From 52cfa298d7f9bf27b709cda889f00e6389d99514 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Fri, 4 Nov 2016 11:04:52 +0000 Subject: [PATCH] Update paste, policy and rootwrap configurations 2016-11-04 Change-Id: I1daa7199f548b9d922f963b07730c0580e616a91 --- templates/api-paste.ini.j2 | 5 ++++- templates/rootwrap.conf.j2 | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 index 5601274..75fb01d 100644 --- a/templates/api-paste.ini.j2 +++ b/templates/api-paste.ini.j2 @@ -1,5 +1,5 @@ [pipeline:sahara] -pipeline = cors request_id acl auth_validator sahara_api +pipeline = cors http_proxy_to_wsgi request_id acl auth_validator sahara_api [composite:sahara_api] use = egg:Paste#urlmap @@ -31,3 +31,6 @@ paste.filter_factory = sahara.api.middleware.auth_valid:AuthValidator.factory [filter:debug] paste.filter_factory = oslo_middleware.debug:Debug.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 index d808912..1cf69ca 100644 --- a/templates/rootwrap.conf.j2 +++ b/templates/rootwrap.conf.j2 @@ -1,15 +1,15 @@ # Configuration for sahara-rootwrap -# This file should be owned by (and only-writeable by) the root user +# This file should be owned by (and only-writable by) the root user [DEFAULT] # List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! +# These directories MUST all be only writable by root ! filters_path=/etc/sahara/rootwrap.d,/usr/share/sahara/rootwrap # List of directories to search executables in, in case filters do not # explicitely specify a full path (separated by ',') # If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! +# These directories MUST all be only writable by root ! exec_dirs={{ sahara_bin }},/sbin,/usr/sbin,/bin,/usr/bin # Enable logging to syslog