openstack/openstack-ansible
Code Issues Proposed changes
Files
4341b79b3a0040a9da937f695dd865e421c8b0e3
openstack-ansible/playbooks/roles/os_glance/templates/glance-registry.conf.j2
Jesse Pretorius 4341b79b3a Enable all services to use Keystone 'insecurely' 
This patch introduces an insecure flag for the Keystone internal
 and admin endpoints:

* keystone_service_adminuri_insecure
* keystone_service_internaluri_insecure

Both values default to false. If you have setup SSL endpoints
for Keystone using an untrusted certificate then you should
set the appropriate flag to true in your user_variables.

This patch is used to enable testing and development with
Keystone SSL endpoints without having to make use of SSL
certificates signed by a trusted, public CA.

The patch introduces a new optional argument (insecure) to the
keystone, glance and neutron Ansible libraries. This is a
boolean value which, when true, enables these libraries to
access Keystone endpoints 'insecurely'. When these libraries
are used in plays, the appropriate value is set automatically
as per the above conditions.

Implements: blueprint keystone-federation
Change-Id: Ia07e7e201f901042dd06a86efe5c6f6725e9ce13
2015-07-10 14:06:25 +01:00

57 lines
1.9 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
fatal_deprecations = {{ glance_fatal_deprecations }}
log_file = /var/log/glance/glance-registry.log
use_syslog = False
bind_host = {{ glance_registry_bind_address }}
bind_port = {{ glance_registry_service_port }}
http_keepalive = {{ glance_http_keepalive }}
backlog = 4096
workers = {{ glance_registry_workers | default(api_threads) }}
api_limit_max = 1000
limit_param_default = 25
[database]
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}/{{ glance_galera_database }}?charset=utf8
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_plugin = {{ glance_keystone_auth_plugin }}
signing_dir = {{ glance_system_user_home }}/cache/registry/
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ glance_service_project_domain_id }}
user_domain_id = {{ glance_service_user_domain_id }}
project_name = {{ glance_service_project_name }}
username = {{ glance_service_user_name }}
password = {{ glance_service_password }}
memcached_servers = {{ memcached_servers }}
token_cache_time = 300
revocation_cache_time = 60
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False
[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}
[paste_deploy]
flavor = keystone
[profiler]
enabled = {{ glance_profiler_enabled }}
View Git Blame Copy Permalink