Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 916968938eed5d542f3c8dc04fcb544e82c9706f / . / charts / manila / values.yaml
blob: 76e19d36dda6239c3965193cdaa56597adff4a06 [file] [log] [blame]
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for manila.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19labels:
20 api:
21 node_selector_key: openstack-control-plane
22 node_selector_value: enabled
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]23 data:
24 node_selector_key: openstack-control-plane
25 node_selector_value: enabled
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]26 scheduler:
27 node_selector_key: openstack-control-plane
28 node_selector_value: enabled
29 share:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32 job:
33 node_selector_key: openstack-control-plane
34 node_selector_value: enabled
35 test:
36 node_selector_key: openstack-control-plane
37 node_selector_value: enabled
38
39release_group: null
40
41# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
42# Set to false to upgrade using helm2
43helm3_hook: true
44
45images:
46 tags:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]47 bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]48 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]49 db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
50 manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal
51 db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
52 ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal
53 ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal
54 ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal
55 manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal
56 manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal
57 manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal
58 manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]59 rabbit_init: docker.io/rabbitmq:3.7-management
60 image_repo_sync: docker.io/docker:17.07.0
61 pull_policy: "IfNotPresent"
62 local_registry:
63 active: false
64 exclude:
65 - dep_check
66 - image_repo_sync
67
68pod:
69 security_context:
70 manila:
71 pod:
72 runAsUser: 42424
73 container:
74 manila_api:
75 allowPrivilegeEscalation: false
76 readOnlyRootFilesystem: true
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]77 manila_data:
78 allowPrivilegeEscalation: false
79 readOnlyRootFilesystem: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]80 manila_scheduler:
81 allowPrivilegeEscalation: false
82 readOnlyRootFilesystem: true
83 manila_share:
84 readOnlyRootFilesystem: true
85 privileged: true
86 test:
87 pod:
88 runAsUser: 42424
89 container:
90 manila_test:
91 allowPrivilegeEscalation: false
92 readOnlyRootFilesystem: true
93 affinity:
94 anti:
95 type:
96 default: preferredDuringSchedulingIgnoredDuringExecution
97 topologyKey:
98 default: kubernetes.io/hostname
99 weight:
100 default: 10
101 tolerations:
102 manila:
103 enabled: false
104 tolerations:
105 - key: node-role.kubernetes.io/master
106 operator: Exists
107 effect: NoSchedule
108 mounts:
109 manila_api:
110 init_container: null
111 manila_api:
112 volumeMounts:
113 volumes:
114 manila_scheduler:
115 init_container: null
116 manila_scheduler:
117 volumeMounts:
118 volumes:
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]119 manila_data:
120 init_container: null
121 manila_data:
122 volumeMounts:
123 volumes:
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]124 manila_share:
125 init_container: null
126 manila_share:
127 volumeMounts:
128 volumes:
129 manila_bootstrap:
130 init_container: null
131 manila_bootstrap:
132 volumeMounts:
133 volumes:
134 manila_tests:
135 init_container: null
136 manila_tests:
137 volumeMounts:
138 volumes:
139 manila_db_sync:
140 manila_db_sync:
141 volumeMounts:
142 volumes:
143 replicas:
144 api: 1
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]145 data: 1
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]146 scheduler: 1
147 share: 1
148 lifecycle:
149 upgrades:
150 deployments:
151 revision_history: 3
152 pod_replacement_strategy: RollingUpdate
153 rolling_update:
154 max_unavailable: 1
155 max_surge: 3
156 disruption_budget:
157 api:
158 min_available: 0
159 sheduler:
160 min_available: 0
161 share:
162 min_available: 0
163 resources:
164 enabled: false
165 api:
166 requests:
167 memory: "128Mi"
168 cpu: "100m"
169 limits:
170 memory: "1024Mi"
171 cpu: "2000m"
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]172 data:
173 requests:
174 memory: "128Mi"
175 cpu: "100m"
176 limits:
177 memory: "1024Mi"
178 cpu: "2000m"
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]179 scheduler:
180 requests:
181 memory: "128Mi"
182 cpu: "100m"
183 limits:
184 memory: "1024Mi"
185 cpu: "2000m"
186 share:
187 requests:
188 memory: "128Mi"
189 cpu: "100m"
190 limits:
191 memory: "1024Mi"
192 cpu: "2000m"
193 jobs:
194 bootstrap:
195 requests:
196 memory: "128Mi"
197 cpu: "100m"
198 limits:
199 memory: "1024Mi"
200 cpu: "2000m"
201 db_init:
202 requests:
203 memory: "128Mi"
204 cpu: "100m"
205 limits:
206 memory: "1024Mi"
207 cpu: "2000m"
208 db_sync:
209 requests:
210 memory: "128Mi"
211 cpu: "100m"
212 limits:
213 memory: "1024Mi"
214 cpu: "2000m"
215 db_drop:
216 requests:
217 memory: "128Mi"
218 cpu: "100m"
219 limits:
220 memory: "1024Mi"
221 cpu: "2000m"
222 rabbit_init:
223 requests:
224 memory: "128Mi"
225 cpu: "100m"
226 limits:
227 memory: "1024Mi"
228 cpu: "2000m"
229 ks_endpoints:
230 requests:
231 memory: "128Mi"
232 cpu: "100m"
233 limits:
234 memory: "1024Mi"
235 cpu: "2000m"
236 ks_service:
237 requests:
238 memory: "128Mi"
239 cpu: "100m"
240 limits:
241 memory: "1024Mi"
242 cpu: "2000m"
243 ks_user:
244 requests:
245 memory: "128Mi"
246 cpu: "100m"
247 limits:
248 memory: "1024Mi"
249 cpu: "2000m"
250 tests:
251 requests:
252 memory: "128Mi"
253 cpu: "100m"
254 limits:
255 memory: "1024Mi"
256 cpu: "2000m"
257 image_repo_sync:
258 requests:
259 memory: "128Mi"
260 cpu: "100m"
261 limits:
262 memory: "1024Mi"
263 cpu: "2000m"
264
265network:
266 api:
267 ingress:
268 public: true
269 classes:
270 namespace: "nginx"
271 cluster: "nginx-cluster"
272 annotations:
273 nginx.ingress.kubernetes.io/rewrite-target: /
274 external_policy_local: false
275 node_port:
276 enabled: false
277 port: 30486
278
279network_policy:
280 manila:
281 ingress:
282 - {}
283 egress:
284 - {}
285
286bootstrap:
287 enabled: true
288 ks_user: admin
289 script: null
290 structured:
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]291 flavors:
292 manila-service-flavor:
293 id: 100
294 name: "manila-service-flavor"
295 ram: 512
296 vcpus: 1
297 disk: 5
298 ephemeral: 0
299 public: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]300 images:
301 manila-service-image:
302 id: null
303 name: "manila-service-image"
304 source_url: "https://tarballs.opendev.org/openstack/manila-image-elements/images/"
305 image_file: "manila-service-image-master.qcow2"
306 image_type: qcow2
307 container_format: bare
308 private: false
309
310dependencies:
311 dynamic:
312 common:
313 local_image_registry:
314 jobs:
315 - manila-image-repo-sync
316 services:
317 - endpoint: node
318 service: local_image_registry
319 static:
320 api:
321 jobs:
322 - manila-db-sync
323 - manila-ks-user
324 - manila-ks-endpoints
325 - manila-rabbit-init
326 services:
327 - endpoint: internal
328 service: oslo_db
329 - endpoint: internal
330 service: identity
331 - endpoint: internal
332 service: oslo_messaging
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]333 data:
334 jobs:
335 - manila-db-sync
336 - manila-ks-user
337 - manila-ks-endpoints
338 - manila-rabbit-init
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]339 scheduler:
340 jobs:
341 - manila-db-sync
342 - manila-ks-user
343 - manila-ks-endpoints
344 - manila-rabbit-init
345 services:
346 - endpoint: internal
347 service: oslo_db
348 - endpoint: internal
349 service: identity
350 - endpoint: internal
351 service: oslo_messaging
352 share:
353 # pod:
354 # - requireSameNode: true
355 # labels:
356 # application: openvswitch
357 # component: server
358 jobs:
359 - manila-db-sync
360 - manila-ks-user
361 - manila-ks-endpoints
362 - manila-rabbit-init
363 services:
364 - endpoint: internal
365 service: oslo_db
366 - endpoint: internal
367 service: identity
368 - endpoint: internal
369 service: oslo_messaging
370 db_drop:
371 services:
372 - endpoint: internal
373 service: oslo_db
374 db_init:
375 services:
376 - endpoint: internal
377 service: oslo_db
378 db_sync:
379 jobs:
380 - manila-db-init
381 services:
382 - endpoint: internal
383 service: oslo_db
384 image_repo_sync:
385 services:
386 - endpoint: internal
387 service: local_image_registry
388 ks_endpoints:
389 jobs:
390 - manila-ks-service
391 services:
392 - endpoint: internal
393 service: identity
394 ks_service:
395 services:
396 - endpoint: internal
397 service: identity
398 ks_user:
399 services:
400 - endpoint: internal
401 service: identity
402 rabbit_init:
403 services:
404 - endpoint: internal
405 service: oslo_messaging
406
407conf:
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]408 paste:
409 composite:osapi_share:
410 use: call:manila.api:root_app_factory
411 /: apiversions
412 /healthcheck: healthcheck
413 /v1: openstack_share_api
414 /v2: openstack_share_api_v2
415 composite:openstack_share_api:
416 use: call:manila.api.middleware.auth:pipeline_factory
417 noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api
418 keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
419 keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
420 composite:openstack_share_api_v2:
421 use: call:manila.api.middleware.auth:pipeline_factory
422 noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2
423 noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2
424 keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
425 keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
426 filter:faultwrap:
427 paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory
428 filter:noauth:
429 paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory
430 filter:noauthv2:
431 paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory
432 filter:sizelimit:
433 paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
434 filter:osprofiler:
435 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
436 filter:http_proxy_to_wsgi:
437 paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
438 app:api:
439 paste.app_factory: manila.api.v1.router:APIRouter.factory
440 app:apiv2:
441 paste.app_factory: manila.api.v2.router:APIRouter.factory
442 pipeline:apiversions:
443 pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp
444 app:osshareversionapp:
445 paste.app_factory: manila.api.versions:VersionsRouter.factory
446 filter:keystonecontext:
447 paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory
448 filter:authtoken:
449 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
450 filter:cors:
451 paste.filter_factory: oslo_middleware.cors:filter_factory
452 oslo_config_project: manila
453 app:healthcheck:
454 paste.app_factory: oslo_middleware:Healthcheck.app_factory
455 backends: disable_by_file
456 disable_by_file_path: /etc/manila/healthcheck_disable
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]457 policy: {}
458 manila_sudoers: |
459 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
460 Defaults !requiretty
461 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
462 manila ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/manila-rootwrap /etc/manila/rootwrap.conf *, /var/lib/openstack/bin/manila-rootwrap /etc/manila/rootwrap.conf *
463 rootwrap_filters:
464 share:
465 pods:
466 - share
467 content: |
468 # manila-rootwrap command filters for share nodes
469 # This file should be owned by (and only-writeable by) the root user
470
471 [Filters]
472 # manila/utils.py : 'chown', '%s', '%s'
473 chown: CommandFilter, chown, root
474 # manila/utils.py : 'cat', '%s'
475 cat: CommandFilter, cat, root
476
477 # manila/share/drivers/lvm.py: 'mkfs.ext4', '/dev/mapper/%s'
478 mkfs.ext4: CommandFilter, mkfs.ext4, root
479
480 # manila/share/drivers/lvm.py: 'mkfs.ext3', '/dev/mapper/%s'
481 mkfs.ext3: CommandFilter, mkfs.ext3, root
482
483 # manila/share/drivers/lvm.py: 'smbd', '-s', '%s', '-D'
484 smbd: CommandFilter, smbd, root
485 smb: CommandFilter, smb, root
486
487 # manila/share/drivers/lvm.py: 'rmdir', '%s'
488 rmdir: CommandFilter, rmdir, root
489
490 # manila/share/drivers/lvm.py: 'dd' 'count=0', 'if=%s' % srcstr, 'of=%s'
491 dd: CommandFilter, dd, root
492
493 # manila/share/drivers/lvm.py: 'fsck', '-pf', %s
494 fsck: CommandFilter, fsck, root
495
496 # manila/share/drivers/lvm.py: 'resize2fs', %s
497 resize2fs: CommandFilter, resize2fs, root
498
499 # manila/share/drivers/helpers.py: 'smbcontrol', 'all', 'close-share', '%s'
500 smbcontrol: CommandFilter, smbcontrol, root
501
502 # manila/share/drivers/helpers.py: 'net', 'conf', 'addshare', '%s', '%s', 'writeable=y', 'guest_ok=y
503 # manila/share/drivers/helpers.py: 'net', 'conf', 'delshare', '%s'
504 # manila/share/drivers/helpers.py: 'net', 'conf', 'setparm', '%s', '%s', '%s'
505 # manila/share/drivers/helpers.py: 'net', 'conf', 'getparm', '%s', 'hosts allow'
506 net: CommandFilter, net, root
507
508 # manila/share/drivers/helpers.py: 'cp', '%s', '%s'
509 cp: CommandFilter, cp, root
510
511 # manila/share/drivers/helpers.py: 'service', '%s', '%s'
512 service: CommandFilter, service, root
513
514 # manila/share/drivers/lvm.py: 'lvremove', '-f', "%s/%s
515 lvremove: CommandFilter, lvremove, root
516
517 # manila/share/drivers/lvm.py: 'lvextend', '-L', '%sG''-n', %s
518 lvextend: CommandFilter, lvextend, root
519
520 # manila/share/drivers/lvm.py: 'lvcreate', '-L', %s, '-n', %s
521 lvcreate: CommandFilter, lvcreate, root
522
523 # manila/share/drivers/lvm.py: 'vgs', '--noheadings', '-o', 'name'
524 # manila/share/drivers/lvm.py: 'vgs', %s, '--rows', '--units', 'g'
525 vgs: CommandFilter, vgs, root
526
527 # manila/share/drivers/lvm.py: 'tune2fs', '-U', 'random', '%volume-snapshot%'
528 tune2fs: CommandFilter, tune2fs, root
529
530 # manila/share/drivers/generic.py: 'sed', '-i', '\'/%s/d\'', '%s'
531 sed: CommandFilter, sed, root
532
533 # manila/share/drivers/glusterfs.py: 'mkdir', '%s'
534 # manila/share/drivers/ganesha/manager.py: 'mkdir', '-p', '%s'
535 mkdir: CommandFilter, mkdir, root
536
537 # manila/share/drivers/glusterfs.py: 'rm', '-rf', '%s'
538 rm: CommandFilter, rm, root
539
540 # manila/share/drivers/glusterfs.py: 'mount', '-t', 'glusterfs', '%s', '%s'
541 # manila/share/drivers/glusterfs/glusterfs_native.py: 'mount', '-t', 'glusterfs', '%s', '%s'
542 mount: CommandFilter, mount, root
543
544 # manila/share/drivers/glusterfs.py: 'gluster', '--xml', 'volume', 'info', '%s'
545 # manila/share/drivers/glusterfs.py: 'gluster', 'volume', 'set', '%s', 'nfs.export-dir', '%s'
546 gluster: CommandFilter, gluster, root
547
548 # manila/network/linux/ip_lib.py: 'ip', 'netns', 'exec', '%s', '%s'
549 ip: CommandFilter, ip, root
550
551 # manila/network/linux/interface.py: 'ovs-vsctl', 'add-port', '%s', '%s'
552 ovs-vsctl: CommandFilter, ovs-vsctl, root
553
554 # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '!', '-path', '%s', '!', '-path', '%s', '-delete'
555 # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '-delete'
556 find: CommandFilter, find, root
557
558 # manila/share/drivers/glusterfs/glusterfs_native.py: 'umount', '%s'
559 umount: CommandFilter, umount, root
560
561 # GPFS commands
562 # manila/share/drivers/ibm/gpfs.py: 'mmgetstate', '-Y'
563 mmgetstate: CommandFilter, mmgetstate, root
564 # manila/share/drivers/ibm/gpfs.py: 'mmlsattr', '%s'
565 mmlsattr: CommandFilter, mmlsattr, root
566 # manila/share/drivers/ibm/gpfs.py: 'mmcrfileset', '%s', '%s', '--inode-space', 'new'
567 mmcrfileset: CommandFilter, mmcrfileset, root
568 # manila/share/drivers/ibm/gpfs.py: 'mmlinkfileset', '%s', '%s', '-J', '%s'
569 mmlinkfileset: CommandFilter, mmlinkfileset, root
570 # manila/share/drivers/ibm/gpfs.py: 'mmsetquota', '-j', '%s', '-h', '%s', '%s'
571 mmsetquota: CommandFilter, mmsetquota, root
572 # manila/share/drivers/ibm/gpfs.py: 'mmunlinkfileset', '%s', '%s', '-f'
573 mmunlinkfileset: CommandFilter, mmunlinkfileset, root
574 # manila/share/drivers/ibm/gpfs.py: 'mmdelfileset', '%s', '%s', '-f'
575 mmdelfileset: CommandFilter, mmdelfileset, root
576 # manila/share/drivers/ibm/gpfs.py: 'mmcrsnapshot', '%s', '%s', '-j', '%s'
577 mmcrsnapshot: CommandFilter, mmcrsnapshot, root
578 # manila/share/drivers/ibm/gpfs.py: 'mmdelsnapshot', '%s', '%s', '-j', '%s'
579 mmdelsnapshot: CommandFilter, mmdelsnapshot, root
580 # manila/share/drivers/ibm/gpfs.py: 'rsync', '-rp', '%s', '%s'
581 rsync: CommandFilter, rsync, root
582 # manila/share/drivers/ibm/gpfs.py: 'exportfs'
583 exportfs: CommandFilter, exportfs, root
584 # manila/share/drivers/ibm/gpfs.py: 'stat', '--format=%F', '%s'
585 stat: CommandFilter, stat, root
586 # manila/share/drivers/ibm/gpfs.py: 'df', '-P', '-B', '1', '%s'
587 df: CommandFilter, df, root
588 # manila/share/drivers/ibm/gpfs.py: 'chmod', '777', '%s'
589 chmod: CommandFilter, chmod, root
590 # manila/share/drivers/ibm/gpfs.py: 'mmnfs', 'export', '%s', '%s'
591 mmnfs: CommandFilter, mmnfs, root
592 # manila/share/drivers/ibm/gpfs.py: 'mmlsfileset', '%s', '-J', '%s', '-L'
593 mmlsfileset: CommandFilter, mmlsfileset, root
594 # manila/share/drivers/ibm/gpfs.py: 'mmchfileset', '%s', '-J', '%s', '-j', '%s'
595 mmchfileset: CommandFilter, mmchfileset, root
596 # manila/share/drivers/ibm/gpfs.py: 'mmlsquota', '-j', '-J', '%s', '%s'
597 mmlsquota: CommandFilter, mmlsquota, root
598
599 # manila/share/drivers/ganesha/manager.py: 'mv', '%s', '%s'
600 mv: CommandFilter, mv, root
601
602 # manila/share/drivers/ganesha/manager.py: 'mktemp', '-p', '%s', '-t', '%s'
603 mktemp: CommandFilter, mktemp, root
604
605 # manila/share/drivers/ganesha/manager.py:
606 shcat: RegExpFilter, sh, root, sh, -c, echo '((.|\n)*)' > /.*
607
608 # manila/share/drivers/ganesha/manager.py:
609 dbus-addexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*, .*
610
611 # manila/share/drivers/ganesha/manager.py:
612 dbus-removeexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*
613
614 # manila/share/drivers/ganesha/manager.py:
615 dbus-updateexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.UpdateExport, .*, .*
616
617 # manila/share/drivers/ganesha/manager.py:
618 rmconf: RegExpFilter, sh, root, sh, -c, rm -f /.*/\*\.conf$
619
620 # ZFS commands
621 # manila/share/drivers/zfsonlinux/driver.py
622 # manila/share/drivers/zfsonlinux/utils.py
623 zpool: CommandFilter, zpool, root
624
625 # manila/share/drivers/zfsonlinux/driver.py
626 # manila/share/drivers/zfsonlinux/utils.py
627 zfs: CommandFilter, zfs, root
628
629 # manila/share/drivers/zfsonlinux/driver.py
630 kill: CommandFilter, kill, root
631
632 # manila/data/utils.py: 'ls', '-pA1', '--group-directories-first', '%s'
633 ls: CommandFilter, ls, root
634
635 # manila/data/utils.py: 'touch', '--reference=%s', '%s'
636 touch: CommandFilter, touch, root
637
638 # manila/share/drivers/container/container.py: docker <whatever>
639 docker: CommandFilter, docker, root
640
641 # manila/share/drivers/container/container.py: brctl <whatever>
642 brctl: CommandFilter, brctl, root
643
644 # manila/share/drivers/container/storage_helper.py: e2fsck <whatever>
645 # manila/share/drivers/generic.py: e2fsck <whatever>
646 # manila/share/drivers/lvm.py: e2fsck <whatever>
647 e2fsck: CommandFilter, e2fsck, root
648
649 # manila/share/drivers/lvm.py: lvconvert --merge %s
650 lvconvert: CommandFilter, lvconvert, root
651
652 # manila/data/utils.py: 'sha256sum', '%s'
653 sha256sum: CommandFilter, sha256sum, root
654
655 # manila/utils.py: 'tee', '%s'
656 tee: CommandFilter, tee, root
657
658 # manila/share/drivers/container/storage_helper.py: lvs -o lv_size --noheadings --nosuffix --units g <device>
659 lvs: CommandFilter, lvs, root
660
661 # manila/share/drivers/container/storage_helper.py: lvrename --autobackup n <old_name> <new_name>
662 lvrename: CommandFilter, lvrename, root
663 rootwrap: |
664 # Configuration for manila-rootwrap
665 # This file should be owned by (and only-writeable by) the root user
666
667 [DEFAULT]
668 # List of directories to load filter definitions from (separated by ',').
669 # These directories MUST all be only writeable by root !
670 filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap
671
672 # List of directories to search executables in, in case filters do not
673 # explicitly specify a full path (separated by ',')
674 # If not specified, defaults to system PATH environment variable.
675 # These directories MUST all be only writeable by root !
676 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
677
678 # Enable logging to syslog
679 # Default value is False
680 use_syslog=False
681
682 # Which syslog facility to use.
683 # Valid values include auth, authpriv, syslog, user0, user1...
684 # Default value is 'syslog'
685 syslog_log_facility=syslog
686
687 # Which messages to log.
688 # INFO means log all usage
689 # ERROR means only log unsuccessful attempts
690 syslog_log_level=ERROR
691 manila:
692 DEFAULT:
693 default_share_type: default
694 default_share_group_type: default
695 share_name_template: share-%s
696 rootwrap_config: /etc/manila/rootwrap.conf
697 api_paste_config: /etc/manila/api-paste.ini
698 enabled_share_backends: generic
699 enabled_share_protocols: NFS
700 keystone_authtoken:
701 auth_type: password
702 auth_version: v3
703 memcache_security_strategy: ENCRYPT
704 endpoint_type: internalURL
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]705 service_type: sharev2
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]706 neutron:
707 auth_type: password
708 auth_version: v3
709 memcache_security_strategy: ENCRYPT
710 endpoint_type: internalURL
711 nova:
712 auth_type: password
713 auth_version: v3
714 memcache_security_strategy: ENCRYPT
715 endpoint_type: internalURL
716 cinder:
717 auth_type: password
718 auth_version: v3
719 memcache_security_strategy: ENCRYPT
720 endpoint_type: internalURL
721 glance:
722 auth_type: password
723 auth_version: v3
724 memcache_security_strategy: ENCRYPT
725 endpoint_type: internalURL
726 database:
727 max_retries: -1
728 generic:
729 share_backend_name: GENERIC
730 share_driver: manila.share.drivers.generic.GenericShareDriver
731 driver_handles_share_servers: true
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]732 # manila-service-flavor
733 service_instance_flavor_id: 100
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]734 service_image_name: manila-service-image
735 service_instance_user: manila
736 service_instance_password: manila
737 # # Module path to the Virtual Interface (VIF) driver class. This option
738 # # is used only by drivers operating in
739 # # `driver_handles_share_servers=True` mode that provision OpenStack
740 # # compute instances as share servers. This option is only supported
741 # # with Neutron networking. Drivers provided in tree work with Linux
742 # # Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and
743 # # OVS (manila.network.linux.interface.OVSInterfaceDriver). If the
744 # # manila-share service is running on a host that is connected to the
745 # # administrator network, a no-op driver
746 # # (manila.network.linux.interface.NoopInterfaceDriver) may be used.
747 # # (string value)
748 # interface_driver: manila.network.linux.interface.OVSInterfaceDriver
749 oslo_policy:
750 policy_file: /etc/manila/policy.yaml
751 oslo_concurrency:
752 lock_path: /var/lib/manila/tmp
753 oslo_messaging_notifications:
754 driver: messagingv2
755 oslo_middleware:
756 enable_proxy_headers_parsing: true
757 oslo_messaging_rabbit:
758 rabbit_ha_queues: true
759 logging:
760 loggers:
761 keys:
762 - root
763 - manila
764 handlers:
765 keys:
766 - stdout
767 - stderr
768 - "null"
769 formatters:
770 keys:
771 - context
772 - default
773 logger_root:
774 level: WARNING
775 handlers: 'null'
776 logger_manila:
777 level: INFO
778 handlers:
779 - stdout
780 qualname: manila
781 logger_amqp:
782 level: WARNING
783 handlers: stderr
784 qualname: amqp
785 logger_amqplib:
786 level: WARNING
787 handlers: stderr
788 qualname: amqplib
789 logger_eventletwsgi:
790 level: WARNING
791 handlers: stderr
792 qualname: eventlet.wsgi.server
793 logger_sqlalchemy:
794 level: WARNING
795 handlers: stderr
796 qualname: sqlalchemy
797 logger_boto:
798 level: WARNING
799 handlers: stderr
800 qualname: boto
801 handler_null:
802 class: logging.NullHandler
803 formatter: default
804 args: ()
805 handler_stdout:
806 class: StreamHandler
807 args: (sys.stdout,)
808 formatter: context
809 handler_stderr:
810 class: StreamHandler
811 args: (sys.stderr,)
812 formatter: context
813 formatter_context:
814 class: oslo_log.formatters.ContextFormatter
815 datefmt: "%Y-%m-%d %H:%M:%S"
816 formatter_default:
817 format: "%(message)s"
818 datefmt: "%Y-%m-%d %H:%M:%S"
819 rally_tests:
820 tests:
821 ManilaShares.create_and_delete_share:
822 - args:
823 share_proto: "nfs"
824 size: 1
825 share_type: "dhss_false"
826 min_sleep: 1
827 max_sleep: 2
828 context:
829 quotas:
830 manila:
831 shares: 0
832 gigabytes: 0
833 share_networks: 0
834 users:
835 tenants: 2
836 users_per_tenant: 1
837 user_choice_method: "round_robin"
838 manila_share_networks:
839 use_share_networks: true
840 runner:
841 concurrency: 4
842 times: 4
843 type: constant
844 sla:
845 failure_rate:
846 max: 0
847# Names of secrets used by bootstrap and environmental checks
848secrets:
849 identity:
850 admin: manila-keystone-admin
851 manila: manila-keystone-user
852 oslo_db:
853 admin: manila-db-admin
854 manila: manila-db-user
855 oslo_messaging:
856 admin: manila-rabbitmq-admin
857 manila: manila-rabbitmq-user
858 tls:
859 share:
860 api:
861 public: manila-tls-public
862 internal: manila-tls-internal
863 oci_image_registry:
864 manila: manila-oci-image-registry
865
866endpoints:
867 cluster_domain_suffix: cluster.local
868 local_image_registry:
869 name: docker-registry
870 namespace: docker-registry
871 hosts:
872 default: localhost
873 internal: docker-registry
874 node: localhost
875 host_fqdn_override:
876 default: null
877 port:
878 registry:
879 node: 5000
880 oci_image_registry:
881 name: oci-image-registry
882 namespace: oci-image-registry
883 auth:
884 enabled: false
885 manila:
886 username: manila
887 password: password
888 hosts:
889 default: localhost
890 host_fqdn_override:
891 default: null
892 port:
893 registry:
894 default: null
895 identity:
896 name: keystone
897 auth:
898 admin:
899 region_name: RegionOne
900 username: admin
901 password: password
902 project_name: admin
903 user_domain_name: default
904 project_domain_name: default
905 manila:
906 role: admin
907 region_name: RegionOne
908 username: manila
909 password: password
910 project_name: service
911 user_domain_name: service
912 project_domain_name: service
913 hosts:
914 default: keystone
915 internal: keystone-api
916 host_fqdn_override:
917 default: null
918 path:
919 default: /v3
920 scheme:
921 default: http
922 port:
923 api:
924 default: 80
925 internal: 5000
926 share:
927 name: manila
928 hosts:
929 default: manila-api
930 public: manila
931 host_fqdn_override:
932 default: null
933 path:
okozachenko12037e7e6e02023-03-25 01:11:05 +1100[diff] [blame]934 default: '/v1'
935 scheme:
936 default: http
937 service: http
938 port:
939 api:
940 default: 8786
941 public: 80
942 service: 8786
943 sharev2:
okozachenko1203f878b6f2023-03-25 01:43:00 +1100[diff] [blame]944 name: manilav2
okozachenko12037e7e6e02023-03-25 01:11:05 +1100[diff] [blame]945 hosts:
946 default: manila-api
947 public: manila
948 host_fqdn_override:
949 default: null
950 path:
okozachenko1203bcd5a412023-03-24 01:54:38 +1100[diff] [blame]951 default: '/v2'
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]952 scheme:
953 default: http
954 service: http
955 port:
956 api:
957 default: 8786
958 public: 80
959 service: 8786
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]960 oslo_db:
961 auth:
962 admin:
963 username: root
964 password: password
965 secret:
966 tls:
967 internal: mariadb-tls-direct
968 manila:
969 username: manila
970 password: password
971 hosts:
972 default: mariadb
973 host_fqdn_override:
974 default: null
975 path: /manila
976 scheme: mysql+pymysql
977 port:
978 mysql:
979 default: 3306
980 oslo_messaging:
981 auth:
982 admin:
983 username: rabbitmq
984 password: password
985 secret:
986 tls:
987 internal: rabbitmq-tls-direct
988 manila:
989 username: manila
990 password: password
991 statefulset:
992 replicas: 2
993 name: rabbitmq-rabbitmq
994 hosts:
995 default: rabbitmq
996 host_fqdn_override:
997 default: null
998 path: /manila
999 scheme: rabbit
1000 port:
1001 amqp:
1002 default: 5672
1003 http:
1004 default: 15672
1005 oslo_cache:
1006 auth:
1007 # NOTE(portdirect): this is used to define the value for keystone
1008 # authtoken cache encryption key, if not set it will be populated
1009 # automatically with a random value, but to take advantage of
1010 # this feature all services should be set to use the same key,
1011 # and memcache service.
1012 memcache_secret_key: null
1013 hosts:
1014 default: memcached
1015 host_fqdn_override:
1016 default: null
1017 port:
1018 memcache:
1019 default: 11211
1020 fluentd:
1021 namespace: null
1022 name: fluentd
1023 hosts:
1024 default: fluentd-logging
1025 host_fqdn_override:
1026 default: null
1027 path:
1028 default: null
1029 scheme: 'http'
1030 port:
1031 service:
1032 default: 24224
1033 metrics:
1034 default: 24220
1035 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
1036 # They are using to enable the Egress K8s network policy.
1037 kube_dns:
1038 namespace: kube-system
1039 name: kubernetes-dns
1040 hosts:
1041 default: kube-dns
1042 host_fqdn_override:
1043 default: null
1044 path:
1045 default: null
1046 scheme: http
1047 port:
1048 dns:
1049 default: 53
1050 protocol: UDP
1051 ingress:
1052 namespace: null
1053 name: ingress
1054 hosts:
1055 default: ingress
1056 port:
1057 ingress:
1058 default: 80
1059
1060tls:
1061 identity: false
1062 oslo_messaging: false
1063 oslo_db: false
1064
1065manifests:
1066 certificates: false
1067 configmap_bin: true
1068 configmap_etc: true
1069 deployment_api: true
1070 deployment_scheduler: true
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]1071 deployment_data: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]1072 deployment_share: true
1073 ingress_api: true
1074 job_bootstrap: true
1075 job_db_init: true
1076 job_db_sync: true
1077 job_db_drop: false
1078 job_image_repo_sync: true
1079 job_rabbit_init: true
1080 job_ks_endpoints: true
1081 job_ks_service: true
1082 job_ks_user: true
1083 pdb_api: true
1084 pod_test: true
1085 secret_db: true
1086 network_policy: false
1087 secret_ingress_tls: true
1088 secret_keystone: true
1089 secret_rabbitmq: true
1090 secret_registry: true
1091 service_ingress_api: true
1092 service_api: true
1093...