Use fixed templates for glance configuration
This change moves away from the template generation to using fixed template files. This allows us to conditionally write blocks of configurations, which I have done for the swift_store options. This work is largely ripped from @cloudnull's cdc branch. Note that there are a few minor configuration changes introduced here by (from @cloudnull's branch), such as worker count in glance-api.conf.
This commit is contained in:
parent
cfe01cb2a6
commit
d60f55f0d6
@ -41,7 +41,6 @@
|
||||
- init_script
|
||||
- glance_cache_crons
|
||||
vars_files:
|
||||
- vars/config_vars/glance_config.yml
|
||||
- vars/openstack_service_vars/glance_api.yml
|
||||
handlers:
|
||||
- include: handlers/services.yml
|
||||
@ -54,7 +53,6 @@
|
||||
- init_script
|
||||
- glance_cache_crons
|
||||
vars_files:
|
||||
- vars/config_vars/glance_config.yml
|
||||
- vars/openstack_service_vars/glance_api.yml
|
||||
handlers:
|
||||
- include: handlers/services.yml
|
||||
|
@ -26,7 +26,6 @@
|
||||
- galera_client_cnf
|
||||
- init_script
|
||||
vars_files:
|
||||
- vars/config_vars/glance_config.yml
|
||||
- vars/openstack_service_vars/glance_registry.yml
|
||||
handlers:
|
||||
- include: handlers/services.yml
|
||||
|
@ -13,29 +13,20 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Drop Glance Config
|
||||
template: >
|
||||
src={{ item }}
|
||||
dest=/etc/glance/{{ item }}
|
||||
owner={{ system_user }}
|
||||
group={{ system_group }}
|
||||
- name: Drop Glance Config(s)
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/glance/{{ item }}"
|
||||
owner: "{{ system_user }}"
|
||||
group: "{{ system_group }}"
|
||||
with_items:
|
||||
- glance-api-paste.ini
|
||||
- glance-api.conf
|
||||
- glance-cache.conf
|
||||
- glance-registry-paste.ini
|
||||
- glance-registry.conf
|
||||
- glance-scrubber.conf
|
||||
- policy.json
|
||||
- schema.json
|
||||
- schema-image.json
|
||||
notify: Restart os service
|
||||
|
||||
- name: Generate Glance Config
|
||||
template: >
|
||||
src=template_gen
|
||||
dest=/etc/glance/{{ item.file }}
|
||||
owner={{ system_user }}
|
||||
group={{ system_group }}
|
||||
with_items:
|
||||
- { file: glance-registry-paste.ini, var: "{{ glance_registry_paste_ini }}" }
|
||||
- { file: glance-api-paste.ini, var: "{{ glance_api_paste_ini }}" }
|
||||
- { file: glance-registry.conf, var: "{{ glance_registry_conf }}" }
|
||||
- { file: glance-api.conf, var: "{{ glance_api_conf }}" }
|
||||
- { file: glance-cache.conf, var: "{{ glance_cache_conf }}" }
|
||||
- { file: glance-scrubber.conf, var: "{{ glance_scrubber_conf }}" }
|
||||
- schema.json
|
||||
notify: Restart os service
|
||||
|
@ -0,0 +1,72 @@
|
||||
# Use this pipeline for no auth or image caching - DEFAULT
|
||||
[pipeline:glance-api]
|
||||
pipeline = versionnegotiation unauthenticated-context rootapp
|
||||
|
||||
# Use this pipeline for image caching and no auth
|
||||
[pipeline:glance-api-caching]
|
||||
pipeline = versionnegotiation unauthenticated-context cache rootapp
|
||||
|
||||
# Use this pipeline for caching w/ management interface but no auth
|
||||
[pipeline:glance-api-cachemanagement]
|
||||
pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-api-keystone]
|
||||
pipeline = versionnegotiation authtoken context rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with image caching
|
||||
[pipeline:glance-api-keystone+caching]
|
||||
pipeline = versionnegotiation authtoken context cache rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with caching and cache management
|
||||
[pipeline:glance-api-keystone+cachemanagement]
|
||||
pipeline = versionnegotiation authtoken context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-api-trusted-auth]
|
||||
pipeline = versionnegotiation context rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user and uses cache management
|
||||
[pipeline:glance-api-trusted-auth+cachemanagement]
|
||||
pipeline = versionnegotiation context cache cachemanage rootapp
|
||||
|
||||
[composite:rootapp]
|
||||
paste.composite_factory = glance.api:root_app_factory
|
||||
/: apiversions
|
||||
/v1: apiv1app
|
||||
/v2: apiv2app
|
||||
|
||||
[app:apiversions]
|
||||
paste.app_factory = glance.api.versions:create_resource
|
||||
|
||||
[app:apiv1app]
|
||||
paste.app_factory = glance.api.v1.router:API.factory
|
||||
|
||||
[app:apiv2app]
|
||||
paste.app_factory = glance.api.v2.router:API.factory
|
||||
|
||||
[filter:versionnegotiation]
|
||||
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
||||
|
||||
[filter:cache]
|
||||
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
||||
|
||||
[filter:cachemanage]
|
||||
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
delay_auth_decision = true
|
||||
|
||||
[filter:gzip]
|
||||
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
75
rpc_deployment/roles/glance_common/templates/glance-api.conf
Normal file
75
rpc_deployment/roles/glance_common/templates/glance-api.conf
Normal file
@ -0,0 +1,75 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
log_file = /var/log/glance/glance-api.log
|
||||
use_syslog = False
|
||||
sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
|
||||
default_store = {{ default_store }}
|
||||
known_stores = glance.store.filesystem.Store,
|
||||
glance.store.http.Store,
|
||||
glance.store.cinder.Store,
|
||||
glance.store.swift.Store
|
||||
bind_host = 0.0.0.0
|
||||
bind_port = 9292
|
||||
backlog = 4096
|
||||
workers = 4
|
||||
registry_host = {{ registry_host }}
|
||||
registry_port = 9191
|
||||
registry_client_protocol = http
|
||||
cinder_catalog_info = volume:cinder:internalURL
|
||||
|
||||
##### RPC MESSAGING OPTIONS #####
|
||||
notification_driver = messaging
|
||||
rpc_backend = {{ rpc_backend }}
|
||||
rabbit_hosts = {{ rabbit_hosts }}
|
||||
rabbit_port = {{ rabbit_port }}
|
||||
rabbit_use_ssl = {{ rabbit_use_ssl }}
|
||||
rabbit_userid = {{ rabbit_userid }}
|
||||
rabbit_password = {{ rabbit_password }}
|
||||
rabbit_virtual_host = {{ rabbit_virtual_host }}
|
||||
rabbit_notification_exchange = glance
|
||||
rabbit_notification_topic = notifications
|
||||
rabbit_durable_queues = False
|
||||
|
||||
{% if default_store == "swift" %}
|
||||
##### STORE OPTIONS #####
|
||||
swift_store_auth_version = 2
|
||||
swift_store_auth_address = {{ swift_store_auth_address }}
|
||||
swift_store_user = {{ swift_store_user }}
|
||||
swift_store_key = {{ swift_store_key }}
|
||||
swift_store_region = {{ swift_store_region }}
|
||||
swift_store_container = {{ swift_store_container }}
|
||||
swift_store_create_container_on_put = True
|
||||
swift_store_large_object_size = 5120
|
||||
swift_store_large_object_chunk_size = 200
|
||||
swift_store_retry_get_count = 5
|
||||
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
|
||||
|
||||
{% endif %}
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
delayed_delete = False
|
||||
scrub_time = 43200
|
||||
scrubber_datadir = /var/lib/glance/scrubber/
|
||||
image_cache_dir = /var/lib/glance/cache/
|
||||
|
||||
[keystone_authtoken]
|
||||
signing_dir = /var/lib/glance/cache/api
|
||||
identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||
auth_uri = {{ auth_identity_uri }}
|
||||
admin_tenant_name = {{ service_admin_tenant_name }}
|
||||
admin_user = {{ service_admin_username }}
|
||||
admin_password = {{ service_admin_password }}
|
||||
|
||||
memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
|
||||
token_cache_time = 300
|
||||
revocation_cache_time = 60
|
||||
|
||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcached_secret_key }}
|
||||
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = {{ flavor }}
|
@ -0,0 +1,14 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
admin_password = {{ glance_service_password }}
|
||||
admin_user = glance
|
||||
admin_tenant_name = service
|
||||
use_syslog = False
|
||||
image_cache_dir = /var/lib/glance/cache/
|
||||
image_cache_stall_time = 86400
|
||||
image_cache_max_size = 10737418240
|
||||
registry_host = {{ registry_host }}
|
||||
registry_port = 9191
|
||||
auth_url = {{ auth_admin_uri }}
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
@ -0,0 +1,25 @@
|
||||
# Use this pipeline for no auth - DEFAULT
|
||||
[pipeline:glance-registry]
|
||||
pipeline = unauthenticated-context registryapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-registry-keystone]
|
||||
pipeline = authtoken context registryapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-registry-trusted-auth]
|
||||
pipeline = context registryapp
|
||||
|
||||
[app:registryapp]
|
||||
paste.app_factory = glance.registry.api:API.factory
|
||||
|
||||
[filter:context]
|
||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
||||
|
||||
[filter:unauthenticated-context]
|
||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
@ -0,0 +1,33 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
log_file = /var/log/glance/glance-registry.log
|
||||
use_syslog = False
|
||||
sql_connection = mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8
|
||||
bind_host = 0.0.0.0
|
||||
bind_port = 9191
|
||||
backlog = 4096
|
||||
api_limit_max = 1000
|
||||
limit_param_default = 25
|
||||
|
||||
[keystone_authtoken]
|
||||
signing_dir = /var/lib/glance/cache/registry/
|
||||
identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||
auth_uri = {{ auth_identity_uri }}
|
||||
admin_tenant_name = {{ service_admin_tenant_name }}
|
||||
admin_user = {{ service_admin_username }}
|
||||
admin_password = {{ service_admin_password }}
|
||||
|
||||
memcached_servers = {{ internal_vip_address }}:{{ memcached_port }}
|
||||
token_cache_time = 300
|
||||
revocation_cache_time = 60
|
||||
|
||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcached_secret_key }}
|
||||
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached = {{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
@ -0,0 +1,34 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
# Log to this file. Make sure you do not set the same log file for both the API
|
||||
# and registry servers!
|
||||
#
|
||||
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
||||
# sent to stdout as a fallback.
|
||||
log_file = /var/log/glance/scrubber.log
|
||||
|
||||
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||
#use_syslog: False
|
||||
|
||||
# Should we run our own loop or rely on cron/scheduler to run us
|
||||
daemon = False
|
||||
|
||||
# Loop time between checking for new items to schedule for delete
|
||||
wakeup_time = 300
|
||||
|
||||
# Directory that the scrubber will use to remind itself of what to delete
|
||||
# Make sure this is also set in glance-api.conf
|
||||
scrubber_datadir = /var/lib/glance/scrubber
|
||||
|
||||
# Only one server in your deployment should be designated the cleanup host
|
||||
cleanup_scrubber = False
|
||||
|
||||
# pending_delete items older than this time are candidates for cleanup
|
||||
cleanup_scrubber_time = 86400
|
||||
|
||||
# Address to find the registry server for cleanups
|
||||
registry_host = 0.0.0.0
|
||||
|
||||
# Port the registry server is listening on
|
||||
registry_port = 9191
|
@ -1,249 +0,0 @@
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
glance_api_conf:
|
||||
DEFAULT:
|
||||
verbose: "{{ verbose }}"
|
||||
debug: "{{ debug }}"
|
||||
log_file: /var/log/glance/glance-api.log
|
||||
use_syslog: False
|
||||
sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
|
||||
default_store: "{{ default_store }}"
|
||||
bind_host: 0.0.0.0
|
||||
bind_port: 9292
|
||||
backlog: 4096
|
||||
workers: 1
|
||||
registry_host: "{{ registry_host }}"
|
||||
registry_port: 9191
|
||||
registry_client_protocol: http
|
||||
cinder_catalog_info: "volume:cinder:internalURL"
|
||||
|
||||
##### RPC MESSAGING OPTIONS #####
|
||||
notification_driver: messaging
|
||||
rpc_backend: "{{ rpc_backend }}"
|
||||
|
||||
rabbit_hosts: "{{ rabbit_hosts }}"
|
||||
|
||||
rabbit_port: "{{ rabbit_port }}"
|
||||
rabbit_use_ssl: "{{ rabbit_use_ssl }}"
|
||||
rabbit_userid: "{{ rabbit_userid }}"
|
||||
rabbit_password: "{{ rabbit_password }}"
|
||||
rabbit_virtual_host: "{{ rabbit_virtual_host }}"
|
||||
rabbit_notification_exchange: glance
|
||||
rabbit_notification_topic: notifications
|
||||
rabbit_durable_queues: False
|
||||
|
||||
##### STORE OPTIONS #####
|
||||
swift_store_auth_version: 2
|
||||
swift_store_auth_address: "{{ swift_store_auth_address }}"
|
||||
swift_store_user: "{{ swift_store_user }}"
|
||||
swift_store_key: "{{ swift_store_key }}"
|
||||
swift_store_region: "{{ swift_store_region }}"
|
||||
swift_store_container: "{{ swift_store_container }}"
|
||||
swift_store_create_container_on_put: True
|
||||
swift_store_large_object_size: 5120
|
||||
swift_store_large_object_chunk_size: 200
|
||||
swift_store_retry_get_count: 5
|
||||
swift_store_endpoint_type: "{{ glance_swift_store_endpoint_type }}"
|
||||
|
||||
filesystem_store_datadir: /var/lib/glance/images/
|
||||
delayed_delete: False
|
||||
scrub_time: 43200
|
||||
scrubber_datadir: /var/lib/glance/scrubber/
|
||||
image_cache_dir: /var/lib/glance/cache/
|
||||
|
||||
keystone_authtoken:
|
||||
signing_dir: /var/lib/glance/cache/api
|
||||
identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}"
|
||||
auth_uri: "{{ auth_identity_uri }}"
|
||||
admin_tenant_name: "{{ service_admin_tenant_name }}"
|
||||
admin_user: "{{ service_admin_username }}"
|
||||
admin_password: "{{ service_admin_password }}"
|
||||
|
||||
memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}"
|
||||
token_cache_time: 300
|
||||
revocation_cache_time: 60
|
||||
|
||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||
memcache_security_strategy: ENCRYPT
|
||||
memcache_secret_key: "{{ memcached_secret_key }}"
|
||||
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}"
|
||||
|
||||
paste_deploy:
|
||||
flavor: "{{ flavor }}"
|
||||
|
||||
|
||||
glance_cache_conf:
|
||||
DEFAULT:
|
||||
verbose: "{{ verbose }}"
|
||||
debug: "{{ debug }}"
|
||||
admin_password: "{{ glance_service_password }}"
|
||||
admin_user: glance
|
||||
admin_tenant_name: service
|
||||
use_syslog: False
|
||||
image_cache_dir: /var/lib/glance/cache/
|
||||
image_cache_stall_time: 86400
|
||||
image_cache_max_size: 10737418240
|
||||
registry_host: "{{ registry_host }}"
|
||||
registry_port: 9191
|
||||
auth_url: "{{ auth_admin_uri }}"
|
||||
filesystem_store_datadir: /var/lib/glance/images/
|
||||
|
||||
|
||||
glance_registry_conf:
|
||||
DEFAULT:
|
||||
verbose: "{{ verbose }}"
|
||||
debug: "{{ debug }}"
|
||||
log_file: /var/log/glance/glance-registry.log
|
||||
use_syslog: False
|
||||
sql_connection: "mysql://{{ container_mysql_user }}:{{ container_mysql_password }}@{{ mysql_address }}/{{ container_database }}?charset=utf8"
|
||||
bind_host: 0.0.0.0
|
||||
bind_port: 9191
|
||||
backlog: 4096
|
||||
api_limit_max: 1000
|
||||
limit_param_default: 25
|
||||
|
||||
keystone_authtoken:
|
||||
signing_dir: /var/lib/glance/cache/registry/
|
||||
identity_uri: "{{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}"
|
||||
auth_uri: "{{ auth_identity_uri }}"
|
||||
admin_tenant_name: "{{ service_admin_tenant_name }}"
|
||||
admin_user: "{{ service_admin_username }}"
|
||||
admin_password: "{{ service_admin_password }}"
|
||||
|
||||
memcached_servers: "{{ internal_vip_address }}:{{ memcached_port }}"
|
||||
token_cache_time: 300
|
||||
revocation_cache_time: 60
|
||||
|
||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||
memcache_security_strategy: ENCRYPT
|
||||
memcache_secret_key: "{{ memcached_secret_key }}"
|
||||
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached: "{{ hostvars[groups['keystone_all'][0]]['keystone_use_pki'] }}"
|
||||
|
||||
paste_deploy:
|
||||
flavor: keystone
|
||||
|
||||
glance_scrubber_conf:
|
||||
DEFAULT:
|
||||
verbose: "{{ verbose }}"
|
||||
debug: "{{ debug }}"
|
||||
# Log to this file. Make sure you do not set the same log file for both the API
|
||||
# and registry servers!
|
||||
#
|
||||
# If `log_file` is omitted and `use_syslog` is false, then log messages are
|
||||
# sent to stdout as a fallback.
|
||||
log_file: /var/log/glance/scrubber.log
|
||||
|
||||
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||
#use_syslog: False
|
||||
|
||||
# Should we run our own loop or rely on cron/scheduler to run us
|
||||
daemon: False
|
||||
|
||||
# Loop time between checking for new items to schedule for delete
|
||||
wakeup_time: 300
|
||||
|
||||
# Directory that the scrubber will use to remind itself of what to delete
|
||||
# Make sure this is also set in glance-api.conf
|
||||
scrubber_datadir: /var/lib/glance/scrubber
|
||||
|
||||
# Only one server in your deployment should be designated the cleanup host
|
||||
cleanup_scrubber: False
|
||||
|
||||
# pending_delete items older than this time are candidates for cleanup
|
||||
cleanup_scrubber_time: 86400
|
||||
|
||||
# Address to find the registry server for cleanups
|
||||
registry_host: 0.0.0.0
|
||||
|
||||
# Port the registry server is listening on
|
||||
registry_port: 9191
|
||||
|
||||
|
||||
glance_api_paste_ini:
|
||||
# Use this pipeline for no auth or image caching - DEFAULT
|
||||
pipeline:glance-api:
|
||||
pipeline: "versionnegotiation unauthenticated-context rootapp"
|
||||
# Use this pipeline for image caching and no auth
|
||||
pipeline:glance-api-caching:
|
||||
pipeline: "versionnegotiation unauthenticated-context cache rootapp"
|
||||
# Use this pipeline for caching w/ management interface but no auth
|
||||
pipeline:glance-api-cachemanagement:
|
||||
pipeline: "versionnegotiation unauthenticated-context cache cachemanage rootapp"
|
||||
# Use this pipeline for keystone auth
|
||||
pipeline:glance-api-keystone:
|
||||
pipeline: "versionnegotiation authtoken context rootapp"
|
||||
# Use this pipeline for keystone auth with image caching
|
||||
pipeline:glance-api-keystone+caching:
|
||||
pipeline: "versionnegotiation authtoken context cache rootapp"
|
||||
# Use this pipeline for keystone auth with caching and cache management
|
||||
pipeline:glance-api-keystone+cachemanagement:
|
||||
pipeline: "versionnegotiation authtoken context cache cachemanage rootapp"
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
pipeline:glance-api-trusted-auth:
|
||||
pipeline: "versionnegotiation context rootapp"
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user and uses cache management
|
||||
pipeline:glance-api-trusted-auth+cachemanagement:
|
||||
pipeline: "versionnegotiation context cache cachemanage rootapp"
|
||||
composite:rootapp:
|
||||
paste.composite_factory: "glance.api:root_app_factory"
|
||||
/: "apiversions"
|
||||
/v1: "apiv1app"
|
||||
/v2: "apiv2app"
|
||||
app:apiversions:
|
||||
paste.app_factory: "glance.api.versions:create_resource"
|
||||
app:apiv1app:
|
||||
paste.app_factory: "glance.api.v1.router:API.factory"
|
||||
app:apiv2app:
|
||||
paste.app_factory: "glance.api.v2.router:API.factory"
|
||||
filter:versionnegotiation:
|
||||
paste.filter_factory: "glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory"
|
||||
filter:cache:
|
||||
paste.filter_factory: "glance.api.middleware.cache:CacheFilter.factory"
|
||||
filter:cachemanage:
|
||||
paste.filter_factory: "glance.api.middleware.cache_manage:CacheManageFilter.factory"
|
||||
filter:context:
|
||||
paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory"
|
||||
filter:unauthenticated-context:
|
||||
paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory"
|
||||
filter:authtoken:
|
||||
paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
|
||||
delay_auth_decision: true
|
||||
filter:gzip:
|
||||
paste.filter_factory: "glance.api.middleware.gzip:GzipMiddleware.factory"
|
||||
|
||||
glance_registry_paste_ini:
|
||||
pipeline:glance-registry:
|
||||
pipeline: "unauthenticated-context registryapp"
|
||||
pipeline:glance-registry-keystone:
|
||||
pipeline: "authtoken context registryapp"
|
||||
pipeline:glance-registry-trusted-auth:
|
||||
pipeline: "context registryapp"
|
||||
app:registryapp:
|
||||
paste.app_factory: "glance.registry.api:API.factory"
|
||||
filter:context:
|
||||
paste.filter_factory: "glance.api.middleware.context:ContextMiddleware.factory"
|
||||
filter:unauthenticated-context:
|
||||
paste.filter_factory: "glance.api.middleware.context:UnauthenticatedContextMiddleware.factory"
|
||||
filter:authtoken:
|
||||
paste.filter_factory: "keystonemiddleware.auth_token:filter_factory"
|
||||
|
Loading…
Reference in New Issue
Block a user