9e96b65126
Instead of sourcing the paste/policy files from the role, the deploy host will first be checked, then the git source. The current mechanism uses a lookup, causing the fetch of the default templates to happen via curl from the deployment node. This causes problems if the deployment node does not have access to the repo server web service, which may be the case in high security environments. This patch changes the mechanism to only use the lookup module for the file content that is on the deployment node, then falls back to using the uri module to fetch the default content. This ensures that the deployment node does not have to reach into the environment for the content. Additionally, the following variables and related tasks are removed as the files they applied to no longer exist in the source git repository: - ceilometer_event_definitions_yaml_overrides - ceilometer_event_pipeline_yaml_overrides The pattern applied is the same as that used in the combination of the following two reference patches: - https://review.openstack.org/446235 - https://review.openstack.org/463390 The rootwrap.conf template is re-added because it cannot be used verbatim from the upstream repository. It requires the addition of the service venv bin in the exec_dirs. A mechanism to implement this dynamically will be figured out in a later review along with an implementation which will fetch the rootwrap files directly from the git source too. Change-Id: I248910a544f611b590bc93449aea98434802cae3
28 lines
1004 B
Django/Jinja
28 lines
1004 B
Django/Jinja
# Configuration for ceilometer-rootwrap
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
[DEFAULT]
|
|
# List of directories to load filter definitions from (separated by ',').
|
|
# These directories MUST all be only writeable by root !
|
|
filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap
|
|
|
|
# List of directories to search executables in, in case filters do not
|
|
# explicitely specify a full path (separated by ',')
|
|
# If not specified, defaults to system PATH environment variable.
|
|
# These directories MUST all be only writeable by root !
|
|
exec_dirs={{ ceilometer_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin
|
|
|
|
# Enable logging to syslog
|
|
# Default value is False
|
|
use_syslog=False
|
|
|
|
# Which syslog facility to use.
|
|
# Valid values include auth, authpriv, syslog, user0, user1...
|
|
# Default value is 'syslog'
|
|
syslog_log_facility=syslog
|
|
|
|
# Which messages to log.
|
|
# INFO means log all usage
|
|
# ERROR means only log unsuccessful attempts
|
|
syslog_log_level=ERROR
|