Cleanup files and templates using smart sources
The files and templates we carry are almost always in a state of maintenance. The upstream services are maintaining these files and there's really no reason we need to carry duplicate copies of them. This change removes all of the files we expect to get from the upstream service. while the focus of this change is to remove configuration file maintenance burdens it also allows the role to execute faster. * Source installs have the configuration files within the venv at "<<VENV_PATH>>/etc/<<SERVICE_NAME>>". The role will now link the default configuration path to this directory. When the service is upgraded the link will move to the new venv path. * Distro installs package all of the required configuration files. To maintain our current capabilities to override configuration the role will fetch files from the disk whenever an override is provided and then push the fetched file back to the target using `config_template`. Change-Id: I3e7283bf778a9d686f3ae500b289c1fb43b42b92 Signed-off-by: cloudnull <kevin@cloudnull.com>
This commit is contained in:
parent
2edb1b1a4d
commit
9748e6b154
@ -55,7 +55,7 @@ glance_bin: "{{ _glance_bin }}"
|
|||||||
# This is used for role access to the db migrations.
|
# This is used for role access to the db migrations.
|
||||||
# Example:
|
# Example:
|
||||||
# glance_etc_dir: "/usr/local/etc/glance"
|
# glance_etc_dir: "/usr/local/etc/glance"
|
||||||
glance_etc_dir: "{{ _glance_etc }}/glance"
|
glance_etc_dir: "/etc/glance"
|
||||||
|
|
||||||
# venv_download, even when true, will use the fallback method of building the
|
# venv_download, even when true, will use the fallback method of building the
|
||||||
# venv from scratch if the venv download fails.
|
# venv from scratch if the venv download fails.
|
||||||
@ -313,6 +313,5 @@ glance_glance_registry_conf_overrides: {}
|
|||||||
glance_glance_scrubber_conf_overrides: {}
|
glance_glance_scrubber_conf_overrides: {}
|
||||||
glance_glance_scheme_json_overrides: {}
|
glance_glance_scheme_json_overrides: {}
|
||||||
glance_glance_swift_store_conf_overrides: {}
|
glance_glance_swift_store_conf_overrides: {}
|
||||||
glance_glance_rootwrap_conf_overrides: {}
|
|
||||||
glance_policy_overrides: {}
|
glance_policy_overrides: {}
|
||||||
glance_api_uwsgi_ini_overrides: {}
|
glance_api_uwsgi_ini_overrides: {}
|
||||||
|
@ -82,26 +82,6 @@
|
|||||||
- "Restart glance services"
|
- "Restart glance services"
|
||||||
- "venv changed"
|
- "venv changed"
|
||||||
|
|
||||||
# Note (odyssey4me):
|
|
||||||
# The policy.json file is currently read continually by the services
|
|
||||||
# and is not only read on service start. We therefore cannot template
|
|
||||||
# directly to the file read by the service because the new policies
|
|
||||||
# may not be valid until the service restarts. This is particularly
|
|
||||||
# important during a major upgrade. We therefore only put the policy
|
|
||||||
# file in place after the service has been stopped.
|
|
||||||
#
|
|
||||||
- name: Copy new policy file into place
|
|
||||||
copy:
|
|
||||||
src: "/etc/glance/policy.json-{{ glance_venv_tag }}"
|
|
||||||
dest: "/etc/glance/policy.json"
|
|
||||||
owner: "root"
|
|
||||||
group: "{{ glance_system_group_name }}"
|
|
||||||
mode: "0640"
|
|
||||||
remote_src: yes
|
|
||||||
listen:
|
|
||||||
- "Restart glance services"
|
|
||||||
- "venv changed"
|
|
||||||
|
|
||||||
- name: Start services
|
- name: Start services
|
||||||
service:
|
service:
|
||||||
name: "{{ item.service_name }}"
|
name: "{{ item.service_name }}"
|
||||||
|
@ -52,22 +52,58 @@
|
|||||||
mode: "0755"
|
mode: "0755"
|
||||||
with_items: "{{ glance_nfs_client }}"
|
with_items: "{{ glance_nfs_client }}"
|
||||||
|
|
||||||
|
# NOTE(cloudnull): During an upgrade the local directory may exist on a source
|
||||||
|
# install. If the directory does exist it will need to be
|
||||||
|
# removed. This is required on source installs because the
|
||||||
|
# config directory is a link.
|
||||||
|
- name: Source config block
|
||||||
|
block:
|
||||||
|
- name: Stat config directory
|
||||||
|
stat:
|
||||||
|
path: "{{ glance_etc_dir }}"
|
||||||
|
register: glance_conf_dir_stat
|
||||||
|
|
||||||
|
- name: Remove the config directory
|
||||||
|
file:
|
||||||
|
path: "{{ glance_etc_dir }}"
|
||||||
|
state: absent
|
||||||
|
when:
|
||||||
|
- glance_conf_dir_stat.stat.isdir is defined and
|
||||||
|
glance_conf_dir_stat.stat.isdir
|
||||||
|
when:
|
||||||
|
- glance_install_method == 'source'
|
||||||
|
|
||||||
- name: Create glance directories
|
- name: Create glance directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path | realpath }}"
|
path: "{{ item.path | default(omit) }}"
|
||||||
state: directory
|
src: "{{ item.src | default(omit) }}"
|
||||||
|
dest: "{{ item.dest | default(omit) }}"
|
||||||
|
state: "{{ item.state | default('directory') }}"
|
||||||
owner: "{{ item.owner|default(glance_system_user_name) }}"
|
owner: "{{ item.owner|default(glance_system_user_name) }}"
|
||||||
group: "{{ item.group|default(glance_system_group_name) }}"
|
group: "{{ item.group|default(glance_system_group_name) }}"
|
||||||
mode: "{{ item.mode | default(omit) }}"
|
mode: "{{ item.mode | default(omit) }}"
|
||||||
|
force: "{{ item.force | default(omit) }}"
|
||||||
when:
|
when:
|
||||||
- "item.path not in glance_mount_points"
|
- (item.condition | default(true)) | bool
|
||||||
|
- (item.dest | default(item.path)) not in glance_mount_points
|
||||||
with_items:
|
with_items:
|
||||||
- path: "/openstack"
|
- path: "/openstack"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
- path: "/etc/glance"
|
- path: "{{ (glance_install_method == 'distro') | ternary(glance_etc_dir, (glance_bin | dirname) + glance_etc_dir) }}"
|
||||||
mode: "0750"
|
mode: "0755"
|
||||||
|
# NOTE(cloudnull): The "src" path is relative. This ensures all files remain
|
||||||
|
# within the host/container confines when connecting to
|
||||||
|
# them using the connection plugin or the root filesystem.
|
||||||
|
- dest: "{{ glance_etc_dir }}"
|
||||||
|
src: "{{ glance_bin | dirname | regex_replace('^/', '../') }}/etc/glance"
|
||||||
|
state: link
|
||||||
|
force: true
|
||||||
|
condition: "{{ glance_install_method == 'source' }}"
|
||||||
|
- path: "{{ glance_etc_dir }}/rootwrap.d"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
- path: "/var/cache/glance"
|
- path: "/var/cache/glance"
|
||||||
- path: "{{ glance_system_user_home }}"
|
- path: "{{ glance_system_user_home }}"
|
||||||
- path: "{{ glance_system_user_home }}/cache"
|
- path: "{{ glance_system_user_home }}/cache"
|
||||||
|
@ -51,3 +51,9 @@
|
|||||||
- section: "glance"
|
- section: "glance"
|
||||||
option: "venv_tag"
|
option: "venv_tag"
|
||||||
value: "{{ glance_venv_tag }}"
|
value: "{{ glance_venv_tag }}"
|
||||||
|
|
||||||
|
- name: Link in the os-brick rootwrap filters
|
||||||
|
file:
|
||||||
|
src: "{{ glance_bin | dirname }}/etc/os-brick/rootwrap.d/os-brick.filters"
|
||||||
|
dest: "{{ glance_etc_dir }}/rootwrap.d/os-brick.filters"
|
||||||
|
state: link
|
||||||
|
@ -24,60 +24,88 @@
|
|||||||
config_type: "{{ item.config_type }}"
|
config_type: "{{ item.config_type }}"
|
||||||
when: item.condition | default(True)
|
when: item.condition | default(True)
|
||||||
with_items:
|
with_items:
|
||||||
- src: "glance-api-paste.ini.j2"
|
|
||||||
dest: "/etc/glance/glance-api-paste.ini"
|
|
||||||
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
- src: "glance-api.conf.j2"
|
- src: "glance-api.conf.j2"
|
||||||
dest: "/etc/glance/glance-api.conf"
|
dest: "{{ glance_etc_dir }}/glance-api.conf"
|
||||||
config_overrides: "{{ glance_glance_api_conf_overrides }}"
|
config_overrides: "{{ glance_glance_api_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-cache.conf.j2"
|
- src: "glance-cache.conf.j2"
|
||||||
dest: "/etc/glance/glance-cache.conf"
|
dest: "{{ glance_etc_dir }}/glance-cache.conf"
|
||||||
config_overrides: "{{ glance_glance_cache_conf_overrides }}"
|
config_overrides: "{{ glance_glance_cache_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-manage.conf.j2"
|
- src: "glance-manage.conf.j2"
|
||||||
dest: "/etc/glance/glance-manage.conf"
|
dest: "{{ glance_etc_dir }}/glance-manage.conf"
|
||||||
config_overrides: "{{ glance_glance_manage_conf_overrides }}"
|
config_overrides: "{{ glance_glance_manage_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-registry-paste.ini.j2"
|
|
||||||
dest: "/etc/glance/glance-registry-paste.ini"
|
|
||||||
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
|
|
||||||
- src: "glance-registry.conf.j2"
|
- src: "glance-registry.conf.j2"
|
||||||
dest: "/etc/glance/glance-registry.conf"
|
dest: "{{ glance_etc_dir }}/glance-registry.conf"
|
||||||
config_overrides: "{{ glance_glance_registry_conf_overrides }}"
|
config_overrides: "{{ glance_glance_registry_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
|
condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
|
||||||
- src: "glance-scrubber.conf.j2"
|
- src: "glance-scrubber.conf.j2"
|
||||||
dest: "/etc/glance/glance-scrubber.conf"
|
dest: "{{ glance_etc_dir }}/glance-scrubber.conf"
|
||||||
config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
|
config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "glance-swift-store.conf.j2"
|
- src: "glance-swift-store.conf.j2"
|
||||||
dest: "/etc/glance/glance-swift-store.conf"
|
dest: "{{ glance_etc_dir }}/glance-swift-store.conf"
|
||||||
config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
|
config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
- src: "policy.json.j2"
|
- src: "schema-image.json.j2"
|
||||||
dest: "/etc/glance/policy.json-{{ glance_venv_tag }}"
|
dest: "{{ glance_etc_dir }}/schema-image.json"
|
||||||
config_overrides: "{{ glance_policy_overrides }}"
|
|
||||||
config_type: "json"
|
|
||||||
- src: "schema.json.j2"
|
|
||||||
dest: "/etc/glance/schema.json"
|
|
||||||
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
||||||
config_type: "json"
|
config_type: "json"
|
||||||
- src: "schema.json.j2"
|
|
||||||
dest: "/etc/glance/schema-image.json"
|
|
||||||
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
|
||||||
config_type: "json"
|
|
||||||
- src: "rootwrap.conf.j2"
|
|
||||||
dest: "/etc/glance/rootwrap.conf"
|
|
||||||
config_overrides: "{{ glance_glance_rootwrap_conf_overrides }}"
|
|
||||||
config_type: "ini"
|
|
||||||
notify:
|
notify:
|
||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart glance services
|
- Restart glance services
|
||||||
|
|
||||||
|
# NOTE(cloudnull): This is using "cp" instead of copy with a remote_source
|
||||||
|
# because we only want to copy the original files once. and we
|
||||||
|
# don't want to need multiple tasks.
|
||||||
|
- name: Preserve original configuration file(s)
|
||||||
|
command: "cp {{ item.target_f }} {{ item.target_f }}.original"
|
||||||
|
args:
|
||||||
|
creates: "{{ item.target_f }}.original"
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
|
||||||
|
- name: Fetch override files
|
||||||
|
fetch:
|
||||||
|
src: "{{ item.target_f }}"
|
||||||
|
dest: "{{ item.tmp_f }}"
|
||||||
|
flat: yes
|
||||||
|
changed_when: false
|
||||||
|
run_once: true
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
|
||||||
|
- name: Copy common config
|
||||||
|
config_template:
|
||||||
|
src: "{{ item.tmp_f }}"
|
||||||
|
dest: "{{ item.target_f_override | default(item.target_f) }}"
|
||||||
|
owner: "{{ item.owner | default('root') }}"
|
||||||
|
group: "{{ item.group | default(glance_system_group_name) }}"
|
||||||
|
mode: "{{ item.mode | default('0640') }}"
|
||||||
|
config_overrides: "{{ item.config_overrides }}"
|
||||||
|
config_type: "{{ item.config_type }}"
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
notify:
|
||||||
|
- Restart glance services
|
||||||
|
|
||||||
|
- name: Cleanup fetched temp files
|
||||||
|
file:
|
||||||
|
path: "{{ item.tmp_f }}"
|
||||||
|
state: absent
|
||||||
|
changed_when: false
|
||||||
|
delegate_to: localhost
|
||||||
|
run_once: true
|
||||||
|
with_items: "{{ glance_core_files }}"
|
||||||
|
|
||||||
|
# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files.
|
||||||
|
- name: Set rootwrap.d permissions
|
||||||
|
file:
|
||||||
|
path: "{{ glance_etc_dir }}/rootwrap.d"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: "0640"
|
||||||
|
recurse: true
|
||||||
|
|
||||||
- name: Run the systemd mount role
|
- name: Run the systemd mount role
|
||||||
include_role:
|
include_role:
|
||||||
name: systemd_mount
|
name: systemd_mount
|
||||||
|
@ -1,86 +0,0 @@
|
|||||||
# Use this pipeline for no auth or image caching - DEFAULT
|
|
||||||
[pipeline:glance-api]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for image caching and no auth
|
|
||||||
[pipeline:glance-api-caching]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for caching w/ management interface but no auth
|
|
||||||
[pipeline:glance-api-cachemanagement]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth
|
|
||||||
[pipeline:glance-api-keystone]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth with image caching
|
|
||||||
[pipeline:glance-api-keystone+caching]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth with caching and cache management
|
|
||||||
[pipeline:glance-api-keystone+cachemanagement]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken context cache cachemanage rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user.
|
|
||||||
[pipeline:glance-api-trusted-auth]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
|
|
||||||
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user and uses cache management
|
|
||||||
[pipeline:glance-api-trusted-auth+cachemanagement]
|
|
||||||
pipeline = cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
|
|
||||||
|
|
||||||
[composite:rootapp]
|
|
||||||
paste.composite_factory = glance.api:root_app_factory
|
|
||||||
/: apiversions
|
|
||||||
/v2: apiv2app
|
|
||||||
|
|
||||||
[app:apiversions]
|
|
||||||
paste.app_factory = glance.api.versions:create_resource
|
|
||||||
|
|
||||||
[app:apiv2app]
|
|
||||||
paste.app_factory = glance.api.v2.router:API.factory
|
|
||||||
|
|
||||||
[filter:healthcheck]
|
|
||||||
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
|
||||||
backends = disable_by_file
|
|
||||||
disable_by_file_path = /etc/glance/healthcheck_disable
|
|
||||||
|
|
||||||
[filter:versionnegotiation]
|
|
||||||
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
|
|
||||||
|
|
||||||
[filter:cache]
|
|
||||||
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
|
|
||||||
|
|
||||||
[filter:cachemanage]
|
|
||||||
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
|
|
||||||
|
|
||||||
[filter:context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:unauthenticated-context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:authtoken]
|
|
||||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
||||||
delay_auth_decision = true
|
|
||||||
|
|
||||||
[filter:gzip]
|
|
||||||
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
|
||||||
|
|
||||||
[filter:osprofiler]
|
|
||||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
||||||
hmac_keys = {{ glance_profiler_hmac_key }} #DEPRECATED
|
|
||||||
enabled = yes #DEPRECATED
|
|
||||||
|
|
||||||
[filter:cors]
|
|
||||||
paste.filter_factory = oslo_middleware.cors:filter_factory
|
|
||||||
oslo_config_project = glance
|
|
||||||
oslo_config_program = glance-api
|
|
||||||
|
|
||||||
[filter:http_proxy_to_wsgi]
|
|
||||||
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
|
|
@ -88,7 +88,7 @@ filesystem_store_datadir = {{ glance_system_user_home }}/images/
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if 'swift' in glance_available_stores %}
|
{% if 'swift' in glance_available_stores %}
|
||||||
swift_store_config_file = /etc/glance/glance-swift-store.conf
|
swift_store_config_file = {{ glance_etc_dir }}/glance-swift-store.conf
|
||||||
default_swift_reference = swift1
|
default_swift_reference = swift1
|
||||||
swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
|
swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
|
||||||
swift_store_region = {{ glance_swift_store_region }}
|
swift_store_region = {{ glance_swift_store_region }}
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
# Use this pipeline for no auth - DEFAULT
|
|
||||||
[pipeline:glance-registry]
|
|
||||||
pipeline = healthcheck osprofiler unauthenticated-context registryapp
|
|
||||||
|
|
||||||
# Use this pipeline for keystone auth
|
|
||||||
[pipeline:glance-registry-keystone]
|
|
||||||
pipeline = healthcheck osprofiler authtoken context registryapp
|
|
||||||
|
|
||||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
|
||||||
# user as authenticated without making requests to keystone to reauthenticate
|
|
||||||
# the user.
|
|
||||||
[pipeline:glance-registry-trusted-auth]
|
|
||||||
pipeline = healthcheck osprofiler context registryapp
|
|
||||||
|
|
||||||
[app:registryapp]
|
|
||||||
paste.app_factory = glance.registry.api:API.factory
|
|
||||||
|
|
||||||
[filter:healthcheck]
|
|
||||||
paste.filter_factory = oslo_middleware:Healthcheck.factory
|
|
||||||
backends = disable_by_file
|
|
||||||
disable_by_file_path = /etc/glance/healthcheck_disable
|
|
||||||
|
|
||||||
[filter:context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:unauthenticated-context]
|
|
||||||
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
|
|
||||||
|
|
||||||
[filter:authtoken]
|
|
||||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
||||||
|
|
||||||
[filter:osprofiler]
|
|
||||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
|
||||||
hmac_keys = {{ glance_profiler_hmac_key }} #DEPRECATED
|
|
||||||
enabled = yes #DEPRECATED
|
|
@ -1,63 +0,0 @@
|
|||||||
{
|
|
||||||
"context_is_admin": "role:admin",
|
|
||||||
"default": "role:admin",
|
|
||||||
|
|
||||||
"add_image": "",
|
|
||||||
"delete_image": "",
|
|
||||||
"get_image": "",
|
|
||||||
"get_images": "",
|
|
||||||
"modify_image": "",
|
|
||||||
"publicize_image": "role:admin",
|
|
||||||
"communitize_image": "",
|
|
||||||
"copy_from": "",
|
|
||||||
|
|
||||||
"download_image": "",
|
|
||||||
"upload_image": "",
|
|
||||||
|
|
||||||
"delete_image_location": "",
|
|
||||||
"get_image_location": "",
|
|
||||||
"set_image_location": "",
|
|
||||||
|
|
||||||
"add_member": "",
|
|
||||||
"delete_member": "",
|
|
||||||
"get_member": "",
|
|
||||||
"get_members": "",
|
|
||||||
"modify_member": "",
|
|
||||||
|
|
||||||
"manage_image_cache": "role:admin",
|
|
||||||
|
|
||||||
"get_task": "",
|
|
||||||
"get_tasks": "",
|
|
||||||
"add_task": "",
|
|
||||||
"modify_task": "",
|
|
||||||
"tasks_api_access": "role:admin",
|
|
||||||
|
|
||||||
"deactivate": "",
|
|
||||||
"reactivate": "",
|
|
||||||
|
|
||||||
"get_metadef_namespace": "",
|
|
||||||
"get_metadef_namespaces":"",
|
|
||||||
"modify_metadef_namespace":"",
|
|
||||||
"add_metadef_namespace":"",
|
|
||||||
|
|
||||||
"get_metadef_object":"",
|
|
||||||
"get_metadef_objects":"",
|
|
||||||
"modify_metadef_object":"",
|
|
||||||
"add_metadef_object":"",
|
|
||||||
|
|
||||||
"list_metadef_resource_types":"",
|
|
||||||
"get_metadef_resource_type":"",
|
|
||||||
"add_metadef_resource_type_association":"",
|
|
||||||
|
|
||||||
"get_metadef_property":"",
|
|
||||||
"get_metadef_properties":"",
|
|
||||||
"modify_metadef_property":"",
|
|
||||||
"add_metadef_property":"",
|
|
||||||
|
|
||||||
"get_metadef_tag":"",
|
|
||||||
"get_metadef_tags":"",
|
|
||||||
"modify_metadef_tag":"",
|
|
||||||
"add_metadef_tag":"",
|
|
||||||
"add_metadef_tags":""
|
|
||||||
|
|
||||||
}
|
|
@ -1,27 +0,0 @@
|
|||||||
# Configuration for glance-rootwrap
|
|
||||||
# This file should be owned by (and only-writable by) the root user
|
|
||||||
|
|
||||||
[DEFAULT]
|
|
||||||
# List of directories to load filter definitions from (separated by ',').
|
|
||||||
# These directories MUST all be only writeable by root !
|
|
||||||
filters_path=/etc/glance/rootwrap.d,/usr/share/glance/rootwrap
|
|
||||||
|
|
||||||
# List of directories to search executables in, in case filters do not
|
|
||||||
# explicitely specify a full path (separated by ',')
|
|
||||||
# If not specified, defaults to system PATH environment variable.
|
|
||||||
# These directories MUST all be only writeable by root !
|
|
||||||
exec_dirs={{ glance_bin }},/sbin,/usr/sbin,/bin,/usr/bin
|
|
||||||
|
|
||||||
# Enable logging to syslog
|
|
||||||
# Default value is False
|
|
||||||
use_syslog=False
|
|
||||||
|
|
||||||
# Which syslog facility to use.
|
|
||||||
# Valid values include auth, authpriv, syslog, local0, local1...
|
|
||||||
# Default value is 'syslog'
|
|
||||||
syslog_log_facility=syslog
|
|
||||||
|
|
||||||
# Which messages to log.
|
|
||||||
# INFO means log all usage
|
|
||||||
# ERROR means only log unsuccessful attempts
|
|
||||||
syslog_log_level=ERROR
|
|
@ -11,14 +11,14 @@
|
|||||||
},
|
},
|
||||||
"instance_uuid": {
|
"instance_uuid": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "ID of instance used to create this image."
|
"description": "Metadata which can be used to record which instance this image is associated with. (Informational only, does not create an instance snapshot.)"
|
||||||
},
|
},
|
||||||
"architecture": {
|
"architecture": {
|
||||||
"description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
|
"description": "Operating system architecture as specified in https://docs.openstack.org/python-glanceclient/latest/cli/property-keys.html",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"os_distro": {
|
"os_distro": {
|
||||||
"description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
|
"description": "Common name of operating system distribution as specified in https://docs.openstack.org/python-glanceclient/latest/cli/property-keys.html",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"os_version": {
|
"os_version": {
|
@ -21,4 +21,3 @@ glance_package_list: |-
|
|||||||
{{ packages }}
|
{{ packages }}
|
||||||
|
|
||||||
_glance_bin: "/usr/bin"
|
_glance_bin: "/usr/bin"
|
||||||
_glance_etc: "/etc"
|
|
||||||
|
@ -39,3 +39,18 @@ glance_mount_points: |-
|
|||||||
{% set _ = mps.append(mp.local_path) %}
|
{% set _ = mps.append(mp.local_path) %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ mps }}
|
{{ mps }}
|
||||||
|
|
||||||
|
glance_core_files:
|
||||||
|
- tmp_f: "/tmp/policy.json"
|
||||||
|
target_f: "{{ glance_etc_dir }}/policy.json"
|
||||||
|
config_overrides: "{{ glance_policy_overrides }}"
|
||||||
|
config_type: "json"
|
||||||
|
condition: true
|
||||||
|
- tmp_f: "/tmp/glance-registry-paste.ini"
|
||||||
|
target_f: "{{ glance_etc_dir }}/glance-registry-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
- tmp_f: "/tmp/glance-api-paste.ini"
|
||||||
|
target_f: "{{ glance_etc_dir }}/glance-api-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
@ -34,3 +34,20 @@ glance_oslomsg_amqp1_distro_packages:
|
|||||||
- cyrus-sasl-md5
|
- cyrus-sasl-md5
|
||||||
|
|
||||||
glance_uwsgi_bin: '/usr/sbin'
|
glance_uwsgi_bin: '/usr/sbin'
|
||||||
|
|
||||||
|
glance_core_files:
|
||||||
|
- tmp_f: "/tmp/policy.json"
|
||||||
|
target_f: "{{ glance_etc_dir }}/policy.json"
|
||||||
|
config_overrides: "{{ glance_policy_overrides }}"
|
||||||
|
config_type: "json"
|
||||||
|
condition: true
|
||||||
|
- tmp_f: "/tmp/glance-registry-dist-paste.ini"
|
||||||
|
target_f: "{{ (glance_install_method == 'source') | ternary((glance_etc_dir ~ '/glance-registry-paste.ini'), '/usr/share/glance/glance-registry-dist-paste.ini') }}"
|
||||||
|
target_f_override: "{{ glance_etc_dir }}/glance-registry-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
- tmp_f: "/tmp/glance-api-dist-paste.ini"
|
||||||
|
target_f: "{{ (glance_install_method == 'source') | ternary((glance_etc_dir ~ '/glance-api-paste.ini'), '/usr/share/glance/glance-api-dist-paste.ini') }}"
|
||||||
|
target_f_override: "{{ glance_etc_dir }}/glance-api-paste.ini"
|
||||||
|
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
||||||
|
config_type: "ini"
|
||||||
|
@ -21,5 +21,4 @@ glance_package_list: |-
|
|||||||
{{ packages }}
|
{{ packages }}
|
||||||
|
|
||||||
_glance_bin: "/openstack/venvs/glance-{{ glance_venv_tag }}/bin"
|
_glance_bin: "/openstack/venvs/glance-{{ glance_venv_tag }}/bin"
|
||||||
_glance_etc: "{{ _glance_bin | dirname + '/etc' }}"
|
|
||||||
glance_uwsgi_bin: "{{ _glance_bin }}"
|
glance_uwsgi_bin: "{{ _glance_bin }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user