openstack/openstack-ansible
Code Issues Proposed changes
2d24912c1c
openstack-ansible/playbooks/roles/os_glance/templates/glance-api-paste.ini.j2
Steve Lewis b657861a45 Update Glance service to Kilo 
To support a future release target deploying OpenStack Kilo release this
change applies the changes required to provide an updated role for
new deploys of Glance configured to run with the Kilo release.

Highlights:
- added template for glance-manage.conf
- changed api and registry paste.ini files to be templated
- added osprofiler filter to piplines in api and registry paste files

New user secrets:
- glance_profiler_hmac_key added for osprofiler use

New Tunables:
- glance_profiler_enabled for osprofiler use, default 'False'
- glance_http_keepalive for api and registry services, default 'True'
- glance_digest_algorithm for digital signatures, default 'SHA1'
- glance_task_executor for task execution, default 'taskflow'
- glance_policy_dirs & glance_policy_file for alternate policy config
sources, default 'policy.d' and 'policy.json' respectively
- glance_policy_default_rule for policy enforcement, default 'default'

Change-Id: I611a0ce3145861233c81c81084b1648b2b4b4423
Partially implements: blueprint master-kilofication
2015-04-07 09:50:24 -05:00

78 lines
2.8 KiB
Django/Jinja
Raw Blame History

# Use this pipeline for no auth or image caching - DEFAULT
[pipeline:glance-api]
pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
# Use this pipeline for image caching and no auth
[pipeline:glance-api-caching]
pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
# Use this pipeline for caching w/ management interface but no auth
[pipeline:glance-api-cachemanagement]
pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
# Use this pipeline for keystone auth
[pipeline:glance-api-keystone]
pipeline = versionnegotiation osprofiler authtoken context rootapp
# Use this pipeline for keystone auth with image caching
[pipeline:glance-api-keystone+caching]
pipeline = versionnegotiation osprofiler authtoken context cache rootapp
# Use this pipeline for keystone auth with caching and cache management
[pipeline:glance-api-keystone+cachemanagement]
pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-api-trusted-auth]
pipeline = versionnegotiation osprofiler context rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user and uses cache management
[pipeline:glance-api-trusted-auth+cachemanagement]
pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
[composite:rootapp]
paste.composite_factory = glance.api:root_app_factory
/: apiversions
/v1: apiv1app
/v2: apiv2app
[app:apiversions]
paste.app_factory = glance.api.versions:create_resource
[app:apiv1app]
paste.app_factory = glance.api.v1.router:API.factory
[app:apiv2app]
paste.app_factory = glance.api.v2.router:API.factory
[filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
[filter:cache]
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
[filter:cachemanage]
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
[filter:context]
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
[filter:unauthenticated-context]
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
delay_auth_decision = true
[filter:gzip]
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = {{ glance_profiler_hmac_key }}
enabled = yes
View Git Blame Copy Permalink