From bd22a5d61e60d55bc876ed66c400d58d1ee4a0bf Mon Sep 17 00:00:00 2001 From: "Jay S. Bryant" Date: Mon, 28 Aug 2017 14:58:13 -0500 Subject: [PATCH] [DOC BLD FIX] Fix remote-code-block warnings There were a number of configuration sample files (i.e. rootwrap.conf, policy.json and api-paste.ini) that were trying to be included with the remote-code-block directive which is no longer supported. I have copied over the latest sample files for Pike and made them .inc files. In the future these should be dynamically created, but at this point we just need to get something out there to fix the Sphinx build warnings. The work to make things dynamically generated requires more invasive changes like policy-in-code. I also discovered that the link from the landing page for the configuration page had a broken link to the sample cinder.conf file. I fix that problem in this patch as well. Change-Id: I2b587abbdeaee1cfe32b100c98d99131759c2171 --- .../block-storage/samples/api-paste.ini.inc | 75 ++++++++ .../block-storage/samples/api-paste.ini.rst | 4 +- .../block-storage/samples/policy.json.inc | 162 ++++++++++++++++++ .../block-storage/samples/policy.json.rst | 4 +- .../block-storage/samples/rootwrap.conf.inc | 28 +++ .../block-storage/samples/rootwrap.conf.rst | 4 +- doc/source/configuration/index.rst | 2 +- 7 files changed, 269 insertions(+), 10 deletions(-) create mode 100644 doc/source/configuration/block-storage/samples/api-paste.ini.inc create mode 100644 doc/source/configuration/block-storage/samples/policy.json.inc create mode 100644 doc/source/configuration/block-storage/samples/rootwrap.conf.inc diff --git a/doc/source/configuration/block-storage/samples/api-paste.ini.inc b/doc/source/configuration/block-storage/samples/api-paste.ini.inc new file mode 100644 index 00000000000..a761f53d079 --- /dev/null +++ b/doc/source/configuration/block-storage/samples/api-paste.ini.inc @@ -0,0 +1,75 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 +/v3: openstack_volume_api_v3 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[composite:openstack_volume_api_v3] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 +keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 +keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 + +[filter:request_id] +paste.filter_factory = oslo_middleware.request_id:RequestId.factory + +[filter:http_proxy_to_wsgi] +paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory + +[filter:cors] +paste.filter_factory = oslo_middleware.cors:filter_factory +oslo_config_project = cinder + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[app:apiv3] +paste.app_factory = cinder.api.v3.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/doc/source/configuration/block-storage/samples/api-paste.ini.rst b/doc/source/configuration/block-storage/samples/api-paste.ini.rst index 77d20479b05..9e3a87e3e49 100644 --- a/doc/source/configuration/block-storage/samples/api-paste.ini.rst +++ b/doc/source/configuration/block-storage/samples/api-paste.ini.rst @@ -5,6 +5,4 @@ api-paste.ini Use the ``api-paste.ini`` file to configure the Block Storage API service. -.. remote-code-block:: none - - https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/api-paste.ini?h=stable/ocata +.. literalinclude:: api-paste.ini.inc diff --git a/doc/source/configuration/block-storage/samples/policy.json.inc b/doc/source/configuration/block-storage/samples/policy.json.inc new file mode 100644 index 00000000000..c51f564af13 --- /dev/null +++ b/doc/source/configuration/block-storage/samples/policy.json.inc @@ -0,0 +1,162 @@ +{ + "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "admin_api": "is_admin:True or (role:admin and is_admin_project:True)", + + "volume:create": "", + "volume:create_from_image": "", + "volume:delete": "rule:admin_or_owner", + "volume:force_delete": "rule:admin_api", + "volume:get": "rule:admin_or_owner", + "volume:get_all": "rule:admin_or_owner", + "volume:get_volume_metadata": "rule:admin_or_owner", + "volume:create_volume_metadata": "rule:admin_or_owner", + "volume:delete_volume_metadata": "rule:admin_or_owner", + "volume:update_volume_metadata": "rule:admin_or_owner", + "volume:get_volume_admin_metadata": "rule:admin_api", + "volume:update_volume_admin_metadata": "rule:admin_api", + "volume:get_snapshot": "rule:admin_or_owner", + "volume:get_all_snapshots": "rule:admin_or_owner", + "volume:create_snapshot": "rule:admin_or_owner", + "volume:delete_snapshot": "rule:admin_or_owner", + "volume:update_snapshot": "rule:admin_or_owner", + "volume:get_snapshot_metadata": "rule:admin_or_owner", + "volume:delete_snapshot_metadata": "rule:admin_or_owner", + "volume:update_snapshot_metadata": "rule:admin_or_owner", + "volume:extend": "rule:admin_or_owner", + "volume:extend_attached_volume": "rule:admin_or_owner", + "volume:update_readonly_flag": "rule:admin_or_owner", + "volume:retype": "rule:admin_or_owner", + "volume:update": "rule:admin_or_owner", + "volume:revert_to_snapshot": "rule:admin_or_owner", + + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs:create": "rule:admin_api", + "volume_extension:types_extra_specs:delete": "rule:admin_api", + "volume_extension:types_extra_specs:index": "rule:admin_api", + "volume_extension:types_extra_specs:show": "rule:admin_api", + "volume_extension:types_extra_specs:update": "rule:admin_api", + "volume_extension:access_types_qos_specs_id": "rule:admin_api", + "volume_extension:access_types_extra_specs": "rule:admin_api", + "volume_extension:volume_type_access": "rule:admin_or_owner", + "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api", + "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api", + "volume_extension:volume_type_encryption": "rule:admin_api", + "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", + "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner", + "volume_extension:volume_image_metadata": "rule:admin_or_owner", + + "volume_extension:qos_specs_manage:create": "rule:admin_api", + "volume_extension:qos_specs_manage:get": "rule:admin_api", + "volume_extension:qos_specs_manage:get_all": "rule:admin_api", + "volume_extension:qos_specs_manage:update": "rule:admin_api", + "volume_extension:qos_specs_manage:delete": "rule:admin_api", + + "volume_extension:quotas:show": "", + "volume_extension:quotas:update": "rule:admin_api", + "volume_extension:quotas:delete": "rule:admin_api", + "volume_extension:quota_classes": "rule:admin_api", + "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api", + + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", + "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", + "volume_extension:backup_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", + + "volume_extension:volume_actions:upload_public": "rule:admin_api", + "volume_extension:volume_actions:upload_image": "rule:admin_or_owner", + + "volume_extension:volume_host_attribute": "rule:admin_api", + "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", + "volume_extension:volume_mig_status_attribute": "rule:admin_api", + "volume_extension:hosts": "rule:admin_api", + "volume_extension:services:index": "rule:admin_api", + "volume_extension:services:update" : "rule:admin_api", + + "volume_extension:volume_manage": "rule:admin_api", + "volume_extension:volume_unmanage": "rule:admin_api", + "volume_extension:list_manageable": "rule:admin_api", + + "volume_extension:capabilities": "rule:admin_api", + + "volume:create_transfer": "rule:admin_or_owner", + "volume:accept_transfer": "", + "volume:delete_transfer": "rule:admin_or_owner", + "volume:get_transfer": "rule:admin_or_owner", + "volume:get_all_transfers": "rule:admin_or_owner", + + "volume:failover_host": "rule:admin_api", + "volume:freeze_host": "rule:admin_api", + "volume:thaw_host": "rule:admin_api", + + "backup:create" : "", + "backup:delete": "rule:admin_or_owner", + "backup:get": "rule:admin_or_owner", + "backup:get_all": "rule:admin_or_owner", + "backup:restore": "rule:admin_or_owner", + "backup:backup-import": "rule:admin_api", + "backup:backup-export": "rule:admin_api", + "backup:update": "rule:admin_or_owner", + "backup:backup_project_attribute": "rule:admin_api", + + "volume:attachment_create": "", + "volume:attachment_update": "rule:admin_or_owner", + "volume:attachment_delete": "rule:admin_or_owner", + + "snapshot_extension:snapshot_actions:update_snapshot_status": "", + "snapshot_extension:snapshot_manage": "rule:admin_api", + "snapshot_extension:snapshot_unmanage": "rule:admin_api", + "snapshot_extension:list_manageable": "rule:admin_api", + + "consistencygroup:create" : "group:nobody", + "consistencygroup:delete": "group:nobody", + "consistencygroup:update": "group:nobody", + "consistencygroup:get": "group:nobody", + "consistencygroup:get_all": "group:nobody", + + "consistencygroup:create_cgsnapshot" : "group:nobody", + "consistencygroup:delete_cgsnapshot": "group:nobody", + "consistencygroup:get_cgsnapshot": "group:nobody", + "consistencygroup:get_all_cgsnapshots": "group:nobody", + + "group:group_types_manage": "rule:admin_api", + "group:group_types_specs": "rule:admin_api", + "group:access_group_types_specs": "rule:admin_api", + "group:group_type_access": "rule:admin_or_owner", + + "group:create" : "", + "group:delete": "rule:admin_or_owner", + "group:update": "rule:admin_or_owner", + "group:get": "rule:admin_or_owner", + "group:get_all": "rule:admin_or_owner", + + "group:create_group_snapshot": "", + "group:delete_group_snapshot": "rule:admin_or_owner", + "group:update_group_snapshot": "rule:admin_or_owner", + "group:get_group_snapshot": "rule:admin_or_owner", + "group:get_all_group_snapshots": "rule:admin_or_owner", + "group:reset_group_snapshot_status":"rule:admin_api", + "group:reset_status":"rule:admin_api", + + "group:enable_replication": "rule:admin_or_owner", + "group:disable_replication": "rule:admin_or_owner", + "group:failover_replication": "rule:admin_or_owner", + "group:list_replication_targets": "rule:admin_or_owner", + + "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api", + "message:delete": "rule:admin_or_owner", + "message:get": "rule:admin_or_owner", + "message:get_all": "rule:admin_or_owner", + + "clusters:get": "rule:admin_api", + "clusters:get_all": "rule:admin_api", + "clusters:update": "rule:admin_api", + + "workers:cleanup": "rule:admin_api" +} diff --git a/doc/source/configuration/block-storage/samples/policy.json.rst b/doc/source/configuration/block-storage/samples/policy.json.rst index bef8f0a8c98..6796d2928be 100644 --- a/doc/source/configuration/block-storage/samples/policy.json.rst +++ b/doc/source/configuration/block-storage/samples/policy.json.rst @@ -5,6 +5,4 @@ policy.json The ``policy.json`` file defines additional access controls that apply to the Block Storage service. -.. remote-code-block:: none - - https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/policy.json?h=stable/ocata +.. literalinclude:: policy.json.inc diff --git a/doc/source/configuration/block-storage/samples/rootwrap.conf.inc b/doc/source/configuration/block-storage/samples/rootwrap.conf.inc new file mode 100644 index 00000000000..7bd635c0bb8 --- /dev/null +++ b/doc/source/configuration/block-storage/samples/rootwrap.conf.inc @@ -0,0 +1,28 @@ +# Configuration for cinder-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/usr/lpp/mmfs/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, local0, local1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR + diff --git a/doc/source/configuration/block-storage/samples/rootwrap.conf.rst b/doc/source/configuration/block-storage/samples/rootwrap.conf.rst index e819693cedb..553dbc2dce0 100644 --- a/doc/source/configuration/block-storage/samples/rootwrap.conf.rst +++ b/doc/source/configuration/block-storage/samples/rootwrap.conf.rst @@ -6,6 +6,4 @@ The ``rootwrap.conf`` file defines configuration values used by the ``rootwrap`` script when the Block Storage service must escalate its privileges to those of the root user. -.. remote-code-block:: ini - - https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/rootwrap.conf?h=stable/ocata +.. literalinclude:: rootwrap.conf.inc diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst index e4fbacbcae3..fd1c828499b 100644 --- a/doc/source/configuration/index.rst +++ b/doc/source/configuration/index.rst @@ -22,7 +22,7 @@ Cinder Service Configuration The examples of common configurations for shared service and libraries, such as database connections and RPC messaging, can be seen in Cinder's sample configuration - file: `cinder.conf.sample <_static/cinder.conf.sample>`_. + file: `cinder.conf.sample <../_static/cinder.conf.sample>`_. The Block Storage service works with many different storage drivers that you can configure by using these instructions.