From d60f55f0d66810b27e6bd02856d386559d8eddf5 Mon Sep 17 00:00:00 2001 From: Matt Thompson Date: Tue, 9 Sep 2014 13:37:08 +0100 Subject: [PATCH] Use fixed templates for glance configuration This change moves away from the template generation to using fixed template files. This allows us to conditionally write blocks of configurations, which I have done for the swift_store options. This work is largely ripped from @cloudnull's cdc branch. Note that there are a few minor configuration changes introduced here by (from @cloudnull's branch), such as worker count in glance-api.conf. --- .../playbooks/openstack/glance-api.yml | 2 - .../playbooks/openstack/glance-registry.yml | 1 - .../glance_common/tasks/glance_config.yml | 39 ++- .../templates/glance-api-paste.ini | 72 +++++ .../glance_common/templates/glance-api.conf | 75 ++++++ .../glance_common/templates/glance-cache.conf | 14 + .../templates/glance-registry-paste.ini | 25 ++ .../templates/glance-registry.conf | 33 +++ .../templates/glance-scrubber.conf | 34 +++ .../vars/config_vars/glance_config.yml | 249 ------------------ 10 files changed, 268 insertions(+), 276 deletions(-) create mode 100644 rpc_deployment/roles/glance_common/templates/glance-api-paste.ini create mode 100644 rpc_deployment/roles/glance_common/templates/glance-api.conf create mode 100644 rpc_deployment/roles/glance_common/templates/glance-cache.conf create mode 100644 rpc_deployment/roles/glance_common/templates/glance-registry-paste.ini create mode 100644 rpc_deployment/roles/glance_common/templates/glance-registry.conf create mode 100644 rpc_deployment/roles/glance_common/templates/glance-scrubber.conf delete mode 100644 rpc_deployment/vars/config_vars/glance_config.yml diff --git a/rpc_deployment/playbooks/openstack/glance-api.yml b/rpc_deployment/playbooks/openstack/glance-api.yml index 4f7c7fffcf..567ede8ad4 100644 --- a/rpc_deployment/playbooks/openstack/glance-api.yml +++ b/rpc_deployment/playbooks/openstack/glance-api.yml @@ -41,7 +41,6 @@ - init_script - glance_cache_crons vars_files: - - vars/config_vars/glance_config.yml - vars/openstack_service_vars/glance_api.yml handlers: - include: handlers/services.yml @@ -54,7 +53,6 @@ - init_script - glance_cache_crons vars_files: - - vars/config_vars/glance_config.yml - vars/openstack_service_vars/glance_api.yml handlers: - include: handlers/services.yml diff --git a/rpc_deployment/playbooks/openstack/glance-registry.yml b/rpc_deployment/playbooks/openstack/glance-registry.yml index 44327cf0b1..104cd85d9e 100644 --- a/rpc_deployment/playbooks/openstack/glance-registry.yml +++ b/rpc_deployment/playbooks/openstack/glance-registry.yml @@ -26,7 +26,6 @@ - galera_client_cnf - init_script vars_files: - - vars/config_vars/glance_config.yml - vars/openstack_service_vars/glance_registry.yml handlers: - include: handlers/services.yml diff --git a/rpc_deployment/roles/glance_common/tasks/glance_config.yml b/rpc_deployment/roles/glance_common/tasks/glance_config.yml index d10b2fd245..162a04e445 100644 --- a/rpc_deployment/roles/glance_common/tasks/glance_config.yml +++ b/rpc_deployment/roles/glance_common/tasks/glance_config.yml @@ -13,29 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Drop Glance Config - template: > - src={{ item }} - dest=/etc/glance/{{ item }} - owner={{ system_user }} - group={{ system_group }} +- name: Drop Glance Config(s) + template: + src: "{{ item }}" + dest: "/etc/glance/{{ item }}" + owner: "{{ system_user }}" + group: "{{ system_group }}" with_items: - - policy.json - - schema.json - - schema-image.json - notify: Restart os service - -- name: Generate Glance Config - template: > - src=template_gen - dest=/etc/glance/{{ item.file }} - owner={{ system_user }} - group={{ system_group }} - with_items: - - { file: glance-registry-paste.ini, var: "{{ glance_registry_paste_ini }}" } - - { file: glance-api-paste.ini, var: "{{ glance_api_paste_ini }}" } - - { file: glance-registry.conf, var: "{{ glance_registry_conf }}" } - - { file: glance-api.conf, var: "{{ glance_api_conf }}" } - - { file: glance-cache.conf, var: "{{ glance_cache_conf }}" } - - { file: glance-scrubber.conf, var: "{{ glance_scrubber_conf }}" } + - glance-api-paste.ini + - glance-api.conf + - glance-cache.conf + - glance-registry-paste.ini + - glance-registry.conf + - glance-scrubber.conf + - policy.json + - schema-image.json + - schema.json notify: Restart os service diff --git a/rpc_deployment/roles/glance_common/templates/glance-api-paste.ini b/rpc_deployment/roles/glance_common/templates/glance-api-paste.ini new file mode 100644 index 0000000000..e4baa269fa --- /dev/null +++ b/rpc_deployment/roles/glance_common/templates/glance-api-paste.ini @@ -0,0 +1,72 @@ +# Use this pipeline for no auth or image caching - DEFAULT +[pipeline:glance-api] +pipeline = versionnegotiation unauthenticated-context rootapp + +# Use this pipeline for image caching and no auth +[pipeline:glance-api-caching] +pipeline = versionnegotiation unauthenticated-context cache rootapp + +# Use this pipeline for caching w/ management interface but no auth +[pipeline:glance-api-cachemanagement] +pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp + +# Use this pipeline for keystone auth +[pipeline:glance-api-keystone] +pipeline = versionnegotiation authtoken context rootapp + +# Use this pipeline for keystone auth with image caching +[pipeline:glance-api-keystone+caching] +pipeline = versionnegotiation authtoken context cache rootapp + +# Use this pipeline for keystone auth with caching and cache management +[pipeline:glance-api-keystone+cachemanagement] +pipeline = versionnegotiation authtoken context cache cachemanage rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-api-trusted-auth] +pipeline = versionnegotiation context rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user and uses cache management +[pipeline:glance-api-trusted-auth+cachemanagement] +pipeline = versionnegotiation context cache cachemanage rootapp + +[composite:rootapp] +paste.composite_factory = glance.api:root_app_factory +/: apiversions +/v1: apiv1app +/v2: apiv2app + +[app:apiversions] +paste.app_factory = glance.api.versions:create_resource + +[app:apiv1app] +paste.app_factory = glance.api.v1.router:API.factory + +[app:apiv2app] +paste.app_factory = glance.api.v2.router:API.factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory + +[filter:cache] +paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory + +[filter:cachemanage] +paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +delay_auth_decision = true + +[filter:gzip] +paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory diff --git a/rpc_deployment/roles/glance_common/templates/glance-api.conf b/rpc_deployment/roles/glance_common/templates/glance-api.conf new file mode 100644 index 0000000000..2a841c2d33 --- /dev/null +++ b/rpc_deployment/roles/glance_common/templates/glance-api.conf @@ -0,0 +1,75 @@ +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +log_file = /var/log/glance/glance-api.log +use_syslog = False +sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 +default_store = {{ default_store }} +known_stores = glance.store.filesystem.Store, + glance.store.http.Store, + glance.store.cinder.Store, + glance.store.swift.Store +bind_host = 0.0.0.0 +bind_port = 9292 +backlog = 4096 +workers = 4 +registry_host = {{ registry_host }} +registry_port = 9191 +registry_client_protocol = http +cinder_catalog_info = volume:cinder:internalURL + +##### RPC MESSAGING OPTIONS ##### +notification_driver = messaging +rpc_backend = {{ rpc_backend }} +rabbit_hosts = {{ rabbit_hosts }} +rabbit_port = {{ rabbit_port }} +rabbit_use_ssl = {{ rabbit_use_ssl }} +rabbit_userid = {{ rabbit_userid }} +rabbit_password = {{ rabbit_password }} +rabbit_virtual_host = {{ rabbit_virtual_host }} +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False + +{% if default_store == "swift" %} +##### STORE OPTIONS ##### +swift_store_auth_version = 2 +swift_store_auth_address = {{ swift_store_auth_address }} +swift_store_user = {{ swift_store_user }} +swift_store_key = {{ swift_store_key }} +swift_store_region = {{ swift_store_region }} +swift_store_container = {{ swift_store_container }} +swift_store_create_container_on_put = True +swift_store_large_object_size = 5120 +swift_store_large_object_chunk_size = 200 +swift_store_retry_get_count = 5 +swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }} + +{% endif %} +filesystem_store_datadir = /var/lib/glance/images/ +delayed_delete = False +scrub_time = 43200 +scrubber_datadir = /var/lib/glance/scrubber/ +image_cache_dir = /var/lib/glance/cache/ + +[keystone_authtoken] +signing_dir = /var/lib/glance/cache/api +identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} +auth_uri = {{ auth_identity_uri }} +admin_tenant_name = {{ service_admin_tenant_name }} +admin_user = {{ service_admin_username }} +admin_password = {{ service_admin_password }} + +memcached_servers = {{ internal_vip_address }}:{{ memcached_port }} +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_secret_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} + +[paste_deploy] +flavor = {{ flavor }} diff --git a/rpc_deployment/roles/glance_common/templates/glance-cache.conf b/rpc_deployment/roles/glance_common/templates/glance-cache.conf new file mode 100644 index 0000000000..96d747d193 --- /dev/null +++ b/rpc_deployment/roles/glance_common/templates/glance-cache.conf @@ -0,0 +1,14 @@ +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +admin_password = {{ glance_service_password }} +admin_user = glance +admin_tenant_name = service +use_syslog = False +image_cache_dir = /var/lib/glance/cache/ +image_cache_stall_time = 86400 +image_cache_max_size = 10737418240 +registry_host = {{ registry_host }} +registry_port = 9191 +auth_url = {{ auth_admin_uri }} +filesystem_store_datadir = /var/lib/glance/images/ diff --git a/rpc_deployment/roles/glance_common/templates/glance-registry-paste.ini b/rpc_deployment/roles/glance_common/templates/glance-registry-paste.ini new file mode 100644 index 0000000000..ab8c2856df --- /dev/null +++ b/rpc_deployment/roles/glance_common/templates/glance-registry-paste.ini @@ -0,0 +1,25 @@ +# Use this pipeline for no auth - DEFAULT +[pipeline:glance-registry] +pipeline = unauthenticated-context registryapp + +# Use this pipeline for keystone auth +[pipeline:glance-registry-keystone] +pipeline = authtoken context registryapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-registry-trusted-auth] +pipeline = context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.api:API.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/rpc_deployment/roles/glance_common/templates/glance-registry.conf b/rpc_deployment/roles/glance_common/templates/glance-registry.conf new file mode 100644 index 0000000000..5a2aed9fbe --- /dev/null +++ b/rpc_deployment/roles/glance_common/templates/glance-registry.conf @@ -0,0 +1,33 @@ +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +log_file = /var/log/glance/glance-registry.log +use_syslog = False +sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8 +bind_host = 0.0.0.0 +bind_port = 9191 +backlog = 4096 +api_limit_max = 1000 +limit_param_default = 25 + +[keystone_authtoken] +signing_dir = /var/lib/glance/cache/registry/ +identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} +auth_uri = {{ auth_identity_uri }} +admin_tenant_name = {{ service_admin_tenant_name }} +admin_user = {{ service_admin_username }} +admin_password = {{ service_admin_password }} + +memcached_servers = {{ internal_vip_address }}:{{ memcached_port }} +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_secret_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }} + +[paste_deploy] +flavor = keystone diff --git a/rpc_deployment/roles/glance_common/templates/glance-scrubber.conf b/rpc_deployment/roles/glance_common/templates/glance-scrubber.conf new file mode 100644 index 0000000000..cf32966203 --- /dev/null +++ b/rpc_deployment/roles/glance_common/templates/glance-scrubber.conf @@ -0,0 +1,34 @@ +[DEFAULT] +verbose = {{ verbose }} +debug = {{ debug }} +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +log_file = /var/log/glance/scrubber.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +#use_syslog: False + +# Should we run our own loop or rely on cron/scheduler to run us +daemon = False + +# Loop time between checking for new items to schedule for delete +wakeup_time = 300 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-api.conf +scrubber_datadir = /var/lib/glance/scrubber + +# Only one server in your deployment should be designated the cleanup host +cleanup_scrubber = False + +# pending_delete items older than this time are candidates for cleanup +cleanup_scrubber_time = 86400 + +# Address to find the registry server for cleanups +registry_host = 0.0.0.0 + +# Port the registry server is listening on +registry_port = 9191 diff --git a/rpc_deployment/vars/config_vars/glance_config.yml b/rpc_deployment/vars/config_vars/glance_config.yml deleted file mode 100644 index 62f424642d..0000000000 --- a/rpc_deployment/vars/config_vars/glance_config.yml +++ /dev/null @@ -1,249 +0,0 @@ -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -glance_api_conf: - DEFAULT: - verbose: "{{ verbose }}" - debug: "{{ debug }}" - log_file: /var/log/glance/glance-api.log - use_syslog: False - sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8" - default_store: "{{ default_store }}" - bind_host: 0.0.0.0 - bind_port: 9292 - backlog: 4096 - workers: 1 - registry_host: "{{ registry_host }}" - registry_port: 9191 - registry_client_protocol: http - cinder_catalog_info: "volume:cinder:internalURL" - - ##### RPC MESSAGING OPTIONS ##### - notification_driver: messaging - rpc_backend: "{{ rpc_backend }}" - - rabbit_hosts: "{{ rabbit_hosts }}" - - rabbit_port: "{{ rabbit_port }}" - rabbit_use_ssl: "{{ rabbit_use_ssl }}" - rabbit_userid: "{{ rabbit_userid }}" - rabbit_password: "{{ rabbit_password }}" - rabbit_virtual_host: "{{ rabbit_virtual_host }}" - rabbit_notification_exchange: glance - rabbit_notification_topic: notifications - rabbit_durable_queues: False - - ##### STORE OPTIONS ##### - swift_store_auth_version: 2 - swift_store_auth_address: "{{ swift_store_auth_address }}" - swift_store_user: "{{ swift_store_user }}" - swift_store_key: "{{ swift_store_key }}" - swift_store_region: "{{ swift_store_region }}" - swift_store_container: "{{ swift_store_container }}" - swift_store_create_container_on_put: True - swift_store_large_object_size: 5120 - swift_store_large_object_chunk_size: 200 - swift_store_retry_get_count: 5 - swift_store_endpoint_type: "{{ glance_swift_store_endpoint_type }}" - - filesystem_store_datadir: /var/lib/glance/images/ - delayed_delete: False - scrub_time: 43200 - scrubber_datadir: /var/lib/glance/scrubber/ - image_cache_dir: /var/lib/glance/cache/ - - keystone_authtoken: - signing_dir: /var/lib/glance/cache/api - identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}" - auth_uri: "{{ auth_identity_uri }}" - admin_tenant_name: "{{ service_admin_tenant_name }}" - admin_user: "{{ service_admin_username }}" - admin_password: "{{ service_admin_password }}" - - memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}" - token_cache_time: 300 - revocation_cache_time: 60 - - # if your memcached server is shared, use these settings to avoid cache poisoning - memcache_security_strategy: ENCRYPT - memcache_secret_key: "{{ memcached_secret_key }}" - - # if your keystone deployment uses PKI, and you value security over performance: - check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}" - - paste_deploy: - flavor: "{{ flavor }}" - - -glance_cache_conf: - DEFAULT: - verbose: "{{ verbose }}" - debug: "{{ debug }}" - admin_password: "{{ glance_service_password }}" - admin_user: glance - admin_tenant_name: service - use_syslog: False - image_cache_dir: /var/lib/glance/cache/ - image_cache_stall_time: 86400 - image_cache_max_size: 10737418240 - registry_host: "{{ registry_host }}" - registry_port: 9191 - auth_url: "{{ auth_admin_uri }}" - filesystem_store_datadir: /var/lib/glance/images/ - - -glance_registry_conf: - DEFAULT: - verbose: "{{ verbose }}" - debug: "{{ debug }}" - log_file: /var/log/glance/glance-registry.log - use_syslog: False - sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8" - bind_host: 0.0.0.0 - bind_port: 9191 - backlog: 4096 - api_limit_max: 1000 - limit_param_default: 25 - - keystone_authtoken: - signing_dir: /var/lib/glance/cache/registry/ - identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}" - auth_uri: "{{ auth_identity_uri }}" - admin_tenant_name: "{{ service_admin_tenant_name }}" - admin_user: "{{ service_admin_username }}" - admin_password: "{{ service_admin_password }}" - - memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}" - token_cache_time: 300 - revocation_cache_time: 60 - - # if your memcached server is shared, use these settings to avoid cache poisoning - memcache_security_strategy: ENCRYPT - memcache_secret_key: "{{ memcached_secret_key }}" - - # if your keystone deployment uses PKI, and you value security over performance: - check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}" - - paste_deploy: - flavor: keystone - -glance_scrubber_conf: - DEFAULT: - verbose: "{{ verbose }}" - debug: "{{ debug }}" - # Log to this file. Make sure you do not set the same log file for both the API - # and registry servers! - # - # If `log_file` is omitted and `use_syslog` is false, then log messages are - # sent to stdout as a fallback. - log_file: /var/log/glance/scrubber.log - - # Send logs to syslog (/dev/log) instead of to file specified by `log_file` - #use_syslog: False - - # Should we run our own loop or rely on cron/scheduler to run us - daemon: False - - # Loop time between checking for new items to schedule for delete - wakeup_time: 300 - - # Directory that the scrubber will use to remind itself of what to delete - # Make sure this is also set in glance-api.conf - scrubber_datadir: /var/lib/glance/scrubber - - # Only one server in your deployment should be designated the cleanup host - cleanup_scrubber: False - - # pending_delete items older than this time are candidates for cleanup - cleanup_scrubber_time: 86400 - - # Address to find the registry server for cleanups - registry_host: 0.0.0.0 - - # Port the registry server is listening on - registry_port: 9191 - - -glance_api_paste_ini: - # Use this pipeline for no auth or image caching - DEFAULT - pipeline:glance-api: - pipeline: "versionnegotiation unauthenticated-context rootapp" - # Use this pipeline for image caching and no auth - pipeline:glance-api-caching: - pipeline: "versionnegotiation unauthenticated-context cache rootapp" - # Use this pipeline for caching w/ management interface but no auth - pipeline:glance-api-cachemanagement: - pipeline: "versionnegotiation unauthenticated-context cache cachemanage rootapp" - # Use this pipeline for keystone auth - pipeline:glance-api-keystone: - pipeline: "versionnegotiation authtoken context rootapp" - # Use this pipeline for keystone auth with image caching - pipeline:glance-api-keystone+caching: - pipeline: "versionnegotiation authtoken context cache rootapp" - # Use this pipeline for keystone auth with caching and cache management - pipeline:glance-api-keystone+cachemanagement: - pipeline: "versionnegotiation authtoken context cache cachemanage rootapp" - # Use this pipeline for authZ only. This means that the registry will treat a - # user as authenticated without making requests to keystone to reauthenticate - # the user. - pipeline:glance-api-trusted-auth: - pipeline: "versionnegotiation context rootapp" - # Use this pipeline for authZ only. This means that the registry will treat a - # user as authenticated without making requests to keystone to reauthenticate - # the user and uses cache management - pipeline:glance-api-trusted-auth+cachemanagement: - pipeline: "versionnegotiation context cache cachemanage rootapp" - composite:rootapp: - paste.composite_factory: "glance.api:root_app_factory" - /: "apiversions" - /v1: "apiv1app" - /v2: "apiv2app" - app:apiversions: - paste.app_factory: "glance.api.versions:create_resource" - app:apiv1app: - paste.app_factory: "glance.api.v1.router:API.factory" - app:apiv2app: - paste.app_factory: "glance.api.v2.router:API.factory" - filter:versionnegotiation: - paste.filter_factory: "glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory" - filter:cache: - paste.filter_factory: "glance.api.middleware.cache:CacheFilter.factory" - filter:cachemanage: - paste.filter_factory: "glance.api.middleware.cache_manage:CacheManageFilter.factory" - filter:context: - paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory" - filter:unauthenticated-context: - paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory" - filter:authtoken: - paste.filter_factory: "keystonemiddleware.auth_token:filter_factory" - delay_auth_decision: true - filter:gzip: - paste.filter_factory: "glance.api.middleware.gzip:GzipMiddleware.factory" - -glance_registry_paste_ini: - pipeline:glance-registry: - pipeline: "unauthenticated-context registryapp" - pipeline:glance-registry-keystone: - pipeline: "authtoken context registryapp" - pipeline:glance-registry-trusted-auth: - pipeline: "context registryapp" - app:registryapp: - paste.app_factory: "glance.registry.api:API.factory" - filter:context: - paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory" - filter:unauthenticated-context: - paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory" - filter:authtoken: - paste.filter_factory: "keystonemiddleware.auth_token:filter_factory" -