b2624d4a26
Presently all services use the single root virtual host within RabbitMQ and while this is “OK” for small to mid sized deployments however it would be better to divide services into logical resource groups within RabbitMQ which will bring with it additional security. This change set provides OSAD better compartmentalization of consumer services that use RabbitMQ. UpgradeImpact DocImpact Change-Id: I6f9d07522faf133f3c1c84a5b9046a55d5789e52 Implements: blueprint compartmentalize-rabbitmq
151 lines
3.9 KiB
Django/Jinja
151 lines
3.9 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
|
|
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}
|
|
|
|
[DEFAULT]
|
|
bind_ip = 0.0.0.0
|
|
bind_port = {{ swift_proxy_port }}
|
|
workers = {{ swift_proxy_server_workers | default(api_threads) }}
|
|
|
|
user = {{ swift_system_user_name }}
|
|
log_facility = LOG_LOCAL1
|
|
|
|
[pipeline:main]
|
|
pipeline = {{ swift_middleware_list | join(' ') }}
|
|
|
|
[app:proxy-server]
|
|
use = egg:swift#proxy
|
|
log_facility = LOG_LOCAL1
|
|
node_timeout = 60
|
|
conn_timeout = 3.5
|
|
account_autocreate = true
|
|
{% if swift_proxy_vars is defined %}
|
|
{% if swift_proxy_vars.read_affinity is defined %}
|
|
read_affinity = {{ swift_proxy_vars.read_affinity }}
|
|
{% set swift_sorting_method = 'affinity' %}
|
|
{% endif %}
|
|
{% if swift_proxy_vars.write_affinity is defined %}
|
|
write_affinity = {{ swift_proxy_vars.write_affinity }}
|
|
{% if swift_proxy_vars.write_affinity_node_count is defined %}
|
|
write_affinity_node_count = {{ swift_proxy_vars.write_affinity_node_count }}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
sorting_method = {{ swift_sorting_method }}
|
|
|
|
{% if 'tempauth' in swift_middleware_list %}
|
|
[filter:tempauth]
|
|
use = egg:swift#tempauth
|
|
user_admin_admin = admin .admin .reseller_admin
|
|
user_test_tester = testing .admin
|
|
user_test2_tester2 = testing2 .admin
|
|
user_test_tester3 = testing3
|
|
{% endif %}
|
|
|
|
{% if 'authtoken' in swift_middleware_list %}
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
|
auth_plugin = {{ swift_keystone_auth_plugin }}
|
|
auth_url = {{ keystone_service_adminuri }}
|
|
auth_uri = {{ keystone_service_internaluri }}
|
|
project_domain_id = {{ swift_service_project_domain_id }}
|
|
user_domain_id = {{ swift_service_user_domain_id }}
|
|
project_name = {{ swift_service_project_name }}
|
|
username = {{ swift_service_user_name }}
|
|
password = {{ swift_service_password }}
|
|
delay_auth_decision = {{ swift_delay_auth_decision }}
|
|
{% endif %}
|
|
|
|
{% if 'keystoneauth' in swift_middleware_list %}
|
|
[filter:keystoneauth]
|
|
use = egg:swift#keystoneauth
|
|
{% if swift_allow_all_users is defined and swift_allow_all_users == True %}
|
|
{% if 'ceilometer' in swift_middleware_list %}
|
|
operator_roles = admin, swiftoperator, _member_, ResellerAdmin
|
|
{% else %}
|
|
operator_roles = admin, swiftoperator, _member_
|
|
{% endif %}
|
|
{% else %}
|
|
{% if 'ceilometer' in swift_middleware_list %}
|
|
operator_roles = admin, swiftoperator, ResellerAdmin
|
|
{% else %}
|
|
operator_roles = admin, swiftoperator
|
|
{% endif %}
|
|
{% endif %}
|
|
# The reseller admin role has the ability to create and delete accounts
|
|
reseller_admin_role = reseller_admin
|
|
{% endif %}
|
|
|
|
[filter:healthcheck]
|
|
use = egg:swift#healthcheck
|
|
|
|
[filter:cache]
|
|
use = egg:swift#memcache
|
|
memcache_servers = {{ memcached_servers }}
|
|
memcache_serialization_support = 2
|
|
|
|
[filter:ratelimit]
|
|
use = egg:swift#ratelimit
|
|
|
|
[filter:domain_remap]
|
|
use = egg:swift#domain_remap
|
|
|
|
[filter:catch_errors]
|
|
use = egg:swift#catch_errors
|
|
|
|
[filter:cname_lookup]
|
|
use = egg:swift#cname_lookup
|
|
|
|
[filter:staticweb]
|
|
use = egg:swift#staticweb
|
|
|
|
[filter:tempurl]
|
|
use = egg:swift#tempurl
|
|
|
|
[filter:formpost]
|
|
use = egg:swift#formpost
|
|
|
|
[filter:name_check]
|
|
use = egg:swift#name_check
|
|
|
|
[filter:list-endpoints]
|
|
use = egg:swift#list_endpoints
|
|
|
|
[filter:proxy-logging]
|
|
use = egg:swift#proxy_logging
|
|
|
|
[filter:bulk]
|
|
use = egg:swift#bulk
|
|
|
|
[filter:container-quotas]
|
|
use = egg:swift#container_quotas
|
|
|
|
[filter:slo]
|
|
use = egg:swift#slo
|
|
|
|
[filter:dlo]
|
|
use = egg:swift#dlo
|
|
|
|
[filter:account-quotas]
|
|
use = egg:swift#account_quotas
|
|
|
|
[filter:gatekeeper]
|
|
use = egg:swift#gatekeeper
|
|
|
|
[filter:container_sync]
|
|
use = egg:swift#container_sync
|
|
|
|
[filter:xprofile]
|
|
use = egg:swift#xprofile
|
|
|
|
{% if 'ceilometer' in swift_middleware_list %}
|
|
[filter:ceilometer]
|
|
paste.filter_factory = ceilometermiddleware.swift:filter_factory
|
|
control_exchange = swift
|
|
driver = messagingv2
|
|
url = rabbit://{{ ceilometer_rabbitmq_userid }}:{{ ceilometer_rabbitmq_password }}@{{ hostvars[groups['rabbitmq_all'][0]]['ansible_ssh_host'] }}:5672{{ ceilometer_rabbitmq_vhost }}
|
|
topic = notifications
|
|
log_level = WARN
|
|
{% endif %}
|