From 753ca7d9bf1f860202cd17747f7a20667ee9ff84 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Sun, 22 Mar 2015 09:09:53 -0500
Subject: [PATCH] Updated repository for minimum viable kilo install

* Updated Keystone wsgi and paste files from upstream.
* Updated all clients in the openstack_client.yml file.
* Kilo services are tracking the head of master.
* Removed pinned middleware because they're pinned else where.
* Added additional service references for neutron vpnaas, fwaas, and
  lbaas which have now been moved into their own repos and no longer
  exist within the core neutron repository.
* The neutron vpnaas, fwaas, and lbaas have been removed from the
  basic plugins being loaded and a comment has been added to describe
  how one might add them back in.
* Updated rootwrap filters for neutron dhcp and l3.
* Updated heat policy.json
* Added the `python-libguestfs` to the nova-compute installation
  packages.
* Updates all services to point to the latest kilo tag

Services updated due to deprecated configs:
* Keystone
* Glance
* Nova
* Neutron (is still using the deprecated nova auth plugin)
* Heat
* Tempest

Items for future work post initial release:
* roles/os_neutron/files/post-up-checksum-rules:25:
  TODO(cloudnull) remove this script once the bug is fixed.
* roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml:17:
  TODO(someone): implement a more robust way of checking

Implements: blueprint minimal-kilo

Closes-Bug: 1428421
Closes-Bug: 1428431
Closes-Bug: 1428437
Closes-Bug: 1428445
Closes-Bug: 1428451
Closes-Bug: 1428469
Closes-Bug: 1428639

Change-Id: I28a305d9e40a9cf70148ef7d7b00d467a65ca076
---
 defaults/main.yml             |  8 ++++++++
 files/policy.json             | 33 +++++++++++++++++++++++++++++++--
 tasks/glance_post_install.yml | 15 ++++++++-------
 tasks/glance_pre_install.yml  |  5 +++--
 templates/glance-api.conf.j2  | 11 +++++++----
 5 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 48c6276a..d8dd5d7b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -34,6 +34,14 @@ glance_notification_driver: noop
 glance_rpc_backend: glance.openstack.common.rpc.impl_kombu
 glance_default_store: file
 
+
+## API options
+glance_enable_v1_api: True
+glance_enable_v1_registry: True
+glance_enable_v2_api: True
+glance_enable_v2_registry: True
+
+
 ## Swift Options
 glance_swift_store_auth_address: NoAuthAddress
 glance_swift_store_user: NoUser
diff --git a/files/policy.json b/files/policy.json
index d8f0a78c..4bbc8b46 100644
--- a/files/policy.json
+++ b/files/policy.json
@@ -7,7 +7,7 @@
     "get_image": "",
     "get_images": "",
     "modify_image": "",
-    "publicize_image": "",
+    "publicize_image": "role:admin",
     "copy_from": "",
 
     "download_image": "",
@@ -28,5 +28,34 @@
     "get_task": "",
     "get_tasks": "",
     "add_task": "",
-    "modify_task": ""
+    "modify_task": "",
+
+    "deactivate": "",
+    "reactivate": "",
+
+    "get_metadef_namespace": "",
+    "get_metadef_namespaces":"",
+    "modify_metadef_namespace":"",
+    "add_metadef_namespace":"",
+
+    "get_metadef_object":"",
+    "get_metadef_objects":"",
+    "modify_metadef_object":"",
+    "add_metadef_object":"",
+
+    "list_metadef_resource_types":"",
+    "get_metadef_resource_type":"",
+    "add_metadef_resource_type_association":"",
+
+    "get_metadef_property":"",
+    "get_metadef_properties":"",
+    "modify_metadef_property":"",
+    "add_metadef_property":"",
+
+    "get_metadef_tag":"",
+    "get_metadef_tags":"",
+    "modify_metadef_tag":"",
+    "add_metadef_tag":"",
+    "add_metadef_tags":""
+
 }
diff --git a/tasks/glance_post_install.yml b/tasks/glance_post_install.yml
index 2873ee51..7ab9983e 100644
--- a/tasks/glance_post_install.yml
+++ b/tasks/glance_post_install.yml
@@ -49,17 +49,18 @@
   tags:
     - glance-config
 
-- name: Drop Glance Config(s)
+- name: Drop Glance static Config(s)
   copy:
-    src: "{{ item }}"
-    dest: "/etc/glance/{{ item }}"
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
     owner: "{{ glance_system_user_name }}"
     group: "{{ glance_system_group_name }}"
   with_items:
-    - glance-api-paste.ini
-    - glance-registry-paste.ini
-    - policy.json
-    - schema.json
+    - { src: "glance-api-paste.ini", dest: "/etc/glance/glance-api-paste.ini" }
+    - { src: "glance-registry-paste.ini", dest: "/etc/glance/glance-registry-paste.ini" }
+    - { src: "policy.json", dest: "/etc/glance/policy.json" }
+    - { src: "schema.json", dest: "/etc/glance/schema.json" }
+    - { src: "schema.json", dest: "/etc/glance/schema-image.json" }
   notify:
     - Restart glance api
     - Restart glance registry
diff --git a/tasks/glance_pre_install.yml b/tasks/glance_pre_install.yml
index 5bbab694..273b5a2d 100644
--- a/tasks/glance_pre_install.yml
+++ b/tasks/glance_pre_install.yml
@@ -39,12 +39,13 @@
     state: directory
     owner: "{{ item.owner|default(glance_system_user_name) }}"
     group: "{{ item.group|default(glance_system_group_name) }}"
+    mode: "{{ item.mode|default('0755') }}"
   with_items:
     - { path: "/etc/glance" }
-    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
+    - { path: "/etc/sudoers.d", mode: "0755", owner: "root", group: "root" }
     - { path: "/var/cache/glance" }
     - { path: "{{ glance_system_user_home }}" }
-    - { path: "{{ glance_system_user_home }}/cache/api" }
+    - { path: "{{ glance_system_user_home }}/cache/api", mode: "0700" }
     - { path: "{{ glance_system_user_home }}/cache/registry" }
     - { path: "{{ glance_system_user_home }}/images/" }
     - { path: "{{ glance_system_user_home }}/scrubber" }
diff --git a/templates/glance-api.conf.j2 b/templates/glance-api.conf.j2
index bc2a72b8..47d07bd1 100644
--- a/templates/glance-api.conf.j2
+++ b/templates/glance-api.conf.j2
@@ -18,6 +18,11 @@ registry_port = {{ glance_registry_service_port }}
 registry_client_protocol = {{ glance_service_proto }}
 cinder_catalog_info = volume:cinder:internalURL
 
+enable_v1_api = {{ glance_enable_v1_api }}
+enable_v1_registry = {{ glance_enable_v1_registry }}
+enable_v2_api = {{ glance_enable_v2_api }}
+enable_v2_registry = {{ glance_enable_v2_registry }}
+
 notification_driver = {{ glance_notification_driver }}
 {% if glance_notification_driver == "messaging" %}
 ##### RPC MESSAGING OPTIONS #####
@@ -66,13 +71,11 @@ flavor = {{ glance_flavor }}
 
 [glance_store]
 default_store = {{ glance_default_store }}
-stores = glance.store.filesystem.Store,
-         glance.store.http.Store,
-         glance.store.cinder.Store,
-         glance.store.swift.Store
 {% if glance_default_store == "file" %}
+stores = glance.store.filesystem.Store,glance.store.http.Store,glance.store.cinder.Store
 filesystem_store_datadir = {{ glance_system_user_home }}/images/
 {% elif glance_default_store == "swift" %}
+stores = glance.store.swift.Store,glance.store.http.Store,glance.store.cinder.Store
 swift_store_auth_version = 2
 swift_store_auth_address = {{ glance_swift_store_auth_address }}
 swift_store_user = {{ glance_swift_store_user }}