8117a82245
The security guide suggests that all OpenStack service config files should be owned by root and in the service user group with 0640 permissions. Change-Id: I60f8aa7cfb61b15be847fb3d380b0926fb1009dd
104 lines
3.6 KiB
YAML
104 lines
3.6 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Drop Glance Config(s)
|
|
config_template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "root"
|
|
group: "{{ glance_system_group_name }}"
|
|
mode: "0640"
|
|
config_overrides: "{{ item.config_overrides }}"
|
|
config_type: "{{ item.config_type }}"
|
|
with_items:
|
|
- src: "glance-api-paste.ini.j2"
|
|
dest: "/etc/glance/glance-api-paste.ini"
|
|
config_overrides: "{{ glance_glance_api_paste_ini_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-api.conf.j2"
|
|
dest: "/etc/glance/glance-api.conf"
|
|
config_overrides: "{{ glance_glance_api_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-cache.conf.j2"
|
|
dest: "/etc/glance/glance-cache.conf"
|
|
config_overrides: "{{ glance_glance_cache_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-manage.conf.j2"
|
|
dest: "/etc/glance/glance-manage.conf"
|
|
config_overrides: "{{ glance_glance_manage_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-registry-paste.ini.j2"
|
|
dest: "/etc/glance/glance-registry-paste.ini"
|
|
config_overrides: "{{ glance_glance_registry_paste_ini_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-registry.conf.j2"
|
|
dest: "/etc/glance/glance-registry.conf"
|
|
config_overrides: "{{ glance_glance_registry_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-scrubber.conf.j2"
|
|
dest: "/etc/glance/glance-scrubber.conf"
|
|
config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "glance-swift-store.conf.j2"
|
|
dest: "/etc/glance/glance-swift-store.conf"
|
|
config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
|
|
config_type: "ini"
|
|
- src: "policy.json.j2"
|
|
dest: "/etc/glance/policy.json"
|
|
config_overrides: "{{ glance_policy_overrides }}"
|
|
config_type: "json"
|
|
- src: "schema.json.j2"
|
|
dest: "/etc/glance/schema.json"
|
|
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
|
config_type: "json"
|
|
- src: "schema.json.j2"
|
|
dest: "/etc/glance/schema-image.json"
|
|
config_overrides: "{{ glance_glance_scheme_json_overrides }}"
|
|
config_type: "json"
|
|
notify:
|
|
- Restart glance services
|
|
|
|
- name: Create nfs shares local path
|
|
file:
|
|
path: "{{ item.local_path }}"
|
|
state: directory
|
|
with_items: "{{ glance_nfs_client }}"
|
|
|
|
- name: Glance mount nfs
|
|
mount:
|
|
name: "{{ item.local_path }}"
|
|
src: "{{ item.server }}:{{ item.remote_path }}"
|
|
fstype: "{{ item.type }}"
|
|
opts: "{{ item.options }}"
|
|
state: "mounted"
|
|
with_items: "{{ glance_nfs_client }}"
|
|
|
|
- name: Create glance cache management cron jobs
|
|
cron:
|
|
name: "{{ item.name }}"
|
|
minute: "{{ 59 |random(start=1) }}"
|
|
day: "*"
|
|
hour: "{{ item.hour }}"
|
|
month: "*"
|
|
state: present
|
|
job: "{{ item.name }}"
|
|
user: glance
|
|
with_items:
|
|
- name: "{{ glance_bin }}/glance-cache-pruner"
|
|
hour: "*"
|
|
- name: "{{ glance_bin }}/glance-cache-cleaner"
|
|
hour: "*/5"
|
|
when: glance_flavor | search("cache")
|