openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/playbooks/roles/os_glance/templates/glance-registry.conf.j2
Major Hayden d930a7b55c Enable encryption for all RabbitMQ connections 
This change enables encryption between OpenStack services and RabbitMQ by
default.

Closes-bug: 1509086

Change-Id: Ic95a556e001f66df935ea7db613b497b47062851
2015-10-27 14:42:59 +00:00

70 lines
2.3 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
fatal_deprecations = {{ glance_fatal_deprecations }}
log_file = /var/log/glance/glance-registry.log
bind_host = {{ glance_registry_bind_address }}
bind_port = {{ glance_registry_service_port }}
http_keepalive = {{ glance_http_keepalive }}
backlog = 4096
workers = {{ glance_registry_workers | default(api_threads) }}
api_limit_max = 1000
limit_param_default = 25
{% if glance_ceilometer_enabled %}
notification_driver = {{ glance_notification_driver }}
rpc_backend = {{ glance_rpc_backend }}
{% endif %}
[database]
connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}/{{ glance_galera_database }}?charset=utf8
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ glance_keystone_auth_plugin }}
signing_dir = {{ glance_system_user_home }}/cache/registry/
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ glance_service_project_domain_id }}
user_domain_id = {{ glance_service_user_domain_id }}
project_name = {{ glance_service_project_name }}
username = {{ glance_service_user_name }}
password = {{ glance_service_password }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
revocation_cache_time = 60
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False
[oslo_messaging_rabbit]
rabbit_hosts = {{ rabbitmq_servers }}
rabbit_port = {{ rabbitmq_port }}
rabbit_userid = {{ glance_rabbitmq_userid }}
rabbit_password = {{ glance_rabbitmq_password }}
rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
rabbit_use_ssl = {{ rabbitmq_use_ssl }}
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}
[paste_deploy]
flavor = keystone
[profiler]
enabled = {{ glance_profiler_enabled }}
View Git Blame Copy Permalink