[DOC BLD FIX] Fix remote-code-block warnings
There were a number of configuration sample files (i.e. rootwrap.conf, policy.json and api-paste.ini) that were trying to be included with the remote-code-block directive which is no longer supported. I have copied over the latest sample files for Pike and made them .inc files. In the future these should be dynamically created, but at this point we just need to get something out there to fix the Sphinx build warnings. The work to make things dynamically generated requires more invasive changes like policy-in-code. I also discovered that the link from the landing page for the configuration page had a broken link to the sample cinder.conf file. I fix that problem in this patch as well. Change-Id: I2b587abbdeaee1cfe32b100c98d99131759c2171
This commit is contained in:
parent
8db6335bb5
commit
bd22a5d61e
@ -0,0 +1,75 @@
|
|||||||
|
#############
|
||||||
|
# OpenStack #
|
||||||
|
#############
|
||||||
|
|
||||||
|
[composite:osapi_volume]
|
||||||
|
use = call:cinder.api:root_app_factory
|
||||||
|
/: apiversions
|
||||||
|
/v1: openstack_volume_api_v1
|
||||||
|
/v2: openstack_volume_api_v2
|
||||||
|
/v3: openstack_volume_api_v3
|
||||||
|
|
||||||
|
[composite:openstack_volume_api_v1]
|
||||||
|
use = call:cinder.api.middleware.auth:pipeline_factory
|
||||||
|
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
|
||||||
|
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
|
||||||
|
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
|
||||||
|
|
||||||
|
[composite:openstack_volume_api_v2]
|
||||||
|
use = call:cinder.api.middleware.auth:pipeline_factory
|
||||||
|
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
|
||||||
|
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
|
||||||
|
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
|
||||||
|
|
||||||
|
[composite:openstack_volume_api_v3]
|
||||||
|
use = call:cinder.api.middleware.auth:pipeline_factory
|
||||||
|
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
|
||||||
|
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
|
||||||
|
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
|
||||||
|
|
||||||
|
[filter:request_id]
|
||||||
|
paste.filter_factory = oslo_middleware.request_id:RequestId.factory
|
||||||
|
|
||||||
|
[filter:http_proxy_to_wsgi]
|
||||||
|
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
|
||||||
|
|
||||||
|
[filter:cors]
|
||||||
|
paste.filter_factory = oslo_middleware.cors:filter_factory
|
||||||
|
oslo_config_project = cinder
|
||||||
|
|
||||||
|
[filter:faultwrap]
|
||||||
|
paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
|
||||||
|
|
||||||
|
[filter:osprofiler]
|
||||||
|
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
|
||||||
|
|
||||||
|
[filter:noauth]
|
||||||
|
paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
|
||||||
|
|
||||||
|
[filter:sizelimit]
|
||||||
|
paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
|
||||||
|
|
||||||
|
[app:apiv1]
|
||||||
|
paste.app_factory = cinder.api.v1.router:APIRouter.factory
|
||||||
|
|
||||||
|
[app:apiv2]
|
||||||
|
paste.app_factory = cinder.api.v2.router:APIRouter.factory
|
||||||
|
|
||||||
|
[app:apiv3]
|
||||||
|
paste.app_factory = cinder.api.v3.router:APIRouter.factory
|
||||||
|
|
||||||
|
[pipeline:apiversions]
|
||||||
|
pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp
|
||||||
|
|
||||||
|
[app:osvolumeversionapp]
|
||||||
|
paste.app_factory = cinder.api.versions:Versions.factory
|
||||||
|
|
||||||
|
##########
|
||||||
|
# Shared #
|
||||||
|
##########
|
||||||
|
|
||||||
|
[filter:keystonecontext]
|
||||||
|
paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory
|
||||||
|
|
||||||
|
[filter:authtoken]
|
||||||
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
@ -5,6 +5,4 @@ api-paste.ini
|
|||||||
Use the ``api-paste.ini`` file to configure the Block Storage API
|
Use the ``api-paste.ini`` file to configure the Block Storage API
|
||||||
service.
|
service.
|
||||||
|
|
||||||
.. remote-code-block:: none
|
.. literalinclude:: api-paste.ini.inc
|
||||||
|
|
||||||
https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/api-paste.ini?h=stable/ocata
|
|
||||||
|
162
doc/source/configuration/block-storage/samples/policy.json.inc
Normal file
162
doc/source/configuration/block-storage/samples/policy.json.inc
Normal file
@ -0,0 +1,162 @@
|
|||||||
|
{
|
||||||
|
"admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s",
|
||||||
|
"default": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
|
||||||
|
|
||||||
|
"volume:create": "",
|
||||||
|
"volume:create_from_image": "",
|
||||||
|
"volume:delete": "rule:admin_or_owner",
|
||||||
|
"volume:force_delete": "rule:admin_api",
|
||||||
|
"volume:get": "rule:admin_or_owner",
|
||||||
|
"volume:get_all": "rule:admin_or_owner",
|
||||||
|
"volume:get_volume_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:create_volume_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:delete_volume_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:update_volume_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:get_volume_admin_metadata": "rule:admin_api",
|
||||||
|
"volume:update_volume_admin_metadata": "rule:admin_api",
|
||||||
|
"volume:get_snapshot": "rule:admin_or_owner",
|
||||||
|
"volume:get_all_snapshots": "rule:admin_or_owner",
|
||||||
|
"volume:create_snapshot": "rule:admin_or_owner",
|
||||||
|
"volume:delete_snapshot": "rule:admin_or_owner",
|
||||||
|
"volume:update_snapshot": "rule:admin_or_owner",
|
||||||
|
"volume:get_snapshot_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:delete_snapshot_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:update_snapshot_metadata": "rule:admin_or_owner",
|
||||||
|
"volume:extend": "rule:admin_or_owner",
|
||||||
|
"volume:extend_attached_volume": "rule:admin_or_owner",
|
||||||
|
"volume:update_readonly_flag": "rule:admin_or_owner",
|
||||||
|
"volume:retype": "rule:admin_or_owner",
|
||||||
|
"volume:update": "rule:admin_or_owner",
|
||||||
|
"volume:revert_to_snapshot": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"volume_extension:types_manage": "rule:admin_api",
|
||||||
|
"volume_extension:types_extra_specs:create": "rule:admin_api",
|
||||||
|
"volume_extension:types_extra_specs:delete": "rule:admin_api",
|
||||||
|
"volume_extension:types_extra_specs:index": "rule:admin_api",
|
||||||
|
"volume_extension:types_extra_specs:show": "rule:admin_api",
|
||||||
|
"volume_extension:types_extra_specs:update": "rule:admin_api",
|
||||||
|
"volume_extension:access_types_qos_specs_id": "rule:admin_api",
|
||||||
|
"volume_extension:access_types_extra_specs": "rule:admin_api",
|
||||||
|
"volume_extension:volume_type_access": "rule:admin_or_owner",
|
||||||
|
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
|
||||||
|
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
|
||||||
|
"volume_extension:volume_type_encryption": "rule:admin_api",
|
||||||
|
"volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
|
||||||
|
"volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
|
||||||
|
"volume_extension:volume_image_metadata": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"volume_extension:qos_specs_manage:create": "rule:admin_api",
|
||||||
|
"volume_extension:qos_specs_manage:get": "rule:admin_api",
|
||||||
|
"volume_extension:qos_specs_manage:get_all": "rule:admin_api",
|
||||||
|
"volume_extension:qos_specs_manage:update": "rule:admin_api",
|
||||||
|
"volume_extension:qos_specs_manage:delete": "rule:admin_api",
|
||||||
|
|
||||||
|
"volume_extension:quotas:show": "",
|
||||||
|
"volume_extension:quotas:update": "rule:admin_api",
|
||||||
|
"volume_extension:quotas:delete": "rule:admin_api",
|
||||||
|
"volume_extension:quota_classes": "rule:admin_api",
|
||||||
|
"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
|
||||||
|
|
||||||
|
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
|
||||||
|
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
|
||||||
|
"volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
|
||||||
|
"volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
|
||||||
|
"volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
|
||||||
|
"volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
|
||||||
|
"volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
|
||||||
|
"volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
|
||||||
|
"volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
|
||||||
|
|
||||||
|
"volume_extension:volume_actions:upload_public": "rule:admin_api",
|
||||||
|
"volume_extension:volume_actions:upload_image": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"volume_extension:volume_host_attribute": "rule:admin_api",
|
||||||
|
"volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
|
||||||
|
"volume_extension:volume_mig_status_attribute": "rule:admin_api",
|
||||||
|
"volume_extension:hosts": "rule:admin_api",
|
||||||
|
"volume_extension:services:index": "rule:admin_api",
|
||||||
|
"volume_extension:services:update" : "rule:admin_api",
|
||||||
|
|
||||||
|
"volume_extension:volume_manage": "rule:admin_api",
|
||||||
|
"volume_extension:volume_unmanage": "rule:admin_api",
|
||||||
|
"volume_extension:list_manageable": "rule:admin_api",
|
||||||
|
|
||||||
|
"volume_extension:capabilities": "rule:admin_api",
|
||||||
|
|
||||||
|
"volume:create_transfer": "rule:admin_or_owner",
|
||||||
|
"volume:accept_transfer": "",
|
||||||
|
"volume:delete_transfer": "rule:admin_or_owner",
|
||||||
|
"volume:get_transfer": "rule:admin_or_owner",
|
||||||
|
"volume:get_all_transfers": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"volume:failover_host": "rule:admin_api",
|
||||||
|
"volume:freeze_host": "rule:admin_api",
|
||||||
|
"volume:thaw_host": "rule:admin_api",
|
||||||
|
|
||||||
|
"backup:create" : "",
|
||||||
|
"backup:delete": "rule:admin_or_owner",
|
||||||
|
"backup:get": "rule:admin_or_owner",
|
||||||
|
"backup:get_all": "rule:admin_or_owner",
|
||||||
|
"backup:restore": "rule:admin_or_owner",
|
||||||
|
"backup:backup-import": "rule:admin_api",
|
||||||
|
"backup:backup-export": "rule:admin_api",
|
||||||
|
"backup:update": "rule:admin_or_owner",
|
||||||
|
"backup:backup_project_attribute": "rule:admin_api",
|
||||||
|
|
||||||
|
"volume:attachment_create": "",
|
||||||
|
"volume:attachment_update": "rule:admin_or_owner",
|
||||||
|
"volume:attachment_delete": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"snapshot_extension:snapshot_actions:update_snapshot_status": "",
|
||||||
|
"snapshot_extension:snapshot_manage": "rule:admin_api",
|
||||||
|
"snapshot_extension:snapshot_unmanage": "rule:admin_api",
|
||||||
|
"snapshot_extension:list_manageable": "rule:admin_api",
|
||||||
|
|
||||||
|
"consistencygroup:create" : "group:nobody",
|
||||||
|
"consistencygroup:delete": "group:nobody",
|
||||||
|
"consistencygroup:update": "group:nobody",
|
||||||
|
"consistencygroup:get": "group:nobody",
|
||||||
|
"consistencygroup:get_all": "group:nobody",
|
||||||
|
|
||||||
|
"consistencygroup:create_cgsnapshot" : "group:nobody",
|
||||||
|
"consistencygroup:delete_cgsnapshot": "group:nobody",
|
||||||
|
"consistencygroup:get_cgsnapshot": "group:nobody",
|
||||||
|
"consistencygroup:get_all_cgsnapshots": "group:nobody",
|
||||||
|
|
||||||
|
"group:group_types_manage": "rule:admin_api",
|
||||||
|
"group:group_types_specs": "rule:admin_api",
|
||||||
|
"group:access_group_types_specs": "rule:admin_api",
|
||||||
|
"group:group_type_access": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"group:create" : "",
|
||||||
|
"group:delete": "rule:admin_or_owner",
|
||||||
|
"group:update": "rule:admin_or_owner",
|
||||||
|
"group:get": "rule:admin_or_owner",
|
||||||
|
"group:get_all": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"group:create_group_snapshot": "",
|
||||||
|
"group:delete_group_snapshot": "rule:admin_or_owner",
|
||||||
|
"group:update_group_snapshot": "rule:admin_or_owner",
|
||||||
|
"group:get_group_snapshot": "rule:admin_or_owner",
|
||||||
|
"group:get_all_group_snapshots": "rule:admin_or_owner",
|
||||||
|
"group:reset_group_snapshot_status":"rule:admin_api",
|
||||||
|
"group:reset_status":"rule:admin_api",
|
||||||
|
|
||||||
|
"group:enable_replication": "rule:admin_or_owner",
|
||||||
|
"group:disable_replication": "rule:admin_or_owner",
|
||||||
|
"group:failover_replication": "rule:admin_or_owner",
|
||||||
|
"group:list_replication_targets": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api",
|
||||||
|
"message:delete": "rule:admin_or_owner",
|
||||||
|
"message:get": "rule:admin_or_owner",
|
||||||
|
"message:get_all": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"clusters:get": "rule:admin_api",
|
||||||
|
"clusters:get_all": "rule:admin_api",
|
||||||
|
"clusters:update": "rule:admin_api",
|
||||||
|
|
||||||
|
"workers:cleanup": "rule:admin_api"
|
||||||
|
}
|
@ -5,6 +5,4 @@ policy.json
|
|||||||
The ``policy.json`` file defines additional access controls that apply
|
The ``policy.json`` file defines additional access controls that apply
|
||||||
to the Block Storage service.
|
to the Block Storage service.
|
||||||
|
|
||||||
.. remote-code-block:: none
|
.. literalinclude:: policy.json.inc
|
||||||
|
|
||||||
https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/policy.json?h=stable/ocata
|
|
||||||
|
@ -0,0 +1,28 @@
|
|||||||
|
# Configuration for cinder-rootwrap
|
||||||
|
# This file should be owned by (and only-writeable by) the root user
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
|
# List of directories to load filter definitions from (separated by ',').
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
|
||||||
|
|
||||||
|
# List of directories to search executables in, in case filters do not
|
||||||
|
# explicitely specify a full path (separated by ',')
|
||||||
|
# If not specified, defaults to system PATH environment variable.
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/usr/lpp/mmfs/bin
|
||||||
|
|
||||||
|
# Enable logging to syslog
|
||||||
|
# Default value is False
|
||||||
|
use_syslog=False
|
||||||
|
|
||||||
|
# Which syslog facility to use.
|
||||||
|
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||||
|
# Default value is 'syslog'
|
||||||
|
syslog_log_facility=syslog
|
||||||
|
|
||||||
|
# Which messages to log.
|
||||||
|
# INFO means log all usage
|
||||||
|
# ERROR means only log unsuccessful attempts
|
||||||
|
syslog_log_level=ERROR
|
||||||
|
|
@ -6,6 +6,4 @@ The ``rootwrap.conf`` file defines configuration values used by the
|
|||||||
``rootwrap`` script when the Block Storage service must escalate its
|
``rootwrap`` script when the Block Storage service must escalate its
|
||||||
privileges to those of the root user.
|
privileges to those of the root user.
|
||||||
|
|
||||||
.. remote-code-block:: ini
|
.. literalinclude:: rootwrap.conf.inc
|
||||||
|
|
||||||
https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/rootwrap.conf?h=stable/ocata
|
|
||||||
|
@ -22,7 +22,7 @@ Cinder Service Configuration
|
|||||||
The examples of common configurations for shared
|
The examples of common configurations for shared
|
||||||
service and libraries, such as database connections and
|
service and libraries, such as database connections and
|
||||||
RPC messaging, can be seen in Cinder's sample configuration
|
RPC messaging, can be seen in Cinder's sample configuration
|
||||||
file: `cinder.conf.sample <_static/cinder.conf.sample>`_.
|
file: `cinder.conf.sample <../_static/cinder.conf.sample>`_.
|
||||||
|
|
||||||
The Block Storage service works with many different storage
|
The Block Storage service works with many different storage
|
||||||
drivers that you can configure by using these instructions.
|
drivers that you can configure by using these instructions.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user