Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / a1696de3696ad2a10fce603d4b4145d1882e8964 / . / charts / manila / values.yaml
blob: c54364ae15ce7875c584226c7bf7ecbbc879f280 [file] [log] [blame]
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for manila.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19labels:
20 api:
21 node_selector_key: openstack-control-plane
22 node_selector_value: enabled
23 scheduler:
24 node_selector_key: openstack-control-plane
25 node_selector_value: enabled
26 share:
27 node_selector_key: openstack-control-plane
28 node_selector_value: enabled
29 job:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32 test:
33 node_selector_key: openstack-control-plane
34 node_selector_value: enabled
35
36release_group: null
37
38# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
39# Set to false to upgrade using helm2
40helm3_hook: true
41
42images:
43 tags:
44 bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
45 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
46 db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
47 manila_db_sync: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
48 db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
49 ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
50 ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
51 ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
52 manila_api: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
53 manila_scheduler: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
54 manila_share: docker.io/openstackhelm/manila:wallaby-ubuntu_focal
55 rabbit_init: docker.io/rabbitmq:3.7-management
56 image_repo_sync: docker.io/docker:17.07.0
57 pull_policy: "IfNotPresent"
58 local_registry:
59 active: false
60 exclude:
61 - dep_check
62 - image_repo_sync
63
64pod:
65 security_context:
66 manila:
67 pod:
68 runAsUser: 42424
69 container:
70 manila_api:
71 allowPrivilegeEscalation: false
72 readOnlyRootFilesystem: true
73 manila_scheduler:
74 allowPrivilegeEscalation: false
75 readOnlyRootFilesystem: true
76 manila_share:
77 readOnlyRootFilesystem: true
78 privileged: true
79 test:
80 pod:
81 runAsUser: 42424
82 container:
83 manila_test:
84 allowPrivilegeEscalation: false
85 readOnlyRootFilesystem: true
86 affinity:
87 anti:
88 type:
89 default: preferredDuringSchedulingIgnoredDuringExecution
90 topologyKey:
91 default: kubernetes.io/hostname
92 weight:
93 default: 10
94 tolerations:
95 manila:
96 enabled: false
97 tolerations:
98 - key: node-role.kubernetes.io/master
99 operator: Exists
100 effect: NoSchedule
101 mounts:
102 manila_api:
103 init_container: null
104 manila_api:
105 volumeMounts:
106 volumes:
107 manila_scheduler:
108 init_container: null
109 manila_scheduler:
110 volumeMounts:
111 volumes:
112 manila_share:
113 init_container: null
114 manila_share:
115 volumeMounts:
116 volumes:
117 manila_bootstrap:
118 init_container: null
119 manila_bootstrap:
120 volumeMounts:
121 volumes:
122 manila_tests:
123 init_container: null
124 manila_tests:
125 volumeMounts:
126 volumes:
127 manila_db_sync:
128 manila_db_sync:
129 volumeMounts:
130 volumes:
131 replicas:
132 api: 1
133 scheduler: 1
134 share: 1
135 lifecycle:
136 upgrades:
137 deployments:
138 revision_history: 3
139 pod_replacement_strategy: RollingUpdate
140 rolling_update:
141 max_unavailable: 1
142 max_surge: 3
143 disruption_budget:
144 api:
145 min_available: 0
146 sheduler:
147 min_available: 0
148 share:
149 min_available: 0
150 resources:
151 enabled: false
152 api:
153 requests:
154 memory: "128Mi"
155 cpu: "100m"
156 limits:
157 memory: "1024Mi"
158 cpu: "2000m"
159 scheduler:
160 requests:
161 memory: "128Mi"
162 cpu: "100m"
163 limits:
164 memory: "1024Mi"
165 cpu: "2000m"
166 share:
167 requests:
168 memory: "128Mi"
169 cpu: "100m"
170 limits:
171 memory: "1024Mi"
172 cpu: "2000m"
173 jobs:
174 bootstrap:
175 requests:
176 memory: "128Mi"
177 cpu: "100m"
178 limits:
179 memory: "1024Mi"
180 cpu: "2000m"
181 db_init:
182 requests:
183 memory: "128Mi"
184 cpu: "100m"
185 limits:
186 memory: "1024Mi"
187 cpu: "2000m"
188 db_sync:
189 requests:
190 memory: "128Mi"
191 cpu: "100m"
192 limits:
193 memory: "1024Mi"
194 cpu: "2000m"
195 db_drop:
196 requests:
197 memory: "128Mi"
198 cpu: "100m"
199 limits:
200 memory: "1024Mi"
201 cpu: "2000m"
202 rabbit_init:
203 requests:
204 memory: "128Mi"
205 cpu: "100m"
206 limits:
207 memory: "1024Mi"
208 cpu: "2000m"
209 ks_endpoints:
210 requests:
211 memory: "128Mi"
212 cpu: "100m"
213 limits:
214 memory: "1024Mi"
215 cpu: "2000m"
216 ks_service:
217 requests:
218 memory: "128Mi"
219 cpu: "100m"
220 limits:
221 memory: "1024Mi"
222 cpu: "2000m"
223 ks_user:
224 requests:
225 memory: "128Mi"
226 cpu: "100m"
227 limits:
228 memory: "1024Mi"
229 cpu: "2000m"
230 tests:
231 requests:
232 memory: "128Mi"
233 cpu: "100m"
234 limits:
235 memory: "1024Mi"
236 cpu: "2000m"
237 image_repo_sync:
238 requests:
239 memory: "128Mi"
240 cpu: "100m"
241 limits:
242 memory: "1024Mi"
243 cpu: "2000m"
244
245network:
246 api:
247 ingress:
248 public: true
249 classes:
250 namespace: "nginx"
251 cluster: "nginx-cluster"
252 annotations:
253 nginx.ingress.kubernetes.io/rewrite-target: /
254 external_policy_local: false
255 node_port:
256 enabled: false
257 port: 30486
258
259network_policy:
260 manila:
261 ingress:
262 - {}
263 egress:
264 - {}
265
266bootstrap:
267 enabled: true
268 ks_user: admin
269 script: null
270 structured:
271 images:
272 manila-service-image:
273 id: null
274 name: "manila-service-image"
275 source_url: "https://tarballs.opendev.org/openstack/manila-image-elements/images/"
276 image_file: "manila-service-image-master.qcow2"
277 image_type: qcow2
278 container_format: bare
279 private: false
280
281dependencies:
282 dynamic:
283 common:
284 local_image_registry:
285 jobs:
286 - manila-image-repo-sync
287 services:
288 - endpoint: node
289 service: local_image_registry
290 static:
291 api:
292 jobs:
293 - manila-db-sync
294 - manila-ks-user
295 - manila-ks-endpoints
296 - manila-rabbit-init
297 services:
298 - endpoint: internal
299 service: oslo_db
300 - endpoint: internal
301 service: identity
302 - endpoint: internal
303 service: oslo_messaging
304 scheduler:
305 jobs:
306 - manila-db-sync
307 - manila-ks-user
308 - manila-ks-endpoints
309 - manila-rabbit-init
310 services:
311 - endpoint: internal
312 service: oslo_db
313 - endpoint: internal
314 service: identity
315 - endpoint: internal
316 service: oslo_messaging
317 share:
318 # pod:
319 # - requireSameNode: true
320 # labels:
321 # application: openvswitch
322 # component: server
323 jobs:
324 - manila-db-sync
325 - manila-ks-user
326 - manila-ks-endpoints
327 - manila-rabbit-init
328 services:
329 - endpoint: internal
330 service: oslo_db
331 - endpoint: internal
332 service: identity
333 - endpoint: internal
334 service: oslo_messaging
335 db_drop:
336 services:
337 - endpoint: internal
338 service: oslo_db
339 db_init:
340 services:
341 - endpoint: internal
342 service: oslo_db
343 db_sync:
344 jobs:
345 - manila-db-init
346 services:
347 - endpoint: internal
348 service: oslo_db
349 image_repo_sync:
350 services:
351 - endpoint: internal
352 service: local_image_registry
353 ks_endpoints:
354 jobs:
355 - manila-ks-service
356 services:
357 - endpoint: internal
358 service: identity
359 ks_service:
360 services:
361 - endpoint: internal
362 service: identity
363 ks_user:
364 services:
365 - endpoint: internal
366 service: identity
367 rabbit_init:
368 services:
369 - endpoint: internal
370 service: oslo_messaging
371
372conf:
373 paste:
374 composite:osapi_share:
375 use: call:manila.api:root_app_factory
376 /: apiversions
377 /healthcheck: healthcheck
378 /v1: openstack_share_api
379 /v2: openstack_share_api_v2
380 composite:openstack_share_api:
381 use: call:manila.api.middleware.auth:pipeline_factory
382 noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api
383 keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
384 keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
385 composite:openstack_share_api_v2:
386 use: call:manila.api.middleware.auth:pipeline_factory
387 noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2
388 noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2
389 keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
390 keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
391 filter:faultwrap:
392 paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory
393 filter:noauth:
394 paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory
395 filter:noauthv2:
396 paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory
397 filter:sizelimit:
398 paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
399 filter:osprofiler:
400 paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
401 filter:http_proxy_to_wsgi:
402 paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
403 app:api:
404 paste.app_factory: manila.api.v1.router:APIRouter.factory
405 app:apiv2:
406 paste.app_factory: manila.api.v2.router:APIRouter.factory
407 pipeline:apiversions:
408 pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp
409 app:osshareversionapp:
410 paste.app_factory: manila.api.versions:VersionsRouter.factory
411 filter:keystonecontext:
412 paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory
413 filter:authtoken:
414 paste.filter_factory: keystonemiddleware.auth_token:filter_factory
415 filter:cors:
416 paste.filter_factory: oslo_middleware.cors:filter_factory
417 oslo_config_project: manila
418 app:healthcheck:
419 paste.app_factory: oslo_middleware:Healthcheck.app_factory
420 backends: disable_by_file
421 disable_by_file_path: /etc/manila/healthcheck_disable
422 policy: {}
423 manila_sudoers: |
424 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
425 Defaults !requiretty
426 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
427 manila ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/manila-rootwrap /etc/manila/rootwrap.conf *, /var/lib/openstack/bin/manila-rootwrap /etc/manila/rootwrap.conf *
428 rootwrap_filters:
429 share:
430 pods:
431 - share
432 content: |
433 # manila-rootwrap command filters for share nodes
434 # This file should be owned by (and only-writeable by) the root user
435
436 [Filters]
437 # manila/utils.py : 'chown', '%s', '%s'
438 chown: CommandFilter, chown, root
439 # manila/utils.py : 'cat', '%s'
440 cat: CommandFilter, cat, root
441
442 # manila/share/drivers/lvm.py: 'mkfs.ext4', '/dev/mapper/%s'
443 mkfs.ext4: CommandFilter, mkfs.ext4, root
444
445 # manila/share/drivers/lvm.py: 'mkfs.ext3', '/dev/mapper/%s'
446 mkfs.ext3: CommandFilter, mkfs.ext3, root
447
448 # manila/share/drivers/lvm.py: 'smbd', '-s', '%s', '-D'
449 smbd: CommandFilter, smbd, root
450 smb: CommandFilter, smb, root
451
452 # manila/share/drivers/lvm.py: 'rmdir', '%s'
453 rmdir: CommandFilter, rmdir, root
454
455 # manila/share/drivers/lvm.py: 'dd' 'count=0', 'if=%s' % srcstr, 'of=%s'
456 dd: CommandFilter, dd, root
457
458 # manila/share/drivers/lvm.py: 'fsck', '-pf', %s
459 fsck: CommandFilter, fsck, root
460
461 # manila/share/drivers/lvm.py: 'resize2fs', %s
462 resize2fs: CommandFilter, resize2fs, root
463
464 # manila/share/drivers/helpers.py: 'smbcontrol', 'all', 'close-share', '%s'
465 smbcontrol: CommandFilter, smbcontrol, root
466
467 # manila/share/drivers/helpers.py: 'net', 'conf', 'addshare', '%s', '%s', 'writeable=y', 'guest_ok=y
468 # manila/share/drivers/helpers.py: 'net', 'conf', 'delshare', '%s'
469 # manila/share/drivers/helpers.py: 'net', 'conf', 'setparm', '%s', '%s', '%s'
470 # manila/share/drivers/helpers.py: 'net', 'conf', 'getparm', '%s', 'hosts allow'
471 net: CommandFilter, net, root
472
473 # manila/share/drivers/helpers.py: 'cp', '%s', '%s'
474 cp: CommandFilter, cp, root
475
476 # manila/share/drivers/helpers.py: 'service', '%s', '%s'
477 service: CommandFilter, service, root
478
479 # manila/share/drivers/lvm.py: 'lvremove', '-f', "%s/%s
480 lvremove: CommandFilter, lvremove, root
481
482 # manila/share/drivers/lvm.py: 'lvextend', '-L', '%sG''-n', %s
483 lvextend: CommandFilter, lvextend, root
484
485 # manila/share/drivers/lvm.py: 'lvcreate', '-L', %s, '-n', %s
486 lvcreate: CommandFilter, lvcreate, root
487
488 # manila/share/drivers/lvm.py: 'vgs', '--noheadings', '-o', 'name'
489 # manila/share/drivers/lvm.py: 'vgs', %s, '--rows', '--units', 'g'
490 vgs: CommandFilter, vgs, root
491
492 # manila/share/drivers/lvm.py: 'tune2fs', '-U', 'random', '%volume-snapshot%'
493 tune2fs: CommandFilter, tune2fs, root
494
495 # manila/share/drivers/generic.py: 'sed', '-i', '\'/%s/d\'', '%s'
496 sed: CommandFilter, sed, root
497
498 # manila/share/drivers/glusterfs.py: 'mkdir', '%s'
499 # manila/share/drivers/ganesha/manager.py: 'mkdir', '-p', '%s'
500 mkdir: CommandFilter, mkdir, root
501
502 # manila/share/drivers/glusterfs.py: 'rm', '-rf', '%s'
503 rm: CommandFilter, rm, root
504
505 # manila/share/drivers/glusterfs.py: 'mount', '-t', 'glusterfs', '%s', '%s'
506 # manila/share/drivers/glusterfs/glusterfs_native.py: 'mount', '-t', 'glusterfs', '%s', '%s'
507 mount: CommandFilter, mount, root
508
509 # manila/share/drivers/glusterfs.py: 'gluster', '--xml', 'volume', 'info', '%s'
510 # manila/share/drivers/glusterfs.py: 'gluster', 'volume', 'set', '%s', 'nfs.export-dir', '%s'
511 gluster: CommandFilter, gluster, root
512
513 # manila/network/linux/ip_lib.py: 'ip', 'netns', 'exec', '%s', '%s'
514 ip: CommandFilter, ip, root
515
516 # manila/network/linux/interface.py: 'ovs-vsctl', 'add-port', '%s', '%s'
517 ovs-vsctl: CommandFilter, ovs-vsctl, root
518
519 # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '!', '-path', '%s', '!', '-path', '%s', '-delete'
520 # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '-delete'
521 find: CommandFilter, find, root
522
523 # manila/share/drivers/glusterfs/glusterfs_native.py: 'umount', '%s'
524 umount: CommandFilter, umount, root
525
526 # GPFS commands
527 # manila/share/drivers/ibm/gpfs.py: 'mmgetstate', '-Y'
528 mmgetstate: CommandFilter, mmgetstate, root
529 # manila/share/drivers/ibm/gpfs.py: 'mmlsattr', '%s'
530 mmlsattr: CommandFilter, mmlsattr, root
531 # manila/share/drivers/ibm/gpfs.py: 'mmcrfileset', '%s', '%s', '--inode-space', 'new'
532 mmcrfileset: CommandFilter, mmcrfileset, root
533 # manila/share/drivers/ibm/gpfs.py: 'mmlinkfileset', '%s', '%s', '-J', '%s'
534 mmlinkfileset: CommandFilter, mmlinkfileset, root
535 # manila/share/drivers/ibm/gpfs.py: 'mmsetquota', '-j', '%s', '-h', '%s', '%s'
536 mmsetquota: CommandFilter, mmsetquota, root
537 # manila/share/drivers/ibm/gpfs.py: 'mmunlinkfileset', '%s', '%s', '-f'
538 mmunlinkfileset: CommandFilter, mmunlinkfileset, root
539 # manila/share/drivers/ibm/gpfs.py: 'mmdelfileset', '%s', '%s', '-f'
540 mmdelfileset: CommandFilter, mmdelfileset, root
541 # manila/share/drivers/ibm/gpfs.py: 'mmcrsnapshot', '%s', '%s', '-j', '%s'
542 mmcrsnapshot: CommandFilter, mmcrsnapshot, root
543 # manila/share/drivers/ibm/gpfs.py: 'mmdelsnapshot', '%s', '%s', '-j', '%s'
544 mmdelsnapshot: CommandFilter, mmdelsnapshot, root
545 # manila/share/drivers/ibm/gpfs.py: 'rsync', '-rp', '%s', '%s'
546 rsync: CommandFilter, rsync, root
547 # manila/share/drivers/ibm/gpfs.py: 'exportfs'
548 exportfs: CommandFilter, exportfs, root
549 # manila/share/drivers/ibm/gpfs.py: 'stat', '--format=%F', '%s'
550 stat: CommandFilter, stat, root
551 # manila/share/drivers/ibm/gpfs.py: 'df', '-P', '-B', '1', '%s'
552 df: CommandFilter, df, root
553 # manila/share/drivers/ibm/gpfs.py: 'chmod', '777', '%s'
554 chmod: CommandFilter, chmod, root
555 # manila/share/drivers/ibm/gpfs.py: 'mmnfs', 'export', '%s', '%s'
556 mmnfs: CommandFilter, mmnfs, root
557 # manila/share/drivers/ibm/gpfs.py: 'mmlsfileset', '%s', '-J', '%s', '-L'
558 mmlsfileset: CommandFilter, mmlsfileset, root
559 # manila/share/drivers/ibm/gpfs.py: 'mmchfileset', '%s', '-J', '%s', '-j', '%s'
560 mmchfileset: CommandFilter, mmchfileset, root
561 # manila/share/drivers/ibm/gpfs.py: 'mmlsquota', '-j', '-J', '%s', '%s'
562 mmlsquota: CommandFilter, mmlsquota, root
563
564 # manila/share/drivers/ganesha/manager.py: 'mv', '%s', '%s'
565 mv: CommandFilter, mv, root
566
567 # manila/share/drivers/ganesha/manager.py: 'mktemp', '-p', '%s', '-t', '%s'
568 mktemp: CommandFilter, mktemp, root
569
570 # manila/share/drivers/ganesha/manager.py:
571 shcat: RegExpFilter, sh, root, sh, -c, echo '((.|\n)*)' > /.*
572
573 # manila/share/drivers/ganesha/manager.py:
574 dbus-addexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*, .*
575
576 # manila/share/drivers/ganesha/manager.py:
577 dbus-removeexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*
578
579 # manila/share/drivers/ganesha/manager.py:
580 dbus-updateexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.UpdateExport, .*, .*
581
582 # manila/share/drivers/ganesha/manager.py:
583 rmconf: RegExpFilter, sh, root, sh, -c, rm -f /.*/\*\.conf$
584
585 # ZFS commands
586 # manila/share/drivers/zfsonlinux/driver.py
587 # manila/share/drivers/zfsonlinux/utils.py
588 zpool: CommandFilter, zpool, root
589
590 # manila/share/drivers/zfsonlinux/driver.py
591 # manila/share/drivers/zfsonlinux/utils.py
592 zfs: CommandFilter, zfs, root
593
594 # manila/share/drivers/zfsonlinux/driver.py
595 kill: CommandFilter, kill, root
596
597 # manila/data/utils.py: 'ls', '-pA1', '--group-directories-first', '%s'
598 ls: CommandFilter, ls, root
599
600 # manila/data/utils.py: 'touch', '--reference=%s', '%s'
601 touch: CommandFilter, touch, root
602
603 # manila/share/drivers/container/container.py: docker <whatever>
604 docker: CommandFilter, docker, root
605
606 # manila/share/drivers/container/container.py: brctl <whatever>
607 brctl: CommandFilter, brctl, root
608
609 # manila/share/drivers/container/storage_helper.py: e2fsck <whatever>
610 # manila/share/drivers/generic.py: e2fsck <whatever>
611 # manila/share/drivers/lvm.py: e2fsck <whatever>
612 e2fsck: CommandFilter, e2fsck, root
613
614 # manila/share/drivers/lvm.py: lvconvert --merge %s
615 lvconvert: CommandFilter, lvconvert, root
616
617 # manila/data/utils.py: 'sha256sum', '%s'
618 sha256sum: CommandFilter, sha256sum, root
619
620 # manila/utils.py: 'tee', '%s'
621 tee: CommandFilter, tee, root
622
623 # manila/share/drivers/container/storage_helper.py: lvs -o lv_size --noheadings --nosuffix --units g <device>
624 lvs: CommandFilter, lvs, root
625
626 # manila/share/drivers/container/storage_helper.py: lvrename --autobackup n <old_name> <new_name>
627 lvrename: CommandFilter, lvrename, root
628 rootwrap: |
629 # Configuration for manila-rootwrap
630 # This file should be owned by (and only-writeable by) the root user
631
632 [DEFAULT]
633 # List of directories to load filter definitions from (separated by ',').
634 # These directories MUST all be only writeable by root !
635 filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap
636
637 # List of directories to search executables in, in case filters do not
638 # explicitly specify a full path (separated by ',')
639 # If not specified, defaults to system PATH environment variable.
640 # These directories MUST all be only writeable by root !
641 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
642
643 # Enable logging to syslog
644 # Default value is False
645 use_syslog=False
646
647 # Which syslog facility to use.
648 # Valid values include auth, authpriv, syslog, user0, user1...
649 # Default value is 'syslog'
650 syslog_log_facility=syslog
651
652 # Which messages to log.
653 # INFO means log all usage
654 # ERROR means only log unsuccessful attempts
655 syslog_log_level=ERROR
656 manila:
657 DEFAULT:
658 default_share_type: default
659 default_share_group_type: default
660 share_name_template: share-%s
661 rootwrap_config: /etc/manila/rootwrap.conf
662 api_paste_config: /etc/manila/api-paste.ini
663 enabled_share_backends: generic
664 enabled_share_protocols: NFS
665 keystone_authtoken:
666 auth_type: password
667 auth_version: v3
668 memcache_security_strategy: ENCRYPT
669 endpoint_type: internalURL
670 neutron:
671 auth_type: password
672 auth_version: v3
673 memcache_security_strategy: ENCRYPT
674 endpoint_type: internalURL
675 nova:
676 auth_type: password
677 auth_version: v3
678 memcache_security_strategy: ENCRYPT
679 endpoint_type: internalURL
680 cinder:
681 auth_type: password
682 auth_version: v3
683 memcache_security_strategy: ENCRYPT
684 endpoint_type: internalURL
685 glance:
686 auth_type: password
687 auth_version: v3
688 memcache_security_strategy: ENCRYPT
689 endpoint_type: internalURL
690 database:
691 max_retries: -1
692 generic:
693 share_backend_name: GENERIC
694 share_driver: manila.share.drivers.generic.GenericShareDriver
695 driver_handles_share_servers: true
696 # m1.small
697 service_instance_flavor_id: 2
698 service_image_name: manila-service-image
699 service_instance_user: manila
700 service_instance_password: manila
701 # # Module path to the Virtual Interface (VIF) driver class. This option
702 # # is used only by drivers operating in
703 # # `driver_handles_share_servers=True` mode that provision OpenStack
704 # # compute instances as share servers. This option is only supported
705 # # with Neutron networking. Drivers provided in tree work with Linux
706 # # Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and
707 # # OVS (manila.network.linux.interface.OVSInterfaceDriver). If the
708 # # manila-share service is running on a host that is connected to the
709 # # administrator network, a no-op driver
710 # # (manila.network.linux.interface.NoopInterfaceDriver) may be used.
711 # # (string value)
712 # interface_driver: manila.network.linux.interface.OVSInterfaceDriver
713 oslo_policy:
714 policy_file: /etc/manila/policy.yaml
715 oslo_concurrency:
716 lock_path: /var/lib/manila/tmp
717 oslo_messaging_notifications:
718 driver: messagingv2
719 oslo_middleware:
720 enable_proxy_headers_parsing: true
721 oslo_messaging_rabbit:
722 rabbit_ha_queues: true
723 logging:
724 loggers:
725 keys:
726 - root
727 - manila
728 handlers:
729 keys:
730 - stdout
731 - stderr
732 - "null"
733 formatters:
734 keys:
735 - context
736 - default
737 logger_root:
738 level: WARNING
739 handlers: 'null'
740 logger_manila:
741 level: INFO
742 handlers:
743 - stdout
744 qualname: manila
745 logger_amqp:
746 level: WARNING
747 handlers: stderr
748 qualname: amqp
749 logger_amqplib:
750 level: WARNING
751 handlers: stderr
752 qualname: amqplib
753 logger_eventletwsgi:
754 level: WARNING
755 handlers: stderr
756 qualname: eventlet.wsgi.server
757 logger_sqlalchemy:
758 level: WARNING
759 handlers: stderr
760 qualname: sqlalchemy
761 logger_boto:
762 level: WARNING
763 handlers: stderr
764 qualname: boto
765 handler_null:
766 class: logging.NullHandler
767 formatter: default
768 args: ()
769 handler_stdout:
770 class: StreamHandler
771 args: (sys.stdout,)
772 formatter: context
773 handler_stderr:
774 class: StreamHandler
775 args: (sys.stderr,)
776 formatter: context
777 formatter_context:
778 class: oslo_log.formatters.ContextFormatter
779 datefmt: "%Y-%m-%d %H:%M:%S"
780 formatter_default:
781 format: "%(message)s"
782 datefmt: "%Y-%m-%d %H:%M:%S"
783 rally_tests:
784 tests:
785 ManilaShares.create_and_delete_share:
786 - args:
787 share_proto: "nfs"
788 size: 1
789 share_type: "dhss_false"
790 min_sleep: 1
791 max_sleep: 2
792 context:
793 quotas:
794 manila:
795 shares: 0
796 gigabytes: 0
797 share_networks: 0
798 users:
799 tenants: 2
800 users_per_tenant: 1
801 user_choice_method: "round_robin"
802 manila_share_networks:
803 use_share_networks: true
804 runner:
805 concurrency: 4
806 times: 4
807 type: constant
808 sla:
809 failure_rate:
810 max: 0
811# Names of secrets used by bootstrap and environmental checks
812secrets:
813 identity:
814 admin: manila-keystone-admin
815 manila: manila-keystone-user
816 oslo_db:
817 admin: manila-db-admin
818 manila: manila-db-user
819 oslo_messaging:
820 admin: manila-rabbitmq-admin
821 manila: manila-rabbitmq-user
822 tls:
823 share:
824 api:
825 public: manila-tls-public
826 internal: manila-tls-internal
827 oci_image_registry:
828 manila: manila-oci-image-registry
829
830endpoints:
831 cluster_domain_suffix: cluster.local
832 local_image_registry:
833 name: docker-registry
834 namespace: docker-registry
835 hosts:
836 default: localhost
837 internal: docker-registry
838 node: localhost
839 host_fqdn_override:
840 default: null
841 port:
842 registry:
843 node: 5000
844 oci_image_registry:
845 name: oci-image-registry
846 namespace: oci-image-registry
847 auth:
848 enabled: false
849 manila:
850 username: manila
851 password: password
852 hosts:
853 default: localhost
854 host_fqdn_override:
855 default: null
856 port:
857 registry:
858 default: null
859 identity:
860 name: keystone
861 auth:
862 admin:
863 region_name: RegionOne
864 username: admin
865 password: password
866 project_name: admin
867 user_domain_name: default
868 project_domain_name: default
869 manila:
870 role: admin
871 region_name: RegionOne
872 username: manila
873 password: password
874 project_name: service
875 user_domain_name: service
876 project_domain_name: service
877 hosts:
878 default: keystone
879 internal: keystone-api
880 host_fqdn_override:
881 default: null
882 path:
883 default: /v3
884 scheme:
885 default: http
886 port:
887 api:
888 default: 80
889 internal: 5000
890 share:
891 name: manila
892 hosts:
893 default: manila-api
894 public: manila
895 host_fqdn_override:
896 default: null
897 path:
898 default: '/v2/%(tenant_id)s'
899 scheme:
900 default: http
901 service: http
902 port:
903 api:
904 default: 8786
905 public: 80
906 service: 8786
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]907
908 oslo_db:
909 auth:
910 admin:
911 username: root
912 password: password
913 secret:
914 tls:
915 internal: mariadb-tls-direct
916 manila:
917 username: manila
918 password: password
919 hosts:
920 default: mariadb
921 host_fqdn_override:
922 default: null
923 path: /manila
924 scheme: mysql+pymysql
925 port:
926 mysql:
927 default: 3306
928 oslo_messaging:
929 auth:
930 admin:
931 username: rabbitmq
932 password: password
933 secret:
934 tls:
935 internal: rabbitmq-tls-direct
936 manila:
937 username: manila
938 password: password
939 statefulset:
940 replicas: 2
941 name: rabbitmq-rabbitmq
942 hosts:
943 default: rabbitmq
944 host_fqdn_override:
945 default: null
946 path: /manila
947 scheme: rabbit
948 port:
949 amqp:
950 default: 5672
951 http:
952 default: 15672
953 oslo_cache:
954 auth:
955 # NOTE(portdirect): this is used to define the value for keystone
956 # authtoken cache encryption key, if not set it will be populated
957 # automatically with a random value, but to take advantage of
958 # this feature all services should be set to use the same key,
959 # and memcache service.
960 memcache_secret_key: null
961 hosts:
962 default: memcached
963 host_fqdn_override:
964 default: null
965 port:
966 memcache:
967 default: 11211
968 fluentd:
969 namespace: null
970 name: fluentd
971 hosts:
972 default: fluentd-logging
973 host_fqdn_override:
974 default: null
975 path:
976 default: null
977 scheme: 'http'
978 port:
979 service:
980 default: 24224
981 metrics:
982 default: 24220
983 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
984 # They are using to enable the Egress K8s network policy.
985 kube_dns:
986 namespace: kube-system
987 name: kubernetes-dns
988 hosts:
989 default: kube-dns
990 host_fqdn_override:
991 default: null
992 path:
993 default: null
994 scheme: http
995 port:
996 dns:
997 default: 53
998 protocol: UDP
999 ingress:
1000 namespace: null
1001 name: ingress
1002 hosts:
1003 default: ingress
1004 port:
1005 ingress:
1006 default: 80
1007
1008tls:
1009 identity: false
1010 oslo_messaging: false
1011 oslo_db: false
1012
1013manifests:
1014 certificates: false
1015 configmap_bin: true
1016 configmap_etc: true
1017 deployment_api: true
1018 deployment_scheduler: true
1019 deployment_share: true
1020 ingress_api: true
1021 job_bootstrap: true
1022 job_db_init: true
1023 job_db_sync: true
1024 job_db_drop: false
1025 job_image_repo_sync: true
1026 job_rabbit_init: true
1027 job_ks_endpoints: true
1028 job_ks_service: true
1029 job_ks_user: true
1030 pdb_api: true
1031 pod_test: true
1032 secret_db: true
1033 network_policy: false
1034 secret_ingress_tls: true
1035 secret_keystone: true
1036 secret_rabbitmq: true
1037 secret_registry: true
1038 service_ingress_api: true
1039 service_api: true
1040...