Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2023.1 / . / charts / manila / values.yaml
blob: f820bc1f0d2b4fcaad3370055903fffc8d47a090 [file] [log] [blame]
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for manila.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19labels:
20 api:
21 node_selector_key: openstack-control-plane
22 node_selector_value: enabled
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]23 data:
24 node_selector_key: openstack-control-plane
25 node_selector_value: enabled
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]26 scheduler:
27 node_selector_key: openstack-control-plane
28 node_selector_value: enabled
29 share:
30 node_selector_key: openstack-control-plane
31 node_selector_value: enabled
32 job:
33 node_selector_key: openstack-control-plane
34 node_selector_value: enabled
35 test:
36 node_selector_key: openstack-control-plane
37 node_selector_value: enabled
38
39release_group: null
40
41# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
42# Set to false to upgrade using helm2
43helm3_hook: true
44
45images:
46 tags:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]47 bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]48 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]49 db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
50 manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal
51 db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
52 ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal
53 ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal
54 ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal
55 manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal
56 manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal
57 manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal
58 manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]59 rabbit_init: docker.io/rabbitmq:3.7-management
60 image_repo_sync: docker.io/docker:17.07.0
61 pull_policy: "IfNotPresent"
62 local_registry:
63 active: false
64 exclude:
65 - dep_check
66 - image_repo_sync
67
68pod:
69 security_context:
70 manila:
71 pod:
72 runAsUser: 42424
73 container:
74 manila_api:
75 allowPrivilegeEscalation: false
76 readOnlyRootFilesystem: true
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]77 manila_data:
78 allowPrivilegeEscalation: false
79 readOnlyRootFilesystem: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]80 manila_scheduler:
81 allowPrivilegeEscalation: false
82 readOnlyRootFilesystem: true
83 manila_share:
84 readOnlyRootFilesystem: true
85 privileged: true
86 test:
87 pod:
88 runAsUser: 42424
89 container:
90 manila_test:
91 allowPrivilegeEscalation: false
92 readOnlyRootFilesystem: true
Rico Lin59516f62023-10-04 23:25:47 +0800[diff] [blame]93 use_fqdn:
94 # NOTE: Setting the option here to true will cause use $(hostname --fqdn)
95 # as the host name by default. If the short name is desired
96 # $(hostname --short), set the option to false. Specifying a host in the
97 # manila.conf via the conf section will supersede the value of this option.
98 share: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]99 affinity:
100 anti:
101 type:
102 default: preferredDuringSchedulingIgnoredDuringExecution
103 topologyKey:
104 default: kubernetes.io/hostname
105 weight:
106 default: 10
107 tolerations:
108 manila:
109 enabled: false
110 tolerations:
111 - key: node-role.kubernetes.io/master
112 operator: Exists
113 effect: NoSchedule
114 mounts:
115 manila_api:
116 init_container: null
117 manila_api:
118 volumeMounts:
119 volumes:
120 manila_scheduler:
121 init_container: null
122 manila_scheduler:
123 volumeMounts:
124 volumes:
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]125 manila_data:
126 init_container: null
127 manila_data:
128 volumeMounts:
129 volumes:
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]130 manila_share:
131 init_container: null
132 manila_share:
133 volumeMounts:
134 volumes:
135 manila_bootstrap:
136 init_container: null
137 manila_bootstrap:
138 volumeMounts:
139 volumes:
140 manila_tests:
141 init_container: null
142 manila_tests:
143 volumeMounts:
144 volumes:
145 manila_db_sync:
146 manila_db_sync:
147 volumeMounts:
148 volumes:
149 replicas:
150 api: 1
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]151 data: 1
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]152 scheduler: 1
153 share: 1
154 lifecycle:
155 upgrades:
156 deployments:
157 revision_history: 3
158 pod_replacement_strategy: RollingUpdate
159 rolling_update:
160 max_unavailable: 1
161 max_surge: 3
162 disruption_budget:
163 api:
164 min_available: 0
165 sheduler:
166 min_available: 0
167 share:
168 min_available: 0
169 resources:
170 enabled: false
171 api:
172 requests:
173 memory: "128Mi"
174 cpu: "100m"
175 limits:
176 memory: "1024Mi"
177 cpu: "2000m"
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]178 data:
179 requests:
180 memory: "128Mi"
181 cpu: "100m"
182 limits:
183 memory: "1024Mi"
184 cpu: "2000m"
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]185 scheduler:
186 requests:
187 memory: "128Mi"
188 cpu: "100m"
189 limits:
190 memory: "1024Mi"
191 cpu: "2000m"
192 share:
193 requests:
194 memory: "128Mi"
195 cpu: "100m"
196 limits:
197 memory: "1024Mi"
198 cpu: "2000m"
199 jobs:
200 bootstrap:
201 requests:
202 memory: "128Mi"
203 cpu: "100m"
204 limits:
205 memory: "1024Mi"
206 cpu: "2000m"
207 db_init:
208 requests:
209 memory: "128Mi"
210 cpu: "100m"
211 limits:
212 memory: "1024Mi"
213 cpu: "2000m"
214 db_sync:
215 requests:
216 memory: "128Mi"
217 cpu: "100m"
218 limits:
219 memory: "1024Mi"
220 cpu: "2000m"
221 db_drop:
222 requests:
223 memory: "128Mi"
224 cpu: "100m"
225 limits:
226 memory: "1024Mi"
227 cpu: "2000m"
228 rabbit_init:
229 requests:
230 memory: "128Mi"
231 cpu: "100m"
232 limits:
233 memory: "1024Mi"
234 cpu: "2000m"
235 ks_endpoints:
236 requests:
237 memory: "128Mi"
238 cpu: "100m"
239 limits:
240 memory: "1024Mi"
241 cpu: "2000m"
242 ks_service:
243 requests:
244 memory: "128Mi"
245 cpu: "100m"
246 limits:
247 memory: "1024Mi"
248 cpu: "2000m"
249 ks_user:
250 requests:
251 memory: "128Mi"
252 cpu: "100m"
253 limits:
254 memory: "1024Mi"
255 cpu: "2000m"
256 tests:
257 requests:
258 memory: "128Mi"
259 cpu: "100m"
260 limits:
261 memory: "1024Mi"
262 cpu: "2000m"
263 image_repo_sync:
264 requests:
265 memory: "128Mi"
266 cpu: "100m"
267 limits:
268 memory: "1024Mi"
269 cpu: "2000m"
270
271network:
272 api:
273 ingress:
274 public: true
275 classes:
276 namespace: "nginx"
277 cluster: "nginx-cluster"
278 annotations:
279 nginx.ingress.kubernetes.io/rewrite-target: /
280 external_policy_local: false
281 node_port:
282 enabled: false
283 port: 30486
284
285network_policy:
286 manila:
287 ingress:
288 - {}
289 egress:
290 - {}
291
292bootstrap:
293 enabled: true
294 ks_user: admin
295 script: null
296 structured:
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]297 flavors:
298 manila-service-flavor:
299 id: 100
300 name: "manila-service-flavor"
301 ram: 512
302 vcpus: 1
303 disk: 5
304 ephemeral: 0
305 public: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]306 images:
307 manila-service-image:
308 id: null
309 name: "manila-service-image"
310 source_url: "https://tarballs.opendev.org/openstack/manila-image-elements/images/"
311 image_file: "manila-service-image-master.qcow2"
312 image_type: qcow2
313 container_format: bare
314 private: false
315
316dependencies:
317 dynamic:
318 common:
319 local_image_registry:
320 jobs:
321 - manila-image-repo-sync
322 services:
323 - endpoint: node
324 service: local_image_registry
325 static:
326 api:
327 jobs:
328 - manila-db-sync
329 - manila-ks-user
330 - manila-ks-endpoints
331 - manila-rabbit-init
332 services:
333 - endpoint: internal
334 service: oslo_db
335 - endpoint: internal
336 service: identity
337 - endpoint: internal
338 service: oslo_messaging
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]339 data:
340 jobs:
341 - manila-db-sync
342 - manila-ks-user
343 - manila-ks-endpoints
344 - manila-rabbit-init
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]345 scheduler:
346 jobs:
347 - manila-db-sync
348 - manila-ks-user
349 - manila-ks-endpoints
350 - manila-rabbit-init
351 services:
352 - endpoint: internal
353 service: oslo_db
354 - endpoint: internal
355 service: identity
356 - endpoint: internal
357 service: oslo_messaging
358 share:
359 # pod:
360 # - requireSameNode: true
361 # labels:
362 # application: openvswitch
363 # component: server
364 jobs:
365 - manila-db-sync
366 - manila-ks-user
367 - manila-ks-endpoints
368 - manila-rabbit-init
369 services:
370 - endpoint: internal
371 service: oslo_db
372 - endpoint: internal
373 service: identity
374 - endpoint: internal
375 service: oslo_messaging
376 db_drop:
377 services:
378 - endpoint: internal
379 service: oslo_db
380 db_init:
381 services:
382 - endpoint: internal
383 service: oslo_db
384 db_sync:
385 jobs:
386 - manila-db-init
387 services:
388 - endpoint: internal
389 service: oslo_db
390 image_repo_sync:
391 services:
392 - endpoint: internal
393 service: local_image_registry
394 ks_endpoints:
395 jobs:
396 - manila-ks-service
397 services:
398 - endpoint: internal
399 service: identity
400 ks_service:
401 services:
402 - endpoint: internal
403 service: identity
404 ks_user:
405 services:
406 - endpoint: internal
407 service: identity
408 rabbit_init:
409 services:
410 - endpoint: internal
411 service: oslo_messaging
412
413conf:
Rico Lin59516f62023-10-04 23:25:47 +0800[diff] [blame]414 paste: {}
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]415 policy: {}
416 manila_sudoers: |
417 # This sudoers file supports rootwrap for both Kolla and LOCI Images.
418 Defaults !requiretty
419 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
420 manila ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/manila-rootwrap /etc/manila/rootwrap.conf *, /var/lib/openstack/bin/manila-rootwrap /etc/manila/rootwrap.conf *
421 rootwrap_filters:
422 share:
423 pods:
424 - share
425 content: |
426 # manila-rootwrap command filters for share nodes
427 # This file should be owned by (and only-writeable by) the root user
428
429 [Filters]
430 # manila/utils.py : 'chown', '%s', '%s'
431 chown: CommandFilter, chown, root
432 # manila/utils.py : 'cat', '%s'
433 cat: CommandFilter, cat, root
434
435 # manila/share/drivers/lvm.py: 'mkfs.ext4', '/dev/mapper/%s'
436 mkfs.ext4: CommandFilter, mkfs.ext4, root
437
438 # manila/share/drivers/lvm.py: 'mkfs.ext3', '/dev/mapper/%s'
439 mkfs.ext3: CommandFilter, mkfs.ext3, root
440
441 # manila/share/drivers/lvm.py: 'smbd', '-s', '%s', '-D'
442 smbd: CommandFilter, smbd, root
443 smb: CommandFilter, smb, root
444
445 # manila/share/drivers/lvm.py: 'rmdir', '%s'
446 rmdir: CommandFilter, rmdir, root
447
448 # manila/share/drivers/lvm.py: 'dd' 'count=0', 'if=%s' % srcstr, 'of=%s'
449 dd: CommandFilter, dd, root
450
451 # manila/share/drivers/lvm.py: 'fsck', '-pf', %s
452 fsck: CommandFilter, fsck, root
453
454 # manila/share/drivers/lvm.py: 'resize2fs', %s
455 resize2fs: CommandFilter, resize2fs, root
456
457 # manila/share/drivers/helpers.py: 'smbcontrol', 'all', 'close-share', '%s'
458 smbcontrol: CommandFilter, smbcontrol, root
459
460 # manila/share/drivers/helpers.py: 'net', 'conf', 'addshare', '%s', '%s', 'writeable=y', 'guest_ok=y
461 # manila/share/drivers/helpers.py: 'net', 'conf', 'delshare', '%s'
462 # manila/share/drivers/helpers.py: 'net', 'conf', 'setparm', '%s', '%s', '%s'
463 # manila/share/drivers/helpers.py: 'net', 'conf', 'getparm', '%s', 'hosts allow'
464 net: CommandFilter, net, root
465
466 # manila/share/drivers/helpers.py: 'cp', '%s', '%s'
467 cp: CommandFilter, cp, root
468
469 # manila/share/drivers/helpers.py: 'service', '%s', '%s'
470 service: CommandFilter, service, root
471
472 # manila/share/drivers/lvm.py: 'lvremove', '-f', "%s/%s
473 lvremove: CommandFilter, lvremove, root
474
475 # manila/share/drivers/lvm.py: 'lvextend', '-L', '%sG''-n', %s
476 lvextend: CommandFilter, lvextend, root
477
478 # manila/share/drivers/lvm.py: 'lvcreate', '-L', %s, '-n', %s
479 lvcreate: CommandFilter, lvcreate, root
480
481 # manila/share/drivers/lvm.py: 'vgs', '--noheadings', '-o', 'name'
482 # manila/share/drivers/lvm.py: 'vgs', %s, '--rows', '--units', 'g'
483 vgs: CommandFilter, vgs, root
484
485 # manila/share/drivers/lvm.py: 'tune2fs', '-U', 'random', '%volume-snapshot%'
486 tune2fs: CommandFilter, tune2fs, root
487
488 # manila/share/drivers/generic.py: 'sed', '-i', '\'/%s/d\'', '%s'
489 sed: CommandFilter, sed, root
490
491 # manila/share/drivers/glusterfs.py: 'mkdir', '%s'
492 # manila/share/drivers/ganesha/manager.py: 'mkdir', '-p', '%s'
493 mkdir: CommandFilter, mkdir, root
494
495 # manila/share/drivers/glusterfs.py: 'rm', '-rf', '%s'
496 rm: CommandFilter, rm, root
497
498 # manila/share/drivers/glusterfs.py: 'mount', '-t', 'glusterfs', '%s', '%s'
499 # manila/share/drivers/glusterfs/glusterfs_native.py: 'mount', '-t', 'glusterfs', '%s', '%s'
500 mount: CommandFilter, mount, root
501
502 # manila/share/drivers/glusterfs.py: 'gluster', '--xml', 'volume', 'info', '%s'
503 # manila/share/drivers/glusterfs.py: 'gluster', 'volume', 'set', '%s', 'nfs.export-dir', '%s'
504 gluster: CommandFilter, gluster, root
505
506 # manila/network/linux/ip_lib.py: 'ip', 'netns', 'exec', '%s', '%s'
507 ip: CommandFilter, ip, root
508
509 # manila/network/linux/interface.py: 'ovs-vsctl', 'add-port', '%s', '%s'
510 ovs-vsctl: CommandFilter, ovs-vsctl, root
511
512 # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '!', '-path', '%s', '!', '-path', '%s', '-delete'
513 # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '-delete'
514 find: CommandFilter, find, root
515
516 # manila/share/drivers/glusterfs/glusterfs_native.py: 'umount', '%s'
517 umount: CommandFilter, umount, root
518
519 # GPFS commands
520 # manila/share/drivers/ibm/gpfs.py: 'mmgetstate', '-Y'
521 mmgetstate: CommandFilter, mmgetstate, root
522 # manila/share/drivers/ibm/gpfs.py: 'mmlsattr', '%s'
523 mmlsattr: CommandFilter, mmlsattr, root
524 # manila/share/drivers/ibm/gpfs.py: 'mmcrfileset', '%s', '%s', '--inode-space', 'new'
525 mmcrfileset: CommandFilter, mmcrfileset, root
526 # manila/share/drivers/ibm/gpfs.py: 'mmlinkfileset', '%s', '%s', '-J', '%s'
527 mmlinkfileset: CommandFilter, mmlinkfileset, root
528 # manila/share/drivers/ibm/gpfs.py: 'mmsetquota', '-j', '%s', '-h', '%s', '%s'
529 mmsetquota: CommandFilter, mmsetquota, root
530 # manila/share/drivers/ibm/gpfs.py: 'mmunlinkfileset', '%s', '%s', '-f'
531 mmunlinkfileset: CommandFilter, mmunlinkfileset, root
532 # manila/share/drivers/ibm/gpfs.py: 'mmdelfileset', '%s', '%s', '-f'
533 mmdelfileset: CommandFilter, mmdelfileset, root
534 # manila/share/drivers/ibm/gpfs.py: 'mmcrsnapshot', '%s', '%s', '-j', '%s'
535 mmcrsnapshot: CommandFilter, mmcrsnapshot, root
536 # manila/share/drivers/ibm/gpfs.py: 'mmdelsnapshot', '%s', '%s', '-j', '%s'
537 mmdelsnapshot: CommandFilter, mmdelsnapshot, root
538 # manila/share/drivers/ibm/gpfs.py: 'rsync', '-rp', '%s', '%s'
539 rsync: CommandFilter, rsync, root
540 # manila/share/drivers/ibm/gpfs.py: 'exportfs'
541 exportfs: CommandFilter, exportfs, root
542 # manila/share/drivers/ibm/gpfs.py: 'stat', '--format=%F', '%s'
543 stat: CommandFilter, stat, root
544 # manila/share/drivers/ibm/gpfs.py: 'df', '-P', '-B', '1', '%s'
545 df: CommandFilter, df, root
546 # manila/share/drivers/ibm/gpfs.py: 'chmod', '777', '%s'
547 chmod: CommandFilter, chmod, root
548 # manila/share/drivers/ibm/gpfs.py: 'mmnfs', 'export', '%s', '%s'
549 mmnfs: CommandFilter, mmnfs, root
550 # manila/share/drivers/ibm/gpfs.py: 'mmlsfileset', '%s', '-J', '%s', '-L'
551 mmlsfileset: CommandFilter, mmlsfileset, root
552 # manila/share/drivers/ibm/gpfs.py: 'mmchfileset', '%s', '-J', '%s', '-j', '%s'
553 mmchfileset: CommandFilter, mmchfileset, root
554 # manila/share/drivers/ibm/gpfs.py: 'mmlsquota', '-j', '-J', '%s', '%s'
555 mmlsquota: CommandFilter, mmlsquota, root
556
557 # manila/share/drivers/ganesha/manager.py: 'mv', '%s', '%s'
558 mv: CommandFilter, mv, root
559
560 # manila/share/drivers/ganesha/manager.py: 'mktemp', '-p', '%s', '-t', '%s'
561 mktemp: CommandFilter, mktemp, root
562
563 # manila/share/drivers/ganesha/manager.py:
564 shcat: RegExpFilter, sh, root, sh, -c, echo '((.|\n)*)' > /.*
565
566 # manila/share/drivers/ganesha/manager.py:
567 dbus-addexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*, .*
568
569 # manila/share/drivers/ganesha/manager.py:
570 dbus-removeexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*
571
572 # manila/share/drivers/ganesha/manager.py:
573 dbus-updateexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.UpdateExport, .*, .*
574
575 # manila/share/drivers/ganesha/manager.py:
576 rmconf: RegExpFilter, sh, root, sh, -c, rm -f /.*/\*\.conf$
577
578 # ZFS commands
579 # manila/share/drivers/zfsonlinux/driver.py
580 # manila/share/drivers/zfsonlinux/utils.py
581 zpool: CommandFilter, zpool, root
582
583 # manila/share/drivers/zfsonlinux/driver.py
584 # manila/share/drivers/zfsonlinux/utils.py
585 zfs: CommandFilter, zfs, root
586
587 # manila/share/drivers/zfsonlinux/driver.py
588 kill: CommandFilter, kill, root
589
590 # manila/data/utils.py: 'ls', '-pA1', '--group-directories-first', '%s'
591 ls: CommandFilter, ls, root
592
593 # manila/data/utils.py: 'touch', '--reference=%s', '%s'
594 touch: CommandFilter, touch, root
595
596 # manila/share/drivers/container/container.py: docker <whatever>
597 docker: CommandFilter, docker, root
598
599 # manila/share/drivers/container/container.py: brctl <whatever>
600 brctl: CommandFilter, brctl, root
601
602 # manila/share/drivers/container/storage_helper.py: e2fsck <whatever>
603 # manila/share/drivers/generic.py: e2fsck <whatever>
604 # manila/share/drivers/lvm.py: e2fsck <whatever>
605 e2fsck: CommandFilter, e2fsck, root
606
607 # manila/share/drivers/lvm.py: lvconvert --merge %s
608 lvconvert: CommandFilter, lvconvert, root
609
610 # manila/data/utils.py: 'sha256sum', '%s'
611 sha256sum: CommandFilter, sha256sum, root
612
613 # manila/utils.py: 'tee', '%s'
614 tee: CommandFilter, tee, root
615
616 # manila/share/drivers/container/storage_helper.py: lvs -o lv_size --noheadings --nosuffix --units g <device>
617 lvs: CommandFilter, lvs, root
618
619 # manila/share/drivers/container/storage_helper.py: lvrename --autobackup n <old_name> <new_name>
620 lvrename: CommandFilter, lvrename, root
621 rootwrap: |
622 # Configuration for manila-rootwrap
623 # This file should be owned by (and only-writeable by) the root user
624
625 [DEFAULT]
626 # List of directories to load filter definitions from (separated by ',').
627 # These directories MUST all be only writeable by root !
628 filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap
629
630 # List of directories to search executables in, in case filters do not
631 # explicitly specify a full path (separated by ',')
632 # If not specified, defaults to system PATH environment variable.
633 # These directories MUST all be only writeable by root !
634 exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
635
636 # Enable logging to syslog
637 # Default value is False
638 use_syslog=False
639
640 # Which syslog facility to use.
641 # Valid values include auth, authpriv, syslog, user0, user1...
642 # Default value is 'syslog'
643 syslog_log_facility=syslog
644
645 # Which messages to log.
646 # INFO means log all usage
647 # ERROR means only log unsuccessful attempts
648 syslog_log_level=ERROR
649 manila:
650 DEFAULT:
651 default_share_type: default
652 default_share_group_type: default
653 share_name_template: share-%s
654 rootwrap_config: /etc/manila/rootwrap.conf
655 api_paste_config: /etc/manila/api-paste.ini
656 enabled_share_backends: generic
657 enabled_share_protocols: NFS
658 keystone_authtoken:
659 auth_type: password
660 auth_version: v3
661 memcache_security_strategy: ENCRYPT
662 endpoint_type: internalURL
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]663 service_type: sharev2
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]664 neutron:
665 auth_type: password
666 auth_version: v3
667 memcache_security_strategy: ENCRYPT
668 endpoint_type: internalURL
669 nova:
670 auth_type: password
671 auth_version: v3
672 memcache_security_strategy: ENCRYPT
673 endpoint_type: internalURL
674 cinder:
675 auth_type: password
676 auth_version: v3
677 memcache_security_strategy: ENCRYPT
678 endpoint_type: internalURL
679 glance:
680 auth_type: password
681 auth_version: v3
682 memcache_security_strategy: ENCRYPT
683 endpoint_type: internalURL
684 database:
685 max_retries: -1
686 generic:
687 share_backend_name: GENERIC
688 share_driver: manila.share.drivers.generic.GenericShareDriver
689 driver_handles_share_servers: true
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]690 # manila-service-flavor
691 service_instance_flavor_id: 100
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]692 service_image_name: manila-service-image
693 service_instance_user: manila
694 service_instance_password: manila
695 # # Module path to the Virtual Interface (VIF) driver class. This option
696 # # is used only by drivers operating in
697 # # `driver_handles_share_servers=True` mode that provision OpenStack
698 # # compute instances as share servers. This option is only supported
699 # # with Neutron networking. Drivers provided in tree work with Linux
700 # # Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and
701 # # OVS (manila.network.linux.interface.OVSInterfaceDriver). If the
702 # # manila-share service is running on a host that is connected to the
703 # # administrator network, a no-op driver
704 # # (manila.network.linux.interface.NoopInterfaceDriver) may be used.
705 # # (string value)
706 # interface_driver: manila.network.linux.interface.OVSInterfaceDriver
707 oslo_policy:
708 policy_file: /etc/manila/policy.yaml
709 oslo_concurrency:
710 lock_path: /var/lib/manila/tmp
711 oslo_messaging_notifications:
712 driver: messagingv2
713 oslo_middleware:
714 enable_proxy_headers_parsing: true
715 oslo_messaging_rabbit:
716 rabbit_ha_queues: true
717 logging:
718 loggers:
719 keys:
720 - root
721 - manila
722 handlers:
723 keys:
724 - stdout
725 - stderr
726 - "null"
727 formatters:
728 keys:
729 - context
730 - default
731 logger_root:
732 level: WARNING
733 handlers: 'null'
734 logger_manila:
735 level: INFO
736 handlers:
737 - stdout
738 qualname: manila
739 logger_amqp:
740 level: WARNING
741 handlers: stderr
742 qualname: amqp
743 logger_amqplib:
744 level: WARNING
745 handlers: stderr
746 qualname: amqplib
747 logger_eventletwsgi:
748 level: WARNING
749 handlers: stderr
750 qualname: eventlet.wsgi.server
751 logger_sqlalchemy:
752 level: WARNING
753 handlers: stderr
754 qualname: sqlalchemy
755 logger_boto:
756 level: WARNING
757 handlers: stderr
758 qualname: boto
759 handler_null:
760 class: logging.NullHandler
761 formatter: default
762 args: ()
763 handler_stdout:
764 class: StreamHandler
765 args: (sys.stdout,)
766 formatter: context
767 handler_stderr:
768 class: StreamHandler
769 args: (sys.stderr,)
770 formatter: context
771 formatter_context:
772 class: oslo_log.formatters.ContextFormatter
773 datefmt: "%Y-%m-%d %H:%M:%S"
774 formatter_default:
775 format: "%(message)s"
776 datefmt: "%Y-%m-%d %H:%M:%S"
777 rally_tests:
778 tests:
779 ManilaShares.create_and_delete_share:
780 - args:
781 share_proto: "nfs"
782 size: 1
783 share_type: "dhss_false"
784 min_sleep: 1
785 max_sleep: 2
786 context:
787 quotas:
788 manila:
789 shares: 0
790 gigabytes: 0
791 share_networks: 0
792 users:
793 tenants: 2
794 users_per_tenant: 1
795 user_choice_method: "round_robin"
796 manila_share_networks:
797 use_share_networks: true
798 runner:
799 concurrency: 4
800 times: 4
801 type: constant
802 sla:
803 failure_rate:
804 max: 0
Oleksandr Kozachenko103c85e2023-10-04 17:39:45 +0200[diff] [blame]805 manila_api_uwsgi:
806 uwsgi:
807 add-header: "Connection: close"
808 buffer-size: 65535
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]809 chunked-input-limit: "4096000"
Oleksandr Kozachenko103c85e2023-10-04 17:39:45 +0200[diff] [blame]810 die-on-term: true
811 enable-threads: true
812 exit-on-reload: false
813 hook-master-start: unix_signal:15 gracefully_kill_them_all
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]814 http-auto-chunked: true
815 http-raw-body: true
Oleksandr Kozachenko103c85e2023-10-04 17:39:45 +0200[diff] [blame]816 lazy-apps: true
817 log-x-forwarded-for: true
818 master: true
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]819 need-app: true
Oleksandr Kozachenko103c85e2023-10-04 17:39:45 +0200[diff] [blame]820 procname-prefix-spaced: "manila-api:"
821 route-user-agent: '^kube-probe.* donotlog:'
Mohammed Nasercb5d9c32024-04-03 16:19:01 -0400[diff] [blame]822 socket-timeout: 10
Oleksandr Kozachenko103c85e2023-10-04 17:39:45 +0200[diff] [blame]823 thunder-lock: true
824 worker-reload-mercy: 80
825 wsgi-file: /var/lib/openstack/bin/manila-wsgi
826
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]827# Names of secrets used by bootstrap and environmental checks
828secrets:
829 identity:
830 admin: manila-keystone-admin
831 manila: manila-keystone-user
832 oslo_db:
833 admin: manila-db-admin
834 manila: manila-db-user
835 oslo_messaging:
836 admin: manila-rabbitmq-admin
837 manila: manila-rabbitmq-user
838 tls:
839 share:
840 api:
841 public: manila-tls-public
842 internal: manila-tls-internal
843 oci_image_registry:
844 manila: manila-oci-image-registry
845
846endpoints:
847 cluster_domain_suffix: cluster.local
848 local_image_registry:
849 name: docker-registry
850 namespace: docker-registry
851 hosts:
852 default: localhost
853 internal: docker-registry
854 node: localhost
855 host_fqdn_override:
856 default: null
857 port:
858 registry:
859 node: 5000
860 oci_image_registry:
861 name: oci-image-registry
862 namespace: oci-image-registry
863 auth:
864 enabled: false
865 manila:
866 username: manila
867 password: password
868 hosts:
869 default: localhost
870 host_fqdn_override:
871 default: null
872 port:
873 registry:
874 default: null
875 identity:
876 name: keystone
877 auth:
878 admin:
879 region_name: RegionOne
880 username: admin
881 password: password
882 project_name: admin
883 user_domain_name: default
884 project_domain_name: default
885 manila:
886 role: admin
887 region_name: RegionOne
888 username: manila
889 password: password
890 project_name: service
891 user_domain_name: service
892 project_domain_name: service
893 hosts:
894 default: keystone
895 internal: keystone-api
896 host_fqdn_override:
897 default: null
898 path:
899 default: /v3
900 scheme:
901 default: http
902 port:
903 api:
904 default: 80
905 internal: 5000
906 share:
907 name: manila
908 hosts:
909 default: manila-api
910 public: manila
911 host_fqdn_override:
912 default: null
913 path:
okozachenko12037e7e6e02023-03-25 01:11:05 +1100[diff] [blame]914 default: '/v1'
915 scheme:
916 default: http
917 service: http
918 port:
919 api:
920 default: 8786
921 public: 80
922 service: 8786
923 sharev2:
okozachenko1203f878b6f2023-03-25 01:43:00 +1100[diff] [blame]924 name: manilav2
okozachenko12037e7e6e02023-03-25 01:11:05 +1100[diff] [blame]925 hosts:
926 default: manila-api
927 public: manila
928 host_fqdn_override:
929 default: null
930 path:
okozachenko1203bcd5a412023-03-24 01:54:38 +1100[diff] [blame]931 default: '/v2'
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]932 scheme:
933 default: http
934 service: http
935 port:
936 api:
937 default: 8786
938 public: 80
939 service: 8786
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]940 oslo_db:
941 auth:
942 admin:
943 username: root
944 password: password
945 secret:
946 tls:
947 internal: mariadb-tls-direct
948 manila:
949 username: manila
950 password: password
951 hosts:
952 default: mariadb
953 host_fqdn_override:
954 default: null
955 path: /manila
956 scheme: mysql+pymysql
957 port:
958 mysql:
959 default: 3306
960 oslo_messaging:
961 auth:
962 admin:
963 username: rabbitmq
964 password: password
965 secret:
966 tls:
967 internal: rabbitmq-tls-direct
968 manila:
969 username: manila
970 password: password
971 statefulset:
972 replicas: 2
973 name: rabbitmq-rabbitmq
974 hosts:
975 default: rabbitmq
976 host_fqdn_override:
977 default: null
978 path: /manila
979 scheme: rabbit
980 port:
981 amqp:
982 default: 5672
983 http:
984 default: 15672
985 oslo_cache:
986 auth:
987 # NOTE(portdirect): this is used to define the value for keystone
988 # authtoken cache encryption key, if not set it will be populated
989 # automatically with a random value, but to take advantage of
990 # this feature all services should be set to use the same key,
991 # and memcache service.
992 memcache_secret_key: null
993 hosts:
994 default: memcached
995 host_fqdn_override:
996 default: null
997 port:
998 memcache:
999 default: 11211
1000 fluentd:
1001 namespace: null
1002 name: fluentd
1003 hosts:
1004 default: fluentd-logging
1005 host_fqdn_override:
1006 default: null
1007 path:
1008 default: null
1009 scheme: 'http'
1010 port:
1011 service:
1012 default: 24224
1013 metrics:
1014 default: 24220
1015 # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
1016 # They are using to enable the Egress K8s network policy.
1017 kube_dns:
1018 namespace: kube-system
1019 name: kubernetes-dns
1020 hosts:
1021 default: kube-dns
1022 host_fqdn_override:
1023 default: null
1024 path:
1025 default: null
1026 scheme: http
1027 port:
1028 dns:
1029 default: 53
1030 protocol: UDP
1031 ingress:
1032 namespace: null
1033 name: ingress
1034 hosts:
1035 default: ingress
1036 port:
1037 ingress:
1038 default: 80
1039
1040tls:
1041 identity: false
1042 oslo_messaging: false
1043 oslo_db: false
1044
1045manifests:
1046 certificates: false
1047 configmap_bin: true
1048 configmap_etc: true
1049 deployment_api: true
1050 deployment_scheduler: true
okozachenko120385370ca2023-03-24 23:16:18 +1100[diff] [blame]1051 deployment_data: true
okozachenko120361008f72023-03-23 21:21:09 +1100[diff] [blame]1052 deployment_share: true
1053 ingress_api: true
1054 job_bootstrap: true
1055 job_db_init: true
1056 job_db_sync: true
1057 job_db_drop: false
1058 job_image_repo_sync: true
1059 job_rabbit_init: true
1060 job_ks_endpoints: true
1061 job_ks_service: true
1062 job_ks_user: true
1063 pdb_api: true
1064 pod_test: true
1065 secret_db: true
1066 network_policy: false
1067 secret_ingress_tls: true
1068 secret_keystone: true
1069 secret_rabbitmq: true
1070 secret_registry: true
1071 service_ingress_api: true
1072 service_api: true
1073...