Browse Source

Merge "Cleanup files and templates using smart sources"

Zuul 1 month ago
parent
commit
77148fb080

+ 1
- 2
defaults/main.yml View File

@@ -55,7 +55,7 @@ glance_bin: "{{ _glance_bin }}"
55 55
 #  This is used for role access to the db migrations.
56 56
 #  Example:
57 57
 #  glance_etc_dir: "/usr/local/etc/glance"
58
-glance_etc_dir: "{{ _glance_etc }}/glance"
58
+glance_etc_dir: "/etc/glance"
59 59
 
60 60
 # venv_download, even when true, will use the fallback method of building the
61 61
 # venv from scratch if the venv download fails.
@@ -313,6 +313,5 @@ glance_glance_registry_conf_overrides: {}
313 313
 glance_glance_scrubber_conf_overrides: {}
314 314
 glance_glance_scheme_json_overrides: {}
315 315
 glance_glance_swift_store_conf_overrides: {}
316
-glance_glance_rootwrap_conf_overrides: {}
317 316
 glance_policy_overrides: {}
318 317
 glance_api_uwsgi_ini_overrides: {}

+ 0
- 20
handlers/main.yml View File

@@ -82,26 +82,6 @@
82 82
     - "Restart glance services"
83 83
     - "venv changed"
84 84
 
85
-# Note (odyssey4me):
86
-# The policy.json file is currently read continually by the services
87
-# and is not only read on service start. We therefore cannot template
88
-# directly to the file read by the service because the new policies
89
-# may not be valid until the service restarts. This is particularly
90
-# important during a major upgrade. We therefore only put the policy
91
-# file in place after the service has been stopped.
92
-#
93
-- name: Copy new policy file into place
94
-  copy:
95
-    src: "/etc/glance/policy.json-{{ glance_venv_tag }}"
96
-    dest: "/etc/glance/policy.json"
97
-    owner: "root"
98
-    group: "{{ glance_system_group_name }}"
99
-    mode: "0640"
100
-    remote_src: yes
101
-  listen:
102
-    - "Restart glance services"
103
-    - "venv changed"
104
-
105 85
 - name: Start services
106 86
   service:
107 87
     name: "{{ item.service_name }}"

+ 43
- 7
tasks/glance_install.yml View File

@@ -52,22 +52,58 @@
52 52
     mode: "0755"
53 53
   with_items: "{{ glance_nfs_client }}"
54 54
 
55
+# NOTE(cloudnull): During an upgrade the local directory may exist on a source
56
+#                  install. If the directory does exist it will need to be
57
+#                  removed. This is required on source installs because the
58
+#                  config directory is a link.
59
+- name: Source config block
60
+  block:
61
+    - name: Stat config directory
62
+      stat:
63
+        path: "{{ glance_etc_dir }}"
64
+      register: glance_conf_dir_stat
65
+
66
+    - name: Remove the config directory
67
+      file:
68
+        path: "{{ glance_etc_dir }}"
69
+        state: absent
70
+      when:
71
+        - glance_conf_dir_stat.stat.isdir is defined and
72
+          glance_conf_dir_stat.stat.isdir
73
+  when:
74
+    - glance_install_method == 'source'
75
+
55 76
 - name: Create glance directories
56 77
   file:
57
-    path: "{{ item.path | realpath }}"
58
-    state: directory
59
-    owner: "{{ item.owner | default(glance_system_user_name) }}"
60
-    group: "{{ item.group | default(glance_system_group_name) }}"
78
+    path: "{{ item.path | default(omit) }}"
79
+    src: "{{ item.src | default(omit) }}"
80
+    dest: "{{ item.dest | default(omit) }}"
81
+    state: "{{ item.state | default('directory') }}"
82
+    owner: "{{ item.owner|default(glance_system_user_name) }}"
83
+    group: "{{ item.group|default(glance_system_group_name) }}"
61 84
     mode: "{{ item.mode | default(omit) }}"
85
+    force: "{{ item.force | default(omit) }}"
62 86
   when:
63
-    - "item.path not in glance_mount_points"
87
+    - (item.condition | default(true)) | bool
88
+    - (item.dest | default(item.path)) not in glance_mount_points
64 89
   with_items:
65 90
     - path: "/openstack"
66 91
       mode: "0755"
67 92
       owner: "root"
68 93
       group: "root"
69
-    - path: "/etc/glance"
70
-      mode: "0750"
94
+    - path: "{{ (glance_install_method == 'distro') | ternary(glance_etc_dir, (glance_bin | dirname) + glance_etc_dir) }}"
95
+      mode: "0755"
96
+    # NOTE(cloudnull): The "src" path is relative. This ensures all files remain
97
+    #                  within the host/container confines when connecting to
98
+    #                  them using the connection plugin or the root filesystem.
99
+    - dest: "{{ glance_etc_dir }}"
100
+      src: "{{ glance_bin | dirname | regex_replace('^/', '../') }}/etc/glance"
101
+      state: link
102
+      force: true
103
+      condition: "{{ glance_install_method == 'source' }}"
104
+    - path: "{{ glance_etc_dir }}/rootwrap.d"
105
+      owner: "root"
106
+      group: "root"
71 107
     - path: "/var/cache/glance"
72 108
     - path: "{{ glance_system_user_home }}"
73 109
     - path: "{{ glance_system_user_home }}/cache"

+ 6
- 0
tasks/glance_install_source.yml View File

@@ -50,3 +50,9 @@
50 50
       - section: "glance"
51 51
         option: "venv_tag"
52 52
         value: "{{ glance_venv_tag }}"
53
+
54
+- name: Link in the os-brick rootwrap filters
55
+  file:
56
+    src: "{{ glance_bin | dirname }}/etc/os-brick/rootwrap.d/os-brick.filters"
57
+    dest: "{{ glance_etc_dir }}/rootwrap.d/os-brick.filters"
58
+    state: link

+ 57
- 29
tasks/glance_post_install.yml View File

@@ -24,60 +24,88 @@
24 24
     config_type: "{{ item.config_type }}"
25 25
   when: item.condition | default(True)
26 26
   with_items:
27
-    - src: "glance-api-paste.ini.j2"
28
-      dest: "/etc/glance/glance-api-paste.ini"
29
-      config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
30
-      config_type: "ini"
31 27
     - src: "glance-api.conf.j2"
32
-      dest: "/etc/glance/glance-api.conf"
28
+      dest: "{{ glance_etc_dir }}/glance-api.conf"
33 29
       config_overrides: "{{ glance_glance_api_conf_overrides }}"
34 30
       config_type: "ini"
35 31
     - src: "glance-cache.conf.j2"
36
-      dest: "/etc/glance/glance-cache.conf"
32
+      dest: "{{ glance_etc_dir }}/glance-cache.conf"
37 33
       config_overrides: "{{ glance_glance_cache_conf_overrides }}"
38 34
       config_type: "ini"
39 35
     - src: "glance-manage.conf.j2"
40
-      dest: "/etc/glance/glance-manage.conf"
36
+      dest: "{{ glance_etc_dir }}/glance-manage.conf"
41 37
       config_overrides: "{{ glance_glance_manage_conf_overrides }}"
42 38
       config_type: "ini"
43
-    - src: "glance-registry-paste.ini.j2"
44
-      dest: "/etc/glance/glance-registry-paste.ini"
45
-      config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
46
-      config_type: "ini"
47
-      condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
48 39
     - src: "glance-registry.conf.j2"
49
-      dest: "/etc/glance/glance-registry.conf"
40
+      dest: "{{ glance_etc_dir }}/glance-registry.conf"
50 41
       config_overrides: "{{ glance_glance_registry_conf_overrides }}"
51 42
       config_type: "ini"
52 43
       condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
53 44
     - src: "glance-scrubber.conf.j2"
54
-      dest: "/etc/glance/glance-scrubber.conf"
45
+      dest: "{{ glance_etc_dir }}/glance-scrubber.conf"
55 46
       config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
56 47
       config_type: "ini"
57 48
     - src: "glance-swift-store.conf.j2"
58
-      dest: "/etc/glance/glance-swift-store.conf"
49
+      dest: "{{ glance_etc_dir }}/glance-swift-store.conf"
59 50
       config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
60 51
       config_type: "ini"
61
-    - src: "policy.json.j2"
62
-      dest: "/etc/glance/policy.json-{{ glance_venv_tag }}"
63
-      config_overrides: "{{ glance_policy_overrides }}"
64
-      config_type: "json"
65
-    - src: "schema.json.j2"
66
-      dest: "/etc/glance/schema.json"
67
-      config_overrides: "{{ glance_glance_scheme_json_overrides }}"
68
-      config_type: "json"
69
-    - src: "schema.json.j2"
70
-      dest: "/etc/glance/schema-image.json"
52
+    - src: "schema-image.json.j2"
53
+      dest: "{{ glance_etc_dir }}/schema-image.json"
71 54
       config_overrides: "{{ glance_glance_scheme_json_overrides }}"
72 55
       config_type: "json"
73
-    - src: "rootwrap.conf.j2"
74
-      dest: "/etc/glance/rootwrap.conf"
75
-      config_overrides: "{{ glance_glance_rootwrap_conf_overrides }}"
76
-      config_type: "ini"
77 56
   notify:
78 57
     - Manage LB
79 58
     - Restart glance services
80 59
 
60
+# NOTE(cloudnull): This is using "cp" instead of copy with a remote_source
61
+#                  because we only want to copy the original files once. and we
62
+#                  don't want to need multiple tasks.
63
+- name: Preserve original configuration file(s)
64
+  command: "cp {{ item.target_f }} {{ item.target_f }}.original"
65
+  args:
66
+    creates: "{{ item.target_f }}.original"
67
+  with_items: "{{ glance_core_files }}"
68
+
69
+- name: Fetch override files
70
+  fetch:
71
+    src: "{{ item.target_f }}"
72
+    dest: "{{ item.tmp_f }}"
73
+    flat: yes
74
+  changed_when: false
75
+  run_once: true
76
+  with_items: "{{ glance_core_files }}"
77
+
78
+- name: Copy common config
79
+  config_template:
80
+    src: "{{ item.tmp_f }}"
81
+    dest: "{{ item.target_f_override | default(item.target_f) }}"
82
+    owner: "{{ item.owner | default('root') }}"
83
+    group: "{{ item.group | default(glance_system_group_name) }}"
84
+    mode: "{{ item.mode | default('0640') }}"
85
+    config_overrides: "{{ item.config_overrides }}"
86
+    config_type: "{{ item.config_type }}"
87
+  with_items: "{{ glance_core_files }}"
88
+  notify:
89
+    - Restart glance services
90
+
91
+- name: Cleanup fetched temp files
92
+  file:
93
+    path: "{{ item.tmp_f }}"
94
+    state: absent
95
+  changed_when: false
96
+  delegate_to: localhost
97
+  run_once: true
98
+  with_items: "{{ glance_core_files }}"
99
+
100
+# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files.
101
+- name: Set rootwrap.d permissions
102
+  file:
103
+    path: "{{ glance_etc_dir }}/rootwrap.d"
104
+    owner: "root"
105
+    group: "root"
106
+    mode: "0640"
107
+    recurse: true
108
+
81 109
 - name: Run the systemd mount role
82 110
   include_role:
83 111
     name: systemd_mount

+ 0
- 86
templates/glance-api-paste.ini.j2 View File

@@ -1,86 +0,0 @@
1
-# Use this pipeline for no auth or image caching - DEFAULT
2
-[pipeline:glance-api]
3
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
4
-
5
-# Use this pipeline for image caching and no auth
6
-[pipeline:glance-api-caching]
7
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
8
-
9
-# Use this pipeline for caching w/ management interface but no auth
10
-[pipeline:glance-api-cachemanagement]
11
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
12
-
13
-# Use this pipeline for keystone auth
14
-[pipeline:glance-api-keystone]
15
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context  rootapp
16
-
17
-# Use this pipeline for keystone auth with image caching
18
-[pipeline:glance-api-keystone+caching]
19
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
20
-
21
-# Use this pipeline for keystone auth with caching and cache management
22
-[pipeline:glance-api-keystone+cachemanagement]
23
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
24
-
25
-# Use this pipeline for authZ only. This means that the registry will treat a
26
-# user as authenticated without making requests to keystone to reauthenticate
27
-# the user.
28
-[pipeline:glance-api-trusted-auth]
29
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
30
-
31
-# Use this pipeline for authZ only. This means that the registry will treat a
32
-# user as authenticated without making requests to keystone to reauthenticate
33
-# the user and uses cache management
34
-[pipeline:glance-api-trusted-auth+cachemanagement]
35
-pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
36
-
37
-[composite:rootapp]
38
-paste.composite_factory = glance.api:root_app_factory
39
-/: apiversions
40
-/v2: apiv2app
41
-
42
-[app:apiversions]
43
-paste.app_factory = glance.api.versions:create_resource
44
-
45
-[app:apiv2app]
46
-paste.app_factory = glance.api.v2.router:API.factory
47
-
48
-[filter:healthcheck]
49
-paste.filter_factory = oslo_middleware:Healthcheck.factory
50
-backends = disable_by_file
51
-disable_by_file_path = /etc/glance/healthcheck_disable
52
-
53
-[filter:versionnegotiation]
54
-paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
55
-
56
-[filter:cache]
57
-paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
58
-
59
-[filter:cachemanage]
60
-paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
61
-
62
-[filter:context]
63
-paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
64
-
65
-[filter:unauthenticated-context]
66
-paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
67
-
68
-[filter:authtoken]
69
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
70
-delay_auth_decision = true
71
-
72
-[filter:gzip]
73
-paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
74
-
75
-[filter:osprofiler]
76
-paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
77
-hmac_keys = {{ glance_profiler_hmac_key }}  #DEPRECATED
78
-enabled = yes  #DEPRECATED
79
-
80
-[filter:cors]
81
-paste.filter_factory =  oslo_middleware.cors:filter_factory
82
-oslo_config_project = glance
83
-oslo_config_program = glance-api
84
-
85
-[filter:http_proxy_to_wsgi]
86
-paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory

+ 1
- 1
templates/glance-api.conf.j2 View File

@@ -88,7 +88,7 @@ filesystem_store_datadir = {{ glance_system_user_home }}/images/
88 88
 {% endif %}
89 89
 
90 90
 {% if 'swift' in glance_available_stores %}
91
-swift_store_config_file = /etc/glance/glance-swift-store.conf
91
+swift_store_config_file = {{ glance_etc_dir }}/glance-swift-store.conf
92 92
 default_swift_reference = swift1
93 93
 swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
94 94
 swift_store_region = {{ glance_swift_store_region }}

+ 0
- 35
templates/glance-registry-paste.ini.j2 View File

@@ -1,35 +0,0 @@
1
-# Use this pipeline for no auth - DEFAULT
2
-[pipeline:glance-registry]
3
-pipeline = healthcheck osprofiler unauthenticated-context registryapp
4
-
5
-# Use this pipeline for keystone auth
6
-[pipeline:glance-registry-keystone]
7
-pipeline = healthcheck osprofiler authtoken context registryapp
8
-
9
-# Use this pipeline for authZ only. This means that the registry will treat a
10
-# user as authenticated without making requests to keystone to reauthenticate
11
-# the user.
12
-[pipeline:glance-registry-trusted-auth]
13
-pipeline = healthcheck osprofiler context registryapp
14
-
15
-[app:registryapp]
16
-paste.app_factory = glance.registry.api:API.factory
17
-
18
-[filter:healthcheck]
19
-paste.filter_factory = oslo_middleware:Healthcheck.factory
20
-backends = disable_by_file
21
-disable_by_file_path = /etc/glance/healthcheck_disable
22
-
23
-[filter:context]
24
-paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
25
-
26
-[filter:unauthenticated-context]
27
-paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
28
-
29
-[filter:authtoken]
30
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
31
-
32
-[filter:osprofiler]
33
-paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
34
-hmac_keys = {{ glance_profiler_hmac_key }}  #DEPRECATED
35
-enabled = yes  #DEPRECATED

+ 0
- 63
templates/policy.json.j2 View File

@@ -1,63 +0,0 @@
1
-{
2
-    "context_is_admin":  "role:admin",
3
-    "default": "role:admin",
4
-
5
-    "add_image": "",
6
-    "delete_image": "",
7
-    "get_image": "",
8
-    "get_images": "",
9
-    "modify_image": "",
10
-    "publicize_image": "role:admin",
11
-    "communitize_image": "",
12
-    "copy_from": "",
13
-
14
-    "download_image": "",
15
-    "upload_image": "",
16
-
17
-    "delete_image_location": "",
18
-    "get_image_location": "",
19
-    "set_image_location": "",
20
-
21
-    "add_member": "",
22
-    "delete_member": "",
23
-    "get_member": "",
24
-    "get_members": "",
25
-    "modify_member": "",
26
-
27
-    "manage_image_cache": "role:admin",
28
-
29
-    "get_task": "",
30
-    "get_tasks": "",
31
-    "add_task": "",
32
-    "modify_task": "",
33
-    "tasks_api_access": "role:admin",
34
-
35
-    "deactivate": "",
36
-    "reactivate": "",
37
-
38
-    "get_metadef_namespace": "",
39
-    "get_metadef_namespaces":"",
40
-    "modify_metadef_namespace":"",
41
-    "add_metadef_namespace":"",
42
-
43
-    "get_metadef_object":"",
44
-    "get_metadef_objects":"",
45
-    "modify_metadef_object":"",
46
-    "add_metadef_object":"",
47
-
48
-    "list_metadef_resource_types":"",
49
-    "get_metadef_resource_type":"",
50
-    "add_metadef_resource_type_association":"",
51
-
52
-    "get_metadef_property":"",
53
-    "get_metadef_properties":"",
54
-    "modify_metadef_property":"",
55
-    "add_metadef_property":"",
56
-
57
-    "get_metadef_tag":"",
58
-    "get_metadef_tags":"",
59
-    "modify_metadef_tag":"",
60
-    "add_metadef_tag":"",
61
-    "add_metadef_tags":""
62
-
63
-}

+ 0
- 27
templates/rootwrap.conf.j2 View File

@@ -1,27 +0,0 @@
1
-# Configuration for glance-rootwrap
2
-# This file should be owned by (and only-writable by) the root user
3
-
4
-[DEFAULT]
5
-# List of directories to load filter definitions from (separated by ',').
6
-# These directories MUST all be only writeable by root !
7
-filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
8
-
9
-# List of directories to search executables in, in case filters do not
10
-# explicitely specify a full path (separated by ',')
11
-# If not specified, defaults to system PATH environment variable.
12
-# These directories MUST all be only writeable by root !
13
-exec_dirs={{ glance_bin }},/sbin,/usr/sbin,/bin,/usr/bin
14
-
15
-# Enable logging to syslog
16
-# Default value is False
17
-use_syslog=False
18
-
19
-# Which syslog facility to use.
20
-# Valid values include auth, authpriv, syslog, local0, local1...
21
-# Default value is 'syslog'
22
-syslog_log_facility=syslog
23
-
24
-# Which messages to log.
25
-# INFO means log all usage
26
-# ERROR means only log unsuccessful attempts
27
-syslog_log_level=ERROR

templates/schema.json.j2 → templates/schema-image.json.j2 View File

@@ -1,28 +1,28 @@
1
-{
2
-    "kernel_id": {
3
-        "type": ["null", "string"],
4
-        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
5
-        "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
6
-    },
7
-    "ramdisk_id": {
8
-        "type": ["null", "string"],
9
-        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
10
-        "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
11
-    },
12
-    "instance_uuid": {
13
-        "type": "string",
14
-        "description": "ID of instance used to create this image."
15
-    },
16
-    "architecture": {
17
-        "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
18
-        "type": "string"
19
-    },
20
-    "os_distro": {
21
-        "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
22
-        "type": "string"
23
-    },
24
-    "os_version": {
25
-        "description": "Operating system version as specified by the distributor",
26
-        "type": "string"
27
-    }
28
-}
1
+{
2
+    "kernel_id": {
3
+        "type": ["null", "string"],
4
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
5
+        "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
6
+    },
7
+    "ramdisk_id": {
8
+        "type": ["null", "string"],
9
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
10
+        "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
11
+    },
12
+    "instance_uuid": {
13
+        "type": "string",
14
+        "description": "Metadata which can be used to record which instance this image is associated with. (Informational only, does not create an instance snapshot.)"
15
+    },
16
+    "architecture": {
17
+        "description": "Operating system architecture as specified in https://docs.openstack.org/python-glanceclient/latest/cli/property-keys.html",
18
+        "type": "string"
19
+    },
20
+    "os_distro": {
21
+        "description": "Common name of operating system distribution as specified in https://docs.openstack.org/python-glanceclient/latest/cli/property-keys.html",
22
+        "type": "string"
23
+    },
24
+    "os_version": {
25
+        "description": "Operating system version as specified by the distributor",
26
+        "type": "string"
27
+    }
28
+}

+ 0
- 1
vars/distro_install.yml View File

@@ -21,4 +21,3 @@ glance_package_list: |-
21 21
   {{ packages }}
22 22
 
23 23
 _glance_bin: "/usr/bin"
24
-_glance_etc: "/etc"

+ 15
- 0
vars/main.yml View File

@@ -39,3 +39,18 @@ glance_mount_points: |-
39 39
   {%   set _ = mps.append(mp.local_path) %}
40 40
   {% endfor %}
41 41
   {{ mps }}
42
+
43
+glance_core_files:
44
+  - tmp_f: "/tmp/policy.json"
45
+    target_f: "{{ glance_etc_dir }}/policy.json"
46
+    config_overrides: "{{ glance_policy_overrides }}"
47
+    config_type: "json"
48
+    condition: true
49
+  - tmp_f: "/tmp/glance-registry-paste.ini"
50
+    target_f: "{{ glance_etc_dir }}/glance-registry-paste.ini"
51
+    config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
52
+    config_type: "ini"
53
+  - tmp_f: "/tmp/glance-api-paste.ini"
54
+    target_f: "{{ glance_etc_dir }}/glance-api-paste.ini"
55
+    config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
56
+    config_type: "ini"

+ 17
- 0
vars/redhat-7.yml View File

@@ -34,3 +34,20 @@ glance_oslomsg_amqp1_distro_packages:
34 34
   - cyrus-sasl-md5
35 35
 
36 36
 glance_uwsgi_bin: '/usr/sbin'
37
+
38
+glance_core_files:
39
+  - tmp_f: "/tmp/policy.json"
40
+    target_f: "{{ glance_etc_dir }}/policy.json"
41
+    config_overrides: "{{ glance_policy_overrides }}"
42
+    config_type: "json"
43
+    condition: true
44
+  - tmp_f: "/tmp/glance-registry-dist-paste.ini"
45
+    target_f: "{{ (glance_install_method == 'source') | ternary((glance_etc_dir ~ '/glance-registry-paste.ini'), '/usr/share/glance/glance-registry-dist-paste.ini') }}"
46
+    target_f_override: "{{ glance_etc_dir }}/glance-registry-paste.ini"
47
+    config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
48
+    config_type: "ini"
49
+  - tmp_f: "/tmp/glance-api-dist-paste.ini"
50
+    target_f: "{{ (glance_install_method == 'source') | ternary((glance_etc_dir ~ '/glance-api-paste.ini'), '/usr/share/glance/glance-api-dist-paste.ini') }}"
51
+    target_f_override: "{{ glance_etc_dir }}/glance-api-paste.ini"
52
+    config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
53
+    config_type: "ini"

+ 0
- 1
vars/source_install.yml View File

@@ -21,5 +21,4 @@ glance_package_list: |-
21 21
   {{ packages }}
22 22
 
23 23
 _glance_bin: "/openstack/venvs/glance-{{ glance_venv_tag }}/bin"
24
-_glance_etc: "{{ _glance_bin | dirname + '/etc' }}"
25 24
 glance_uwsgi_bin: "{{ _glance_bin }}"

Loading…
Cancel
Save