Use fixed templates for glance configuration

This change moves away from the template generation to using fixed template files. This allows us to conditionally write blocks of configurations, which I have done for the swift_store options. This work is largely ripped from @cloudnull's cdc branch. Note that there are a few minor configuration changes introduced here by (from @cloudnull's branch), such as worker count in glance-api.conf.
2014-09-09 13:37:08 +01:00 · 2014-09-09 13:37:08 +01:00 · d60f55f0d6
commit d60f55f0d6
parent cfe01cb2a6
10 changed files with 268 additions and 276 deletions
--- a/rpc_deployment/playbooks/openstack/glance-api.yml
+++ b/rpc_deployment/playbooks/openstack/glance-api.yml
@ -41,7 +41,6 @@
    - init_script
    - glance_cache_crons
  vars_files:
-    - vars/config_vars/glance_config.yml
    - vars/openstack_service_vars/glance_api.yml
  handlers:
    - include: handlers/services.yml
@ -54,7 +53,6 @@
    - init_script
    - glance_cache_crons
  vars_files:
-    - vars/config_vars/glance_config.yml
    - vars/openstack_service_vars/glance_api.yml
  handlers:
    - include: handlers/services.yml
--- a/rpc_deployment/playbooks/openstack/glance-registry.yml
+++ b/rpc_deployment/playbooks/openstack/glance-registry.yml
@ -26,7 +26,6 @@
    - galera_client_cnf
    - init_script
  vars_files:
-    - vars/config_vars/glance_config.yml
    - vars/openstack_service_vars/glance_registry.yml
  handlers:
    - include: handlers/services.yml
--- a/rpc_deployment/roles/glance_common/tasks/glance_config.yml
+++ b/rpc_deployment/roles/glance_common/tasks/glance_config.yml
@ -13,29 +13,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Drop Glance Config
-  template: >
-    src={{ item }}
-    dest=/etc/glance/{{ item }}
-    owner={{ system_user }}
-    group={{ system_group }}
+- name: Drop Glance Config(s)
+  template:
+    src: "{{ item }}"
+    dest: "/etc/glance/{{ item }}"
+    owner: "{{ system_user }}"
+    group: "{{ system_group }}"
  with_items:
-      - policy.json
-      - schema.json
-      - schema-image.json
-  notify: Restart os service
-
- name: Generate Glance Config
-  template: >
-    src=template_gen
-    dest=/etc/glance/{{ item.file }}
-    owner={{ system_user }}
-    group={{ system_group }}
-  with_items:
-      - { file: glance-registry-paste.ini, var: "{{ glance_registry_paste_ini }}" }
-      - { file: glance-api-paste.ini, var: "{{ glance_api_paste_ini }}" }
-      - { file: glance-registry.conf, var: "{{ glance_registry_conf }}" }
-      - { file: glance-api.conf, var: "{{ glance_api_conf }}" }
-      - { file: glance-cache.conf, var: "{{ glance_cache_conf }}" }
-      - { file: glance-scrubber.conf, var: "{{ glance_scrubber_conf }}" }
+    - glance-api-paste.ini
+    - glance-api.conf
+    - glance-cache.conf
+    - glance-registry-paste.ini
+    - glance-registry.conf
+    - glance-scrubber.conf
+    - policy.json
+    - schema-image.json
+    - schema.json
  notify: Restart os service
--- a/rpc_deployment/roles/glance_common/templates/glance-api-paste.ini
+++ b/rpc_deployment/roles/glance_common/templates/glance-api-paste.ini
@ -0,0 +1,72 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+pipeline = versionnegotiation unauthenticated-context rootapp
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation authtoken context rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation authtoken context cache cachemanage rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-api-trusted-auth]
+pipeline = versionnegotiation context rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user and uses cache management
+[pipeline:glance-api-trusted-auth+cachemanagement]
+pipeline = versionnegotiation context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+delay_auth_decision = true
+
+[filter:gzip]
+paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
--- a/rpc_deployment/roles/glance_common/templates/glance-api.conf
+++ b/rpc_deployment/roles/glance_common/templates/glance-api.conf
@ -0,0 +1,75 @@
+[DEFAULT]
+verbose = {{ verbose }}
+debug = {{ debug }}
+log_file = /var/log/glance/glance-api.log
+use_syslog = False
+sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
+default_store = {{ default_store }}
+known_stores = glance.store.filesystem.Store,
+               glance.store.http.Store,
+               glance.store.cinder.Store,
+               glance.store.swift.Store
+bind_host = 0.0.0.0
+bind_port = 9292
+backlog = 4096
+workers = 4
+registry_host = {{ registry_host }}
+registry_port = 9191
+registry_client_protocol = http
+cinder_catalog_info = volume:cinder:internalURL
+
+##### RPC MESSAGING OPTIONS #####
+notification_driver = messaging
+rpc_backend = {{ rpc_backend }}
+rabbit_hosts = {{ rabbit_hosts }}
+rabbit_port = {{ rabbit_port }}
+rabbit_use_ssl = {{ rabbit_use_ssl }}
+rabbit_userid = {{ rabbit_userid }}
+rabbit_password = {{ rabbit_password }}
+rabbit_virtual_host = {{ rabbit_virtual_host }}
+rabbit_notification_exchange = glance
+rabbit_notification_topic = notifications
+rabbit_durable_queues = False
+
+{% if default_store == "swift" %}
+##### STORE OPTIONS #####
+swift_store_auth_version = 2
+swift_store_auth_address = {{ swift_store_auth_address }}
+swift_store_user = {{ swift_store_user }}
+swift_store_key = {{ swift_store_key }}
+swift_store_region = {{ swift_store_region }}
+swift_store_container = {{ swift_store_container }}
+swift_store_create_container_on_put = True
+swift_store_large_object_size = 5120
+swift_store_large_object_chunk_size = 200
+swift_store_retry_get_count = 5
+swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
+
+{% endif %}
+filesystem_store_datadir = /var/lib/glance/images/
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber/
+image_cache_dir = /var/lib/glance/cache/
+
+[keystone_authtoken]
+signing_dir = /var/lib/glance/cache/api
+identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
+auth_uri = {{ auth_identity_uri }}
+admin_tenant_name = {{ service_admin_tenant_name }}
+admin_user = {{ service_admin_username }}
+admin_password = {{ service_admin_password }}
+
+memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
+token_cache_time = 300
+revocation_cache_time = 60
+
+# if your memcached server is shared, use these settings to avoid cache poisoning
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcached_secret_key }}
+
+# if your keystone deployment uses PKI, and you value security over performance:
+check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
+
+[paste_deploy]
+flavor = {{ flavor }}
--- a/rpc_deployment/roles/glance_common/templates/glance-cache.conf
+++ b/rpc_deployment/roles/glance_common/templates/glance-cache.conf
@ -0,0 +1,14 @@
+[DEFAULT]
+verbose = {{ verbose }}
+debug = {{ debug }}
+admin_password = {{ glance_service_password }}
+admin_user = glance
+admin_tenant_name = service
+use_syslog = False
+image_cache_dir = /var/lib/glance/cache/
+image_cache_stall_time = 86400
+image_cache_max_size = 10737418240
+registry_host = {{ registry_host }}
+registry_port = 9191
+auth_url = {{ auth_admin_uri }}
+filesystem_store_datadir = /var/lib/glance/images/
--- a/rpc_deployment/roles/glance_common/templates/glance-registry-paste.ini
+++ b/rpc_deployment/roles/glance_common/templates/glance-registry-paste.ini
@ -0,0 +1,25 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
--- a/rpc_deployment/roles/glance_common/templates/glance-registry.conf
+++ b/rpc_deployment/roles/glance_common/templates/glance-registry.conf
@ -0,0 +1,33 @@
+[DEFAULT]
+verbose = {{ verbose }}
+debug = {{ debug }}
+log_file = /var/log/glance/glance-registry.log
+use_syslog = False
+sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
+bind_host = 0.0.0.0
+bind_port = 9191
+backlog = 4096
+api_limit_max = 1000
+limit_param_default = 25
+
+[keystone_authtoken]
+signing_dir = /var/lib/glance/cache/registry/
+identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
+auth_uri = {{ auth_identity_uri }}
+admin_tenant_name = {{ service_admin_tenant_name }}
+admin_user = {{ service_admin_username }}
+admin_password = {{ service_admin_password }}
+
+memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
+token_cache_time = 300
+revocation_cache_time = 60
+
+# if your memcached server is shared, use these settings to avoid cache poisoning
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcached_secret_key }}
+
+# if your keystone deployment uses PKI, and you value security over performance:
+check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
+
+[paste_deploy]
+flavor = keystone
--- a/rpc_deployment/roles/glance_common/templates/glance-scrubber.conf
+++ b/rpc_deployment/roles/glance_common/templates/glance-scrubber.conf
@ -0,0 +1,34 @@
+[DEFAULT]
+verbose = {{ verbose }}
+debug = {{ debug }}
+# Log to this file. Make sure you do not set the same log file for both the API
+# and registry servers!
+#
+# If `log_file` is omitted and `use_syslog` is false, then log messages are
+# sent to stdout as a fallback.
+log_file = /var/log/glance/scrubber.log
+
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+#use_syslog: False
+
+# Should we run our own loop or rely on cron/scheduler to run us
+daemon = False
+
+# Loop time between checking for new items to schedule for delete
+wakeup_time = 300
+
+# Directory that the scrubber will use to remind itself of what to delete
+# Make sure this is also set in glance-api.conf
+scrubber_datadir = /var/lib/glance/scrubber
+
+# Only one server in your deployment should be designated the cleanup host
+cleanup_scrubber = False
+
+# pending_delete items older than this time are candidates for cleanup
+cleanup_scrubber_time = 86400
+
+# Address to find the registry server for cleanups
+registry_host = 0.0.0.0
+
+# Port the registry server is listening on
+registry_port = 9191
--- a/rpc_deployment/vars/config_vars/glance_config.yml
+++ b/rpc_deployment/vars/config_vars/glance_config.yml
@ -1,249 +0,0 @@
-# Copyright 2014, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-glance_api_conf:
-  DEFAULT:
-    verbose: "{{ verbose }}"
-    debug: "{{ debug }}"
-    log_file: /var/log/glance/glance-api.log
-    use_syslog: False
-    sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
-    default_store: "{{ default_store }}"
-    bind_host: 0.0.0.0
-    bind_port: 9292
-    backlog: 4096
-    workers: 1
-    registry_host: "{{ registry_host }}"
-    registry_port: 9191
-    registry_client_protocol: http
-    cinder_catalog_info: "volume:cinder:internalURL"
-
-    ##### RPC MESSAGING OPTIONS #####
-    notification_driver: messaging
-    rpc_backend: "{{ rpc_backend }}"
-
-    rabbit_hosts: "{{ rabbit_hosts }}"
-
-    rabbit_port: "{{ rabbit_port }}"
-    rabbit_use_ssl: "{{ rabbit_use_ssl }}"
-    rabbit_userid: "{{ rabbit_userid }}"
-    rabbit_password: "{{ rabbit_password }}"
-    rabbit_virtual_host: "{{ rabbit_virtual_host }}"
-    rabbit_notification_exchange: glance
-    rabbit_notification_topic: notifications
-    rabbit_durable_queues: False
-
-    ##### STORE OPTIONS #####
-    swift_store_auth_version: 2
-    swift_store_auth_address: "{{ swift_store_auth_address }}"
-    swift_store_user: "{{ swift_store_user }}"
-    swift_store_key: "{{ swift_store_key }}"
-    swift_store_region: "{{ swift_store_region }}"
-    swift_store_container: "{{ swift_store_container }}"
-    swift_store_create_container_on_put: True
-    swift_store_large_object_size: 5120
-    swift_store_large_object_chunk_size: 200
-    swift_store_retry_get_count: 5
-    swift_store_endpoint_type: "{{ glance_swift_store_endpoint_type }}"
-
-    filesystem_store_datadir: /var/lib/glance/images/
-    delayed_delete: False
-    scrub_time: 43200
-    scrubber_datadir: /var/lib/glance/scrubber/
-    image_cache_dir: /var/lib/glance/cache/
-
-  keystone_authtoken:
-    signing_dir: /var/lib/glance/cache/api
-    identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}"
-    auth_uri: "{{ auth_identity_uri }}"
-    admin_tenant_name: "{{ service_admin_tenant_name }}"
-    admin_user: "{{ service_admin_username }}"
-    admin_password: "{{ service_admin_password }}"
-
-    memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}"
-    token_cache_time: 300
-    revocation_cache_time: 60
- 
-    # if your memcached server is shared, use these settings to avoid cache poisoning
-    memcache_security_strategy: ENCRYPT
-    memcache_secret_key: "{{ memcached_secret_key }}"
- 
-    # if your keystone deployment uses PKI, and you value security over performance:
-    check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}"
-
-  paste_deploy:
-    flavor: "{{ flavor }}"
-
-
-glance_cache_conf:
-  DEFAULT:
-    verbose: "{{ verbose }}"
-    debug: "{{ debug }}"
-    admin_password: "{{ glance_service_password }}"
-    admin_user: glance
-    admin_tenant_name: service
-    use_syslog: False
-    image_cache_dir: /var/lib/glance/cache/
-    image_cache_stall_time: 86400
-    image_cache_max_size: 10737418240
-    registry_host: "{{ registry_host }}"
-    registry_port: 9191
-    auth_url: "{{ auth_admin_uri }}"
-    filesystem_store_datadir: /var/lib/glance/images/
-
-
-glance_registry_conf:
-  DEFAULT:
-    verbose: "{{ verbose }}"
-    debug: "{{ debug }}"
-    log_file: /var/log/glance/glance-registry.log
-    use_syslog: False
-    sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
-    bind_host: 0.0.0.0
-    bind_port: 9191
-    backlog: 4096
-    api_limit_max: 1000
-    limit_param_default: 25
-
-  keystone_authtoken:
-    signing_dir: /var/lib/glance/cache/registry/
-    identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}"
-    auth_uri: "{{ auth_identity_uri }}"
-    admin_tenant_name: "{{ service_admin_tenant_name }}"
-    admin_user: "{{ service_admin_username }}"
-    admin_password: "{{ service_admin_password }}"
-
-    memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}"
-    token_cache_time: 300
-    revocation_cache_time: 60
-
-    # if your memcached server is shared, use these settings to avoid cache poisoning
-    memcache_security_strategy: ENCRYPT
-    memcache_secret_key: "{{ memcached_secret_key }}"
-
-    # if your keystone deployment uses PKI, and you value security over performance:
-    check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}"
-
-  paste_deploy:
-    flavor: keystone
-
-glance_scrubber_conf:
-  DEFAULT:
-    verbose: "{{ verbose }}"
-    debug: "{{ debug }}"
-    # Log to this file. Make sure you do not set the same log file for both the API
-    # and registry servers!
-    #
-    # If `log_file` is omitted and `use_syslog` is false, then log messages are
-    # sent to stdout as a fallback.
-    log_file: /var/log/glance/scrubber.log
-
-    # Send logs to syslog (/dev/log) instead of to file specified by `log_file`
-    #use_syslog: False
-
-    # Should we run our own loop or rely on cron/scheduler to run us
-    daemon: False
-
-    # Loop time between checking for new items to schedule for delete
-    wakeup_time: 300
-
-    # Directory that the scrubber will use to remind itself of what to delete
-    # Make sure this is also set in glance-api.conf
-    scrubber_datadir: /var/lib/glance/scrubber
-
-    # Only one server in your deployment should be designated the cleanup host
-    cleanup_scrubber: False
-
-    # pending_delete items older than this time are candidates for cleanup
-    cleanup_scrubber_time: 86400
-
-    # Address to find the registry server for cleanups
-    registry_host: 0.0.0.0
-
-    # Port the registry server is listening on
-    registry_port: 9191
-
-
-glance_api_paste_ini:
-  # Use this pipeline for no auth or image caching - DEFAULT
-  pipeline:glance-api:
-    pipeline: "versionnegotiation unauthenticated-context rootapp"
-  # Use this pipeline for image caching and no auth
-  pipeline:glance-api-caching:
-    pipeline: "versionnegotiation unauthenticated-context cache rootapp"
-  # Use this pipeline for caching w/ management interface but no auth
-  pipeline:glance-api-cachemanagement:
-    pipeline: "versionnegotiation unauthenticated-context cache cachemanage rootapp"
-  # Use this pipeline for keystone auth
-  pipeline:glance-api-keystone:
-    pipeline: "versionnegotiation authtoken context rootapp"
-  # Use this pipeline for keystone auth with image caching
-  pipeline:glance-api-keystone+caching:
-    pipeline: "versionnegotiation authtoken context cache rootapp"
-  # Use this pipeline for keystone auth with caching and cache management
-  pipeline:glance-api-keystone+cachemanagement:
-    pipeline: "versionnegotiation authtoken context cache cachemanage rootapp"
-  # Use this pipeline for authZ only. This means that the registry will treat a
-  # user as authenticated without making requests to keystone to reauthenticate
-  # the user.
-  pipeline:glance-api-trusted-auth:
-    pipeline: "versionnegotiation context rootapp"
-  # Use this pipeline for authZ only. This means that the registry will treat a
-  # user as authenticated without making requests to keystone to reauthenticate
-  # the user and uses cache management
-  pipeline:glance-api-trusted-auth+cachemanagement:
-    pipeline: "versionnegotiation context cache cachemanage rootapp"
-  composite:rootapp:
-    paste.composite_factory: "glance.api:root_app_factory"
-    /: "apiversions"
-    /v1: "apiv1app"
-    /v2: "apiv2app"
-  app:apiversions:
-    paste.app_factory: "glance.api.versions:create_resource"
-  app:apiv1app:
-    paste.app_factory: "glance.api.v1.router:API.factory"
-  app:apiv2app:
-    paste.app_factory: "glance.api.v2.router:API.factory"
-  filter:versionnegotiation:
-    paste.filter_factory: "glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory"
-  filter:cache:
-    paste.filter_factory: "glance.api.middleware.cache:CacheFilter.factory"
-  filter:cachemanage:
-    paste.filter_factory: "glance.api.middleware.cache_manage:CacheManageFilter.factory"
-  filter:context:
-    paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory"
-  filter:unauthenticated-context:
-    paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory"
-  filter:authtoken:
-    paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
-    delay_auth_decision: true
-  filter:gzip:
-    paste.filter_factory: "glance.api.middleware.gzip:GzipMiddleware.factory"
-
-glance_registry_paste_ini:
-  pipeline:glance-registry:
-    pipeline: "unauthenticated-context registryapp"
-  pipeline:glance-registry-keystone:
-    pipeline: "authtoken context registryapp"
-  pipeline:glance-registry-trusted-auth:
-    pipeline: "context registryapp"
-  app:registryapp:
-    paste.app_factory: "glance.registry.api:API.factory"
-  filter:context:
-    paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory"
-  filter:unauthenticated-context:
-    paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory"
-  filter:authtoken:
-    paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
-