562cb0429f
Provide healthcheck middleware from oslo_middleware to be able to disable given nodes from loadbalancer. It's achieved by adding a new pipeline which depending on existing of the /etc/glance/healthcheck_disable file can return one of the following results: - 200 OK (if file does not exist) - 503 DISABLED BY FILE (if file exist) The healthcheck is available under /healthcheck URL, and the whole mechanism behave similar to the Swift healthcheck system. implements bp: healthcheck-middleware Co-Authored-By: Erno Kuvaja <jokke@usr.fi> Co-Authored-By: Kamil Rykowski <kamil.rykowski@intel.com> DocImpact Change-Id: I45f6a8c59ec3040aaf06f8bab46d8001c44dac7a
36 lines
1.2 KiB
INI
36 lines
1.2 KiB
INI
# Use this pipeline for no auth - DEFAULT
|
|
[pipeline:glance-registry]
|
|
pipeline = healthcheck osprofiler unauthenticated-context registryapp
|
|
|
|
# Use this pipeline for keystone auth
|
|
[pipeline:glance-registry-keystone]
|
|
pipeline = healthcheck osprofiler authtoken context registryapp
|
|
|
|
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
# user as authenticated without making requests to keystone to reauthenticate
|
|
# the user.
|
|
[pipeline:glance-registry-trusted-auth]
|
|
pipeline = healthcheck osprofiler context registryapp
|
|
|
|
[app:registryapp]
|
|
paste.app_factory = glance.registry.api:API.factory
|
|
|
|
[filter:healthcheck]
|
|
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
|
backends = disable_by_file
|
|
disable_by_file_path = /etc/glance/healthcheck_disable
|
|
|
|
[filter:context]
|
|
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
|
|
[filter:unauthenticated-context]
|
|
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
|
|
[filter:osprofiler]
|
|
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
hmac_keys = SECRET_KEY
|
|
enabled = yes
|