Add glance registry config

2017-01-20 01:19:37 +00:00 · 2017-01-20 01:19:37 +00:00 · b1ce9b093b
commit b1ce9b093b
parent b31a365aea
4 changed files with 46 additions and 1 deletions
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@ -13,5 +13,7 @@ data:
 {{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }}
  glance-registry.conf: |+
 {{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }}
+  glance-registry-paste.ini: |+
+{{ tuple "etc/_glance-registry-paste.ini.tpl" . | include "template" | indent 4 }}
  policy.json: |+
 {{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@ -36,7 +36,7 @@ spec:
          command:
          - glance-api
          - --config-file
-          - /etc/glance/glance-registry.conf
+          - /etc/glance/glance-api.conf
          ports:
            - containerPort: {{ .Values.network.port.api }}
          readinessProbe:
--- a/glance/templates/deployment-registry.yaml
+++ b/glance/templates/deployment-registry.yaml
@ -41,6 +41,14 @@ spec:
              mountPath: /etc/glance/glance-registry.conf
              subPath: glance-registry.conf
              readOnly: true
+            - name: glanceregistrypaste
+              mountPath: /etc/glance/glance-registry-paste.ini
+              subPath: glance-registry-paste.ini
+              readOnly: true
+            - name: glancepolicy
+              mountPath: /etc/glance/policy.json
+              subPath: policy.json
+              readOnly: true
      volumes:
        - name: etcglance
          emptyDir: {}
--- a/glance/templates/etc/_glance-registry-paste.ini.tpl
+++ b/glance/templates/etc/_glance-registry-paste.ini.tpl
@ -0,0 +1,35 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = healthcheck osprofiler unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = healthcheck osprofiler authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = healthcheck osprofiler context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY  #DEPRECATED
+enabled = yes  #DEPRECATED