Merge "Update Nova and Glance paste config examples."

examples/paste/glance-api.conf

@@ -26,6 +26,27 @@ registry_port = 9191
 # file for both the API and registry servers!
 log_file = /var/log/glance/api.log
 
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+use_syslog = False
+
+# ============ Notification System Options =====================
+
+# Notifications can be sent when images are create, updated or deleted.
+# There are three methods of sending notifications, logging (via the
+# log_file directive), rabbit (via a rabbitmq queue) or noop (no
+# notifications sent, the default)
+notifier_strategy = noop
+
+# Configuration options if sending notifications via rabbitmq (these are
+# the defaults)
+rabbit_host = localhost
+rabbit_port = 5672
+rabbit_use_ssl = false
+rabbit_userid = guest
+rabbit_password = guest
+rabbit_virtual_host = /
+rabbit_notification_topic = glance_notifications
+
 # ============ Filesystem Store Options ========================
 
 # Directory that the Filesystem backend store
@@ -51,13 +72,70 @@ swift_store_container = glance
 # Do we create the container if it does not exist?
 swift_store_create_container_on_put = False
 
+# What size, in MB, should Glance start chunking image files
+# and do a large object manifest in Swift? By default, this is
+# the maximum object size in Swift, which is 5GB
+swift_store_large_object_size = 5120
+
+# When doing a large object manifest, what size, in MB, should
+# Glance write chunks to Swift? This amount of data is written
+# to a temporary disk buffer during the process of chunking
+# the image file, and the default is 200MB
+swift_store_large_object_chunk_size = 200
+
+# Whether to use ServiceNET to communicate with the Swift storage servers.
+# (If you aren't RACKSPACE, leave this False!)
+#
+# To use ServiceNET for authentication, prefix hostname of
+# `swift_store_auth_address` with 'snet-'.
+# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
+swift_enable_snet = False
+
+# ============ S3 Store Options =============================
+
+# Address where the S3 authentication service lives
+s3_store_host = 127.0.0.1:8080/v1.0/
+
+# User to authenticate against the S3 authentication service
+s3_store_access_key = <20-char AWS access key>
+
+# Auth key for the user authenticating against the
+# S3 authentication service
+s3_store_secret_key = <40-char AWS secret key>
+
+# Container within the account that the account should use
+# for storing images in S3. Note that S3 has a flat namespace,
+# so you need a unique bucket name for your glance images. An
+# easy way to do this is append your AWS access key to "glance".
+# S3 buckets in AWS *must* be lowercased, so remember to lowercase
+# your AWS access key if you use it in your bucket name below!
+s3_store_bucket = <lowercased 20-char aws access key>glance
+
+# Do we create the bucket if it does not exist?
+s3_store_create_bucket_on_put = False
+
+# ============ Image Cache Options ========================
+
+image_cache_enabled = False
+
+# Directory that the Image Cache writes data to
+# Make sure this is also set in glance-pruner.conf
+image_cache_datadir = /var/lib/glance/image-cache/
+
+# Number of seconds after which we should consider an incomplete image to be
+# stalled and eligible for reaping
+image_cache_stall_timeout = 86400
+
 # ============ Delayed Delete Options =============================
 
 # Turn on/off delayed delete
 delayed_delete = False
 
 [pipeline:glance-api]
-pipeline = versionnegotiation tokenauth keystone_shim apiv1app
+pipeline = versionnegotiation authtoken context apiv1app
+
+# To enable Image Cache Management API replace pipeline with below:
+# pipeline = versionnegotiation authtoken context imagecache apiv1app
 
 [pipeline:versions]
 pipeline = versionsapp
@@ -71,22 +149,19 @@ paste.app_factory = glance.api.v1:app_factory
 [filter:versionnegotiation]
 paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
 
+[filter:imagecache]
+paste.filter_factory = glance.api.middleware.image_cache:filter_factory
+
 [filter:context]
 paste.filter_factory = glance.common.context:filter_factory
 
-[filter:tokenauth]
+[filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
 service_protocol = http
 service_host = 127.0.0.1
-service_port = 808
+service_port = 5000
 auth_host = 127.0.0.1
 auth_port = 5001
 auth_protocol = http
 auth_uri = http://127.0.0.1:5000/
 admin_token = 999888777666
-
-# Allows anonymous access
-delay_auth_decision = 1
-
-[filter:keystone_shim]
-paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

examples/paste/glance-registry.conf

@@ -15,6 +15,9 @@ bind_port = 9191
 # file for both the API and registry servers!
 log_file = /var/log/glance/registry.log
 
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+use_syslog = False
+
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
 # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
@@ -29,28 +32,34 @@ sql_connection = sqlite:///glance.sqlite
 # before MySQL can drop the connection.
 sql_idle_timeout = 3600
 
+# Limit the api to return `param_limit_max` items in a call to a container. If
+# a larger `limit` query param is provided, it will be reduced to this value.
+api_limit_max = 1000
+
+# If a `limit` query param is not provided in an api request, it will
+# default to `limit_param_default`
+limit_param_default = 25
+
 [pipeline:glance-registry]
-pipeline = tokenauth keystone_shim registryapp
+pipeline = authtoken keystone_shim context registryapp
 
 [app:registryapp]
 paste.app_factory = glance.registry.server:app_factory
 
 [filter:context]
+context_class = glance.registry.context.RequestContext
 paste.filter_factory = glance.common.context:filter_factory
 
-[filter:tokenauth]
+[filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
 service_protocol = http
 service_host = 127.0.0.1
-service_port = 808
+service_port = 5000
 auth_host = 127.0.0.1
 auth_port = 5001
 auth_protocol = http
 auth_uri = http://127.0.0.1:5000/
 admin_token = 999888777666
 
-# Allows anonymous access
-delay_auth_decision = 1
-
 [filter:keystone_shim]
 paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

examples/paste/nova-api-paste.ini

@@ -19,11 +19,10 @@ use = egg:Paste#urlmap
 /1.0: ec2metadata
 
 [pipeline:ec2cloud]
-pipeline = logrequest authenticate cloudrequest authorizer ec2executor
-#pipeline = logrequest ec2lockout authenticate cloudrequest authorizer ec2executor
+pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor
 
 [pipeline:ec2admin]
-pipeline = logrequest authenticate adminrequest authorizer ec2executor
+pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor
 
 [pipeline:ec2metadata]
 pipeline = logrequest ec2md
@@ -37,6 +36,12 @@ paste.filter_factory = nova.api.ec2:RequestLogging.factory
 [filter:ec2lockout]
 paste.filter_factory = nova.api.ec2:Lockout.factory
 
+[filter:totoken]
+paste.filter_factory = nova.api.ec2:ToToken.factory
+
+[filter:ec2noauth]
+paste.filter_factory = nova.api.ec2:NoAuth.factory
+
 [filter:authenticate]
 paste.filter_factory = nova.api.ec2:Authenticate.factory
 
@@ -71,10 +76,10 @@ use = egg:Paste#urlmap
 /v1.1: openstackapi11
 
 [pipeline:openstackapi10]
-pipeline = faultwrap tokenauth auth_shim ratelimit osapiapp10
+pipeline = faultwrap authtoken keystonecontext ratelimit osapiapp10
 
 [pipeline:openstackapi11]
-pipeline = faultwrap tokenauth auth_shim ratelimit extensions osapiapp11
+pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp11
 
 [filter:faultwrap]
 paste.filter_factory = nova.api.openstack:FaultWrapper.factory
@@ -82,19 +87,8 @@ paste.filter_factory = nova.api.openstack:FaultWrapper.factory
 [filter:auth]
 paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
 
-[filter:tokenauth]
-paste.filter_factory = keystone.middleware.auth_token:filter_factory
-service_protocol = http
-service_host = 127.0.0.1
-service_port = 808
-auth_host = 127.0.0.1
-auth_port = 5001
-auth_protocol = http
-auth_uri = http://127.0.0.1:5000/
-admin_token = 999888777666
-
-[filter:auth_shim]
-paste.filter_factory = keystone.middleware.nova_auth_token:KeystoneAuthShim.factory
+[filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
 
 [filter:ratelimit]
 paste.filter_factory = nova.api.openstack.limits:RateLimitingMiddleware.factory
@@ -113,3 +107,22 @@ pipeline = faultwrap osversionapp
 
 [app:osversionapp]
 paste.app_factory = nova.api.openstack.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:KeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_protocol = http
+service_host = 127.0.0.1
+service_port = 5000
+auth_host = 127.0.0.1
+auth_port = 5001
+auth_protocol = http
+auth_uri = http://127.0.0.1:5000/
+admin_token = 999888777666
+