Add default paste for icehouse

2014-04-12 17:05:15 +01:00 · 2014-04-12 17:05:15 +01:00 · 9377b4ea89
commit 9377b4ea89
parent 730c68b6a8
4 changed files with 119 additions and 0 deletions
--- a/templates/icehouse/glance-api-paste.ini
+++ b/templates/icehouse/glance-api-paste.ini
@ -0,0 +1,72 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+pipeline = versionnegotiation unauthenticated-context rootapp
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation authtoken context rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation authtoken context cache cachemanage rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-api-trusted-auth]
+pipeline = versionnegotiation context rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user and uses cache management
+[pipeline:glance-api-trusted-auth+cachemanagement]
+pipeline = versionnegotiation context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+delay_auth_decision = true
+
+[filter:gzip]
+paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
--- a/templates/icehouse/glance-api.conf
+++ b/templates/icehouse/glance-api.conf
@ -2,6 +2,7 @@
 verbose = True
 use_syslog = {{ use_syslog }}
 debug = True
+
 {% if rbd_pool -%}
 default_store = rbd
 {% elif swift_store -%}
@ -9,7 +10,9 @@ default_store = swift
 {% else -%}
 default_store = file
 {% endif -%}
+
 bind_host = 0.0.0.0
+
 {% if ext -%}
 bind_port = {{ ext }}
 {% elif bind_port -%}
@ -17,6 +20,7 @@ bind_port = {{ bind_port }}
 {% else -%}
 bind_port = 9292
 {% endif -%}
+
 log_file = /var/log/glance/api.log
 backlog = 4096

@ -57,6 +61,15 @@ image_cache_dir = /var/lib/glance/image-cache/
 db_enforce_mysql_charset = False

 {% if auth_host -%}
+[keystone_authtoken]
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol = {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+
 [paste_deploy]
 flavor = keystone
 {% endif -%}
--- a/templates/icehouse/glance-registry-paste.ini
+++ b/templates/icehouse/glance-registry-paste.ini
@ -0,0 +1,25 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
--- a/templates/icehouse/glance-registry.conf
+++ b/templates/icehouse/glance-registry.conf
@ -12,6 +12,15 @@ api_limit_max = 1000
 limit_param_default = 25

 {% if auth_host -%}
+[keystone_authtoken]
+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol = {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+
 [paste_deploy]
 flavor = keystone
 {% endif -%}