Merge "Cleanup files and templates using smart sources"
This commit is contained in:
commit
77148fb080
|
@ -55,7 +55,7 @@ glance_bin: "{{ _glance_bin }}"
|
||||||
# This is used for role access to the db migrations.
|
# This is used for role access to the db migrations.
|
||||||
# Example:
|
# Example:
|
||||||
# glance_etc_dir: "/usr/local/etc/glance"
|
# glance_etc_dir: "/usr/local/etc/glance"
|
||||||
glance_etc_dir: "{{ _glance_etc }}/glance"
|
glance_etc_dir: "/etc/glance"
|
||||||
|
|
||||||
# venv_download, even when true, will use the fallback method of building the
|
# venv_download, even when true, will use the fallback method of building the
|
||||||
# venv from scratch if the venv download fails.
|
# venv from scratch if the venv download fails.
|
||||||
|
@ -313,6 +313,5 @@ glance_glance_registry_conf_overrides: {}
|
||||||
glance_glance_scrubber_conf_overrides: {}
|
glance_glance_scrubber_conf_overrides: {}
|
||||||
glance_glance_scheme_json_overrides: {}
|
glance_glance_scheme_json_overrides: {}
|
||||||
glance_glance_swift_store_conf_overrides: {}
|
glance_glance_swift_store_conf_overrides: {}
|
||||||
glance_glance_rootwrap_conf_overrides: {}
|
|
||||||
glance_policy_overrides: {}
|
glance_policy_overrides: {}
|
||||||
glance_api_uwsgi_ini_overrides: {}
|
glance_api_uwsgi_ini_overrides: {}
|
||||||
|
|
|
@ -82,26 +82,6 @@
|
||||||
- "Restart glance services"
|
- "Restart glance services"
|
||||||
- "venv changed"
|
- "venv changed"
|
||||||
|
|
||||||
# Note (odyssey4me):
|
|
||||||
# The policy.json file is currently read continually by the services
|
|
||||||
# and is not only read on service start. We therefore cannot template
|
|
||||||
# directly to the file read by the service because the new policies
|
|
||||||
# may not be valid until the service restarts. This is particularly
|
|
||||||
# important during a major upgrade. We therefore only put the policy
|
|
||||||
# file in place after the service has been stopped.
|
|
||||||
#
|
|
||||||
- name: Copy new policy file into place
|
|
||||||
copy:
|
|
||||||
src: "/etc/glance/policy.json-{{ glance_venv_tag }}"
|
|
||||||
dest: "/etc/glance/policy.json"
|
|
||||||
owner: "root"
|
|
||||||
group: "{{ glance_system_group_name }}"
|
|
||||||
mode: "0640"
|
|
||||||
remote_src: yes
|
|
||||||
listen:
|
|
||||||
- "Restart glance services"
|
|
||||||
- "venv changed"
|
|
||||||
|
|
||||||
- name: Start services
|
- name: Start services
|
||||||
service:
|
service:
|
||||||
name: "{{ item.service_name }}"
|
name: "{{ item.service_name }}"
|
||||||
|
|
|
@ -52,22 +52,58 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
with_items: "{{ glance_nfs_client }}"
|
with_items: "{{ glance_nfs_client }}"
|
||||||
|
|
||||||
|
# NOTE(cloudnull): During an upgrade the local directory may exist on a source
|
||||||
|
# install. If the directory does exist it will need to be
|
||||||
|
# removed. This is required on source installs because the
|
||||||
|
# config directory is a link.
|
||||||
|
- name: Source config block
|
||||||
|
block:
|
||||||
|
- name: Stat config directory
|
||||||
|
stat:
|
||||||
|
path: "{{ glance_etc_dir }}"
|
||||||
|
register: glance_conf_dir_stat
|
||||||
|
|
||||||
|
- name: Remove the config directory
|
||||||
|
file:
|
||||||
|
path: "{{ glance_etc_dir }}"
|
||||||
|
state: absent
|
||||||
|
when:
|
||||||
|
- glance_conf_dir_stat.stat.isdir is defined and
|
||||||
|
glance_conf_dir_stat.stat.isdir
|
||||||
|
when:
|
||||||
|
- glance_install_method == 'source'
|
||||||
|
|
||||||
- name: Create glance directories
|
- name: Create glance directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path | realpath }}"
|
path: "{{ item.path | default(omit) }}"
|
||||||
state: directory
|
src: "{{ item.src | default(omit) }}"
|
||||||
owner: "{{ item.owner | default(glance_system_user_name) }}"
|
dest: "{{ item.dest | default(omit) }}"
|
||||||
group: "{{ item.group | default(glance_system_group_name) }}"
|
state: "{{ item.state | default('directory') }}"
|
||||||
|
owner: "{{ item.owner|default(glance_system_user_name) }}"
|
||||||
|
group: "{{ item.group|default(glance_system_group_name) }}"
|
||||||
mode: "{{ item.mode | default(omit) }}"
|
mode: "{{ item.mode | default(omit) }}"
|
||||||
|
force: "{{ item.force | default(omit) }}"
|
||||||
when:
|
when:
|
||||||
- "item.path not in glance_mount_points"
|
- (item.condition | default(true)) | bool
|
||||||
|
- (item.dest | default(item.path)) not in glance_mount_points
|
||||||
with_items:
|
with_items:
|
||||||
- path: "/openstack"
|
- path: "/openstack"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
- path: "/etc/glance"
|
- path: "{{ (glance_install_method == 'distro') | ternary(glance_etc_dir, (glance_bin | dirname) + glance_etc_dir) }}"
|
||||||
mode: "0750"
|
mode: "0755"
|
||||||
|
# NOTE(cloudnull): The "src" path is relative. This ensures all files remain
|
||||||
|
# within the host/container confines when connecting to
|
||||||
|
# them using the connection plugin or the root filesystem.
|
||||||
|
- dest: "{{ glance_etc_dir }}"
|
||||||
|
src: "{{ glance_bin | dirname | regex_replace('^/', '../') }}/etc/glance"
|
||||||
|
state: link
|
||||||
|
force: true
|
||||||
|
condition: "{{ glance_install_method == 'source' }}"
|
||||||
|
- path: "{{ glance_etc_dir }}/rootwrap.d"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
- path: "/var/cache/glance"
|
- path: "/var/cache/glance"
|
||||||
- path: "{{ glance_system_user_home }}"
|
- path: "{{ glance_system_user_home }}"
|
||||||
- path: "{{ glance_system_user_home }}/cache"
|
- path: "{{ glance_system_user_home }}/cache"
|
||||||
|
|
|
@ -50,3 +50,9 @@
|
||||||
- section: "glance"
|
- section: "glance"
|
||||||
option: "venv_tag"
|
option: "venv_tag"
|
||||||
value: "{{ glance_venv_tag }}"
|
value: "{{ glance_venv_tag }}"
|
||||||
|
|
||||||
|
- name: Link in the os-brick rootwrap filters
|
||||||
|
file:
|
||||||
|
src: "{{ glance_bin | dirname }}/etc/os-brick/rootwrap.d/os-brick.filters"
|
||||||
|
dest: "{{ glance_etc_dir }}/rootwrap.d/os-brick.filters"
|
||||||
|
state: link
|
||||||
|
|
|
@ -24,60 +24,88 @@
|
||||||
config_type: "{{ item.config_type }}"
|
config_type: "{{ item.config_type }}"
|
||||||
when: item.condition | default(True)
|
when: item.condition | default(True)
|
||||||
with_items:
|
with_items:
|
||||||
- src: "glance-api-paste.ini.j2"
|
|
||||||
dest: "/etc/glance/glance-api-paste.ini"
|
|
||||||
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
- src: "glance-api.conf.j2"
|
- src: "glance-api.conf.j2"
|
||||||
dest: "/etc/glance/glance-api.conf"
|
dest: "{{ glance_etc_dir }}/glance-api.conf"
|
||||||
config_overrides: "{{ glance_glance_api_conf_overrides }}"
|
config_overrides: "{{ glance_glance_api_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-cache.conf.j2"
|
- src: "glance-cache.conf.j2"
|
||||||
dest: "/etc/glance/glance-cache.conf"
|
dest: "{{ glance_etc_dir }}/glance-cache.conf"
|
||||||
config_overrides: "{{ glance_glance_cache_conf_overrides }}"
|
config_overrides: "{{ glance_glance_cache_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-manage.conf.j2"
|
- src: "glance-manage.conf.j2"
|
||||||
dest: "/etc/glance/glance-manage.conf"
|
dest: "{{ glance_etc_dir }}/glance-manage.conf"
|
||||||
config_overrides: "{{ glance_glance_manage_conf_overrides }}"
|
config_overrides: "{{ glance_glance_manage_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-registry-paste.ini.j2"
|
|
||||||
dest: "/etc/glance/glance-registry-paste.ini"
|
|
||||||
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
|
|
||||||
- src: "glance-registry.conf.j2"
|
- src: "glance-registry.conf.j2"
|
||||||
dest: "/etc/glance/glance-registry.conf"
|
dest: "{{ glance_etc_dir }}/glance-registry.conf"
|
||||||
config_overrides: "{{ glance_glance_registry_conf_overrides }}"
|
config_overrides: "{{ glance_glance_registry_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
|
condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
|
||||||
- src: "glance-scrubber.conf.j2"
|
- src: "glance-scrubber.conf.j2"
|
||||||
dest: "/etc/glance/glance-scrubber.conf"
|
dest: "{{ glance_etc_dir }}/glance-scrubber.conf"
|
||||||
config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
|
config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-swift-store.conf.j2"
|
- src: "glance-swift-store.conf.j2"
|
||||||
dest: "/etc/glance/glance-swift-store.conf"
|
dest: "{{ glance_etc_dir }}/glance-swift-store.conf"
|
||||||
config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
|
config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "policy.json.j2"
|
- src: "schema-image.json.j2"
|
||||||
dest: "/etc/glance/policy.json-{{ glance_venv_tag }}"
|
dest: "{{ glance_etc_dir }}/schema-image.json"
|
||||||
config_overrides: "{{ glance_policy_overrides }}"
|
|
||||||
config_type: "json"
|
|
||||||
- src: "schema.json.j2"
|
|
||||||
dest: "/etc/glance/schema.json"
|
|
||||||
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
||||||
config_type: "json"
|
config_type: "json"
|
||||||
- src: "schema.json.j2"
|
|
||||||
dest: "/etc/glance/schema-image.json"
|
|
||||||
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
|
||||||
config_type: "json"
|
|
||||||
- src: "rootwrap.conf.j2"
|
|
||||||
dest: "/etc/glance/rootwrap.conf"
|
|
||||||
config_overrides: "{{ glance_glance_rootwrap_conf_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
notify:
|
notify:
|
||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart glance services
|
- Restart glance services
|
||||||
|
|
||||||
|
# NOTE(cloudnull): This is using "cp" instead of copy with a remote_source
|
||||||
|
# because we only want to copy the original files once. and we
|
||||||
|
# don't want to need multiple tasks.
|
||||||
|
- name: Preserve original configuration file(s)
|
||||||
|
command: "cp {{ item.target_f }} {{ item.target_f }}.original"
|
||||||
|
args:
|
||||||
|
creates: "{{ item.target_f }}.original"
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
|
||||||
|
- name: Fetch override files
|
||||||
|
fetch:
|
||||||
|
src: "{{ item.target_f }}"
|
||||||
|
dest: "{{ item.tmp_f }}"
|
||||||
|
flat: yes
|
||||||
|
changed_when: false
|
||||||
|
run_once: true
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
|
||||||
|
- name: Copy common config
|
||||||
|
config_template:
|
||||||
|
src: "{{ item.tmp_f }}"
|
||||||
|
dest: "{{ item.target_f_override | default(item.target_f) }}"
|
||||||
|
owner: "{{ item.owner | default('root') }}"
|
||||||
|
group: "{{ item.group | default(glance_system_group_name) }}"
|
||||||
|
mode: "{{ item.mode | default('0640') }}"
|
||||||
|
config_overrides: "{{ item.config_overrides }}"
|
||||||
|
config_type: "{{ item.config_type }}"
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
notify:
|
||||||
|
- Restart glance services
|
||||||
|
|
||||||
|
- name: Cleanup fetched temp files
|
||||||
|
file:
|
||||||
|
path: "{{ item.tmp_f }}"
|
||||||
|
state: absent
|
||||||
|
changed_when: false
|
||||||
|
delegate_to: localhost
|
||||||
|
run_once: true
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
|
||||||
|
# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files.
|
||||||
|
- name: Set rootwrap.d permissions
|
||||||
|
file:
|
||||||
|
path: "{{ glance_etc_dir }}/rootwrap.d"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0640"
|
||||||
|
recurse: true
|
||||||
|
|
||||||
- name: Run the systemd mount role
|
- name: Run the systemd mount role
|
||||||
include_role:
|
include_role:
|
||||||
name: systemd_mount
|
name: systemd_mount
|
||||||
|
|
|
@ -1,86 +0,0 @@
|
||||||
# Use this pipeline for no auth or image caching - DEFAULT
|
|
||||||
[pipeline:glance-api]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for image caching and no auth
|
|
||||||
[pipeline:glance-api-caching]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for caching w/ management interface but no auth
|
|
||||||
[pipeline:glance-api-cachemanagement]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth
|
|
||||||
[pipeline:glance-api-keystone]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth with image caching
|
|
||||||
[pipeline:glance-api-keystone+caching]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth with caching and cache management
|
|
||||||
[pipeline:glance-api-keystone+cachemanagement]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user.
|
|
||||||
[pipeline:glance-api-trusted-auth]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user and uses cache management
|
|
||||||
[pipeline:glance-api-trusted-auth+cachemanagement]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
|
|
||||||
|
|
||||||
[composite:rootapp]
|
|
||||||
paste.composite_factory = glance.api:root_app_factory
|
|
||||||
/: apiversions
|
|
||||||
/v2: apiv2app
|
|
||||||
|
|
||||||
[app:apiversions]
|
|
||||||
paste.app_factory = glance.api.versions:create_resource
|
|
||||||
|
|
||||||
[app:apiv2app]
|
|
||||||
paste.app_factory = glance.api.v2.router:API.factory
|
|
||||||
|
|
||||||
[filter:healthcheck]
|
|
||||||
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
|
||||||
backends = disable_by_file
|
|
||||||
disable_by_file_path = /etc/glance/healthcheck_disable
|
|
||||||
|
|
||||||
[filter:versionnegotiation]
|
|
||||||
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
|
||||||
|
|
||||||
[filter:cache]
|
|
||||||
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
|
||||||
|
|
||||||
[filter:cachemanage]
|
|
||||||
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
|
||||||
|
|
||||||
[filter:context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:unauthenticated-context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:authtoken]
|
|
||||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
||||||
delay_auth_decision = true
|
|
||||||
|
|
||||||
[filter:gzip]
|
|
||||||
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
|
||||||
|
|
||||||
[filter:osprofiler]
|
|
||||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
||||||
hmac_keys = {{ glance_profiler_hmac_key }} #DEPRECATED
|
|
||||||
enabled = yes #DEPRECATED
|
|
||||||
|
|
||||||
[filter:cors]
|
|
||||||
paste.filter_factory = oslo_middleware.cors:filter_factory
|
|
||||||
oslo_config_project = glance
|
|
||||||
oslo_config_program = glance-api
|
|
||||||
|
|
||||||
[filter:http_proxy_to_wsgi]
|
|
||||||
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
|
|
|
@ -88,7 +88,7 @@ filesystem_store_datadir = {{ glance_system_user_home }}/images/
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if 'swift' in glance_available_stores %}
|
{% if 'swift' in glance_available_stores %}
|
||||||
swift_store_config_file = /etc/glance/glance-swift-store.conf
|
swift_store_config_file = {{ glance_etc_dir }}/glance-swift-store.conf
|
||||||
default_swift_reference = swift1
|
default_swift_reference = swift1
|
||||||
swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
|
swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
|
||||||
swift_store_region = {{ glance_swift_store_region }}
|
swift_store_region = {{ glance_swift_store_region }}
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
# Use this pipeline for no auth - DEFAULT
|
|
||||||
[pipeline:glance-registry]
|
|
||||||
pipeline = healthcheck osprofiler unauthenticated-context registryapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth
|
|
||||||
[pipeline:glance-registry-keystone]
|
|
||||||
pipeline = healthcheck osprofiler authtoken context registryapp
|
|
||||||
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user.
|
|
||||||
[pipeline:glance-registry-trusted-auth]
|
|
||||||
pipeline = healthcheck osprofiler context registryapp
|
|
||||||
|
|
||||||
[app:registryapp]
|
|
||||||
paste.app_factory = glance.registry.api:API.factory
|
|
||||||
|
|
||||||
[filter:healthcheck]
|
|
||||||
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
|
||||||
backends = disable_by_file
|
|
||||||
disable_by_file_path = /etc/glance/healthcheck_disable
|
|
||||||
|
|
||||||
[filter:context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:unauthenticated-context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:authtoken]
|
|
||||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
||||||
|
|
||||||
[filter:osprofiler]
|
|
||||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
||||||
hmac_keys = {{ glance_profiler_hmac_key }} #DEPRECATED
|
|
||||||
enabled = yes #DEPRECATED
|
|
|
@ -1,63 +0,0 @@
|
||||||
{
|
|
||||||
"context_is_admin": "role:admin",
|
|
||||||
"default": "role:admin",
|
|
||||||
|
|
||||||
"add_image": "",
|
|
||||||
"delete_image": "",
|
|
||||||
"get_image": "",
|
|
||||||
"get_images": "",
|
|
||||||
"modify_image": "",
|
|
||||||
"publicize_image": "role:admin",
|
|
||||||
"communitize_image": "",
|
|
||||||
"copy_from": "",
|
|
||||||
|
|
||||||
"download_image": "",
|
|
||||||
"upload_image": "",
|
|
||||||
|
|
||||||
"delete_image_location": "",
|
|
||||||
"get_image_location": "",
|
|
||||||
"set_image_location": "",
|
|
||||||
|
|
||||||
"add_member": "",
|
|
||||||
"delete_member": "",
|
|
||||||
"get_member": "",
|
|
||||||
"get_members": "",
|
|
||||||
"modify_member": "",
|
|
||||||
|
|
||||||
"manage_image_cache": "role:admin",
|
|
||||||
|
|
||||||
"get_task": "",
|
|
||||||
"get_tasks": "",
|
|
||||||
"add_task": "",
|
|
||||||
"modify_task": "",
|
|
||||||
"tasks_api_access": "role:admin",
|
|
||||||
|
|
||||||
"deactivate": "",
|
|
||||||
"reactivate": "",
|
|
||||||
|
|
||||||
"get_metadef_namespace": "",
|
|
||||||
"get_metadef_namespaces":"",
|
|
||||||
"modify_metadef_namespace":"",
|
|
||||||
"add_metadef_namespace":"",
|
|
||||||
|
|
||||||
"get_metadef_object":"",
|
|
||||||
"get_metadef_objects":"",
|
|
||||||
"modify_metadef_object":"",
|
|
||||||
"add_metadef_object":"",
|
|
||||||
|
|
||||||
"list_metadef_resource_types":"",
|
|
||||||
"get_metadef_resource_type":"",
|
|
||||||
"add_metadef_resource_type_association":"",
|
|
||||||
|
|
||||||
"get_metadef_property":"",
|
|
||||||
"get_metadef_properties":"",
|
|
||||||
"modify_metadef_property":"",
|
|
||||||
"add_metadef_property":"",
|
|
||||||
|
|
||||||
"get_metadef_tag":"",
|
|
||||||
"get_metadef_tags":"",
|
|
||||||
"modify_metadef_tag":"",
|
|
||||||
"add_metadef_tag":"",
|
|
||||||
"add_metadef_tags":""
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
# Configuration for glance-rootwrap
|
|
||||||
# This file should be owned by (and only-writable by) the root user
|
|
||||||
|
|
||||||
[DEFAULT]
|
|
||||||
# List of directories to load filter definitions from (separated by ',').
|
|
||||||
# These directories MUST all be only writeable by root !
|
|
||||||
filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
|
|
||||||
|
|
||||||
# List of directories to search executables in, in case filters do not
|
|
||||||
# explicitely specify a full path (separated by ',')
|
|
||||||
# If not specified, defaults to system PATH environment variable.
|
|
||||||
# These directories MUST all be only writeable by root !
|
|
||||||
exec_dirs={{ glance_bin }},/sbin,/usr/sbin,/bin,/usr/bin
|
|
||||||
|
|
||||||
# Enable logging to syslog
|
|
||||||
# Default value is False
|
|
||||||
use_syslog=False
|
|
||||||
|
|
||||||
# Which syslog facility to use.
|
|
||||||
# Valid values include auth, authpriv, syslog, local0, local1...
|
|
||||||
# Default value is 'syslog'
|
|
||||||
syslog_log_facility=syslog
|
|
||||||
|
|
||||||
# Which messages to log.
|
|
||||||
# INFO means log all usage
|
|
||||||
# ERROR means only log unsuccessful attempts
|
|
||||||
syslog_log_level=ERROR
|
|
|
@ -1,28 +1,28 @@
|
||||||
{
|
{
|
||||||
"kernel_id": {
|
"kernel_id": {
|
||||||
"type": ["null", "string"],
|
"type": ["null", "string"],
|
||||||
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
|
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
|
||||||
"description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
|
"description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
|
||||||
},
|
},
|
||||||
"ramdisk_id": {
|
"ramdisk_id": {
|
||||||
"type": ["null", "string"],
|
"type": ["null", "string"],
|
||||||
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
|
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
|
||||||
"description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
|
"description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
|
||||||
},
|
},
|
||||||
"instance_uuid": {
|
"instance_uuid": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "ID of instance used to create this image."
|
"description": "Metadata which can be used to record which instance this image is associated with. (Informational only, does not create an instance snapshot.)"
|
||||||
},
|
},
|
||||||
"architecture": {
|
"architecture": {
|
||||||
"description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
|
"description": "Operating system architecture as specified in https://docs.openstack.org/python-glanceclient/latest/cli/property-keys.html",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"os_distro": {
|
"os_distro": {
|
||||||
"description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
|
"description": "Common name of operating system distribution as specified in https://docs.openstack.org/python-glanceclient/latest/cli/property-keys.html",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"os_version": {
|
"os_version": {
|
||||||
"description": "Operating system version as specified by the distributor",
|
"description": "Operating system version as specified by the distributor",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -21,4 +21,3 @@ glance_package_list: |-
|
||||||
{{ packages }}
|
{{ packages }}
|
||||||
|
|
||||||
_glance_bin: "/usr/bin"
|
_glance_bin: "/usr/bin"
|
||||||
_glance_etc: "/etc"
|
|
||||||
|
|
|
@ -39,3 +39,18 @@ glance_mount_points: |-
|
||||||
{% set _ = mps.append(mp.local_path) %}
|
{% set _ = mps.append(mp.local_path) %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ mps }}
|
{{ mps }}
|
||||||
|
|
||||||
|
glance_core_files:
|
||||||
|
- tmp_f: "/tmp/policy.json"
|
||||||
|
target_f: "{{ glance_etc_dir }}/policy.json"
|
||||||
|
config_overrides: "{{ glance_policy_overrides }}"
|
||||||
|
config_type: "json"
|
||||||
|
condition: true
|
||||||
|
- tmp_f: "/tmp/glance-registry-paste.ini"
|
||||||
|
target_f: "{{ glance_etc_dir }}/glance-registry-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
- tmp_f: "/tmp/glance-api-paste.ini"
|
||||||
|
target_f: "{{ glance_etc_dir }}/glance-api-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
|
|
@ -34,3 +34,20 @@ glance_oslomsg_amqp1_distro_packages:
|
||||||
- cyrus-sasl-md5
|
- cyrus-sasl-md5
|
||||||
|
|
||||||
glance_uwsgi_bin: '/usr/sbin'
|
glance_uwsgi_bin: '/usr/sbin'
|
||||||
|
|
||||||
|
glance_core_files:
|
||||||
|
- tmp_f: "/tmp/policy.json"
|
||||||
|
target_f: "{{ glance_etc_dir }}/policy.json"
|
||||||
|
config_overrides: "{{ glance_policy_overrides }}"
|
||||||
|
config_type: "json"
|
||||||
|
condition: true
|
||||||
|
- tmp_f: "/tmp/glance-registry-dist-paste.ini"
|
||||||
|
target_f: "{{ (glance_install_method == 'source') | ternary((glance_etc_dir ~ '/glance-registry-paste.ini'), '/usr/share/glance/glance-registry-dist-paste.ini') }}"
|
||||||
|
target_f_override: "{{ glance_etc_dir }}/glance-registry-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
- tmp_f: "/tmp/glance-api-dist-paste.ini"
|
||||||
|
target_f: "{{ (glance_install_method == 'source') | ternary((glance_etc_dir ~ '/glance-api-paste.ini'), '/usr/share/glance/glance-api-dist-paste.ini') }}"
|
||||||
|
target_f_override: "{{ glance_etc_dir }}/glance-api-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
|
|
@ -21,5 +21,4 @@ glance_package_list: |-
|
||||||
{{ packages }}
|
{{ packages }}
|
||||||
|
|
||||||
_glance_bin: "/openstack/venvs/glance-{{ glance_venv_tag }}/bin"
|
_glance_bin: "/openstack/venvs/glance-{{ glance_venv_tag }}/bin"
|
||||||
_glance_etc: "{{ _glance_bin | dirname + '/etc' }}"
|
|
||||||
glance_uwsgi_bin: "{{ _glance_bin }}"
|
glance_uwsgi_bin: "{{ _glance_bin }}"
|
||||||
|
|
Loading…
Reference in New Issue