From 9377b4ea8957aaee8d2c78bec383ea053104fcd3 Mon Sep 17 00:00:00 2001 From: James Page Date: Sat, 12 Apr 2014 17:05:15 +0100 Subject: [PATCH] Add default paste for icehouse --- templates/icehouse/glance-api-paste.ini | 72 ++++++++++++++++++++ templates/icehouse/glance-api.conf | 13 ++++ templates/icehouse/glance-registry-paste.ini | 25 +++++++ templates/icehouse/glance-registry.conf | 9 +++ 4 files changed, 119 insertions(+) create mode 100644 templates/icehouse/glance-api-paste.ini create mode 100644 templates/icehouse/glance-registry-paste.ini diff --git a/templates/icehouse/glance-api-paste.ini b/templates/icehouse/glance-api-paste.ini new file mode 100644 index 00000000..4f8f6599 --- /dev/null +++ b/templates/icehouse/glance-api-paste.ini @@ -0,0 +1,72 @@ +# Use this pipeline for no auth or image caching - DEFAULT +[pipeline:glance-api] +pipeline = versionnegotiation unauthenticated-context rootapp + +# Use this pipeline for image caching and no auth +[pipeline:glance-api-caching] +pipeline = versionnegotiation unauthenticated-context cache rootapp + +# Use this pipeline for caching w/ management interface but no auth +[pipeline:glance-api-cachemanagement] +pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp + +# Use this pipeline for keystone auth +[pipeline:glance-api-keystone] +pipeline = versionnegotiation authtoken context rootapp + +# Use this pipeline for keystone auth with image caching +[pipeline:glance-api-keystone+caching] +pipeline = versionnegotiation authtoken context cache rootapp + +# Use this pipeline for keystone auth with caching and cache management +[pipeline:glance-api-keystone+cachemanagement] +pipeline = versionnegotiation authtoken context cache cachemanage rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-api-trusted-auth] +pipeline = versionnegotiation context rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user and uses cache management +[pipeline:glance-api-trusted-auth+cachemanagement] +pipeline = versionnegotiation context cache cachemanage rootapp + +[composite:rootapp] +paste.composite_factory = glance.api:root_app_factory +/: apiversions +/v1: apiv1app +/v2: apiv2app + +[app:apiversions] +paste.app_factory = glance.api.versions:create_resource + +[app:apiv1app] +paste.app_factory = glance.api.v1.router:API.factory + +[app:apiv2app] +paste.app_factory = glance.api.v2.router:API.factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory + +[filter:cache] +paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory + +[filter:cachemanage] +paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +delay_auth_decision = true + +[filter:gzip] +paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory diff --git a/templates/icehouse/glance-api.conf b/templates/icehouse/glance-api.conf index db0c8ed9..5ed850f7 100644 --- a/templates/icehouse/glance-api.conf +++ b/templates/icehouse/glance-api.conf @@ -2,6 +2,7 @@ verbose = True use_syslog = {{ use_syslog }} debug = True + {% if rbd_pool -%} default_store = rbd {% elif swift_store -%} @@ -9,7 +10,9 @@ default_store = swift {% else -%} default_store = file {% endif -%} + bind_host = 0.0.0.0 + {% if ext -%} bind_port = {{ ext }} {% elif bind_port -%} @@ -17,6 +20,7 @@ bind_port = {{ bind_port }} {% else -%} bind_port = 9292 {% endif -%} + log_file = /var/log/glance/api.log backlog = 4096 @@ -57,6 +61,15 @@ image_cache_dir = /var/lib/glance/image-cache/ db_enforce_mysql_charset = False {% if auth_host -%} +[keystone_authtoken] +auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/ +auth_host = {{ auth_host }} +auth_port = {{ auth_port }} +auth_protocol = {{ auth_protocol }} +admin_tenant_name = {{ admin_tenant_name }} +admin_user = {{ admin_user }} +admin_password = {{ admin_password }} + [paste_deploy] flavor = keystone {% endif -%} diff --git a/templates/icehouse/glance-registry-paste.ini b/templates/icehouse/glance-registry-paste.ini new file mode 100644 index 00000000..d9f6eb35 --- /dev/null +++ b/templates/icehouse/glance-registry-paste.ini @@ -0,0 +1,25 @@ +# Use this pipeline for no auth - DEFAULT +[pipeline:glance-registry] +pipeline = unauthenticated-context registryapp + +# Use this pipeline for keystone auth +[pipeline:glance-registry-keystone] +pipeline = authtoken context registryapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-registry-trusted-auth] +pipeline = context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.api:API.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory diff --git a/templates/icehouse/glance-registry.conf b/templates/icehouse/glance-registry.conf index 1c9d2e6c..32f0faa2 100644 --- a/templates/icehouse/glance-registry.conf +++ b/templates/icehouse/glance-registry.conf @@ -12,6 +12,15 @@ api_limit_max = 1000 limit_param_default = 25 {% if auth_host -%} +[keystone_authtoken] +auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/ +auth_host = {{ auth_host }} +auth_port = {{ auth_port }} +auth_protocol = {{ auth_protocol }} +admin_tenant_name = {{ admin_tenant_name }} +admin_user = {{ admin_user }} +admin_password = {{ admin_password }} + [paste_deploy] flavor = keystone {% endif -%}