From bc1d32916d290a908766f9ccaecd70bb2dcd0941 Mon Sep 17 00:00:00 2001 From: Francisco Redondo Marchena Date: Tue, 19 May 2015 13:23:29 +0000 Subject: OpenStack: Install default configuration for glance Change-Id: If4f38bddc997f841ff50394dff3d9cf450d0f8a8 --- openstack/manifest | 7 - .../share/openstack/glance/glance-api-paste.ini | 77 -------- .../usr/share/openstack/glance/glance-cache.conf | 200 --------------------- .../openstack/glance/glance-registry-paste.ini | 30 ---- .../share/openstack/glance/glance-scrubber.conf | 108 ----------- openstack/usr/share/openstack/glance/logging.conf | 54 ------ openstack/usr/share/openstack/glance/policy.json | 52 ------ .../usr/share/openstack/glance/schema-image.json | 28 --- strata/openstack-services.morph | 1 + strata/openstack-services/glance.morph | 29 +++ 10 files changed, 30 insertions(+), 556 deletions(-) delete mode 100644 openstack/usr/share/openstack/glance/glance-api-paste.ini delete mode 100644 openstack/usr/share/openstack/glance/glance-cache.conf delete mode 100644 openstack/usr/share/openstack/glance/glance-registry-paste.ini delete mode 100644 openstack/usr/share/openstack/glance/glance-scrubber.conf delete mode 100644 openstack/usr/share/openstack/glance/logging.conf delete mode 100644 openstack/usr/share/openstack/glance/policy.json delete mode 100644 openstack/usr/share/openstack/glance/schema-image.json create mode 100644 strata/openstack-services/glance.morph diff --git a/openstack/manifest b/openstack/manifest index be2fedbf..ed88169f 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -21,15 +21,8 @@ template 0100644 0 0 /etc/tempest/tempest.conf 0100644 0 0 /usr/share/openstack/extras/60-device-dhcp.network 0100644 0 0 /usr/share/openstack/glance.yml 0040755 0 0 /usr/share/openstack/glance -0100644 0 0 /usr/share/openstack/glance/logging.conf 0100644 0 0 /usr/share/openstack/glance/glance-api.conf 0100644 0 0 /usr/share/openstack/glance/glance-registry.conf -0100644 0 0 /usr/share/openstack/glance/glance-scrubber.conf -0100644 0 0 /usr/share/openstack/glance/glance-cache.conf -0100644 0 0 /usr/share/openstack/glance/schema-image.json -0100644 0 0 /usr/share/openstack/glance/policy.json -0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini -0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini 0100644 0 0 /usr/share/openstack/horizon.yml 0040755 0 0 /usr/share/openstack/ironic 0100644 0 0 /usr/share/openstack/ironic.yml diff --git a/openstack/usr/share/openstack/glance/glance-api-paste.ini b/openstack/usr/share/openstack/glance/glance-api-paste.ini deleted file mode 100644 index 86a4cdb1..00000000 --- a/openstack/usr/share/openstack/glance/glance-api-paste.ini +++ /dev/null @@ -1,77 +0,0 @@ -# Use this pipeline for no auth or image caching - DEFAULT -[pipeline:glance-api] -pipeline = versionnegotiation osprofiler unauthenticated-context rootapp - -# Use this pipeline for image caching and no auth -[pipeline:glance-api-caching] -pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp - -# Use this pipeline for caching w/ management interface but no auth -[pipeline:glance-api-cachemanagement] -pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp - -# Use this pipeline for keystone auth -[pipeline:glance-api-keystone] -pipeline = versionnegotiation osprofiler authtoken context rootapp - -# Use this pipeline for keystone auth with image caching -[pipeline:glance-api-keystone+caching] -pipeline = versionnegotiation osprofiler authtoken context cache rootapp - -# Use this pipeline for keystone auth with caching and cache management -[pipeline:glance-api-keystone+cachemanagement] -pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-api-trusted-auth] -pipeline = versionnegotiation osprofiler context rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user and uses cache management -[pipeline:glance-api-trusted-auth+cachemanagement] -pipeline = versionnegotiation osprofiler context cache cachemanage rootapp - -[composite:rootapp] -paste.composite_factory = glance.api:root_app_factory -/: apiversions -/v1: apiv1app -/v2: apiv2app - -[app:apiversions] -paste.app_factory = glance.api.versions:create_resource - -[app:apiv1app] -paste.app_factory = glance.api.v1.router:API.factory - -[app:apiv2app] -paste.app_factory = glance.api.v2.router:API.factory - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory - -[filter:cache] -paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory - -[filter:cachemanage] -paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true - -[filter:gzip] -paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/openstack/usr/share/openstack/glance/glance-cache.conf b/openstack/usr/share/openstack/glance/glance-cache.conf deleted file mode 100644 index 3f2d4603..00000000 --- a/openstack/usr/share/openstack/glance/glance-cache.conf +++ /dev/null @@ -1,200 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/image-cache.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Directory that the Image Cache writes data to -image_cache_dir = /var/lib/glance/image-cache/ - -# Number of seconds after which we should consider an incomplete image to be -# stalled and eligible for reaping -image_cache_stall_time = 86400 - -# Max cache size in bytes -image_cache_max_size = 10737418240 - -# Address to find the registry server -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# List of which store classes and store class locations are -# currently known to glance at startup. -# known_stores = glance.store.filesystem.Store, -# glance.store.http.Store, -# glance.store.rbd.Store, -# glance.store.s3.Store, -# glance.store.swift.Store, -# glance.store.sheepdog.Store, -# glance.store.cinder.Store, -# glance.store.vmware_datastore.Store, - -# ============ Filesystem Store Options ======================== - -# Directory that the Filesystem backend store -# writes image data to -filesystem_store_datadir = /var/lib/glance/images/ - -# ============ Swift Store Options ============================= - -# Version of the authentication service to use -# Valid versions are '2' for keystone and '1' for swauth and rackspace -swift_store_auth_version = 2 - -# Address where the Swift authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'https://' -# For swauth, use something like '127.0.0.1:8080/v1.0/' -swift_store_auth_address = 127.0.0.1:5000/v2.0/ - -# User to authenticate against the Swift authentication service -# If you use Swift authentication service, set it to 'account':'user' -# where 'account' is a Swift storage account and 'user' -# is a user in that account -swift_store_user = jdoe:jdoe - -# Auth key for the user authenticating against the -# Swift authentication service -swift_store_key = a86850deb2742ec3cb41518e26aa2d89 - -# Container within the account that the account should use -# for storing images in Swift -swift_store_container = glance - -# Do we create the container if it does not exist? -swift_store_create_container_on_put = False - -# What size, in MB, should Glance start chunking image files -# and do a large object manifest in Swift? By default, this is -# the maximum object size in Swift, which is 5GB -swift_store_large_object_size = 5120 - -# When doing a large object manifest, what size, in MB, should -# Glance write chunks to Swift? This amount of data is written -# to a temporary disk buffer during the process of chunking -# the image file, and the default is 200MB -swift_store_large_object_chunk_size = 200 - -# Whether to use ServiceNET to communicate with the Swift storage servers. -# (If you aren't RACKSPACE, leave this False!) -# -# To use ServiceNET for authentication, prefix hostname of -# `swift_store_auth_address` with 'snet-'. -# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ -swift_enable_snet = False - -# ============ S3 Store Options ============================= - -# Address where the S3 authentication service lives -# Valid schemes are 'http://' and 'https://' -# If no scheme specified, default to 'http://' -s3_store_host = 127.0.0.1:8080/v1.0/ - -# User to authenticate against the S3 authentication service -s3_store_access_key = <20-char AWS access key> - -# Auth key for the user authenticating against the -# S3 authentication service -s3_store_secret_key = <40-char AWS secret key> - -# Container within the account that the account should use -# for storing images in S3. Note that S3 has a flat namespace, -# so you need a unique bucket name for your glance images. An -# easy way to do this is append your AWS access key to "glance". -# S3 buckets in AWS *must* be lowercased, so remember to lowercase -# your AWS access key if you use it in your bucket name below! -s3_store_bucket = glance - -# Do we create the bucket if it does not exist? -s3_store_create_bucket_on_put = False - -# When sending images to S3, the data will first be written to a -# temporary buffer on disk. By default the platform's temporary directory -# will be used. If required, an alternative directory can be specified here. -# s3_store_object_buffer_dir = /path/to/dir - -# ============ Cinder Store Options =========================== - -# Info to match when looking for cinder in the service catalog -# Format is : separated values of the form: -# :: (string value) -#cinder_catalog_info = volume:cinder:publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v1/%(project_id)s (string value) -#cinder_endpoint_template = - -# Region name of this node (string value) -#os_region_name = - -# Location of ca certicates file to use for cinder client requests -# (string value) -#cinder_ca_certificates_file = - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = False - -# ============ VMware Datastore Store Options ===================== - -# ESX/ESXi or vCenter Server target system. -# The server value can be an IP address or a DNS name -# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com -#vmware_server_host = - -# Server username (string value) -#vmware_server_username = - -# Server password (string value) -#vmware_server_password = - -# Inventory path to a datacenter (string value) -# Value optional when vmware_server_ip is an ESX/ESXi host: if specified -# should be `ha-datacenter`. -#vmware_datacenter_path = - -# Datastore associated with the datacenter (string value) -#vmware_datastore_name = - -# The number of times we retry on failures -# e.g., socket error, etc (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks -# invoked on VMware ESX/VC server in seconds (integer value) -#vmware_task_poll_interval = 5 - -# Absolute path of the folder containing the images in the datastore -# (string value) -#vmware_store_image_dir = /openstack_glance - -# Allow to perform insecure SSL requests to the target system (boolean value) -#vmware_api_insecure = False - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/openstack/usr/share/openstack/glance/glance-registry-paste.ini b/openstack/usr/share/openstack/glance/glance-registry-paste.ini deleted file mode 100644 index df403f6e..00000000 --- a/openstack/usr/share/openstack/glance/glance-registry-paste.ini +++ /dev/null @@ -1,30 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glance-registry] -pipeline = osprofiler unauthenticated-context registryapp - -# Use this pipeline for keystone auth -[pipeline:glance-registry-keystone] -pipeline = osprofiler authtoken context registryapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-registry-trusted-auth] -pipeline = osprofiler context registryapp - -[app:registryapp] -paste.app_factory = glance.registry.api:API.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/openstack/usr/share/openstack/glance/glance-scrubber.conf b/openstack/usr/share/openstack/glance/glance-scrubber.conf deleted file mode 100644 index cdbfda71..00000000 --- a/openstack/usr/share/openstack/glance/glance-scrubber.conf +++ /dev/null @@ -1,108 +0,0 @@ -[DEFAULT] -# Show more verbose log output (sets INFO log level output) -#verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -#debug = False - -# Log to this file. Make sure you do not set the same log file for both the API -# and registry servers! -# -# If `log_file` is omitted and `use_syslog` is false, then log messages are -# sent to stdout as a fallback. -# log_file = /var/log/glance/scrubber.log - -# Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = True - -# Should we run our own loop or rely on cron/scheduler to run us -daemon = False - -# Loop time between checking for new items to schedule for delete -wakeup_time = 300 - -# Directory that the scrubber will use to remind itself of what to delete -# Make sure this is also set in glance-api.conf -scrubber_datadir = /var/lib/glance/scrubber - -# Only one server in your deployment should be designated the cleanup host -cleanup_scrubber = False - -# pending_delete items older than this time are candidates for cleanup -cleanup_scrubber_time = 86400 - -# Address to find the registry server for cleanups -registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Port the registry server is listening on -registry_port = 9191 - -# Auth settings if using Keystone -# auth_url = http://127.0.0.1:5000/v2.0/ -# admin_tenant_name = %SERVICE_TENANT_NAME% -# admin_user = %SERVICE_USER% -# admin_password = %SERVICE_PASSWORD% - -# Directory to use for lock files. Default to a temp directory -# (string value). This setting needs to be the same for both -# glance-scrubber and glance-api. -#lock_path= - -# API to use for accessing data. Default value points to sqlalchemy -# package, it is also possible to use: glance.db.registry.api -#data_api = glance.db.sqlalchemy.api - -# ================= Security Options ========================== - -# AES key for encrypting store 'location' metadata, including -# -- if used -- Swift or S3 credentials -# Should be set to a random string of length 16, 24 or 32 bytes -#metadata_encryption_key = <16, 24 or 32 char registry metadata key> - -# ================= Database Options ===============+========== - -[database] - -# The SQLAlchemy connection string used to connect to the -# database (string value) -#connection=sqlite:////glance/openstack/common/db/$sqlite_db - -# The SQLAlchemy connection string used to connect to the -# slave database (string value) -#slave_connection= - -# timeout before idle sql connections are reaped (integer -# value) -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool -# (integer value) -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool -# (integer value) -#max_pool_size= - -# maximum db connection retries during startup. (setting -1 -# implies an infinite retry count) (integer value) -#max_retries=10 - -# interval between retries of opening a sql connection -# (integer value) -#retry_interval=10 - -# If set, use this value for max_overflow with sqlalchemy -# (integer value) -#max_overflow= - -# Verbosity of SQL debugging information. 0=None, -# 100=Everything (integer value) -#connection_debug=0 - -# Add python stack traces to SQL as comment strings (boolean -# value) -#connection_trace=false - -# If set, use this value for pool_timeout with sqlalchemy -# (integer value) -#pool_timeout= diff --git a/openstack/usr/share/openstack/glance/logging.conf b/openstack/usr/share/openstack/glance/logging.conf deleted file mode 100644 index 7e7f31f0..00000000 --- a/openstack/usr/share/openstack/glance/logging.conf +++ /dev/null @@ -1,54 +0,0 @@ -[loggers] -keys=root,api,registry,combined - -[formatters] -keys=normal,normal_with_name,debug - -[handlers] -keys=production,file,devel - -[logger_root] -level=NOTSET -handlers=devel - -[logger_api] -level=DEBUG -handlers=devel -qualname=glance-api - -[logger_registry] -level=DEBUG -handlers=devel -qualname=glance-registry - -[logger_combined] -level=DEBUG -handlers=devel -qualname=glance-combined - -[handler_production] -class=handlers.SysLogHandler -level=ERROR -formatter=normal_with_name -args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) - -[handler_file] -class=FileHandler -level=DEBUG -formatter=normal_with_name -args=('glance.log', 'w') - -[handler_devel] -class=StreamHandler -level=NOTSET -formatter=debug -args=(sys.stdout,) - -[formatter_normal] -format=%(asctime)s %(levelname)s %(message)s - -[formatter_normal_with_name] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s - -[formatter_debug] -format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/openstack/usr/share/openstack/glance/policy.json b/openstack/usr/share/openstack/glance/policy.json deleted file mode 100644 index 325f00b2..00000000 --- a/openstack/usr/share/openstack/glance/policy.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "context_is_admin": "role:admin", - "default": "", - - "add_image": "", - "delete_image": "", - "get_image": "", - "get_images": "", - "modify_image": "", - "publicize_image": "role:admin", - "copy_from": "", - - "download_image": "", - "upload_image": "", - - "delete_image_location": "", - "get_image_location": "", - "set_image_location": "", - - "add_member": "", - "delete_member": "", - "get_member": "", - "get_members": "", - "modify_member": "", - - "manage_image_cache": "role:admin", - - "get_task": "", - "get_tasks": "", - "add_task": "", - "modify_task": "", - - "get_metadef_namespace": "", - "get_metadef_namespaces":"", - "modify_metadef_namespace":"", - "add_metadef_namespace":"", - - "get_metadef_object":"", - "get_metadef_objects":"", - "modify_metadef_object":"", - "add_metadef_object":"", - - "list_metadef_resource_types":"", - "get_metadef_resource_type":"", - "add_metadef_resource_type_association":"", - - "get_metadef_property":"", - "get_metadef_properties":"", - "modify_metadef_property":"", - "add_metadef_property":"" - -} diff --git a/openstack/usr/share/openstack/glance/schema-image.json b/openstack/usr/share/openstack/glance/schema-image.json deleted file mode 100644 index 5aafd6b3..00000000 --- a/openstack/usr/share/openstack/glance/schema-image.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "kernel_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." - }, - "ramdisk_id": { - "type": "string", - "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", - "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." - }, - "instance_uuid": { - "type": "string", - "description": "ID of instance used to create this image." - }, - "architecture": { - "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_distro": { - "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", - "type": "string" - }, - "os_version": { - "description": "Operating system version as specified by the distributor", - "type": "string" - } -} diff --git a/strata/openstack-services.morph b/strata/openstack-services.morph index a40a565d..51d633a3 100644 --- a/strata/openstack-services.morph +++ b/strata/openstack-services.morph @@ -399,6 +399,7 @@ chunks: ref: 2174bdcae6e46f5f68f5b8ea984a695db9f41bcf unpetrify-ref: v2.4.1 - name: glance + morph: strata/openstack-services/glance.morph repo: upstream:openstack/glance ref: 93b0d5fce3a41e4a3a549f98f78b6681cbc3ea95 unpetrify-ref: 2015.1.0 diff --git a/strata/openstack-services/glance.morph b/strata/openstack-services/glance.morph new file mode 100644 index 00000000..3f81a505 --- /dev/null +++ b/strata/openstack-services/glance.morph @@ -0,0 +1,29 @@ +name: glance +kind: chunk +build-system: python-distutils +post-install-commands: +# Install some default configuration files +- mkdir -p "$DESTDIR"/etc/glance +- install -m 644 etc/glance-api-paste.ini "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-registry-paste.ini "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-search-paste.ini "$DESTDIR"/etc/glance/ +- install -m 644 etc/policy.json "$DESTDIR"/etc/glance/ +- install -m 644 etc/schema-image.json "$DESTDIR"/etc/glance/ +- install -m 644 etc/search-policy.json "$DESTDIR"/etc/glance/ +# Install predefined namespaces for Glance Metadata Definitions +# Catalog (see more info in its README) +- cp -r etc/metadefs "$DESTDIR"/etc/glance/ +# Install conf files which are not modified by +- install -m 644 etc/glance-scrubber.conf "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-cache.conf "$DESTDIR"/etc/glance/ +- install -m 644 etc/glance-search.conf "$DESTDIR"/etc/glance/ +- | + install -m 644 etc/glance-swift.conf.sample \ + "$DESTDIR"/etc/glance/glance-swift.conf +- install -m 644 etc/glance-manage.conf "$DESTDIR"/etc/glance/ +- | + install -m 644 etc/property-protections-policies.conf.sample \ + "$DESTDIR"/etc/glance/property-protections-policies.conf +- | + install -m 644 etc/property-protections-roles.conf.sample \ + "$DESTDIR"/etc/glance/property-protections-roles.conf -- cgit v1.2.1