Merge "Update Glance service to Kilo"
This commit is contained in:
commit
65d4437215
@ -42,6 +42,7 @@ cinder_profiler_hmac_key:
|
||||
## Glance Options
|
||||
glance_container_mysql_password:
|
||||
glance_service_password:
|
||||
glance_profiler_hmac_key:
|
||||
### Extra options when configuring swift as a glance back-end.
|
||||
glance_swift_store_auth_address: "https://some.auth.url.com"
|
||||
glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME"
|
||||
|
@ -19,6 +19,7 @@ is_metal: true
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
verbose: True
|
||||
glance_profiler_enabled: False
|
||||
glance_fatal_deprecations: False
|
||||
|
||||
## System info
|
||||
@ -93,6 +94,14 @@ glance_image_cache_max_size: 10737418240
|
||||
# compute the number of api workers to use.
|
||||
# glance_registry_workers: 16
|
||||
|
||||
glance_task_executor: taskflow
|
||||
glance_digest_algorithm: sha1
|
||||
glance_http_keepalive: True
|
||||
|
||||
## Glance policy
|
||||
glance_policy_file: policy.json
|
||||
glance_policy_default_rule: default
|
||||
glance_policy_dirs: policy.d
|
||||
|
||||
## Define nfs information for glance. When the glance_nfs_client dictionary is
|
||||
## defined it will enable nfs shares as mounted directories. The
|
||||
|
@ -39,8 +39,11 @@
|
||||
owner: "{{ glance_system_user_name }}"
|
||||
group: "{{ glance_system_group_name }}"
|
||||
with_items:
|
||||
- { src: "glance-api-paste.ini.j2", dest: "/etc/glance/glance-api-paste.ini" }
|
||||
- { src: "glance-registry-paste.ini.j2", dest: "/etc/glance/glance-registry-paste.ini" }
|
||||
- { src: "glance-api.conf.j2", dest: "/etc/glance/glance-api.conf" }
|
||||
- { src: "glance-cache.conf.j2", dest: "/etc/glance/glance-cache.conf" }
|
||||
- { src: "glance-manage.conf.j2", dest: "/etc/glance/glance-manage.conf" }
|
||||
- { src: "glance-registry.conf.j2", dest: "/etc/glance/glance-registry.conf" }
|
||||
- { src: "glance-scrubber.conf.j2", dest: "/etc/glance/glance-scrubber.conf" }
|
||||
notify:
|
||||
@ -56,8 +59,6 @@
|
||||
owner: "{{ glance_system_user_name }}"
|
||||
group: "{{ glance_system_group_name }}"
|
||||
with_items:
|
||||
- { src: "glance-api-paste.ini", dest: "/etc/glance/glance-api-paste.ini" }
|
||||
- { src: "glance-registry-paste.ini", dest: "/etc/glance/glance-registry-paste.ini" }
|
||||
- { src: "policy.json", dest: "/etc/glance/policy.json" }
|
||||
- { src: "schema.json", dest: "/etc/glance/schema.json" }
|
||||
- { src: "schema.json", dest: "/etc/glance/schema-image.json" }
|
||||
|
@ -1,38 +1,38 @@
|
||||
# Use this pipeline for no auth or image caching - DEFAULT
|
||||
[pipeline:glance-api]
|
||||
pipeline = versionnegotiation unauthenticated-context rootapp
|
||||
pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
|
||||
|
||||
# Use this pipeline for image caching and no auth
|
||||
[pipeline:glance-api-caching]
|
||||
pipeline = versionnegotiation unauthenticated-context cache rootapp
|
||||
pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
|
||||
|
||||
# Use this pipeline for caching w/ management interface but no auth
|
||||
[pipeline:glance-api-cachemanagement]
|
||||
pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp
|
||||
pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-api-keystone]
|
||||
pipeline = versionnegotiation authtoken context rootapp
|
||||
pipeline = versionnegotiation osprofiler authtoken context rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with image caching
|
||||
[pipeline:glance-api-keystone+caching]
|
||||
pipeline = versionnegotiation authtoken context cache rootapp
|
||||
pipeline = versionnegotiation osprofiler authtoken context cache rootapp
|
||||
|
||||
# Use this pipeline for keystone auth with caching and cache management
|
||||
[pipeline:glance-api-keystone+cachemanagement]
|
||||
pipeline = versionnegotiation authtoken context cache cachemanage rootapp
|
||||
pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-api-trusted-auth]
|
||||
pipeline = versionnegotiation context rootapp
|
||||
pipeline = versionnegotiation osprofiler context rootapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user and uses cache management
|
||||
[pipeline:glance-api-trusted-auth+cachemanagement]
|
||||
pipeline = versionnegotiation context cache cachemanage rootapp
|
||||
pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
|
||||
|
||||
[composite:rootapp]
|
||||
paste.composite_factory = glance.api:root_app_factory
|
||||
@ -70,3 +70,8 @@ delay_auth_decision = true
|
||||
|
||||
[filter:gzip]
|
||||
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = {{ glance_profiler_hmac_key }}
|
||||
enabled = yes
|
@ -11,6 +11,8 @@ fatal_deprecations = {{ glance_fatal_deprecations }}
|
||||
use_syslog = False
|
||||
bind_host = {{ glance_api_bind_address }}
|
||||
bind_port = {{ glance_api_service_port }}
|
||||
http_keepalive = {{ glance_http_keepalive }}
|
||||
digest_algorithm = {{ glance_digest_algorithm }}
|
||||
backlog = 4096
|
||||
workers = {{ glance_api_workers | default(api_threads) }}
|
||||
registry_host = {{ glance_registry_host }}
|
||||
@ -43,6 +45,9 @@ scrub_time = 43200
|
||||
scrubber_datadir = {{ glance_system_user_home }}/scrubber/
|
||||
image_cache_dir = {{ glance_system_user_home }}/cache/
|
||||
|
||||
[task]
|
||||
task_executor = {{ glance_task_executor }}
|
||||
|
||||
[database]
|
||||
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8
|
||||
|
||||
@ -66,6 +71,11 @@ memcache_secret_key = {{ memcached_encryption_key }}
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached = False
|
||||
|
||||
[oslo_policy]
|
||||
policy_file = {{ glance_policy_file }}
|
||||
policy_default_rule = {{ glance_policy_default_rule }}
|
||||
policy_dirs = {{ glance_policy_dirs }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = {{ glance_flavor }}
|
||||
|
||||
@ -88,3 +98,6 @@ swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_s
|
||||
swift_store_retry_get_count = 5
|
||||
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
|
||||
{% endif %}
|
||||
|
||||
[profiler]
|
||||
enabled = {{ glance_profiler_enabled }}
|
||||
|
@ -0,0 +1,9 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
log_file = /var/log/glance/glance-manage.log
|
||||
fatal_deprecations = {{ glance_fatal_deprecations }}
|
||||
use_syslog = False
|
||||
|
||||
[database]
|
||||
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8
|
@ -1,16 +1,16 @@
|
||||
# Use this pipeline for no auth - DEFAULT
|
||||
[pipeline:glance-registry]
|
||||
pipeline = unauthenticated-context registryapp
|
||||
pipeline = osprofiler unauthenticated-context registryapp
|
||||
|
||||
# Use this pipeline for keystone auth
|
||||
[pipeline:glance-registry-keystone]
|
||||
pipeline = authtoken context registryapp
|
||||
pipeline = osprofiler authtoken context registryapp
|
||||
|
||||
# Use this pipeline for authZ only. This means that the registry will treat a
|
||||
# user as authenticated without making requests to keystone to reauthenticate
|
||||
# the user.
|
||||
[pipeline:glance-registry-trusted-auth]
|
||||
pipeline = context registryapp
|
||||
pipeline = osprofiler context registryapp
|
||||
|
||||
[app:registryapp]
|
||||
paste.app_factory = glance.registry.api:API.factory
|
||||
@ -23,3 +23,8 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
|
||||
[filter:osprofiler]
|
||||
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||
hmac_keys = {{ glance_profiler_hmac_key }}
|
||||
enabled = yes
|
@ -11,6 +11,7 @@ log_file = /var/log/glance/glance-registry.log
|
||||
use_syslog = False
|
||||
bind_host = {{ glance_registry_bind_address }}
|
||||
bind_port = {{ glance_registry_service_port }}
|
||||
http_keepalive = {{ glance_http_keepalive }}
|
||||
backlog = 4096
|
||||
workers = {{ glance_registry_workers | default(api_threads) }}
|
||||
api_limit_max = 1000
|
||||
@ -39,5 +40,13 @@ memcache_secret_key = {{ memcached_encryption_key }}
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached = False
|
||||
|
||||
[oslo_policy]
|
||||
policy_file = {{ glance_policy_file }}
|
||||
policy_default_rule = {{ glance_policy_default_rule }}
|
||||
policy_dirs = {{ glance_policy_dirs }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
[profiler]
|
||||
enabled = {{ glance_profiler_enabled }}
|
Loading…
x
Reference in New Issue
Block a user