Merge "Update Nova and Glance paste config examples."
This commit is contained in:
commit
f9e0c44281
|
@ -26,6 +26,27 @@ registry_port = 9191
|
||||||
# file for both the API and registry servers!
|
# file for both the API and registry servers!
|
||||||
log_file = /var/log/glance/api.log
|
log_file = /var/log/glance/api.log
|
||||||
|
|
||||||
|
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||||
|
use_syslog = False
|
||||||
|
|
||||||
|
# ============ Notification System Options =====================
|
||||||
|
|
||||||
|
# Notifications can be sent when images are create, updated or deleted.
|
||||||
|
# There are three methods of sending notifications, logging (via the
|
||||||
|
# log_file directive), rabbit (via a rabbitmq queue) or noop (no
|
||||||
|
# notifications sent, the default)
|
||||||
|
notifier_strategy = noop
|
||||||
|
|
||||||
|
# Configuration options if sending notifications via rabbitmq (these are
|
||||||
|
# the defaults)
|
||||||
|
rabbit_host = localhost
|
||||||
|
rabbit_port = 5672
|
||||||
|
rabbit_use_ssl = false
|
||||||
|
rabbit_userid = guest
|
||||||
|
rabbit_password = guest
|
||||||
|
rabbit_virtual_host = /
|
||||||
|
rabbit_notification_topic = glance_notifications
|
||||||
|
|
||||||
# ============ Filesystem Store Options ========================
|
# ============ Filesystem Store Options ========================
|
||||||
|
|
||||||
# Directory that the Filesystem backend store
|
# Directory that the Filesystem backend store
|
||||||
|
@ -51,13 +72,70 @@ swift_store_container = glance
|
||||||
# Do we create the container if it does not exist?
|
# Do we create the container if it does not exist?
|
||||||
swift_store_create_container_on_put = False
|
swift_store_create_container_on_put = False
|
||||||
|
|
||||||
|
# What size, in MB, should Glance start chunking image files
|
||||||
|
# and do a large object manifest in Swift? By default, this is
|
||||||
|
# the maximum object size in Swift, which is 5GB
|
||||||
|
swift_store_large_object_size = 5120
|
||||||
|
|
||||||
|
# When doing a large object manifest, what size, in MB, should
|
||||||
|
# Glance write chunks to Swift? This amount of data is written
|
||||||
|
# to a temporary disk buffer during the process of chunking
|
||||||
|
# the image file, and the default is 200MB
|
||||||
|
swift_store_large_object_chunk_size = 200
|
||||||
|
|
||||||
|
# Whether to use ServiceNET to communicate with the Swift storage servers.
|
||||||
|
# (If you aren't RACKSPACE, leave this False!)
|
||||||
|
#
|
||||||
|
# To use ServiceNET for authentication, prefix hostname of
|
||||||
|
# `swift_store_auth_address` with 'snet-'.
|
||||||
|
# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
|
||||||
|
swift_enable_snet = False
|
||||||
|
|
||||||
|
# ============ S3 Store Options =============================
|
||||||
|
|
||||||
|
# Address where the S3 authentication service lives
|
||||||
|
s3_store_host = 127.0.0.1:8080/v1.0/
|
||||||
|
|
||||||
|
# User to authenticate against the S3 authentication service
|
||||||
|
s3_store_access_key = <20-char AWS access key>
|
||||||
|
|
||||||
|
# Auth key for the user authenticating against the
|
||||||
|
# S3 authentication service
|
||||||
|
s3_store_secret_key = <40-char AWS secret key>
|
||||||
|
|
||||||
|
# Container within the account that the account should use
|
||||||
|
# for storing images in S3. Note that S3 has a flat namespace,
|
||||||
|
# so you need a unique bucket name for your glance images. An
|
||||||
|
# easy way to do this is append your AWS access key to "glance".
|
||||||
|
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
|
||||||
|
# your AWS access key if you use it in your bucket name below!
|
||||||
|
s3_store_bucket = <lowercased 20-char aws access key>glance
|
||||||
|
|
||||||
|
# Do we create the bucket if it does not exist?
|
||||||
|
s3_store_create_bucket_on_put = False
|
||||||
|
|
||||||
|
# ============ Image Cache Options ========================
|
||||||
|
|
||||||
|
image_cache_enabled = False
|
||||||
|
|
||||||
|
# Directory that the Image Cache writes data to
|
||||||
|
# Make sure this is also set in glance-pruner.conf
|
||||||
|
image_cache_datadir = /var/lib/glance/image-cache/
|
||||||
|
|
||||||
|
# Number of seconds after which we should consider an incomplete image to be
|
||||||
|
# stalled and eligible for reaping
|
||||||
|
image_cache_stall_timeout = 86400
|
||||||
|
|
||||||
# ============ Delayed Delete Options =============================
|
# ============ Delayed Delete Options =============================
|
||||||
|
|
||||||
# Turn on/off delayed delete
|
# Turn on/off delayed delete
|
||||||
delayed_delete = False
|
delayed_delete = False
|
||||||
|
|
||||||
[pipeline:glance-api]
|
[pipeline:glance-api]
|
||||||
pipeline = versionnegotiation tokenauth keystone_shim apiv1app
|
pipeline = versionnegotiation authtoken context apiv1app
|
||||||
|
|
||||||
|
# To enable Image Cache Management API replace pipeline with below:
|
||||||
|
# pipeline = versionnegotiation authtoken context imagecache apiv1app
|
||||||
|
|
||||||
[pipeline:versions]
|
[pipeline:versions]
|
||||||
pipeline = versionsapp
|
pipeline = versionsapp
|
||||||
|
@ -71,22 +149,19 @@ paste.app_factory = glance.api.v1:app_factory
|
||||||
[filter:versionnegotiation]
|
[filter:versionnegotiation]
|
||||||
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
|
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
|
||||||
|
|
||||||
|
[filter:imagecache]
|
||||||
|
paste.filter_factory = glance.api.middleware.image_cache:filter_factory
|
||||||
|
|
||||||
[filter:context]
|
[filter:context]
|
||||||
paste.filter_factory = glance.common.context:filter_factory
|
paste.filter_factory = glance.common.context:filter_factory
|
||||||
|
|
||||||
[filter:tokenauth]
|
[filter:authtoken]
|
||||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||||
service_protocol = http
|
service_protocol = http
|
||||||
service_host = 127.0.0.1
|
service_host = 127.0.0.1
|
||||||
service_port = 808
|
service_port = 5000
|
||||||
auth_host = 127.0.0.1
|
auth_host = 127.0.0.1
|
||||||
auth_port = 5001
|
auth_port = 5001
|
||||||
auth_protocol = http
|
auth_protocol = http
|
||||||
auth_uri = http://127.0.0.1:5000/
|
auth_uri = http://127.0.0.1:5000/
|
||||||
admin_token = 999888777666
|
admin_token = 999888777666
|
||||||
|
|
||||||
# Allows anonymous access
|
|
||||||
delay_auth_decision = 1
|
|
||||||
|
|
||||||
[filter:keystone_shim]
|
|
||||||
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory
|
|
||||||
|
|
|
@ -15,6 +15,9 @@ bind_port = 9191
|
||||||
# file for both the API and registry servers!
|
# file for both the API and registry servers!
|
||||||
log_file = /var/log/glance/registry.log
|
log_file = /var/log/glance/registry.log
|
||||||
|
|
||||||
|
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
|
||||||
|
use_syslog = False
|
||||||
|
|
||||||
# SQLAlchemy connection string for the reference implementation
|
# SQLAlchemy connection string for the reference implementation
|
||||||
# registry server. Any valid SQLAlchemy connection string is fine.
|
# registry server. Any valid SQLAlchemy connection string is fine.
|
||||||
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
||||||
|
@ -29,28 +32,34 @@ sql_connection = sqlite:///glance.sqlite
|
||||||
# before MySQL can drop the connection.
|
# before MySQL can drop the connection.
|
||||||
sql_idle_timeout = 3600
|
sql_idle_timeout = 3600
|
||||||
|
|
||||||
|
# Limit the api to return `param_limit_max` items in a call to a container. If
|
||||||
|
# a larger `limit` query param is provided, it will be reduced to this value.
|
||||||
|
api_limit_max = 1000
|
||||||
|
|
||||||
|
# If a `limit` query param is not provided in an api request, it will
|
||||||
|
# default to `limit_param_default`
|
||||||
|
limit_param_default = 25
|
||||||
|
|
||||||
[pipeline:glance-registry]
|
[pipeline:glance-registry]
|
||||||
pipeline = tokenauth keystone_shim registryapp
|
pipeline = authtoken keystone_shim context registryapp
|
||||||
|
|
||||||
[app:registryapp]
|
[app:registryapp]
|
||||||
paste.app_factory = glance.registry.server:app_factory
|
paste.app_factory = glance.registry.server:app_factory
|
||||||
|
|
||||||
[filter:context]
|
[filter:context]
|
||||||
|
context_class = glance.registry.context.RequestContext
|
||||||
paste.filter_factory = glance.common.context:filter_factory
|
paste.filter_factory = glance.common.context:filter_factory
|
||||||
|
|
||||||
[filter:tokenauth]
|
[filter:authtoken]
|
||||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||||
service_protocol = http
|
service_protocol = http
|
||||||
service_host = 127.0.0.1
|
service_host = 127.0.0.1
|
||||||
service_port = 808
|
service_port = 5000
|
||||||
auth_host = 127.0.0.1
|
auth_host = 127.0.0.1
|
||||||
auth_port = 5001
|
auth_port = 5001
|
||||||
auth_protocol = http
|
auth_protocol = http
|
||||||
auth_uri = http://127.0.0.1:5000/
|
auth_uri = http://127.0.0.1:5000/
|
||||||
admin_token = 999888777666
|
admin_token = 999888777666
|
||||||
|
|
||||||
# Allows anonymous access
|
|
||||||
delay_auth_decision = 1
|
|
||||||
|
|
||||||
[filter:keystone_shim]
|
[filter:keystone_shim]
|
||||||
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory
|
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory
|
||||||
|
|
|
@ -19,11 +19,10 @@ use = egg:Paste#urlmap
|
||||||
/1.0: ec2metadata
|
/1.0: ec2metadata
|
||||||
|
|
||||||
[pipeline:ec2cloud]
|
[pipeline:ec2cloud]
|
||||||
pipeline = logrequest authenticate cloudrequest authorizer ec2executor
|
pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor
|
||||||
#pipeline = logrequest ec2lockout authenticate cloudrequest authorizer ec2executor
|
|
||||||
|
|
||||||
[pipeline:ec2admin]
|
[pipeline:ec2admin]
|
||||||
pipeline = logrequest authenticate adminrequest authorizer ec2executor
|
pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor
|
||||||
|
|
||||||
[pipeline:ec2metadata]
|
[pipeline:ec2metadata]
|
||||||
pipeline = logrequest ec2md
|
pipeline = logrequest ec2md
|
||||||
|
@ -37,6 +36,12 @@ paste.filter_factory = nova.api.ec2:RequestLogging.factory
|
||||||
[filter:ec2lockout]
|
[filter:ec2lockout]
|
||||||
paste.filter_factory = nova.api.ec2:Lockout.factory
|
paste.filter_factory = nova.api.ec2:Lockout.factory
|
||||||
|
|
||||||
|
[filter:totoken]
|
||||||
|
paste.filter_factory = nova.api.ec2:ToToken.factory
|
||||||
|
|
||||||
|
[filter:ec2noauth]
|
||||||
|
paste.filter_factory = nova.api.ec2:NoAuth.factory
|
||||||
|
|
||||||
[filter:authenticate]
|
[filter:authenticate]
|
||||||
paste.filter_factory = nova.api.ec2:Authenticate.factory
|
paste.filter_factory = nova.api.ec2:Authenticate.factory
|
||||||
|
|
||||||
|
@ -71,10 +76,10 @@ use = egg:Paste#urlmap
|
||||||
/v1.1: openstackapi11
|
/v1.1: openstackapi11
|
||||||
|
|
||||||
[pipeline:openstackapi10]
|
[pipeline:openstackapi10]
|
||||||
pipeline = faultwrap tokenauth auth_shim ratelimit osapiapp10
|
pipeline = faultwrap authtoken keystonecontext ratelimit osapiapp10
|
||||||
|
|
||||||
[pipeline:openstackapi11]
|
[pipeline:openstackapi11]
|
||||||
pipeline = faultwrap tokenauth auth_shim ratelimit extensions osapiapp11
|
pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp11
|
||||||
|
|
||||||
[filter:faultwrap]
|
[filter:faultwrap]
|
||||||
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
||||||
|
@ -82,19 +87,8 @@ paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
||||||
[filter:auth]
|
[filter:auth]
|
||||||
paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
|
paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
|
||||||
|
|
||||||
[filter:tokenauth]
|
[filter:noauth]
|
||||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
|
||||||
service_protocol = http
|
|
||||||
service_host = 127.0.0.1
|
|
||||||
service_port = 808
|
|
||||||
auth_host = 127.0.0.1
|
|
||||||
auth_port = 5001
|
|
||||||
auth_protocol = http
|
|
||||||
auth_uri = http://127.0.0.1:5000/
|
|
||||||
admin_token = 999888777666
|
|
||||||
|
|
||||||
[filter:auth_shim]
|
|
||||||
paste.filter_factory = keystone.middleware.nova_auth_token:KeystoneAuthShim.factory
|
|
||||||
|
|
||||||
[filter:ratelimit]
|
[filter:ratelimit]
|
||||||
paste.filter_factory = nova.api.openstack.limits:RateLimitingMiddleware.factory
|
paste.filter_factory = nova.api.openstack.limits:RateLimitingMiddleware.factory
|
||||||
|
@ -113,3 +107,22 @@ pipeline = faultwrap osversionapp
|
||||||
|
|
||||||
[app:osversionapp]
|
[app:osversionapp]
|
||||||
paste.app_factory = nova.api.openstack.versions:Versions.factory
|
paste.app_factory = nova.api.openstack.versions:Versions.factory
|
||||||
|
|
||||||
|
##########
|
||||||
|
# Shared #
|
||||||
|
##########
|
||||||
|
|
||||||
|
[filter:keystonecontext]
|
||||||
|
paste.filter_factory = nova.api.auth:KeystoneContext.factory
|
||||||
|
|
||||||
|
[filter:authtoken]
|
||||||
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||||
|
service_protocol = http
|
||||||
|
service_host = 127.0.0.1
|
||||||
|
service_port = 5000
|
||||||
|
auth_host = 127.0.0.1
|
||||||
|
auth_port = 5001
|
||||||
|
auth_protocol = http
|
||||||
|
auth_uri = http://127.0.0.1:5000/
|
||||||
|
admin_token = 999888777666
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue