{"id":433,"sha1":"61565a4715d0135c244ae0c3f346ef479140e4e3","playbook":{"id":4,"items":{"plays":104,"tasks":1377,"results":1365,"hosts":2,"files":504,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:39:52.478534Z","ended":"2025-12-08T14:14:54.510371Z","duration":"00:35:02.031837","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n## Verbosity Options\ndebug: false\n\n# Set installation method\nglance_install_method: \"{{ service_install_method | default('source') }}\"\nglance_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\nglance_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nglance_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (glance_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\nglance_package_state: \"{{ package_state | default('latest') }}\"\n\nglance_git_repo: https://opendev.org/openstack/glance\nglance_git_install_branch: master\nglance_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\nglance_git_constraints:\n - \"--constraint {{ glance_upper_constraints_url }}\"\n\nglance_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\nglance_venv_tag: \"{{ venv_tag | default('untagged') }}\"\nglance_bin: \"{{ _glance_bin }}\"\n\n# Set the etc dir path where glance is installed.\n# This is used for role access to the db migrations.\n# Example:\n# glance_etc_dir: \"/usr/local/etc/glance\"\nglance_etc_dir: \"/etc/glance\"\n\n# Enable/Disable Ceilometer\nglance_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\nglance_profiler_enabled: false\nglance_fatal_deprecations: false\n\n## System info\nglance_system_user_name: glance\nglance_system_group_name: glance\nglance_system_shell: /bin/false\nglance_system_comment: glance system user\nglance_system_user_home: \"/var/lib/{{ glance_system_user_name }}\"\n\n## Manually specified nova UID/GID\n# Deployers can specify a UID for the glance user as well as the GID for the\n# glance group if needed. This is commonly used in environments where shared\n# storage is used, such as NFS or GlusterFS, and glance UID/GID values must be\n# in sync between multiple servers.\n#\n# WARNING: Changing these values on an existing deployment can lead to\n# failures, errors, and instability.\n#\n# glance_system_user_uid: \n# glance_system_group_gid: \n\n# Variable can be either a string or a mapping. Valid keys are:\n# name, type, config\nglance_default_store: file\n# For support of multiple backends provide `glance_additional_stores` in the format:\n# glance_additional_stores:\n# - name: private_store\n# type: file\n# config:\n# filesystem_store_datadir: /private\nglance_additional_stores:\n - name: http\n type: http\n - name: cinder\n type: cinder\nglance_available_stores: \"{{ _glance_available_stores }}\"\nglance_available_store_types: \"{{ glance_available_stores | map(attribute='type') | list | unique }}\"\n\nglance_flavor: \"{% if 'rbd' in glance_available_store_types %}keystone{% else %}keystone+cachemanagement{% endif %}\"\nglance_show_image_direct_url: \"{{ 'rbd' in glance_available_store_types }}\"\nglance_show_multiple_locations: \"{{ 'rbd' in glance_available_store_types or 'cinder' in glance_available_store_types }}\"\n\nglance_memcached_servers: \"{{ memcached_servers }}\"\n\n## API options\nglance_enable_v2_api: true\n\n## Oslo Messaging Info\n\n# RPC\nglance_oslomsg_rpc_configure: false\nglance_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\nglance_oslomsg_rpc_setup_host: \"{{ (glance_oslomsg_rpc_host_group in groups) | ternary(groups[glance_oslomsg_rpc_host_group][0], 'localhost') }}\"\nglance_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\nglance_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\nglance_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\nglance_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\nglance_oslomsg_rpc_userid: glance\nglance_oslomsg_rpc_policies: []\n# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues\n# are not used - vhost name will be prefixed with leading `/`.\nglance_oslomsg_rpc_vhost:\n - name: /glance\n state: \"{{ glance_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: glance\n state: \"{{ glance_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\nglance_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\nglance_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\n\n# Notify\nglance_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(glance_ceilometer_enabled) }}\"\nglance_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\nglance_oslomsg_notify_setup_host: \"{{ (glance_oslomsg_notify_host_group in groups) | ternary(groups[glance_oslomsg_notify_host_group][0], 'localhost') }}\"\nglance_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\nglance_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\nglance_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\nglance_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\nglance_oslomsg_notify_userid: \"{{ glance_oslomsg_rpc_userid }}\"\nglance_oslomsg_notify_password: \"{{ glance_oslomsg_rpc_password }}\"\nglance_oslomsg_notify_vhost: \"{{ glance_oslomsg_rpc_vhost }}\"\nglance_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\nglance_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\nglance_oslomsg_notify_policies: []\n\n## RabbitMQ integration\nglance_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\nglance_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(glance_oslomsg_rabbit_quorum_queues) }}\"\nglance_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(glance_oslomsg_rabbit_stream_fanout) }}\"\nglance_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(glance_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\nglance_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(glance_oslomsg_rabbit_quorum_queues) }}\"\nglance_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\nglance_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\n\n## Database info\nglance_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\nglance_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (glance_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\nglance_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\nglance_galera_database: glance\nglance_galera_user: glance\nglance_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\nglance_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\nglance_galera_port: \"{{ galera_port | default('3306') }}\"\nglance_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\nglance_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\nglance_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\nglance_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n\nglance_api_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nglance_api_service_port: 9292\n\n## Service Type and Data\nglance_service_region: \"{{ service_region | default('RegionOne') }}\"\nglance_service_name: glance\nglance_service_port: 9292\nglance_service_proto: http\nglance_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(glance_service_proto) }}\"\nglance_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(glance_service_proto) }}\"\nglance_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(glance_service_proto) }}\"\nglance_service_type: image\nglance_service_description: \"Glance Image Service\"\nglance_service_project_name: service\nglance_service_project_domain_id: default\n# List of roles assigned to glance_service_user_name\nglance_service_role_names:\n - admin\n - service\n\n# List of roles for which service tokens will be accepted\nglance_service_token_roles:\n - service\nglance_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\nglance_service_user_domain_id: default\nglance_service_user_name: glance\nglance_service_publicuri: \"{{ glance_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ glance_service_port }}\"\nglance_service_publicurl: \"{{ glance_service_publicuri }}\"\nglance_service_internaluri: \"{{ glance_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}\"\nglance_service_internalurl: \"{{ glance_service_internaluri }}\"\nglance_service_adminuri: \"{{ glance_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}\"\nglance_service_adminurl: \"{{ glance_service_adminuri }}\"\n\n## Enable automatic parsing of X-Forwarded-Proto, etc. headers passed by the\n## load balancer.\nglance_proxy_headers_parsing: true\n\n# Enable/Disable barbican configurations\nglance_barbican_enabled: \"{{ (groups['barbican_all'] is defined) and (groups['barbican_all'] | length > 0) }}\"\n\n## Swift Options\nglance_swift_store_auth_address: \"{{ keystone_service_internalurl }}\"\nglance_swift_store_auth_insecure: \"{{ keystone_service_internaluri_insecure }}\"\nglance_swift_store_auth_version: 3\nglance_swift_store_user_domain: default\nglance_swift_store_project_domain: default\nglance_swift_store_user: \"service:{{ glance_service_user_name }}\"\nglance_swift_store_key: \"{{ glance_service_password }}\"\nglance_swift_store_region: \"{{ glance_service_region }}\"\nglance_swift_store_container: glance_images\nglance_swift_store_endpoint_type: internalURL\n# Set the swift_store_large_objects variables in MB\nglance_swift_store_large_object_size: 5120\nglance_swift_store_large_object_chunk_size: 200\n\n## Keystone authentication middleware\nglance_keystone_auth_plugin: password\n\n## Glance config\nglance_image_cache_max_size: 10737418240\nglance_image_cache_stall_time: 86400\n\n# CORS options\nglance_cors_allowed_origin: \"{{ openstack_service_publicuri_proto | default('http') + '://' + external_lb_vip_address }}\"\n# If ``glance_api_workers`` is unset the system will use half the number of available VCPUS to\n# compute the number of api workers to use.\n# glance_api_workers: 16\n\n## Cap the maximum number of threads / workers when a user value is unspecified.\nglance_api_threads_max: 16\nglance_api_threads: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max, glance_api_threads_max] | min }}\n\nglance_task_executor: taskflow\nglance_digest_algorithm: sha256\nglance_http_keepalive: true\n\n## Glance policy\nglance_policy_file: policy.yaml\nglance_policy_default_rule: default\nglance_policy_dirs: policy.d\n\n# Define nfs information to enable nfs shares as mounted directories for\n# glance. The ``glance_remote_client`` value is a list of dictionaries that must\n# be filled out completely to enable the persistent remote FS mounts (like NFS).\nglance_images_local_directory: \"{{ glance_nfs_local_directory | default('images') }}\"\nglance_remote_client: \"{{ glance_nfs_client | default([]) }}\"\n\n# Example of the expected dict structure:\n#\n# glance_remote_client:\n# - what: \"127.0.0.1:/images\" ## Hostname or IP address of Server and path on it\n# where: \"/var/lib/glance/images\" ## Local path on machine\n# type: \"nfs\" ## This can be nfs or nfs4\n# options: \"_netdev,auto\" ## Mount options\n# config_overrides: \"{}\" ## Override dictionary for unit file\n\n## Policy vars\n# Provide a list of access controls to update the default policy.json with. These changes will be merged\n# with the access controls in the default policy.json. E.g.\n# glance_policy_overrides:\n# \"add_image\": \"\"\n# \"delete_image\": \"\"\n\n## Ceph rbd Options\nglance_ceph_client: glance\nglance_rbd_store_pool: images\nglance_rbd_store_user: \"{{ glance_ceph_client }}\"\nglance_rbd_store_chunk_size: 8\n\nglance_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\n# Common pip packages\nglance_pip_packages:\n - \"git+{{ glance_git_repo }}@{{ glance_git_install_branch }}#egg=glance\"\n - cryptography\n - keystonemiddleware\n - os-brick\n - oslo.rootwrap\n - osprofiler\n - PyMySQL\n - pymemcache\n - python-cinderclient\n - python-glanceclient\n - python-keystoneclient\n - python-memcached\n - python-swiftclient\n - systemd-python\n - warlock\n - \"{{ ('s3' in glance_available_store_types) | ternary('boto3', '') }}\"\n\n# Specific pip packages provided by the user\nglance_user_pip_packages: []\nglance_api_init_overrides: {}\n\n# With enabled uwsgi glance has broken functionality of\n# the interoperable import feature (and maybe smth else)\nglance_use_uwsgi: true\n\n## Service Names\nglance_services:\n glance-api:\n group: glance_api\n service_name: glance-api\n init_config_overrides: \"{{ glance_api_init_overrides }}\"\n start_order: 1\n execstarts: \"{{ glance_bin }}/glance-api\"\n wsgi_app: \"{{ glance_use_uwsgi }}\"\n wsgi: \"glance.wsgi.api:application\"\n uwsgi_overrides: \"{{ glance_api_uwsgi_ini_overrides }}\"\n uwsgi_bind_address: \"{{ glance_api_bind_address }}\"\n uwsgi_port: \"{{ glance_api_service_port }}\"\n uwsgi_tls: \"{{ glance_backend_ssl | ternary(glance_uwsgi_tls, {}) }}\"\n\n# Glance uWSGI settings\nglance_wsgi_processes_max: 16\nglance_wsgi_processes: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, glance_wsgi_processes_max] | min }}\nglance_wsgi_threads: 1\nglance_uwsgi_tls:\n crt: \"{{ glance_ssl_cert }}\"\n key: \"{{ glance_ssl_key }}\"\n\n## Tunable overrides\nglance_glance_api_paste_ini_overrides: {}\nglance_glance_api_conf_overrides: {}\nglance_glance_cache_conf_overrides: {}\nglance_glance_manage_conf_overrides: {}\nglance_glance_scrubber_conf_overrides: {}\nglance_glance_scheme_json_overrides: {}\nglance_glance_swift_store_conf_overrides: {}\nglance_policy_overrides: {}\nglance_policy_content: {}\nglance_api_uwsgi_ini_overrides: {}\nglance_rootwrap_conf_overrides: {}\n\n# Specify path on the local filesystem for glance-image-import.conf\n# glance_glance_image_import_conf_location: /path/to/local/glance-image-import.conf\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS(works only with uWSGI).\nglance_backend_ssl: \"{{ glance_use_uwsgi | ternary(openstack_service_backend_ssl | default(False), False) }}\"\n\n# Storage location for SSL certificate authority\nglance_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\nglance_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# Glance server certificate\nglance_pki_keys_path: \"{{ glance_pki_dir ~ '/certs/private/' }}\"\nglance_pki_certs_path: \"{{ glance_pki_dir ~ '/certs/certs/' }}\"\nglance_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\nglance_pki_regen_cert: \"\"\nglance_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\nglance_pki_certificates:\n - name: \"glance_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ glance_pki_san }}\"\n signed_by: \"{{ glance_pki_intermediate_cert_name }}\"\n\n# Glance destination files for SSL certificates\nglance_ssl_cert: /etc/glance/glance.pem\nglance_ssl_key: /etc/glance/glance.key\n\n# Installation details for SSL certificates\nglance_pki_install_certificates:\n - src: \"{{ glance_user_ssl_cert | default(glance_pki_certs_path ~ 'glance_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ glance_ssl_cert }}\"\n owner: \"{{ glance_system_user_name }}\"\n group: \"{{ glance_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ glance_user_ssl_key | default(glance_pki_keys_path ~ 'glance_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ glance_ssl_key }}\"\n owner: \"{{ glance_system_user_name }}\"\n group: \"{{ glance_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# glance_user_ssl_cert: \n# glance_user_ssl_key: \n\n# Glance property protection\nglance_property_protection_file: \"property-protection.conf\"\nglance_property_protection_rule_format: roles\n# Expected dict structure example:\n# glance_property_protection_file_overrides:\n# protected_property1:\n# create: admin,member\n# read: admin,member,reader\n# update: admin\n# delete: admin\n# .*:\n# create: admin,member\n# read: admin,member,reader\n# update: admin,member\n# delete: admin,member\nglance_property_protection_file_overrides: {}\n","created":"2025-12-08T13:39:56.293263Z","updated":"2025-12-08T13:39:56.293291Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_glance/defaults/main.yml"}