Refactor config files for essex

The config files for glance have changed quite a bit between the Diablo and Essex releases of OpenStack. This commit refactors the config files.
2012-03-29 16:44:59 -07:00
parent dd5fb3ea91
commit a5ac23272d
11 changed files with 496 additions and 132 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -43,8 +43,8 @@
 #  $swift_store_create_container_on_put - 'False'
 #
 class glance::api(
-  $log_verbose = false,
+  $log_verbose = 'False',
-  $log_debug = false,
+  $log_debug = 'False',
  $default_store = 'file',
  $bind_host = '0.0.0.0',
  $bind_port = '9292',
@@ -56,16 +56,49 @@ class glance::api(
  $swift_store_user = 'jdoe',
  $swift_store_key = 'a86850deb2742ec3cb41518e26aa2d89',
  $swift_store_container = 'glance',
-  $swift_store_create_container_on_put = 'False'
+  $swift_store_create_container_on_put = 'False',
  $auth_type = 'keystone',
  $service_protocol = 'http',
  $service_host = '127.0.0.1',
  $service_port = '5000',
  $auth_host = '127.0.0.1',
  $auth_port = '35357',
  $auth_protocol = 'http',
  $auth_uri = "http://127.0.0.1:5000/",
  $admin_token = '999888777666',
  # TODO - I should update this to use a glance specific keystone user
  $keystone_tenant = 'admin',
  $keystone_user = 'admin',
  $keystone_password = 'ChangeMe'
 ) inherits glance {
-  file { '/etc/glance/glance-api.conf':
+  # TODO I need to work with Chris to ensure that I understand
  # his auth requirements
  if($auth_type == 'keystone') {
    $context_type = 'context'
  } else {
    $context_type = 'auth-context'
  }
  File {
    ensure  => present,
    owner   => 'glance',
    group   => 'root',
    mode    => '0640',
    notify  => Service['glance-api'],
    require => Class['glance'],
  }
  file { '/etc/glance/glance-api.conf':
    content => template('glance/glance-api.conf.erb'),
-    require => Class['glance']
+  }
  file { '/etc/glance/glance-api-paste.ini':
    content => template('glance/glance-api-paste.ini.erb'),
  }
  file { '/etc/glance/glance-cache.conf':
    content => template('glance/glance-cache.conf.erb'),
  }
  service { 'glance-api':
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -0,0 +1,31 @@
 class glance::keystone::auth(
  $auth_name = 'glance',
  $password  = 'glance_password',
  $service   = 'image',
  $address   = '127.0.0.1',
  $port      = '9292'
 ) {
  Class['keystone::roles::admin'] -> Class['glance::keystone::auth']
  keystone_user { $auth_name:
    ensure   => present, 
    password => $password,
  }
  keystone_user_role { "${auth_name}@service":
    roles   => 'admin',
    require => Keystone_user[$auth_name]
  }
  keystone_service { $auth_name:
    type        => 'image',
    description => "Openstack Image Service",
  }
  keystone_endpoint { $auth_name:
    region       => 'RegionOne',
    public_url   => "http://${address}:${port}/v1",
    admin_url    => "http://${address}:${port}/v1",
    internal_url => "http://${address}:${port}/v1",
    require      => Keystone_service[$auth_name]
  } 
 }
--- a/manifests/registry.pp
+++ b/manifests/registry.pp
@@ -1,22 +1,48 @@
 class glance::registry(
-  $log_verbose = false,
+  $log_verbose = 'False',
-  $log_debug = false,
+  $log_debug = 'False',
  $bind_host = '0.0.0.0',
  $bind_port = '9191',
  $log_file = '/var/log/glance/registry.log',
  $sql_connection = 'sqlite:///var/lib/glance/glance.sqlite',
-  $sql_idle_timeout = '3600'
+  $sql_idle_timeout = '3600',
  $auth_type = 'keystone',
  $service_protocol = 'http',
  $service_host = '127.0.0.1',
  $service_port = '5000',
  $auth_host = '127.0.0.1',
  $auth_port = '35357',
  $auth_protocol = 'http',
  $auth_uri = 'http://127.0.0.1:5000/',
  $admin_token = '999888777666',
  $keystone_tenant = 'admin',
  $keystone_user = 'admin',
  $keystone_password = 'ChangeMe'
 ) inherits glance {
-  file { '/etc/glance/glance-registry.conf':
+  if($auth_type == 'keystone') {
    $context_type = 'context'
  } else {
    $context_type = 'auth-context'
  }
  File {
    ensure  => present,
    owner   => 'glance',
    group   => 'root',
    mode    => '0640',
-    content => template('glance/glance-registry.conf.erb'),
+    notify  => Service['glance-registry'],
    require => Class['glance']
  }
  file { '/etc/glance/glance-registry.conf':
    content => template('glance/glance-registry.conf.erb'),
  }
  file { '/etc/glance/glance-registry-paste.ini':
    content => template('glance/glance-registry-paste.ini.erb'),
  }
  service { 'glance-registry':
    name       => $::glance::params::registry_service_name,
    ensure     => running,
--- a/manifests/scrubber.pp
+++ b/manifests/scrubber.pp
@@ -0,0 +1,5 @@
 class glance::scrubber (
 ) {
  fail("glance::scrubber needs to be implemented")
 }
--- a/templates/glance-api-paste.ini.erb
+++ b/templates/glance-api-paste.ini.erb
@@ -0,0 +1,87 @@
 # Default minimal pipeline
 [pipeline:glance-api]
 pipeline = versionnegotiation context apiv1app
 # Use the following pipeline for keystone auth
 # i.e. in glance-api.conf:
 #   [paste_deploy]
 #   flavor = keystone
 #
 [pipeline:glance-api-keystone]
 pipeline = versionnegotiation authtoken <%= context_type %> apiv1app
 # Use the following pipeline to enable transparent caching of image files
 # i.e. in glance-api.conf:
 #   [paste_deploy]
 #   flavor = caching
 #
 [pipeline:glance-api-caching]
 pipeline = versionnegotiation context cache apiv1app
 # Use the following pipeline for keystone auth with caching
 # i.e. in glance-api.conf:
 #   [paste_deploy]
 #   flavor = keystone+caching
 #
 [pipeline:glance-api-keystone+caching]
 pipeline = versionnegotiation authtoken <%= context_type %> cache apiv1app
 # Use the following pipeline to enable the Image Cache Management API
 # i.e. in glance-api.conf:
 #   [paste_deploy]
 #   flavor = cachemanagement
 #
 [pipeline:glance-api-cachemanagement]
 pipeline = versionnegotiation context cache cachemanage apiv1app
 # Use the following pipeline for keystone auth with cache management
 # i.e. in glance-api.conf:
 #   [paste_deploy]
 #   flavor = keystone+cachemanagement
 #
 [pipeline:glance-api-keystone+cachemanagement]
 pipeline = versionnegotiation authtoken <%= context_type %> cache cachemanage apiv1app
 [app:apiv1app]
 paste.app_factory = glance.common.wsgi:app_factory
 glance.app_factory = glance.api.v1.router:API
 [filter:versionnegotiation]
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter
 [filter:cache]
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.api.middleware.cache:CacheFilter
 [filter:cachemanage]
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter
 [filter:context]
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.common.context:ContextMiddleware
 [filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
 service_protocol = <%= service_protocol %>
 service_host = <%= service_host %>
 service_port = <%= service_port %>
 auth_host = <%= auth_host %>
 auth_port = <%= auth_port %>
 auth_protocol = <%= auth_protocol %>
 auth_uri = <%= auth_uri %>
 <% if auth_type == 'keystone' -%>
 admin_tenant_name = <%= keystone_tenant %>
 admin_user = <%= keystone_user %>
 admin_password = <%= keystone_password %>
 <% else -%>
 admin_token = <%= admin_token %>
 <% end -%>
 <% if context_type == 'auth-context' -%>
 [filter:auth-context]
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = keystone.middleware.glance_auth_token:KeystoneContextMiddleware
 <% end -%>
--- a/templates/glance-api.conf-sample
+++ b/templates/glance-api.conf-sample
@@ -1,67 +0,0 @@
 [DEFAULT]
 # Show more verbose log output (sets INFO log level output)
 verbose = True
 # Show debugging output in logs (sets DEBUG log level output)
 debug = False
 # Which backend store should Glance use by default is not specified
 # in a request to add a new image to Glance? Default: 'file'
 # Available choices are 'file', 'swift', and 's3'
 default_store = file
 # Address to bind the API server
 bind_host = 0.0.0.0
 # Port the bind the API server to
 bind_port = 9292
 # Address to find the registry server
 registry_host = 0.0.0.0
 # Port the registry server is listening on
 registry_port = 9191
 # Log to this file. Make sure you do not set the same log
 # file for both the API and registry servers!
 log_file = /var/log/glance/api.log
 # ============ Filesystem Store Options ========================
 # Directory that the Filesystem backend store
 # writes image data to
 filesystem_store_datadir = /var/lib/glance/images/
 # ============ Swift Store Options =============================
 # Address where the Swift authentication service lives
 swift_store_auth_address = 127.0.0.1:8080/v1.0/
 # User to authenticate against the Swift authentication service
 swift_store_user = jdoe
 # Auth key for the user authenticating against the
 # Swift authentication service
 swift_store_key = a86850deb2742ec3cb41518e26aa2d89
 # Container within the account that the account should use
 # for storing images in Swift
 swift_store_container = glance
 # Do we create the container if it does not exist?
 swift_store_create_container_on_put = False
 [pipeline:glance-api]
 pipeline = versionnegotiation apiv1app
 [pipeline:versions]
 pipeline = versionsapp
 [app:versionsapp]
 paste.app_factory = glance.api.versions:app_factory
 [app:apiv1app]
 paste.app_factory = glance.api.v1:app_factory
 [filter:versionnegotiation]
 paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
--- a/templates/glance-api.conf.erb
+++ b/templates/glance-api.conf.erb
@@ -16,15 +16,113 @@ bind_host = <%= bind_host %>
 # Port the bind the API server to
 bind_port = <%= bind_port %>
 # Log to this file. Make sure you do not set the same log
 # file for both the API and registry servers!
 log_file = <%= log_file %>
 # Backlog requests when creating socket
 backlog = 4096
 # Number of Glance API worker processes to start.
 # On machines with more than one CPU increasing this value
 # may improve performance (especially if using SSL with
 # compression turned on). It is typically recommended to set
 # this value to the number of CPUs present on your machine.
 workers = 0
 # Role used to identify an authenticated user as administrator
 #admin_role = admin
 # ================= Syslog Options ============================
 # Send logs to syslog (/dev/log) instead of to file specified
 # by `log_file`
 use_syslog = False
 # Facility to use. If unset defaults to LOG_USER.
 # syslog_log_facility = LOG_LOCAL0
 # ================= SSL Options ===============================
 # Certificate file to use when starting API server securely
 # cert_file = /path/to/certfile
 # Private key file to use when starting API server securely
 # key_file = /path/to/keyfile
 # ================= Security Options ==========================
 # AES key for encrypting store 'location' metadata, including
 # -- if used -- Swift or S3 credentials
 # Should be set to a random string of length 16, 24 or 32 bytes
 # metadata_encryption_key = <16, 24 or 32 char registry metadata key>
 # ============ Registry Options ===============================
 # Address to find the registry server
 registry_host = <%= registry_host %>
 # Port the registry server is listening on
 registry_port = <%= registry_port %>
-# Log to this file. Make sure you do not set the same log
+# What protocol to use when connecting to the registry server?
-# file for both the API and registry servers!
+# Set to https for secure HTTP communication
-log_file = <%= log_file %>
+registry_client_protocol = http
 # The path to the key file to use in SSL connections to the
 # registry server, if any. Alternately, you may set the
 # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
 # registry_client_key_file = /path/to/key/file
 # The path to the cert file to use in SSL connections to the
 # registry server, if any. Alternately, you may set the
 # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
 # registry_client_cert_file = /path/to/cert/file
 # The path to the certifying authority cert file to use in SSL connections
 # to the registry server, if any. Alternately, you may set the
 # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
 # registry_client_ca_file = /path/to/ca/file
 # ============ Notification System Options =====================
 # Notifications can be sent when images are create, updated or deleted.
 # There are three methods of sending notifications, logging (via the
 # log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid
 # message queue), or noop (no notifications sent, the default)
 notifier_strategy = noop
 # TODO add event queue support
 # Configuration options if sending notifications via rabbitmq (these are
 # the defaults)
 #rabbit_host = localhost
 #rabbit_port = 5672
 #rabbit_use_ssl = false
 #rabbit_userid = guest
 #rabbit_password = guest
 #rabbit_virtual_host = /
 #rabbit_notification_exchange = glance
 #rabbit_notification_topic = glance_notifications
 # Configuration options if sending notifications via Qpid (these are
 # the defaults)
 #qpid_notification_exchange = glance
 #qpid_notification_topic = glance_notifications
 #qpid_host = localhost
 #qpid_port = 5672
 #qpid_username =
 #qpid_password =
 #qpid_sasl_mechanisms =
 #qpid_reconnect_timeout = 0
 #qpid_reconnect_limit = 0
 #qpid_reconnect_interval_min = 0
 #qpid_reconnect_interval_max = 0
 #qpid_reconnect_interval = 0
 #qpid_heartbeat = 5
 # Set to 'ssl' to enable SSL
 #qpid_protocol = tcp
 #qpid_tcp_nodelay = True
 # ============ Filesystem Store Options ========================
@@ -51,20 +149,92 @@ swift_store_container = <%= swift_store_container %>
 # Do we create the container if it does not exist?
 swift_store_create_container_on_put = <%= swift_store_create_container_on_put %>
 [pipeline:glance-api]
 pipeline = versionnegotiation context apiv1app
-[pipeline:versions]
+# What size, in MB, should Glance start chunking image files
-pipeline = versionsapp
+# and do a large object manifest in Swift? By default, this is
 # the maximum object size in Swift, which is 5GB
 swift_store_large_object_size = 5120
-[app:versionsapp]
+# When doing a large object manifest, what size, in MB, should
-paste.app_factory = glance.api.versions:app_factory
+# Glance write chunks to Swift? This amount of data is written
 # to a temporary disk buffer during the process of chunking
 # the image file, and the default is 200MB
 swift_store_large_object_chunk_size = 200
-[app:apiv1app]
+# Whether to use ServiceNET to communicate with the Swift storage servers.
-paste.app_factory = glance.api.v1:app_factory
+# (If you aren't RACKSPACE, leave this False!)
 #
 # To use ServiceNET for authentication, prefix hostname of
 # `swift_store_auth_address` with 'snet-'.
 # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
 swift_enable_snet = False
-[filter:versionnegotiation]
+# ============ S3 Store Options =============================
 paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
-[filter:context]
+# Address where the S3 authentication service lives
-paste.filter_factory = glance.common.context:filter_factory
+# Valid schemes are 'http://' and 'https://'
 # If no scheme specified,  default to 'http://'
 s3_store_host = 127.0.0.1:8080/v1.0/
 # User to authenticate against the S3 authentication service
 s3_store_access_key = <20-char AWS access key>
 # Auth key for the user authenticating against the
 # S3 authentication service
 s3_store_secret_key = <40-char AWS secret key>
 # Container within the account that the account should use
 # for storing images in S3. Note that S3 has a flat namespace,
 # so you need a unique bucket name for your glance images. An
 # easy way to do this is append your AWS access key to "glance".
 # S3 buckets in AWS *must* be lowercased, so remember to lowercase
 # your AWS access key if you use it in your bucket name below!
 s3_store_bucket = <lowercased 20-char aws access key>glance
 # Do we create the bucket if it does not exist?
 s3_store_create_bucket_on_put = False
 # When sending images to S3, the data will first be written to a
 # temporary buffer on disk. By default the platform's temporary directory
 # will be used. If required, an alternative directory can be specified here.
 # s3_store_object_buffer_dir = /path/to/dir
 # ============ RBD Store Options =============================
 # Ceph configuration file path
 # If using cephx authentication, this file should
 # include a reference to the right keyring
 # in a client.<USER> section
 rbd_store_ceph_conf = /etc/ceph/ceph.conf
 # RADOS user to authenticate as (only applicable if using cephx)
 rbd_store_user = glance
 # RADOS pool in which images are stored
 rbd_store_pool = images
 # Images will be chunked into objects of this size (in megabytes).
 # For best performance, this should be a power of two
 rbd_store_chunk_size = 8
 # ============ Delayed Delete Options =============================
 # Turn on/off delayed delete
 delayed_delete = False
 # Delayed delete time in seconds
 scrub_time = 43200
 # Directory that the scrubber will use to remind itself of what to delete
 # Make sure this is also set in glance-scrubber.conf
 scrubber_datadir = /var/lib/glance/scrubber
 # =============== Image Cache Options =============================
 # Base directory that the Image Cache uses
 image_cache_dir = /var/lib/glance/image-cache/
 <% if auth_type == 'keystone' -%>
 [paste_deploy]
 flavor = keystone
 <% end -%>
--- a/templates/glance-cache.conf.erb
+++ b/templates/glance-cache.conf.erb
@@ -0,0 +1,45 @@
 [DEFAULT]
 # Show more verbose log output (sets INFO log level output)
 verbose = <%= log_verbose %>
 # Show debugging output in logs (sets DEBUG log level output)
 debug = <%= log_debug %>
 log_file = /var/log/glance/image-cache.log
 # Send logs to syslog (/dev/log) instead of to file specified by `log_file`
 use_syslog = False
 # Directory that the Image Cache writes data to
 image_cache_dir = /var/lib/glance/image-cache/
 # Number of seconds after which we should consider an incomplete image to be
 # stalled and eligible for reaping
 image_cache_stall_time = 86400
 # image_cache_invalid_entry_grace_period - seconds
 #
 # If an exception is raised as we're writing to the cache, the cache-entry is
 # deemed invalid and moved to <image_cache_datadir>/invalid so that it can be
 # inspected for debugging purposes.
 #
 # This is number of seconds to leave these invalid images around before they
 # are elibible to be reaped.
 image_cache_invalid_entry_grace_period = 3600
 # Max cache size in bytes
 image_cache_max_size = 10737418240
 # Address to find the registry server
 registry_host = <%= registry_host %>
 # Port the registry server is listening on
 registry_port = <%= registry_port %>
 <% if auth_type == 'keystone' -%>
 # Auth settings if using Keystone
 auth_url = http://127.0.0.1:5000/v2.0/
 admin_tenant_name = <%= keystone_tenant %>
 admin_user = <%= keystone_user %>
 admin_password = <%= keystone_password %>
 <% end -%>
--- a/templates/glance-registry-paste.ini.erb
+++ b/templates/glance-registry-paste.ini.erb
@@ -0,0 +1,44 @@
 # Default minimal pipeline
 [pipeline:glance-registry]
 pipeline = context registryapp
 # Use the following pipeline for keystone auth
 # i.e. in glance-registry.conf:
 #   [paste_deploy]
 #   flavor = keystone
 [pipeline:glance-registry-keystone]
 pipeline = authtoken <%= context_type %> registryapp
 [app:registryapp]
 paste.app_factory = glance.common.wsgi:app_factory
 glance.app_factory = glance.registry.api.v1:API
 [filter:context]
 context_class = glance.registry.context.RequestContext
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = glance.common.context:ContextMiddleware
 [filter:authtoken]
 paste.filter_factory = keystone.middleware.auth_token:filter_factory
 service_protocol = <%= service_protocol %>
 service_host = <%= service_host %>
 service_port = <%= service_port %>
 auth_host = <%= auth_host %>
 auth_port = <%= auth_port %>
 auth_protocol = <%= auth_protocol %>
 auth_uri = <%= auth_uri %>
 <% if auth_type == 'keystone' -%>
 admin_tenant_name = <%= keystone_tenant %>
 admin_user = <%= keystone_user %>
 admin_password = <%= keystone_password %>
 <% else -%>
 admin_token = <%= admin_token %>
 <% end -%>
 <% if context_type == 'auth-context' -%>
 [filter:auth-context]
 context_class = glance.registry.context.RequestContext
 paste.filter_factory = glance.common.wsgi:filter_factory
 glance.filter_factory = keystone.middleware.glance_auth_token:KeystoneContextMiddleware
 <% end -%>
--- a/templates/glance-registry.conf-sample
+++ b/templates/glance-registry.conf-sample
@@ -1,33 +0,0 @@
 [DEFAULT]
 # Show more verbose log output (sets INFO log level output)
 verbose = True
 # Show debugging output in logs (sets DEBUG log level output)
 debug = False
 # Address to bind the registry server
 bind_host = 0.0.0.0
 # Port the bind the registry server to
 bind_port = 9191
 # Log to this file. Make sure you do not set the same log
 # file for both the API and registry servers!
 log_file = /var/log/glance/registry.log
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
 # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
 sql_connection = sqlite:///glance.sqlite
 # Period in seconds after which SQLAlchemy should reestablish its connection
 # to the database.
 #
 # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
 # idle connections. This can result in 'MySQL Gone Away' exceptions. If you
 # notice this, you can lower this value to ensure that SQLAlchemy reconnects
 # before MySQL can drop the connection.
 sql_idle_timeout = 3600
 [app:glance-registry]
 paste.app_factory = glance.registry.server:app_factory
--- a/templates/glance-registry.conf.erb
+++ b/templates/glance-registry.conf.erb
@@ -15,6 +15,9 @@ bind_port = <%= bind_port %>
 # file for both the API and registry servers!
 log_file = <%= log_file %>
 # Backlog requests when creating socket
 backlog = 4096
 # SQLAlchemy connection string for the reference implementation
 # registry server. Any valid SQLAlchemy connection string is fine.
 # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
@@ -29,12 +32,32 @@ sql_connection = <%= sql_connection %>
 # before MySQL can drop the connection.
 sql_idle_timeout = <%= sql_idle_timeout %>
-[pipeline:glance-registry]
+# Limit the api to return `param_limit_max` items in a call to a container. If
-pipeline = context registryapp
+# a larger `limit` query param is provided, it will be reduced to this value.
 api_limit_max = 1000
-[app:registryapp]
+# If a `limit` query param is not provided in an api request, it will
-paste.app_factory = glance.registry.server:app_factory
+# default to `limit_param_default`
 limit_param_default = 25
-[filter:context]
+# ================= Syslog Options ============================
-context_class = glance.registry.context.RequestContext
+
-paste.filter_factory = glance.common.context:filter_factory
+# Send logs to syslog (/dev/log) instead of to file specified
 # by `log_file`
 use_syslog = False
 # Facility to use. If unset defaults to LOG_USER.
 # syslog_log_facility = LOG_LOCAL1
 # ================= SSL Options ===============================
 # Certificate file to use when starting registry server securely
 # cert_file = /path/to/certfile
 # Private key file to use when starting registry server securely
 # key_file = /path/to/keyfile
 <% if auth_type == 'keystone' -%>
 [paste_deploy]
 flavor = keystone
 <% end -%>