Update paste, policy and rootwrap configurations 2017-08-15

Change-Id: I288ac6dc58a6942fd3cc1b3bc34d363c165dce74
This commit is contained in:
Andy McCrae 2017-08-15 09:56:14 +01:00
parent 01cbd0805d
commit 4cf5a474da
3 changed files with 32 additions and 0 deletions

View File

@ -266,5 +266,6 @@ glance_glance_registry_conf_overrides: {}
glance_glance_scrubber_conf_overrides: {}
glance_glance_scheme_json_overrides: {}
glance_glance_swift_store_conf_overrides: {}
glance_glance_rootwrap_conf_overrides: {}
glance_policy_overrides: {}
glance_api_uwsgi_ini_overrides: {}

View File

@ -67,6 +67,10 @@
dest: "/etc/glance/schema-image.json"
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
config_type: "json"
- src: "rootwrap.conf.j2"
dest: "/etc/glance/rootwrap.conf"
config_overrides: "{{ glance_glance_rootwrap_conf_overrides }}"
config_type: "ini"
notify:
- Restart glance services

View File

@ -0,0 +1,27 @@
# Configuration for glance-rootwrap
# This file should be owned by (and only-writable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs={{ glance_bin }},/sbin,/usr/sbin,/bin,/usr/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR