diff options
| author | Pavlo Shchelokovskyy <shchelokovskyy@gmail.com> | 2017-06-06 14:15:42 +0000 |
|---|---|---|
| committer | Julia Kreger <juliaashleykreger@gmail.com> | 2017-11-17 11:40:14 -0500 |
| commit | 63e0ff2f6ce3a8275c262127e046fffbb1f1ff65 (patch) | |
| tree | 9d4de497784c9a0c4ed5595afcb02b0eb0f248bb /etc | |
| parent | 50c42e57db26a1de7e97740b5a9f7dc3e3474478 (diff) | |
| download | ironic-63e0ff2f6ce3a8275c262127e046fffbb1f1ff65.tar.gz | |
Rework keystone auth for glance
this patch changes the way glance client is instantiated, using
keystoneauth sessions and adapters.
In order to support glance API endpoint discovery from keystone catalog
and more unified way of client loading,
many options in `[glance]` config sections are deprecated,
mostly those that specified a (set of) glance API endpoint(s)
or parts of glance API address.
Instead, a single option `[glance]endpoint_override` must be used when
required to access a specific (possibly load-balanced)
glance API endpoint without discovering it from keystone catalog.
Another set of deprecated options are those that are duplicating
keystoneauth session options in [glance] section.
Also, intrinsic support for parsing the glance API URL from image ref
set to the full glance REST path to the image is removed as it was not
working any way since an 'http(s)://' image ref is not treated
as a glance image.
Change-Id: I6a93b71ac097e951dfc93fd1ee4d7ef483514f2c
Partial-Bug: #1699547
Closes-Bug: #1699542
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/ironic/ironic.conf.sample | 75 |
1 files changed, 63 insertions, 12 deletions
diff --git a/etc/ironic/ironic.conf.sample b/etc/ironic/ironic.conf.sample index 515d078d1..b8ccafbba 100644 --- a/etc/ironic/ironic.conf.sample +++ b/etc/ironic/ironic.conf.sample @@ -1503,9 +1503,14 @@ # Authentication URL (string value) #auth_url = <None> -# Authentication strategy to use when connecting to glance. -# (string value) +# DEPRECATED: Authentication strategy to use when connecting +# to glance. (string value) # Allowed values: keystone, noauth +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: To configure glance in noauth mode, set +# [glance]/auth_type=none and +# [glance]/endpoint_override=<GLANCE_API_ADDRESS> instead. #auth_strategy = keystone # Authentication type to load (string value) @@ -1535,15 +1540,24 @@ # Domain name to scope to (string value) #domain_name = <None> -# Allow to perform insecure SSL (https) requests to glance. -# (boolean value) +# Always use this endpoint URL for requests for this client. +# (string value) +#endpoint_override = <None> + +# DEPRECATED: Allow to perform insecure SSL (https) requests +# to glance. (boolean value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Use [glance]/insecure option instead. #glance_api_insecure = false -# A list of the glance api servers available to ironic. Prefix -# with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. If this option is not set, the service -# catalog is used. It is recommended to rely on the service -# catalog, if possible. (list value) +# DEPRECATED: A list of the glance api servers available to +# ironic. Prefix with https:// for SSL-based glance API +# servers. Format is [hostname|IP]:port. (list value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Use [glance]/endpoint_override option to set the +# full load-balanced glance API URL instead. #glance_api_servers = <None> # DEPRECATED: Glance API version (1 or 2) to use. (integer @@ -1556,9 +1570,13 @@ # in the Queens release. #glance_api_version = 2 -# Optional path to a CA certificate bundle to be used to -# validate the SSL certificate served by glance. It is used -# when glance_api_insecure is set to False. (string value) +# DEPRECATED: Optional path to a CA certificate bundle to be +# used to validate the SSL certificate served by glance. It is +# used when glance_api_insecure is set to False. (string +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Use [glance]/cafile option instead. #glance_cafile = <None> # Number of retries when downloading an image from glance. @@ -1571,6 +1589,18 @@ # PEM encoded client certificate key file (string value) #keyfile = <None> +# The maximum major version of a given API, intended to be +# used as the upper bound of a range with min_version. +# Mutually exclusive with version. (string value) +#max_version = <None> + +# The minimum major version of a given API, intended to be +# used as the lower bound of a range with max_version. +# Mutually exclusive with version. If min_version is given +# with no max_version it is as if max version is "latest". +# (string value) +#min_version = <None> + # User's password (string value) #password = <None> @@ -1588,6 +1618,18 @@ # Deprecated group/name - [glance]/tenant_name #project_name = <None> +# The default region_name for endpoint URL discovery. (string +# value) +#region_name = <None> + +# The default service_name for endpoint URL discovery. (string +# value) +#service_name = <None> + +# The default service_type for endpoint URL discovery. (string +# value) +#service_type = image + # The account that Glance uses to communicate with Swift. The # format is "AUTH_uuid". "uuid" is the UUID for the account # configured in the glance-api.conf. Required for temporary @@ -1685,6 +1727,15 @@ # Deprecated group/name - [glance]/user_name #username = <None> +# List of interfaces, in order of preference, for endpoint +# URL. (list value) +#valid_interfaces = internal,public + +# Minimum Major API version within a given Major API version +# for endpoint URL discovery. Mutually exclusive with +# min_version and max_version (string value) +#version = <None> + [ilo] |