Update paste, policy and rootwrap configurations 2017-08-15

Change-Id: I288ac6dc58a6942fd3cc1b3bc34d363c165dce74

defaults/main.yml

@@ -266,5 +266,6 @@ glance_glance_registry_conf_overrides: {}
 glance_glance_scrubber_conf_overrides: {}
 glance_glance_scheme_json_overrides: {}
 glance_glance_swift_store_conf_overrides: {}
+glance_glance_rootwrap_conf_overrides: {}
 glance_policy_overrides: {}
 glance_api_uwsgi_ini_overrides: {}

tasks/glance_post_install.yml

@@ -67,6 +67,10 @@
       dest: "/etc/glance/schema-image.json"
       config_overrides: "{{ glance_glance_scheme_json_overrides }}"
       config_type: "json"
+    - src: "rootwrap.conf.j2"
+      dest: "/etc/glance/rootwrap.conf"
+      config_overrides: "{{ glance_glance_rootwrap_conf_overrides }}"
+      config_type: "ini"
   notify:
     - Restart glance services
 

templates/rootwrap.conf.j2

@@ -0,0 +1,27 @@
+# Configuration for glance-rootwrap
+# This file should be owned by (and only-writable by) the root user
+
+[DEFAULT]
+# List of directories to load filter definitions from (separated by ',').
+# These directories MUST all be only writeable by root !
+filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
+
+# List of directories to search executables in, in case filters do not
+# explicitely specify a full path (separated by ',')
+# If not specified, defaults to system PATH environment variable.
+# These directories MUST all be only writeable by root !
+exec_dirs={{ glance_bin }},/sbin,/usr/sbin,/bin,/usr/bin
+
+# Enable logging to syslog
+# Default value is False
+use_syslog=False
+
+# Which syslog facility to use.
+# Valid values include auth, authpriv, syslog, local0, local1...
+# Default value is 'syslog'
+syslog_log_facility=syslog
+
+# Which messages to log.
+# INFO means log all usage
+# ERROR means only log unsuccessful attempts
+syslog_log_level=ERROR