Merge "Update Glance service to Kilo"

This commit is contained in:
Jenkins 2015-04-07 23:31:18 +00:00 committed by Gerrit Code Review
commit 65d4437215
8 changed files with 65 additions and 13 deletions

View File

@ -42,6 +42,7 @@ cinder_profiler_hmac_key:
## Glance Options
glance_container_mysql_password:
glance_service_password:
glance_profiler_hmac_key:
### Extra options when configuring swift as a glance back-end.
glance_swift_store_auth_address: "https://some.auth.url.com"
glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME"

View File

@ -19,6 +19,7 @@ is_metal: true
## Verbosity Options
debug: False
verbose: True
glance_profiler_enabled: False
glance_fatal_deprecations: False
## System info
@ -93,6 +94,14 @@ glance_image_cache_max_size: 10737418240
# compute the number of api workers to use.
# glance_registry_workers: 16
glance_task_executor: taskflow
glance_digest_algorithm: sha1
glance_http_keepalive: True
## Glance policy
glance_policy_file: policy.json
glance_policy_default_rule: default
glance_policy_dirs: policy.d
## Define nfs information for glance. When the glance_nfs_client dictionary is
## defined it will enable nfs shares as mounted directories. The

View File

@ -39,8 +39,11 @@
owner: "{{ glance_system_user_name }}"
group: "{{ glance_system_group_name }}"
with_items:
- { src: "glance-api-paste.ini.j2", dest: "/etc/glance/glance-api-paste.ini" }
- { src: "glance-registry-paste.ini.j2", dest: "/etc/glance/glance-registry-paste.ini" }
- { src: "glance-api.conf.j2", dest: "/etc/glance/glance-api.conf" }
- { src: "glance-cache.conf.j2", dest: "/etc/glance/glance-cache.conf" }
- { src: "glance-manage.conf.j2", dest: "/etc/glance/glance-manage.conf" }
- { src: "glance-registry.conf.j2", dest: "/etc/glance/glance-registry.conf" }
- { src: "glance-scrubber.conf.j2", dest: "/etc/glance/glance-scrubber.conf" }
notify:
@ -56,8 +59,6 @@
owner: "{{ glance_system_user_name }}"
group: "{{ glance_system_group_name }}"
with_items:
- { src: "glance-api-paste.ini", dest: "/etc/glance/glance-api-paste.ini" }
- { src: "glance-registry-paste.ini", dest: "/etc/glance/glance-registry-paste.ini" }
- { src: "policy.json", dest: "/etc/glance/policy.json" }
- { src: "schema.json", dest: "/etc/glance/schema.json" }
- { src: "schema.json", dest: "/etc/glance/schema-image.json" }

View File

@ -1,38 +1,38 @@
# Use this pipeline for no auth or image caching - DEFAULT
[pipeline:glance-api]
pipeline = versionnegotiation unauthenticated-context rootapp
pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
# Use this pipeline for image caching and no auth
[pipeline:glance-api-caching]
pipeline = versionnegotiation unauthenticated-context cache rootapp
pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
# Use this pipeline for caching w/ management interface but no auth
[pipeline:glance-api-cachemanagement]
pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
# Use this pipeline for keystone auth
[pipeline:glance-api-keystone]
pipeline = versionnegotiation authtoken context rootapp
pipeline = versionnegotiation osprofiler authtoken context rootapp
# Use this pipeline for keystone auth with image caching
[pipeline:glance-api-keystone+caching]
pipeline = versionnegotiation authtoken context cache rootapp
pipeline = versionnegotiation osprofiler authtoken context cache rootapp
# Use this pipeline for keystone auth with caching and cache management
[pipeline:glance-api-keystone+cachemanagement]
pipeline = versionnegotiation authtoken context cache cachemanage rootapp
pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-api-trusted-auth]
pipeline = versionnegotiation context rootapp
pipeline = versionnegotiation osprofiler context rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user and uses cache management
[pipeline:glance-api-trusted-auth+cachemanagement]
pipeline = versionnegotiation context cache cachemanage rootapp
pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
[composite:rootapp]
paste.composite_factory = glance.api:root_app_factory
@ -70,3 +70,8 @@ delay_auth_decision = true
[filter:gzip]
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = {{ glance_profiler_hmac_key }}
enabled = yes

View File

@ -11,6 +11,8 @@ fatal_deprecations = {{ glance_fatal_deprecations }}
use_syslog = False
bind_host = {{ glance_api_bind_address }}
bind_port = {{ glance_api_service_port }}
http_keepalive = {{ glance_http_keepalive }}
digest_algorithm = {{ glance_digest_algorithm }}
backlog = 4096
workers = {{ glance_api_workers | default(api_threads) }}
registry_host = {{ glance_registry_host }}
@ -43,6 +45,9 @@ scrub_time = 43200
scrubber_datadir = {{ glance_system_user_home }}/scrubber/
image_cache_dir = {{ glance_system_user_home }}/cache/
[task]
task_executor = {{ glance_task_executor }}
[database]
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8
@ -66,6 +71,11 @@ memcache_secret_key = {{ memcached_encryption_key }}
# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False
[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}
[paste_deploy]
flavor = {{ glance_flavor }}
@ -88,3 +98,6 @@ swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_s
swift_store_retry_get_count = 5
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
{% endif %}
[profiler]
enabled = {{ glance_profiler_enabled }}

View File

@ -0,0 +1,9 @@
[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
log_file = /var/log/glance/glance-manage.log
fatal_deprecations = {{ glance_fatal_deprecations }}
use_syslog = False
[database]
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8

View File

@ -1,16 +1,16 @@
# Use this pipeline for no auth - DEFAULT
[pipeline:glance-registry]
pipeline = unauthenticated-context registryapp
pipeline = osprofiler unauthenticated-context registryapp
# Use this pipeline for keystone auth
[pipeline:glance-registry-keystone]
pipeline = authtoken context registryapp
pipeline = osprofiler authtoken context registryapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-registry-trusted-auth]
pipeline = context registryapp
pipeline = osprofiler context registryapp
[app:registryapp]
paste.app_factory = glance.registry.api:API.factory
@ -23,3 +23,8 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = {{ glance_profiler_hmac_key }}
enabled = yes

View File

@ -11,6 +11,7 @@ log_file = /var/log/glance/glance-registry.log
use_syslog = False
bind_host = {{ glance_registry_bind_address }}
bind_port = {{ glance_registry_service_port }}
http_keepalive = {{ glance_http_keepalive }}
backlog = 4096
workers = {{ glance_registry_workers | default(api_threads) }}
api_limit_max = 1000
@ -39,5 +40,13 @@ memcache_secret_key = {{ memcached_encryption_key }}
# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False
[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}
[paste_deploy]
flavor = keystone
[profiler]
enabled = {{ glance_profiler_enabled }}