Merge "Update Glance service to Kilo"

2015-04-07 23:31:18 +00:00 · 2015-04-07 23:31:18 +00:00 · 65d4437215
commit 65d4437215
parent dd0bfff5d0 b657861a45
8 changed files with 65 additions and 13 deletions
--- a/etc/openstack_deploy/user_secrets.yml
+++ b/etc/openstack_deploy/user_secrets.yml
@ -42,6 +42,7 @@ cinder_profiler_hmac_key:
 ## Glance Options
 glance_container_mysql_password:
 glance_service_password:
+glance_profiler_hmac_key:
 ### Extra options when configuring swift as a glance back-end.
 glance_swift_store_auth_address: "https://some.auth.url.com"
 glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME"
--- a/playbooks/roles/os_glance/defaults/main.yml
+++ b/playbooks/roles/os_glance/defaults/main.yml
@ -19,6 +19,7 @@ is_metal: true
 ## Verbosity Options
 debug: False
 verbose: True
+glance_profiler_enabled: False
 glance_fatal_deprecations: False

 ## System info
@ -93,6 +94,14 @@ glance_image_cache_max_size: 10737418240
 # compute the number of api workers to use.
 # glance_registry_workers: 16

+glance_task_executor: taskflow
+glance_digest_algorithm: sha1
+glance_http_keepalive: True
+
+## Glance policy
+glance_policy_file: policy.json
+glance_policy_default_rule: default
+glance_policy_dirs: policy.d

 ## Define nfs information for glance. When the glance_nfs_client dictionary is
 ## defined it will enable nfs shares as mounted directories. The
--- a/playbooks/roles/os_glance/tasks/glance_post_install.yml
+++ b/playbooks/roles/os_glance/tasks/glance_post_install.yml
@ -39,8 +39,11 @@
    owner: "{{ glance_system_user_name }}"
    group: "{{ glance_system_group_name }}"
  with_items:
+    - { src: "glance-api-paste.ini.j2", dest: "/etc/glance/glance-api-paste.ini" }
+    - { src: "glance-registry-paste.ini.j2", dest: "/etc/glance/glance-registry-paste.ini" }
    - { src: "glance-api.conf.j2", dest: "/etc/glance/glance-api.conf" }
    - { src: "glance-cache.conf.j2", dest: "/etc/glance/glance-cache.conf" }
+    - { src: "glance-manage.conf.j2", dest: "/etc/glance/glance-manage.conf" }
    - { src: "glance-registry.conf.j2", dest: "/etc/glance/glance-registry.conf" }
    - { src: "glance-scrubber.conf.j2", dest: "/etc/glance/glance-scrubber.conf" }
  notify:
@ -56,8 +59,6 @@
    owner: "{{ glance_system_user_name }}"
    group: "{{ glance_system_group_name }}"
  with_items:
-    - { src: "glance-api-paste.ini", dest: "/etc/glance/glance-api-paste.ini" }
-    - { src: "glance-registry-paste.ini", dest: "/etc/glance/glance-registry-paste.ini" }
    - { src: "policy.json", dest: "/etc/glance/policy.json" }
    - { src: "schema.json", dest: "/etc/glance/schema.json" }
    - { src: "schema.json", dest: "/etc/glance/schema-image.json" }
--- a/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2
+++ b/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2
@ -1,38 +1,38 @@
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
-pipeline = versionnegotiation unauthenticated-context rootapp
+pipeline = versionnegotiation osprofiler unauthenticated-context rootapp

 # Use this pipeline for image caching and no auth
 [pipeline:glance-api-caching]
-pipeline = versionnegotiation unauthenticated-context cache rootapp
+pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp

 # Use this pipeline for caching w/ management interface but no auth
 [pipeline:glance-api-cachemanagement]
-pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
+pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp

 # Use this pipeline for keystone auth
 [pipeline:glance-api-keystone]
-pipeline = versionnegotiation authtoken context rootapp
+pipeline = versionnegotiation osprofiler authtoken context rootapp

 # Use this pipeline for keystone auth with image caching
 [pipeline:glance-api-keystone+caching]
-pipeline = versionnegotiation authtoken context cache rootapp
+pipeline = versionnegotiation osprofiler authtoken context cache rootapp

 # Use this pipeline for keystone auth with caching and cache management
 [pipeline:glance-api-keystone+cachemanagement]
-pipeline = versionnegotiation authtoken context cache cachemanage rootapp
+pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp

 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user.
 [pipeline:glance-api-trusted-auth]
-pipeline = versionnegotiation context rootapp
+pipeline = versionnegotiation osprofiler context rootapp

 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user and uses cache management
 [pipeline:glance-api-trusted-auth+cachemanagement]
-pipeline = versionnegotiation context cache cachemanage rootapp
+pipeline = versionnegotiation osprofiler context cache cachemanage rootapp

 [composite:rootapp]
 paste.composite_factory = glance.api:root_app_factory
@ -70,3 +70,8 @@ delay_auth_decision = true

 [filter:gzip]
 paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = {{ glance_profiler_hmac_key }}
+enabled = yes
--- a/playbooks/roles/os_glance/templates/glance-api.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-api.conf.j2
@ -11,6 +11,8 @@ fatal_deprecations = {{ glance_fatal_deprecations }}
 use_syslog = False
 bind_host = {{ glance_api_bind_address }}
 bind_port = {{ glance_api_service_port }}
+http_keepalive = {{ glance_http_keepalive }}
+digest_algorithm = {{ glance_digest_algorithm }}
 backlog = 4096
 workers = {{ glance_api_workers | default(api_threads) }}
 registry_host = {{ glance_registry_host }}
@ -43,6 +45,9 @@ scrub_time = 43200
 scrubber_datadir = {{ glance_system_user_home }}/scrubber/
 image_cache_dir = {{ glance_system_user_home }}/cache/

+[task]
+task_executor = {{ glance_task_executor }}
+
 [database]
 connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8

@ -66,6 +71,11 @@ memcache_secret_key = {{ memcached_encryption_key }}
 # if your keystone deployment uses PKI, and you value security over performance:
 check_revocations_for_cached = False

+[oslo_policy]
+policy_file = {{ glance_policy_file }}
+policy_default_rule = {{ glance_policy_default_rule }}
+policy_dirs = {{ glance_policy_dirs }}
+
 [paste_deploy]
 flavor = {{ glance_flavor }}

@ -88,3 +98,6 @@ swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_s
 swift_store_retry_get_count = 5
 swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
 {% endif %}
+
+[profiler]
+enabled = {{ glance_profiler_enabled }}
--- a/playbooks/roles/os_glance/templates/glance-manage.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-manage.conf.j2
@ -0,0 +1,9 @@
+[DEFAULT]
+verbose = {{ verbose }}
+debug = {{ debug }}
+log_file = /var/log/glance/glance-manage.log
+fatal_deprecations = {{ glance_fatal_deprecations }}
+use_syslog = False
+
+[database]
+connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8
--- a/playbooks/roles/os_glance/templates/glance-registry-paste.ini.j2
+++ b/playbooks/roles/os_glance/templates/glance-registry-paste.ini.j2
@ -1,16 +1,16 @@
 # Use this pipeline for no auth - DEFAULT
 [pipeline:glance-registry]
-pipeline = unauthenticated-context registryapp
+pipeline = osprofiler unauthenticated-context registryapp

 # Use this pipeline for keystone auth
 [pipeline:glance-registry-keystone]
-pipeline = authtoken context registryapp
+pipeline = osprofiler authtoken context registryapp

 # Use this pipeline for authZ only. This means that the registry will treat a
 # user as authenticated without making requests to keystone to reauthenticate
 # the user.
 [pipeline:glance-registry-trusted-auth]
-pipeline = context registryapp
+pipeline = osprofiler context registryapp

 [app:registryapp]
 paste.app_factory = glance.registry.api:API.factory
@ -23,3 +23,8 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl

 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = {{ glance_profiler_hmac_key }}
+enabled = yes
--- a/playbooks/roles/os_glance/templates/glance-registry.conf.j2
+++ b/playbooks/roles/os_glance/templates/glance-registry.conf.j2
@ -11,6 +11,7 @@ log_file = /var/log/glance/glance-registry.log
 use_syslog = False
 bind_host = {{ glance_registry_bind_address }}
 bind_port = {{ glance_registry_service_port }}
+http_keepalive = {{ glance_http_keepalive }}
 backlog = 4096
 workers = {{ glance_registry_workers | default(api_threads) }}
 api_limit_max = 1000
@ -39,5 +40,13 @@ memcache_secret_key = {{ memcached_encryption_key }}
 # if your keystone deployment uses PKI, and you value security over performance:
 check_revocations_for_cached = False

+[oslo_policy]
+policy_file = {{ glance_policy_file }}
+policy_default_rule = {{ glance_policy_default_rule }}
+policy_dirs = {{ glance_policy_dirs }}
+
 [paste_deploy]
 flavor = keystone
+
+[profiler]
+enabled = {{ glance_profiler_enabled }}