Use fixed templates for glance configuration
This change moves away from the template generation to using fixed template files. This allows us to conditionally write blocks of configurations, which I have done for the swift_store options. This work is largely ripped from @cloudnull's cdc branch. Note that there are a few minor configuration changes introduced here by (from @cloudnull's branch), such as worker count in glance-api.conf.
This commit is contained in:
parent
cfe01cb2a6
commit
d60f55f0d6
@ -41,7 +41,6 @@
|
|||||||
- init_script
|
- init_script
|
||||||
- glance_cache_crons
|
- glance_cache_crons
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/config_vars/glance_config.yml
|
|
||||||
- vars/openstack_service_vars/glance_api.yml
|
- vars/openstack_service_vars/glance_api.yml
|
||||||
handlers:
|
handlers:
|
||||||
- include: handlers/services.yml
|
- include: handlers/services.yml
|
||||||
@ -54,7 +53,6 @@
|
|||||||
- init_script
|
- init_script
|
||||||
- glance_cache_crons
|
- glance_cache_crons
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/config_vars/glance_config.yml
|
|
||||||
- vars/openstack_service_vars/glance_api.yml
|
- vars/openstack_service_vars/glance_api.yml
|
||||||
handlers:
|
handlers:
|
||||||
- include: handlers/services.yml
|
- include: handlers/services.yml
|
||||||
|
@ -26,7 +26,6 @@
|
|||||||
- galera_client_cnf
|
- galera_client_cnf
|
||||||
- init_script
|
- init_script
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/config_vars/glance_config.yml
|
|
||||||
- vars/openstack_service_vars/glance_registry.yml
|
- vars/openstack_service_vars/glance_registry.yml
|
||||||
handlers:
|
handlers:
|
||||||
- include: handlers/services.yml
|
- include: handlers/services.yml
|
||||||
|
@ -13,29 +13,20 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Drop Glance Config
|
- name: Drop Glance Config(s)
|
||||||
template: >
|
template:
|
||||||
src={{ item }}
|
src: "{{ item }}"
|
||||||
dest=/etc/glance/{{ item }}
|
dest: "/etc/glance/{{ item }}"
|
||||||
owner={{ system_user }}
|
owner: "{{ system_user }}"
|
||||||
group={{ system_group }}
|
group: "{{ system_group }}"
|
||||||
with_items:
|
with_items:
|
||||||
- policy.json
|
- glance-api-paste.ini
|
||||||
- schema.json
|
- glance-api.conf
|
||||||
- schema-image.json
|
- glance-cache.conf
|
||||||
notify: Restart os service
|
- glance-registry-paste.ini
|
||||||
|
- glance-registry.conf
|
||||||
- name: Generate Glance Config
|
- glance-scrubber.conf
|
||||||
template: >
|
- policy.json
|
||||||
src=template_gen
|
- schema-image.json
|
||||||
dest=/etc/glance/{{ item.file }}
|
- schema.json
|
||||||
owner={{ system_user }}
|
|
||||||
group={{ system_group }}
|
|
||||||
with_items:
|
|
||||||
- { file: glance-registry-paste.ini, var: "{{ glance_registry_paste_ini }}" }
|
|
||||||
- { file: glance-api-paste.ini, var: "{{ glance_api_paste_ini }}" }
|
|
||||||
- { file: glance-registry.conf, var: "{{ glance_registry_conf }}" }
|
|
||||||
- { file: glance-api.conf, var: "{{ glance_api_conf }}" }
|
|
||||||
- { file: glance-cache.conf, var: "{{ glance_cache_conf }}" }
|
|
||||||
- { file: glance-scrubber.conf, var: "{{ glance_scrubber_conf }}" }
|
|
||||||
notify: Restart os service
|
notify: Restart os service
|
||||||
|
@ -0,0 +1,72 @@
|
|||||||
|
# Use this pipeline for no auth or image caching - DEFAULT
|
||||||
|
[pipeline:glance-api]
|
||||||
|
pipeline = versionnegotiation unauthenticated-context rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for image caching and no auth
|
||||||
|
[pipeline:glance-api-caching]
|
||||||
|
pipeline = versionnegotiation unauthenticated-context cache rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for caching w/ management interface but no auth
|
||||||
|
[pipeline:glance-api-cachemanagement]
|
||||||
|
pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for keystone auth
|
||||||
|
[pipeline:glance-api-keystone]
|
||||||
|
pipeline = versionnegotiation authtoken context rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for keystone auth with image caching
|
||||||
|
[pipeline:glance-api-keystone+caching]
|
||||||
|
pipeline = versionnegotiation authtoken context cache rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for keystone auth with caching and cache management
|
||||||
|
[pipeline:glance-api-keystone+cachemanagement]
|
||||||
|
pipeline = versionnegotiation authtoken context cache cachemanage rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||||
|
# user as authenticated without making requests to keystone to reauthenticate
|
||||||
|
# the user.
|
||||||
|
[pipeline:glance-api-trusted-auth]
|
||||||
|
pipeline = versionnegotiation context rootapp
|
||||||
|
|
||||||
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||||
|
# user as authenticated without making requests to keystone to reauthenticate
|
||||||
|
# the user and uses cache management
|
||||||
|
[pipeline:glance-api-trusted-auth+cachemanagement]
|
||||||
|
pipeline = versionnegotiation context cache cachemanage rootapp
|
||||||
|
|
||||||
|
[composite:rootapp]
|
||||||
|
paste.composite_factory = glance.api:root_app_factory
|
||||||
|
/: apiversions
|
||||||
|
/v1: apiv1app
|
||||||
|
/v2: apiv2app
|
||||||
|
|
||||||
|
[app:apiversions]
|
||||||
|
paste.app_factory = glance.api.versions:create_resource
|
||||||
|
|
||||||
|
[app:apiv1app]
|
||||||
|
paste.app_factory = glance.api.v1.router:API.factory
|
||||||
|
|
||||||
|
[app:apiv2app]
|
||||||
|
paste.app_factory = glance.api.v2.router:API.factory
|
||||||
|
|
||||||
|
[filter:versionnegotiation]
|
||||||
|
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
||||||
|
|
||||||
|
[filter:cache]
|
||||||
|
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
||||||
|
|
||||||
|
[filter:cachemanage]
|
||||||
|
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
||||||
|
|
||||||
|
[filter:context]
|
||||||
|
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||||
|
|
||||||
|
[filter:unauthenticated-context]
|
||||||
|
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||||
|
|
||||||
|
[filter:authtoken]
|
||||||
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||||
|
delay_auth_decision = true
|
||||||
|
|
||||||
|
[filter:gzip]
|
||||||
|
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
75
rpc_deployment/roles/glance_common/templates/glance-api.conf
Normal file
75
rpc_deployment/roles/glance_common/templates/glance-api.conf
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
verbose = {{ verbose }}
|
||||||
|
debug = {{ debug }}
|
||||||
|
log_file = /var/log/glance/glance-api.log
|
||||||
|
use_syslog = False
|
||||||
|
sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
|
||||||
|
default_store = {{ default_store }}
|
||||||
|
known_stores = glance.store.filesystem.Store,
|
||||||
|
glance.store.http.Store,
|
||||||
|
glance.store.cinder.Store,
|
||||||
|
glance.store.swift.Store
|
||||||
|
bind_host = 0.0.0.0
|
||||||
|
bind_port = 9292
|
||||||
|
backlog = 4096
|
||||||
|
workers = 4
|
||||||
|
registry_host = {{ registry_host }}
|
||||||
|
registry_port = 9191
|
||||||
|
registry_client_protocol = http
|
||||||
|
cinder_catalog_info = volume:cinder:internalURL
|
||||||
|
|
||||||
|
##### RPC MESSAGING OPTIONS #####
|
||||||
|
notification_driver = messaging
|
||||||
|
rpc_backend = {{ rpc_backend }}
|
||||||
|
rabbit_hosts = {{ rabbit_hosts }}
|
||||||
|
rabbit_port = {{ rabbit_port }}
|
||||||
|
rabbit_use_ssl = {{ rabbit_use_ssl }}
|
||||||
|
rabbit_userid = {{ rabbit_userid }}
|
||||||
|
rabbit_password = {{ rabbit_password }}
|
||||||
|
rabbit_virtual_host = {{ rabbit_virtual_host }}
|
||||||
|
rabbit_notification_exchange = glance
|
||||||
|
rabbit_notification_topic = notifications
|
||||||
|
rabbit_durable_queues = False
|
||||||
|
|
||||||
|
{% if default_store == "swift" %}
|
||||||
|
##### STORE OPTIONS #####
|
||||||
|
swift_store_auth_version = 2
|
||||||
|
swift_store_auth_address = {{ swift_store_auth_address }}
|
||||||
|
swift_store_user = {{ swift_store_user }}
|
||||||
|
swift_store_key = {{ swift_store_key }}
|
||||||
|
swift_store_region = {{ swift_store_region }}
|
||||||
|
swift_store_container = {{ swift_store_container }}
|
||||||
|
swift_store_create_container_on_put = True
|
||||||
|
swift_store_large_object_size = 5120
|
||||||
|
swift_store_large_object_chunk_size = 200
|
||||||
|
swift_store_retry_get_count = 5
|
||||||
|
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
filesystem_store_datadir = /var/lib/glance/images/
|
||||||
|
delayed_delete = False
|
||||||
|
scrub_time = 43200
|
||||||
|
scrubber_datadir = /var/lib/glance/scrubber/
|
||||||
|
image_cache_dir = /var/lib/glance/cache/
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
signing_dir = /var/lib/glance/cache/api
|
||||||
|
identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||||
|
auth_uri = {{ auth_identity_uri }}
|
||||||
|
admin_tenant_name = {{ service_admin_tenant_name }}
|
||||||
|
admin_user = {{ service_admin_username }}
|
||||||
|
admin_password = {{ service_admin_password }}
|
||||||
|
|
||||||
|
memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
|
||||||
|
token_cache_time = 300
|
||||||
|
revocation_cache_time = 60
|
||||||
|
|
||||||
|
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||||
|
memcache_security_strategy = ENCRYPT
|
||||||
|
memcache_secret_key = {{ memcached_secret_key }}
|
||||||
|
|
||||||
|
# if your keystone deployment uses PKI, and you value security over performance:
|
||||||
|
check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
|
||||||
|
|
||||||
|
[paste_deploy]
|
||||||
|
flavor = {{ flavor }}
|
@ -0,0 +1,14 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
verbose = {{ verbose }}
|
||||||
|
debug = {{ debug }}
|
||||||
|
admin_password = {{ glance_service_password }}
|
||||||
|
admin_user = glance
|
||||||
|
admin_tenant_name = service
|
||||||
|
use_syslog = False
|
||||||
|
image_cache_dir = /var/lib/glance/cache/
|
||||||
|
image_cache_stall_time = 86400
|
||||||
|
image_cache_max_size = 10737418240
|
||||||
|
registry_host = {{ registry_host }}
|
||||||
|
registry_port = 9191
|
||||||
|
auth_url = {{ auth_admin_uri }}
|
||||||
|
filesystem_store_datadir = /var/lib/glance/images/
|
@ -0,0 +1,25 @@
|
|||||||
|
# Use this pipeline for no auth - DEFAULT
|
||||||
|
[pipeline:glance-registry]
|
||||||
|
pipeline = unauthenticated-context registryapp
|
||||||
|
|
||||||
|
# Use this pipeline for keystone auth
|
||||||
|
[pipeline:glance-registry-keystone]
|
||||||
|
pipeline = authtoken context registryapp
|
||||||
|
|
||||||
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||||
|
# user as authenticated without making requests to keystone to reauthenticate
|
||||||
|
# the user.
|
||||||
|
[pipeline:glance-registry-trusted-auth]
|
||||||
|
pipeline = context registryapp
|
||||||
|
|
||||||
|
[app:registryapp]
|
||||||
|
paste.app_factory = glance.registry.api:API.factory
|
||||||
|
|
||||||
|
[filter:context]
|
||||||
|
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||||
|
|
||||||
|
[filter:unauthenticated-context]
|
||||||
|
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||||
|
|
||||||
|
[filter:authtoken]
|
||||||
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
@ -0,0 +1,33 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
verbose = {{ verbose }}
|
||||||
|
debug = {{ debug }}
|
||||||
|
log_file = /var/log/glance/glance-registry.log
|
||||||
|
use_syslog = False
|
||||||
|
sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
|
||||||
|
bind_host = 0.0.0.0
|
||||||
|
bind_port = 9191
|
||||||
|
backlog = 4096
|
||||||
|
api_limit_max = 1000
|
||||||
|
limit_param_default = 25
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
signing_dir = /var/lib/glance/cache/registry/
|
||||||
|
identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||||
|
auth_uri = {{ auth_identity_uri }}
|
||||||
|
admin_tenant_name = {{ service_admin_tenant_name }}
|
||||||
|
admin_user = {{ service_admin_username }}
|
||||||
|
admin_password = {{ service_admin_password }}
|
||||||
|
|
||||||
|
memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
|
||||||
|
token_cache_time = 300
|
||||||
|
revocation_cache_time = 60
|
||||||
|
|
||||||
|
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||||
|
memcache_security_strategy = ENCRYPT
|
||||||
|
memcache_secret_key = {{ memcached_secret_key }}
|
||||||
|
|
||||||
|
# if your keystone deployment uses PKI, and you value security over performance:
|
||||||
|
check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
|
||||||
|
|
||||||
|
[paste_deploy]
|
||||||
|
flavor = keystone
|
@ -0,0 +1,34 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
verbose = {{ verbose }}
|
||||||
|
debug = {{ debug }}
|
||||||
|
# Log to this file. Make sure you do not set the same log file for both the API
|
||||||
|
# and registry servers!
|
||||||
|
#
|
||||||
|
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
||||||
|
# sent to stdout as a fallback.
|
||||||
|
log_file = /var/log/glance/scrubber.log
|
||||||
|
|
||||||
|
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||||
|
#use_syslog: False
|
||||||
|
|
||||||
|
# Should we run our own loop or rely on cron/scheduler to run us
|
||||||
|
daemon = False
|
||||||
|
|
||||||
|
# Loop time between checking for new items to schedule for delete
|
||||||
|
wakeup_time = 300
|
||||||
|
|
||||||
|
# Directory that the scrubber will use to remind itself of what to delete
|
||||||
|
# Make sure this is also set in glance-api.conf
|
||||||
|
scrubber_datadir = /var/lib/glance/scrubber
|
||||||
|
|
||||||
|
# Only one server in your deployment should be designated the cleanup host
|
||||||
|
cleanup_scrubber = False
|
||||||
|
|
||||||
|
# pending_delete items older than this time are candidates for cleanup
|
||||||
|
cleanup_scrubber_time = 86400
|
||||||
|
|
||||||
|
# Address to find the registry server for cleanups
|
||||||
|
registry_host = 0.0.0.0
|
||||||
|
|
||||||
|
# Port the registry server is listening on
|
||||||
|
registry_port = 9191
|
@ -1,249 +0,0 @@
|
|||||||
# Copyright 2014, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
glance_api_conf:
|
|
||||||
DEFAULT:
|
|
||||||
verbose: "{{ verbose }}"
|
|
||||||
debug: "{{ debug }}"
|
|
||||||
log_file: /var/log/glance/glance-api.log
|
|
||||||
use_syslog: False
|
|
||||||
sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
|
|
||||||
default_store: "{{ default_store }}"
|
|
||||||
bind_host: 0.0.0.0
|
|
||||||
bind_port: 9292
|
|
||||||
backlog: 4096
|
|
||||||
workers: 1
|
|
||||||
registry_host: "{{ registry_host }}"
|
|
||||||
registry_port: 9191
|
|
||||||
registry_client_protocol: http
|
|
||||||
cinder_catalog_info: "volume:cinder:internalURL"
|
|
||||||
|
|
||||||
##### RPC MESSAGING OPTIONS #####
|
|
||||||
notification_driver: messaging
|
|
||||||
rpc_backend: "{{ rpc_backend }}"
|
|
||||||
|
|
||||||
rabbit_hosts: "{{ rabbit_hosts }}"
|
|
||||||
|
|
||||||
rabbit_port: "{{ rabbit_port }}"
|
|
||||||
rabbit_use_ssl: "{{ rabbit_use_ssl }}"
|
|
||||||
rabbit_userid: "{{ rabbit_userid }}"
|
|
||||||
rabbit_password: "{{ rabbit_password }}"
|
|
||||||
rabbit_virtual_host: "{{ rabbit_virtual_host }}"
|
|
||||||
rabbit_notification_exchange: glance
|
|
||||||
rabbit_notification_topic: notifications
|
|
||||||
rabbit_durable_queues: False
|
|
||||||
|
|
||||||
##### STORE OPTIONS #####
|
|
||||||
swift_store_auth_version: 2
|
|
||||||
swift_store_auth_address: "{{ swift_store_auth_address }}"
|
|
||||||
swift_store_user: "{{ swift_store_user }}"
|
|
||||||
swift_store_key: "{{ swift_store_key }}"
|
|
||||||
swift_store_region: "{{ swift_store_region }}"
|
|
||||||
swift_store_container: "{{ swift_store_container }}"
|
|
||||||
swift_store_create_container_on_put: True
|
|
||||||
swift_store_large_object_size: 5120
|
|
||||||
swift_store_large_object_chunk_size: 200
|
|
||||||
swift_store_retry_get_count: 5
|
|
||||||
swift_store_endpoint_type: "{{ glance_swift_store_endpoint_type }}"
|
|
||||||
|
|
||||||
filesystem_store_datadir: /var/lib/glance/images/
|
|
||||||
delayed_delete: False
|
|
||||||
scrub_time: 43200
|
|
||||||
scrubber_datadir: /var/lib/glance/scrubber/
|
|
||||||
image_cache_dir: /var/lib/glance/cache/
|
|
||||||
|
|
||||||
keystone_authtoken:
|
|
||||||
signing_dir: /var/lib/glance/cache/api
|
|
||||||
identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}"
|
|
||||||
auth_uri: "{{ auth_identity_uri }}"
|
|
||||||
admin_tenant_name: "{{ service_admin_tenant_name }}"
|
|
||||||
admin_user: "{{ service_admin_username }}"
|
|
||||||
admin_password: "{{ service_admin_password }}"
|
|
||||||
|
|
||||||
memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}"
|
|
||||||
token_cache_time: 300
|
|
||||||
revocation_cache_time: 60
|
|
||||||
|
|
||||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
|
||||||
memcache_security_strategy: ENCRYPT
|
|
||||||
memcache_secret_key: "{{ memcached_secret_key }}"
|
|
||||||
|
|
||||||
# if your keystone deployment uses PKI, and you value security over performance:
|
|
||||||
check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}"
|
|
||||||
|
|
||||||
paste_deploy:
|
|
||||||
flavor: "{{ flavor }}"
|
|
||||||
|
|
||||||
|
|
||||||
glance_cache_conf:
|
|
||||||
DEFAULT:
|
|
||||||
verbose: "{{ verbose }}"
|
|
||||||
debug: "{{ debug }}"
|
|
||||||
admin_password: "{{ glance_service_password }}"
|
|
||||||
admin_user: glance
|
|
||||||
admin_tenant_name: service
|
|
||||||
use_syslog: False
|
|
||||||
image_cache_dir: /var/lib/glance/cache/
|
|
||||||
image_cache_stall_time: 86400
|
|
||||||
image_cache_max_size: 10737418240
|
|
||||||
registry_host: "{{ registry_host }}"
|
|
||||||
registry_port: 9191
|
|
||||||
auth_url: "{{ auth_admin_uri }}"
|
|
||||||
filesystem_store_datadir: /var/lib/glance/images/
|
|
||||||
|
|
||||||
|
|
||||||
glance_registry_conf:
|
|
||||||
DEFAULT:
|
|
||||||
verbose: "{{ verbose }}"
|
|
||||||
debug: "{{ debug }}"
|
|
||||||
log_file: /var/log/glance/glance-registry.log
|
|
||||||
use_syslog: False
|
|
||||||
sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
|
|
||||||
bind_host: 0.0.0.0
|
|
||||||
bind_port: 9191
|
|
||||||
backlog: 4096
|
|
||||||
api_limit_max: 1000
|
|
||||||
limit_param_default: 25
|
|
||||||
|
|
||||||
keystone_authtoken:
|
|
||||||
signing_dir: /var/lib/glance/cache/registry/
|
|
||||||
identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}"
|
|
||||||
auth_uri: "{{ auth_identity_uri }}"
|
|
||||||
admin_tenant_name: "{{ service_admin_tenant_name }}"
|
|
||||||
admin_user: "{{ service_admin_username }}"
|
|
||||||
admin_password: "{{ service_admin_password }}"
|
|
||||||
|
|
||||||
memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}"
|
|
||||||
token_cache_time: 300
|
|
||||||
revocation_cache_time: 60
|
|
||||||
|
|
||||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
|
||||||
memcache_security_strategy: ENCRYPT
|
|
||||||
memcache_secret_key: "{{ memcached_secret_key }}"
|
|
||||||
|
|
||||||
# if your keystone deployment uses PKI, and you value security over performance:
|
|
||||||
check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}"
|
|
||||||
|
|
||||||
paste_deploy:
|
|
||||||
flavor: keystone
|
|
||||||
|
|
||||||
glance_scrubber_conf:
|
|
||||||
DEFAULT:
|
|
||||||
verbose: "{{ verbose }}"
|
|
||||||
debug: "{{ debug }}"
|
|
||||||
# Log to this file. Make sure you do not set the same log file for both the API
|
|
||||||
# and registry servers!
|
|
||||||
#
|
|
||||||
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
|
||||||
# sent to stdout as a fallback.
|
|
||||||
log_file: /var/log/glance/scrubber.log
|
|
||||||
|
|
||||||
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
|
||||||
#use_syslog: False
|
|
||||||
|
|
||||||
# Should we run our own loop or rely on cron/scheduler to run us
|
|
||||||
daemon: False
|
|
||||||
|
|
||||||
# Loop time between checking for new items to schedule for delete
|
|
||||||
wakeup_time: 300
|
|
||||||
|
|
||||||
# Directory that the scrubber will use to remind itself of what to delete
|
|
||||||
# Make sure this is also set in glance-api.conf
|
|
||||||
scrubber_datadir: /var/lib/glance/scrubber
|
|
||||||
|
|
||||||
# Only one server in your deployment should be designated the cleanup host
|
|
||||||
cleanup_scrubber: False
|
|
||||||
|
|
||||||
# pending_delete items older than this time are candidates for cleanup
|
|
||||||
cleanup_scrubber_time: 86400
|
|
||||||
|
|
||||||
# Address to find the registry server for cleanups
|
|
||||||
registry_host: 0.0.0.0
|
|
||||||
|
|
||||||
# Port the registry server is listening on
|
|
||||||
registry_port: 9191
|
|
||||||
|
|
||||||
|
|
||||||
glance_api_paste_ini:
|
|
||||||
# Use this pipeline for no auth or image caching - DEFAULT
|
|
||||||
pipeline:glance-api:
|
|
||||||
pipeline: "versionnegotiation unauthenticated-context rootapp"
|
|
||||||
# Use this pipeline for image caching and no auth
|
|
||||||
pipeline:glance-api-caching:
|
|
||||||
pipeline: "versionnegotiation unauthenticated-context cache rootapp"
|
|
||||||
# Use this pipeline for caching w/ management interface but no auth
|
|
||||||
pipeline:glance-api-cachemanagement:
|
|
||||||
pipeline: "versionnegotiation unauthenticated-context cache cachemanage rootapp"
|
|
||||||
# Use this pipeline for keystone auth
|
|
||||||
pipeline:glance-api-keystone:
|
|
||||||
pipeline: "versionnegotiation authtoken context rootapp"
|
|
||||||
# Use this pipeline for keystone auth with image caching
|
|
||||||
pipeline:glance-api-keystone+caching:
|
|
||||||
pipeline: "versionnegotiation authtoken context cache rootapp"
|
|
||||||
# Use this pipeline for keystone auth with caching and cache management
|
|
||||||
pipeline:glance-api-keystone+cachemanagement:
|
|
||||||
pipeline: "versionnegotiation authtoken context cache cachemanage rootapp"
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user.
|
|
||||||
pipeline:glance-api-trusted-auth:
|
|
||||||
pipeline: "versionnegotiation context rootapp"
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user and uses cache management
|
|
||||||
pipeline:glance-api-trusted-auth+cachemanagement:
|
|
||||||
pipeline: "versionnegotiation context cache cachemanage rootapp"
|
|
||||||
composite:rootapp:
|
|
||||||
paste.composite_factory: "glance.api:root_app_factory"
|
|
||||||
/: "apiversions"
|
|
||||||
/v1: "apiv1app"
|
|
||||||
/v2: "apiv2app"
|
|
||||||
app:apiversions:
|
|
||||||
paste.app_factory: "glance.api.versions:create_resource"
|
|
||||||
app:apiv1app:
|
|
||||||
paste.app_factory: "glance.api.v1.router:API.factory"
|
|
||||||
app:apiv2app:
|
|
||||||
paste.app_factory: "glance.api.v2.router:API.factory"
|
|
||||||
filter:versionnegotiation:
|
|
||||||
paste.filter_factory: "glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory"
|
|
||||||
filter:cache:
|
|
||||||
paste.filter_factory: "glance.api.middleware.cache:CacheFilter.factory"
|
|
||||||
filter:cachemanage:
|
|
||||||
paste.filter_factory: "glance.api.middleware.cache_manage:CacheManageFilter.factory"
|
|
||||||
filter:context:
|
|
||||||
paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory"
|
|
||||||
filter:unauthenticated-context:
|
|
||||||
paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory"
|
|
||||||
filter:authtoken:
|
|
||||||
paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
|
|
||||||
delay_auth_decision: true
|
|
||||||
filter:gzip:
|
|
||||||
paste.filter_factory: "glance.api.middleware.gzip:GzipMiddleware.factory"
|
|
||||||
|
|
||||||
glance_registry_paste_ini:
|
|
||||||
pipeline:glance-registry:
|
|
||||||
pipeline: "unauthenticated-context registryapp"
|
|
||||||
pipeline:glance-registry-keystone:
|
|
||||||
pipeline: "authtoken context registryapp"
|
|
||||||
pipeline:glance-registry-trusted-auth:
|
|
||||||
pipeline: "context registryapp"
|
|
||||||
app:registryapp:
|
|
||||||
paste.app_factory: "glance.registry.api:API.factory"
|
|
||||||
filter:context:
|
|
||||||
paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory"
|
|
||||||
filter:unauthenticated-context:
|
|
||||||
paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory"
|
|
||||||
filter:authtoken:
|
|
||||||
paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user