminUsername} > /dev/null
204
+
if [ $count -eq 30 ]
206
+
echo "Tried 30 times, giving up..."
210
+
echo "Keystone not yet started. Waiting for 1 second..."
215
+
# If the service glance doesn't exist, we consider glance is
217
+
if ! keystone service-get glance
219
+
keystone service-create --type image --name glance
220
+
ID=$(keystone service-get glance | awk '/ id / { print $4 }')
221
+
keystone endpoint-create --region RegionOne --service $ID --internalurl http://localhost:9292 --adminurl http://localhost:9292 --publicurl ${cfg.bootstrap.endpointPublic}
223
+
keystone user-create --name ${cfg.serviceUsername} --tenant service --pass ${getSecret cfg.servicePassword}
224
+
keystone user-role-add --tenant service --user ${cfg.serviceUsername} --role admin
228
+
PermissionsStartOnly = true; # preStart must be run as root
229
+
TimeoutStartSec = "600"; # 10min for initial db migrations
232
+
ExecStart = "${cfg.package}/bin/glance-registry --config-file=${glanceRegistryConf}";
235
+
systemd.services.glance-api = {
236
+
description = "OpenStack Glance API Daemon";
237
+
after = [ "glance-registry.service" "network.target"];
238
+
requires = [ "glance-registry.service" "network.target"];
239
+
wantedBy = [ "multi-user.target" ];
241
+
PermissionsStartOnly = true; # preStart must be run as root
244
+
ExecStart = "${cfg.package}/bin/glance-api --config-file=${glanceApiConf}";
pyrox.dev