b2624d4a26
Presently all services use the single root virtual host within RabbitMQ and while this is “OK” for small to mid sized deployments however it would be better to divide services into logical resource groups within RabbitMQ which will bring with it additional security. This change set provides OSAD better compartmentalization of consumer services that use RabbitMQ. UpgradeImpact DocImpact Change-Id: I6f9d07522faf133f3c1c84a5b9046a55d5789e52 Implements: blueprint compartmentalize-rabbitmq
121 lines
4.5 KiB
Django/Jinja
121 lines
4.5 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
|
|
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
|
|
|
|
[DEFAULT]
|
|
verbose = {{ verbose }}
|
|
debug = {{ debug }}
|
|
log_file = /var/log/glance/glance-api.log
|
|
fatal_deprecations = {{ glance_fatal_deprecations }}
|
|
use_syslog = False
|
|
bind_host = {{ glance_api_bind_address }}
|
|
bind_port = {{ glance_api_service_port }}
|
|
http_keepalive = {{ glance_http_keepalive }}
|
|
digest_algorithm = {{ glance_digest_algorithm }}
|
|
backlog = 4096
|
|
workers = {{ glance_api_workers | default(api_threads) }}
|
|
registry_host = {{ glance_registry_host }}
|
|
registry_port = {{ glance_registry_service_port }}
|
|
registry_client_protocol = {{ glance_service_registry_proto }}
|
|
cinder_catalog_info = volume:cinder:internalURL
|
|
|
|
enable_v1_api = {{ glance_enable_v1_api }}
|
|
enable_v1_registry = {{ glance_enable_v1_registry }}
|
|
enable_v2_api = {{ glance_enable_v2_api }}
|
|
enable_v2_registry = {{ glance_enable_v2_registry }}
|
|
|
|
{% if glance_ceilometer_enabled %}
|
|
notification_driver = {{ glance_ceilometer_notification_driver }}
|
|
{% else %}
|
|
notification_driver = {{ glance_notification_driver }}
|
|
{% endif %}
|
|
{% if glance_notification_driver == "messaging" or (glance_ceilometer_notification_driver == "messagingv2" and glance_ceilometer_enabled) %}
|
|
##### RPC MESSAGING OPTIONS #####
|
|
rpc_backend = {{ glance_rpc_backend }}
|
|
rabbit_hosts = {{ rabbitmq_servers }}
|
|
rabbit_port = {{ rabbitmq_port }}
|
|
rabbit_userid = {{ glance_rabbitmq_userid }}
|
|
rabbit_password = {{ glance_rabbitmq_password }}
|
|
rabbit_virtual_host = {{ glance_rabbitmq_vhost }}
|
|
rabbit_notification_exchange = glance
|
|
rabbit_notification_topic = notifications
|
|
rabbit_durable_queues = False
|
|
{% endif %}
|
|
|
|
|
|
delayed_delete = False
|
|
scrub_time = 43200
|
|
scrubber_datadir = {{ glance_system_user_home }}/scrubber/
|
|
image_cache_dir = {{ glance_system_user_home }}/cache/
|
|
|
|
# defaults to true if RBD is used as default store
|
|
show_image_direct_url = {{ glance_show_image_direct_url }}
|
|
|
|
[task]
|
|
task_executor = {{ glance_task_executor }}
|
|
|
|
[database]
|
|
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}/{{ glance_galera_database }}?charset=utf8
|
|
|
|
[keystone_authtoken]
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
|
auth_plugin = {{ glance_keystone_auth_plugin }}
|
|
signing_dir = {{ glance_system_user_home }}/cache/api
|
|
auth_url = {{ keystone_service_adminuri }}
|
|
auth_uri = {{ keystone_service_internaluri }}
|
|
project_domain_id = {{ glance_service_project_domain_id }}
|
|
user_domain_id = {{ glance_service_user_domain_id }}
|
|
project_name = {{ glance_service_project_name }}
|
|
username = {{ glance_service_user_name }}
|
|
password = {{ glance_service_password }}
|
|
|
|
memcached_servers = {{ memcached_servers }}
|
|
|
|
token_cache_time = 300
|
|
revocation_cache_time = 60
|
|
|
|
# if your memcached server is shared, use these settings to avoid cache poisoning
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_encryption_key }}
|
|
|
|
# if your keystone deployment uses PKI, and you value security over performance:
|
|
check_revocations_for_cached = False
|
|
|
|
[oslo_policy]
|
|
policy_file = {{ glance_policy_file }}
|
|
policy_default_rule = {{ glance_policy_default_rule }}
|
|
policy_dirs = {{ glance_policy_dirs }}
|
|
|
|
[paste_deploy]
|
|
flavor = {{ glance_flavor }}
|
|
|
|
[glance_store]
|
|
default_store = {{ glance_default_store }}
|
|
{% if glance_default_store == "file" %}
|
|
stores = glance.store.filesystem.Store,glance.store.http.Store,glance.store.cinder.Store
|
|
filesystem_store_datadir = {{ glance_system_user_home }}/images/
|
|
{% elif glance_default_store == "swift" %}
|
|
stores = glance.store.swift.Store,glance.store.http.Store,glance.store.cinder.Store
|
|
swift_store_auth_version = 2
|
|
swift_store_auth_address = {{ glance_swift_store_auth_address }}
|
|
swift_store_user = {{ glance_swift_store_user }}
|
|
swift_store_key = {{ glance_swift_store_key }}
|
|
swift_store_region = {{ glance_swift_store_region }}
|
|
swift_store_container = {{ glance_swift_store_container }}
|
|
swift_store_create_container_on_put = True
|
|
swift_store_large_object_size = {{ glance_swift_store_large_object_size }}
|
|
swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_size }}
|
|
swift_store_retry_get_count = 5
|
|
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}
|
|
{% elif glance_default_store == "rbd" %}
|
|
stores = glance.store.rbd.Store,glance.store.http.Store,glance.store.cinder.Store
|
|
rbd_store_pool = {{ glance_rbd_store_pool }}
|
|
rbd_store_user = {{ glance_rbd_store_user }}
|
|
rbd_store_ceph_conf = /etc/ceph/ceph.conf
|
|
rbd_store_chunk_size = {{ glance_rbd_store_chunk_size }}
|
|
{% endif %}
|
|
|
|
[profiler]
|
|
enabled = {{ glance_profiler_enabled }}
|